| ▲ | cge 4 hours ago | |
> Clearly with LLMs, bulletproof denials are ~impossible due to the way LLMs work. As a scientist who repeatedly ran into the classifier-based denials: it appears Anthropic’s strategy to make denials more robust, at the cost of many false positives, was to have a separate classifier processing both input and output tokens, at an extremely simple, almost keyword-search level. One weakness of this approach is that it only catches things that use the right keywords: it is in some sense weak exactly where an LLM-based classifier would be stronger. Work on abstract, closer-to-CS algorithms that used chemistry terminology were blocked immediately, while work directly relevant to chemistry/biology experiments, writing code to process images from a very specific microscopy setup relevant primarily to biological samples, was never blocked at all, because it happened to never use relevant keywords. That’s consistent with this situation: finding and fixing bugs in the context of looking for bugs perhaps happened to never use words like ‘exploit’ or ‘cybersecurity’. | ||
| ▲ | aesthesia an hour ago | parent | next [-] | |
You can see their general approach to guardrail classifiers in these posts: https://www.anthropic.com/research/constitutional-classifier... https://www.anthropic.com/research/next-generation-constitut... It's not just keyword matching, but I'm sure they tuned the Fable classifiers pretty hard to avoid false negatives. | ||
| ▲ | tmp10423288442 2 hours ago | parent | prev [-] | |
But you think that Anthropic of all companies would realize this, so why did they do it that way? Did they literally take the first suggestion Mythos gave them to add these guardrails - wouldn't be surprising, seeing the state of the leaked Claude Code codebase. | ||