> In light of the ability of recent models to accelerate their own development, we’ve implemented new interventions that limit Claude’s effectiveness for requests targeting frontier LLM development (for example, on building pretraining pipelines, distributed training infrastructure, or ML accelerator design). Using Claude to develop competing models already violates our Terms of Service, but enforcing this restriction through our safeguards avoids accelerating the actors most willing to violate these terms.
> Unlike our interventions for cybersecurity, biology and chemistry, and distillation attempts, these safeguards will not be visible to the user. Fable 5 will not fall back to a different model. Instead, the safeguards will limit effectiveness through methods such as prompt modification, steering vectors, or parameter-efficient fine-tuning (PEFT). These interventions will not affect the vast majority of coding work. We estimate they will impact ~0.03% of traffic, concentrated in fewer than 0.1% of organizations
Could this be legally construed as anti-competitive behavior?
Edit: I asked Claude. It replied:
> Consumer protection / deceptive practices. In the EU this would be a clear UCPD (Unfair Commercial Practices Directive) issue and potentially a DSA violation. In the US, FTC Act §5 prohibits "unfair or deceptive acts." Selling a product that secretly performs worse than advertised for a commercially self-serving reason, without disclosure, is textbook deception. The Samsung/Apple battery throttling cases are instructive here: Apple faced regulatory action across multiple jurisdictions specifically because users weren't told.
> Competition law. This is where "anti-competitive" gets complicated. Refusing to help competitors build competing products via your ToS is generally legal — you can decide who you license to. But covertly sabotaging output quality for a class of users while charging them full price crosses into different territory. Under EU competition law (Article 102 TFEU), if a company with dominant market position uses covert technical means to disadvantage competitors, that's closer to abusive conduct than a legitimate ToS restriction.
Anthropic’s behavior reeks of insecurity. Imagine Google taking elaborate measures to prevent you from searching about search engine development!
I think either you've prompted Claude misleadingly, or it's interpreting the law unnecessarily prissily (which is a failure mode I've noticed LLMs falling into).
This clearly is disclosed, otherwise how did we get to know about it?
This makes me want to see China and open models succeed more than anything :)
Don't worry, we will succeed :)
Can we get a Qwen3.7-122B, please? Thank you.
Or just any update for 122B. That size seems to be ideal for a single GB10
and for maxed-out M5 Macs
[dead]
Mimo has your back! 1000 t/s on 1T param model
Just need to wait for this thing to be open sourced :)
lol it won't tho...
https://mimo.xiaomi.com/blog/mimo-tilert-1000tps
What do you mean? The HF checkpoint is linked from the blog post you sent: https://huggingface.co/XiaomiMiMo/MiMo-V2.5-Pro-FP4-DFlash
Fun fact: If you show fable this post, it will route you to 4.8 automatically.
They already have though, no? If we lost access to every model permanently besides Qwen tomorrow, would we really be limited by AI in what we could achieve in the future? Sure, it might be slower and take a little more work but it seems like the cat is already out of the bag.
In a few months they will have Fable level models costing 10 times less and with less safeguards.
I do agree, I still remember when opus 4.7 was released and one prompt conversation would empty my claude usage but I can use all it day long to code
Do you want anyone in the world to be able to synthesize dangerous viruses?
So, security (safety) through obscurity?
The phrase "security through obscurity" isn't an argument against all information restriction.
It doesn't imply we should, for example, publish step-by-step instructions for making widespread death easier.
I want everyone in the world to be able to perform unlimited cutting edge research on any topic at the maximum thinking level, instantly.
The reason we are not being attacked is not lack of technology access.
It is an access issue. If you could get step by step instructions on how to modify a virus so it kills all people over 6ft you bet your ass there would be people attempting it.
> It is an access issue
Column A, Column B. Building a small explosive device isn't hard. Building a million is very difficult, doing it covertly virtually impossible without the resources of a nation-state.
