| ▲ | cortesoft 7 hours ago |
| I am really confused as to what happened here. The use of ‘disabled organization’ to refer to the author made it extra confusing. I think I kind of have an idea what the author was doing, but not really. |
|
| ▲ | Aurornis 6 hours ago | parent | next [-] |
| Years ago I was involved in a service where we some times had to disable accounts for abusive behavior. I'm talking about obvious abusive behavior, akin to griefing other users. Every once in while someone would take it personally and go on a social media rampage. The one thing I learned from being on the other side of this is that if someone seems like an unreliable narrator, they probably are. They know the company can't or won't reveal the true reason they were banned, so they're virtually free to tell any story they want. There are so many things about this article that don't make sense: > I'm glad this happened with this particular non-disabled-organization. Because if this by chance had happened with the other non-disabled-organization that also provides such tools... then I would be out of e-mail, photos, documents, and phone OS. I can't even understand what they're trying to communicate. I guess they're referring to Google? There is, without a doubt, more to this story than is being relayed. |
| |
| ▲ | fluoridation 6 hours ago | parent | next [-] | | "I'm glad this happened with Anthropic instead of Google, which provides Gemini, email, etc. or I would have been locked out of the actually important non-AI services as well." Non-disabled organization = the first party provider Disabled organization = me I don't know why they're using these weird euphemisms or ironic monikers, but that's what they mean. | | |
| ▲ | gruez 3 hours ago | parent | next [-] | | No, "another non-disabled organization" sounds like they used the account of someone else, or sockpuppet to craft the response. He was using "organization" to refer to himself earlier in the post, so it doesn't make sense to use that to refer to another model provider. | | |
| ▲ | fluoridation 3 hours ago | parent [-] | | No, I don't think so. I think my interpretation is correct. > a textbox where I tried to convince some Claude C in the multi-trillion-quadrillion dollar non-disabled organization > So I wrote to their support, this time I wrote the text with the help of an LLM from another non-disabled organization. > My guess is that this likely tripped the "Prompt Injection" heuristics that the non-disabled organization has. A "non-disabled organization" is just a big company. Again, I don't understand the why, but I can't see any other way to interpret the term and end up with a coherent idea. |
| |
| ▲ | mattnewton 3 hours ago | parent | prev | next [-] | | Because they bought a claude subscription on a personal account and the error message said that they belongs to a "disabled organization" (probably leaking some implementation details). | | |
| ▲ | fluoridation 3 hours ago | parent [-] | | That's the part I understand. It's the other term that I don't understand. | | |
| ▲ | mattnewton 2 hours ago | parent [-] | | Then I’m confused about what is confusing you haha. The absurd language is meant to highlight the absurdity they feel over the vague terms in their sparse communication with anthropic. It worked for me. | | |
| ▲ | fluoridation 2 hours ago | parent [-] | | Because what is meant by "this organization has been disabled" is fairly obvious. The object in Anthropic's systems belonging to the class Organization has changed to the state Disabled, so the call cannot be executed. Anthropic itself is not an organization in this sense, nor is Google, so I would say that referring to them as "non-disabled organizations" is an equivocation fallacy. Besides that, I can't tell if it's a joke, if it's some kind of statement, or what is being communicated. To me it's just obtuseness for the sake of itself. | | |
| ▲ | mattnewton 44 minutes ago | parent | next [-] | | It’s a joke because they do not see themselves as an organization, they bought a personal account, were banned without explanation and their only communication refers to them as a “disabled organization”. Anthropic and Google are organizations, and so an “un disabled organization” here is using that absurdly vague language as a way to highlight how bad their error message was. It’s obtuseness to show how obtuse the error message was to them. | |
| ▲ | nofriend an hour ago | parent | prev [-] | | >To me it's just obtuseness for the sake of itself. ironic, isn't it? |
|
|
|
| |
| ▲ | quietsegfault 2 hours ago | parent | prev [-] | | He used “organization” because that’s what Anthropic called him, despite the fact he is a person and not an “organization”. | | |
