Microsoft Favors Anthropic Over Openai for Visual Studio Code
Posted4 months agoActive4 months ago
theverge.comTechstoryHigh profile
calmmixed
Debate
60/100
AI Coding AssistantsMicrosoftVs Code
Key topics
AI Coding Assistants
Microsoft
Vs Code
Microsoft is reportedly favoring Anthropic's Claude over OpenAI's models in Visual Studio Code, sparking discussion about the relative merits of different AI coding assistants and Microsoft's motivations.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
36m
Peak period
81
0-6h
Avg / period
14.1
Comment distribution99 data points
Loading chart...
Based on 99 loaded comments
Key moments
- 01Story posted
Sep 16, 2025 at 10:48 AM EDT
4 months ago
Step 01 - 02First comment
Sep 16, 2025 at 11:24 AM EDT
36m after posting
Step 02 - 03Peak activity
81 comments in 0-6h
Hottest window of the conversation
Step 03 - 04Latest activity
Sep 18, 2025 at 2:13 PM EDT
4 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45263063Type: storyLast synced: 11/20/2025, 4:44:33 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
It's weird though because ChatGPT itself is not particularly better than it was before. Bringing down costs per token probably means they can do more reasoning before coding than Codex does.
Makes sense that MS would partner with Anthropic since their tool-use for productivity (Claude Code) seems superior. I personally rarely code with ChatGPT, almost strictly Claude.
Even the bench marks don’t seem all that helpful.
I often would use Claude to do a “make it pretty” pass after implementation with GPT-5. I find Claude’s spatial and visual understanding when dealing with frontend to be better.
I am sure others will have the exact opposite experience.
But after openai started gatekeeping all their new decent models in the api, i will happily refuse to buy more credits, and rather use foss models from other providers (I wish claude had proper no log policies).
On the other hand, I wish ChatGPT had GitHub integration in Projects, not just in Codex.
I've also had Claude Sonnet 4.0 Thinking spew forth incorrect answers many times for complex problems involving some math (with incapability to write a former proof sometimes), whereas ChatGPT 5 Thinking gives me correct answers with formal proof.
I can confirm Sonnet is good for vibe coding but makes an absolute mess of large and complex codebases, while GPT5 tends to be pretty respectful.
Surely Microsoft's expertise these days is in cross-selling passable but not best-in-class products to enterprises who already pay for Microsoft products.
It says something about how they view the AI coding market, or perhaps the level of the gap between Anthropic and OpenAI here, that they've gone the other way.
Why is Azure popular? Not on its own merits, it's because there is a pre-existing relationship with Microsoft.
Why is Teams the most widely used chat tool? Certainly not because it's good.. it is, again, pre-existing business relationships.
Seems odd for a company that survives (perhaps even thrives) on these kinds of intertwined business reasons to, themselves, understand that they should go for merit instead.
The other way around worked (Google could use Entra) but it was basically impossible to backend Entra from Google. Weird.
I think Microsoft views models as a commodity and they'd rather lean into their strengths as a tool maker, so this is Microsoft putting themselves into a position to make tools around/for any AI/LLM model, not just ones they have a partnership with.
Honestly I think this sort of agnosticism around AI will work out well for them.
Feels like an area where we could use more competition...
I've fed into several models my past reddit comments (with the comments it's responding to) and asked it to duplicate the style. Claude has always been the only thing that comes even close to original responses that even I think would be exactly my response, wording and all.
GPT or Gemini will just borrow snippets from the example text and just smoosh it together to make semi-coherent points. Scratch that. They're coherent, but they're just unmistakably not from me.
Overall, I think Google has a better breadth of knowledge encoded, but Anthropic gets work done better.
https://mattdeco.github.io/archive-bookmarklet/
I had the same experience recently with: - Ticketmaster - Docusign - Vercel
Probably a handful more I forgot.
I believe the main reason is because it prevents fraud.
But I see a deeper motive that phone numbers are more friction to change and therefore our “real” numbers become hard-to-change identity codes that can easily be used to pull tons of info about you.
You give them that number and they immediately can look up your name, addresses, age, and tons of other mined info that was connected to you. Probably credit score, household income, etc.
