So Claude's stealing our business secrets, right?

Seems like everybody is just carelessly saying—whatever—to Claude. Client lists, trade secrets. We all know that our agents haven’t signed NDA’s, right? Right?

▲

wps a day ago | parent | next [-]

Forget business secrets. In my anecdotal surveys, normal people are feeding their entire lives into the normal web ui! Many of these people are on the free plan with no data protection at all! People I know have admitted to feeding chat transcripts, documents with tons of PII, most email correspondence, their private IP (medical texts, fiction, lyrics), and don’t even get me started on the emotional counseling.

I’ve had a long history of managing my digital privacy and even I’ve been quite lax with this. It’s just so easy to dump stuff in the black box. I try to use ZDR endpoints when I can via openrouter for certain tasks.

Google’s policies regarding data collection on paying customers is so shady as well. From what I understand: they train on all days of all paying customers unless you turn Gemini apps and activity off. This completely disables your ability to save chats. They obviously merge these two settings to collect as much data as possible. They allegedly do not train on temporary chats, but the UX for them is annoying and requires so many more button clicks.

Ultimately I just treat any endpoint as a public record at this point. If I wouldn’t be happy letting the world see it, I don’t attach it. Welp.

▲

raw_anon_1111 a day ago | parent | prev | next [-]

On average a company uses 100+ SaaS companies

https://www.sellerscommerce.com/blog/saas-statistics/

Salesforce has had your client list, the amount the deal is worth, the status of the deal, which of your employees are working on the deal, their bill rate etc. for years.

Zoom/Gong/Microsoft Teams knows every conversation yoh have with a client if you turn transcriptions on.

Your email provider gets your company email in plain text.

Slack has all of your interoffice communications.

Atlassian gets exactly what you are working on, whose working on it and the status of every task.

AWS/GCP/Azure know everything about your infrastructure.

BTW, Amazon is one of the most paranoid companies about confidentiality you can imagine (former employer). They use Microsoft Office, Slack (they were moving away from Chime before I left) - and the internal consulting division uses Salesforce.

Why the moral panic about Anthropic? I doubt very seriously they are going to start in my company’s case - a cloud consulting division

▲

codingdave 17 hours ago | parent [-]

Anthropic is in the business of using your data to train future releases. There is no contract in place to protect your data, especially for free users. SaaS subscriptions come with contracts. They are not the same.

▲

raw_anon_1111 16 hours ago | parent | next [-]

How is believing that Microsoft is being honest about how they use your private GitHub code and they don’t use it to train Copilot any different than believing Anthropic if you opt out? Every company I listed is training models for their business - I’m not saying they are using your data.

Any company that doesn’t have an enterprise contract with Anthropic and uses Claude Code is an idiot.

But if you really want to have that warm and fuzzy, you can always use Claude Code via an AWS account and Bedrock hosted Anthropic models. I assure you that AWS (former employer) is not using your data when you use Claude with Bedrock/Anthropic to train their models. Amazon may be evil. But they are not stupid.

▲

UqWBcuFx6NV4r 9 hours ago | parent [-]

>Any company that doesn’t have an enterprise contract with Anthropic and uses Claude Code is an idiot.

I understand that working for Amazon will have given you the typical unjustified sense of intelligence and authority, and entirely insular sense of the world, that people tend to have when they work for FAANG, but you need to do your best to fight against it, dude.

You don’t know about every organisation. You don’t know about their risk profiles. Are you saying that the two-person bootstrapped spare-time side-project is the creation of two “idiots” because they don’t have an enterprise agreement with Anthropic? What about the organisations where the code is more-so incidental aspect of their organisation, rather than the secret sauce? You know that this is the vast, vast majority of organisations, right? Do you genuinely think that your code is so precious that anyone else having access to it (let alone munged up in an LLM) will be in any way detrimental to the business? That is very, very, very rarely the case. We’re all capable of reading ‘Designing Data-Intensive Applications’, I assure you.

	▲	raw_anon_1111 9 hours ago \| parent [-]
		If you read my initial reply where I said your information is already out there with 100+ SaaS products for the average company. I agree with you, Anthropic could care less about a two person vibe coded startup that will never go anywhere or a random CRUD app. But the OP was concerned about big company things. So they should have big company enterprise agreements. FWIW, I’ve been working for 30 years across ten companies and only 6 of those years are with any company you have probably ever heard of - General Electric when it was still and F10 company and Amazon - it was my 8th company. I don’t consider myself “ex-FAANG”, it was a job I got at 46 with every intention of only staying for four years. I hate large companies and would rather get a daily anal probe with a cactus then go back to one (Google/GCP was a serious option a year ago). My bread a butter before I went into consulting was small less than 100 person company. Even we had enterprise agreements then (for those doing the math, I worked in the cloud consulting department at AWS -ProServe. Everyone who works in the department are “blue badge” full time RSU earning employees. Google has a similar department)

▲

andrei_says_ 13 hours ago | parent | prev [-]

Is copyright law not a type of contract? Was copyright law not violated, repeatedly, in the training process of LLMs?

	▲	codingdave 13 hours ago \| parent [-]
		Copyright law is not a contract, no. It is statutory. Contracts require agreements and "consideration" in order to enforce the contract. Copyright does does not require these things. So to your second question, I'd argue yes, it was violated. But IANAL, so the courts would need to answer that question.

▲

sky2224 a day ago | parent | prev | next [-]

Your em-dashes make me think this is an AI generated post but whatever.

My company uses Github Copilot. We have a very specific enterprise agreement that states that data does go to Microsoft's servers where it gets processed in an ephemeral environment and wiped after 3 months.

I'm guessing Anthropic has something similar in their agreements. Now, if you have some proof that Anthropic is stealing highly confidential and/or trade secrets, that'd be good to see, but also whomever is throwing that kind of information into an off-premises and non airgapped model is just asking for a data leak.

▲

arm32 a day ago | parent [-]

Why would I use AI to write a tiny little post? Do you think I’m that toasted already?

▲

sky2224 a day ago | parent [-]

There are an increasing number of AI generated posts that are automatically posted without human oversight now. Sadly, it's gotten to the point where honestly we truly don't know what is and isn't real, and OpenAI really ruined the em-dash by making it directly associated with AI generation.

	▲	andrei_says_ 13 hours ago \| parent [-]
		I hope a quick removal of em dashes is not the only thing that separates us from undetectable slop.

▲

gigatree a day ago | parent | prev | next [-]

Is that allowed in their ToS?

	▲	arm32 a day ago \| parent [-]
		They keep 5 years of your data, logs, whatever hits their observability—so yes.

▲

throwaway5465 7 hours ago | parent | prev [-]

No GDPR no play.