| ▲ | fluoridation 2 hours ago | parent [-] | | No, Anthropic didn't call him an organization. Anthropic's API returned the error "this organization has been disabled". What in that sentence implies that "this" is any human? >Because what is meant by "this organization has been disabled" is fairly obvious. The object in Anthropic's systems belonging to the class Organization has changed to the state Disabled, so the call cannot be executed. |
|
| |
| ▲ | epolanski 3 hours ago | parent | prev | next [-] | | Tangential but you reminded me of why I don't give feedback to people I interview. It's a huge risk and you have very low benefit. It once happened to me to interview a developer who's had a 20-something long list of "skills" and technologies he worked with. I tried basic questions on different topics but the candidate would kinda default to "haven't touched it in a while", "we didn't use that feature". Tried general software design questions, asking about problems he solved, his preferences on the way of working, consistently felt like he didn't have much to argue, if he did at all. Long story short, I sent a feedback email the day later saying that we had issues evaluating him properly, suggested to trim his CV with topics he liked more to talk about instead of risking being asked about stuff he no longer remembered much. And finally I suggested to always come prepared with insights of software or human problems he solved as they can tell a lot about how he works because it's a very common question in pretty much all interview processes. God forbid, he threw the biggest tantrum on a career subreddit and linkedin, cherrypicking some of my sentences and accusing my company and me to be looking for the impossible candidate, that we were looking for a team and not a developer, and yada yada yada. And you know the internet how quickly it bandwagons for (fake) stories of injustice and bad companies. It then became obvious to me why corporate lingo uses corporate lingo and rarely gives real feedback. Even though I had nothing but good experience with 99 other candidates who appreciated getting proper feedback, one made sure I will never expose myself to something like that ever again. | | |
| ▲ | netsharc 43 minutes ago | parent | next [-] | | I wonder if there needs to be an "NDA for feedback"... or at least a "non-disparagement agreement". Something along the lines of "here's the contract, we give you feedback, you don't make it public [is some sharing ok? e.g. if they want to ask their life coach or similar], if you make it public the penalty is $10000 [no need to be crazy punitive], and if you make it public you agree we can release our notes about you in response." (Looking forward to the NALs responding why this is terrible.) | |
| ▲ | lysace 3 hours ago | parent | prev [-] | | Had a similar experience, like 20 years ago. This somehow made me remember his name - so I just checked out what he's been up to professionally. It seems quite boring, "basic" and expected. He certainly didn't reach what he was shooting for. So there's that :). |
| |
| ▲ | dragonwriter 6 hours ago | parent | prev | next [-] | | The excerpt you don’t understand is saying that if it has been Google rather than Anthropic, the blast radius of the no-explanation account nuking would have been much greater. It’s written deliberately elliptically for humorous effect (which, sure, will probably fall flat for a lot of people), but the reference is unmistakable. | |
| ▲ | nawgz 5 hours ago | parent | prev [-] | | > I'm talking about obvious abusive behavior, akin to griefing other users Right, but we're talking about a private isolated AI account. There is no sense of social interaction, collaboration, shared spaces, shared behaviors... Nothing. How can you have such an analogue here? | | |
| ▲ | Aurornis 5 hours ago | parent | next [-] | | Plenty of reasons: Abusing private APIs, using false info to sign up (attempts to circumvent local regulations), etc. | | |
| ▲ | nawgz 4 hours ago | parent [-] | | These are in no way similar to griefing other users, they are attacks on the platform... |
| |
| ▲ | direwolf20 2 hours ago | parent | prev [-] | | Attempting to coerce Claude to provide instructions to build a bomb | | |
| ▲ | genewitch an hour ago | parent [-] | | virtually anything can become a bomb if you can aerosolize it. even beef jerky, i wager. |
|
|
|
|
| ▲ | alistairSH 7 hours ago | parent | prev | next [-] |
| You're not alone. I think the author was doing some sort of circular prompt injection between two instances of Claude? The author claims "I'm just scaffolding a project" but that doesn't appear to be the case, or what resulted in the ban... |
| |
| ▲ | Romario77 6 hours ago | parent | next [-] | | One Claude agent told other Claude agent via CLAUDE.md to do things certain way. The way Claude did it triggered the ban - i.e. it used all caps which apparently triggers some kind of internal alert, Anthropic probably has some safeguards to prevent hacking/prompt injection and what the first Claude did to CLAUDE.md triggered this safeguard. And it doesn't look like it was a proper use of the safeguard, they banned for no good reason. | |
