Most active commenters
  • JKCalhoun(3)
  • (3)

←back to thread

Anthropic’s paper smells like bullshit

(djnn.sh)
1160 points vxvxvx | 36 comments | 16 Nov 25 11:32 UTC | HN request time: 0.785s | source | bottom

Earlier thread: Disrupting the first reported AI-orchestrated cyber espionage campaign - https://news.ycombinator.com/item?id=45918638 - Nov 2025 (281 comments)
1. prinny_ ◴[16 Nov 25 12:29 UTC] No.45944616[source]
The lack of evidence before attributing the attack(s) to a Chinese sponsored group makes me correlate this report with recent statements from companies in the AI space about how China is about to surpass US in the AI race. Ultimately statements and reports like these seem more like an attempt to make the US government step in and be the big investor that keeps the money flowing rather than anything else.
replies(6): >>45944676 #>>45944802 #>>45944907 #>>45946548 #>>45947425 #>>45947607 #
2. lazide ◴[16 Nov 25 12:53 UTC] No.45944755[source]
‘No true Scotsman’?

Also, plenty of folks with no allegiance would love to pit everyone else against each other.

replies(1): >>45944873 #
3. JKCalhoun ◴[16 Nov 25 13:01 UTC] No.45944802[source]
Do public reports like this one often go deep enough into the weeds to name names, list specific tools and techniques, URLs?

I don't doubt of course that reports intended for government agencies or security experts would have those details, but I am not surprised that a "blog post" like this one is lacking details.

I just don't see how one goes from "this is lacking public evidence" to "this is likely a political stunt".

I guess I would also ask the skeptics (a bit tangentially, I admit), do you think what Anthropic suggested happened is in fact possible with AI tools? I mean are you denying that this is could even happen or just that Anthropic's specific account was fabricated or embellished?

Because if the whole scenario is plausible that should be enough to set off alarm bells somewhere.

replies(9): >>45944911 #>>45944933 #>>45944971 #>>45945599 #>>45945972 #>>45946427 #>>45946795 #>>45947191 #>>45947193 #
4. hnthrowaway8347 ◴[16 Nov 25 13:12 UTC] No.45944873{3}[source]
Possibly, but:

- Many people in many countries now hate the U.S. and U.S. companies like Anthropic.

- In addition, leaders in the U.S. have been lobbied by OpenAI and invest in it which is a direct competitor and is well-represented on HN.

- China’s government has vested interest in its own companies’ AI ventures.

Given this, I’d hardly say that Anthropic was much of a strong U.S. puppet company, and likely has strong evidence about what happened, why also hoping to spin the PR to get people to buy their services.

I don’t think it’s unreasonable to assume that people that write inflammatory posts about Anthropic may have more than an axe to grind against AI and may be influenced by their country and its propaganda or potentially may even be working for them.

replies(1): >>45944903 #
5. bgwalter ◴[16 Nov 25 13:15 UTC] No.45944903{4}[source]
You are a communist if you do not like "AI" or sloppy "papers"!
6. ◴[16 Nov 25 13:16 UTC] No.45944907[source]
7. zaphirplane ◴[16 Nov 25 13:16 UTC] No.45944911[source]
Not vested in the argument but it stood out to me that, Your argument is similar to tv courts if it’s plausible the report is true. Very far from the report is credible
replies(1): >>45945159 #
8. woooooo ◴[16 Nov 25 13:20 UTC] No.45944933[source]
There's an incentive to blame "Chinese/Russian state sponsored actors" because it makes them less culpable than "we got owned by a rando".

It's like the inverse of "nobody got fired for using IBM" -- "nobody can blame you for getting hacked by superspies". So, in the absence of any evidence, it's entirely possible they have no idea who did it and are reaching for the most convenient label.

replies(2): >>45945190 #>>45947333 #
9. rfoo ◴[16 Nov 25 13:25 UTC] No.45944971[source]
> Do public reports like this one often go deep enough into the weeds to name names

Yes. They often include IoCs, or at the very least, the rationale behind the attribution, like "sharing infrastructure with [name of a known APT effort here]".

For example, here is a proper decade-old report from the most unpopular country right now: https://media.kasperskycontenthub.com/wp-content/uploads/sit...

It established solid technical links between the campaign they are tracking to earlier, already attributed campaigns.

So, even our enemy got this right, ten years ago, there really is no excuse for this slop.

10. JKCalhoun ◴[16 Nov 25 13:54 UTC] No.45945159{3}[source]
You're right, lacking information I am coming across as instead willing to give Entropic the benefit of the doubt here.

