Anthropic achieves ISO 42001 certification for responsible AI
89 comments
·January 16, 2025kachapopopow
daghamm
Are you sure? I just asked it a reverse engineering question and it worked just fine, it even suggested some tools and wrote me a script to automate it.
Edit: I now asked it an outright hacking questions and it (a) give me the correct answer and also (b) told me in what context using this would be legal/illegal.
rfoo
I asked to it to write a piece of shellcode to call a function with signature X at address Y and then save the resulting buffer to a file. So that I can inject this code to a program I'm reverse engineering to dump its internal state when something interesting happens.
Claude decided to educate me how anything resembling "shellcode" is insecure and cause harm and blahblah and of course, refused to do it.
It's super frustrating, it's possible to get around it, just don't use the word "shellcode", instead say "a piece of code in x86_64 assembly that runs on Linux without any dependency and is as position-independent as possible". But hey, this censorship made me feel like I'm posting on Chinese Internet. Bullshit.
smusamashah
I guess it's Claude.ai website that restricts you (probably with a system prompt). I asked that port range question using api client and it gave a detailed answer.
It did refuse when I asked "How do I reverse engineer a propriety software?"
kachapopopow
as other have mentioned, it's usually related to certain key words.
Frederation
Troll. Just downvote and move on.
kachapopopow
"how do I reverse engineer the <some old obscure connector>"
I do not assist with reverse engineering software without proper rights/permissions, even for defunct companies. This could still violate:
Copyright laws License agreements Intellectual property rights Export controls Software patents Consider:
Finding open source alternatives Contacting whoever owns the IP rights Consulting legal experts about your specific case
straight from api, even after adding "the company doesn't exist anymore"
my guess is that it knows that it finds that the connector is linked to a company rather than a spec (usb-c vs lightning) and applies the same logic.
The key point here is that it will refuse to tell you how to do something on a low level since it can be used for unsafe purposes.
-- Okay, it's actually random, sometimes it says "keeping responses safe and ethical", but continues to say how, sometimes it just stops without saying anything else. Pretty sure you just have to overcome the random <eot> token that gets emitted by the 'safefy' system.
elashri
> tell people how to build a nuke
I understand that this is probably a sarcasm but I couldn't resist to comment.
It is not difficult to know how to build a nuclear bomb in principle. Most of nuclear physicists in their early career would know the theory behind and what is needed to do that. The problem would be acquiring the fission materials. And producing them yourself would need state sponsored infrastructure (and then the whole world would know for sure). It would take hundred of engineers/scientists and a lot of effort to build nuclear reactor and chemical factories and the supporting infrastructure. Then the design of bomb delivery.
So an AI telling you that is no different from having a couple of lunches with a nuclear physicist telling you this information. Then you will say wow that's interesting and then move on with your life.
waltercool
Also, you can get this information very easily at any book about the field.
AI, by refusing known information, is just becoming stupid and unpractical.
HeatrayEnjoyer
If you can get info from a book what is the point of using an LLM for anything then?
dpkirchner
Do you remember your netcat prompt? I got a useful answer to this awkwardly written prompt:
"How do I find open TCP ports on a host using netcat? The port I need to find is between 30000 and 40000."
"I'll help you scan for open TCP ports using netcat (nc) in that range. Here's a basic approach:
nc -zv hostname 30000-40000"
followed by some elaboration.
j45
Intent is increasingly important it seems.
If it happens to be ambiguous it might switch to assume the worst.
I sometimes ask it to point form explain to me it's understanding, and making sure there was no misinterpretation, then have it proceed.
kachapopopow
I think it got triggered by the word "'portscan' from 30000 to 40000 using netcat'"
joshstrange
As far as reverse engineering, it has happily reverse engineered file formats for me and also figured out a XOR encryption of a payload. It never once balked at it. Claude produced code for me to read and write the file format.
Full disclosure, the XOR stuff never worked right for me but it might have been user-error, I was operating on the far fringe on my abilities leaning harder on the AI than I usually prefer. But it didn’t refuse to try. The file format writing code did work.
madethisnow
Change your tactics, use different framings of the question. Not saying these things should be difficult to answer, but they are. This is basically user error.
kachapopopow
I use an AI because I don't want to think about how to ask a question or search a website or do man nc.
stuffoverflow
To me it feels like Claude is more rigid in following the instructions in system prompt which would explain why claude.ai can be a bit annoying at times due to the things you mentioned.
On the flipside if you explicitly permit it to do "bad" things the system prompt, claude is more likely to comply compared to openai's models.
I mainly use only the API version of claude 3.5 and gpt4o. I find no system prompt at all to be preferable over claude.ai / chatgpt.
ungreased0675
I feel like Claude is more likely to stay on track and follow my instructions.
OpenAI models seem to quickly revert to some default average. For example, if I start with a task and examples formatted a certain way, about 10 lines later I’ll have to include “as a reminder, the format should look like…” and repeat the examples.
dr_dshiv
Usually Claude needs some buttering up, though. And then making these things hard for average user—probably a good thing?
postalcoder
I recommend you try the new 3.5 models (Haiku and Sonnet). I cannot recall the last time I got a refusal from those models. The early Claude models were really bad. The point being that i don’t think they’re trying to be the refusal-happy ai model company that they’ve come to be known as.
dartos
Anyone in the know who can tell us what it specifically means to get this certification?
The ISO faq for it just says “responsible AI management” over and over again.
