Over 99% of the vulnerabilities we've found have not yet been patched, so it would be irresponsible for us to disclose details about them. Yet even the 1% of bugs we are able to discuss give a clear picture of a substantial leap in what we believe to be the next generation of models' cybersecurity capabilities.
「99%尚未修补」揭示了一个严峻的现实:这篇博文所讨论的内容,只是Anthropic已知漏洞库的冰山一角。负责任披露流程的时间成本(90+45天)意味着在这些漏洞被公开之前,存在一个漫长的窗口期,期间只有Anthropic和其合作伙伴知道这些漏洞的存在。SHA-3承诺机制是一个值得称道的问责工具,但它无法解决底层的信息不对称问题。