I agree but don’t feel very strongly. On Anthropic security, I feel even more sad about this.
If [the insider exception] does actually apply to a large fraction of technical employees, then I’m also somewhat skeptical that Anthropic can actually be “highly protected” from (e.g.) organized cybercrime groups without meeting the original bar: hacking an insider and using their access is typical!
As I say at the end, I don’t particularly care about Anthropic’s security commitments here, what I do care about is the RSP meaning anything at all!
And to be clear, my belief for a long time has been that the RSP was unlikely to have much predictive power over Anthropic’s priorities, so part of my motivation here is establishing common knowledge about that, so people can push on other governance approaches that aren’t relying on companies holding themselves to their RSPs.
I agree but don’t feel very strongly. On Anthropic security, I feel even more sad about this.
As I say at the end, I don’t particularly care about Anthropic’s security commitments here, what I do care about is the RSP meaning anything at all!
And to be clear, my belief for a long time has been that the RSP was unlikely to have much predictive power over Anthropic’s priorities, so part of my motivation here is establishing common knowledge about that, so people can push on other governance approaches that aren’t relying on companies holding themselves to their RSPs.