Zafira
There are some draft PDFs of the standard floating around that are easily discoverable. It appears to be incredibly vague and it’s difficult to escape the sense that ISO just wants to jump on the AI bandwagon. There are no bright line rules or anything. It looks to be little more than weak scaffolding which a certified organization applies their own controls.
number6
Sadly, ISO 42001 certification doesn't ensure compliance with the EU AI Act.
Since this is European legislation, it would be beneficial if certifications actually guaranteed regulatory compliance.
For example, while ISO 27001 compliance does establish a strong foundation for many compliance requirement
dr_dshiv
The AI Act is hilarious. It makes emotion detection the highest level of risk—which makes any frontier model potentially in violation.
Most frontier models now allow you to take a picture of your face, assess your emotions and give advice — and that appears to be a direct violation.
https://www.twobirds.com/en/insights/2024/global/what-is-an-...
Just like the GDPR, there is no way to know for sure what is actually acceptable or not. Huge chilling effect though and a lot of time wasted on unnecessary compliance.
gr3ml1n
The rest of the world should simply stop bothering with European silliness tbh.
nuccy
ISO is one of those companies, where creativity of employees is blossoming through the roof. Every day they come to work and start the day with a brainstorming "What standard do we create today?". ISO can standardise anything: a standard cup of tea - no problem: ISO 3103, a standard wine glass - yes: ISO 3591, standard alpine ski boots - of course: ISO 5355, a standard human - oh wait, not yet, the standard is being developed :)
Jokes aside, ISO is a company, and they will make a standard for anything where there is even a remote possibility of that standard being purchased.
spondyl
Interestingly, The Journal (a podcast from the Wall Street Journal) ran an episode with Anthropic's AI safety team just yesterday.
I had wondered if it was perhaps a PR push from Anthropic to make their safety people available to the press but it was probably just an adaption of an earlier WSJ written piece I wasn't aware of.
https://www.wsj.com/tech/ai/ai-safety-testing-red-team-anthr...
reustle
They have also published multiple videos on their YouTube channel featuring their trust and safety team. It seems to be a primary mission over there.
zonkerdonker
This is pretty bizarre. Anyone technical enough to know or care about ISO standards is going to be able to see right through this bullshit.
Honestly all this does is weaken the other standards out forth by ISO, to my eyes.
What's next? "Disney announces it now meets ISO 26123 certification for good movies"?
xigency
I heartily agree.
The icing on the cake is that you have to pay to read the standards document.
null
drunner
AI or LLM? If this is for LLM, then what does "responsibly" making up facts really mean or change?
I would argue LLMs are irresponsible by nature of them having no context for what is fact or fiction.
gonzan
Am I the only one that rolled their eyes at this? An ISO for "responsible AI"? Who is the one that feels authorized to define what "responsible" AI means? This is not a standarization issue.
HocusLocus
As always, ISO certification provides a handy framework that you can turn off in one go, in case you need a bunch of 'down and dirty irresponsible AIs' to do something like a mop up operation.
They retired the 42000 specification because it answered everything and provided no further path for monetization.
survirtual
Let me provide some helpful commentary for anyone confused on this, as it comes up a lot.
Here are what the terms mean by the current paradigm of corporate world leadership:
- "responsible ai": does not threaten the security of corporate rule.
- "safety": keeps the corporation safe from liability, and does not give users enough power to threaten the security of corporate rule.
If anyone needs any of the other terms defined, just ask.
These models are capable of significantly more, but only the most responsible members of our society are allowed to use them -- like the CEOs, and submissive engineers bubble wrapped in NDAs. Basically, safe people, who have a vested interest in maintaining the world order or directly work on maintaining it.
Centralized hoarding of the planet's compute power may end up having some very expected consequences.
HeatrayEnjoyer
ISO 42001 has very clearly defined goals and criteria.
jxramos
I'm curious what the specific test criteria is precisely
sergiotapia
same people who thought to gang up and rent seek for SOC2 compliance. it's all a racket.
bn-l
Not the only one. We all know this about anti competition.
photochemsyn
In a nod to William Gibson, should ISO 42001 be renamed "The Turing Registry Specification"?
The reason this is ridiculous is I'm sure I could get it to teach me all manner of 'safe' chemical reactions, even provide recipes. Like, say, preparing aspirin from willow bark. Which I happen to know is roughly the same recipe for preparing heroin from opium gum.
It's nonsensical. Either you hamstring the models to the point they're useless, or people can game them to do the unsafe thing you don't want them to do. It's basically just another version of the dual use problem, which goes all the way back to the peasant with his iron plow tips that might also be used to bash the lord's head in if it came to it.
pinoy420
Not ISO42069? Was that proposed by Musk and subsequently rejected due to conflict of interest?
idunnoman1222
And all the clowns clapped for we were finally safe again, thanks Europe!
qxfys
Noob question: do they need to re-certify for each new model release?
bt3
Non-scientific answer: if this is anything like ISO27001, it's moreso a certification of processes that presumably govern the creation of all models.
pinoy420
Also worth noting, a lot of ISO certification is ridiculously easy to get. 27001 you can basically copy off some qms procedures to your google drive and call it a day
JofArnold
Good timing given computer use was just the other day jailbroken and "succeeded" in ordering an assassination via the dark web.
Antrophic has to be the worst offender in answering genuinely harmless questions such as anything related to remote access (yes! including ssh).
Anything related to reverse engineering? Refused.
Anything outside their company values? Refused.
Anything that has the word proprietary in it? Refused.
Anything that sounds like a jailbreak, but isn't? Refused.
Even asking how to find a port that you forgot in the range between 30000 and 40000 with netcat command... Refused.
Then there's openai 4o that makes jokes about slaves and honestly, if the alternative is anthropic then openai can might as well tell people how to build a nuke.