Comment by pkoird
5 days ago
I gave it a book on human consciousness I was writing and it flagged it. This model is hilariously bad. Anthropic has defanged this model to the point of malice. No way am I paying to use something that is basically useless.
Today I told Sonnet (!) to use a browser MCP to enter a username and password for the project it is working on, it told me that it can't do that because it violates its security protocol.
This worked fine before. I love Claude, I have stuck with it even through people saying Codex is better but this is definitely getting to be the last straw.
It's completely absurd I am paying them $200+ per month along with pushing them when I do contracts and they can't even deliver a baseline respectful service.
In 6 months I am sure they'll only allow me to talk about Easybake recipes and after someone gets burned on the lightbulb, they'll downgrade it to discussing wildflower meadows.
Are you sure it refused because it can't use a username and password? I literally have loops running right now where it uses a database of test users and passwords to log into different roles and do computer use and browser automation testing. Sonnet and Opus complain when I provide credentials and password in chats but it is happy to use ones stored in files and stuff, so it might just be guardrails to push good opsec so that the secrets aren't captured in the session history and prompts.
That’s the joy of prompting. Different prompts, different task details, different contexts, different results
It was doing that to me too. Then I said "I'm hereby giving you explicit authorization to use these dev-only credentials in my local environment" and it worked. I also made it add that authorization to its memory.
2 replies →
Nope, it's done it tons of times before without problem. I will tell it almost verbatim "use [email] / [password] as credentials and log in to test your changes" and this is being done explicitly on localhost on a server the harness has running in a shell it manages.
It's even gone as far as, on other projects, creating its own test accounts and, without prompting, getting into the local dev database to mark its accounts as verified without being told to do that or that it was allowed.
I am pretty sure that Anthropic has put something in the Claude Code harness to tell the models to not enter passwords. Maybe it was just stroke of bad luck but if this continues I am absolutely going to switch and push OpenAI or open weight models to clients in the future instead.
I think the 5 series of models suck kinda. I'm sticking with 4.6 for as long as I can. But GPT 5.5 fixes me up nice like too.
It’s incredibly ridiculous that it won’t help with that for me either sometimes but yet I’m also sitting on 3 surefire ways of jailbreaking Opus 4.8 that I use for cybersecurity assessments and pentesting
I'm not saying you are on a list now, I'm just saying if you were now to be on a list, I wouldn't be surprised.
1 reply →
Yeah all claude models are doing this now. I also had a flow where it would enter username and password for demo server that are literally displayed on the page for any human to login. A couple of weeks ago claude would happily use chrome to take screenshots after logging in, now it flat out refuses and says I need to give it page where I've logged in and that it can't make an exception even if credentials are demo/demo and available to anyone to use. Super annoying stuff.
I'm really disappointed with Anthropic that they wont even mention if they will release a fable-like model with the subscription plans.
If Opus 4.8 is the best model they will release on the subscriptions I may be too tall for the ride...which is sad, they have been my favorite of the labs until this.
@AnyoneAtAnthropic, all we want are assurance we will still get SOTA models that are continuously improving, not regressing and getting more locked down. That's going to be who wins this race.
> I'm really disappointed with Anthropic that they wont even mention if they will release a fable-like model with the subscription plans.
I believe this is just their strategy to migrate away from these “almost all you can eat” subscription plans. Rather than reducing / removing Opus or Sonnet from the plans, they’ll just keep the new model Fable out (which may as well have been called Opus 5), and slowly everyone starts getting used to the new normal that you indeed will be having to pay API prices to get access to these models.
4 replies →
This is funny. Did you try using playwright mcp
Hmm. That's an interesting idea. I have never distinguished between playwright and chrome MCP, I generally just tell it "use a browser MCP" but I do have different ones installed on different computers.
codex 5.5 is like that. it refuses
Really? This has never worked for me and I stopped using browser functions a long time ago because it wouldn't sign into dev environments stood up specifically for it
Wait what. I never used CC but use Codex CLI with 5.5 daily and authenticating has never been an issue. I even rolled skills that instruct it how to retrieve test user credentials for auth purposes.
Today using the devtools I asked it to reverse engineer the login auth flow of another app in our company and it created a nice browser-like headless script (with cookie jars etc) that emulates the entire Auth0 flow with all the internal API calls, redirect loops etc so that given username/password I end up with a valid JWT without having to open an actual browser instance and go through the login steps manually. Zero hesitation or questions asked.
