Anthropic's Safety Superpower
stratechery.com175 points by swolpers 8 hours ago
175 points by swolpers 8 hours ago
The whole thesis falls apart though. You can't be on your way to "power over everything" and get distilled into free Chinese models within months. Pick one.
The bottleneck is compute and data, not the model. That's why they could only gate it for a bit. The ITAR thing proves it: no nationality controls in place, so the only option was killing the whole thing. Not exactly what an all-powerful gatekeeper does.
> The whole thesis falls apart though. You can't be on your way to "power over everything" and get distilled into free Chinese models within months. Pick one.
But is that last part actually true though? Sure, there might be 600B+ models available for download and local inference if you have the hardware, but does the users who use Anthropic switch over to those even if they're available even as hosted models? Seems like some do, most don't, Anthropic and Claude remains very popular among the people who use LLMs, there is no denying that.
> does the users who use Anthropic switch over to those even if they're available even as hosted models?
I'm currently spending $200 for Claude. That's around my maximum that I can afford. I could stretch that to $500 I guess. But I saw reports of people spending tens of thousands of dollars with Claude API. That's certainly outside of my budget.
So if/when Anthropic decides to stop subsidizing subscription (if they ever do that thing, I still not sure about that), I'll certainly look at the other options. And available "open weights" LLMs hosted by someone will be my first pick. Right now Claude 4.8 feels very advanced, but things move very fast...
The ai labs would be very dumb to get rid of subscriptions. First, I don’t even think the subscriptions are losing money, I suspect they’re around break even, maybe small loses. More importantly, the subscriptions are how they lock in users and convince companies to pay api rates. Without user loyalty that they cultivate with subscriptions businesses will just use the cheapest model on open router or maybe local models.
> I don’t even think the subscriptions are losing money, I suspect they’re around break even, maybe small loses
whats the basis for this thought
The hotness we are seeing is smaller 'expert' models with an 'orchestrator' model in front that evaulates the prompts and routes to the appropiate small models and then synthesizes the collected answer. Easier to split across many smaller, cheaper servers and more efficient than a huge monolithic model.
Do you have more info about this? I can't tell if you're being misled by the unfortunate "Mixture of Experts" terminology (which don't work the way you're describing), or alluding to something different.
Or, maybe I'm wrong, but my understanding is: MoE is just an architecture to keep the activated weights smaller per token. The experts get routed basically token-by-token, and the "experts" themselves don't have a semantic domain so the "expert" word was maybe a poor choice.
No, this is an agent-level thing, not a feature of the model (ish, unsure for Fable).
You talk to a smart, heavy model to build a plan composed of smaller steps. Then you have the heavy model spin up smaller, cheaper LLMs to actually implement the tasks.
The heavy model is basically read-only in that mode. It can read files, execute tests, etc, but it can’t write code. It just tracks what needs to be done, offloads the work to dumber LLMs, validates the task is done, and moves on to the next step.
It sort of pushes humans up the stack. Instead of having a human sitting there prompting the LLM to start the next task, you have another LLM do that loop.
It’s been on my list to try out.
https://en.wikipedia.org/wiki/Mixture_of_experts#Sparsely-ga...
"The sparsely-gated MoE layer,[21] published by researchers from Google Brain, uses feedforward networks as experts, and linear-softmax gating. Similar to the previously proposed hard MoE, they achieve sparsity by a weighted sum of only the top-k experts, instead of the weighted sum of all of them."
"Top-k experts," in case of some DeepSeek's models k=1.
See OpenRouter’s recent announcement on a model fusion setup, which they now support via API:
https://openrouter.ai/blog/announcements/fusion-beats-fronti...
I don't think you're appropriately understanding the full gamut. The individuals who only spent $200/months will be stuck. But the pie is increasing in size, it's not stagnant. There are a lot of orgs who can afford to run a 1T model and even more that can run a 600B model. These newcomers are what's being fought over
> Anthropic and Claude remains very popular among the people who use LLMs
Only because someone else is paying the bills. I use Claude Opus at work because my employer pays for the tokens and encourages me to do it.
