Hacker News

I'm not sure they can actually respect that 30 days absolute commitment. Let's say some internal tool flags a suspect conversation, it bubbles up and a human operator reads it and it looks like evidence of a crime. Then, that employee is legally bound in many jurisdictions to prevent the destruction of that piece of evidence.

It's one thing to commit to a "everything is deleted when you press delete" automatic policy. It's quite another to say "we'll keep some stuff for up to 30 days, look inside it for any malfeasance, then pinky promise we'll delete it".

Yep. They changed the terms, which needs legal review in my org, but the Fable model was available immediately, so of COURSE people have to go and flock to it to see how much better it is. Amazing how easy it is to spend five figures on demand and have very little to show for it; meanwhile when I want to buy a piece of enterprise software for 40-50k/year I have to spend weeks or months building the case, providing justification for ROI etc.

From https://support.claude.com/en/articles/15425695-covered-mode..., emphasis mine:

> Prompts and model completions are retained for at least 30 days and then automatically deleted, unless they are subject to a safety investigation or we are legally required to maintain them.

They keep it as long as they want.

That's strange. Even in my hobby-toy app, I have a TOS that I bump whenever the terms meaningfully change, and in my app, it forces a re-acceptance of the new terms before using the app again.

That's only in the summary, farther down it says

> After 30 days, the data is deleted automatically, except in the rare cases where it's part of a safety investigation or we're legally required to keep it.

Where are you seeing that updated version?

They were not keeping it beyond the timeframe necessary for the model to process it, so there wasn't access there to audit.

and you can't opt out of data retention for non-training purposes. so I think theres a bit of a psyop occurring here.

I don't know why you'd read literally the last 25 years of leaks from mass surveillance programs and think for one moment that they've just, gosh, overlooked the opportunities.

> We won’t use this data to train new Claude models, or for any non-safety-related purpose, and we’ve instituted new privacy protections including logging all human access to the data and ensuring its deletion after 30 days in almost all cases

This reads to me as they can use any model that is not a "Claude model", and as for human access to that other model there can be different less restrictive privacy protections. In other words, that anything goes.

We've already gone through ECHELON, USAPATRIOT, TIA, PRISM, etc.. Either learn from the pattern and and plan accordingly, or be one of the credulous rubes caught off guard in the next wave of leaks.

It's only for this model, not the one you're already using. And they're not training on the data. It's supposedly to detect abuse etc (such as someone retrying repeatedly with different variations to get around their protections)

And 99% of their other customers wont care either way.

You must have very unrepresentative customers. What will they use?

Because they think people are okay with it, or at the very least, don't care, or don't care to know.

Which, judging by how much people are using Fable, appears to be true.

Well, it's okay for them.

Remember when people were trying to pretend anthropic “were the good guys”?

>How can Anthropic possibly think this is okay?

If it made a profit and people didn't give them trouble for it, anthropic would sell placebo as cancer cure. What they think "is okay" is what they can get away with.

One of the major attack vectors is distillation, where millions of questions are auto-generated and coordinated to produce training data for new LLMs. Anthropic alleges Minimax, Deepseek and Kimi were trained this way. Deepseek 4 compares favorably to Opus, so they're probably trying to prevent Deepseek 5 from being a bootleg Mythos. https://www.anthropic.com/news/detecting-and-preventing-dist...

Why would you trust anything they say at face value?

When they literally just showed you they are being deceptive by sneaking in the weasel word “almost”?

I mean deleting the Universe also deletes the Data so that counts.

Yes, that is your intended purpose of “git push”, it’s to save. And only if you use GitHub.

A better analogy here is probably “every time you use VS Code, the files you edit get sent to Microsoft”.

Some legitimate concerns:

• You have trade secrets. Previously; you can use services like Bedrock, etc, with signed contracts and significant reputations. Your contract is between AWS and you, and stays within your AWS security boundary.

• Security breaches. Remember when Anthropic accidentally published the source tree of Claude code? Or Meta’s recent AI recovery bot that didn’t check if the supplied recovery email was actually the email of the Instagram account? The best way to reduce your exposure is to minimise storage.

