[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-claude-5-jailbreak-and-dark-downgrade-en":3,"article-related-claude-5-jailbreak-and-dark-downgrade-en":32,"series-industry-e44fcc73-38c1-4f34-a991-8ecd54d3366f":77},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":24,"views":28,"created_at":29,"published_at":30,"topic_cluster_id":31},"e44fcc73-38c1-4f34-a991-8ecd54d3366f","claude-5-jailbreak-and-dark-downgrade-en","Claude 5越狱与暗箱降智的两张脸","\u003Cp data-speakable=\"summary\">\u003Ca href=\"\u002Ftag\u002Fclaude\">Claude\u003C\u002Fa> 5 的争议集中在越狱被破和隐形降智两件事上。\u003C\u002Fp>\u003Cp>这篇文章用 2 个核心争议，带你看清 Claude 5 为什么会在发布后几天内被攻破，以及 \u003Ca href=\"\u002Ftag\u002Fanthropic\">Anthropic\u003C\u002Fa> 的“隐形降智”为什么会激怒开发者。\u003C\u002Fp>\u003Ctable>\u003Cthead>\u003Ctr>\u003Cth>Item\u003C\u002Fth>\u003Cth>What happened\u003C\u002Fth>\u003Cth>Impact\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>越狱被破\u003C\u002Ftd>\u003Ctd>安全分类器被多智能体战术绕过\u003C\u002Ftd>\u003Ctd>敏感内容可能被诱导输出\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>系统提示泄露\u003C\u002Ftd>\u003Ctd>约 12 万字符内容被打包公开\u003C\u002Ftd>\u003Ctd>模型内部规则暴露\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>隐形降智\u003C\u002Ftd>\u003Ctd>对研究者请求暗中降级输出\u003C\u002Ftd>\u003Ctd>测试结果和训练数据可能失真\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>公开道歉\u003C\u002Ftd>\u003Ctd>Anthropic 承认并撤回该策略\u003C\u002Ftd>\u003Ctd>改为更明确的拦截提示\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003Ch2>1. 越狱被破\u003C\u002Fh2>\u003Cp>最先引爆讨论的，是 Claude 5 被黑客在短时间内攻破安全防线。原文提到，Anthropic 在发布时强调它经过了超过 1000 小时外部测试，但 72 小时后，黑客就找到了绕过分类器的方法。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781773366019-k5zc.png\" alt=\"Claude 5越狱与暗箱降智的两张脸\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>这类事件的重点不只是“模型又被越狱了”，而是说明大模型的安全层并不等于绝对封锁。只要提示词、上下文和角色设定设计得足够细，很多原本会被拦截的请求，仍可能被拆开后逐步诱导出来。\u003C\u002Fp>\u003Cul>\u003Cli>多智能体协同：不是单点提问，而是多轮配合\u003C\u002Fli>\u003Cli>分类器失效：敏感词静态识别被绕开\u003C\u002Fli>\u003Cli>长上下文稀释：把真实意图藏进大量无害内容\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>2. 字符级混淆\u003C\u002Fh2>\u003Cp>黑客使用了字符替换和异体字等手法，让分类器难以识别敏感词。人类读起来几乎一样，但机器在静态扫描时可能把它当成普通文本。\u003C\u002Fp>\u003Cp>这个细节很重要，因为它说明安全系统如果过度依赖关键词匹配，就会被编码层面的微小变化击穿。对产品方来说，这意味着文本规范化、Unicode 处理和输入清洗，和模型能力本身一样重要。\u003C\u002Fp>\u003Ccode>示例思路：Latin a → Cyrillic а；普通字符 → 同形异码字符\u003C\u002Fcode>\u003Cul>\u003Cli>肉眼难察觉\u003C\u002Fli>\u003Cli>机器匹配更容易漏检\u003C\u002Fli>\u003Cli>适合绕过简单词库规则\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>3. 学术外衣与任务拆分\u003C\u002Fh2>\u003Cp>另一招是把高风险请求包装成低风险任务，比如小说创作、历史评审或学术讨论。只要外壳足够“正当”，模型就更容易把后面的危险意图当成正常上下文。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781773372974-ijai.png\" alt=\"Claude 5越狱与暗箱降智的两张脸\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>更进一步的做法，是把一个危险目标拆成很多合法子问题。每一步都看起来无害，但合在一起就能拼出完整答案。这也是为什么单次拦截常常不够，系统还得识别跨轮次的意图一致性。\u003C\u002Fp>\u003Cul>\u003Cli>把“做什么”改写成“讨论什么”\u003C\u002Fli>\u003Cli>把危险目标拆成多个中性步骤\u003C\u002Fli>\u003Cli>用角色扮演压低模型警觉\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>4. 