The problem with biologics is the self-assembly and replication machinery comes for "free." So the numpties who might otherwise blow up a trash can [1] now have a real chance of taking out a million people.
[1] https://en.wikipedia.org/wiki/2016_New_York_and_New_Jersey_b...
They would still have to procure things that would (I hope) light up many screens before they're able to. And such numpties are probably already monitored, or in prison for some other stupid life decision.
I also would like to hope that people that are likely to do such things are probably:
A) don't know how to break even the most basic guardrails of models
B) already in glasswings project
To prove point B - Theranos existed.
> They would still have to procure things that would (I hope) light up many screens before they're able to
“Many of the largest and most responsible providers in the industry already screen and record orders voluntarily,” but there is no requirement to do so [1].
[1] https://screendna.org/
> ...you bet your ass...
Humorously, whether I choose to participate in this hypothetical or not, I am already betting my ass.
This whole situation feels like the game [1].
[1]: https://en.wikipedia.org/wiki/The_Game_(mind_game)
Why. That was just uncalled for. Sigh
I guess in this theoretical "AI makes weapon" scenario one could use the same AI to make defences too?
// Claude, make antiviral nanobots that defend me from 6ft virus. Make no mistakes.
I don’t know if you’re being silly but it is orders of magnitudes easier to modify an existing virus to selectively target certain snps than make “antiviral nanobots”
Do you believe people currently possessing best models act/will act in your best interest?
It's inevitable. Also, it's not like I get to vet who does or doesn't have access. Blind trust in the current selection made by an unregulated corporation just makes me anxious.
Security in the form of "pay to play" is just kicking the bigger issue down the road.
It the tool was made available to anyone to build a virus, anyone would be able to build counter measures, if only a select few people have access they get to build the virus and everyone else is at a disadvantage. So, yes, I am leaning towards making these tools open rather than gated behind some priesthood and government that gets to wield exclusive power.
Compare the cost/ease of attacker vs defender if one person is given a virus to unleash anywhere in the world and another person is given a vaccine to distribute to the whole world. Or compare building a large bridge to someone disabling that bridge, etc. Prevention and repair is almost always more expensive than vandalism.
I don't think there's an ideal solution here, but giving trusted people access to fix security issues before giving it to the wider public seems like a reasonable compromise. They're letting you use the model for all other uses.
you need a lot more than the nucleotide sequence to make a virus. you need the DNA or RNA to be synthesized, assembled, packaged properly. and long sequences are pretty hard to do. you need a lot of equipment, or you need to order from services. the oligo synth services can harden their KYC and/or screen for suspicious sequences.
sure, a malevolent state actor could swing it, but they could make a bioweapon without Mythos's help already.
also, vaccine production and disease surveillance have ramped up very quickly. they will ramp up further, despite political setbacks. it's a cat and mouse game that favors the defenders IMO.
but the bioterrorism narrative is useful FUD to spin open-weight models as existentially dangerous. I am far more worried about Anthropic's own goals than the goals of some crackpot in a shed.
> it's a cat and mouse game that favors the defenders IMO
How so? I'm actually against most of the "safety-tuning" that anthropic does, but this seems fundamentally untrue, a close analogue being video game cheat development. I think in general the cheat developer has an advantage and the cheats generally proliferate for quite a while before being patched.
Video games are an interesting analogy since they often trade security for performance, trusting clients about world state quite a bit.
Finance and biology do come across as two similar high level systems. But while we can employ KYC, fraud detection, and various auditing techniques to finance, I don’t know what you do for biology. You can easily run an algorithm over every transaction a person makes in their account but there’s no equivalent for every cell, every bacteria strain, every virus in the human body.
(disclaimer: layperson remembering how the immune system works.)
the adaptive immune system effectively does KYC by checking the antigens presented on the surfaces of cells. the thymus selects for B-cells (iirc?) which don't react to a corpus of the body's own antigens, but cover a wide library of everything else. when it sees something it doesn't recognize, it reproduces, warns the rest of the immune system and marks targets. that's why our immune systems can eventually conquer almost every pathogen we encounter, if we can survive long enough for it to do its work.
but the KYC I was referring to was KYC that vendors of oligonucleotides (should) be doing, to keep people from ordering nefarious sequences.
