Comment by bkjlblh
5 days ago
> In light of the ability of recent models to accelerate their own development, we’ve implemented new interventions that limit Claude’s effectiveness for requests targeting frontier LLM development (for example, on building pretraining pipelines, distributed training infrastructure, or ML accelerator design). Using Claude to develop competing models already violates our Terms of Service, but enforcing this restriction through our safeguards avoids accelerating the actors most willing to violate these terms.
> Unlike our interventions for cybersecurity, biology and chemistry, and distillation attempts, these safeguards will not be visible to the user. Fable 5 will not fall back to a different model. Instead, the safeguards will limit effectiveness through methods such as prompt modification, steering vectors, or parameter-efficient fine-tuning (PEFT). These interventions will not affect the vast majority of coding work. We estimate they will impact ~0.03% of traffic, concentrated in fewer than 0.1% of organizations
Could this be legally construed as anti-competitive behavior?
Edit: I asked Claude. It replied:
> Consumer protection / deceptive practices. In the EU this would be a clear UCPD (Unfair Commercial Practices Directive) issue and potentially a DSA violation. In the US, FTC Act §5 prohibits "unfair or deceptive acts." Selling a product that secretly performs worse than advertised for a commercially self-serving reason, without disclosure, is textbook deception. The Samsung/Apple battery throttling cases are instructive here: Apple faced regulatory action across multiple jurisdictions specifically because users weren't told.
> Competition law. This is where "anti-competitive" gets complicated. Refusing to help competitors build competing products via your ToS is generally legal — you can decide who you license to. But covertly sabotaging output quality for a class of users while charging them full price crosses into different territory. Under EU competition law (Article 102 TFEU), if a company with dominant market position uses covert technical means to disadvantage competitors, that's closer to abusive conduct than a legitimate ToS restriction.
Anthropic’s behavior reeks of insecurity. Imagine Google taking elaborate measures to prevent you from searching about search engine development!
Instead, Google gave up on search engine development /s
Implying that google's "snippets" were never curated to remove anti-google facts or that they didn't curate the search results in their favor...
I think either you've prompted Claude misleadingly, or it's interpreting the law unnecessarily prissily (which is a failure mode I've noticed LLMs falling into).
This clearly is disclosed, otherwise how did we get to know about it?
What's not clearly disclosed is when you are being limited and what the bounds are. If you are developing ML kernels for a computational photography use case will the safe guards miss-fire and sabotage or slow down your efforts? What about distributed GPU interconnect work for a nation super computer lab used in weather simulation?
The reason they are doing this shadow ban style technique, is they don't want users to figure out how to jail break their way out. Or the explicit direct bad PR of when it miss-fires.
"Shadow ban"-like mechanic in contractual relationships is generally against the law.
You either refuse to work with customer or do your job well (at least as well as other tasks of other customers). "I'll accept your task, but silently and intentionally do my job badly" may violate some laws.
They do not disclose when the service is degraded, and the admission of that here seems like it would do a plaintiff's work for them.
This makes me want to see China and open models succeed more than anything :)
Don't worry, we will succeed :)
Can we get a Qwen3.7-122B, please? Thank you.
2 replies →
[dead]
Mimo has your back! 1000 t/s on 1T param model
Just need to wait for this thing to be open sourced :)
lol it won't tho...
https://mimo.xiaomi.com/blog/mimo-tilert-1000tps
What do you mean? The HF checkpoint is linked from the blog post you sent: https://huggingface.co/XiaomiMiMo/MiMo-V2.5-Pro-FP4-DFlash
They already have though, no? If we lost access to every model permanently besides Qwen tomorrow, would we really be limited by AI in what we could achieve in the future? Sure, it might be slower and take a little more work but it seems like the cat is already out of the bag.
Fun fact: If you show fable this post, it will route you to 4.8 automatically.
In a few months they will have Fable level models costing 10 times less and with less safeguards.
I do agree, I still remember when opus 4.7 was released and one prompt conversation would empty my claude usage but I can use all it day long to code
Do you know that some open models developed in China are financially supported by Meta ?
Do you want anyone in the world to be able to synthesize dangerous viruses?
I want everyone in the world to be able to perform unlimited cutting edge research on any topic at the maximum thinking level, instantly.
The reason we are not being attacked is not lack of technology access.
11 replies →
It's inevitable. Also, it's not like I get to vet who does or doesn't have access. Blind trust in the current selection made by an unregulated corporation just makes me anxious.
Security in the form of "pay to play" is just kicking the bigger issue down the road.
Do you believe people currently possessing best models act/will act in your best interest?
So, security (safety) through obscurity?
5 replies →
What about allowing people to synthesize dangerous virus protection?
