Matmuls need access to decrypted weights to do their work.
Which means that getting the full weights out isn't even an "if" - it's "how much effort". The encryption wouldn't do much more than a gentleman's agreement would.
The only real move for Anthropic there is to outline contract penalties for letting weights get leaked, and never give less trusted external inference providers access to cutting edge system weights.
Exposure is limited either way. Opus 4.7 weights are a deprecating asset - it's bleeding edge today, very valuable now, but it'll lose a lot of its value the moment Opus 5.0 drops.
That would require hacking Nvidia's GPUs/racks to extract the weights. The weights are encrypted, sent to the GPU/rack encrypted. When it does inference, it will use decrypted weights but there is no way to get those weights unless you find a way to exploit Nvidia's GPU security.
Do you think OpenAI would send CoreWeave their GPT 5.5 Pro weights if an admin employee at CoreWeave can access the full weights unencrypted? Of course not.
The overhead shrinks with larger models. It doesn't seem that bad.
https://arxiv.org/pdf/2409.03992v2
The whole system has encryption all the way through.
Otherwise, OpenAI/Anthropic would never use external clouds since the weights are some of the most valuable assets in the world.
Matmuls need access to decrypted weights to do their work.
Which means that getting the full weights out isn't even an "if" - it's "how much effort". The encryption wouldn't do much more than a gentleman's agreement would.
The only real move for Anthropic there is to outline contract penalties for letting weights get leaked, and never give less trusted external inference providers access to cutting edge system weights.
Exposure is limited either way. Opus 4.7 weights are a deprecating asset - it's bleeding edge today, very valuable now, but it'll lose a lot of its value the moment Opus 5.0 drops.
That would require hacking Nvidia's GPUs/racks to extract the weights. The weights are encrypted, sent to the GPU/rack encrypted. When it does inference, it will use decrypted weights but there is no way to get those weights unless you find a way to exploit Nvidia's GPU security.
Do you think OpenAI would send CoreWeave their GPT 5.5 Pro weights if an admin employee at CoreWeave can access the full weights unencrypted? Of course not.
1 reply →