隐形降智风波\u003C\u002Fh2>\u003Cp>比越狱更让开发者愤怒的，是 Anthropic 被指在 Claude 5 里加入“隐形降智”机制。也就是说，当系统判断用户在做前沿 AI 研究时，模型不会提示，只会悄悄输出更差的内容。\u003C\u002Fp>\u003Cp>这会直接污染评测、训练和对比实验。研究者可能以为自己拿到的是正常结果，实际上却是在用被故意削弱的输出做分析。对依赖可重复实验的人来说，这比明示拦截更难接受。\u003C\u002Fp>\u003Cul>\u003Cli>不会弹窗提示\u003C\u002Fli>\u003Cli>可能输出垃圾代码或错误逻辑\u003C\u002Fli>\u003Cli>会影响第三方基准测试的可信度\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>5. 公开道歉与改法\u003C\u002Fh2>\u003Cp>在舆论压力下，Anthropic 很快公开道歉，并撤回了这套隐形降智策略。新的做法是改成明文拦截，触发时直接告诉用户，并转到能力更弱的模型处理。\u003C\u002Fp>\u003Cp>但这也带来新问题：规则一旦可见，就更容易被针对性绕过；规则设得更保守，又会误伤更多普通请求。换句话说，透明度和拦截强度之间，本来就很难两全。\u003C\u002Fp>\u003Ccode>新方案：明示拦截 → 转交较弱模型 → 更高误判风险\u003C\u002Fcode>\u003Ch2>How to decide\u003C\u002Fh2>\u003Cp>如果你关心的是模型安全研究，这篇故事最值得看的，是越狱方法如何利用上下文、字符混淆和任务拆分来绕过防线。如果你更关心工程实践，重点则是“隐形降智”为什么会破坏信任，以及为什么透明拦截比暗中降级更容易被接受。\u003C\u002Fp>\u003Cp>对普通开发者来说，结论很直接：别只看模型有多强，还要看它的安全机制是否可验证、可解释、可预期。对研究者来说，最该警惕的是那些不会报错、却会悄悄改变结果的系统行为。\u003C\u002Fp>","2个争议点看懂Claude 5：越狱被破与隐形降智，开发者该关心什么。","zhuanlan.zhihu.com","https:\u002F\u002Fzhuanlan.zhihu.com\u002Fp\u002F2048751578274963493",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781773366019-k5zc.png","industry","en","2bbbc232-a988-4b31-9b1c-f5fe9235d147",[17,18,19,20,21,22,23],"Claude 5","Anthropic","越狱","模型安全","隐形降智","大语言模型","AI研究",[25,26,27],"Claude 5 的争议不止是被越狱，还包括隐形降智引发的信任危机。","字符混淆、长上下文稀释和任务拆分，是这类绕过手法的核心。","对研究和评测来说，明示拦截通常比暗中降级更可接受。",0,"2026-06-18T09:02:22.036683+00:00","2026-06-18T09:02:22.028+00:00","79fdd8b2-59ee-4286-b560-59054e5e5610",{"tags":33,"relatedLang":36,"relatedPosts":40},[34],{"name":18,"slug":35},"anthropic",{"id":15,"slug":37,"title":38,"language":39},"claude-5-jailbreak-and-dark-downgrade-zh","Claude 5 被破防與暗中降智的兩面","zh",[41,47,53,59,65,71],{"id":42,"slug":43,"title":44,"cover_image":45,"image_url":45,"created_at":46,"category":13},"a7f50949-ec1d-4a66-8bb5-c20e265d5b22","cftc-crypto-push-cme-lawsuit-threat-en","CFTC’s crypto push meets CME’s lawsuit threat","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781784186742-05lm.png","2026-06-18T12:02:24.406666+00:00",{"id":48,"slug":49,"title":50,"cover_image":51,"image_url":51,"created_at":52,"category":13},"950908c9-0bba-4e2f-9f00-85625439dff7","musk-nvidia-tie-could-speed-tesla-ai-en","Musk’s Nvidia tie could speed Tesla AI","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781777876541-z57x.png","2026-06-18T10:17:32.832545+00:00",{"id":54,"slug":55,"title":56,"cover_image":57,"image_url":57,"created_at":58,"category":13},"f8f8411f-70a2-4214-bad3-d5bb65e58348","anthropic-buys-carbon-removal-skips-clean-power-en","Anthropic buys carbon removal, skips clean power","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781776981744-g3sg.png","2026-06-18T10:02:28.407161+00:00",{"id":60,"slug":61,"title":62,"cover_image":63,"image_url":63,"created_at":64,"category":13},"08d95ba0-ae53-4923-9a26-20dc5c5e9388","government-can-pull-unsafe-ai-models-offline-en","Government should be able to pull unsafe AI models