Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Friday, July 3, 2026

Clearing the Market

Cushing, Oklahoma is the pricing point for West Texas Intermediate (WTI) crude and the physical hub through which US oil supply flows to refineries across the Midwest and Gulf Coast. As of 25 June, inventories have fallen to 19 million barrels, below the operational minimum (~20mb) that the industry considers the threshold for physical stress. The US Strategic Petroleum Reserve (SPR) has fallen to 331.2 million barrels, the lowest since 1983. According to the IEA, global inventories are at their lowest seasonal point in recorded history.

The market has priced almost none of this. 
***
  • The ceasefire holds, but the underlying deal has stalled on the points that determine whether reopening is sustainable.
  • Iran is entrenching control over the strait through mechanisms – mines, fees – that outlast any ceasefire.
  • Iran’s institutions can’t agree among themselves, so even a signed deal still may not compel the IRGC, hence the physical reopening the market is pricing isn’t coming on the MOU’s own timetable.
  • Meanwhile the price is being held down by three cushions – released barrels that had been trapped in the Gulf, SPR drawdowns, and Chinese reserves and reduced imports – that are all finite, so the mispricing identified in Two Spikes Coming hasn’t resolved.
  • New evidence this week – inbound tanker numbers, floating storage, operator testimony – confirms the physical picture rather than the price picture.
The argument in Two Spikes Coming rests on a race, between stockpile depletion and production restoration, with Cushing already near its operational floor and reserves elsewhere running out within one to two months. The past week has not changed that race, but it continues to indicate the reserve draws are still outpacing the return of flow.


The MOU signed on 17 June was supposed to settle the reopening. Instead it has settled into a pattern of brief traffic windows followed by a strike, a US response, and a return to the negotiating table to manage the aftermath. The Ever Lovely was hit on 25 June inside the safe corridor the International Maritime Organisation (IMO) and Oman had set up along the Omani coast days earlier. The US struck Iranian missile, drone, and radar sites the next day. A projectile then hit the tanker Kiku and Iran fired at US positions in Bahrain and Kuwait. The US next expanded its target list to surveillance, communications, and minelaying infrastructure. Both sides then turned up in Doha this week and kept communicating, which suggests the ceasefire itself is intact, but does not indicate the deal underpinning it is progressing.

The two sides are not talking directly to each other in Doha. American and Iranian delegations are meeting Qatari and Pakistani mediators separately, a step back from the direct sessions held in Switzerland two weeks earlier. Iran’s stated priority is Clause 11, the release of frozen assets, and President Pezeshkian has stated that $6 billion of the $12 billion held in Qatar will be returned, though it is not yet clear on what terms or even whether the funds have moved. Iran will not discuss its nuclear programme until those funds move, but if that money moves without a matching concession on enrichment it will reduce the leverage the US has left for that discussion. Trump has claimed a deal was close at least 38 times between late March and early June, according to a CNN count. Doha is yet one more round in that pattern.

The strait’s governance is where the deal has stalled most. Iran’s foreign minister Araghchi has said the removal of “obstacles” in the strait, and its reopening, rests with Iran alone. The IMO’s Secretary-General has said Iran laid an estimated eighty mines across the main shipping channel. The timetable for clearing them is set by Tehran regardless of what Doha produces. The Joint Maritime Information Centre raised the strait’s security threat level to “substantial” this week, citing mine risk and clearance uncertainty. Oman has separately delivered a service-fee proposal to Washington and its allies. An Iranian official has called the fees mandatory, but a regional diplomat has called them voluntary. Either way, Iran can prioritise the shippers who comply and delay the ones who do not, so the dispute over wording matters less than the authority it establishes.

Inside Iran, more than sixty of the Assembly of Experts’ roughly 88 members signed a statement on 28 June warning negotiators against crossing Khamenei’s red lines, control of the strait among them. The Assembly’s own secretariat publicly distanced itself from the statement within hours, which means even the body meant to speak for Iran’s clerical establishment cannot agree on how hard a line to take. Pezeshkian spent the same week in Qom telling senior clerics the opposite, that the MOU was an economic win worth defending. And while the president was making that case, the IRGC struck a vessel inside a corridor the foreign ministry had just endorsed. Three arms of the same state, pulling three different directions, in the same seven days. No single part of the Iranian state can bind the others to one position, hence why incidents the negotiators did not authorise keep recurring.