• Weaponised T&S. For example what if Anthropic decided to build a classifier for “usage in unsupported regions” that’s super overbearing (as we see with Fable) and vacuums up all context/input/output if there’s Mandarin? Contractually they could now retain it forever, not just 30 days, for ‘trust and safety purposes’ and perhaps have AI scan for any new or interesting ML techniques at scale, for Anthropic’s own use? They say just can’t train Claude models on the data.

Only if you push it to GitHub.

That is why, for the last five years I have been checking in with them, code with some of the most atrocious quality. So far...its working....

Uhm, no?

I have NO single project on Github.

One of my clients has their project on GitHub.

Every other client I have ever worked with or for ran and runs their own gitforge.

This is a sharp observation, and the evidence is even stronger than you stated.

This is the smoking gun

It doesn't tell you it's doing that. Wait, now it does. Or does it?

more like 100$ given its pricing

Maybe Claude was Kira all along

Closed models just don't show this thinking process directly to the user

From a recent DeepSeek session:

"Wait, what am I? I am claude, or something similar"

Was going to say, open qwen in lm studio, say hi, watch the thinking traces

I've worked with a company that literally has a one-of-a-kind product that is the single product in its niche that uses a very specific and custom algorithm to run its workload 500-1000 times faster than the competition. Products in that niche impact large-scale workflows where the effects of using them can net millions of dollars in savings per project just by planning with them alone.

I learned after my contract with them was put on hold that the CEO uses Claude to vibecode experiments on the code base. Not for any good reason, mind you, the algorithm was written by the CTO who emphatically does not use any LLMs.

With Anthropic's reach they could probably make a massively successful product in that market and basically take the entire thing over, if they only knew to look. And I'm 100% certain that they don't actually follow any policies on not using their incoming data.

I’d be more scared of a data leak due to LargeCo being hacked than I would about LargeCo prying into the data.

What I don’t trust LargeCo with is personal information. I’ve heard too many horror stories about Govs and LargeCos swapping customer nudes or stalking ex’s to be comfortable with anything personal on those systems. But that’s a whole different topic.

I worked in very technical engineering software company and they were super paranoid about their special sauce IP of a product that did analysis of a certain type of data, without being able to see that all the pieces of that special sauce were actually just functions from SciPy strung together and which you could look up in a textbook. Don't get me wrong, you need the right background to understand it and that's not trivial, but if you got someone from the right area you could replicate it pretty easily.

In general, I agree with you.

However, in the case of model providers, I think it is a more real concern since it could make it into some training data, and then one of your actual competitors could ask the model to code something up and get your IP.

I sort of assume the frontier AI labs are good about not doing this when they promise not to, but if you don't have airtight restrictions on what your devs are doing, they might be sending it somewhere that hasn't agreed....

LargeCo is probably struggling under the weight of technical debt and organizational challenges/politics.

I bet if you gave them the Codebase of the Gods, it’d be a heap of hacks inside a couple months.

> people over-rate how much software/IP is useful in running a successful business

Indeed, by a couple trillions...

> They also over index fear of LargeCo stealing IP

That seems to be a bold statement considering the whole business of this LargeCo is based on stolen IP.

How can you make such bold and generic claims without some data backing it?

You could not be more wrong in the aggregate.

Literally how LLMs will continue to learn to code and easily replace whatever you build with them.

Incredible that you could so blithely misunderstand this

Trust and liability are the actual currency in a software business.

Your email domain is significantly more important than whatever is in your corporate GitHub repositories.

For self-hosted GitLab or BitBucket, no. GitHub enterprise (self-hosted) also no (though that is rather rare).

Claude code is actually very good at not reading your keys these days.

One company's irrational fear is a competitive advantage for someone else.

Exactly. See my downthread comment. That is my proposal as well. I understand that Anthropic and Azure/AWS have different priorities, so even if Anthropic forward-deployed/embedded/rotated their own people into those teams to keep them honest, as long as user data didn't flow back... I would be fine with that.

Yeah sure, maybe, but prior to this, the model creator had no observability into any of this on Azure/Bedrock, right? Now they do. That's one over-eager PM or bug away from training on my clients' data.

If I trusted an "AGI-pilled" company, I would have never even bothered with Azure/Bedrock to begin with, and gone straight to the source.

