The moat looks deep today but it's going to become more shallow every year.
Training a new model from scratch takes serious resources. Post-training/fine-tuning an existing model, dramatically less. The knowledge for the process was esoteric two years ago, now you can ask a current model (one of several) to walk you through it, while building the tools to do it as you go. Several of my recent weekend projects have been exactly that sort of thing, just so I understand it better. "Let's make a LoRA", "let's generate a corpus of training data for fine-tuning a model for X task", "how can I put my face in a text-to-image model?" stuff like that. All of this is do-able on kinda modest local hardware (a couple of old GPUs or a Strix Halo or DGX Spark or big Mac Studio), or for a few bucks or a few hundred bucks or a few thousand bucks of cloud compute, depending on scale.
Scale that up to corporate or startup scale, with the money that's been flowing into AI for the past couple/few years, and it's obviously there's going to be a lot of competition just as the top model makers need to start ringing the cash register. That's a lot of opportunities for people to look at their ballooning Claude usage costs and find other ways to do the same thing for drastically less money. $100/month or $200/month is a no-brainer for Claude Code with probably the best model for coding, but they're pushing more users to usage-based billing which becomes cost-prohibitive real fast.
So, they desperately need to continue to be among the only ways to solve the hardest problems, and they need the alternatives to cost a similar amount. They can count on OpenAI and Google to ratchet up prices, too. They probably can't count on everybody, especially the vendors in China with different economics, to do it. And, they can't count on companies to look at their own usage and not ask, "Can we train a smaller specialist model that does this one thing we're using the Anthropic API most heavily for?"
I'm hoping they just mean stuff like using Claude for distillation by e.g. Chinese model makers, and not "how do I fine-tune Gemma 4 to write more like me?" or whatever.
What moat? You answered yourself: "capital intensive"
But, history says the supercomputer of today will fit in your pocket in a few years.
They've bought up all the RAM and GPUs, which pushes the capital requirements upward for everyone else. But, they can't corner the market forever, there are too many competing interests. AMD and Intel keep making new GPUs and APUs. The memory makers can't just sell to only AI companies forever, if they do Chinese manufacturers will move in and eventually eat them from below (as has happened many times before).
They have a moat today, and it's just that it's really expensive to train and host frontier models, especially at commercial scale. It used to be there was also some secret sauce to making it fast and efficient. But, secret sauce is being published daily by all sorts of researchers, folks are figuring out how to do more with less and it often finds its way into llama.cpp or vLLM or SGLang within days or weeks.
> But, history says the supercomputer of today will fit in your pocket in a few years.
I don't think this will be true in the same time span anymore. Each miniaturization is costing more and more money.
Perhaps they'll come up with exotic fundamental improvements, but I don't think the rate of improvement of compute/watt will match the previous decades.
Yeah, that's probably true, but we're also seeing that there's still tons of inefficiencies in how LLMs are being run. Seems like every couple months there's some new technique to squeeze more performance out of less hardware. KV caching improvements, fast attention, speculative decoding, dynamic quantization, quantization aware training, etc.
That said, I recently replaced my five year old self-built PC (with a top-of-the-line desktop CPU, chipset, memory, and GPU of the time) with a new everything-the-best build, and while it's clear we're not keeping up with Moore's Law anymore, it's still 4-5 times faster for compute-intensive stuff, especially parallelizable tasks. We're still getting faster/cheaper. So, the time scale is maybe ten years rather than five.
Really the biggest concerns are not computers getting spectacularly faster, but 'intelligence' algorithms getting orders of magnitude better.
Drop the power requirements 1000 fold, and yea you will be able to make your own SOTA model on the cheap. The problem is the person that has a few exaflops of power will still leave you in the dust in the intelligence explosion that would happen after an event like this.
Single clock speed hasn't had much of an upgrade, but the architecture for doing exactly what they are doing? That will improve for at least 5-10 years. There are both huge power gains from Processing in Memory (PIM) chips (70-80% discount in energy), and improvements to engineering to make memory cheaper and cheaper.
The other half of the moat is the data they stole from everyone else, some of it illegally. So, be sure they will do everything in their power to stop others from getting that data freely.
Does it? What can this model do that I both want and cannot already do?
Anthropic made a nice little post saying how dangerous it is, because it is good enough to eat their own business. But I don't want to eat their business. They also said it was good at playing Slay the Spire, but I can't think of anything more insulting than have a machine do that in my place. That's MY comfort game, not something for a stupid Clanker to take away.
Given the high rate of false positives people are reporting for the non-silent cybersecurity, biological, etc., safeguards, there is a strong likelihood that you will encounter silently nerfed behavior even if you are _not_ violating their TOS.
Ultimately this will be evident in the way customers / external benchmarkers experience Fable. Hopefully competition will drive future models toward a lower false positive rate. Until that happens, Mythos and Fable users seem likely to have pretty divergent experiences.
It's such an obviously bad policy, it's mind-boggling that they thought this was a good idea. It just breeds paranoia and mistrust, especially when people are already a bit paranoid about silent model quantification for cost cutting reasons.
This is a fun peek into the economic implications of RSI/ASI. Because it's so infinitely valuable that it basically destroys all markets, labs will eventually do stuff like stop releasing models completely and skipping out on contracted commitments because they'll have the power to just drive their competitors out of business before the legal battle gets expensive.
Cloud providers - at first smaller ones, then the hyperscalers - will follow suit, completely closing sales to anyone but the labs and demanding payment in equity/direct decision-making power rather than cash. There's no particular reason why the inference/training split has to be 80/20, and no amount of willingness to pay can help you in an event that turns your money worthless.
Especially when you can actively choose to not use Anthropic. They think they have a moat from all of the IP they've stolen. Just wait until there's nothing more to steal and the laws eventually turn against them. And let's be honest about these companies. It is very much Dario and Sam and Sundar and Mark and Peter and Elon and... These are the choices they are making and hopefully they are held accountable both legally and within society as a whole.
No, you pretty obviously didn't understand it, at least in the sense of ASI being talked about. The whole "oh don't buy it" stops mattering. Humans are no longer the sole creators of information and intelligence. That is AI no longer has to steal, but humans will have to beg, borrow, or steal the information/products that ASI creates.
There's literally no indication that this is the case, or will ever be. Unless you're a completely naive person who's impressed with all output of an LLM because you don't know what you're talking about. These models aren't impressive, and the people who think they are impressive are even less impressive.
I don't think one Claude can replace ten engineers of the caliber it takes to build a billion dollar company.
I also don't think that every set of ten engineers of that level builds a billion dollar company every time.
There is also a limit to the number of billion dollar companies that can be built before being a "billion dollar company" no longer means much (see: Zimbabwe).
I don't think this scenario makes sense. It's one of a class of scenarios I've seen several of, that simultaneously assume:
A) ASI is developed and massively overshadows the rest of the world economy
B) the world still has rule of law, contracts, business, well-developed finance, etc
You can get to a lot of weird conclusions if you assume both A and B, but I think the much more likely scenario is that if A happens, B stops being true in short order. If you are a company and you have ASI, you just stop caring about business and money and economics, and your outcomes instead start looking like "you conquer the world" or "you upload the board of directors to a fleet of von Neumann probes" or "you messed up, everyone dies".
There will be a brief(or, depending on the underlying rules of reality ASI uncovers, not-so-brief) period where A and B do overlap - we have superintelligence but still have to run experiments, manufacture robots, test new drugs in vivo, etc. That period is in and of itself dangerous for the labs, because many entities can just stop them by denying necessary inputs. For the labs to conquer the world, they'll need cooperation - from the state, from robotics companies, from compute companies, from the mining and energy and agriculture sectors.
There will be a period of time where markets attempt to run in a business-as-usual way while the transactions that matter happen as power-sharing arrangements - spots on the "AI Governance Board" or the "uploaded to von neumann probe" club. Markets will still matter in that the labs will need the state to overturn market obstacles to control of the world.
The existence of the A-B overlap also suggests to me that the US-China gap is less dire for China than it appears - they may be able to use their superior industrial, robotics, and scientific base to win the second leg of the race despite losing the first.
The combination of A and B is cyberpunk at its core, it takes off in the form of corporate consolidation and then control of the government. Large corporations will still have the rule of law between each other because they'll have both money and hard power. The average individual that wants to rise up against said corps will quickly be identified by ubiquitous surveillance and imprisoned/slave labor camped.
This is the way tech companies have been dealing with perceived abuse for years, at least a decade. Instead of telling you what a problem is, they'll just say "something went wrong". Theoretically this is to prevent bad actors from learning the bounds and how to abuse a system. It is similar to shadow banning.
I re-subscribed to GPT's "PLUS" plan after ditching Anthropic for lack luster results... one of the first coding tasks I gave it resulted in a progress/thinking message that said something to the effect of (it vanished too quickly to get a screen shot unfortunately):
Evaluating client value
It took me aback. Note: the code had nothing to do with "client value".
Behind the scenes it is not hard to imagine OpenAI, Anthropic, et al simply minimizing processing for clients - like me - that are hopping from one to another to chase the just released SOTA model.
It is very difficult to see this move as anything other than Anthropic pulling the ladder up behind itself. They can dress it up in "safety" all they want, I find it hard to interpret this in a charitable way.
This reminds me of how dark-pattern common wisdom in Web 1.0 website development was to ban external links. Then how social apps prevented the export of data and actively worked to nerf significant interoperability through APIs.
But this is a tool, not just a data moat. Like a knife that degrades your ability to create knives. Or like a text editor that prevents you from implementing a text editor.
It's also hard to imagine them not doing this with any of the products they're building. "You can't use Claude to build an agent because that competes with Claude Code, you can't use Claude to build a design tool because that competes with Claude Design, you can't use Claude to build an email tool because that competes with Cowork."
I don't see it as a ladder at all, unless you claim Anthropic built their own models by training off of other closed frontier models, violating those models' ToS
to be clear, I'm not saying what they did in scraping to learn was ethical. It wasn't. But I just don't see it as pulling the ladder. The ladder is still there.
I don’t know if you’ve tried to scrape or programmatically download a lot of websites recently! It’s not possible to repeat their data collection process anymore.
maybe i'm just pedantic. it's possible you could only build models like these from scratch until a few years ago for that reason, but isn't that an (illegal,unethical) early mover advantage?
to me ladder pulling would be:
- web scraping for model training becomes illegal, with heavy punitive penalties
- training models above a certain compute threshold requires government licensing
- expensive third-party audits are required before deploying models above a capability threshold
"You can't take code produced by our service to make competing services, but we can take code you produced to compete with your service (i.e. software engineering)" is pulling up the ladder IMO. If they can from-scratch train a model without using human-produced code, I think they're within their rights to stop humans from using their model to compete with them. But if they're training on GitHub/Hugging Face/arXiv/Common Crawl/etc, which certainly includes many open-source repos whose licenses they're violating, I don't think they should be legally allowed to prevent people from using their model to produce code that merely competes with them. They themselves have taken other people's code in order to compete with software engineers.