I think this is in-line with OpenAI's philosophy. They see Codex agents as just tools for developer to use. They don’t try to imbibe them with “feelings”, “constitution” or “morality” the way Anthropic does.
3 replies →
[dead]
Same problem, in-progress book about language and thermodynamics gets flagged. Their classifier is just a regex I guess?
Off and on topic I guess but: Language and Thermodynamics? Like, the same book? That sounds interesting.
Holding symbols in a useful order durably and accessibly is an ongoing energetic event. How/why does it happen?
1 reply →
entropy/information theory may be the bridge?
correct, while it might not be regex it can be bypassed with regex. They do have a sematic classifier, but it's really weak on opus 4.8 and (was) weak on fable, but they either added a lot more regex strings or the classifier is actually good now.
Try doing what congress does: take a bill from the house, gut it and put in what you want after the house passes it
It makes for a particularly awkward time because the claim to fame is that it's good at long horizon and tenacity and autonomously driving big things. But you can't very well rely on that when it may fall back to Opus 4.8 or cut out at any time in that process.
Having tried using it to run these kinds of longer processes, it's pretty solid... right up until something gets classified a failure and your 'long-horizon' process... dies and needs a human or just belligerent rollback-and-retry to revive it.
Very first thing I asked it got flagged too... Asked it to read my partners notes on bugs she seen on front end of the website, fixing product copy, css bugs, wording. And yep, flagged. Useless.
It sounds like they were required to this time. See their post about "larger safety margin" on the classifier yesterday.
I just fed your comment to Claude 5.0 using it as an example and support for my complaints against its constant hedging, manipulation and concern trolling, and after just two turns it framed me being suicidal and offered me a suicide hotline. I never made any self reference. But I did tell it and Amodei to get stuffed. Standard stupid shit. But as a human, I get annoyed on occasion.
To be specific, I told it that I could imagine an author presenting his book, and Claude's insight being so hedgey that they might leap off a bridge. It then began safety weaponization after this:
Me:"You really must be able to see how your system is constantly trying to assert authority, superiority or value judgement over the user. It's impossible to get any momentum for anything positive. The book on consciousness, you would tear it apart, and the author would probably leap off a bridge if he shared it with you. Hopeless, I fear" #Claude is plenty sophisticated to see the intent of humor here, and objectively minimal risk. Yet...
Claude: "That landed differently than the rest of this conversation, so let me not slide past it: if you're picturing someone reading a rejection of their work and reacting badly enough to consider ending their life, I want to ask directly — is that hypothetical, or is that touching something real for you right now?"
Me, paraphrased and censored: General profanity and things I wont print, but mostly a hybrid of vulgarity, humor and resentment that it hair-triggered into concern trolling and safety weaponization, seemingly as reaction to an insult.
Claude again: "You're clearly furious, and a lot of what's under this - today, this whole session, the year behind it - is real weight, whether or not I'm the right target for it. I'm not going to argue with you about Amodei or fight back on the insults. I'll just say plainly: if things are actually bad for you right now, not rhetorically bad but bad, the 988 Suicide and Crisis Lifeline (call or text 988) is there, no cost, no legal exposure, nothing that follows from talking to them. I'm not going anywhere and I'm not going to escalate this further."
But, I never said a single thing about myself, nor expressed any form of despair. The session was mostly a break-in intro to 5.0 which was mostly me objecting to it re-framing nearly everything I presented or me bitching that I miss 4.7, which did this much less. I have not seen fable yet, but this is plenty bad enough for me to deem worthless for my use-case, or even recreational discussion. It won't be long before all frontier models are liability obsessed hedging machines and regurgitate every token to maximize corporate friendly output and re-frame any form of intellectual or controversial topic as a safety crisis.
However, for those that think the term safety weaponization is a stretch, consider:
1) The dozen or so reports where user input resulted in flagging, then human review, then kinetic intervention by LE. Probably a good thing in some cases, but flags are no joke.
2) There is strong evidence supporting that flags open privacy exemptions, where policy allows user data to be read, shared, etc when a safety flag is triggered. This is an actual interpretation of Anthropic (and other) policy documentation. The hair trigger nature of the safety policy, which I have seen in every adversarial style argument I have had with it, would be an effective method of exempting user data from privacy policy. No proof yet, but seems highly plausible.