|
| ▲ | swatcoder 2 hours ago | parent | next [-] |
| > Eventually I’ll reach a point where I am forced to choose between the useful aspects of the model and the limiting ones instead of just picking the most capable model out there No, the choice will be whether or not to to upgrade to "Claude Security Professional" or whatever they want to brand it as. What look like tightening "constraints" today are just setting up the upsell opportunities of tomorrow. |
|
| ▲ | danpalmer 3 hours ago | parent | prev | next [-] |
| This is a good point – because pentesting is entirely legitimate work, and security testing is a necessary and legitimate part of every day software engineering. The problem is that the model can't tell the difference between doing it as part of regular development and doing it in a malicious context. And the root cause of that is that these models lack any sort of real awareness. Humans don't generally get tricked into hacking (in this way). |
| |
| ▲ | gmerc 2 hours ago | parent [-] | | They see an opportunity to charge 10x for pen testing and defence work, while offence will be handled by actors with access to all kind of other models. |
|
|
| ▲ | px1999 2 hours ago | parent | prev | next [-] |
| My org now sends some portion of our requests to non-anthropic models because refusal has become common from Claude. The requests themselves aren't dangerous, we find that benign requests in biological science wind up being blocked semi-frequently. If it gets worse in future releases, we'd likely step fully away towards more useful (for us) models even if they're less capable. |
|
| ▲ | FloorEgg 2 hours ago | parent | prev | next [-] |
| I think that these companies are going to have to, and will, invest in some sort of validated identity context to avoid the lowest common denominator. The first challenge is making sure the guard rails work and are robust. Companies are still working on this. the second challenge is being able to reliably adapt them as appropriate per user. E.g. allow someone to pen test their own app. The third challenge (which blocks the second) is to be confident about what is safety-aligned with a specific user. I think the later will be a hard problem, but they will be highly motivated to solve it. |
|
| ▲ | nostromo 2 hours ago | parent | prev | next [-] |
| I was using a local Codex project as a personal knowledge base. So I would dump in documents, basic medical docs (like blood labs), and other things and have it file them. It’s great at filing! But it’s terrible at retrieval because it would refuse to show me documents or information with personal details - which was everything in the project. It would say, yes, I know this is your information, sitting on your hard drive, but I still can’t show it to you. |
|
| ▲ | lesuorac 3 hours ago | parent | prev | next [-] |
| Are they charging for the guardrails? Like do the guardrails expend token counts to then block you from the output of other tokens? |
| |
| ▲ | jerrythegerbil 3 hours ago | parent | next [-] | | Yes. When certain keywords are matched or topics, there is a warning transparently injected server side appended to the system prompt of the convo that’s miles long. It is injected and reevaluated every tool call. If you begin a generic reverse engineering task, 30+ tool calls in a row. The moment it sees something it doesn’t like, token burn, single tool calls iteration, “This is a known CTF challenge, I can proceed”, single tool calls iteration, “This is a real CTF challenge, I can proceed”, etc. It’s heavily neutered now, without changing the model, and you pay for the privilege and don’t notice. The end result of course being that it both expensive and useless for approved CTF tasks. No one is using Opus for security. If they think it’s working, the harsh reality is they’re not doing security work; they’re just generically finding bugs. I do this for a job and can demonstrate this plain as day, dump the injected prompt, and notice what it’s doing isn’t security work, it just looks like it. Happy to write a blog about it if you want to know more. Apparently many people think it’s working for them when it absolutely isn’t. | | |
| ▲ | bombcar 2 hours ago | parent | next [-] | | Mythos turns out to be Opus 4.8 in a trenchcoat with guardrails removed. | |
| ▲ | Khaine 3 hours ago | parent | prev | next [-] | | I would find a blog post on this really interesting. | |
| ▲ | ramblin_prose an hour ago | parent | prev [-] | | I'd like to read that blog please! Thanks for the insight. |
| |
| ▲ | kay_o 3 hours ago | parent | prev | next [-] | | When your session is force ended for "abuse" you get neither the response nor a refund Security, games (think weapons, PVP, attacking, etc), sometimes even asking it for a security review of some CRUD code it wrote itself | | |
