One of the links in Schneier's article makes a credible sounding case that Anthropic is using open source vulnerabilities as a shakedown operation.
When the model finds a vulnerability, it also finds a fix. Anthropic only shares the vulnerability with the Open Source maintainer, not the fix. Paying customers get fixes, confirming that the model does generate fixes for the vulnerabilities.
Sharing the vulnerabilities but not the fixes does sound like a shakedown operation.
The team writing about it has a core charter to publish research about how AI will be disruptive to certain industries. The publication of such research is the disruption.
What remains when you stop gamifying the lag time of putting onus of counter evidence of impact and not just minmaxxing the discovery of bugs at the start of a development process is…
When the model finds a vulnerability, it also finds a fix. Anthropic only shares the vulnerability with the Open Source maintainer, not the fix. Paying customers get fixes, confirming that the model does generate fixes for the vulnerabilities.
Sharing the vulnerabilities but not the fixes does sound like a shakedown operation.
Limiting the reach of unwanted information is perhaps automated by now. We are further sliding into totalitarianism.
The team writing about it has a core charter to publish research about how AI will be disruptive to certain industries. The publication of such research is the disruption.
What remains when you stop gamifying the lag time of putting onus of counter evidence of impact and not just minmaxxing the discovery of bugs at the start of a development process is…
Does anyone remember LK-99? Yeah. Playbook works.