Built a privacy-preserving system to analyze real-world Claude usage patterns without reading individual conversations.
Research PaperInternal tool using ML to identify threats and analyze how Claude is used — while preserving user privacy. Analyzed 1M conversations, identifying top use cases (coding, writing, research). Demonstrated bottom-up usage monitoring without compromising privacy.
A systematic approach to understanding how users interact with AI systems without accessing or reviewing individual conversations. Rather than human review of user chats, privacy-preserving analysis operates on transformed representations (embeddings, aggregated statistics, cluster summaries) that remove user-identifiable information. This allows organizations to identify safety issues, abuse patterns, and product insights while respecting user privacy. The core principle is that aggregate patterns can be understood without exposing individual data points.
High-level usage trends discovered by clustering millions of conversations into meaningful categories without examining individual interactions. Clio's pipeline identified that coding was the dominant use case for Claude, followed by writing and research. These aggregate patterns reveal how populations of users employ the model, enabling both safety monitoring (detecting coordinated abuse affecting large user cohorts) and product development (understanding where to invest). The findings shaped Anthropic's product priorities and safety monitoring focus.
The operational challenge of maintaining user safety and detecting policy violations across millions of conversations while respecting privacy expectations. At scale, human review becomes infeasible, yet organizations still need to detect coordinated abuse, harmful use patterns, and emerging threats. Trust and safety at scale requires technical solutions like Clio that identify patterns and anomalies without manual inspection of individual user data. This creates accountability without surveillance.
A formal mathematical framework for adding carefully calibrated noise to data systems to guarantee that individual users cannot be re-identified, even with auxiliary information. While Clio's privacy protections are heuristic rather than formally proven through differential privacy, the concept represents the theoretical ideal: quantifiable privacy guarantees independent of how the data is queried. Differential privacy prevents unintended information leakage better than heuristic approaches but is computationally more expensive and harder to implement with language model data.