At home, I use DeepSeek Flash. It's not as good, but it's maybe 0.7 quality for 0.001 cost.
Same, I had Deepseek search for, download and transfer (to my Linux emulation machine) the best Dreamcast games yesterday.
GPT refused to do so (citing that it's illegal even though I own the games). Deepseek did a wonderful job for 7 cents.
At work I use Opus because, why not? But I could easily switch to a less capable model if needed.
>citing that it's illegal even though I own the games
In the. US at least it is actually illegal to download ISOs/roms of games, even if you own a physical copy. It's a stupid law and as a downloader (as opposed to the people hosting the files) your chances of getting into any kind of actual legal trouble are effectively 0, but it is still against the law.
I have a question that perhaps you or someone else here has an answer for: I enjoy using Opus via Google Antigravity (usually agy) for perhaps 90 minutes a week. For Google’s subsidized $20/month plan they seem to give out a reasonably generous amount of Claude tokens. How does this compare with Anthropic’s $20/month plan using Claude Code?
BTW, I also use DeepSeek v4 Flash very frequently: fast and so cheap it is almost free.
It’s really hard to translate minutes to tokens, it depends on how you’re using it.
The best answer would be to pull session stats from your harness and compare that against the limits. I think Anthropic publishes the limits of each plan.
If you’re using a pretty stock harness and not doing crazy multi-agent stuff with it, you’re probably fine.
My girlfriend built a whole (but simple) React app with it and only hit the limits of the $20 plan once. In fairness, she was trying to get it to clean up a bunch of 800ish line React files at once with a vague “make it look nice” prompt that she ran a few times. I think it was just churning for like half an hour straight before she burned all her credits.
It’s probably enough if you’re not on a fully agentic development strategy, it’s plenty to have it write tests and do comments and stuff, just not enough to continually have it doing giant refactoring passes.
Anthropic's plans are based on user experience of usage, not raw token counts, so you get to run through so many conversation turns, etc. within a 5 hour usage window. (Cursor, OpenCode Go, and others are similar.)
Cursor's $20 a month plan provides a reasonable amount of Opus tokens as well.
What's the speed on DeepSeek Flash? And what provider?
Fast enough? I signed up directly with https://platform.deepseek.com/ because it was the cheapest I could find. I use both Anthropic and Deepseek models via the VS Code copilot plugin https://github.com/Vizards/deepseek-v4-for-copilot
I disagree. It is not the model alone. It needs a system which capitalizes on it. And this is very complex. Hardware, software, architecture - it takes a lot to get it right.
Try running the latest OS models on a normal Mac or PC. Claude Fable and Mythos are systems not just pure models.
And of course marketing. Don't believe the hype.
I think Claude is often times underwhelming. Security concerns are also a concern companies have a blond spot for. The really toughest pro security (Yes, pro! Totally different framing!) company I know is Google after all.
What I can companies advise to do is, really having more than just bug bounties but a professional hacker team that does nothing else but attacking them the whole day and night 24/7. This needs to be coordinated with the government otherwise you might sound an alarm and will be SWATed for doing good. And I would pay them huge sums since the risk and fallout warrant such a treatment, not the standard wage.
Hackers are the real deal, not AI. Proof: Hackers using AI.
> Try running the latest OS models on a normal Mac or PC.
It can be done through the magic of SSD offload. The worst case involves seconds-per-token speeds, but that's OK if you only care about low volumes of slow unattended inference, which maximizes utilization for the hardware.
(The real worst case, where you're streaming the whole model from the cheapest storage you could feasibly think of, involves multiple minutes per token for a single inference, or even hours per token batch if you're doing many inferences in bulk. That's a lot less helpful, so there's a space for smaller models at the edge, even for unattended workloads.)
An LLM which provides an OpenAI or Anthropic API-compatible interface + a coding harness like OpenCode or oh-my-pi is a pretty easy "ecosystem" to replicate. Exactly what makes you say Fable or Mythos are "systems, not just pure models"?
Fable can delegate tasks to Opus or Sonnet, so it has some agentic properties and I believe it does them in parallel.
