10 comments

  • bhouston 2 minutes ago
    All remote AI are a massive security risk for individuals/companies/governments that may be targeted by the US government.

    It is likely that the US will get a live feed from each AI provider that they are inspecting in real time to identity things of interest, terrorist attacks or foreign government planning or even foreign companies competitive to key US companies.

    It will give them access to the though process in those companies as well as much of their text-based IP (source code, docs, meeting transcripts, etc)

    Also if you are using local AI that you didn’t train yourself you can never be sure it doesn’t have purposeful biases in its reasoning that may disadvantage you - such as directing you away from certain plans or ideas or patents etc.

  • p0w3n3d 44 minutes ago

      1. LOL I've just downloaded literally whole internet and copyrighted books and put them through a neural network. Now I have this whole knowledge in my LLM.
    
      2. Hey? Are you using my NN for training your NN? you're a thief!
  • jdw64 21 minutes ago
    I got curious and asked my Chinese friends, and they gave me a Reddit link[1]. It looks like it's about location data collection, and they suggested that might be the reason for the issue.

    [1]https://www.reddit.com/r/ClaudeAI/comments/1ujila1/anthropic...

  • eunos 1 hour ago
    What Claude Code did is absolutely mindboggling tho, if Chinese harness did that probably POTUS would lose sleep.
    • usef- 32 minutes ago
      It seemed pretty mild compared to what's collected by modern websites and apps, though? How many don't know your Timezone?
      • dijit 0 minutes ago
        > How many don't know your Timezone?

        The timezone fetch was to alter program behaviour at runtime, not to send arbitrary timezones for tracking reasons.

        It was one way of detecting if it was a chinese person using the program and then behaving differently.

        Malware behaves this way. STUXNET for example was wired to do nothing except propagate unless the environment had the right conditions.

    • ironbound 38 minutes ago
      And I'm the king of France
    • yard2010 1 hour ago
      Wait what do you mean "if"?
    • cognitiveinline 1 hour ago
      Exaggerate much? If you think POTUS would lose sleep about a date format timezone marker, I don't know what to tell you.
    • youre-wrong3 36 minutes ago
      Maybe if they didn’t farm all the data from Claude to train their own trash models. Anthropic wouldn’t feel the need to do it.
      • InsideOutSanta 25 minutes ago
        Who is "they", and which Chinese models are trash?
      • vrganj 34 minutes ago
        Anthropic stole the entire internet. Excuse my language, but they can fuck right off.
        • breppp 0 minutes ago
          The issue here is not whether Anthropic used Common Crawl, Alibaba also does that.

          The issue is that by distilling Claude, Alibaba reuses the IP anthropic used to train the model that's more akin to classical Chinese reverse engineering methods and disrespect of IP

  • johnathan101 1 hour ago
    Regardless of whether this specific claim is true, enterprises are becoming much more cautious about developer tools that can read large portions of proprietary codebases.
    • soraminazuki 14 minutes ago
      It's insane that it's becoming a concern now. It should've ended the discussion from the very beginning.
    • saidnooneever 30 minutes ago
      not to mention they are kind of capable of executing code and susceptible to injections which also amounts to being practically backdoors if youre not super careful about how u use the tooling
    • spwa4 58 minutes ago
      Wasn't one of the big promises the AI labs made "uncopyrighting"? Ie. the ability to reconstruct large works, including source code, without actual access to the source code? Everything from movies to operating systems.
      • silon42 0 minutes ago
        Cleverly compressing and decompressing doesn't de-copyright it. ... and if it's not the same who'd trust it.
    • llm_nerd 43 minutes ago
      Becoming? We've moved entirely in the opposite direction.

      When these tools first appeared the overwhelming conversation was about the risk of letting a remote tool siphon your code and intellectual property (where eventually they're going to add that to their training). Now everyone is using them, and that fear seems to have dissolved. Every corporation is sprinkled with Claude Code, Antigravity, Copilot, Codex, and so on. Even the long fear-mongered Chinese providers are being heavily used in many spaces.

      In this case this is a PR battle between two firms, and it isn't much more. And Alibaba isn't worried about the "proprietary code" (the truth is that there is incredibly little interest in most orgs code), but that the tool is a backdoor, or at least that is the claim.

      • DanielHB 6 minutes ago
        > there is incredibly little interest in most orgs code

        I think from a commercial perspective yes, but access to source code is very good for finding exploits which could be very valuable for governments. I could also see a future where companies are directly cyber-attacking competitors in hostile markets too...

      • otabdeveloper4 15 minutes ago
        > and that fear seems to have dissolved

        Until the first big incident, yes.