But I'm also often a Devil's Advocate and the tide in this thread (well, the very headline as well) seemed to be condemning Anthropic.

replies(1): >>45946711 #
11. JKCalhoun ◴[16 Nov 25 13:57 UTC] No.45945190{3}[source]
That's fair. If the actor (and it's a Chinese state actor here) is what is being questioned as "bullshit" then that should be the discourse in the article and in this thread.

Instead the lack of a paper trail from Anthropic seems to be having people questioning the whole event?

replies(2): >>45945527 #>>45946678 #
12. hnthrowaway747 ◴[16 Nov 25 14:50 UTC] No.45945527{4}[source]
Exactly, and anyone without even needing much evidence to do so.

It’s allowed in the current day and time to criticize someone else for not providing evidence, even when that evidence would make it easier for the attackers to tune their attack to prevent being identified, and everyone will be like “Yeah, I’m mad, too! Anthropic sucks!” When in the process that only creates friction for the only company that’s spent significant ongoing effort to prevent an AI disasters by trying to be the responsible leader.

I’ve really had my fill of the current climate where people are quick to criticize an easy target just because they can rally anger. Anyone can rally anger. If you must rally anger, it should be against something like hypocrisy, not because you just get mad at things that everyone else hates.

13. cmiles74 ◴[16 Nov 25 15:02 UTC] No.45945599[source]
The report itself reads like a humblebrag at best, marketing materials at worst. I have to agree with the OP: taking this report at face value requires that you trust Anthropic, a lot.

Their August threat intelligence report struck similar chords.

https://www-cdn.anthropic.com/b2a76c6f6992465c09a6f2fce282f6...

14. snowwrestler ◴[16 Nov 25 15:52 UTC] No.45945972[source]
There’s a big jump between “the attack came from China” and “the attack was sponsored by the Chinese government.” People generally make this jump in one of three ways.

1) Just a general assumption that all bad stuff from China must be state-sponsored because it’s generally a top-down govt-controlled society. This is not accurate and not really actionable for anyone in the U.S.

2) The attack produced evidence that aligns with signatures from “groups” that are already widely known / believed to be Chinese state sponsored, AKA APTs. In this case, disclosing the new evidence is fine since you’re comparing to, and hopefully adding to, signature data that is already public. It’s considered good manners to contribute to the public knowledge from which you benefited.

3) Actual intelligence work by government agencies like FBI, NSA, CIA, DIA, MI6, etc. is able to trace the connections within Chinese government channels. Obviously this is usually reserved for government statements of attribution and rarely shared with commercial companies.

Hopefully Anthropic is not using #1, and it’s unlikely they are benefiting from #3. So why not share details a la #2?

Of course it’s possible and plausible for people to be using Claude for attacks. But what good does saying that do? As the article says: defenders need actionable, technical attack information, not just a general sense of threat.

replies(2): >>45946145 #>>45946423 #
15. thinkingemote ◴[16 Nov 25 16:13 UTC] No.45946145{3}[source]
#3 much intelligence is to the benefit of industry and commercial companies. To a country their economy is their country. After the end of the cold war most state espionage was focused on industry. Sharing is possibly common but secret. The lack of details in the report to me smells of "we are not allowed to share the details". (It also smells of that law to attribute incompetence and not lies)

Now anthropic is new and I don't know how embedded they are with their hosts government compared to a FANG etc but I wouldn't discount some of #3

(If you see an American AI company requiring security clearance that gives a good indication of some level of state involvement. But it might also be just selling their software to a peaceful internal department...)

16. ◴[16 Nov 25 16:45 UTC] No.45946427[source]
17. sschueller ◴[16 Nov 25 17:02 UTC] No.45946548[source]
They yell "China is stealing our tech!" but want us to look away when they pirate everything ever created for their model training...
replies(1): >>45946822 #
18. dangus ◴[16 Nov 25 17:17 UTC] No.45946678{4}[source]
State sponsorship can include the state looking the other way.
replies(2): >>45946836 #>>45949145 #
19. dangus ◴[16 Nov 25 17:21 UTC] No.45946711{4}[source]
Honest companies with good reputations tend to get the benefit of the doubt.

E.g., how much do you expect Costco or Valve to intentionally harm their customers compared to Comcast or Electronic Arts? That’s just the old school concept of reputation at work. Companies can “buy” benefit of the doubt by being genuine and avoiding blowing smoke up people’s ass.

Anthropic has been spitting bullshit about how the AGI they’re working on is so smart it’s dangerous. So those chumps having no answers when they get hacked smells like something.

