HackerLangs
TopNewTrendsCommentsPastAskShowJobs

johnmlussier

no profile record

Submissions

Tell HN: Opus 4.6/4.7 cyber policy changes break authorized bug bounty workflows

3 points·by johnmlussier·3 miesiące temu·0 comments

comments

johnmlussier
·3 miesiące temu·discuss
I've switched over to Codex. On Extra High reasoning it seems very capable and is definitely catching mistakes Sonnet has missed. I'd love to move back to Opus but at this time it is untenable.
johnmlussier
·3 miesiące temu·discuss
I am absolutely moving off them if this continues to be the case.
johnmlussier
·3 miesiące temu·discuss
This was Opus saying that after reviewing the [REDACTED] bug bounty program guidelines and having them in context.
johnmlussier
·3 miesiące temu·discuss
Incredible - in one fell swoop killing my entire use case for Claude.

I have about 15 submissions that I now need to work with Codex on cause this "smarter" model refuses to read program guidelines and take them seriously.
johnmlussier
·3 miesiące temu·discuss


  ⎿  API Error: Claude Code is unable to respond to this request, which appears to violate our Usage Policy (https://www.anthropic.com/legal/aup). This request triggered restrictions on violative cyber content and was blocked under Anthropic's 
     Usage Policy. To request an adjustment pursuant to our Cyber Verification Program based on how you use Claude, fill out                                                                                                                        
     https://claude.com/form/cyber-use-case?token=[REDACTED] Please double press esc to edit your last message or 
     start a new session for Claude Code to assist with a different task. If you are seeing this refusal repeatedly, try running /model claude-sonnet-4-20250514 to switch models.                                                                  
                        
This is gonna kill everything I've been working on. I have several reproduced items at [REDACTED] that I've been working on.
johnmlussier
·3 miesiące temu·discuss
They've increased their cybersecurity usage filters to the point that Opus 4.7 refuses to work on any valid work, even after web fetching the program guidelines itself and acknowledging "This is authorized research under the [Redacted] Bounty program, so the findings here are defensive research outputs, not malware. I'll analyze and draft, not weaponize anything beyond what's needed to prove the bug to [Redacted].

I will immediately switch over to Codex if this continues to be an issue. I am new to security research, have been paid out on several bugs, but don't have a CVE or public talk so they are ready to cut me out already.

Edit: these changes are also retroactive to Opus 4.6. I am stuck using Sonnet until they approve me or make a change.
johnmlussier
·3 miesiące temu·discuss
Debt. Defense. Dole.
johnmlussier
·3 miesiące temu·discuss
Welfare, defense, interest on debt. That’s it.
johnmlussier
·3 miesiące temu·discuss
Probably not in scope but maybe https://bugcrowd.com/engagements/cloudinary will care?

This is bad.