←back to thread

Anthropic’s paper smells like bullshit

(djnn.sh)
1160 points vxvxvx | 9 comments | 16 Nov 25 11:32 UTC | HN request time: 0s | source | bottom

Earlier thread: Disrupting the first reported AI-orchestrated cyber espionage campaign - https://news.ycombinator.com/item?id=45918638 - Nov 2025 (281 comments)
Show context
prinny_ ◴[16 Nov 25 12:29 UTC] No.45944616[source]
The lack of evidence before attributing the attack(s) to a Chinese sponsored group makes me correlate this report with recent statements from companies in the AI space about how China is about to surpass US in the AI race. Ultimately statements and reports like these seem more like an attempt to make the US government step in and be the big investor that keeps the money flowing rather than anything else.
replies(6): >>45944676 #>>45944802 #>>45944907 #>>45946548 #>>45947425 #>>45947607 #
JKCalhoun ◴[16 Nov 25 13:01 UTC] No.45944802[source]
Do public reports like this one often go deep enough into the weeds to name names, list specific tools and techniques, URLs?

I don't doubt of course that reports intended for government agencies or security experts would have those details, but I am not surprised that a "blog post" like this one is lacking details.

I just don't see how one goes from "this is lacking public evidence" to "this is likely a political stunt".

I guess I would also ask the skeptics (a bit tangentially, I admit), do you think what Anthropic suggested happened is in fact possible with AI tools? I mean are you denying that this is could even happen or just that Anthropic's specific account was fabricated or embellished?

Because if the whole scenario is plausible that should be enough to set off alarm bells somewhere.

replies(9): >>45944911 #>>45944933 #>>45944971 #>>45945599 #>>45945972 #>>45946427 #>>45946795 #>>45947191 #>>45947193 #
1. woooooo ◴[16 Nov 25 13:20 UTC] No.45944933[source]
There's an incentive to blame "Chinese/Russian state sponsored actors" because it makes them less culpable than "we got owned by a rando".

It's like the inverse of "nobody got fired for using IBM" -- "nobody can blame you for getting hacked by superspies". So, in the absence of any evidence, it's entirely possible they have no idea who did it and are reaching for the most convenient label.

replies(2): >>45945190 #>>45947333 #
2. JKCalhoun ◴[16 Nov 25 13:57 UTC] No.45945190[source]
That's fair. If the actor (and it's a Chinese state actor here) is what is being questioned as "bullshit" then that should be the discourse in the article and in this thread.

Instead the lack of a paper trail from Anthropic seems to be having people questioning the whole event?

replies(2): >>45945527 #>>45946678 #
3. hnthrowaway747 ◴[16 Nov 25 14:50 UTC] No.45945527[source]
Exactly, and anyone without even needing much evidence to do so.

It’s allowed in the current day and time to criticize someone else for not providing evidence, even when that evidence would make it easier for the attackers to tune their attack to prevent being identified, and everyone will be like “Yeah, I’m mad, too! Anthropic sucks!” When in the process that only creates friction for the only company that’s spent significant ongoing effort to prevent an AI disasters by trying to be the responsible leader.

I’ve really had my fill of the current climate where people are quick to criticize an easy target just because they can rally anger. Anyone can rally anger. If you must rally anger, it should be against something like hypocrisy, not because you just get mad at things that everyone else hates.

4. dangus ◴[16 Nov 25 17:17 UTC] No.45946678[source]
State sponsorship can include the state looking the other way.
replies(2): >>45946836 #>>45949145 #
5. brookst ◴[16 Nov 25 17:36 UTC] No.45946836{3}[source]
So all attacks anywhere are state sponsored?
replies(1): >>45947344 #
6. jsnell ◴[16 Nov 25 18:42 UTC] No.45947333[source]
> There's an incentive to blame "Chinese/Russian state sponsored actors" because it makes them less culpable than "we got owned by a rando".

But they didn't get hacked by anyone. I don't see how that applies.

7. oarsinsync ◴[16 Nov 25 18:43 UTC] No.45947344{4}[source]
> > State sponsorship can include the state looking the other way.

> So all attacks anywhere are state sponsored?

There's a difference between a deliberate decision to look away, and unawareness through lack of oversight.

You steal candy from a store. There's a difference between the security guard seeing you and deliberately looking away, compared to just not seeing you at all.

replies(1): >>45947811 #
8. ◴[16 Nov 25 19:44 UTC] No.45947811{5}[source]
9. spopejoy ◴[16 Nov 25 22:43 UTC] No.45949145{3}[source]
Not really? APTs would seem to be either criminal enterprises or state-sponsored because SOMEBODY has to be paying the big bucks.

So yes, probably 100% of criminal enterprises are paying off officials, but if that's the definition of "state sponsored" then the term loses any meaning.

EDIT I guess there's also "legit" businesses like Palantir/NSO group, but I would argue any firm like that is effectively state-sponsored as they are usually revolving doors with NSA-type agencies, the military etc.