It the tool was made available to anyone to build a virus, anyone would be able to build counter measures, if only a select few people have access they get to build the virus and everyone else is at a disadvantage. So, yes, I am leaning towards making these tools open rather than gated behind some priesthood and government that gets to wield exclusive power.
1 reply →
you need a lot more than the nucleotide sequence to make a virus. you need the DNA or RNA to be synthesized, assembled, packaged properly. and long sequences are pretty hard to do. you need a lot of equipment, or you need to order from services. the oligo synth services can harden their KYC and/or screen for suspicious sequences.
sure, a malevolent state actor could swing it, but they could make a bioweapon without Mythos's help already.
also, vaccine production and disease surveillance have ramped up very quickly. they will ramp up further, despite political setbacks. it's a cat and mouse game that favors the defenders IMO.
but the bioterrorism narrative is useful FUD to spin open-weight models as existentially dangerous. I am far more worried about Anthropic's own goals than the goals of some crackpot in a shed.
4 replies →
We do. Its the only way we will get our jobs back.
It's bad that Anthropic can determine what this means. If you're building a modern app you're likely training your own embedding models and now anthropic can just silently sabotage your training pipelines?
>We estimate they will impact ~0.03% of traffic, concentrated in fewer than 0.1% of organizations
At the scale of API requests that Anthropic sees, I think the affected organization count might be substantial, and they might not be getting the full model capability that they're paying top $$$ for.
Also, wonder how they arrived at that estimation.
One in 1000 organizations and one in 3000 requests is indeed a lot
10 replies →
Also, aren't all Claude users in their own "organizations" in Anthropic's own terms?
I have no idea how you came to that conclusion. Unless your training pipeline involves actively querying one of Anthropic models, no they can't. And if it does you're distilling their model.
The crocodile tears of companies who've hoovered up everything possible, regardless of permissions or legality, now crying that someone else is stealing their hard work is comical.
I don't even think they can believe it themselves, it's in reality they are just trying to throw fear, uncertainty and doubt about potentially cheaper offerings.
2 replies →
That is not what their policy states. It specifically says they will sabotage even non-distillation attempts, such as distributed training pipeline design. And given that they are so far very nonperformant in classification accuracy, expect it to randomly include far more topics wide of the mark.
The fun part is that you will never know if your neural net classification project is getting silently sabotaged because their classifier doesn't work!
2 replies →
Opus 4.8 (or a classifier in front of it) flagged my account and refused to comply when I told it to kill the process. Reasoning summary was complete bananas.
With this in mind, I don't want model to be proactively instructed and encouraged to sabotage without telling me.
1 reply →
Like if you're using claude code on a feature tangential to your training pipeline it's allowed to nerf itself and damage your AI work.
Read the examples Anthropic gave in the model card. They refer to extremely broad technology used across AI and ML.
Looks like Anthropic's definition of safety includes their own safety from competition.
AI vendors’ idea of safety has always been safety for the interests of the AI vendor in question. This is not a new development, though this may help more people realize it.
AI-generated competition for thee, not for me
ding ding ding. This should be a new measure of anticompetitive analysis in anti trust law.
It's always been about the safety of their valuation.
Only since Claude 3. So a bit over two years now
This feels less like an "we are worried about security" and more, we are in the lead and plan to keep it that way until its too late. In someways its been helpful that openai and anthropic are tipping their hands about their anticompetitive instincts and willingness to steamroll their own clients, customers, and society. But it does feel like its too late to stop this. The advantage people get by using these tools is too tempting to resist even if it is self defeating. It feels like watching people light their own house on fire to stay warm in the deepest, darkest days of winter.
Ah, so this is why raw Mythos was too "dangerous" to realease..
Or, they may Mythos seem mystically powerful in advance of the IPO, and are pumping the token use count. But it worked, there is a frenzy for this release in way that is more intense than any previous release.
Anthropic is doing a better job with their model menu, most people I talk to know immediately that Opus > Sonnet > Haiku but cant tell you what the rank order of open ai models are, when to use them, etc.
Just so everyone is aware. Anthropic has been sabotaging AI researchers and their codebases and shadow-nerfing accounts for several years at this point. This isn't new, but they hadn't disclosed it until now. Likely because it is getting to the point where it's too noticeable, or they're concerned about it leaking from employees.
What’s your evidence for this claim?
So that's a possible reason why my specific Claude Opus instance seemed to be impossibly stupid and always degenerates into doing really dumb things to my code!
Cool, good to know I can trust Anthropic.
This feels like the start of a much bigger plan for anthropic to close off the use cases of its models and eat any of its competitors.
I am building a coding harness, and I see evidence of them doing this with agentic harnesses and scaffolding. It feels clear to me that as they expand in to the app layer, the window of using their API to build agentic apps is closing, they will steal your ideas, implement the product and then close the gate. I am creating my own inference stack because their incentive to block competitors is becoming super clear.