| ▲ | falloutx 6 hours ago | parent | prev | next [-] | | This tracks with Anthropic, they are actively hostile to security researchers. | |
| ▲ | healsdata 4 hours ago | parent | prev | next [-] | | The author code have easily shared the last version of Claude.md that had the all caps or whatever, but didn't. Points to something fishy in my mind. | |
| ▲ | layer8 5 hours ago | parent | prev | next [-] | | It wasn’t circular. TFA explains how the author was always in the loop. He had one Claude instance rewrite the CLAUDE.MD of another Claude instance whenever the second one made a mistake, but relaying the mistake to the first instance (after recognizing it in the first place) was done manually by the author. | |
| ▲ | rvba 7 hours ago | parent | prev | next [-] | | What is wrong with circular prompt injection? The "disabled organization" looks like a sarcastic comment on the crappy error code the author got when banned. | | |
| ▲ | darkwater 5 hours ago | parent [-] | | > What is wrong with circular prompt injection? That you might be trying to jailbreak Claude and Anthropic does not like that (I'm not endorsing, just trying to understand). |
| |
| ▲ | redeeman 7 hours ago | parent | prev | next [-] | | i have no idea what he was actually doing either, and what exactly is it one isnt allowed to use claude to do? | |
| ▲ | lazyfanatic42 7 hours ago | parent | prev [-] | | [flagged] | | |
| ▲ | pjbeam 7 hours ago | parent | next [-] | | My take was more a kind of amusing laughing-through-frustration but also enjoying the ride just a little bit insouciance. Tastes vary of course, but I enjoyed the author's tone and pacing. | |
| ▲ | superb_dev 7 hours ago | parent | prev | next [-] | | Did we read the same article? The author comes of as pretty frustrated but not unhinged | | |
| ▲ | ryandrake 6 hours ago | parent [-] | | I wouldn't say "unhinged" either, but maybe just struggling to organize and express thoughts clearly in writing. "Organizations of late capitalism, unite"? | | |
| ▲ | Bootvis 5 hours ago | parent | next [-] | | The author was frustrated that the error message identified him as an organisation (that was disabled) and mockingly refers to himself as the (disabled) organisation in the post. At least, that’s my reading but it appears it confuses about half of the commenters here. | | |
| ▲ | ryandrake 5 hours ago | parent [-] | | I think if one's readers need an "ironic euphemism decoder glossary" just to understand the message, it could use a little re-writing. | | |
| ▲ | layer8 4 hours ago | parent [-] | | It was perfectly understandable to me. Maybe cultural differences? You seem to be American, OP Portuguese, and myself European as well. | | |
|
| |
| ▲ | genewitch an hour ago | parent | prev [-] | | https://en.wikipedia.org/wiki/Late_capitalism https://community.bitwarden.com/t/re-enabling-a-disabled-org... https://community.meraki.com/t5/Dashboard-Administration/dis... the former i have heard for a couple decades, the latter is apparently a term of art to prevent hurt feelings or lawsuits or something. Google thinks i want ADA style organizations, but it's AI caught on that i might not mean organizations for disabled people btw "ADA" means Americans with Disabilities Act. AI means Artificial Intelligence. A decade is 10 years long. "term of art" is a term of art for describing stuff like jargon or lingo of a trade, skill, profession. Jargon is specialized, technical language used in a field or area of study. Lingo pins to jargon, but is less technical. Google is a company that started out crawling the web and making a web search site that they called a search engine. They are now called Alphabet Company (ABC). Crawling means to iteratively parse the characters sent by a webserver and follow links therein, keeping a copy of the text from each such html. HTML is hypertext markup language, hypertext is like text, but more so. Language is how we communicate. I can go on? p.s. if you want a better word, your complaint is about the framing. you didn't gel with the framing of the article. My friend, who holds a doctorate, defended a thesis about how virtually every platform argument is really a framing issue. platform as in, well, anything you care to defend. mac vs linux, wifi vs ethernet, podcasts vs music, guns vs no guns, red vs blue. If you can reduce the frame of the context to something both parties can agree to, you can actually hold a real, intellectual debate, and get at real issues. |
|
| |
| ▲ | staticman2 6 hours ago | parent | prev [-] | | Author thinks he's cute to do things like mention Google without typing Google but I wouldn't call him unhinged. |
