一份泄露的内部文件显示，Anthropic公司在训练其AI模型时，曾指示承包商使用Bloomberg、哈佛大学等网站的数据，同时屏蔽《纽约时报》、Reddit等来源。Anthropic表示对此文件不知情，并称该文件由第三方供应商Surge AI创建。Surge AI曾通过公开的Google Drive文档分享了这些指令，但在被媒体问询后迅速撤销了访问权限。此次事件暴露了AI训练数据来源的复杂性以及数据安全问题，并引发了关于内容版权和使用协议的讨论，尤其是当被列入白名单的机构表示并未授权其数据用于AI训练时。该事件也与近期其他AI公司因数据使用问题引发的法律纠纷相呼应。

📄 Anthropic AI训练数据来源受到关注：一份内部文件揭示了Anthropic在训练其AI模型以提升“乐于助人、诚实、无害”特质时，对数据来源的筛选策略。该策略指示承包商优先使用Bloomberg、哈佛大学、《新英格兰医学杂志》等学术、商业和专业领域的网站，同时明确禁止使用《纽约时报》、Reddit等平台的数据。

🔒 Anthropic否认知情，责任归属第三方：Anthropic公司对此文件表示不知情，并指出该文件是由其合作的第三方数据标注公司Surge AI创建的。Surge AI在被媒体问询后，迅速将原本公开的Google Drive文件进行了权限限制，并表示正在调查此事，以确保所有材料得到保护。这引发了对AI公司对其外包数据处理流程监管的疑问。

⚖️ 数据版权与使用权争议加剧：文件显示，许多被列入白名单的来源，如梅奥诊所、康奈尔大学等，均表示未与Anthropic达成使用其数据进行AI模型训练的协议。同时，部分被列入黑名单的网站，如Reddit，《纽约时报》等，已因数据使用问题起诉AI公司，认为其内容未经授权被用于AI训练，这进一步凸显了AI行业在数据版权和合规性方面面临的挑战。

💡 RLHF训练过程中的数据指导：该文件详细说明了Surge的承包商如何将此列表应用于AI模型训练的关键阶段——“人类反馈强化学习”（RLHF）。承包商被指示通过复制粘贴文本、让AI总结、评估AI回答的准确性等方式来优化模型，特别是提升其引用文献的能力。这表明了数据来源的质量和相关性对AI模型的性能至关重要。

🌐 数据安全与客户选择：Surge AI通过公开的Google Drive文档泄露内部指令的做法，与此前Scale AI暴露类似问题的事件如出一辙。Google Cloud发言人指出，文件共享设置的默认状态是限制组织外部访问，更改此设置是客户明确的选择，这暗示了数据泄露可能源于客户自身的数据管理疏忽。

Business Insider obtained an internal list of websites used for improving Anthropic's AI models.The list allows using Bloomberg and Harvard's sites and blacklists others like The New York Times.Anthropic said it wasn't aware of the list and that its contractor, Surge AI, created it.

An internal spreadsheet obtained by Business Insider shows which websites Surge AI gig workers were told to mine — and which to avoid — while fine-tuning Anthropic's AI to make it sound more "helpful, honest, and harmless."

The spreadsheet allows sources like Bloomberg, Harvard University, and the New England Journal of Medicine while blacklisting others like The New York Times and Reddit.

Anthropic says it wasn't aware of the spreadsheet and said it was created by a third-party vendor, the data-labeling startup Surge AI, which declined to comment on this point.

"This document was created by a third-party vendor without our involvement," an Anthropic spokesperson said. "We were unaware of its existence until today and cannot validate the contents of the specific document since we had no role in its creation."

Frontier AI companies mine the internet for content and often work with startups with thousands of human contractors, like Surge, to refine their AI models.

In this case, project documents show Surge worked to make Anthropic's AI sound more human, avoid "offensive" statements, and cite documents more accurately.

Many of the whitelisted sources copyright or otherwise restrict their content. The Mayo Clinic, Cornell University, and Morningstar, whose main websites were all listed as "sites you can use," told BI they don't have any agreements with Anthropic to use this data for training AI models.