The parallelism is where this starts to fall apart on a local PC. Like I can run some Qwen quants, but I can’t run a decent Qwen model while also running another model smart enough to actually implement it. I’d have to do them in series, and given how long Fable seems to take even with parallelism, I’d probably be waiting days for an answer.
oh-my-pi can delegate tasks to other models too. I usually use DS4 Flash for low priority subagent tasks.
If Fable is "delegating" tasks, then there's actually an agent front end of whatever you think the API is.
We have a local instance of Qwen-3.6 which is more than adequate for running agents. You can mix and match local and cloud-hosted models. (My biggest use case for local models right now is vision models because they're quite small and I can avoid some data-locality issues my customers wouldn't be comfortable with if I sen them to a Chinese model.)
> I disagree. It is not the model alone. It needs a system which capitalizes on it. And this is very complex.
AFAICT … despite saying you “disagree”, you appear to be agreeing with the parent comment that the model is less important and compute (all that complex infra) and data (also complex infra) are more important.
> > The bottleneck is compute and data, not the model.
> I disagree. It is not the model alone. It needs a system which capitalizes on it. And this is very complex. Hardware, software, architecture - it takes a lot to get it right.
What do you disagree with exactly?
For now I suspect however that the gigantic models are not needed and you will be able to do pretty much what you need in a specific domain with 120b or lower. There is so much trash in the frontier models. I don't need all the world's slam poetry for my coding tasks for example.
Wrong, mostly.
Model capability is a function of model size. Raising the bar raises model performance in every domain.
An "idiot savant" model that's overtrained for a specific domain would beat a generalist model of the same size. But scale the generalist up enough, and it'll trounce the specialist. Removing poetry data from a model training mix doesn't give you much - it might even cost you some performance - and "idiot savant" approach of overtraining for a domain has a hard ceiling.
So far, it seems like there's some equivalent of "g factor" in LLMs - a broad "intelligence" value that performance across many diverse domains correlates with. And, as a rule, larger models have more of it.
While I disagree with OP about removing stuff from the model, there’s a valid question about tradeoffs between intelligence and price.
Deepseek Flash is almost certainly wrong more often than Opus or Fable. It also costs like 5% as much.
The question becomes if I run Deepseek in a loop to fix the mistakes it made that Opus/Fable didn’t, can it fix its own bugs in few enough tokens that it’s still cheaper?
So far, the answer seems to be “yes, by a significant margin”. A lot of tasks are simple enough that both Deepseek and Opus or Sonnet can one-shot it, which is a huge cost win for Deepseek. Even on the long tail, it’s usually like 4x the tokens on Deepseek which is still way cheaper than Opus.
There are things that Opus can do that Deepseek just won’t ever really nail, but it happens so infrequently that I just don’t worry. Like most people, most of what I do is the same sort of “3 tier app with a React frontend” that doesn’t take a rocket scientist to work out.
> Wrong, mostly.
> Model capability is a function of model size
Model effectiveness has improved across model sizes. You really should try the latest flash variants more. They have become my default for most tasks except for gnarly high-level planning.
"Capability per parameter" is rising, but parameter count remains an advantage. And small models remain bad, because "good" is a rapidly moving target.
A 2026 4B beats 2024 4B, but both are far behind the contemporary frontier. Which makes them bad. There is no such thing as "too much capability" - a "good" model is whatever the current frontier is.
In 2024, a "good" model is one that can be trusted to write a 800 line script. In 2026, it's a model that can be trusted to do gnarly high-level planning and execution both. In 2028, it's going to be something like a model you can point at an extremely involved task, abandon, and have it report back with a "done" in 3 weeks.
> A 2026 4B beats 2024 4B, but both are far behind the contemporary frontier.
The thing about engineering is you don't just use the biggest bolt on the market on every bridge.
> In 2024, a "good" model is one that can be trusted to write a 800 line script. In 2026, it's a model that can be trusted to do gnarly high-level planning and execution both
This sounds a lot like having a single diamond-head hammer as the only tool in your toolbox. As suggested by the name, flash models are fast - sometimes I want to write the equivalent of fifty 800-line scripts. There is such a thing as good enough.
Good enough? That's a lie people tell each other because they lack imagination.