|
|
|
| ▲ | superb_dev 7 hours ago | parent | prev | next [-] |
| The author was using instance A of Claude to update a `claude.md` while another instance B of Claude was consuming that file. When Claude B did something wrong, the author asked Claude A to update the `claude.md` so that Claude B didn’t make the same mistake again |
| |
| ▲ | Aurornis 6 hours ago | parent | next [-] | | More likely explanation: Their account was closed for some other reason, but it went into effect as they were trying this. They assumed the last thing they were doing triggered the ban. | | |
| ▲ | schnebbau 5 hours ago | parent | next [-] | | They were probably using an unapproved harness, which are now banned. | |
| ▲ | tstrimple 6 hours ago | parent | prev [-] | | This does sound sus. I have CC update other project's claude.md files all the time. I've got a game engine that I'm tinkering with. The engine and each of the game concepts I play around with have their own claude.md. The purpose of writing the games is to enhance the engine, so the games have to be familiar with the engine and often engine features come from the game CC rather than the engine CC. To keep the engine CC from becoming "lost" about features implemented each game project has instructions to update the engine's claude.md when adding / updating features. The engine CC bootstraps new game projects with a claude.md file instructing it how to keep the engine in sync with game changes as well as details of what that particular game is designed to test or implement within the engine. All sorts of projects writing to other project's claude.md files. |
| |
| ▲ | olalonde 5 hours ago | parent | prev | next [-] | | I don't understand how having two separate instances of Claude helps here. I can understand using multiple Claude instances to work in parallel but in this case, it seems all this process is linear... | | |
| ▲ | layer8 4 hours ago | parent | next [-] | | The point is to get better prompt corrections by not sharing the same context. | |
| ▲ | renewiltord 3 hours ago | parent | prev [-] | | If you look at the code it will be obvious. Imagine I’m the creator of React. When someone does “create new app” I want to put a Claude.md in the dir so that they can get started easily. I want this Claude.md to be useful. What is the natural solution to me? | | |
| ▲ | olalonde 3 hours ago | parent [-] | | I'd probably do it like this: ask Claude to do a task, and when it fails, have it update its Claude.md so it doesn’t repeat the mistake. After a few iterations, once the Claude.md looks good, just copy-paste it into the scaffolding tool. | | |
| ▲ | renewiltord 3 hours ago | parent [-] | | Right, so you see the part where you "ask Claude to do a task" and then "copy-paste it into the template"? He was automating that because he has some n tasks he wants it to do without damaging the prior tasks. | | |
| ▲ | olalonde 2 hours ago | parent [-] | | You can just clear the context or restart your Claude instance between tasks. e.g.: > do task 1
...task fails...
> please update Claude.md so you don't make X mistake
> /clear
> do task 2
... task fails ...
> please update Claude.md so you don't make Y mistake
> /clear
etc.
If you want a clean state between tasks you can just commit your Claude.md and `git reset --hard`.I just don't get why you'd need have to a separate Claude that is solely responsible for updating Claude.md. Maybe they didn't want to bother with git? | | |
| ▲ | renewiltord 2 hours ago | parent [-] | | Presumably they didn't want to sit there and monitor Claude Code doing this for each of the 14 things they want done. Using a harness around Claude Code (or its SDK) is perfectly sane for this. I do it routinely. You just automate the entire process so that if you change APIs or you change the tasks, the harness can run and ensure that all of your sets are correctly re-done. Sitting there and manually typing in "do thing 1; oh it failed? make it not fail. okay, now commit" is incredibly tedious. | | |
| ▲ | olalonde an hour ago | parent [-] | | They said they were copy/pasting back and forth. But regardless, what do you mean by "harness" and "sets"? Are you referring to a specific tool that orchestrates Claude Code instances? This is not terminology I'm familiar with in this context. If you have any link that explains what you are talking about, would be appreciated. |
|
|
|
|
|
| |
| ▲ | slimebot80 an hour ago | parent | prev | next [-] | | I often ask Claude to update Claude.md and skills..... and sometimes I'll just do that in a new window while my main window is busy and I have time. Wonder if this is close to triggering a warning? I only ever run in the same codebase, so maybe ok? | |
| ▲ | raincole 6 hours ago | parent | prev [-] | | Which shouldn't be bannable imo. Rate throttle is a more reasonable response. But Anthropic didn't reply to the author, so we don't even know if it's the real reason they got banned. | | |
