You kind of just proved my point. Sorry I should not have been joking but i don’t think you have a grasp what’s going on around you.
This is how IT acts in my enterprise orgs. There is absolutely a need for compliance and governance but unfortunately the people in these roles are typically not technically minded and have low incentives to innovate so you get these folks only really arguing for their jobs.
Do you think the MSFT sales person, or anyone who has the financial incentive to innovate, doesn't want you to innovate? They want you on Azure and O365 regardless, they don't care.
Hell, Microsoft will give you will give you 150k [0] of credits to do so.
But keep talking as if you have some magical, unique, special insight that escapes contracts and the law, compared to the people who, sadly, have to deal with reality.
What is your deal about contract law? It’s not some mystical thing. You can get red lines with Anthropic, you can get a DPA with Anthropic. You keep going on and on about governance and contract law on a thread about how Claude Code is pretty useful for nontechnical people.
Risk is always nonzero but you can already today get pretty comfortable with most of these orgs with some customization in the contracts.
Does Anthropic's DPA provide indemnity to code thats produced from the product and any damages associated with security vulnerabilities within that code?
We are talking about vibe coded applications by executives and the risks that are associated with that, nothing within a DPA covers that. Please, be my guest, link an Anthropic DPA which includes indemnity for damages associated with the code produced.
Again, you keep showing your lacking of understanding of the domain in some really fundamental ways which shows that you haven't negotiated B2B contracts nor have you held a position of responsibility where you hold liability.
But keep responding because this feels more like therapy for you, and your feelings about people like me, rather than the realities of the exposure that come from vibe coded applications for executives.
I concede that I started the thread with a joke but wow you really are upset. Let’s take a step back. Apologies again for that joke it just the entire discussion reads like non-technical non-legal advice you get from the typical corporate IT.
Each entity and group have to consider the risks. I don’t think anything you’re trying to point at though is really useful for the discussion at hand. There is absolutely a use case for Claude code/cowork/codex and related tools to be used by non-technical folks. There is also a lot of figuring out in each of these groups. Unfortunately IT in most orgs in what I have seen have ignored the art of what’s possible for the last 3 years and now that we have hit this inflection point are scrambling to catch up but sadly the incentives are usually not aligned so they are really only incentivized to not take any risks.
If I am wasting your time then stop replying with links to the rules. Like I keep saying you guys are pointing out specific legal questions that only a business can answer and are not constructive to the main thread. Lots of leaps to conclusions and finger pointing which anecdotally aligns with what I have seen in corporate IT.
There is a fundamental difference between non-technical users from using Claude, or any other LLM, for whatever reason and whatever they produce being produced into production.
There are significant reasons why an organization would not want to use Cowork, because it does not fall under Anthropic's ZDR [0], which is a huge issue for... anyone dealing with anything sensitive.
What I think this comes down to is that you value velocity regardless of whatever the costs. We will get to see how that solves itself, there are going to be a lot of billable hours that are going to figure that out.
But none of this means that you have any idea what you are talking about nor do you understand why individuals or organizations act the way that they do.
Again you’re raising a bunch of issues that don’t matter in this thread and can only be answered by the specific business groups that are trying to utilize tools like Claude code. They are mostly worthy questions but you are attacking them very specifically and honestly I don’t think relevant to the discussion where someone talked about show the art of possible to people.
I am sorry you feel this way, it does not change the facts of whats being discussed, its just that you disagree and you lacked the initial courage or intellectual capabilities to express that constructively, so you had to obfuscate through providing nothing of value to the discussion via low value comments. I get that YOU don't think something, but just because YOU feel something doesn't make it valid, grounded in reason, or should be listened too.
Others pointed it out better but you jumped to a conclusion in 30 seconds pointing out pointed legal and risk asks that don’t apply to the thread. Just look at the other threads of conversation where you go massively downvoted. You can capitalize YOU all you want but my point still stands. Yall are jumping to oddly specific conclusions that don’t matter in this thread. There is an absolutely interesting discussion around risk to be had but you attacking someone’s 30second paragraph about their anecdote does not open the door.