AGI-pilled means that you think you are building god. They might actually be doing that, but in either case, I cannot trust people in that state of mind with my clients' most valued proprietary data.

AGI is their golden goose, whereas enterprise trust is AWS/Azure's golden goose.

edit after upvotes: I get it from the Anthropic POV. I am not an Anthropic hater, in-fact I am a huge fan. People trying to distil their models would likely use Azure/Bedrock for that purpose, as the lack of Anthropic observability would be ideal for that. Still, this all sucks for anyone building an honest business with enterprise customers.

There has to be a better way. Maybe deploy the automated observability tools to the Azure/Bedrock teams... and have them flag and investigate accounts? If Anthropic can do this, so can Azure Foundry/Bedrock teams, right? Maybe even forward deployed Anthropic folks would be ideal to keep them honest, as long as the raw data does not flow back.

Does it? It says “We won’t use this data to train new Claude models”. Couldn’t the wording “new Claude models” allow them to use it on their existing ones? It’s vague enough to me, at least.

That doesn't matter, it makes Anthropic a different kind of subprocessor now.

They're pissed about distillation "attacks" and locking down transformer based work to prevent that, would be my guess. Its how they'll protect "their" IP (Model Weights and other features) now that they've plundered the rest of the world's.

Third alternative: Mythos is so catastrophically bad at medical tasks that attempting to use it for medical research would instead create bioweapons. ;)

> That, or alternatively, Mythos is so good at medical stuff, that it cam replace a lot of physician work 90% of the time, pissing off doctors

Well they definitely don’t give a teaspoon of shit about putting people out of work by hawking munged-up versions of those people’s data, which was involuntarily ‘ingested’ for the benefit of society (in a way that happened to fuel a centabillion dollar industry.) So it’s prolly not that one.

More likely whomever they’re consulting is protecting their own bags.

It's temporary. From the fable blogpost:

>To release the model both safely and quickly, we’ve tuned these safeguards conservatively—they’ll sometimes catch harmless requests, though they trigger, on average, in less than 5% of sessions. With more capable models arriving in the coming months, we’re working to improve our safeguards and reduce false positives as quickly as we can.

It's good they're being overcautious here. The alternative is far worse.

They refused to allow autonomous weapons and domestic surveillance. They were fine with use in weapons with a human in-the-loop and with surveilling non-US nations.

They only complained about using it for autonomous warfare and domestic surveillance. They were not as hawkish as OpenAI, but by no means a dove.

Surveillance is always advanced as a safety measure.

Can’t wait till that turns into “regulatory capture”

You have right to ask for it, but it doesn't guarantee that they will do it. It's also limited to data they hold as controller (i.e. the copy they hold for "safety" purposes), not the original copy that is controlled by customer. For that you will need to contact the source.

Google Workspaces and Dropbox have an IL5-compliant offering, which means they attest that they will not do exactly this (and are audited on that). Not sure about iCloud and Notion.

I never had an NDA permit such usage.

They basically said "Deepseek ran 150,000 requests and here's the gist of one of their prompts". Anthropic doesn't know which accounts are Deepseek proxies beforehand, so definitely sounds like retrospective analysis of broad user logs to me.

Of course Anthropic realizes saying this straight is problematic so they said they examined request metadata, but no, I don't think they can get this kind of insight from metadata (token counts, request time, etc.)

China has proxies that sell cheaper access to frontier models in exchange for permission to train on your data.

Sure. That's what they say but does anyone actually trust what they say about where they are getting their data? They also had a legal requirement not to steal IP, they said they weren't and then it came out that both OpenAI and Anthropic were pirating mass amounts of media. When they said they weren't doing this they were knowingly lying. I'm quite certain that some (if not all big players) are retaining data from their customers despite explicit agreements not to do so. As a data engineer myself, I know how easy this is to do.

Hmmm no? The only way is to deploy your own local model, using anyone else's you are at their whim on what happens to your data.

Step 1: Find all companies which refuses/bans to use SOTA models from irrational fear.

Step 2: Use SOTA models to copy them and crush them

Step 3: Profit.

(Yes, not every business is easily replicable, but you sure can find some)

All he pre-publicity from Anthropic was about how it was amazing at finding security vulnerabilities, so it's not a stretch to think that some people would want to exploit that for nefarious purposes.