| ▲ | kace91 12 hours ago |
| Does Anthropic currently have cybersec people able to provide a standard assessment of the kind the community expects? This could be a corporate move as some people claim, but I wonder if the cause is simply that their talents are currently somewhere else and they don’t have the company structure in place to deliver properly in this matter. (If that is the case they are not then free of blame, it’s just a different conversation) |
|
| ▲ | CuriouslyC 12 hours ago | parent | next [-] |
| I throw Anthropic under the bus a lot for their lack of engineering acumen. If they don't have a core competency like engineering fully covered, I'd say there's a near 0% chance they have something like security covered. |
| |
| ▲ | fredoliveira 11 hours ago | parent [-] | | What makes you think they lack engineering acumen? | | |
| ▲ | CuriouslyC 11 hours ago | parent [-] | | The hot mess that is Claude Code (if you multi-orchestrate with it, it'll start to grind even very powerful systems to a halt, 15+ seconds of unresponsiveness, all because CC constantly serializes/deserializes a JSON data file that grows quite large every time you do stuff), their horrible service uptime compared to all their competitors, their month long performance degradation their users had to scream at them to get them to investigate, the fact that they had to outsource their web client and it's still bad, etc. | | |
| ▲ | saagarjha 3 hours ago | parent | next [-] | | You think Anthropic’s engineering talent for infosec is possible to determine because…you’ve used Claude Code? Am I understanding this right? | |
| ▲ | weird-eye-issue 8 hours ago | parent | prev | next [-] | | > The hot mess that is Claude Code And yet it's one of the fastest growing products of all time and is currently the state of the art for AI coding assistants. Yeah it's not perfect but nothing is | | |
| ▲ | CuriouslyC 5 hours ago | parent | next [-] | | I give the model a lot of credit for being very good at a fairly narrow slice of work (basic vibe coding/office stuff) that also happens to be extremely common. I'm harder on Claude Code because of its success and the fact that the company that makes it is worth so much. | |
| ▲ | thunderfork 7 hours ago | parent | prev [-] | | "I doubt they have good security chops because they make bad technical choices" "What bad technical choices?" "These ones" "Ok but they're fast-growing, so..." Does being a fast-growing product mean you have security chops or is this a total non-sequitur? |
| |
| ▲ | fifhtbtbf 7 hours ago | parent | prev | next [-] | | I have the opposite perception: they’re the only company in the space that seems to have a clue what responsible software engineering is. Gemini Code and Cursor both did such a poor job sandboxing their agents that the exploits sound like punchlines, while Microsoft doesn’t even try with Copilot Agentic. Countless Cursor bugs have been fixed with obviously vibe-coded fake solutions (you can see if you poke into code embedded in their binaries) which don’t address the problems on a fundamental level at all and suggest no human thinking was involved. Claude has had some vulnerabilities, but many fewer, and they’re the only company that even seemed to treat security like a serious concern, and are now publishing useful related open source projects. (Not that your specific complaint isn’t valid, that’s been a pain point for me to, but in terms of the overall picture that’s small potatoes.) I’m personally pretty meh on their models, but it’s wild to me to hear these claims about their software when all of the alternatives have been so unsafe that I’d ban them from any systems I was in charge of. | | |
| ▲ | CuriouslyC 5 hours ago | parent | next [-] | | I suggest spending some time with Codex. Claude likes to hack objectives, it's really messy and it'll run off sometimes without a clear idea of what you want or how a project works. That is all fine when you're a non-technical person vibe coding a demo, but it really kills the product when you're working on hard tasks in a large codebase. | | | |
| ▲ | saagarjha 3 hours ago | parent | prev [-] | | Every tool in this space is blatantly unsafe. The sandboxes that people have designed are quite ineffective. |
| |
| ▲ | ohyoutravel 11 hours ago | parent | prev [-] | | [flagged] | | |
| ▲ | CuriouslyC 11 hours ago | parent [-] | | You seem to have a personal emotional investment in Anthropic, what's the deal? | | |
| ▲ | ohyoutravel 11 hours ago | parent [-] | | [flagged] | | |
| ▲ | CuriouslyC 10 hours ago | parent [-] | | You're coming in so very hot, you should take a second look at your response. If you think calling out public well documented failings and things I've wasted time debugging and work around during my own use of the product is arrogance and narcissism, you've got some very warped priors. If you think I'm arrogant in general because you've been stalking my comment history, that's another matter, but at least own it. | | |
| ▲ | ohyoutravel 10 hours ago | parent [-] | | Just based on your two comments above. You should paste this convo into an LLM of your choice and I bet it would explain to you what I mean. ;) |
|
|
|
|
|
|
|
|
| ▲ | ndiddy 11 hours ago | parent | prev | next [-] |
| If they don't have cybersec people able to adequately investigate and write up whatever they're seeing, and are simply playing things by ear, it's extremely irresponsible of them to publish claims like "we detected a highly sophisticated cyber espionage operation conducted by a Chinese state-sponsored group we’ve designated GTG-1002 that represents a fundamental shift in how advanced threat actors use AI." without any evidence to back them up. |
|
| ▲ | matthewdgreen 11 hours ago | parent | prev | next [-] |
| They have an entire model trained on plenty of these reports, don’t they? |
|
| ▲ | abhis3798 9 hours ago | parent | prev | next [-] |
| I am sure they do. This is a talk they gave on using AI to tackle security problems. https://youtu.be/JRvQGRqMazA?si=euwRGML-unsm59ZU |
|
| ▲ | 2 hours ago | parent | prev [-] |
| [deleted] |