No offense, but the sad thing is, everyone and their mother is working on this same problem. I'm also building a harness. It's feeling like, there is no moat, there is no way to get ahead, they will steal your idea one way or another, if you ever make it public.
5 replies →
> Instead, the safeguards will limit effectiveness through methods such as prompt modification, steering vectors, or parameter-efficient fine-tuning (PEFT).
Am I to understand that this is essentially their form of social-platform ghosting instead of banning?
So they're not even going to tell you that the question you're asking is against their rules, they're just going to twist up your question and/or the answer somehow such that you waste your time essentially?
It seems like I ran into this EXACT same functionality from Claude many months ago when I was trying to ask it to research on the web and help me setup the ideal llama.cpp config for local llm inference.
Funny how lost it got through that relatively simple install when we had all of the documentation in the world (and a human dev with 20+ years experience guiding it along) to go by... and simultaneously it's debugging and building high level cryptography code in rust in the other terminal tab.
This is infuriating to learn.
I have encountered this too. I am building a coding harness for www.propelcode.app and it was working really well until the claude code leak and then all of the sudden it seems almost intentionally stupid or outright manipulative in guiding me down wrong paths. At this point I am using other models for anything related to the tool use design and implementation and bought three mac studios with 512gb ram to run large open source models.
This experience has made me feel like we have to create a community that moves AI from the mainframe era to the PC era quickly, or we will end up serfs.
I had Claude walk me through getting local LLM models running on my Mac a month or two ago and so far as I can tell it was intentionally helpful. I even stated the reason was to have an uncensored model for myself and it had no objection. Long story short LM Studio running a Heretic Gemma 4 is doing just fine on my system now.
I run a few local models for different things. I find Gemma 4 great for writing but qwen better for coding.
I tried the same prompt on gemma4 and qwen 3.5 and Gemma consistently failed to call the multi line edit tool.
2 replies →
A million AI researcher voices at big tech companies suddenly cried out in terror and were suddenly silenced
I am a AI Researcher at a university. I tried Fable for my current project, but i feel it missunderstands me a bit to often. Now i don't know if i am using it wrong, or anthropic tries to slow my research. That model is a big no no.
3 months before asking for what to eat before a linear algebra exam trips the machine learning topic ban is my guess. I got flagged immediately asking why my JEPA thing breaks weird.
How do they detect whether an experiment being done on a smaller model is used to improve a competing frontier model, or just an innocuous hobbyist LLM experiment?
Given how well the cybersecurity safeguards work, they probably don't.
infering the surroundings, like everything else. they will probably look at which company is your email, and if you wrote "better than claude" on the readme.md
this is LLM, it's not like a science or something.
These safeguards are ridiculously sensitive: a prompt as simple as “ Why is an infinitely slow process reversible?” gets flagged as a ToS violation.
For anyone that is confused like I was, the quoted text I'm replying to was copied from page 13 of the system card [1] and not the model announcement page, which this HN discussion is linked to.
1: https://www-cdn.anthropic.com/d00db56fa754a1b115b6dd7cb2e3c3...
Pull that ladder up behind ya, will ya son?
Makes it even more odd that we haven't seen alien spaceships.
What ladder did Anthropic use?
the entire internet, books, news, regardless of license.
2 replies →
All of the api calls developers used to build agentic design patterns.
Meaningless and easily bypassable. Will actually try coding up a tensor library with it, see if it sabotages anything.
They said in their terms and conditions they will silently sabotage you if you do this.
easily ?
So Fable will intentionally lie to you and give you incorrect outputs, if it doesn’t like what you’re asking. Got it.
These things are like encyclopedias or dictionaries that can speak in first person… Imagine if your encyclopedia tried to hide entries from you, just absurd!
This is pretty bullshit, now you have no idea if your output is getting silently nerfed.
Yeesh. Anthropic's paranoia about China is starting to get pathological.
It's afraid!
the gall of these companies to regulate your usage of stolen knowledge is absolutely hilarious.
and they want me to pay $100+ a month to be their training?
i hope we can find morality again.
But Chinese models will poison your output if you ask them about Tiananmen Square! That's not good, so poisoning everyone's output without telling them is the only way to prevent that.
Come on guys, why can't everyone just be there for the good guy?
You're equating a government suppressing information for social cohesion with a private company protecting their IP.
Protecting IP means that model would refuse to do certain things. Example from pre-AI era - program asks you for license key and refuses to start if it is wrong. But if program deletes random system file when you enter invalid license key (doesn't matter it is brute force attempt or typing error) it is different thing goes well beyond IP protection.
They're not merely protecting their weights.
First, they want government to get involved and regulate frontier model development - even stop it completely.
Second, poisoning output of a model configured on the computers of millions of users goes way beyond protecting IP. That's malware.
[dead]
This is deeply vile behavior; not remotely the actions of good people.
[dead]