I get that you lack the intellectual capability and capacity to make the point yourself, which is why you refer to others without linking, to make the point on your own, its ok. I also understand that your own internal bias and lack of actual ownership/responsibility/liability, which might be tied to the intellectual deficiencies noted up top, to understand the danger of executives/leaders shipping applications given their access to information.
But you are totally free to build a company where there is no oppressive corporate IT, where there is always an incentive to innovate and grow, you can build that future.
The reason why that will not happen might be contained within the first ten words of the first sentence of my first paragraph, but you can prove me wrong. Let me be your motivation! Your dream should be your reality!
I know. I don't expect them to come up with anything, but its fun to see how far they will backtrack/change the goalposts and how much they will tie themselves into knots to try and justify their lack of integrity.
> You can get red lines with Anthropic, you can get a DPA with Anthropic.
IMHO,
1. Dismissing attorney client privilege is reckless
2. and the vast majority of users aren't aware of what "customization in the contracts" is needed to enable autonomous agents or if it's already contractually allowed.
This is still a fair question:
> Do you, and those executives, own the risks associated with that practice? Are those risks actually indemnified?
I think you guys are hitting on very specific issues that would only be constructive in the context of the business group using these tools. There is a discussion but I don’t really see the point in this thread. I see some folks from more of an IT background pointing fingers instead of the discussion at hand. Absolutely groups need to work with their legal representation to figure out an acceptable level of risk. Everything has non-zero risk. But again none of these specific points really hit on anything for this thread.
What does this even mean?
Just going on and on about compliance when you have no idea about the details. It’s a classic example of how IT fails most large orgs.
Compliance isn't required due to a vendor.
Compliance is due to the legal obligations thanks to local regulations and obligations that are defined through contracts with 3rd parties.
Saying 'found the Microsoft person' expresses a lack of understanding of the domain.
You kind of just proved my point. Sorry I should not have been joking but i don’t think you have a grasp what’s going on around you.
This is how IT acts in my enterprise orgs. There is absolutely a need for compliance and governance but unfortunately the people in these roles are typically not technically minded and have low incentives to innovate so you get these folks only really arguing for their jobs.
Cool story bro.
Do you think the MSFT sales person, or anyone who has the financial incentive to innovate, doesn't want you to innovate? They want you on Azure and O365 regardless, they don't care.
Hell, Microsoft will give you will give you 150k [0] of credits to do so.
But keep talking as if you have some magical, unique, special insight that escapes contracts and the law, compared to the people who, sadly, have to deal with reality.
[0] https://www.microsoft.com/en-us/startups
What is your deal about contract law? It’s not some mystical thing. You can get red lines with Anthropic, you can get a DPA with Anthropic. You keep going on and on about governance and contract law on a thread about how Claude Code is pretty useful for nontechnical people.
Risk is always nonzero but you can already today get pretty comfortable with most of these orgs with some customization in the contracts.
Does Anthropic's DPA provide indemnity to code thats produced from the product and any damages associated with security vulnerabilities within that code?
We are talking about vibe coded applications by executives and the risks that are associated with that, nothing within a DPA covers that. Please, be my guest, link an Anthropic DPA which includes indemnity for damages associated with the code produced.
Again, you keep showing your lacking of understanding of the domain in some really fundamental ways which shows that you haven't negotiated B2B contracts nor have you held a position of responsibility where you hold liability.
But keep responding because this feels more like therapy for you, and your feelings about people like me, rather than the realities of the exposure that come from vibe coded applications for executives.
I concede that I started the thread with a joke but wow you really are upset. Let’s take a step back. Apologies again for that joke it just the entire discussion reads like non-technical non-legal advice you get from the typical corporate IT.
Each entity and group have to consider the risks. I don’t think anything you’re trying to point at though is really useful for the discussion at hand. There is absolutely a use case for Claude code/cowork/codex and related tools to be used by non-technical folks. There is also a lot of figuring out in each of these groups. Unfortunately IT in most orgs in what I have seen have ignored the art of what’s possible for the last 3 years and now that we have hit this inflection point are scrambling to catch up but sadly the incentives are usually not aligned so they are really only incentivized to not take any risks.