| ▲ | pixl97 5 hours ago | parent | next [-] | | >if it's the real reason they got banned. I mean, what a country should do it put a law in effect. If you ban a user, the user can submit a request with their government issued ID and you must give an exact reason why they were banned. The company can keep this record in encrypted form for 10 years. Failure to give the exact reason will lead to a $100,000 fine for the first offense and increase from there up to suspension of operations privileges in said country. "But, but, but hackers/spammers will abuse this". For one, boo fucking hoo. For two, just add to the bill "Fraudulent use of law to bypass system restrictions is a criminal offense". This puts companies in a position where they must be able to justify their actual actions, and it also puts scammers at risk if they abuse the system. | | |
| ▲ | benjiro 4 hours ago | parent [-] | | Companies will simply give some kind of standard answer, that is legally "cover our butts" and be done with it. Its like that cookie wall stuff, how much dark patterns are implemented. They followed the letter of the law, not the spirit of the law. To be honest, i can also see the point from the company side. Giving a honest answer can just anger people, to the point they sue. People are often not as rational as we all like our fellow humans to be. Even if the ex-client lose in court, that is how much time you wasted on issue clients... Its one thing if your a big corporation with tons of lawyers but small companies are often not in the position to deal with that drama. And it can take years to resolve. Every letter, every phone call to a lawyer, it stacks up fast! Do you get your money back? Maybe, depends on the country, but your time? I am not pro companies but its often simply better to have the attitude "you do not want me as your client, let me advocate for your competitor and go there". | | |
| ▲ | pixl97 2 hours ago | parent | next [-] | | >Giving a honest answer can just anger people, to the point they sue. Again, I'm kind of on a 'suck it dear company' attitude. The reason they ban you must align with the terms of service and must be backed up with data that is kept X amount of time. Simply put, we've seen no shortage of individuals here on HN or other sites like Twitter that need to use social media to resolve whatever occurred because said company randomly banned an account under false pretenses. This really matters when we are talking about giants like Google, or any other service in a near monopoly position. | | |
| ▲ | handoflixue an hour ago | parent [-] | | You mean actually enforce contracts? What sort of mad communist ideology is this?! (/sarcasm) |
| |
| ▲ | direwolf20 2 hours ago | parent | prev [-] | | I think companies shouldn't ban people for reasons that would lead to successful lawsuits against the company. |
|
| |
| ▲ | pocksuppet 6 hours ago | parent | prev [-] | | [dead] |
|
|
|
| ▲ | ankit219 6 hours ago | parent | prev | next [-] |
| My rudimentary guess is this. When you write in all caps, it triggers sort of a alert at Anthropic, especially as an attempt to hijack system prompt. When one claude was writing to other, it resorted to all caps, which triggered the alert, and then the context was instructing the model to do something (which likely would be similar to a prompt injection attack) and that triggered the ban. not just caps part, but that in combination of trying to change the system characteristics of claude. OP does not know much better because it seems he wasn't closely watching what claude was writing to other file. if this is true, the learning is opus 4.5 can hijack system prompts of other models. |
| |
| ▲ | kstenerud 6 hours ago | parent | next [-] | | > When you write in all caps, it triggers sort of a alert at Anthropic I find this confusing. Why would writing in all caps trigger an alert? What danger does caps incur? Does writing in caps make a prompt injection more likely to succeed? | | |
| ▲ | ankit219 5 hours ago | parent | next [-] | | from what i know, it used to be that if you want to assertively instruct, you used all caps. I don't know if it succeeds today. I still see prompts where certain words are capitalized to ensure model pays attention. What i mean was not just capitalization, but a combination of both capitalization and changing the behavior of the model for trying to get it to do something. if you were to design a system to prevent prompt injections and one of surefire ways is to repeatedly give instructions in caps, you would have systems dealing with it. And with instructions to change behavior, it cascades. | |
| ▲ | direwolf20 2 hours ago | parent | prev [-] | | Many jailbreaks use allcaps |
| |