Phone numbers have tons of “metadata” you provide without really knowing it. Like how the Exif data in a photo may reveal a lot about your location and device.
- Account creation usually happens before plan selection & payment. Most users start at free, then add a CC later either during on-boarding or after finishing their trial.
- Virtual credit cards are very easy to create. You can signup with credit card with a very low limit and just use the free tier tokens.
Because of this low value dynamic, there are many techniques that can be used to add "cost" to abusive users while being much less infringing upon user privacy: rate limiting, behavioral analysis, proof-of-work systems, IP restrictions, etc.
Using privacy-invasive methods to solve problems that could be easily addressed through simple privacy-respecting technical controls suggests unstated ulterior motives around data collection.
If your service is worth less than $0.50 per account, why are you collecting such invasive data for something so trivial?
If your service is worth more than $0.50 per account, SMS verification won't stop motivated abusers, so you're using the wrong tool.
If Reddit, Wikipedia, and early Twitter could handle abuse without phone numbers, why can't you?
Second, all those alternatives you described are also not great for user privacy either. One way or another you have to try to associate requests with an individual entity. Each has its own limitations and downsides, so typically multiple methods are used for different scenarios with the hope that all together its enough of a deterrence.
Having to do abuse prevention is not great for UX and hurts legitimate conversion, I promise you most companies only do it when they reach a point where abuse has become a real problem and sometimes well after.
Nobody has made the argument that it's not a deterrent at all. The core argument is that it's privacy-infringing when it doesn't need to be, and the cost posed to attackers is extremely low. If your business is offering a service at a price below your business' own costs, the business itself is choosing to inflict cost asymmetry upon itself.
>Second, all those alternatives you described are also not great for user privacy either.
This is plainly and obviously false at face value. How would blocklisting datacenter IP's, or doing IP-based rate limiting, or a PoW challenge like Anubis be "also not great" for user privacy, particularly when compared to divulging a phone number? Phone numbers are linked to far more commercially available PII than an IP address by itself is, and PoW challenges don't even require you to log IP addresses. Behavioral analysis like blocking more than N sign-ups per minute from IP address X, or blocking headless UA's like curl, or even blocking registrations using email addresses from known temp-mail providers is nowhere remotely close to being as privacy-infringing as requiring phone numbers is.
The privacy difference between your stated practice and my proposed alternatives isn't a difference of degree; it's a fundamental difference of kind.
Being generous, this is lazy, corner-cutting engineering that seeks to impose an unknown amount of privacy risk from the perspective of end users by piggybacking off an existing channel that only good-faith users won't forge (phone number), at the possible expense of good-faith users' privacy, rather than implementing a better control.
Of course, there's no reason to be generous to for-profit corporations - the much more plausible explanation is that your business is data mining your own customers via this PII-linked registration requirement through a coercive ToS that refuses service unless customers provide this information, which is both entirely unnecessary for legitimate users and entirely insufficient to block even a slightly motivated abusive user.
...not that you'd ever admit to that practice if you were aware of it happening, or would even necessarily be aware of it happening if you were not a director or officer of the business.
The (probably) most famous example being https://www.eff.org/deeplinks/2019/07/fixed-ftc-orders-faceb...
And it's not enough to say "well we don't use it for that". One, you can't prove it. And two, far more important, in an information leak, by taking and saving the phone number (necessarily, otherwise there's no account gating feature unless you're just giving fake friction), you expose the user to risk of connecting another dot. I would never give my phone number to some rinky dink company.
Now that said, I don't use lazy pejoratively. Products must launch.
Plenty of free VOIP services exist, including SMS reception.
Even when the free service providers are manually blocklisted, one-time validations can be defeated with private numbers on real networks / providers for under a dollar per validation, and repeated ongoing validations can be performed with rented private numbers on real networks / providers for under ten dollars per month.
The rent-an-SMS services that enable this are accessible through a web interface that allows connections from tor, vpns, etc - there is no guarantee that the telecom provider's location records of the IMEI tied to that phone number is anywhere close to the end user's real geographic location, so this isn't even helpful for law enforcement purposes where they can subpoena telecom provider records.
