Threat Intel Manager, Model Exploitation & Fraud
full-time
principal
Posted 20 hours ago
Apply Now
Stand out: build a proof-of-work pitch →
Free GitHub-based preview. Direct apply stays one click away.
Get weekly job alerts like this →Hiring for this role?
Market snapshot
Need the demand behind roles like this? Buy the current public-listing CSV and buyer brief, emailed after checkout.
About this role
About Anthropic
Anthropic’s mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.
About the role
We are looking for a threat intel manager to build and run our Model Exploitation & Fraud team within Threat Intelligence. This team detects, investigates, and disrupts the large-scale exploitation of Anthropic's AI systems. Model distillation, unauthorized access, account farming and reseller abuse, and fraud and scam operations.
You will set the strategy for the mission area, hire and lead a small team of technical investigators, and build the systems, processes, and partnerships that let the team scale. The team includes established senior investigators who own our deepest technical casework, tracing distillation networks, reseller and proxy ecosystems, and financially motivated actors across first-party surfaces and third-party platforms; your job is to direct, resource, and amplify that work, not duplicate it. This area carries regular U.S. government engagement and requires deeply understanding external black market ecosystems and how they interact with our systems.
Important context: In this position you may be exposed to explicit content spanning a range of topics, including those of a sexual, violent, or psychologically disturbing nature. This role may require responding to escalations during weekends and holidays.
Key responsibilities
Own strategy, priorities, and outcomes for the Model Exploitation & Fraud mission area; define what we detect, investigate, action, and share
Hire, manage, and develop a team of technical threat investigators; set the quality bar for casework and intelligence reporting
Design clear lanes between this role and the team's senior individual contributors: strategy, people leadership, and program ownership sit with you, while ownership of the deepest technical investigations and tradecraft stays with the senior experts closest to the work
Capable of independently leading complex investigations.
Direct, prioritize, and resource complex investigations into model distillation, unauthorized AI R&D usage, unauthorized access, coordinated account abuse, and fraud/scam networks, partnering with the senior investigators who lead the deepest technical casework and clearing blockers from their path
Drive the redesign of triage for a very high-volume detection pipeline: partner with investigators and engineering to build abuse signals, clustering, and agentic investigation workflows that separate sophisticated actors from noise
Expand the team's coverage into fraud and scams, building the detection and investigation playbooks from the ground up
Own the external engagement program for the area, including regular intelligence sharing with U.S. government partners and industry peers, ensuring the investigators driving the work are visible in those channels
Anticipate how resellers, proxies, and third-party platforms change the abuse surface, and shape coverage accordingly
Work with policy, enforcement, and engineering to convert findings into bans, product mitigations, and safety-by-design improvements
Define and report the team's metrics; brief Safeguards and company leadership on the threat landscape
Minimum qualifications
Have led and managed investigative, fraud, platform integrity, or threat intelligence teams, ideally ones built around senior, deeply specialized individual contributors
Have strong domain fluency in scaled abuse — fraud patterns, account abuse, unauthorized access, or platform exploitation economics — sufficient to set priorities, pressure-test findings, and earn the confidence of expert investigators
Are proficient enough in SQL and Python to review data-heavy casework, pressure-test conclusions, and provide surge capacity when the team needs it
Have experience overseeing investigations that track threat actors across surface, deep, and dark web environments, including reseller and access-broker communities
Have working familiarity with large language models and a strong grasp of how models can be distilled, extracted, or exploited at scale
Have built processes, detection systems, or programs from scratch and can show what changed because of them
Communicate crisply with executives, engineers, and external partners alike
Preferred qualifications
Experience at a major technology platform on trust and safety, fraud, or abuse investigations at scale
Background in financial crime investigation or fraud analytics
Experience working directly with U.S. government stakeholders on threat reporting
A track record of partnering with, growing, and retaining senior technical specialists, including defining clear scope between management and senior IC tracks
Fluency in Man
Similar Jobs
Related searches:
Hybrid Jobs
Principal Jobs
Hybrid Principal Jobs
Principal Machine LearningPrincipal AI Agents & RAGPrincipal AI Safety & SecurityPrincipal NLP & Language AIPrincipal AI ResearchPrincipal Backend & Systems
AI Jobs in San Francisco
Machine Learning in San FranciscoAI Agents & RAG in San FranciscoAI Safety & Security in San FranciscoNLP & Language AI in San FranciscoAI Research in San FranciscoBackend & Systems in San Francisco
alignmentllmagentsrust
Get jobs like this delivered weekly
Free AI jobs newsletter. No spam.