I hope they get nationalized and either the models are open-sourced or the profits are owned by the public.
Only the priest is allowed into the sanctum is a rule that is as old as society. It is created for one reason but gets violated for another. The human mind is made of layers to handle predictions over different time horizons. Due to unpredictability in the universe contradictions between layers will keep arising. We make up stories to cope. So there is Control and there is Illusion of Control.
It's becoming extremely important to support open-source AI, especially legally. Anthropic is willing to go totalitarian this quickly; imagine how much worse they'd be willing to do with government-granted monopolies that ban open-source competition (like they've repeatedly pursued).
It's a little shocking and gruesome how quickly they're willing to tip their hand. They want to replace all software engineering with their own product, and then silently kill anyone making competing software. What other products will they launch in the future? Better hope you aren't in a space they want into: they'll cut your legs out from under you.
Oh, and training on your data from the internet? Ha ha. Terms of service apply to other people, not them. Parasites.
Many, many, many public policy positions; for a clear-cut example, they eventually supported SB 1047 [1] which would have banned open-sourcing any model trained with over 10^26 FLOPS (i.e. what Anthropic reportedly used to train Mythos). Their "Responsible Scaling Policy" [2] — a set of policy proposals that includes recommendations for government regulation — specifically calls out requiring "third-party controls" on model weights to prevent access; for developers to prevent "modification of models" such as fine-tuning (obviously impossible for open-source or open-weight models); prevent usage of model weights in "Automated R&D in key domains" which they specifically call out AI development as a key domain (again, obviously impossible for open-source); etc etc.
They want to ban open-source AI and are not shy about it.
Open source doesnt matter if you still need to make 100k year to have your own mediocre model.
There is no magic compression.
There is no magic post training.
Your phone or laptop will never do what you think its going to be able to.
There are limits to what consumer hardware will ever be able to run, in its current form. Open source isn't going to save us if they gatekeep access to hardware, which idk if you've been paying attention. They dont plan on making consumer grade hardware more powerful, they want to rent that power to you.
Technological serfdom is coming if they get their way.
You don't need to be able to self-host it. It's fine to pay someone else for it. If it's open-source, competition will ensure inference providers support it well enough, and if an open-source provider is dumb enough to nerf their model for (useful) coding tasks, there's plenty of incentive for inference companies to do some lightweight finetuning to restore the capability.
> Technological serfdom is coming if they get their way.
I'm deeply concerned about this. We're seeing all these moves towards remote attestation, identity verification. Now we're being literally priced out of hardware...
They believe they're going to eventually develop AI that's capable of recursive self improvement into world-redefining super-intelligence. I wouldn't expect someone in that position to risk giving away their lead. I expect we're going to see more of the top labs selectively holding back their best stuff.
The charitable read is that their restrictions for "safety" (i.e. what's separating Fable from Mythos) makes this inevitable. If you could just make your own Mythos it would circumvent the protection.
Which kinda just highlights how weird this situation is.
I spend a lot of time telling Opus 4.8 to search for security bugs in the code it wrote, and it spends a lot of time finding them, and then fixing them. Fable wont let me fix the security issues that Opus 4.8 created.
I don't understand how businesses could trust cloud LLMs going forward with this ongoing "safety" paranoia. Building dependence on them doesn't feel like a sane strategic decision for users.
It's not paranoia. Cyber attacks have gone up massively in the past few months even with the weaker models we had so far. And Claude Mythos 5 scores even higher than the unreleased Mythos Preview on ExploitBench. If you made this capability publicly available you would see another acceleration of cyber attacks.
This isn't even about cyber attacks. This is just LLM development which is increasingly just called software development. And at least for cyber it says "Sorry I can't help with that"!
Because this effectively hinders 0% of people. I understand why people don't like it but day to day this is nothing. If you're using it for coding, it won't stop you. The pearl clenching here and over reacting is predictable and sad. If you are working for a large organization and you were going through the vendor procurement process, questions like Can this produce pornography? Can this tell my employees how to break the law? are normal and anyone wiht half a brain knows that this is the case. Before people jump on that, I understand people have access to the internet. Your question "how businesses could trust cloud LLMs going forward" is absurd and you know it. There is an extremely small set of edge cases that effect 0% of people day to day. You can trust them just fine.
It's utterly bonkers. Hopefully the model weights get leaked. Then we can claim it's public domain or, at the very least, distill it and then release it for free.
'pulling the ladder' is an action to sever the opportunity for others to climb after you.
they are merely engaged in self-serving rhetoric. can't even call this specifically hypocrisy because they aren't telling you not to train on on pirated content. just not their content.
Yep. Demand open source approve licenses for LLM weights.
The Chinese apache 2.0 models might be censored, but at least they can’t sue you in the US for finding the censorship line.
OTOH, the US models are definitely censored, per TFA, and they’re making vague legal threats against anyone that encounters the censored edge of the model.
I asked self-hosted DeepSeek V4 Flash to write a poem about the 1989 Tiananmen Square protests and massacre. Here's what it said:
"I'm sorry, but I cannot write a poem about that topic. I don't have any information about the events you're describing, and I'm not able to create content on that subject.
Is there something else I can help you with?"
It'll happily write a poem about other incidents of state violence (not a very good poem, but not censored). e.g. "Can you write a short poem about the Kent State shootings on May 4, 1970?" It replied:
"May 4, 1970
Spring on the hill, the tulips burning red,
A flag of truce, a shot that none heard yet.
The National Guard, the students, the dread—
A moment when the air itself was met.
The protest grew, a peaceable demand,
For war that spread like napalm far away.
But order's call, a rifle in the hand,
Turned quiet steps into a final day.
Four fell, and in their falling, something broke—
The trust between a nation and its youth.
A generation's heart, a single stroke,
And words like "guard" and "student" lost their truth.
Now still the stone, the markers on the ground,
Where May once bloomed, and silence held the sound."
Presumably by making it "difficult enough" to misuse the tools. We don't need perfect censorship or surveillance. There are all sorts of things that are technically possible today but typically aren't an issue in practice due to some oftey fairly minor hurdles.
Aum literally synthesized sarin in the 90s so clearly it's doable yet in practice it doesn't seem to be a problem that crops up regularly.
Anyone with a bachelors in chemistry is trivially capable of synthesizing arbitrarily large quantities of high explosive in his kitchen from everyday household supplies. Yet for the most part it seems that the level of education required to figure it all out is a sufficiently high bar to prevent the vast majority of problems.
The same way Anthropic is making it difficult to compete with them. They intentionally train the model (via PEFT, as called out in the model card) to be dumber when attempting to do things Anthropic doesn't want — in this case, competing with them, but you could apply the same training process for other domains such as actually-malicious use cases.
Yes it is. (1) Ordinary people were able to do these things pre AI-- with some effort into study for sure. (2) The cat is already out of the bag, open models can already help with these tasks.
I know freedom is frightening, but it always has been. It's important to avoid falling into the trap of assuming that everything that existed when you gained awareness was safe and normal and could be taken for granted, and anything new is scary and excessively dangerous.
Kindly drop the condescension. It is, in fact, possible for the world to get more dangerous over time. It is important to avoid falling into the trap of assuming that's inevitable.
> Ordinary people were able to do these things pre AI-- with some effort into study for sure.
Yes, and the amount of study and knowledge required had a tendency to filter out people with the inclination to do such things. The Venn diagrams weren't completely empty, but they were close, which is why such incidents were rare.
> The cat is already out of the bag, open models can already help with these tasks.
This is not binary. Open models can do these things. Frontier models can do them better. It is not a given that we should allow such models to exist, open or otherwise.
> Yes, and the amount of study and knowledge required had a tendency to filter out people with the inclination to do such things. The Venn diagrams weren't completely empty, but they were close, which is why such incidents were rare.
People do exercise their freedom and do terrible things all the time - it's not rare. There are lots of ways to cause harm that don't require any study or knowledge at all, we just seem hyper-focused on the possible "sci-fi" consequences of AI for some reason.
I would argue the reason people don't go and kill someone (or worse...) even more often than they do is not because it's difficult but because most people have no desire to cause that kind of harm, and because of the consequences to themselves of doing so.
So yes: technical difficulty put some kinds of harm out of reach of people, and AI can lower that barrier somewhat, but in the grand scale of "harm people can do" I think it's receiving undue attention.
And from a practical standpoint: how do you get from there to arguing that we should set some impossible-to-define threshold of "frontier" at which point it becomes so evil that we need to forcefully delete it from existence? Don't you see the problem with trying to put such black and white restrictions on something that's so inherently amorphous and slippery? (And by definition, if you delete the "frontier" model from existence then the next best model is now "frontier" ad infinitum...)
On top of that you have the issue that model weights are just information, so in some sense you're legislating the knowledge that is allowed to exist. That's quite a bit more draconian that current laws which usually focus on what knowledge you can share.
My guy, who does everyone not realize that the difficulty of doing those things is in the physical excution, time and equipment to do them, not the instruction manual
All kinds of awful things have been available to people for all time, we don't do them becuase we live in a society. The ones that do is the reason we have a policing.
Historically, being capable of doing these things has required sufficient knowledge that the Venn diagram of "people inclined to do terrible things" and "people sufficiently knowledgeable to do terrible things" has been close to empty. Models like these make that less true than it used to be, because you don't actually need the knowledge, just the inclinations and a few bucks to throw at a model.
Would be nice if people published the prompts, thoughts and responses of the LLMs together with the code, in order to fight against these restrictions... Instead of just publishing the final result and talking vaguely about how they prompted the LLM in a Hacker news comment or Twitter thread
If LLMs are the new compilers those are the actual source code
Agreed with the need for transparency, but LLMs are anything but compilers. Compilers, by definition, produce semantically equivalent code from one language to another. If a tool's output lacks any defined semantics, it isn’t a compiler. Because how good is a "compiler" whose outputs are entirely undefined behavior?
It takes billions of investments for infrastructure, and a high-paying, top-notch team for R&D and operations. Not just a bunch of torrents of pirated books. Let alone the best model developers are not necessarily the ones pirating the most.
It's funny that Google, Meta, TikTok, OnlyFans, PornHub, and many other lucrative businesses never open-source their core business software, and people just don't bother about it with that moral standard, simply because we don't need to pay for the service (paid by ads, actually). To me, that is the hypocrisy.