WTI is trading around $70, close to its level before the war began, and Morgan Stanley has cut its Brent forecast on the basis that Hormuz is reopening faster than expected, projecting a 2027 surplus of 4.8 million barrels a day. “Strip away the narrative,” the bank’s analysts wrote, “and read only the prices. They describe a market that has weakened across the board.” Morgan Stanley may be right about a near-term glut – outbound cargo has genuinely surged since the MOU – but the mistake is extrapolating that burst into durable recovery. The analysts are getting the direction backwards because a weak price does not necessarily prove a weak market. Rather, in this case it means a market distorted by reserve draws and supply disruption, and both of those aspects are temporary props under the market, not foundational features. That makes Morgan Stanley’s case much harder to sustain.

Roughly 170 million barrels of crude that had been trapped in the Gulf cleared the market once the MOU allowed it out. The SPR is drawing at a pace that leaves perhaps three to six weeks of room. Chinese crude imports have fallen by something like 5 mb/d since March, while China’s visible commercial stocks have barely moved, which means the shortfall is being met from reserves that do not appear in any published series. Cushing itself fell to 18.96 million barrels in the week to 19 June, the lowest since October 2014 and near the roughly 20 million barrels traders treat as an operational floor. A partial reopening of the strait does not fix that on its own.

by Nick Wade, State of Play |  Read more:
Image: EIA, HFI Research
[ed. See also: Trump Paused War to Manipulate Oil Prices (video/YT). And, this: New Report Reveals True Extent of Devastation of US Fifth Fleet HQ in Bahrain with a special status update on F-35 readiness. Priceless. (Another good(?) read here).  I don't think this war is going the way they thought it would.]

Thursday, July 2, 2026

The Licensing Revolution: Is Resistance Futile? Part 1: Loss of Ownership Comes to the Car

“Neoliberalism as an economic system enshrines the extraction of rent over industrial production.”
—Yours truly, here
Two of the most revolutionary inventions man ever made were created in the 20th century, one at its start and the other close to the end. Both offered the same innovation: a quantum advance in individual freedom and power.

I’m talking, of course, about the automobile, personal transportation, and the PC, your own personal computer.

Cars and Computers

If you own a car, you own your own transportation; you don’t rent it or borrow it. You can argue the merits of “owning” personal transportation — there are climate, pollution, and crowding arguments against — but there’s no question about the freedom it gives to people. You want to leave now? Just jump in the car and go.

If you own a PC, same thing. Before the PC, some calculations and modeling were just too painful and time-consuming to do, and many were simply impossible. Think of the most complicated spreadsheet you’ve ever created — could you have done that by hand? Or better, if you could have done it by hand, would you have?

Before the PC and its business equivalent, the UNIX-based Sun Workstation, access to computing power were through IBM-style mainframes and minicomputers, like those made by DEC. None of these could be considered “personal”; they were too costly, and though they could accommodate multiple users at terminals, the computing itself was centralized and corporate-owned.

Keep this in mind: Before the PC, computing was centralized and corporate-owned. After the PC, computing power was inside the box you worked at, and priced for individual sale. Now thanks to Windows 11, that’s all been reversed.

Cars and computers, each a revolution in personal power and control. Now both will be taken away. Your car will no longer be yours, nor will your PC.

Soon You Won’t Own Your Car

The above statement is true in too many ways. The car you’ve already bought will be licensed to you, a license that can be revoked.

Your New Car Is a Spy

Cars have become computers over the last few years. And that means cars have become spy machines. Here’s one review, by the Mozilla Foundation, of the automobile industry from the standpoint of privacy, written in 2023. Its bottom line is the headline:

It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy
All 25 car brands we researched earned our *Privacy Not Included warning label -- making cars the official worst category of products for privacy that we have ever reviewed.
The link for individual brand reviews is here. Their sins are many; these are the important ones:
1. They collect too much personal data (all of them)
2. Most (84%) share or sell your data
3. Most (92%) give drivers little to no control over their personal data
4. We couldn’t confirm whether any of them meet our Minimum Security Standards
Recipients of the sale of your data could include your insurance company, which can purchase everything recorded about your driving habits.

And you can’t shut this stuff off, because it’s not hardware, but software, and the car needs its software to run. Here’s Tesla’s warning about its software, again from 2023 (emphasis mine):
However, “if you no longer wish for us to collect vehicle data or any other data from your Tesla vehicle, please contact us to deactivate connectivity. Please note, certain advanced features such as over-the-air updates, remote services, and interactivity with mobile applications and in-car features such as location search, Internet radio, voice commands, and web browser functionality rely on such connectivity. If you choose to opt out of vehicle data collection (with the exception of in-car Data Sharing preferences), we will not be able to know or notify you of issues applicable to your vehicle in real time. This may result in your vehicle suffering from reduced functionality, serious damage, or inoperability.”
It’s gotten worse since then; Tesla’s just getting started.

