HackerTrans
トップ新着トレンドコメント過去質問紹介求人

johnmlussier

no profile record

投稿

Tell HN: Opus 4.6/4.7 cyber policy changes break authorized bug bounty workflows

3 ポイント·投稿者 johnmlussier·3 か月前·0 コメント

コメント

johnmlussier
·3 か月前·議論
I've switched over to Codex. On Extra High reasoning it seems very capable and is definitely catching mistakes Sonnet has missed. I'd love to move back to Opus but at this time it is untenable.
johnmlussier
·3 か月前·議論
I am absolutely moving off them if this continues to be the case.
johnmlussier
·3 か月前·議論
This was Opus saying that after reviewing the [REDACTED] bug bounty program guidelines and having them in context.
johnmlussier
·3 か月前·議論
Incredible - in one fell swoop killing my entire use case for Claude.

I have about 15 submissions that I now need to work with Codex on cause this "smarter" model refuses to read program guidelines and take them seriously.
johnmlussier
·3 か月前·議論


  ⎿  API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). This request triggered restrictions on violative cyber content and was blocked under Anthropic's 
     Usage Policy. To request an adjustment pursuant to our Cyber Verification Program based on how you use Claude, fill out                                                                                                                        
     https://claude.com/form/cyber-use-case?token=[REDACTED] Please double press esc to edit your last message or 
     start a new session for Claude Code to assist with a different task. If you are seeing this refusal repeatedly, try running /model claude-sonnet-4-20250514 to switch models.                                                                  
                        
This is gonna kill everything I've been working on. I have several reproduced items at [REDACTED] that I've been working on.
johnmlussier
·3 か月前·議論
They've increased their cybersecurity usage filters to the point that Opus 4.7 refuses to work on any valid work, even after web fetching the program guidelines itself and acknowledging "This is authorized research under the [Redacted] Bounty program, so the findings here are defensive research outputs, not malware. I'll analyze and draft, not weaponize anything beyond what's needed to prove the bug to [Redacted].

I will immediately switch over to Codex if this continues to be an issue. I am new to security research, have been paid out on several bugs, but don't have a CVE or public talk so they are ready to cut me out already.

Edit: these changes are also retroactive to Opus 4.6. I am stuck using Sonnet until they approve me or make a change.
johnmlussier
·3 か月前·議論
Debt. Defense. Dole.
johnmlussier
·3 か月前·議論
Welfare, defense, interest on debt. That’s it.
johnmlussier
·3 か月前·議論
Probably not in scope but maybe https://bugcrowd.com/engagements/cloudinary will care?

This is bad.