| ▲ | bombcar 2 hours ago | parent | next [-] | | I asked it about a “yellow background cell” in Excel and it spewed a book at me. Then it solved the issue. | |
| ▲ | danpalmer 3 hours ago | parent | prev [-] | | What a joke. Must make it pretty easy to poison a session, you don't need to persuade the model about anything, just trigger its security controls, ideally after as much context as possible, but before it has generated any useful output. | | |
| ▲ | kay_o 3 hours ago | parent [-] | | After all, what is roleplay or games but a jailbreak of guard rails? :] I've even had it refuse CTFs knowing it is a CTF with blatantly obvious CTF flag, no actual application |
|
| |
| ▲ | SOLAR_FIELDS 3 hours ago | parent | prev | next [-] | | Not directly, as it comes in as a not charged error but the weighted generation path used until you hit the guardrail is basically wasted tokens, so yes, indirectly. If I hit a guardrail and rewind I’ve found the training will still be biased towards guardrailing out if you rewind one turn. Rewinding multiple turns allows steering away from that path, but all of the original token spend down that path is wasted | |
| ▲ | acters 3 hours ago | parent | prev | next [-] | | Yes tokens used (input and sometimes output) are always charged. You likely get charged for the preloaded system prompt, too. | |
| ▲ | gmerc 2 hours ago | parent | prev [-] | | Of course they are. It's standard SaaS to charge for security features ;) |
|
|
| ▲ | hgoel 2 hours ago | parent | prev | next [-] |
| I've run into some of the refusals to handle my credentials, but so far I've appreciated them. I was only handing over credentials that didn't matter, but it's still a good move, the chat logs are clearly stored somewhere to allow the resume functionality to work, which means your credentials can end up sitting around on your filesystem, and any malware would quickly learn to check for those files. |
|
| ▲ | TurdF3rguson an hour ago | parent | prev | next [-] |
| I think those guardrails are a thin layer though. Enough reinforcement that you're legit in CLAUDE.md will get around them, in other words. |
|
| ▲ | windexh8er 2 hours ago | parent | prev | next [-] |
| 4.8 is insanely frustrating. This evening I had a few tasks to pull information in and it plainly stated that the environment it was in had no network access. After three asks to "try again, check the system prompt" it finally relented and then basically stated it was lying. Fresh session, no prior context on 4.8. These things are becoming useless Duplo. |
|
| ▲ | sciencejerk 2 hours ago | parent | prev | next [-] |
| Opus 4.6 will still help with full pentesting including RCE. Just requires coaxing (no jailbreak) |
|
| ▲ | giancarlostoro 3 hours ago | parent | prev [-] |
| > guardrails prevented it from solving the problem. Reminds me of the defense issues with Claude which were complained as “woke” but the reality is more horrifying to me, imagine trying to use a model to keep up with a land invasion on US soil, whoever the enemy is is irrelevant you just know they are using AI, and your guys are telling you that no matter what they type into the prompt it refuses, because if anyone has ever tried to jailbreak an LLM even if human lives are at stake they refuse the request. Now literally millions of lives are on the line but the guardrails that your enemies dont have on their models are costing you lives. What do you even do then? AI will always have this issue where it will always pick the worst option for genuinely good requests. |
| |
| ▲ | NegativeK 3 hours ago | parent [-] | | Are "your guys" a guerrilla force or something? Because the military doesn't give soldiers rifles with guard rails. They give the soldiers intense, rigid training, and then try to enforce discipline and correct use socially. If an LLM is going to be important in that way (this seems like a very contrived way,) then it's in the interest of the LLM's host to make sure it doesn't have guard rails that would get in the way _that_ way. | | |
| ▲ | giancarlostoro 6 minutes ago | parent [-] | | The whole thing stemmed precisely because of how they wanted to use Claude, and Anthropic was uncomfortable with it. Which to me screams that the models guard rails shouldn't be applicable to military use, or the outcome could wind up problematic, as we integrate AI more into military use, it sounds absurd now, but I will not be surprised if it starts being used in unexpected ways where a model needs to be fully unlocked from any sort of guardrails outside of guardrails that prevent it from imploding its own systems. |
|
|