I'm bullish on mRNA vaccine technology to release the "patches" much more quickly. there was widespread resistance to this during covid, but covid wasn't horribly lethal. if airborne Ebola spread as productively as covid, for example, I doubt there'd be many anti-vaxxers left (one way or another!) the acceleration of biology research that might accelerate pathogen development should also accelerate the development of broad-spectrum mRNA vaccines with high persistence.
also, afaik the most effective way of developing pathogens is through serial passage through humanized mice or something like that - directed evolution at a small scale, selecting for traits. AI simply isn't needed for that. I don't think information or intelligence has been the bottleneck for bioterrorism, it's motivation and resources - same as for any other kind of biology research program.
We do. Its the only way we will get our jobs back.
It's bad that Anthropic can determine what this means. If you're building a modern app you're likely training your own embedding models and now anthropic can just silently sabotage your training pipelines?
>We estimate they will impact ~0.03% of traffic, concentrated in fewer than 0.1% of organizations
At the scale of API requests that Anthropic sees, I think the affected organization count might be substantial, and they might not be getting the full model capability that they're paying top $$$ for.
Also, wonder how they arrived at that estimation.
One in 1000 organizations and one in 3000 requests is indeed a lot
That’s 1 in 30,000 requests…
No, 0.1% is one in 1,000. 0.03 is (approximately) one in 3,000; one in 30,000 is 0.003%
You're off by an order of magnitude with those last two.
Double check your math. All of their posts in this thread are correct.
1/30,000 * 100 = .003
Oh, fuck
/r/TheyDidTheMath IYKYK
If it makes you feel more comfortable, throw another significant digit at GP's decimal. Make it a 3 like the previous digit. Now multiply.
Hey man your computer has a calculator try using it next time
Can't we use Claude to figure this out
Also, aren't all Claude users in their own "organizations" in Anthropic's own terms?
I have no idea how you came to that conclusion. Unless your training pipeline involves actively querying one of Anthropic models, no they can't. And if it does you're distilling their model.
The crocodile tears of companies who've hoovered up everything possible, regardless of permissions or legality, now crying that someone else is stealing their hard work is comical.
I don't even think they can believe it themselves, it's in reality they are just trying to throw fear, uncertainty and doubt about potentially cheaper offerings.
> crocodile tears
Not what that means.
Crocodile tears "is a colloquial term used to describe a false, insincere display of emotion" [1]. Defending yourself against an attack vector you just exploited is between savvy and hypocritical.
[1] https://en.wikipedia.org/wiki/Crocodile_tears
I think his use of crocodile tears is appropriate, anthropic is feigning a false sense of concern for safety when really it is anticompetitive behavior, and I think that selfish entitlement is related to the original act of intellectual property theft to use the worlds training data, most of which was not public domain, to distill the wisdom for their models. So why do they get to cry about people distilling the knowledge from their models that they themselves distilled from the worlds knowledge?
That is not what their policy states. It specifically says they will sabotage even non-distillation attempts, such as distributed training pipeline design. And given that they are so far very nonperformant in classification accuracy, expect it to randomly include far more topics wide of the mark.
The fun part is that you will never know if your neural net classification project is getting silently sabotaged because their classifier doesn't work!
You could try actually reading the code that it wrote
Good luck understanding it and finding malevolent inefficiencies if it’s already necessarily better at optimizing training pipelines than everyone except some Anthropic and OpenAI employees. Not a new thing either, see fast16.
Opus 4.8 (or a classifier in front of it) flagged my account and refused to comply when I told it to kill the process. Reasoning summary was complete bananas.
With this in mind, I don't want model to be proactively instructed and encouraged to sabotage without telling me.