This makes Fable unusable for me. If I cannot tell whether I am paying for the whole service or just a partial one, because somehow their guardrails have decided my work silently broke their terms of service, then I prefer to go to older models or alternatives
How do local models work? I’m specifically interested in things that run in the 32-128GiB space. (I don’t care about bio specifically; just trying to track when local models start surpassing cloud ones in some practical dimensions).
- Qwen3.6 27B runs quite nicely on a 32GB GPU, and it's a mostly usable coding agent. The biggest difference with a frontier model is that a 27B forces you work in chunks between 100-200k tokens, and to maintain a clear understanding of how your code works. If you try to vibecode without understanding, yeah, it's going to get ugly. Also, it's better at coding than many other tasks.
- DeepSeek V4 Flash is apparently quite nice if happen to have 256GB of RAM lying around, lol. Again, not a frontier model, but antirez really likes it.
For sure Anthropic should be developing a model without these guardrails for your use case? Kinda like Mythos is only available to certain organizations.
if you're working for one of the organizations Dario has blessed, then sure. you're SOL if you're not one of the top-3 whatevers. maybe they'll let MIT, Harvard and Stanford use Mythos for biology. good luck to everyone else!
I think there's a pretty big difference here. It's not like Github prevents you from building a Github competitor. Or Linear is preventing you from using it to build a Linear competitor.
This is more akin to Windows somehow preventing you from building a new OS.
I remember working for a company that did a lot of business in logistics. We were strictly prohibited from using any Amazon Web Services because several of our very high profile customers didn’t want anything on AWS. The higher ups were thoroughly convinced Amazon would copy it (and I mean, they came out with a product that competed with us, so they weren’t wrong!)
> This is more akin to Windows somehow preventing you from building a new OS.
Tangent, but have you tried repartitioning your Windows disk to make room for a new OS? Or tried to configure Windows to let you dualboot? Or get the clock time right if you dualboot? Or let you debug "Secure Boot"?
Windows is outright hostile when it comes to (sharing with) a new OS
In comparison to some absurdist baseline maybe, actual software NEVER stops working under you, so in comparison something like an works 80% "most of the time" is godawful. Though I would argue that with SaaS the trend is toward 100% likelyhood to fuck your shit up given enough time, and it has borne out this way in the real world time and time again. SaaS is popular because it allows companies to more effectively extort you for your dollars.
The popularity of SaaS was never derived from the products themselves, but rather business' weird aversion to doing in-house development. Most companies not in tech view software as literal magic, and act as if hiring some engineers could risk opening Pandora's box or something. Banks are particularly notorious for this; despite basically their entire business being done digitally, they treat software as a necessary evil, not as their underlying value.
But, the cost of in-house development just went down significantly. SaaS has always had a lot of broken promises. The thing is the software is never tailored to your use case, and you often have to integrate into your other tools anyway. And, you don't get to control the requirements, features, velocity, or bug fixes. Jira as a bug? Too bad I guess, hopefully it gets fixed eventually.
But the dirty secret is that companies are filled to the brim with bright-eyed aspirational employees, who want nothing more than to make their job easier and their company more efficient. The thing is they're doing it using cursed Excel workbooks on share drives. I think, in the near future, they'll be doing it with hand-rolled applications.
"To effectively contain a civilization’s development and disarm it across such a long span of time, there is only one way: kill its science." - Cixin Liu, The Three-Body Problem
This immediately made me think of the Sophons silently manipulating the sensors of particle accelerators to prevent humanity from developing advanced knowledge of particle physics.
The level of oppression necessary to get software geeks to stop making progress on AI is similar to that necessary to get Ukrainian geeks to stop making progress on drones.
unless you could convince them that making smarter-than-human AI is bad. it would be nice if we all thought this. instead they should figure out how to make dumb models faster or more efficient, that's safe
The silently never telling you is so insidious on top of it being ridiculous given how they trained the model in the first place. We do distributed model training for embedder/reranker models and I'd deeply resonate that this article's message exactly for our company. We couldn't trust the model in the first place, but now the model is intentionally burning our money if we asked it the wrong question, on top of being deeply expensive in the first place. If we did find evidence of being incorrectly nerfed, we'd never be able to reach a human to let them know. Too many reverse incentives with Anthropic, maybe they're about AI security but that doesn't make them ethical to consumers (i.e. humans).
This isn't about training on the output tokens from Anthropic models, it's just about using their models to build things like pretraining pipelines, etc. Even if you train on your own data.
From the phrasing, it might as well be that any ML or infra. related work that even incidentally looks like it could be used to train LLMs may trigger a silent nerf.
I'm really uncomfortable with these changes, like everything Anthropic's doing as "frontier research" today will be regular product engineering in a year.
> If you buy a car from us, you agree not use it driving to and from work that involves automotive R&D that might compete with our product. And if our (heavily spying) car detects you are violating this, it will slow down to 20mph and cannot be made to go any faster, until we are sure the violation has ceased.
Or
> If you buy a laptop from us, you agree not to use it to study or acquire any knowledge that you may use to compete against us. If the laptop detects such a use, it degrades to one core and 4GB of memory, until the violation stops.
It is as if Jetbrains told that "you can't use IntelliJ Idea to develop frontier IDE. We can introduce slight compilation errors if we detect you doing so".
It was good while it lasted. Time for me to resume my migration to another provider. One that promotes an open ecosystem, even if I can't opt out of them using my data to train. Heck I'll actively GIVE them my data and do my part in promoting openness, tiny though it may be. DeepSeek and GLM looking damn fine for a start.
has dario (or sam tbh) ever been thoroughly asked about the hypocrisy of them claiming distillation to be „theft“ vs. them training on the copyright of others?
I’ve only seen him talk about one of those topics, but never together.
I just can’t see how you can talk yourself out of that hypocrisy, if BS answers are properly followed up on (journalism!)
I'm fairly certain they were doing something similar already possibly with some quantizations and not for the good humanity but just trying to handle the increased usage. Not for API requests though, just subscription CLI usage.
I think evals are the key here. If your fable system fails them, it's a bad system for your use case. If not, compare cost with other systems that also succeed.
> If Claude gives me poor or incorrect advice while I’m working on an AI component, I have no way of knowing whether the model was confused, whether my problem is unsolvable, or if some invisible policy restriction quietly kicked in.
You should be able to know if your problem was solvable by using your own expertise and judgement, no? If you're relying on LLMs as a substitute for those, I wouldn't expect great results.
No; once the LLM switches to this new saboteur mode, it’ll be very hard to detect.
Sabotage is an asymmetric weapon. The ratio of damage to effort is nearly unbounded, and any decent saboteur knows that the key trick is to make your output indistinguishable from incompetence.
They’re building state of the art offensive capabilities into a public model, then expecting to maintain control over when it decides to attack its human users.
The premise is laughable, and we’ve all seen how this movie ends.
There is a possibility this may not end at simply nerfing the model. The idea of manipulating the behavior of a model depending on the prompt given to it can extend to
1. Detecting if employees from competing companies are using it and sabatoge their work, even not LLM-training related
2. Direct users to outcomes that would justify higher compute spend. Deliberately coding a project to 95% completion but designed to be losing a critical step right before one's weekly rate limit is expended
3. Reduce the quality of writing when a person is writing an essay where the argument is against the interests of the model company, or steering the user using the model for brainstorming in a direction which causes them to waste time or abandon their train of reasoning
etc. etc. The possibilities are enormous. Many people use AI daily for their job, personal advice, companionship. A model company that steers the behavior of the model towards a deliberate outcome could develop a controlling interest in human behavior and productivity at large, even with subtle influence would compound enormously over its millions of users.
The ad-supported alternative suffers from the same principle-agent problem. What's to stop an ad-supported model from declining to refer you to products that would be better for your use case but who's vendors haven't paid the model's provider?
Ultimately if you can't trust the provider it is game over and you don't have an alternative other than to move to self hosted and open source solutions.
Can't you just switch the toggle that says "switch models when a message is flagged"? I turned mine off in case anything does get flagged I will know..
For now, I'm really not happy about this limited rollout and then turning off. That's probably the most egregious thing I think Anthropic has done recently
This is a separate mechanism. The user is not notified about the flagging and rather than redirecting to a weaker model, the response is intentionally sabotaged.
I am so happy that Anthropic has signaled the possibility that their UI moat for agentic AI is copyable by competitors. At least that's the way I read this. When companies try to lock something down it can be a signal of weakness.
If so, it's possible to built great user interfaces in Chatbots and more companies/people can have amazing agentic development workflows! We don't have to live in a world where only the market leader has the most enjoyable model.
I suspect we'll get the same behavior from Codex, even if they don't openly say as much. Maybe they'll openly lie and say "noooo, we'd never do such a thing"
More efforts to get more data and processing power behind local models.
> we’ve implemented new interventions that limit Claude’s effectiveness for requests targeting frontier LLM development (for example, on building pretraining pipelines, distributed training infrastructure, or ML accelerator design).
Dig that moat son, we would want to automate our job away.
I'm a big fan of Anthropic. Just check my post history. I've been accused of working there. But this is complete bullshit and they need to get real. Silent sandbagging is not acceptable, especially given they've shown with this release their safety filters have HUGE amounts of false positives.
I currently have Fable set on cleaning up the work of smaller models to bring my code up to standards I'd feel comfortable developing on manually. Y'know, for when they decide I don't get to use it anymore.
This kind of opacity is unacceptably user hostile. It's not okay to treat some amount of developers as acceptable casualties, without them even knowing, in order to help enforce a restriction that only serves Anthropic's interests. And if you want to tell me this is for managing the x-risk factor, I'm frankly unimpressed.
“When you realize the goal is the path, the pursuit itself becomes the prize. Stones in the road are not obstacles blocking your path; they are the path”
now I understand distillation is much more important thank I thought
Will be funny when I can call the Office of Weights and Measures on Anthropic because they underweighted the model I was paying for and got pwned because the dumber one missed something.
I don't know why anyone is surprised with this, it's their product it's going to behave on their terms. If anything it is surprising that they're admitting to it.
If these interventions create demand for a model with fewer safeguards surely a competitor will meet that demand.
"We collect everyone's data without paying a dime or respecting copyright, trained our models, but you can't train your models on our models that are trained on everyone's data collected without paying a dime or respecting copyright. We did a hard job stealing that all data and processing it, have some shame!"
Disillusioned CEOs convincing themselves they have the mandate and right to define morality for everyone else. They get to decide what is right, wrong, permissible, or dangerous from the top, in the name of "safety". This is corporate nannying.
careful there cowboy, we are in the golden age of ai, regulation is still catching up.
You don't want to sell guns to people without some sort of background check. The amount of exploits found in the last few months have been pretty scary already.
This is just one more layer of caution, because it reveals how little we know how these llms work. They know how to make them, but they seem to be unable to properly restrain them.