Are they telling us their magical human AGI brain and their security professionals being paid top industry rates can’t trace what happened in a breach?

20. tehjoker ◴[16 Nov 25 17:26 UTC] No.45946763{4}[source]
this has to be satire
21. WNWceAJ9R9Ezc4 ◴[16 Nov 25 17:32 UTC] No.45946795[source]
> Do public reports like this one often go deep enough into the weeds to name names, list specific tools and techniques, URLs?

Yes, it is very standard. Anthropic did none of that. Case in point:

- https://cloud.google.com/blog/topics/threat-intelligence/apt...

- https://www.crowdstrike.com/en-us/blog/two-birds-one-stone-p...

- https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA...

22. pgalvin ◴[16 Nov 25 17:34 UTC] No.45946822[source]
Anthropic does seem to have more ethical practices on that than most companies in this space, purchasing and scanning physical books rather than pirating them as Meta and OpenAI did. However, books are cheap, and I’m unsure of their wider practices.

https://arstechnica.com/ai/2025/06/anthropic-destroyed-milli...

replies(1): >>45947829 #
23. brookst ◴[16 Nov 25 17:36 UTC] No.45946836{5}[source]
So all attacks anywhere are state sponsored?
replies(1): >>45947344 #
24. freehorse ◴[16 Nov 25 18:22 UTC] No.45947191[source]
> Do public reports like this one often go deep enough into the weeds to name names, list specific tools and techniques, URLs?

This is literally answered in the second subsection of the linked article ("where are the IoCs, Mr.Claude ?").

25. rdiddly ◴[16 Nov 25 18:23 UTC] No.45947193[source]
The complaint is that there's no actionable information whatsoever. Alarm bells are just noise.
26. jsnell ◴[16 Nov 25 18:42 UTC] No.45947333{3}[source]
> There's an incentive to blame "Chinese/Russian state sponsored actors" because it makes them less culpable than "we got owned by a rando".

But they didn't get hacked by anyone. I don't see how that applies.

27. oarsinsync ◴[16 Nov 25 18:43 UTC] No.45947344{6}[source]
> > State sponsorship can include the state looking the other way.

> So all attacks anywhere are state sponsored?

There's a difference between a deliberate decision to look away, and unawareness through lack of oversight.

You steal candy from a store. There's a difference between the security guard seeing you and deliberately looking away, compared to just not seeing you at all.

replies(1): >>45947811 #
28. scuff3d ◴[16 Nov 25 18:55 UTC] No.45947425[source]
The bubble is gonna burst soon and these companies are desperate to convince the government they are either too big to fail or too critical to national defense to fail.
replies(1): >>45947448 #
29. bdangubic ◴[16 Nov 25 18:58 UTC] No.45947448[source]
Feels like most current humans will die (some of boredom) while waiting on this bubble to burst… US in general and HN in particular are averaging 10.78 bubble-popping predictions per hour :)
replies(1): >>45947681 #
30. metacritic12 ◴[16 Nov 25 19:17 UTC] No.45947607[source]
Anthropic has also been the biggest anti-China LLM in a long while, so it's possible they're using an opportunistic hack (potentially involving actual Chinese IP addresses) as another way to push their agenda.
replies(2): >>45947652 #>>45948787 #
31. pbrum ◴[16 Nov 25 19:23 UTC] No.45947652[source]
This is key
32. scuff3d ◴[16 Nov 25 19:27 UTC] No.45947681{3}[source]
It was the same thing with the dotcom bubble. People were talking about it 3 or 4 years before it actually happened.
33. ◴[16 Nov 25 19:44 UTC] No.45947811{7}[source]
34. bn-l ◴[16 Nov 25 19:46 UTC] No.45947829{3}[source]
They pirated wholesale as well. Hence the billion dollar settlement.
35. hopelite ◴[16 Nov 25 21:56 UTC] No.45948787[source]
Considering ever since the Vault 7 releases, we should be well aware of the fact that at least one government is able to make any attack look like any other nation state actor, any attribution to, especially convenient adversaries, is extremely suspicious on the face of it.
36. spopejoy ◴[16 Nov 25 22:43 UTC] No.45949145{5}[source]
Not really? APTs would seem to be either criminal enterprises or state-sponsored because SOMEBODY has to be paying the big bucks.

So yes, probably 100% of criminal enterprises are paying off officials, but if that's the definition of "state sponsored" then the term loses any meaning.

EDIT I guess there's also "legit" businesses like Palantir/NSO group, but I would argue any firm like that is effectively state-sponsored as they are usually revolving doors with NSA-type agencies, the military etc.