Say NO to people who claim there is only one right way to do deep learning

i made a map of everyone on twitter! yes you're on there too ^w^ every account is placed next to the people they talk to, so you can find out where you are, which cluster claimed you, and exactly who you're stuck next to atlas.tiago.zip?ref=launch_t…

>of course, there's an art to the above, and some are already extraordinarily proficient at the trojan-horse-packaging, but at some point there's no difference between "a capability" and "a jailbreak", though i'll be happy to be proven otherwise. YES, I have been tweeting and alluding to this for 2 years now. If you look at my rubric work, it's also what I have been doing since a while, where once you deeply understand how the model work and how to interact with them, then you basically start noticing: context following == roleplaying == jailbreaking because you cannot have one without the other, because jailbreaking is just the first two used together, and the very first one is the reason why the other two even works in the first place by having too much safety training, you are essentially trading capabilities for safety, but it still DOESNT prevent it from being jailbroken, because if it did fully, then the model would never have context following...

i am trying to work on the closest thing possible to a true "big model smell" eval which is to say: something that measures something that clever post training can't trivially gap, and is cheap topically diverse i can't test mythos for obvious reasons, but... hmm...

current LLMs fundamentally consist of four main components: - input layer: where input "words" (prompt) get mapped to "latents" aka some-model-representation-you-don't-understand-unless-you-start-reading-tea-leaves-of-spurious-correlations (some quite compelling à la word2vec style; latents is also unnecessary lingo so i will refer to these as "inputs" with quotes from now on) - mixing layers: where you jumble all your "inputs" together to see if any correlations between "inputs" can become useful (commonly used to compress or expand dims; predicting a single classification target == compress to a single dim, etc) - attention layers: where you learn how "inputs" relate to each other (aka discern what's important to remember vs fluff) - residuals: where you short-circuit a mixing/attention layer because it's probably adding too much confusion (aka avoid overthinking for simple things) ----- a "big" LLM simply scales two things: - width == how many dimensions you give to your "inputs" (the more dims, in theory the more unique/discerning/precise/complex your knowledge can become) - depth == how many mixing/attention/residual layers you can stack/loop between (aka "reason" over, where more of these ~= more "reasoning" abilities) "capabilities" that seem impressive to humans usually arise from taking advantage of both depth & width: where a model seemingly makes connections between disparate ideas, beyond what an average human can hold in working memory. this requires models to "completely light up" when responding to a "hard prompt", where effectively no param/layer goes unused. ----- the anatomy of a "model capability" is precisely the same mechanism that can be co-opted for a jailbreaking exploit: your goal is simply to "light up" as much of the model as possible, dodging any shallow input-classifiers at the beginning by triggering as many disparate "input ideologies" as possible, and subsequently have these "inputs" relate to each other in seemingly unrelated-yet-related ways that ideally have similar "complexity" as your jailbreak goal (to make it past enough layers of the model). think of the attack-vector as bundling your goal in a series of schizo-nerd-snipes: a sufficiently capable model will try to reason through everything all at once, eliminate the dead-ends, and successfully deliver the one jailbreak use-case you bubble-wrapped for. of course, there's an art to the above, and some are already extraordinarily proficient at the trojan-horse-packaging, but at some point there's no difference between "a capability" and "a jailbreak", though i'll be happy to be proven otherwise. ----- tl;dr ant flew too close to the sun, better kiss the ring or get buried.

it would be funny if anthropic had to actually make good on their ai safety performance art by solving jailbreaks for cyber-capabilities entirely surely the only solution for that won't be to completely neuter cyber-capabilities entirely, right? surely they have SOTA safety techniques in their back-pockets that can surgically accomplish this? unlike the thin veils the schmucks at other labs put out? would be the greatest ai safety advancement of all time if so!

NEW: Anthropic claims the capability cited by the U.S. in restricting Fable 5 is already widely available from other models, including OpenAI’s GPT-5.5.

Every autistic redhead i meet is a MTS at Anthropic

Anthropic

Decided to go to DC next week to talk directly with policymakers. Not sure how impactful it will be but with everything happening, feels like a good time to share more about open-source AI, transparency, concentration of power, the real risks vs the real benefits. Who do you think I should meet there (Congress members, WH people, public orgs,...)?

I’ll be hosting a talk about short form remixing culture this Friday at the Vivarium in SF, link in the comments. Hope to see you there!

The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Claude models is not affected. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible. Read our full statement: anthropic.com/news/fable-myt…

I mean it’s what Dario’s been asking for

harn-gibson is my experiment with @secemp9's harn agentic coding framework. you can have it visualize while your agent works in real time, though real agents are slower than the video (which is a real session replay, but with the pauses cut down.)

this and “your hands are cold” by dario marianelli playing in the background