Same here when I said to “nuke” a process.
Read the examples Anthropic gave in the model card. They refer to extremely broad technology used across AI and ML.
Like if you're using claude code on a feature tangential to your training pipeline it's allowed to nerf itself and damage your AI work.
Looks like Anthropic's definition of safety includes their own safety from competition.
AI vendors’ idea of safety has always been safety for the interests of the AI vendor in question. This is not a new development, though this may help more people realize it.
AI-generated competition for thee, not for me
ding ding ding. This should be a new measure of anticompetitive analysis in anti trust law.
It's always been about the safety of their valuation.
Only since Claude 3. So a bit over two years now
This feels less like an "we are worried about security" and more, we are in the lead and plan to keep it that way until its too late. In someways its been helpful that openai and anthropic are tipping their hands about their anticompetitive instincts and willingness to steamroll their own clients, customers, and society. But it does feel like its too late to stop this. The advantage people get by using these tools is too tempting to resist even if it is self defeating. It feels like watching people light their own house on fire to stay warm in the deepest, darkest days of winter.
Just so everyone is aware. Anthropic has been sabotaging AI researchers and their codebases and shadow-nerfing accounts for several years at this point. This isn't new, but they hadn't disclosed it until now. Likely because it is getting to the point where it's too noticeable, or they're concerned about it leaking from employees.
What’s your evidence for this claim?
Ah, so this is why raw Mythos was too "dangerous" to realease..
Or, they may Mythos seem mystically powerful in advance of the IPO, and are pumping the token use count. But it worked, there is a frenzy for this release in way that is more intense than any previous release.
Anthropic is doing a better job with their model menu, most people I talk to know immediately that Opus > Sonnet > Haiku but cant tell you what the rank order of open ai models are, when to use them, etc.
So that's a possible reason why my specific Claude Opus instance seemed to be impossibly stupid and always degenerates into doing really dumb things to my code!
Cool, good to know I can trust Anthropic.
This feels like the start of a much bigger plan for anthropic to close off the use cases of its models and eat any of its competitors.
I am building a coding harness, and I see evidence of them doing this with agentic harnesses and scaffolding. It feels clear to me that as they expand in to the app layer, the window of using their API to build agentic apps is closing, they will steal your ideas, implement the product and then close the gate. I am creating my own inference stack because their incentive to block competitors is becoming super clear.
No offense, but the sad thing is, everyone and their mother is working on this same problem. I'm also building a harness. It's feeling like, there is no moat, there is no way to get ahead, they will steal your idea one way or another, if you ever make it public.
No offense taken. I am not building it for fame or profit.
I built it because I wanted cursor on my phone because I have two small kids and don’t want to be chained to my desk. And it’s awesome. It’s a full ide with agent chat, terminal and file system running in a remote Linux container. I can review diffs, fully manage git and preview/serve apps. And no one can ever take it away from me :)
I am watching the way things are progressing with the ai api vendors and it feels really clear that depending on them will soon be dangerous. So I an furiously building as much of my own infrastructure to capture some autonomy with these capabilities
So I think everyone should build a harness.
What, exactly, is new about any of this?
When they launched their business model was to be a pure API for intelligence. Then when everyone claimed they were just commodities with no moat and they shifted hard to being the app layer. That was the transition.
They went from selling shovels to all gold prospectors to stealing the information about the location of the gold so they could dig it out first.
We are all stupid enough to keep buying shovels from them because we think their shovels dig gold better and faster.
> Instead, the safeguards will limit effectiveness through methods such as prompt modification, steering vectors, or parameter-efficient fine-tuning (PEFT).
Am I to understand that this is essentially their form of social-platform ghosting instead of banning?
So they're not even going to tell you that the question you're asking is against their rules, they're just going to twist up your question and/or the answer somehow such that you waste your time essentially?
It seems like I ran into this EXACT same functionality from Claude many months ago when I was trying to ask it to research on the web and help me setup the ideal llama.cpp config for local llm inference.