> I concede that I started the thread with a joke but wow you really are upset.
You went further than "a joke."
You continued making aggressive, non-substantive remarks that were out of line.[0]
#1 > you have no idea about the details.
#2 > i don’t think you have a grasp what’s going on around you.
#3 > What is your deal about contract law? It’s not some mystical thing.
You wasted everyone's time.
[0] https://news.ycombinator.com/newsguidelines.html
If I am wasting your time then stop replying with links to the rules. Like I keep saying you guys are pointing out specific legal questions that only a business can answer and are not constructive to the main thread. Lots of leaps to conclusions and finger pointing which anecdotally aligns with what I have seen in corporate IT.
There is a fundamental difference between non-technical users from using Claude, or any other LLM, for whatever reason and whatever they produce being produced into production.
There are significant reasons why an organization would not want to use Cowork, because it does not fall under Anthropic's ZDR [0], which is a huge issue for... anyone dealing with anything sensitive.
What I think this comes down to is that you value velocity regardless of whatever the costs. We will get to see how that solves itself, there are going to be a lot of billable hours that are going to figure that out.
But none of this means that you have any idea what you are talking about nor do you understand why individuals or organizations act the way that they do.
You are free to do it better. Please do.
[0] https://code.claude.com/docs/en/zero-data-retention#what-zdr...
Again you’re raising a bunch of issues that don’t matter in this thread and can only be answered by the specific business groups that are trying to utilize tools like Claude code. They are mostly worthy questions but you are attacking them very specifically and honestly I don’t think relevant to the discussion where someone talked about show the art of possible to people.
So we have moved the goalposts to this point.
I am sorry you feel this way, it does not change the facts of whats being discussed, its just that you disagree and you lacked the initial courage or intellectual capabilities to express that constructively, so you had to obfuscate through providing nothing of value to the discussion via low value comments. I get that YOU don't think something, but just because YOU feel something doesn't make it valid, grounded in reason, or should be listened too.
Have a great rest of your day and weekend!
Others pointed it out better but you jumped to a conclusion in 30 seconds pointing out pointed legal and risk asks that don’t apply to the thread. Just look at the other threads of conversation where you go massively downvoted. You can capitalize YOU all you want but my point still stands. Yall are jumping to oddly specific conclusions that don’t matter in this thread. There is an absolutely interesting discussion around risk to be had but you attacking someone’s 30second paragraph about their anecdote does not open the door.
I get that you lack the intellectual capability and capacity to make the point yourself, which is why you refer to others without linking, to make the point on your own, its ok. I also understand that your own internal bias and lack of actual ownership/responsibility/liability, which might be tied to the intellectual deficiencies noted up top, to understand the danger of executives/leaders shipping applications given their access to information.
But you are totally free to build a company where there is no oppressive corporate IT, where there is always an incentive to innovate and grow, you can build that future.
The reason why that will not happen might be contained within the first ten words of the first sentence of my first paragraph, but you can prove me wrong. Let me be your motivation! Your dream should be your reality!
This guy's acting in bad faith. Sorry you got swept into this.
I know. I don't expect them to come up with anything, but its fun to see how far they will backtrack/change the goalposts and how much they will tie themselves into knots to try and justify their lack of integrity.
Says the “Cool story bro” guy.
My point has been consistent. You jumped to specific conclusions from a 30second post that adds little to the parent discussion.
> You can get red lines with Anthropic, you can get a DPA with Anthropic.
IMHO,
1. Dismissing attorney client privilege is reckless
2. and the vast majority of users aren't aware of what "customization in the contracts" is needed to enable autonomous agents or if it's already contractually allowed.
This is still a fair question:
> Do you, and those executives, own the risks associated with that practice? Are those risks actually indemnified?
I think you guys are hitting on very specific issues that would only be constructive in the context of the business group using these tools. There is a discussion but I don’t really see the point in this thread. I see some folks from more of an IT background pointing fingers instead of the discussion at hand. Absolutely groups need to work with their legal representation to figure out an acceptable level of risk. Everything has non-zero risk. But again none of these specific points really hit on anything for this thread.