They make good models, at times SotA (at least if you don't need coding, their last good coding model was six months ago), with lower safeguards than either Anthropic or OpenAI, and they still fail to capture meaningful market share or mind share. The name Grok is tainted by the twitter bot of the same name operated by xAI/X. Being owned by Musk lets the company appear unstable and untrustworthy in the minds of many. Their marketing game is just bad all around. They struggle to retain top talent.
Maybe their next model will be great. I doubt it will matter. I doubt xAI siphoning off Anthropic models and distilling that would matter. Model performance is not the main factor dragging down xAI
Concern maybe elsewhere, but I like how we have gone full circle.
SpaceX expects to complete its $60 billion acquisition of AI coding startup Cursor roughly 30 days after it begins trading publicly, according to Bloomberg.
Cursor's Composer 2 model was built on Kimi K2.5, who were in turn accused of 'distillation' attacks by Anthropic.
Anthropic now relies on SpaceX for compute demands.
Matmuls need access to decrypted weights to do their work.
Which means that getting the full weights out isn't even an "if" - it's "how much effort". The encryption wouldn't do much more than a gentleman's agreement would.
The only real move for Anthropic there is to outline contract penalties for letting weights get leaked, and never give less trusted external inference providers access to cutting edge system weights.
Exposure is limited either way. Opus 4.7 weights are a deprecating asset - it's bleeding edge today, very valuable now, but it'll lose a lot of its value the moment Opus 5.0 drops.
That would require hacking Nvidia's GPUs/racks to extract the weights. The weights are encrypted, sent to the GPU/rack encrypted. When it does inference, it will use decrypted weights but there is no way to get those weights unless you find a way to exploit Nvidia's GPU security.
Do you think OpenAI would send CoreWeave their GPT 5.5 Pro weights if an admin employee at CoreWeave can access the full weights unencrypted? Of course not.
It would require exactly that. A bit more involved than "scp that big file", yes. But you make a mistake by treating it as a hard blocker.
Like I said: it's a gentleman's agreement. If Musk said "I want Opus 4.7 weights", and those weights were on Colossus 1 hardware, he'd have those weights on his desktop, unencrypted, within a couple of weeks.
There's also the side channel line, because having inference on your hardware typically allows you to do things like snoop into KV cache and peek at per-layer, or even per-expert, residuals. Which allows for some very advanced distillation attacks. Might be easier/more deniable to pull that off than dumping full weights, in some circumstances.
Dude, Chinese labs distil attack via the APIs, if Musk wanted to do something like that, technically he could. Legally it would be a giant slam dunk liability though
Well, knowledge distillation requires a teacher model and a student model and the student model attempts to learn and extract and (preferrably) compress the information of the teacher model, so it is possible for model collapse due to high SNR in between [1].
What I suggested is to steal the (possibly intermediate) weight in between by sniffing the network communication bus, which means MITM for getting the exact values. Or unless it turns out OpenAI or Anthropic leveraged homomorphic encryption, or I'm not certain how is Anthropic would safely allow Mythos to run on AWS without their control.
Distilling is different from "siphoning the model weights". I would think that Anthropic has a system for this. After all, they deploy to different clouds already. Their weights are worth billions, I presume that they take security very seriously and have done a lot of homework to trust no one.