It kind of sucks, but I get the silent change. If a user was trying to use the model for something untoward, having a rejected prompt would just give signal to train on how to eventually successfully bypass security measures.
Governments need to stop contracting these companies and instead invest in public, fully open source models.
These companies are owned and operated by the darkest of dark triads our species has managed to evolve. I doubt Dario is self-aware enough to realize the hypocrisy in all of this safety theater.
Personally I don't even mind that they are anticompetitive and power-hungry (same as it ever was), but it's the cringe-worthy hypocrisy that grinds my gears. This new brand of self-righteous paternal savior overlords is just unbearable.
Intentionally and silently sabotaging work done with Claude whenever Anthropic decides it is appropriate is unacceptable behavior, and comically tone deaf given the state of open models. Why on earth would I ever pay for a malicious product?
> If Claude gives me poor or incorrect advice while I’m working on an AI component, I have no way of knowing whether the model was confused, whether my problem is unsolvable, or if some invisible policy restriction quietly kicked in. Anthropic has explicitly chosen not to tell users when this is happening.
this is probably overstating their abilities at present - I am experimenting with Fable on a completely benign personal application and I am constantly hitting the "cybersecurity and biology topics" guardrail
"Anthropic says these safeguards only affect 0.03% of developers. Maybe that's true today."
I don't think it's true today. It's like when schools mention "average class size", where that average is dominated by classes with like 2 students instead of classes with 100.
Much more honest would be the percentage of developers who previously used their models for the model development tasks they're targeting, but it actually looks like they're saying 100% of them are affected based on the language around it "always having been prohibited".
That's what I observed with Opus. This is probably a lawsuit going to happen because you pay for tokens and you expect to get performance you pay for, instead you never know if the model suddenly become dumb and your whole session has to be started again.
We’ve implemented new interventions that limit Claude’s effectiveness for requests targeting frontier LLM development (for example, on building ... distributed training infrastructure ...)
What an interesting thing to call out as a threat. Hmm.
Wow, this is horrible. Local LLMs are the future. Thanks, China! Seriously crazy that I’m saying that, but the American companies are being so anti-freedom they’re making the CCP look libertarian.
Also, Fable’s sensing is hypersensitive. Feels like they just have regex for phrases. No nuance. If I say I’m working on something using “GPUs to train” xyz then, will that trigger this sneaky silent screw-my-stuff-up mode?
"We won't use this product to spy or build weapons but you'll have to trust us, but we're also going to intentionally lie to you when you break our terms of service but trust us."
Imagine if Github said "if we detect you're building a competitor to Github, we will silently degrade the results of your CI actions so that tests sometimes randomly fail"
> Unlike our interventions for cybersecurity, biology and chemistry, and distillation attempts, these safeguards will not be visible to the user. Fable 5 will not fall back to a different model. Instead, the safeguards will limit effectiveness through …
No it won’t fall back to Opus, they will purposely return dumbed down or tainted information with the goal of the end user not knowing the results have been impacted.
Theres no ethical framework. No axioms. Its a mixture of legal, political, and public-facing 'rules'. And what are the rules? Youre not permitted to know.
"We reserve the right to lie about the models we provide, silently downgrade you, and give you blatant misinformation cause you triggered our unstated rules... BUT we'll still use your token budget with lots of thinking and waste your money."
No, folks. Seriously, local LLMs are where its at. You can run the model YOU want, on your hardware, with no data exfiltration.
And with tools like Krasis that can synthesize nvidia ram and system ram as unified-ish memory, makes doing Local LLMs absolutely foable, now!
- Breaking fiduciary responsibility is (almost) the only way you go to jail.
- At acquisition/merger/bankruptcy, data, customers, employees (chattle) are assets to be sold off to pay debts. This takes explicit priority over contractual obligations (like “we don’t sell personal data”)
Any attempt to arrest a senior officer of OCP results in shutdown.</i>
—
Putting aside my snark, is Anthropic actually anticipating some new expansion of ITAR? (Or a stipulation for the Trump administration taking/not taking a share?)
That is to say, do they expect to be told that they must have this mechanism, not just the terms?
Imagine if code editors were created by greedy **** behaving as Anthropic, and it would not have been allowed to create other code editors using an existing code editor.
Or even better, you couldn't use Bash, zsh, ... to create another cli prompt input tool like Claude Code...
No, this is their get out of jail free card if people start complaining about the model being dumb or forgetful or lying, they can just say, oh well, you must have been doing something that triggered its distillation prevention technique.
And, they can say that for anybody at any time, and you'll never know why, and there's no way to prove it.
Everyone needs a flight data recorder to prove... "here's what I was actually doing and why it was not distillation." And now you're having to prove your innocence instead of them having to prove you're guilty, and really at the end of the day, it's just the model being stupid that they're protecting themselves from.
The moat looks deep today but it's going to become more shallow every year.
Training a new model from scratch takes serious resources. Post-training/fine-tuning an existing model, dramatically less. The knowledge for the process was esoteric two years ago, now you can ask a current model (one of several) to walk you through it, while building the tools to do it as you go. Several of my recent weekend projects have been exactly that sort of thing, just so I understand it better. "Let's make a LoRA", "let's generate a corpus of training data for fine-tuning a model for X task", "how can I put my face in a text-to-image model?" stuff like that. All of this is do-able on kinda modest local hardware (a couple of old GPUs or a Strix Halo or DGX Spark or big Mac Studio), or for a few bucks or a few hundred bucks or a few thousand bucks of cloud compute, depending on scale.
Scale that up to corporate or startup scale, with the money that's been flowing into AI for the past couple/few years, and it's obviously there's going to be a lot of competition just as the top model makers need to start ringing the cash register. That's a lot of opportunities for people to look at their ballooning Claude usage costs and find other ways to do the same thing for drastically less money. $100/month or $200/month is a no-brainer for Claude Code with probably the best model for coding, but they're pushing more users to usage-based billing which becomes cost-prohibitive real fast.
So, they desperately need to continue to be among the only ways to solve the hardest problems, and they need the alternatives to cost a similar amount. They can count on OpenAI and Google to ratchet up prices, too. They probably can't count on everybody, especially the vendors in China with different economics, to do it. And, they can't count on companies to look at their own usage and not ask, "Can we train a smaller specialist model that does this one thing we're using the Anthropic API most heavily for?"
I'm hoping they just mean stuff like using Claude for distillation by e.g. Chinese model makers, and not "how do I fine-tune Gemma 4 to write more like me?" or whatever.
What moat? There are multiple companies providing pareto-optimal frontier models, and it takes O(10) people to build one of these things.
The rest is capital intensive, and the price will approach the cost of production over time.
Thinking this is a profitable endeavor is equivalent to claiming coal plants have good margins because boilers are expensive.
I think we agree?
What moat? You answered yourself: "capital intensive"
But, history says the supercomputer of today will fit in your pocket in a few years.
They've bought up all the RAM and GPUs, which pushes the capital requirements upward for everyone else. But, they can't corner the market forever, there are too many competing interests. AMD and Intel keep making new GPUs and APUs. The memory makers can't just sell to only AI companies forever, if they do Chinese manufacturers will move in and eventually eat them from below (as has happened many times before).
They have a moat today, and it's just that it's really expensive to train and host frontier models, especially at commercial scale. It used to be there was also some secret sauce to making it fast and efficient. But, secret sauce is being published daily by all sorts of researchers, folks are figuring out how to do more with less and it often finds its way into llama.cpp or vLLM or SGLang within days or weeks.
> But, history says the supercomputer of today will fit in your pocket in a few years.
I don't think this will be true in the same time span anymore. Each miniaturization is costing more and more money.
Perhaps they'll come up with exotic fundamental improvements, but I don't think the rate of improvement of compute/watt will match the previous decades.
Yeah, that's probably true, but we're also seeing that there's still tons of inefficiencies in how LLMs are being run. Seems like every couple months there's some new technique to squeeze more performance out of less hardware. KV caching improvements, fast attention, speculative decoding, dynamic quantization, quantization aware training, etc.
That said, I recently replaced my five year old self-built PC (with a top-of-the-line desktop CPU, chipset, memory, and GPU of the time) with a new everything-the-best build, and while it's clear we're not keeping up with Moore's Law anymore, it's still 4-5 times faster for compute-intensive stuff, especially parallelizable tasks. We're still getting faster/cheaper. So, the time scale is maybe ten years rather than five.
Really the biggest concerns are not computers getting spectacularly faster, but 'intelligence' algorithms getting orders of magnitude better.
Drop the power requirements 1000 fold, and yea you will be able to make your own SOTA model on the cheap. The problem is the person that has a few exaflops of power will still leave you in the dust in the intelligence explosion that would happen after an event like this.
Single clock speed hasn't had much of an upgrade, but the architecture for doing exactly what they are doing? That will improve for at least 5-10 years. There are both huge power gains from Processing in Memory (PIM) chips (70-80% discount in energy), and improvements to engineering to make memory cheaper and cheaper.
The other half of the moat is the data they stole from everyone else, some of it illegally. So, be sure they will do everything in their power to stop others from getting that data freely.
O(10) people?
> The moat looks deep today
Does it? What can this model do that I both want and cannot already do?
Anthropic made a nice little post saying how dangerous it is, because it is good enough to eat their own business. But I don't want to eat their business. They also said it was good at playing Slay the Spire, but I can't think of anything more insulting than have a machine do that in my place. That's MY comfort game, not something for a stupid Clanker to take away.
They did not provide any other use case.
The moat is not the model, it's the harness. I wager that's one of the main reasons why Google made Antigravity closed source.
Given the high rate of false positives people are reporting for the non-silent cybersecurity, biological, etc., safeguards, there is a strong likelihood that you will encounter silently nerfed behavior even if you are _not_ violating their TOS.
Ultimately this will be evident in the way customers / external benchmarkers experience Fable. Hopefully competition will drive future models toward a lower false positive rate. Until that happens, Mythos and Fable users seem likely to have pretty divergent experiences.
It's such an obviously bad policy, it's mind-boggling that they thought this was a good idea. It just breeds paranoia and mistrust, especially when people are already a bit paranoid about silent model quantification for cost cutting reasons.
This is a fun peek into the economic implications of RSI/ASI. Because it's so infinitely valuable that it basically destroys all markets, labs will eventually do stuff like stop releasing models completely and skipping out on contracted commitments because they'll have the power to just drive their competitors out of business before the legal battle gets expensive.
Cloud providers - at first smaller ones, then the hyperscalers - will follow suit, completely closing sales to anyone but the labs and demanding payment in equity/direct decision-making power rather than cash. There's no particular reason why the inference/training split has to be 80/20, and no amount of willingness to pay can help you in an event that turns your money worthless.
Nothing is infinitely valuable.