Surge left a trove of materials detailing its work for Anthropic, including the spreadsheet, accessible to anyone with the link on Google Drive. Surge locked down the documents shortly after BI reached out for comment.

"We take data security seriously, and documents are restricted by project and access level where possible," a Surge spokesperson said. "We are looking closely into the matter to ensure all materials are protected."

It's the latest incident in which a data-labeling startup used public Google Docs to pass around sensitive AI training instructions. Surge's competitor, Scale AI, also exposed internal data in this manner, locking the documents down after BI revealed the issue.

A Google Cloud spokesperson told BI that its default setting restricts a company's files from sharing outside the organization; changing this setting is a "choice that a customer explicitly makes," the spokesperson said.

Surge hit $1 billion in revenue last year and is raising funds at a $15 billion valuation, Reuters reported. Anthropic was most recently valued at $61.5 billion, and its Claude chatbot is widely considered a leading competitor to ChatGPT.

What's allowed — and what's not

Google Sheet data showed the spreadsheet was created in November 2024, and it's referenced in updates as recent as May 2025 in other documents left public by Surge.

The list functions as a "guide" for what online sources Surge's gig workers can and can't use on the Anthropic project.

The list includes over 120 permitted websites from a wide range of fields, including academia, healthcare, law, and finance. It includes 10 US universities, including Harvard, Yale, Northwestern, and the University of Chicago.

It also lists popular business news sources, such as Bloomberg, PitchBook, Crunchbase, Seeking Alpha, Investing.com, and PR Newswire.

Medical information sources, such as the New England Journal of Medicine, and government sources, such as a list of UN treaties and the US National Archives, are also in the whitelist. So are university publishers like Cambridge University Press.

Here's the full list of who's allowed, which says that it is "not exhaustive." And here's the list of who is banned — or over 50 "common sources" that are "now disallowed," as the spreadsheet puts it.

The blacklist mostly consists of media outlets like The New York Times, The Wall Street Journal, and others. It also includes other types of sources like Reddit, Stanford University, the academic publisher Wiley, and the Harvard Business Review.

The spreadsheet doesn't explain why some sources are permitted and others are not.

The blacklist could reflect websites that made direct demands to AI companies to stop using their content, said Edward Lee, a law professor at Santa Clara University. That can happen through written requests or through an automated method like robots.txt.

Some sources in the blacklist have taken legal stances against AI companies using their content. Reddit, for example, sued Anthropic this year, saying the AI company accessed its site without permission. Anthropic has denied these claims. The New York Times sued OpenAI, and The Wall Street Journal's parent, Dow Jones, sued Perplexity, for similar reasons.

"The Times has objected to Anthropic's unlicensed use of Times content for AI purposes and has taken steps to block their access as part of our ongoing IP protection and enforcement efforts," the Times spokesperson Charlie Stadtlander told BI.

"As the law and our terms of service make clear, scraping or using the Times's content is prohibited without our prior written permission, such as a licensing agreement."

Surge workers used the list for RLHF

Surge contractors were told to use the list for a later, but crucial, stage of AI model training in which humans rate an existing chatbot's responses to improve them. That process is called "reinforcement learning from human feedback," or RLHF.

The Surge contractors working for Anthropic did tasks like copying and pasting text from the internet, asking the AI to summarize it, and choosing the best summary. In another case, workers were asked to "find at least 5-10 PDFs" from the web and quiz Anthropic's AI about the documents' content to improve its citation skills.

That doesn't involve feeding web data directly into the model for it to regurgitate later — the better-known process that's known as pre-training.

Courts haven't addressed whether there's a clear distinction between the two processes when it comes to copyright law. There's a good chance both would be viewed as crucial to building a state-of-the-art AI model, Lee, the law professor, said.

It is "probably not going to make a material difference in terms of fair use," Lee said.

Have a tip? Contact this reporter via email at crollet@insider.com or Signal and WhatsApp at 628-282-2811. Use a personal email address, a nonwork WiFi network, and a nonwork device; here's our guide to sharing information securely.