"It's good enough" was said about GPT-4, o1, o3, Opus 4 and more. Guess what happened? Newer models released, people updated their expectations of what LLMs can do, usage got more aggressive, and somehow, GPT-4 went from "good enough" to "obsolete trash".
If you have no imagination, then at least substitute your pattern recognition for it.
The world is hungry for capabilities. There are piles upon piles of tasks that aren't done by LLMs simply because LLMs aren't good enough to do them.
The thing a frontier model gives you is "you don't have to babysit a model to get it to do X", and that X gets more and more impressive release to release.
I wish you had addressed at least one of arguments in good faith before jumping to insults and countering a strawman argument I didn't make - I never claimed their will be no use for more capable models.
You do your AI-maximalism, and I'll stick to making trade-offs based on the needs of each piece of work.
Right - the idea that "bigger model = better" might have been true a year ago, but the flash models are extremely effective right now. You simply use them for the tasks they are ideally suited for.
"Distillation" from APIs is not a thing, it cannot replicate a model's deep reasoning and behavior.
I struggle with the practicality of the whole thing.
The amount of tokens required to properly distill a frontier model is so large that by the time you could consume the # of tokens you would either be banned for extremely obvious abuse or a new model would be released, rendering your efforts less and less valuable over time. Intelligence is not a linear thing. Being behind just a little bit can have exponential consequences.
> Being behind just a little bit can have exponential consequences.
That seems to be the argument of Dario, Sam et. al., but I'm not ready to believe it. Time will tell, but this can be a marathon and Anthropic and OpenAI is in getting ready to sprint the last lap of the first mile.
I'm uneducated on how distillation works at more than a basic level so forgive me if this is a stupid question.
Isn't "distillation" of another provider's model exactly how these models got training date in the first place: Massive amounts of the written word + Prompt -> Answer. Why wouldn't distillation produce similar "reasoning" in the new model? It's just inputs and outputs.
What you're describing is (pre-)training. Distillation requires richer labels, the probability distribution over tokens (it would be logits rather than probabilities but that's not important). From a chat transcript you can only understand the argmax/most likely token of that distribution (and only if the API allows you to set the temperature to 0). It's not impossible for an API to give you that but they won't if they don't want you distilling their models.
The intuition is that distillation exploits not only the "right" answer but the relationship between answers (what's the second most right answer? the third? etc).
Among other things, because you simply can't get those "massive amounts" of text from a SOTA model at reasonable cost. And complex reasoning cannot possibly be trained in a pure one-shot fashion, real post-training takes massive resources. The whole story doesn't add up.
This is totally inaccurate, the APIs provide the reasoning logs. You ABSOLUTELY can distill from APIs, in fact, that's the primary way distillation is done currently.
> no nationality controls in place
Not for now, but how long before we have KYC regulations concerning LLMs?
That’s really what Dario wants. Let’s hope he doesn’t get it
what Dario wants is to retain any influence whatsover on how the research progresses before the inevitable nationalization of the frontier. he gets to keep the N-2 tech and maybe influence the N-1 tech, but the only influence on the frontier he has is today; whatever he imprints in the pipeline the government takes over.
IOW I don't think he thinks in the same categories as most folks here.
> ...the research progresses before the inevitable nationalization of the frontier.
Hacker News has been telling me America beats China at "innovation" because of the "freedoms" - especially frew enterprise. I wonder how a nationalized frontier lab would perform.... Andhow the non-citizen researchers would feel about working for the US government that doesn't trust them to use frontier models.
N-1? N-2?
Best-possible-model (N) - Two Generations (2), same with N-1, N is the SOTA in this example. I'm not sure that actually clarifies what the comment is trying to say other than they think the models will be nationalized (can't even imagine what that would look like).
basically imagine the Manhattan project, but instead of blowing up the desert they're building the biggest datacenter you've ever seen.
Isn't this the beginning of the plot of "I Have No Mouth, And I Must Scream"? The exceptionally disturbing dystopian horror?
the possible futures after the thing is built are uncountable, but hoping the thing won't get built at this point is naive.
in general I agree people should be reading a lot more sci-fi nowadays than they used to.