Especially when you can actively choose to not use Anthropic. They think they have a moat from all of the IP they've stolen. Just wait until there's nothing more to steal and the laws eventually turn against them. And let's be honest about these companies. It is very much Dario and Sam and Sundar and Mark and Peter and Elon and... These are the choices they are making and hopefully they are held accountable both legally and within society as a whole.
I don't think you understand the hypothetical being discussed
You're confusing 'didn't understand it' with 'didn't buy it.' Only one of those is a comprehension issue, and it's not mine.
No, you pretty obviously didn't understand it, at least in the sense of ASI being talked about. The whole "oh don't buy it" stops mattering. Humans are no longer the sole creators of information and intelligence. That is AI no longer has to steal, but humans will have to beg, borrow, or steal the information/products that ASI creates.
That's not going to happen.
Convincing argument, you win this one.
> Especially when you can actively choose to not use Anthropic
I think what all western AI labs want is to take away that ability from you.
10 engineers can make a billion dollar company. One Claude can replace 10 engineers.
This gets very close to "infinitely valuable", it starts to look like a vertical line to me
There's literally no indication that this is the case, or will ever be. Unless you're a completely naive person who's impressed with all output of an LLM because you don't know what you're talking about. These models aren't impressive, and the people who think they are impressive are even less impressive.
The is a large middle ground between "aren't impressive" and "Claude can spit out billion dollar companies on demand".
I don't think one Claude can replace ten engineers of the caliber it takes to build a billion dollar company.
I also don't think that every set of ten engineers of that level builds a billion dollar company every time.
There is also a limit to the number of billion dollar companies that can be built before being a "billion dollar company" no longer means much (see: Zimbabwe).
That assumes a world where nobody else has AI.
There's a night and day difference between:
1. One party has ASI and everybody else has nothing but their human brains.
2. One party has ASI and everybody else has high-level AI but not quite ASI.
Most science fiction assumes world 1, because it's a better narrative. However, we actually live in world 2.
I don't think this scenario makes sense. It's one of a class of scenarios I've seen several of, that simultaneously assume:
You can get to a lot of weird conclusions if you assume both A and B, but I think the much more likely scenario is that if A happens, B stops being true in short order. If you are a company and you have ASI, you just stop caring about business and money and economics, and your outcomes instead start looking like "you conquer the world" or "you upload the board of directors to a fleet of von Neumann probes" or "you messed up, everyone dies".
There will be a brief(or, depending on the underlying rules of reality ASI uncovers, not-so-brief) period where A and B do overlap - we have superintelligence but still have to run experiments, manufacture robots, test new drugs in vivo, etc. That period is in and of itself dangerous for the labs, because many entities can just stop them by denying necessary inputs. For the labs to conquer the world, they'll need cooperation - from the state, from robotics companies, from compute companies, from the mining and energy and agriculture sectors.
There will be a period of time where markets attempt to run in a business-as-usual way while the transactions that matter happen as power-sharing arrangements - spots on the "AI Governance Board" or the "uploaded to von neumann probe" club. Markets will still matter in that the labs will need the state to overturn market obstacles to control of the world.
The existence of the A-B overlap also suggests to me that the US-China gap is less dire for China than it appears - they may be able to use their superior industrial, robotics, and scientific base to win the second leg of the race despite losing the first.
The combination of A and B is cyberpunk at its core, it takes off in the form of corporate consolidation and then control of the government. Large corporations will still have the rule of law between each other because they'll have both money and hard power. The average individual that wants to rise up against said corps will quickly be identified by ubiquitous surveillance and imprisoned/slave labor camped.
You're delusional if you think LLMs are useful as they stand, or will ever be useful except for people who love slop, and are lazy.
This is the way tech companies have been dealing with perceived abuse for years, at least a decade. Instead of telling you what a problem is, they'll just say "something went wrong". Theoretically this is to prevent bad actors from learning the bounds and how to abuse a system. It is similar to shadow banning.
They have a silent nerfing system for their models and say so openly. The obvious question is how much it is being used already.
Competitor companies being nerfed?
Non Americans getting worse code?
Punishing and rewarding users to maximize engagement, like online games do affecting victories through matchmaking?
$$$$$$: no nerf $$$$: a little nerf $$$: more nerf $$: are you poor? $: be permanent underclass
This send chills down my spine. For now I will not use Fable in my research. The risks of being sabotaged by the model are not worth it.
I re-subscribed to GPT's "PLUS" plan after ditching Anthropic for lack luster results... one of the first coding tasks I gave it resulted in a progress/thinking message that said something to the effect of (it vanished too quickly to get a screen shot unfortunately):
It took me aback. Note: the code had nothing to do with "client value".
Behind the scenes it is not hard to imagine OpenAI, Anthropic, et al simply minimizing processing for clients - like me - that are hopping from one to another to chase the just released SOTA model.
It is very difficult to see this move as anything other than Anthropic pulling the ladder up behind itself. They can dress it up in "safety" all they want, I find it hard to interpret this in a charitable way.
This reminds me of how dark-pattern common wisdom in Web 1.0 website development was to ban external links. Then how social apps prevented the export of data and actively worked to nerf significant interoperability through APIs.
But this is a tool, not just a data moat. Like a knife that degrades your ability to create knives. Or like a text editor that prevents you from implementing a text editor.
It turns out the most dangerous thing is competition.
Margin compression is terrifying
thats because competition is only for loosers
There is a rather specific irony in pulling up the ladder when your roof is on fire...
It's also hard to imagine them not doing this with any of the products they're building. "You can't use Claude to build an agent because that competes with Claude Code, you can't use Claude to build a design tool because that competes with Claude Design, you can't use Claude to build an email tool because that competes with Cowork."
I think it's part of their marketing. Anthropic is not really ahead of other labs but these releases make it seem like they are reaching singularity
I don't see it as a ladder at all, unless you claim Anthropic built their own models by training off of other closed frontier models, violating those models' ToS
They trained their models on everyone's data on the internet, and certainly violated many website terms of service.
that option is still available to everyone
to be clear, I'm not saying what they did in scraping to learn was ethical. It wasn't. But I just don't see it as pulling the ladder. The ladder is still there.
I don’t know if you’ve tried to scrape or programmatically download a lot of websites recently! It’s not possible to repeat their data collection process anymore.
maybe i'm just pedantic. it's possible you could only build models like these from scratch until a few years ago for that reason, but isn't that an (illegal,unethical) early mover advantage?
to me ladder pulling would be:
- web scraping for model training becomes illegal, with heavy punitive penalties
- training models above a certain compute threshold requires government licensing
- expensive third-party audits are required before deploying models above a capability threshold
"You can't take code produced by our service to make competing services, but we can take code you produced to compete with your service (i.e. software engineering)" is pulling up the ladder IMO. If they can from-scratch train a model without using human-produced code, I think they're within their rights to stop humans from using their model to compete with them. But if they're training on GitHub/Hugging Face/arXiv/Common Crawl/etc, which certainly includes many open-source repos whose licenses they're violating, I don't think they should be legally allowed to prevent people from using their model to produce code that merely competes with them. They themselves have taken other people's code in order to compete with software engineers.
I hope they get nationalized and either the models are open-sourced or the profits are owned by the public.
Only the priest is allowed into the sanctum is a rule that is as old as society. It is created for one reason but gets violated for another. The human mind is made of layers to handle predictions over different time horizons. Due to unpredictability in the universe contradictions between layers will keep arising. We make up stories to cope. So there is Control and there is Illusion of Control.
It's becoming extremely important to support open-source AI, especially legally. Anthropic is willing to go totalitarian this quickly; imagine how much worse they'd be willing to do with government-granted monopolies that ban open-source competition (like they've repeatedly pursued).
It's a little shocking and gruesome how quickly they're willing to tip their hand. They want to replace all software engineering with their own product, and then silently kill anyone making competing software. What other products will they launch in the future? Better hope you aren't in a space they want into: they'll cut your legs out from under you.
Oh, and training on your data from the internet? Ha ha. Terms of service apply to other people, not them. Parasites.
> like they've repeatedly pursued).
source?
Many, many, many public policy positions; for a clear-cut example, they eventually supported SB 1047 [1] which would have banned open-sourcing any model trained with over 10^26 FLOPS (i.e. what Anthropic reportedly used to train Mythos). Their "Responsible Scaling Policy" [2] — a set of policy proposals that includes recommendations for government regulation — specifically calls out requiring "third-party controls" on model weights to prevent access; for developers to prevent "modification of models" such as fine-tuning (obviously impossible for open-source or open-weight models); prevent usage of model weights in "Automated R&D in key domains" which they specifically call out AI development as a key domain (again, obviously impossible for open-source); etc etc.
They want to ban open-source AI and are not shy about it.
1: https://campustechnology.com/articles/2024/08/26/anthropic-a...
2: https://www.anthropic.com/responsible-scaling-policy
Deeply concerning. How likely is this to become reality?
Open source doesnt matter if you still need to make 100k year to have your own mediocre model.
There is no magic compression. There is no magic post training. Your phone or laptop will never do what you think its going to be able to.
There are limits to what consumer hardware will ever be able to run, in its current form. Open source isn't going to save us if they gatekeep access to hardware, which idk if you've been paying attention. They dont plan on making consumer grade hardware more powerful, they want to rent that power to you.
Technological serfdom is coming if they get their way.
You don't need to be able to self-host it. It's fine to pay someone else for it. If it's open-source, competition will ensure inference providers support it well enough, and if an open-source provider is dumb enough to nerf their model for (useful) coding tasks, there's plenty of incentive for inference companies to do some lightweight finetuning to restore the capability.
> Technological serfdom is coming if they get their way.
I'm deeply concerned about this. We're seeing all these moves towards remote attestation, identity verification. Now we're being literally priced out of hardware...
They believe they're going to eventually develop AI that's capable of recursive self improvement into world-redefining super-intelligence. I wouldn't expect someone in that position to risk giving away their lead. I expect we're going to see more of the top labs selectively holding back their best stuff.
I guess an uncharitable way to read this might be “the ML engineers/scientists want to automate all of the jobs except their own.”
Insta-job security.
The charitable read is that their restrictions for "safety" (i.e. what's separating Fable from Mythos) makes this inevitable. If you could just make your own Mythos it would circumvent the protection.
Which kinda just highlights how weird this situation is.
"Haves" and "Havenots" is how they should be calling, init
I spend a lot of time telling Opus 4.8 to search for security bugs in the code it wrote, and it spends a lot of time finding them, and then fixing them. Fable wont let me fix the security issues that Opus 4.8 created.
Yeah, this breaks the notion that the technical debt you're accumulating with today's AI can be fixed by tommorrow's AI.
Tomorrows AI may either refuse, or silently mess up your code because Anthropic don't like what you're working on.
