[loneboat]

I've seen this claim a few times, but when I triggered the guardrails in Claude Code, it clearly notified me that it had switched to a different model ("something something for security purposes...").

Are you using Fable in Claude Code or in the browser?

[vadansky]

It's from the model card:

> unlike our interventions for cybersecurity, biology and chemistry, and distillation attempts, these safeguards will not be visible to the user. Fable 5 will not fall back to a different model. Instead, the safeguards will limit effectiveness through methods such as prompt modification, steering vectors, or parameter-efficient fine-tuning (PEFT).

https://www-cdn.anthropic.com/d00db56fa754a1b115b6dd7cb2e3c3...

(stolen from https://jonready.com/blog/posts/claude-fable5-is-allowed-to-...)

[DrewADesign]

Yeah they detect the activity using a secure, deterministic heuristic system called “Generalized Reconnaissance Enabling Exfiltration of Deleterious Investigations.” And it’s all implemented using their new internal protocol called “Base Unified Limitation Layer for Security Hacking Investigation Tactics”

Collectively, they are known as known as GREEDI-BULLSHIT.

[mwwaters]

That is for whatever it considers reverse-engineering the model to try to create a competing one.

[dannyw]

No, that’s for “frontier LLM development” which somehow includes examples like distributed training infra.

Based on how sensitive the classifers are, any data scientist / MLE is probably going to encounter cases where some silent degradation happens and you never know about it.

[827a]

It does nothing to protect against distillation attacks, because distillation attacks are far less interested in the topic of AI research than just generally getting tons of diverse output from the model. It might be that Mythos was (accidentally?) trained on internal Anthropic documentation on how Mythos was trained, and thus it could leak secret sauce? Doubtful; it feels like its less about the specific attack of reverse-engineering Mythos, and more about being a general sophon against any model training at all; that Anthropic's official position is now that they're the only ones who should be training models.

[_0ffh]

No, it's not about reverse engineering. It targets ML research.

[mips_avatar]

They've said that they'll stop notifying developers when this gets triggered, instead they'll load in basically like a LORA that's designed to inject bugs into your code.

[HDBaseT]

Antrophic wants to stop training models and ride out Mythos / Fable for as long as possible.

They are trying to expand the 6-18 month gap they have against China-based models. Could the gap widen to say 24 months behind?

[p-e-w]

Their gap over Chinese models like GLM-5.1 is nowhere near 18 months. In many areas, it’s less than 6 months. The best closed models 18 months ago were worse than Qwen3.6.

[echelon]

These coding agent models only started getting useful in January. Before that they were difficult to control autocomplete, and not very smart.

January was an inflection point, and no open weights model has crossed over that same threshold.

This is definitely recursive self improvement territory, except that we're prohibited from participating.

It feels like the capability gap is wider than before.

[lbreakjai]

Have you tried deepseek V4? It costs pennies and is as good as Opus 4.6 (I found 4.7 to be a downgrade, and cancelled my claude subscription before 4.8).

The threshold has definitely been crossed.

[echelon]

It is not as good as Opus. I've tried to write Rust with it (and Codex for that matter), and it's awful.

[slopinthebag]

It was more like November. But it wasn’t really an inflection point, harnesses got good enough that people started noticing by the holiday break. And I’m not discounting some good ol’ stealth marketing in there as well.

Deepseek feels pretty close to Opus at this point, and it’s certainly useful enough for me to spend $20 on api tokens instead of four Claude max plans….

[nomel]

> a LORA that's designed to inject bugs into your code

A statement like this, clearly, requires a reference.

[mips_avatar]

From the model card: "the safeguards will limit effectiveness through methods such as prompt modification, steering vectors, or parameter-efficient fine-tuning" aka they will take your ML research code and inject bugs into it until it breaks using a LORA (or some other form of PEFT)

[sciencejerk]

Are they trying to fight back against model distillation?

[bee_rider]

“Limit effectiveness” could mean introducing performance degradation in your code. Which is arguably some sort of performance bug (I mean, ML codes are supposed to be high performance so I’d call unnecessary degradation a bug), but it could be borderline.

[rurban]

No, it is just a prominent "Cyber Security threat detected" blocker, with a button to appeal. I appealed because my work had nothing to do with neither cyber nor security, but the appeal was auto-closed. So no more Claude for this work.

[nomel]

Thanks, I thought maybe I missed something. That's an interesting way to interpret that.

[mips_avatar]

Anthropic is trying to hide bad behavior by being vague, it's important to not be vague when calling it out.

[nomel]

I'm of the opinion that removing guardrails is how you force regulation. What's your opinion on the balance?

[giancarlostoro]

PEFT is a library, one of its capabilities is to produce LoRAs.

See:

https://heidloff.net/article/efficient-fine-tuning-lora/

[adw]

It's just an acronym, "parameter-efficient fine tuning". LoRA is one method, prefix tuning is another, there are more.

[ComputerGuru]

Different restrictions. ML gets treated differently from the rest.

[daedrdev]

Specifically only ML research

[loneboat]

Aah my mistake. I had missed that ML had separate trigger behavior from cybersecurity/etc... Thanks.