  • rvnx 1 hour ago
    Can't say they are wrong, after the latest backdoor, or let's say, undocumented functionality that leaks some data that was pushed in Claude Code few days ago

    https://news.ycombinator.com/item?id=48759754

    • dgellow 1 hour ago
      That’s not what a backdoor is…
      • tpoacher 1 hour ago
        Rear entrance then
      • rvnx 1 hour ago
        When a company can remotely push code without explicit user approval, and code that was hostile / almost malicious, it is a backdoor
  • yanhangyhy 2 hours ago
    i gonna ask: how can they still use claude? i thought all users in china are banned
    • dgellow 1 hour ago
      Alibaba has engineers in Hongkong, Singapore, North America. It’s a global corporation
      • itake 1 hour ago
        when i was in hongkong, chatgpt and gemini were disabled. Maybe this has changed though. When I was in China, the corporate vpn (zscaler) routed traffic through hk
    • xyzsparetimexyz 47 minutes ago
    • bravetraveler 1 hour ago
      Same way every ban is evaded, smurfing
    • playnuu9 1 hour ago
      There is a reason Singapore tops the rank on Claude usage
      • byzantinegene 1 hour ago
        the government also actively promotes AI usage in work environments
    • dist-epoch 1 hour ago
      The same way they buy "banned" and "sanctioned" NVIDIA GPUs.
    • _flux 1 hour ago
      Does Alibaba only have developers in the China?
    • josh-wrale 2 hours ago
      Cc can be used with non Anthropic models.
    • re-thc 2 hours ago
      > how can they still use claude?

      Workarounds aside, it says Claude Code not Claude.

      i.e. they are using the CLI running any model. You can for instance run GLM with it.

  • rvz 1 hour ago
    Another reason to use open source coding agents and local language models.

    Claude Code is neither and it is literally info stealing malware.

  • HlessClaudesman 1 hour ago
    Translation: Alibaba will continue distillation attacks using accounts that aren't directly attributable to it's own corporate infrastructure.
    • ampersandwhich 29 minutes ago
      I think we should start calling it "distillation terrorism" just to make it sound even more absurd.
      • InsideOutSanta 23 minutes ago
        It's pure model murder, and if you call it anything else, you're an anti-American communist.
    • lelanthran 29 minutes ago
      > Translation: Alibaba will continue distillation attacks using accounts that aren't directly attributable to it's own corporate infrastructure.

      What's a "distillation attack"? How is it different from simply distillation?

      • kouteiheika 10 minutes ago
        It's pretty much the same as when "installing programs on your computer" is called "sideloading". Deliberately deceptive, weaponized language to make it seem like a bad thing.
      • dizhn 25 minutes ago
        The target doesn't want to be distilled.
    • RobotToaster 48 minutes ago
      (Mis)anthropic already performed "distillation attacks" on the internet.
    • vorticalbox 45 minutes ago
      i can see why they want to stop it but 1. you have to pay for the "attack" 2. these AI companies trained on copyrighted content without permission or attribution to anyone who's data was used to train.
    • exe34 36 minutes ago
      As long as they're paying for the tokens, there's no attack . Otherwise you have to call training on copyrighted material theft.
      • feverzsj 33 minutes ago
        They are not paying for most tokens. The actual users in China do. All they need is the logs.
        • InsideOutSanta 24 minutes ago
          Anthropic still gets paid.

          Unlike the vast majority of people Anthropic stole from.

        • dizhn 24 minutes ago
          In that case it's already bought and paid for by the users, is it not?
    • surgical_fire 39 minutes ago
      How exactly the word attack fits in that phrase?
    • vrganj 33 minutes ago
      Did Anthropic perform "distillation attacks" when they hoovered up the entire internet?
  • feverzsj 1 hour ago
    Considering their massive distillation, if US companies stop publishing new models to the public, would China still be able to develop new open weight models?
    • bel8 1 hour ago
      I don't think China would strugle to scrape the internet for fresh data.

      And they constantly publish state of the art LLM research (see DS4 context compaction and cache tech).

      They have very capable tech giants. So while not being able to distill western models would probably have some impact, it's probably becoming lesser as time passes.

      We might even see Western LLMs distilling Chinese models soon. If they aren't already to some extent.

    • margorczynski 1 hour ago
      China has most probably already achieved "escape velocity" on the software side. Now if they achieve parity, to some degree at least, on the hardware side with Nvidia it is very possible they'll overtake the US.
    • tristanj 1 hour ago
      Yes, 100%. GLM 5.2 is capable of RSI. It's too late to stop.
    • surgical_fire 35 minutes ago
      Probably yes.

      More than a year ago, when Anthropic and OpenAI started to gide the reasoning bits from the output, a lot of people here on HN predicted that Chinese models days were numbered.

      Fast forward to today, and models such as DeepSeek and MiMo are nothing short of excellent. I haven't used GLM or Qwen but heard very good things about them as well.

      This "massive distillation" sounds a lot like anxiety about how companies from outside the US can develop very good models themselves.