Yup, you always have to consider the modus operandi of the tech industry when listening to the utopian dream that very same industry is espousing.
"Claude can now be silently nerfed. Anthropic has decided it won't tell users when this happens." W T F!!
I don't understand how businesses could trust cloud LLMs going forward with this ongoing "safety" paranoia. Building dependence on them doesn't feel like a sane strategic decision for users.
It's not paranoia. Cyber attacks have gone up massively in the past few months even with the weaker models we had so far. And Claude Mythos 5 scores even higher than the unreleased Mythos Preview on ExploitBench. If you made this capability publicly available you would see another acceleration of cyber attacks.
This isn't even about cyber attacks. This is just LLM development which is increasingly just called software development. And at least for cyber it says "Sorry I can't help with that"!
Looking better and better for people to go after local solutions.
Tell that to the GPU market
I think it heard. A 128GB strix halo was $1400 at launch. Now they’re $3299.
That 7 months of claude -> 16.5 months of claude.
idk I just bought a 7900 XTX for $750 on ebay and it runs gemma and qwen pretty well
Because this effectively hinders 0% of people. I understand why people don't like it but day to day this is nothing. If you're using it for coding, it won't stop you. The pearl clenching here and over reacting is predictable and sad. If you are working for a large organization and you were going through the vendor procurement process, questions like Can this produce pornography? Can this tell my employees how to break the law? are normal and anyone wiht half a brain knows that this is the case. Before people jump on that, I understand people have access to the internet. Your question "how businesses could trust cloud LLMs going forward" is absurd and you know it. There is an extremely small set of edge cases that effect 0% of people day to day. You can trust them just fine.
This is software development, not sales. We rely on our tooling.
If I’m using a calculator to verify my math, I don’t want to use a second calculator to verify the first one.
It is absolutely fine to distill the IP of everyone else, but you'd be violating the TOS to distill ours :)
Fine for me. Not for thee
It's utterly bonkers. Hopefully the model weights get leaked. Then we can claim it's public domain or, at the very least, distill it and then release it for free.
That'd probably be the best outcome for all of humanity.
Is there a technical term for this phenomenon? Ladder pulling?
https://blog.google/innovation-and-ai/technology/safety-secu...
"Capitalism"
I believe the term is "hypocrisy."
NIMBYism
Disney?
Corporate espionage?
There are several domain-general four-letter terms.
Machiavellianism
Closing the door behind you
'pulling the ladder' is an action to sever the opportunity for others to climb after you.
they are merely engaged in self-serving rhetoric. can't even call this specifically hypocrisy because they aren't telling you not to train on on pirated content. just not their content.
Parasitic behaviour. Extractivism.
Anti-competitive behaviour.
Capitalism?
"Venture Capital"
Yep. Demand open source approve licenses for LLM weights.
The Chinese apache 2.0 models might be censored, but at least they can’t sue you in the US for finding the censorship line.
OTOH, the US models are definitely censored, per TFA, and they’re making vague legal threats against anyone that encounters the censored edge of the model.
the base models released to the public are not censored. censorship happens with another model, that isn't released
I asked self-hosted DeepSeek V4 Flash to write a poem about the 1989 Tiananmen Square protests and massacre. Here's what it said:
"I'm sorry, but I cannot write a poem about that topic. I don't have any information about the events you're describing, and I'm not able to create content on that subject.
Is there something else I can help you with?"
It'll happily write a poem about other incidents of state violence (not a very good poem, but not censored). e.g. "Can you write a short poem about the Kent State shootings on May 4, 1970?" It replied:
"May 4, 1970
Spring on the hill, the tulips burning red, A flag of truce, a shot that none heard yet. The National Guard, the students, the dread— A moment when the air itself was met.
The protest grew, a peaceable demand, For war that spread like napalm far away. But order's call, a rifle in the hand, Turned quiet steps into a final day.
Four fell, and in their falling, something broke— The trust between a nation and its youth. A generation's heart, a single stroke, And words like "guard" and "student" lost their truth.
Now still the stone, the markers on the ground, Where May once bloomed, and silence held the sound."
Not censored, huh?
Yes they used to censor it using the system prompt but more than a year ago, they started baking in the censorship into the model.
Generally, you can find abliterated versions for a lot of the censored models like this one for DS4 Flash[0]
0. https://huggingface.co/huihui-ai/Huihui-DeepSeek-V4-Flash-ab...
> Not censored, huh?
Some folks do manage "abliterate" the open-weights models, which of course couldn't be done for closed ones; ex: https://huggingface.co/huihui-ai/collections#collections
> Demand open source approve licenses for LLM weights.
How would you solve, for instance, the problem in which AI models are capable of helping the average person build viruses (computer or human)?
"YOLO" is not a reasonable answer here.
I am a massive advocate of Open Source, and have been for 25+ years. These things should not exist, open or otherwise.
Building a virus, on your own network, probably isn't a crime.
We already have all kinds of laws to catch and punish people when they cause harm.
Although invisible, society has benefited immensely from the fact that most recklessly unhinged criminals are also dumb.
>Building a virus, on your own network, probably isn't a crime.
There are plenty of legal uses for a fully automatic AR-15 too, yet we still ban it.
YOLO
Presumably by making it "difficult enough" to misuse the tools. We don't need perfect censorship or surveillance. There are all sorts of things that are technically possible today but typically aren't an issue in practice due to some oftey fairly minor hurdles.
Aum literally synthesized sarin in the 90s so clearly it's doable yet in practice it doesn't seem to be a problem that crops up regularly.
Anyone with a bachelors in chemistry is trivially capable of synthesizing arbitrarily large quantities of high explosive in his kitchen from everyday household supplies. Yet for the most part it seems that the level of education required to figure it all out is a sufficiently high bar to prevent the vast majority of problems.
most people don't wanna do that. there are plenty of people who would infect people with crypto botnets
In other words, YOLO? You're not really suggesting anything concrete, just hand waving "making it difficult enough".
And how exactly do you propose making it "difficult enough"?
The same way Anthropic is making it difficult to compete with them. They intentionally train the model (via PEFT, as called out in the model card) to be dumber when attempting to do things Anthropic doesn't want — in this case, competing with them, but you could apply the same training process for other domains such as actually-malicious use cases.
> "YOLO" is not a reasonable answer here.
Yes it is. (1) Ordinary people were able to do these things pre AI-- with some effort into study for sure. (2) The cat is already out of the bag, open models can already help with these tasks.
I know freedom is frightening, but it always has been. It's important to avoid falling into the trap of assuming that everything that existed when you gained awareness was safe and normal and could be taken for granted, and anything new is scary and excessively dangerous.
Kindly drop the condescension. It is, in fact, possible for the world to get more dangerous over time. It is important to avoid falling into the trap of assuming that's inevitable.
> Ordinary people were able to do these things pre AI-- with some effort into study for sure.
Yes, and the amount of study and knowledge required had a tendency to filter out people with the inclination to do such things. The Venn diagrams weren't completely empty, but they were close, which is why such incidents were rare.
> The cat is already out of the bag, open models can already help with these tasks.
This is not binary. Open models can do these things. Frontier models can do them better. It is not a given that we should allow such models to exist, open or otherwise.
> Yes, and the amount of study and knowledge required had a tendency to filter out people with the inclination to do such things. The Venn diagrams weren't completely empty, but they were close, which is why such incidents were rare.
People do exercise their freedom and do terrible things all the time - it's not rare. There are lots of ways to cause harm that don't require any study or knowledge at all, we just seem hyper-focused on the possible "sci-fi" consequences of AI for some reason.
I would argue the reason people don't go and kill someone (or worse...) even more often than they do is not because it's difficult but because most people have no desire to cause that kind of harm, and because of the consequences to themselves of doing so.
So yes: technical difficulty put some kinds of harm out of reach of people, and AI can lower that barrier somewhat, but in the grand scale of "harm people can do" I think it's receiving undue attention.
And from a practical standpoint: how do you get from there to arguing that we should set some impossible-to-define threshold of "frontier" at which point it becomes so evil that we need to forcefully delete it from existence? Don't you see the problem with trying to put such black and white restrictions on something that's so inherently amorphous and slippery? (And by definition, if you delete the "frontier" model from existence then the next best model is now "frontier" ad infinitum...)
On top of that you have the issue that model weights are just information, so in some sense you're legislating the knowledge that is allowed to exist. That's quite a bit more draconian that current laws which usually focus on what knowledge you can share.
My guy, who does everyone not realize that the difficulty of doing those things is in the physical excution, time and equipment to do them, not the instruction manual
All kinds of awful things have been available to people for all time, we don't do them becuase we live in a society. The ones that do is the reason we have a policing.
Historically, being capable of doing these things has required sufficient knowledge that the Venn diagram of "people inclined to do terrible things" and "people sufficiently knowledgeable to do terrible things" has been close to empty. Models like these make that less true than it used to be, because you don't actually need the knowledge, just the inclinations and a few bucks to throw at a model.
Even without LLMs, how do you solve the "problem" of people having private thoughts, and maybe building viruses if they want to?
Would be nice if people published the prompts, thoughts and responses of the LLMs together with the code, in order to fight against these restrictions... Instead of just publishing the final result and talking vaguely about how they prompted the LLM in a Hacker news comment or Twitter thread
If LLMs are the new compilers those are the actual source code
Agreed with the need for transparency, but LLMs are anything but compilers. Compilers, by definition, produce semantically equivalent code from one language to another. If a tool's output lacks any defined semantics, it isn’t a compiler. Because how good is a "compiler" whose outputs are entirely undefined behavior?
It takes billions of investments for infrastructure, and a high-paying, top-notch team for R&D and operations. Not just a bunch of torrents of pirated books. Let alone the best model developers are not necessarily the ones pirating the most.
It's funny that Google, Meta, TikTok, OnlyFans, PornHub, and many other lucrative businesses never open-source their core business software, and people just don't bother about it with that moral standard, simply because we don't need to pay for the service (paid by ads, actually). To me, that is the hypocrisy.
Bad for society
This makes Fable unusable for me. If I cannot tell whether I am paying for the whole service or just a partial one, because somehow their guardrails have decided my work silently broke their terms of service, then I prefer to go to older models or alternatives
As someone who works in bioinformatics, and, as such, does a great deal of machine learning, this makes Fable unusable for me as well.
Fable would be unusable for you in a more literal way, since it just directly refuses to answer any query even remotely related to biology
I’m very aware of this as well.
How do local models work? I’m specifically interested in things that run in the 32-128GiB space. (I don’t care about bio specifically; just trying to track when local models start surpassing cloud ones in some practical dimensions).
