| ▲ | pseudosavant 4 hours ago |
| It is actually worse than that. It is at least 30 days. There is an "almost" that is doing a ton of heavy lifting here "deletion after 30 days in almost all cases". My read of that is they can hang onto data for as long as they want, even if they usually won't. And "all traffic" with an agentic harness is basically your entire codebase you work on. > We will require 30-day retention for all traffic on Mythos-class models, on both first- and third-party surfaces. We won’t use this data to train new Claude models, or for any non-safety-related purpose, and we’ve instituted new privacy protections including logging all human access to the data and ensuring its deletion after 30 days in almost all cases (see this post for further details). The data will help us defend against complex and novel attacks (including new jailbreaks and attacks that operate across many requests) as well as help us identify and reduce false positives. |
|
| ▲ | kitchi 12 minutes ago | parent | next [-] |
| They seemed to have changed the wording since you posted the comment, now specifying exactly 30 days with seemingly no exceptions. These terms seem to be updated at-will, so I'll take that with a grain of salt however. |
|
| ▲ | bagels 4 hours ago | parent | prev | next [-] |
| How were they not already auditing access to customer data? |
| |
| ▲ | codebje 3 hours ago | parent [-] | | They were not keeping it beyond the timeframe necessary for the model to process it, so there wasn't access there to audit. |
|
|
| ▲ | bmitc 26 minutes ago | parent | prev | next [-] |
| Does anyone know about the jailbreaks and attacks they are referring to? These are done through model queries? |
| |
| ▲ | deminature 15 minutes ago | parent | next [-] | | One of the major attack vectors is distillation, where millions of questions are auto-generated and coordinated to produce training data for new LLMs. Anthropic alleges Minimax, Deepseek and Kimi were trained this way. Deepseek 4 compares favorably to Opus, so they're probably trying to prevent Deepseek 5 from being a bootleg Mythos. https://www.anthropic.com/news/detecting-and-preventing-dist... | |
| ▲ | MichaelZuo 23 minutes ago | parent | prev [-] | | Why would you trust anything they say at face value? When they literally just showed you they are being deceptive by sneaking in the weasel word “almost”? |
|
|
| ▲ | tcp_handshaker 4 hours ago | parent | prev | next [-] |
| Half of my customers will drop them right away, and the other half, after I explain to them what this means. |
| |
| ▲ | usef- 2 hours ago | parent | next [-] | | It's only for this model, not the one you're already using. And they're not training on the data. It's supposedly to detect abuse etc (such as someone retrying repeatedly with different variations to get around their protections) | | | |
| ▲ | vntok 2 hours ago | parent | prev [-] | | You must have very unrepresentative customers. What will they use? |
|
|
| ▲ | eth0up an hour ago | parent | prev | next [-] |
| I cannot help wondering if the 'we won't train on your data' applies across the fence over there in pentagon land, where the classified contracts be. Yeah, of course they are not connected. Or.. Present user-llm activity is a goldmine of intel the agencies literally spent lives and billions on getting hardly close to, yet they elect to just let this one slip by.. Maybe. Really, I don't dispute it. But why? It's what, or precisely what, they always dreamed of. |
|
| ▲ | Rekindle8090 4 hours ago | parent | prev | next [-] |
| [dead] |
|
| ▲ | bethekidyouwant 4 hours ago | parent | prev [-] |
| Even worse when you git push something Microsoft gets all your code! |
| |
| ▲ | dannyw 2 hours ago | parent | next [-] | | Yes, that is your intended purpose of “git push”, it’s to save. And only if you use GitHub. A better analogy here is probably “every time you use VS Code, the files you edit get sent to Microsoft”. Some legitimate concerns: • You have trade secrets. Previously; you can use services like Bedrock, etc, with signed contracts and significant reputations. Your contract is between AWS and you, and stays within your AWS security boundary. • Security breaches. Remember when Anthropic accidentally published the source tree of Claude code? Or Meta’s recent AI recovery bot that didn’t check if the supplied recovery email was actually the email of the Instagram account? The best way to reduce your exposure is to minimise storage. • Weaponised T&S. For example what if Anthropic decided to build a classifier for “usage in unsupported regions” that’s super overbearing (as we see with Fable) and vacuums up all context/input/output if there’s Mandarin? Contractually they could now retain it forever, not just 30 days, for ‘trust and safety purposes’ and perhaps have AI scan for any new or interesting ML techniques at scale, for Anthropic’s own use? They say just can’t train Claude models on the data. | | | |
| ▲ | 2 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | layer8 4 hours ago | parent | prev | next [-] | | Only if you push it to GitHub. | |
| ▲ | tcp_handshaker 4 hours ago | parent | prev [-] | | That is why, for the last five years I have been checking in with them, code with some of the most atrocious quality. So far...its working.... | | |
|
