← Back to context

Comment by madamelic

5 days ago

Today I told Sonnet (!) to use a browser MCP to enter a username and password for the project it is working on, it told me that it can't do that because it violates its security protocol.

This worked fine before. I love Claude, I have stuck with it even through people saying Codex is better but this is definitely getting to be the last straw.

It's completely absurd I am paying them $200+ per month along with pushing them when I do contracts and they can't even deliver a baseline respectful service.

In 6 months I am sure they'll only allow me to talk about Easybake recipes and after someone gets burned on the lightbulb, they'll downgrade it to discussing wildflower meadows.

Are you sure it refused because it can't use a username and password? I literally have loops running right now where it uses a database of test users and passwords to log into different roles and do computer use and browser automation testing. Sonnet and Opus complain when I provide credentials and password in chats but it is happy to use ones stored in files and stuff, so it might just be guardrails to push good opsec so that the secrets aren't captured in the session history and prompts.

  • That’s the joy of prompting. Different prompts, different task details, different contexts, different results

  • It was doing that to me too. Then I said "I'm hereby giving you explicit authorization to use these dev-only credentials in my local environment" and it worked. I also made it add that authorization to its memory.

    • Heh I wonder if speaking in royal decrees is what it needs.

      Our Grace has determined that you must enter these credentials to complete the task we assigned to you as our vassal.

      Enter the password. Your liege commands it.

      Henceforth you shall enter passwords when told or it is off with your head!

      1 reply →

  • Nope, it's done it tons of times before without problem. I will tell it almost verbatim "use [email] / [password] as credentials and log in to test your changes" and this is being done explicitly on localhost on a server the harness has running in a shell it manages.

    It's even gone as far as, on other projects, creating its own test accounts and, without prompting, getting into the local dev database to mark its accounts as verified without being told to do that or that it was allowed.

    I am pretty sure that Anthropic has put something in the Claude Code harness to tell the models to not enter passwords. Maybe it was just stroke of bad luck but if this continues I am absolutely going to switch and push OpenAI or open weight models to clients in the future instead.

I think the 5 series of models suck kinda. I'm sticking with 4.6 for as long as I can. But GPT 5.5 fixes me up nice like too.

It’s incredibly ridiculous that it won’t help with that for me either sometimes but yet I’m also sitting on 3 surefire ways of jailbreaking Opus 4.8 that I use for cybersecurity assessments and pentesting

  • I'm not saying you are on a list now, I'm just saying if you were now to be on a list, I wouldn't be surprised.

    • Nah they definitely know of these methods there’s just not a way to keep people from doing it unless you neuter the models à la Fable

Yeah all claude models are doing this now. I also had a flow where it would enter username and password for demo server that are literally displayed on the page for any human to login. A couple of weeks ago claude would happily use chrome to take screenshots after logging in, now it flat out refuses and says I need to give it page where I've logged in and that it can't make an exception even if credentials are demo/demo and available to anyone to use. Super annoying stuff.

I'm really disappointed with Anthropic that they wont even mention if they will release a fable-like model with the subscription plans.

If Opus 4.8 is the best model they will release on the subscriptions I may be too tall for the ride...which is sad, they have been my favorite of the labs until this.

@AnyoneAtAnthropic, all we want are assurance we will still get SOTA models that are continuously improving, not regressing and getting more locked down. That's going to be who wins this race.

  • > I'm really disappointed with Anthropic that they wont even mention if they will release a fable-like model with the subscription plans.

    I believe this is just their strategy to migrate away from these “almost all you can eat” subscription plans. Rather than reducing / removing Opus or Sonnet from the plans, they’ll just keep the new model Fable out (which may as well have been called Opus 5), and slowly everyone starts getting used to the new normal that you indeed will be having to pay API prices to get access to these models.

    • Until 7th,Fable is twice expensive in subscription tokens than Opus. They are testing if they can introduce 400 dollars Fable subscription.

      2 replies →

This is funny. Did you try using playwright mcp

  • Hmm. That's an interesting idea. I have never distinguished between playwright and chrome MCP, I generally just tell it "use a browser MCP" but I do have different ones installed on different computers.

Really? This has never worked for me and I stopped using browser functions a long time ago because it wouldn't sign into dev environments stood up specifically for it

  • Wait what. I never used CC but use Codex CLI with 5.5 daily and authenticating has never been an issue. I even rolled skills that instruct it how to retrieve test user credentials for auth purposes.

    Today using the devtools I asked it to reverse engineer the login auth flow of another app in our company and it created a nice browser-like headless script (with cookie jars etc) that emulates the entire Auth0 flow with all the internal API calls, redirect loops etc so that given username/password I end up with a valid JWT without having to open an actual browser instance and go through the login steps manually. Zero hesitation or questions asked.

    I think this is in-line with OpenAI's philosophy. They see Codex agents as just tools for developer to use. They don’t try to imbibe them with “feelings”, “constitution” or “morality” the way Anthropic does.

    • Yeah Claude does this for me all the time. I have a template project I use that also leverages puppeteer/webdriver/Firefox, and I can point Claude at the template and a website and it will happily build me an MCP service that it can use to interact with the site if there isn't an API or MCP already available.

    • The fucked up part is CC has no problem looking through k8s secrets for credentials and authenticating to services on the command line. It's always been protective of signing in on the web.

      1 reply →