Comment by dannyw
17 hours ago
I use my Codex and Claude Code subs on like 4-6 different servers, ranging from AWS to Vultr to Linode etc.
That’s a major and legitimate use case for developers, Anthropic can’t just block data center/hosting IPs because their actual customers use them on data center/hosting IPs.
Now consider what will happen if your pattern of queries and context history triggers a pattern that makes it obvious it's some API key being used by multiple different entirely unrelated people on totally different things, or any other pattern of use that makes it obvious it's being used for distillation.
Two parts here.
First, well-calibrated systems for detecting API compromise is a good thing (or good intent at least). Credential malware is exploding.
Second, the challenge is that significant amount of genuine work — such as evals — seems practically impossible to distinguish from generating RLAIF outputs.