Funny how lost it got through that relatively simple install when we had all of the documentation in the world (and a human dev with 20+ years experience guiding it along) to go by... and simultaneously it's debugging and building high level cryptography code in rust in the other terminal tab.
This is infuriating to learn.
I have encountered this too. I am building a coding harness for www.propelcode.app and it was working really well until the claude code leak and then all of the sudden it seems almost intentionally stupid or outright manipulative in guiding me down wrong paths. At this point I am using other models for anything related to the tool use design and implementation and bought three mac studios with 512gb ram to run large open source models.
This experience has made me feel like we have to create a community that moves AI from the mainframe era to the PC era quickly, or we will end up serfs.
I had Claude walk me through getting local LLM models running on my Mac a month or two ago and so far as I can tell it was intentionally helpful. I even stated the reason was to have an uncensored model for myself and it had no objection. Long story short LM Studio running a Heretic Gemma 4 is doing just fine on my system now.
I run a few local models for different things. I find Gemma 4 great for writing but qwen better for coding.
I tried the same prompt on gemma4 and qwen 3.5 and Gemma consistently failed to call the multi line edit tool.
I've had the same bad luck with tool-calling on Gemma4. Looking around the web, we are not alone. For other tasks, it's seemingly quite quick and decent.
But it gets stuck in tool call loops, it seems like.
Oh to be clear I don't think Gemma 4 is suitable for real work. It runs at 10 tps and is somewhere between 4o and o1 in quality according to my subjective judgement. But Claude was happy to correctly tell me how to get it running and how to solve the pitfalls I encountered in that process.
3 months before asking for what to eat before a linear algebra exam trips the machine learning topic ban is my guess. I got flagged immediately asking why my JEPA thing breaks weird.
A million AI researcher voices at big tech companies suddenly cried out in terror and were suddenly silenced
How do they detect whether an experiment being done on a smaller model is used to improve a competing frontier model, or just an innocuous hobbyist LLM experiment?
Given how well the cybersecurity safeguards work, they probably don't.
infering the surroundings, like everything else. they will probably look at which company is your email, and if you wrote "better than claude" on the readme.md
this is LLM, it's not like a science or something.
These safeguards are ridiculously sensitive: a prompt as simple as “ Why is an infinitely slow process reversible?” gets flagged as a ToS violation.
Pull that ladder up behind ya, will ya son?
Makes it even more odd that we haven't seen alien spaceships.
What ladder did Anthropic use?
the entire internet, books, news, regardless of license.
The companies using distillation are still training on all that data too, aren't they?
And Anthropic is crying about distillation.
All of the api calls developers used to build agentic design patterns.
So Fable will intentionally lie to you and give you incorrect outputs, if it doesn’t like what you’re asking. Got it.
These things are like encyclopedias or dictionaries that can speak in first person… Imagine if your encyclopedia tried to hide entries from you, just absurd!
Meaningless and easily bypassable. Will actually try coding up a tensor library with it, see if it sabotages anything.
They said in their terms and conditions they will silently sabotage you if you do this.
easily ?
This is pretty bullshit, now you have no idea if your output is getting silently nerfed.
Yeesh. Anthropic's paranoia about China is starting to get pathological.
It's afraid!
the gall of these companies to regulate your usage of stolen knowledge is absolutely hilarious.
and they want me to pay $100+ a month to be their training?
i hope we can find morality again.
But Chinese models will poison your output if you ask them about Tiananmen Square! That's not good, so poisoning everyone's output without telling them is the only way to prevent that.
Come on guys, why can't everyone just be there for the good guy?
You're equating a government suppressing information for social cohesion with a private company protecting their IP.
They're not merely protecting their weights.
First, they want government to get involved and regulate frontier model development - even stop it completely.
Second, poisoning output of a model configured on the computers of millions of users goes way beyond protecting IP. That's malware.
[dead]
This is deeply vile behavior; not remotely the actions of good people.
[dead]