This "phone number required" practice exists for one primary reason: for businesses to track non-fraudulent users, data mine their non-fraudulent users, and monetize the correlated personal information of non-fraudulent users without true informed consent (almost nobody reads ToS's, but many would object to these invasive practices if given a dialogue box that let them accept or decline the privacy infringements but still allowed the user to use the business' service either way).
Sometimes, they are also used for a secondary reason: to allow the business to cheap out on developer costs by cutting corners on proper, secure MFA validation. No need to implement modern, secure passkeys or RFC-compliant TOTP MFA, FIDO2, U2F when you can just put your users in harm's way by pretending that SMS is a secure channel, rather than easily compromised by even common criminals with SS7 attacks, which are not relegated to nation-state actors like they once were.
Interesting, I've heard otherwise but it was anecdotes. Do you have any data on that?
> to track non-fraudulent users
You listed a large number of ways to fake the phone number which is why you believe it doesn't prevent fraud. What is to stop a non-fraudulent user from doing the same thing to prevent the tracking by the company?
The original stated intention of the practice was that "it" [mandatory phone number registration] "prevents fraud" (though this stance was being critiqued by the person who raised it, not defended).
I'll concede that it probably has stymied some of the most trivial, incompetent fraud attempts made, and possibly reduced a negligible amount of actual fraud, but the idea that it can "prevent" fraud (implying true deterministic blocking, rather than delaying or frustrating) is refutable by the very reasonable assumption that there is almost certainly no company that implements mandatory phone number registration that has or will experience ZERO losses to fraud.
That said, in fairness, this is an unfalsifiable and unverifiable claim, as to my knowledge, there is nothing resembling a public directory of fraud losses experienced by businesses, and there is no incentive for businesses to admit to fraud losses publicly (they may have tax incentives to report it to the IRS, legal incentives to report it to law enforcement, and publicly traded companies may have regulatory incentives to at least indirectly acknowledge operating losses incurred due to fraud in financial reporting), but that doesn't make the claim itself unreasonable or improbable.
>What is to stop a non-fraudulent user from doing the same thing to prevent the tracking by the company?
The argument isn't that mandatory phone registration unavoidably forces privacy infringement upon all users, just that it does infringe upon the privacy of some (I'd suggest a vast majority) of users in practice.
If you load it with 10 dollars in minutes, it'll be good forever. But I'm not sure what TracFone has for an inactive policy
It works surprisingly well. I can easily turn off the second line in Settings without removing it.
I could’ve bought an unlocked phone with cash somewhere and used the SIM in that. They wouldn’t know who I was.
I didn’t do that because it was inconvenient and it wouldn’t be anonymous once I started using it for SMS authentication.
I tweaked mine a bit but still.
> Let users on a free plan take advantage of the latest models through auto
It also describes how the auto selector works in more detail:
> When using auto model selection, VS Code uses a variable model multiplier based on the automatically selected model. If you are a paid user, auto applies a 10% request discount. For example, if auto selects Sonnet 4, it will be counted as 0.9x of a premium request; if auto selects GPT-5-mini, this counts as 0x because the model is included for paid users. You can see which model and model multiplier are used by hovering over the chat response.
Would the more casual Copilot audience be OK with gpt-5-high - the model that many say is better than Sonnet - taking significantly longer to respond? Potentially minutes longer. A faster model can make sense as a default
There is nothing to understand. The point of such subsidies is to turn OPEX into a green line on the stock market.
Especially as Microsoft is currently also in a fight with OpenAI.
is Claude Code just a plug-in for an existing editor. Or it is the entire editor itself?
It constantly loses existing code. It the end of an intense coding session you’ll find your 20 feature application now has 3 features. That alone makes it not worth using. I can’t be bothered constantly working to identify and prevent losing existing features.
It is however very powerful for doing debugging and diagnostics with throwaway code.
It’s also useful to analyse stuff with ChatGPT and give that to Gemini or Claude to do the coding.
Edit: maybe Cursor forced this and Microsoft is taking its choice to open license VS code on the chin. Will be interesting to see the strategy with Visual Studio going forward.
They lost me when they expired my money and then tried to take more without asking
However, I really
do* prefer ChatGPT for generalized but as-applied conversation about architecture decisions, pros/cons of different approaches, patterns. Claude can do this too, but I do prefer ChatGPT for this.