Should I ever report a leak as if it is confirmed?

No. Even the strongest leak is Strong signal in the framework on this site — not Confirmed. Confirmed requires the lab itself to say it. Until then, every leak-derived claim should carry a label.

What is the most common bad-leak pattern?

A screenshot of a screenshot. Someone posts a screenshot of an alleged config or an alleged model card; another account amplifies it; the original is never linked or has been deleted. With no primary URL, the chain cannot be verified. We treat this category as Speculation, not Strong signal.

When does a leak move toward Confirmed?

When the lab itself acknowledges the artifact, or when independent reproducible inspection confirms what the leak claimed. Until then the label can only move up to Strong signal at best. We never move directly to Confirmed without a lab statement.

Reading AI Model Release Leaks

Most "AI model leak" coverage online is junk. The same screenshot circulates through fifteen blog posts, the same Discord paste shows up in five tracker articles, and none of it actually predicts what the next model does. But a small percentage of leak coverage is real, and learning to tell the two apart is a useful skill.

This article is the methodology side of the tracker work. The how-to-read-llm-release-rumors pillar covers the broader labeling system; this one drills into the leaks specifically.

Three filters for a real leak

Apply these in order. A leak that fails any of them is Speculation by default, no matter how widely it has been shared.

Filter 1: is there a primary URL?

A real leak points at something. A model card stub that was briefly published and then taken down — but archived externally. A config file in a public repo. A model name that briefly appeared in an API response. A regulatory filing. A research paper draft.

"Someone in a Discord said" is not a primary URL. "A screenshot circulating on X" is not a primary URL. If the chain of citations does not terminate in a verifiable artifact, the leak is rumor at best.

Filter 2: can the artifact be reproduced?

A leaked benchmark filing can be checked against the regulator's site. A leaked config can be parsed and compared to known configs. A leaked endpoint can sometimes be probed (carefully, and within the lab's terms of service).

Independent reproduction is the bar that separates "interesting screenshot" from "useful evidence." If only one account has the artifact and nobody else can confirm it, the signal is thin.

Filter 3: does the source have something to lose?

A named reporter at a reputable outlet has a reputational stake — getting it wrong costs them. An anonymous tipster has none. This does not make the named source automatically right, but it does shift the priors. We treat reporting from accountable bylines as substantially stronger evidence than anonymous posts, even when the underlying claim is identical.

A real leak vs. a noise leak — worked

Real leak (Strong signal):

A regulatory filing in jurisdiction X mentions an unreleased model name and a training-compute disclosure threshold.
The filing is on the regulator's public website. A second outlet has independently reported the same filing.
A named reporter at a reputable outlet has written about it under their own byline.

All three filters pass. This is the kind of thing that belongs in a tracker article under Strong signal, with the filing URL linked and the byline credited.

Noise leak (Speculation at best):

A screenshot purporting to show an internal model card.
The screenshot was posted by an anonymous account; the original URL it claims to come from is dead or never existed.
A second account amplifies the screenshot. A third blog quotes the second account. None of them have additional evidence.

All three filters fail. This is the kind of thing that drives a lot of online "model release" coverage and should not move any claim above Speculation.

How leaks evolve

Watching real leaks over time is interesting. The pattern, repeated across many releases:

A primary artifact appears (a regulatory filing, a config commit, a model card stub).
Reputable reporters pick it up within hours or days.
The lab either confirms with an official post (the leak moves to Confirmed) or remains silent (the leak stays at Strong signal until they ship).
The actual model launches, usually within weeks of step 1.

Noise leaks do not follow this arc. They circulate, fade, and never produce a release. Tracking which leaks make it through this arc and which do not is the kind of pattern that builds judgment for the next round.

What this means for your reading

Three habits that pay off:

Click through every claim. If the article does not link to a primary URL, treat the claim as Speculation regardless of how confident the prose sounds.
Watch named bylines more than amplification counts. A 50-RT post by an anonymous account is weaker evidence than a 500-word piece by a named reporter at a reputable outlet, even though the post will reach more eyes.
Wait for the lab. If a leak is real, the lab will confirm it within a known timeframe. Most rushed "first to break" coverage is wrong and the right move is to wait one news cycle before treating the claim as load-bearing.

Read leaks this way and the genre stops being annoying. There are real signals in the noise; the filters above are how you find them.

Reading AI Model Release Leaks

Article summary

Three filters for a real leak

A real leak vs. a noise leak — worked

How leaks evolve

What this means for your reading

Frequently asked questions

See also

Where to go next