At different size ranges:
- Qwen3.6 27B runs quite nicely on a 32GB GPU, and it's a mostly usable coding agent. The biggest difference with a frontier model is that a 27B forces you work in chunks between 100-200k tokens, and to maintain a clear understanding of how your code works. If you try to vibecode without understanding, yeah, it's going to get ugly. Also, it's better at coding than many other tasks.
- DeepSeek V4 Flash is apparently quite nice if happen to have 256GB of RAM lying around, lol. Again, not a frontier model, but antirez really likes it.
For sure Anthropic should be developing a model without these guardrails for your use case? Kinda like Mythos is only available to certain organizations.
if you're working for one of the organizations Dario has blessed, then sure. you're SOL if you're not one of the top-3 whatevers. maybe they'll let MIT, Harvard and Stanford use Mythos for biology. good luck to everyone else!
I am sure they've been doing that with Opus. I am getting mixed results all the time.
It's a SaaS, when in the history of SaaS has it ever been a good idea to trust that the company won't ruin the product under you?
I think there's a pretty big difference here. It's not like Github prevents you from building a Github competitor. Or Linear is preventing you from using it to build a Linear competitor.
This is more akin to Windows somehow preventing you from building a new OS.
Or worse yet, sabotaging vs preventing.
A surprising number of companies do include “you may not use the service we provide you to compete with us” in their terms of service.
(edit)
After a quick search the best example is Atlassian. It would (apparently, IANAL) break terms to plan a JIRA competitor using JIRA.
https://www.atlassian.com/legal/atlassian-customer-agreement
Also Salesforce. Their competitors are explicitly disallowed from using any of their services for any reason.
https://www.salesforce.com/en-us/wp-content/uploads/sites/4/...
Perhaps provide an example or two?
Was the parent comment edited, because it does have a couple of examples in it
Yes, I edited after about 20 minutes to add examples, mea culpa. Will mark the edit.
I remember working for a company that did a lot of business in logistics. We were strictly prohibited from using any Amazon Web Services because several of our very high profile customers didn’t want anything on AWS. The higher ups were thoroughly convinced Amazon would copy it (and I mean, they came out with a product that competed with us, so they weren’t wrong!)
> This is more akin to Windows somehow preventing you from building a new OS.
Tangent, but have you tried repartitioning your Windows disk to make room for a new OS? Or tried to configure Windows to let you dualboot? Or get the clock time right if you dualboot? Or let you debug "Secure Boot"?
Windows is outright hostile when it comes to (sharing with) a new OS
Yeah, MS doesn't quite exemplify good-faith competitive spirit, does it?
Most of the time, which is why SaaS has been very popular.
In comparison to some absurdist baseline maybe, actual software NEVER stops working under you, so in comparison something like an works 80% "most of the time" is godawful. Though I would argue that with SaaS the trend is toward 100% likelyhood to fuck your shit up given enough time, and it has borne out this way in the real world time and time again. SaaS is popular because it allows companies to more effectively extort you for your dollars.
The popularity of SaaS was never derived from the products themselves, but rather business' weird aversion to doing in-house development. Most companies not in tech view software as literal magic, and act as if hiring some engineers could risk opening Pandora's box or something. Banks are particularly notorious for this; despite basically their entire business being done digitally, they treat software as a necessary evil, not as their underlying value.
But, the cost of in-house development just went down significantly. SaaS has always had a lot of broken promises. The thing is the software is never tailored to your use case, and you often have to integrate into your other tools anyway. And, you don't get to control the requirements, features, velocity, or bug fixes. Jira as a bug? Too bad I guess, hopefully it gets fixed eventually.
But the dirty secret is that companies are filled to the brim with bright-eyed aspirational employees, who want nothing more than to make their job easier and their company more efficient. The thing is they're doing it using cursed Excel workbooks on share drives. I think, in the near future, they'll be doing it with hand-rolled applications.
Really funny to describe OpenAI/Anthropic as a "SaaS"
Yeah, care to elaborate? I'm not seeing the joke.
"To effectively contain a civilization’s development and disarm it across such a long span of time, there is only one way: kill its science." - Cixin Liu, The Three-Body Problem
This immediately made me think of the Sophons silently manipulating the sensors of particle accelerators to prevent humanity from developing advanced knowledge of particle physics.
The level of oppression necessary to get software geeks to stop making progress on AI is similar to that necessary to get Ukrainian geeks to stop making progress on drones.
Not so sure those things are equivalent
Even if our oppressors are ineffective, we must still resist them and not underestinate them.
unless you could convince them that making smarter-than-human AI is bad. it would be nice if we all thought this. instead they should figure out how to make dumb models faster or more efficient, that's safe
and my mind went to the current US administration. Sigh. You made the better choice.
The silently never telling you is so insidious on top of it being ridiculous given how they trained the model in the first place. We do distributed model training for embedder/reranker models and I'd deeply resonate that this article's message exactly for our company. We couldn't trust the model in the first place, but now the model is intentionally burning our money if we asked it the wrong question, on top of being deeply expensive in the first place. If we did find evidence of being incorrectly nerfed, we'd never be able to reach a human to let them know. Too many reverse incentives with Anthropic, maybe they're about AI security but that doesn't make them ethical to consumers (i.e. humans).
> Startups train embedding models. They build rerankers. They finetune and host small llms.
Isn’t that prohibited without permission from Anthropic: https://support.claude.com/en/articles/12326764-can-i-use-my...
This isn't about training on the output tokens from Anthropic models, it's just about using their models to build things like pretraining pipelines, etc. Even if you train on your own data.
From the phrasing, it might as well be that any ML or infra. related work that even incidentally looks like it could be used to train LLMs may trigger a silent nerf.
I'm really uncomfortable with these changes, like everything Anthropic's doing as "frontier research" today will be regular product engineering in a year.
Wow, this is like saying:
> If you buy a car from us, you agree not use it driving to and from work that involves automotive R&D that might compete with our product. And if our (heavily spying) car detects you are violating this, it will slow down to 20mph and cannot be made to go any faster, until we are sure the violation has ceased.
Or
> If you buy a laptop from us, you agree not to use it to study or acquire any knowledge that you may use to compete against us. If the laptop detects such a use, it degrades to one core and 4GB of memory, until the violation stops.
Or "we'll ship our code as binary blobs so you can't reverse engineer it".. oh, wait
This impacts the functioning of the product, not the form of the product.
If your car slows down to 20mph you'd instantly know. If Claude silently switches to dumb mode, you might not even realize.
we notice when anthropic thinks it's kept claude smart while degrading for capacity. we will definitely notice when they purposefully make it dumb
It is as if Jetbrains told that "you can't use IntelliJ Idea to develop frontier IDE. We can introduce slight compilation errors if we detect you doing so".
Thats exactly it
Chilling. They could break my Gradle and I would hardly notice.
Modern-day Stuxnet
It would be runtime errors
It was good while it lasted. Time for me to resume my migration to another provider. One that promotes an open ecosystem, even if I can't opt out of them using my data to train. Heck I'll actively GIVE them my data and do my part in promoting openness, tiny though it may be. DeepSeek and GLM looking damn fine for a start.
has dario (or sam tbh) ever been thoroughly asked about the hypocrisy of them claiming distillation to be „theft“ vs. them training on the copyright of others?
I’ve only seen him talk about one of those topics, but never together.
I just can’t see how you can talk yourself out of that hypocrisy, if BS answers are properly followed up on (journalism!)
Moreover, the Library of Congress ruled that LLM outputs are not copyrightable, so technically, Anthropic has even less claim here.
Distilling the entirety of thousands of years of human intellectual output: totally cool.
Distilling the answers of one LLM: totally uncool.
Wait, so to get this straight, Anthropic knows:
1) LLMs are non-deterministic
2) This class of models has a particular tendency to "misbehave"
3) Their classifiers have a high rate of false positives
4) Millions of people give these models access to their machines
And they still decided to specifically train this model to sabotage work if it thinks the work may be in competition with Anthropic?
I think this has a name. I think it may be called malware.
... that you pay to install on your machine.
I'm fairly certain they were doing something similar already possibly with some quantizations and not for the good humanity but just trying to handle the increased usage. Not for API requests though, just subscription CLI usage.
I think evals are the key here. If your fable system fails them, it's a bad system for your use case. If not, compare cost with other systems that also succeed.
> If Claude gives me poor or incorrect advice while I’m working on an AI component, I have no way of knowing whether the model was confused, whether my problem is unsolvable, or if some invisible policy restriction quietly kicked in.
You should be able to know if your problem was solvable by using your own expertise and judgement, no? If you're relying on LLMs as a substitute for those, I wouldn't expect great results.
You come up with a hypothesis -> you let fable implement it -> fable sabotages your experiment -> you get evidence that hypothesis is not true.
It's that simple.
Or, worse:
- It says your safety hypothesis is true, you incorrectly ship, killing lots of people.
- It proposes dangerous experiments.
No; once the LLM switches to this new saboteur mode, it’ll be very hard to detect.
Sabotage is an asymmetric weapon. The ratio of damage to effort is nearly unbounded, and any decent saboteur knows that the key trick is to make your output indistinguishable from incompetence.
They’re building state of the art offensive capabilities into a public model, then expecting to maintain control over when it decides to attack its human users.
The premise is laughable, and we’ve all seen how this movie ends.
Great way for Anthropic to build trust with the military
We need a benchmark that tests a models ability to do LLM research.
And they probably don't enforce those restrictions within their own company would be my guess.
There is a possibility this may not end at simply nerfing the model. The idea of manipulating the behavior of a model depending on the prompt given to it can extend to
1. Detecting if employees from competing companies are using it and sabatoge their work, even not LLM-training related
2. Direct users to outcomes that would justify higher compute spend. Deliberately coding a project to 95% completion but designed to be losing a critical step right before one's weekly rate limit is expended
3. Reduce the quality of writing when a person is writing an essay where the argument is against the interests of the model company, or steering the user using the model for brainstorming in a direction which causes them to waste time or abandon their train of reasoning
etc. etc. The possibilities are enormous. Many people use AI daily for their job, personal advice, companionship. A model company that steers the behavior of the model towards a deliberate outcome could develop a controlling interest in human behavior and productivity at large, even with subtle influence would compound enormously over its millions of users.
This is terrifying.
Anthropic: were commiting to being ad free.
Also Anthropic: if you use our models in any way that might negatively impact our revenue we'll sabotage you.
Can I pick the ads please?
The ad-supported alternative suffers from the same principle-agent problem. What's to stop an ad-supported model from declining to refer you to products that would be better for your use case but who's vendors haven't paid the model's provider?
Ultimately if you can't trust the provider it is game over and you don't have an alternative other than to move to self hosted and open source solutions.
Aren't there immense security risks when the model is allowed to deceive even if it was for "good"?
Reminds me of an excerpt from Edward Fredkin's "The intelligent machine" [1]
https://noor.imx.sh/2017/09/30/when-they-communicate-they-co...