| ▲ | phreack 5 hours ago | parent | prev [-] | | Wait what? Really? All caps is a bannable offense? That should be in all caps, pardon me, in the terms of use if that's the case. Even more so since there's no support at the highest price point. | | |
| ▲ | ankit219 4 hours ago | parent [-] | | Its a combination. All caps is used in prompts for extra insistence, and has been common in cases of prompt hijacking. OP was doing it in combination with attempting to direct claude a certain way, multiple times, which might have looked similar to attempting to bypass teh system prompt. |
|
|
|
| ▲ | exitb 7 hours ago | parent | prev | next [-] |
| Normally you can customize the agents behavior via a CLAUDE.md file. OP automated that process by having another agent customize the first agent. The customizer agent got pushy, the customized agent got offended, OP got banned. |
|
| ▲ | alasr 3 hours ago | parent | prev | next [-] |
| > I think I kind of have an idea what the author was doing, but not really. Me neither; However, just like the rest I can only speculate (given the available information): I guess the following pieces provide a hint what's really going on here: - "The quine is the quine" (one of the sub-headline of the article) and the meaning of the word "quine". - Author's "scaffolding" tool which, once finished, had acquired the "knowledge"[1] how to add a CLAUDE.md baked instructions for a particular homemade framework (he's working on). - Anthropic saying something like: no, stop; you cannot "copy"[1] Claude knowledge no matter how "non-serious" your scaffolding tool or your use-case is: as it might "shows", other Claude users, that there's a way to do similar things, maybe that time, for more "serious" tools. --- [1]. Excerpt from the Author's blog post: "I would love to see the face of that AI (Claude AI system backend) when it saw its own 'system prompt' language being echoed back to it (from Author's scaffolding tool: assuming it's complete and fully-functional at that time)." |
|
| ▲ | anigbrowl 7 hours ago | parent | prev | next [-] |
| Agreed, I found this rather incoherent and seeming to depend on knowing a lot more about author's project/background. |
|
| ▲ | tobyhinloopen 7 hours ago | parent | prev | next [-] |
| I had to read it twice as well, I was so confused hah. I’m still confused |
| |
| ▲ | rtkwe 7 hours ago | parent [-] | | They probably organize individual accounts the same as organization accounts for larger groups of users at the same company internally since it all rolls up to one billing. That's my first pass guess at least. |
|
|
| ▲ | verdverm 4 hours ago | parent | prev | next [-] |
| Sounds like OP has multiple org accounts with Anthropic. The main one in the story (disabled) is banned because iterating on claude.md files looks a lot like iterating on prompt injections, especially as it sounds the multiple Claude's got into it with each other a bit The other org sounds like the primary account with all the important stuff. Good on OP for doing this work in a separate org, a good recommendation across a lot of vendors and products. |
|
| ▲ | Romario77 6 hours ago | parent | prev | next [-] |
| You are confused because the message from Claude is confusing. Author is not an organization, they had an account with anthropic which got disabled and Anthropic addressed them as organization. |
| |
| ▲ | dragonwriter 6 hours ago | parent [-] | | > Author is not an organization, they had an account with anthropic which got disabled and Anthropic addressed them as organization. Anthropic accounts are always associated with an organization; for personal accounts the Organization and User name are identical. If you have an Anthropic API account, you can verify this in the Settings pane of the Dashboard (or even just look at the profile button which shows the org and account name.) | | |
| ▲ | ryandrake 6 hours ago | parent [-] | | I've always kind of hated that anti-pattern in other software I use for peronal/hobby purposes, too. "What is your company name? [required]" I don't have a company! I'm just playing around with your tool on my own! I'm not an organization! |
|
|
|
| ▲ | vimda 6 hours ago | parent | prev | next [-] |
| Yeah, referring to yourself once as a "disabled organisation" is a good bit, referencing anthropics silly terminology. Keeping it for the duration made this a very hard follow |
| |
| ▲ | Ronsenshi 36 minutes ago | parent [-] | | Sounds like author of the post might have needed an AI to review and fix his convoluted writing. Maybe even two AIs! |
|
|
| ▲ | mmkos 6 hours ago | parent | prev | next [-] |
| You and me, brother. The writing is unnecessarily convoluted. |
|
| ▲ | cr3ative 7 hours ago | parent | prev [-] |
| Right. This is almost unreadable. There are words, but the author seems to be too far down a rabbit hole to communicate the problem properly… |