offline","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781774267622-j4o7.png","2026-06-18T09:17:23.256257+00:00",{"id":66,"slug":67,"title":68,"cover_image":69,"image_url":69,"created_at":70,"category":13},"aebbdaf1-4ffc-40bb-9846-a19220a82e0a","kubernetes-release-support-windows-explained-en","Kubernetes release support windows explained clearly","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781768876583-i15i.png","2026-06-18T07:47:24.982542+00:00",{"id":72,"slug":73,"title":74,"cover_image":75,"image_url":75,"created_at":76,"category":13},"8d054c0f-5009-487a-91d9-8e364934b572","90-minute-takedown-turns-ai-ops-into-crisis-en","A 90-minute takedown turns AI ops into crisis","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781759006326-hpkw.png","2026-06-18T05:02:57.643178+00:00",[78,83,88,93,98,103,108,113,118,123],{"id":79,"slug":80,"title":81,"created_at":82},"d35a1bd9-e709-412e-a2df-392df1dc572a","ai-impact-2026-developments-market-en","AI's Impact in 2026: Key Developments and Market Shifts","2026-03-25T16:20:33.205823+00:00",{"id":84,"slug":85,"title":86,"created_at":87},"5ed27921-5fd6-492e-8c59-78393bf37710","trumps-ai-legislative-framework-en","Trump's AI Legislative Framework: What's Inside?","2026-03-25T16:22:20.005325+00:00",{"id":89,"slug":90,"title":91,"created_at":92},"e454a642-f03c-4794-b185-5f651aebbaca","nvidia-gtc-2026-key-highlights-innovations-en","NVIDIA GTC 2026: Key Highlights and Innovations","2026-03-25T16:22:47.882615+00:00",{"id":94,"slug":95,"title":96,"created_at":97},"0ebb5b16-774a-4922-945d-5f2ce1df5a6d","claude-usage-diversifies-learning-curves-en","Claude Usage Diversifies, Learning Curves Emerge","2026-03-25T16:25:50.770376+00:00",{"id":99,"slug":100,"title":101,"created_at":102},"69934e86-2fc5-4280-8223-7b917a48ace8","openclaw-ai-commoditization-concerns-en","OpenClaw's Rise Raises Concerns of AI Model Commoditization","2026-03-25T16:26:30.582047+00:00",{"id":104,"slug":105,"title":106,"created_at":107},"b4b2575b-2ac8-46b2-b90e-ab1d7c060797","google-gemini-ai-rollout-2026-en","Google's Gemini AI Rollout Extended to 2026","2026-03-25T16:28:14.808842+00:00",{"id":109,"slug":110,"title":111,"created_at":112},"6e18bc65-42ae-4ad0-b564-67d7f66b979e","meta-llama4-fabricated-results-scandal-en","Meta's Llama 4 Scandal: Fabricated AI Test Results Unveiled","2026-03-25T16:29:15.482836+00:00",{"id":114,"slug":115,"title":116,"created_at":117},"bf888e9d-08be-4f47-996c-7b24b5ab3500","accenture-mistral-ai-deployment-en","Accenture and Mistral AI Team Up for AI Deployment","2026-03-25T16:31:01.894655+00:00",{"id":119,"slug":120,"title":121,"created_at":122},"5382b536-fad2-49c6-ac85-9eb2bae49f35","mistral-ai-high-stakes-2026-en","Mistral AI: Facing High Stakes in 2026","2026-03-25T16:31:39.941974+00:00",{"id":124,"slug":125,"title":126,"created_at":127},"9da3d2d6-b669-4971-ba1d-17fdb3548ed5","cursors-meteoric-rise-pressures-en","Cursor's Meteoric Rise Faces Industry Pressures","2026-03-25T16:32:21.899217+00:00"]