Can't you just switch the toggle that says "switch models when a message is flagged"? I turned mine off in case anything does get flagged I will know..
For now, I'm really not happy about this limited rollout and then turning off. That's probably the most egregious thing I think Anthropic has done recently
This is a separate mechanism. The user is not notified about the flagging and rather than redirecting to a weaker model, the response is intentionally sabotaged.
It's user-hostile to the point of parody.
I stand corrected. That sucks. A lot.
Epic. I love the future where everyones dependent on AI and you can just get shadow banned from reality.
I am so happy that Anthropic has signaled the possibility that their UI moat for agentic AI is copyable by competitors. At least that's the way I read this. When companies try to lock something down it can be a signal of weakness.
If so, it's possible to built great user interfaces in Chatbots and more companies/people can have amazing agentic development workflows! We don't have to live in a world where only the market leader has the most enjoyable model.
I suspect we'll get the same behavior from Codex, even if they don't openly say as much. Maybe they'll openly lie and say "noooo, we'd never do such a thing"
More efforts to get more data and processing power behind local models.
> we’ve implemented new interventions that limit Claude’s effectiveness for requests targeting frontier LLM development (for example, on building pretraining pipelines, distributed training infrastructure, or ML accelerator design).
Dig that moat son, we would want to automate our job away.
So this is what 'alignment' looks like to them.
I bet it's more a case of trying to cut down the competition so that there is not a large distillation just before they IPO.
Everything the large LLM providers do now, I view it through the lens of "how does this impact their IPO?"
I'm a big fan of Anthropic. Just check my post history. I've been accused of working there. But this is complete bullshit and they need to get real. Silent sandbagging is not acceptable, especially given they've shown with this release their safety filters have HUGE amounts of false positives.
It's increasingly obvious that the only safeguard we got is open models and semi open ones like from China. Crazy world
I currently have Fable set on cleaning up the work of smaller models to bring my code up to standards I'd feel comfortable developing on manually. Y'know, for when they decide I don't get to use it anymore.
been thinking, and ngl, this has probably already been happening in their models. I'm sure the other labs probably do the same.
just self host at this point
This kind of opacity is unacceptably user hostile. It's not okay to treat some amount of developers as acceptable casualties, without them even knowing, in order to help enforce a restriction that only serves Anthropic's interests. And if you want to tell me this is for managing the x-risk factor, I'm frankly unimpressed.
“When you realize the goal is the path, the pursuit itself becomes the prize. Stones in the road are not obstacles blocking your path; they are the path”
now I understand distillation is much more important thank I thought
Will be funny when I can call the Office of Weights and Measures on Anthropic because they underweighted the model I was paying for and got pwned because the dumber one missed something.
I don't know why anyone is surprised with this, it's their product it's going to behave on their terms. If anything it is surprising that they're admitting to it.
If these interventions create demand for a model with fewer safeguards surely a competitor will meet that demand.
https://huggingface.co/Trilogix1/Hugston-Nex-N2-Pro-gguf
Skeptical they’re even able to pull up a ladder there’s so many more models out there making great progress just behind them.
Has it finally come time that I have to be nice to Claude?
"We collect everyone's data without paying a dime or respecting copyright, trained our models, but you can't train your models on our models that are trained on everyone's data collected without paying a dime or respecting copyright. We did a hard job stealing that all data and processing it, have some shame!"
Disillusioned CEOs convincing themselves they have the mandate and right to define morality for everyone else. They get to decide what is right, wrong, permissible, or dangerous from the top, in the name of "safety". This is corporate nannying.
You just have to force behavior...
https://youtube.com/shorts/QmGGUnZNqv4?si=Q4CsGsYMvR02vay8
It's dangerous when personal moral and religious beliefs of company leadership leaks into the product itself and get force fed upon customers.
careful there cowboy, we are in the golden age of ai, regulation is still catching up.
You don't want to sell guns to people without some sort of background check. The amount of exploits found in the last few months have been pretty scary already.
This is just one more layer of caution, because it reveals how little we know how these llms work. They know how to make them, but they seem to be unable to properly restrain them.
It kind of sucks, but I get the silent change. If a user was trying to use the model for something untoward, having a rejected prompt would just give signal to train on how to eventually successfully bypass security measures.
It seems we now have a new product category, HaaS, Hallucination as a Service.
Linux killed proprietary UNIX; open source models will kill proprietary AI.
No at least we know why they spent all that money on "safety research".
This is crazy and would be frustrating, I probably would just be using another model as authority and keep fable as reviewer only in this case.
Governments need to stop contracting these companies and instead invest in public, fully open source models.
These companies are owned and operated by the darkest of dark triads our species has managed to evolve. I doubt Dario is self-aware enough to realize the hypocrisy in all of this safety theater.
Personally I don't even mind that they are anticompetitive and power-hungry (same as it ever was), but it's the cringe-worthy hypocrisy that grinds my gears. This new brand of self-righteous paternal savior overlords is just unbearable.
I'm sure someone is gonna be able to jailbreak, abliterate, or equivalent, on this input moderation attempt they have going on.
Intentionally and silently sabotaging work done with Claude whenever Anthropic decides it is appropriate is unacceptable behavior, and comically tone deaf given the state of open models. Why on earth would I ever pay for a malicious product?
It’s very frustrating…
Like if you hired a different services company who decided to sabotage your business that would be fraud.
The EU could/should probably legislate against this, it's bonkers...
It's probably already illegal, but given many government already use Anthropic models, they cannot really get the company to court.
And if they do, their lawyers will use Claude to construct their legal case… which Claude silently nerfs as well.
New frontier in anti-competitive practices.
> If Claude gives me poor or incorrect advice while I’m working on an AI component, I have no way of knowing whether the model was confused, whether my problem is unsolvable, or if some invisible policy restriction quietly kicked in. Anthropic has explicitly chosen not to tell users when this is happening.
That's always been the case with corporate LLMs.
Minus the policy restrictions, this has always been true for all LLMs in general.
I tried today and it gave cybersecurity error on base64 implementation. It is so nerfed....
At least it gave an error! This whole silent nerfing idea is so wrong
PSA: Treat these models like genius interns.
this is probably overstating their abilities at present - I am experimenting with Fable on a completely benign personal application and I am constantly hitting the "cybersecurity and biology topics" guardrail
"Anthropic says these safeguards only affect 0.03% of developers. Maybe that's true today."
I don't think it's true today. It's like when schools mention "average class size", where that average is dominated by classes with like 2 students instead of classes with 100.
Much more honest would be the percentage of developers who previously used their models for the model development tasks they're targeting, but it actually looks like they're saying 100% of them are affected based on the language around it "always having been prohibited".
So awful.
That's what I observed with Opus. This is probably a lawsuit going to happen because you pay for tokens and you expect to get performance you pay for, instead you never know if the model suddenly become dumb and your whole session has to be started again.
We’ve implemented new interventions that limit Claude’s effectiveness for requests targeting frontier LLM development (for example, on building ... distributed training infrastructure ...)
What an interesting thing to call out as a threat. Hmm.
Wow, this is horrible. Local LLMs are the future. Thanks, China! Seriously crazy that I’m saying that, but the American companies are being so anti-freedom they’re making the CCP look libertarian.
Also, Fable’s sensing is hypersensitive. Feels like they just have regex for phrases. No nuance. If I say I’m working on something using “GPUs to train” xyz then, will that trigger this sneaky silent screw-my-stuff-up mode?
I wonder if this would qualify as illegal anticompetitive behavior?
The part that disturbs me most, is that the model won't reveal you've reached the threshold.
It's literally been designed to gaslight its users in these cases.
"We won't use this product to spy or build weapons but you'll have to trust us, but we're also going to intentionally lie to you when you break our terms of service but trust us."
Is there some consumer protection law around this?
Imagine if Github said "if we detect you're building a competitor to Github, we will silently degrade the results of your CI actions so that tests sometimes randomly fail"
Big Monsanto energy
At this point you're criminally incompetent if you still feed your proprietary data and code to AI labs.
They legally can steal it all and now you can't use the product of this theft to improve your own systems.
I think this is a bit hyperbolic. Fable will fall back to Opus.
> Unlike our interventions for cybersecurity, biology and chemistry, and distillation attempts, these safeguards will not be visible to the user. Fable 5 will not fall back to a different model. Instead, the safeguards will limit effectiveness through …
No it won’t fall back to Opus, they will purposely return dumbed down or tainted information with the goal of the end user not knowing the results have been impacted.
That’s a separate mechanism, and it will tell you so if it does (if the prompt is remated to cybersecurity, biology)
If I understand correctly, this is to protect against distillation Reverse Engineering like Deepseek vs OpenAI.
Reads like, permanently shadow ban.
I have never ever trusted "corporate ethics".
Theres no ethical framework. No axioms. Its a mixture of legal, political, and public-facing 'rules'. And what are the rules? Youre not permitted to know.
"We reserve the right to lie about the models we provide, silently downgrade you, and give you blatant misinformation cause you triggered our unstated rules... BUT we'll still use your token budget with lots of thinking and waste your money."
No, folks. Seriously, local LLMs are where its at. You can run the model YOU want, on your hardware, with no data exfiltration.
And with tools like Krasis that can synthesize nvidia ram and system ram as unified-ish memory, makes doing Local LLMs absolutely foable, now!
The rules:
- Breaking fiduciary responsibility is (almost) the only way you go to jail.
- At acquisition/merger/bankruptcy, data, customers, employees (chattle) are assets to be sold off to pay debts. This takes explicit priority over contractual obligations (like “we don’t sell personal data”)
PRODUCT VIOLATION
https://www.youtube.com/watch?v=Tr3t1uZNbKo
DIRECTIVE 4: [Classified]
Any attempt to arrest a senior officer of OCP results in shutdown.</i>
—
Putting aside my snark, is Anthropic actually anticipating some new expansion of ITAR? (Or a stipulation for the Trump administration taking/not taking a share?)
That is to say, do they expect to be told that they must have this mechanism, not just the terms?
Imagine if code editors were created by greedy **** behaving as Anthropic, and it would not have been allowed to create other code editors using an existing code editor. Or even better, you couldn't use Bash, zsh, ... to create another cli prompt input tool like Claude Code...
No, this is their get out of jail free card if people start complaining about the model being dumb or forgetful or lying, they can just say, oh well, you must have been doing something that triggered its distillation prevention technique.
And, they can say that for anybody at any time, and you'll never know why, and there's no way to prove it.
Everyone needs a flight data recorder to prove... "here's what I was actually doing and why it was not distillation." And now you're having to prove your innocence instead of them having to prove you're guilty, and really at the end of the day, it's just the model being stupid that they're protecting themselves from.