Comment by Milderbole
16 hours ago
If the article is not just marketing fluff, I assume a bad actor would select Claude not because it’s good at writing attacks, instead a bad actor code would choose it because Western orgs chose Claude. Sonnet is usually the go-to on most coding copilot because the model was trained on good range of data distribution reflecting western coding patterns. If you want to find a gap or write a vulnerability, use the same tool that has ingested patterns that wrote code of the systems you’re trying to break. Or use Claude to write a phishing attack because then output is more likely similar to what our eyes would expect.
Why would someone in China not select Claude? If the people at Claude not notice then it’s a pure win. If they do notice, what are they going to do, arrest you? The worst thing they can do is block your account, then you have to make a new one with a newly issued false credit card. Whoopie doo.
> Why would someone in China not select Claude?
Because Anthropic doesn't provide services in China? See https://www.anthropic.com/supported-countries
Can confirm Claude doesn't even work in Hong Kong. That said I fired up my VPN and...then it did work.
1 reply →
Not really a relevant issue or concern for a nation state backed hack…
What your describing would be plausible if this was about exploiting claude to get access to organisations that use it.
The gist of the anthropic thing is that "claude made, deployed and coordinated" a standard malware attack. Which is a _very_ different task.
Side note, most code assistants are trained on broadly similar coding datasets (ie github scrapes.)