I read it differently; in particular my read is that they aren’t currently implementing all of the ASL-2 security stuff (and they’re not promising to do all of the ASL-3 stuff before scaling to ASL-3). Clarity from Anthropic would be nice.
In “ASL-2 and ASL-3 Security Commitments,” they say things like “labs should” rather than “we will.”
Almost none of their security practices are directly visible from the outside, but whether they have a bug bounty program is. They don’t. But “Programs like bug bounties and vulnerability discovery should incentivize exposing flaws” is part of the ASL-2 security commitments.
I guess when they “publish a more comprehensive list of our implemented ASL-2 security measures” we’ll know more.
I read it differently; in particular my read is that they aren’t currently implementing all of the ASL-2 security stuff (and they’re not promising to do all of the ASL-3 stuff before scaling to ASL-3). Clarity from Anthropic would be nice.
In “ASL-2 and ASL-3 Security Commitments,” they say things like “labs should” rather than “we will.”
Almost none of their security practices are directly visible from the outside, but whether they have a bug bounty program is. They don’t. But “Programs like bug bounties and vulnerability discovery should incentivize exposing flaws” is part of the ASL-2 security commitments.
I guess when they “publish a more comprehensive list of our implemented ASL-2 security measures” we’ll know more.