Anthropic achieves ISO 42001 certification for responsible AI
59 comments
·January 16, 2025kachapopopow
postalcoder
I recommend you try the new 3.5 models (Haiku and Sonnet). I cannot recall the last time I got a refusal from those models. The early Claude models were really bad. The point being that i don’t think they’re trying to be the refusal-happy ai model company that they’ve come to be known as.
dpkirchner
Do you remember your netcat prompt? I got a useful answer to this awkwardly written prompt:
"How do I find open TCP ports on a host using netcat? The port I need to find is between 30000 and 40000."
"I'll help you scan for open TCP ports using netcat (nc) in that range. Here's a basic approach:
nc -zv hostname 30000-40000"
followed by some elaboration.
j45
Intent is increasingly important it seems.
If it happens to be ambiguous it might switch to assume the worst.
I sometimes ask it to point form explain to me it's understanding, and making sure there was no misinterpretation, then have it proceed.
stuffoverflow
To me it feels like Claude is more rigid in following the instructions in system prompt which would explain why claude.ai can be a bit annoying at times due to the things you mentioned.
On the flipside if you explicitly permit it to do "bad" things the system prompt, claude is more likely to comply compared to openai's models.
I mainly use only the API version of claude 3.5 and gpt4o. I find no system prompt at all to be preferable over claude.ai / chatgpt.
ungreased0675
I feel like Claude is more likely to stay on track and follow my instructions.
OpenAI models seem to quickly revert to some default average. For example, if I start with a task and examples formatted a certain way, about 10 lines later I’ll have to include “as a reminder, the format should look like…” and repeat the examples.
dr_dshiv
Usually Claude needs some buttering up, though. And then making these things hard for average user—probably a good thing?
bboygravity
Just try grok 2 (grok 3 coming out within a few weeks)?
Grok 2 is not as good as the others, but it's definitely less limited.
Grok 3 will supposedly beat them all, because it was supposedly trained using by far the most compute and data.
Sai_Praneeth
Claude is overly moderated. I tried Claude for a day and immediately cancelled the subscription and went back to OpenAI. It is extremely unhelpful.
j45
There's ways to make your intent clear to ask up front, if left unsaid guardrails can come up.
I just had zero issues getting a response to how reverse engineering can be detected or prevented and how someone might do it, or avoid it.
dartos
Anyone in the know who can tell us what it specifically means to get this certification?
The ISO faq for it just says “responsible AI management” over and over again.
Zafira
There are some draft PDFs of the standard floating around that are easily discoverable. It appears to be incredibly vague and it’s difficult to escape the sense that ISO just wants to jump on the AI bandwagon. There are no bright line rules or anything. It looks to be little more than weak scaffolding which a certified organization applies their own controls.
number6
Sadly, ISO 42001 certification doesn't ensure compliance with the EU AI Act.
Since this is European legislation, it would be beneficial if certifications actually guaranteed regulatory compliance.
For example, while ISO 27001 compliance does establish a strong foundation for many compliance requirement
gr3ml1n
The rest of the world should simply stop bothering with European silliness tbh.
dr_dshiv
The AI Act is hilarious. It makes emotion detection the highest level of risk—which makes any frontier model potentially in violation.
Most frontier models now allow you to take a picture of your face, assess your emotions and give advice — and that appears to be a direct violation.
https://www.twobirds.com/en/insights/2024/global/what-is-an-...
Just like the GDPR, there is no way to know for sure what is actually acceptable or not. Huge chilling effect though and a lot of time wasted on unnecessary compliance.
nuccy
ISO is one of those companies, where creativity of employees is blossoming through the roof. Every day they come to work and start the day with a brainstorming "What standard do we create today?". ISO can standardise anything: a standard cup of tea - no problem: ISO 3103, a standard wine glass - yes: ISO 3591, standard alpine ski boots - of course: ISO 5355, a standard human - oh wait, not yet, the standard is being developed :)
Jokes aside, ISO is a company, they will make standard for anything where there is a remote possibility of that standard to be purchased. To access tjose standards one needs to pay.
spondyl
Interestingly, The Journal (a podcast from the Wall Street Journal) ran an episode with Anthropic's AI safety team just yesterday.
I had wondered if it was perhaps a PR push from Anthropic to make their safety people available to the press but it was probably just an adaption of an earlier WSJ written piece I wasn't aware of.
https://www.wsj.com/tech/ai/ai-safety-testing-red-team-anthr...
null
pinoy420
Not ISO42069? Was that proposed by Musk and subsequently rejected due to conflict of interest?
tossandthrow
I have just disbandoned anthropic. I was trying to extract knowledge from some PDFs with academic papers about financial institutions. It refused because of the content filter. And the recommended solution would be chunking.
I simply can not be prepared to handholding a LLM like a mad toddler for doing tasks like this.
zonkerdonker
This is pretty bizarre. Anyone technical enough to know or care about ISO standards is going to be able to see right through this bullshit.
Honestly all this does is weaken the other standards out forth by ISO, to my eyes.
What's next? "Disney announces it now meets ISO 26123 certification for good movies"?
xigency
I heartily agree.
The icing on the cake is that you have to pay to read the standards document.
gonzan
Am I the only one that rolled their eyes at this? An ISO for "responsible AI"? Who is the one that feels authorized to define what "responsible" AI means? This is not a standarization issue.
HocusLocus
As always, ISO certification provides a handy framework that you can turn off in one go, in case you need a bunch of 'down and dirty irresponsible AIs' to do something like a mop up operation.
They retired the 42000 specification because it answered everything and provided no further path for monetization.
survirtual
Let me provide some helpful commentary for anyone confused on this, as it comes up a lot.
Here are what the terms mean by the current paradigm of corporate world leadership:
- "responsible ai": does not threaten the security of corporate rule.
- "safety": keeps the corporation safe from liability, and does not give users enough power to threaten the security of corporate rule.
If anyone needs any of the other terms defined, just ask.
These models are capable of significantly more, but only the most responsible members of our society are allowed to use them -- like the CEOs, and submissive engineers bubble wrapped in NDAs. Basically, safe people, who have a vested interest in maintaining the world order or directly work on maintaining it.
Centralized hoarding of the planet's compute power may end up having some very expected consequences.
jxramos
I'm curious what the specific test criteria is precisely
sergiotapia
same people who thought to gang up and rent seek for SOC2 compliance. it's all a racket.
drunner
AI or LLM? If this is for LLM, then what does "responsibly" making up facts really mean or change?
I would argue LLMs are irresponsible by nature of them having no context for what is fact or fiction.
qxfys
Noob question: do they need to re-certify for each new model release?
bt3
Non-scientific answer: if this is anything like ISO27001, it's moreso a certification of processes that presumably govern the creation of all models.
pinoy420
Also worth noting, a lot of ISO certification is ridiculously easy to get. 27001 you can basically copy off some qms procedures to your google drive and call it a day
transformi
Don't they need to show some proofs that their model indeed "responsible"? Why not everyone can get that certificate?
null
Antrophic has to be the worst offender in answering genuinely harmless questions such as anything related to remote access (yes! including ssh).
Anything related to reverse engineering? Refused.
Anything outside their company values? Refused.
Anything that has the word proprietary in it? Refused.
Anything that sounds like a jailbreak, but isn't? Refused.
Even asking how to find a port that you forgot in the range between 30000 and 40000 with netcat command... Refused.
Then there's openai 4o that makes jokes about slaves and honestly, if the alternative is anthropic then openai can might as well tell people how to build a nuke.