← Back to context

Comment by infecto

6 hours ago

What is your deal about contract law? It’s not some mystical thing. You can get red lines with Anthropic, you can get a DPA with Anthropic. You keep going on and on about governance and contract law on a thread about how Claude Code is pretty useful for nontechnical people.

Risk is always nonzero but you can already today get pretty comfortable with most of these orgs with some customization in the contracts.

14 comments

infecto

Reply
Ucalegon  6 hours ago

Does Anthropic's DPA provide indemnity to code thats produced from the product and any damages associated with security vulnerabilities within that code?

We are talking about vibe coded applications by executives and the risks that are associated with that, nothing within a DPA covers that. Please, be my guest, link an Anthropic DPA which includes indemnity for damages associated with the code produced.

Again, you keep showing your lacking of understanding of the domain in some really fundamental ways which shows that you haven't negotiated B2B contracts nor have you held a position of responsibility where you hold liability.

But keep responding because this feels more like therapy for you, and your feelings about people like me, rather than the realities of the exposure that come from vibe coded applications for executives.

  • infecto  5 hours ago

    I concede that I started the thread with a joke but wow you really are upset. Let’s take a step back. Apologies again for that joke it just the entire discussion reads like non-technical non-legal advice you get from the typical corporate IT.

    Each entity and group have to consider the risks. I don’t think anything you’re trying to point at though is really useful for the discussion at hand. There is absolutely a use case for Claude code/cowork/codex and related tools to be used by non-technical folks. There is also a lot of figuring out in each of these groups. Unfortunately IT in most orgs in what I have seen have ignored the art of what’s possible for the last 3 years and now that we have hit this inflection point are scrambling to catch up but sadly the incentives are usually not aligned so they are really only incentivized to not take any risks.

    • caminante  5 hours ago

      > I concede that I started the thread with a joke but wow you really are upset.

      You went further than "a joke."

      You continued making aggressive, non-substantive remarks that were out of line.[0]

      #1 > you have no idea about the details.

      #2 > i don’t think you have a grasp what’s going on around you.

      #3 > What is your deal about contract law? It’s not some mystical thing.

      You wasted everyone's time.

      [0] https://news.ycombinator.com/newsguidelines.html

      1 reply →

    • Ucalegon  5 hours ago

      There is a fundamental difference between non-technical users from using Claude, or any other LLM, for whatever reason and whatever they produce being produced into production.

      There are significant reasons why an organization would not want to use Cowork, because it does not fall under Anthropic's ZDR [0], which is a huge issue for... anyone dealing with anything sensitive.

      What I think this comes down to is that you value velocity regardless of whatever the costs. We will get to see how that solves itself, there are going to be a lot of billable hours that are going to figure that out.

      But none of this means that you have any idea what you are talking about nor do you understand why individuals or organizations act the way that they do.

      You are free to do it better. Please do.

      [0] https://code.claude.com/docs/en/zero-data-retention#what-zdr...

      7 replies →

caminante  6 hours ago

> You can get red lines with Anthropic, you can get a DPA with Anthropic.

IMHO,

1. Dismissing attorney client privilege is reckless

2. and the vast majority of users aren't aware of what "customization in the contracts" is needed to enable autonomous agents or if it's already contractually allowed.

This is still a fair question:

> Do you, and those executives, own the risks associated with that practice? Are those risks actually indemnified?

  • infecto  5 hours ago

    I think you guys are hitting on very specific issues that would only be constructive in the context of the business group using these tools. There is a discussion but I don’t really see the point in this thread. I see some folks from more of an IT background pointing fingers instead of the discussion at hand. Absolutely groups need to work with their legal representation to figure out an acceptable level of risk. Everything has non-zero risk. But again none of these specific points really hit on anything for this thread.