The Biden Bill–Mandated ‘Kill Switch’

Watch the Breaking Points video at the top; it details, from reputable reporters, the next dystopian “feature” of cars manufactured in 2027 and later — a “kill switch” that turns your car off if it thinks you shouldn’t be driving.

The detail is here. Basically, under Joe Biden, Section 24220 of the Infrastructure Investment and Jobs Act “requires all new passenger vehicles to eventually include factory-installed technology that detects driver impairment and prevents or limits vehicle operation.”

The implementation falls under the NHTSA, which is writing the rule. Barring congressional prevention or modification, the kill switch is expected appear in all newly manufactured cars (but not used ones) starting in late 2026 or early 2027.

Privacy and Control

In modern America, two things are certainly true. 1) Once privacy is taken away, it never comes back; and 2) when a power is gained by corporations and government, they pervert it as fast as they can.

The prime example is this war — because Congress long ago surrendered its war-making power, the Executive has steadily moved in, to the point that today there’s not even a pretense of getting congressional permission. Trump wants a war wherever, that’s what he does. Or consider the definition of “terrorist” — today it’s “whomever the feds wishes to hurt, and to whatever extent.”

So what’s the maximum harm that can be done by the “new automobile”? Your driving is monitored by AI; the data is fine-grained and stored; anyone who wants it can buy it for whatever goal, including to raise your insurance, or deny you coverage.

Further, anyone with control of the software — the manufacturer, the FBI (initially under subpoena, but later, who knows?), cops, Homeland Security, or any branch of the law, whatever that means — can turn off your car when it wants, or (why not?) gain full control, lock you in, and drive you wherever it wishes. Remember, eventually every new power is perverted.

It starts, as always, with calls to Save the Children (MADD is mad for this law).

The next expansion is to further the War Against Crime. (“Remember the OJ Simpson highway chase? What if they could just turn off the car? You want to catch OJ, right? Do you hate the cops?”)

Then it transforms into … what? Whatever the security state wants, because “keeping you safe.”

The Licensing Revolution

You won’t own your car for another reason as well. You may have noticed a trend: what you used to be able to buy, you now merely rent.

• Apple doesn’t sell music, it licenses use.

• You no longer own your software. TurboTax, for example, sells a “personal, limited, nonexclusive, nontransferable, revocable license to use the applicable Software only for the period of use provided in the ordering and activation terms”.

• Same with Amazon’s ebooks and audiobooks.

• Same with Microsoft Windows. (More on that later.)

Non-transferable and revokable licenses. Renting your life.

by Thomas Neuberger, God's Spies |  Read more:
Images: uncredited; and Branimir Kvartuc/ZUMAPRESS.com/Corbis
[ed. In fact, Sony just made news the other day about remotely deleting all previously purchased content in digital libraries, and a couple days later ditching physical disks in favor of licensing. Amazon has already made this transition with Amazon Prime videos. See also: The Licensing Revolution: Windows EditionPart 2: The computer you bought isn't yours. A tale about power.]
***
"Words have meaning. Proper word selection is integral to strong communication, whether it’s about relaying one’s feelings to another or explaining the terms of a deal, agreement, or transaction.

Language can be confusing, but typically when something is available to “buy,” ownership of that good or access to that service is offered in exchange for money. That’s not really the case, though, when it comes to digital content.

Often, streaming services like Amazon Prime Video offer customers the options to “rent” digital content for a few days or to “buy” it. Some might think that picking “buy” means that they can view the content indefinitely. But these purchases are really just long-term licenses to watch the content for as long as the streaming service has the right to distribute it—which could be for years, months, or days after the transaction.
" via:

Tuesday, June 30, 2026

Asteroid Day, June 30, 2026

Asteroid Day, June 30, 2026

Asteroid Day was cofounded in 2014 (the year after the 2013 Chelyabinsk meteor air burst) by physicist Stephen Hawking, B612 Foundation president Danica Remy, Apollo 9 astronaut Rusty Schweickart, filmmaker Grigorij Richters, and Brian May (Queen guitarist and astrophysicist). Remy, Schweickart, Richters, and May initiated Asteroid Day in October 2014, which they announced during a press conference. It was launched on December 3, 2014.

In 2016, the United Nations proclaimed Asteroid Day be observed globally on June 30 every year in its resolution. The event aims to raise awareness about asteroids and what can be done to protect the Earth, its families, communities, and future generations from a catastrophic event. - Wikipedia


There are about a million asteroids in the Solar System with the potential to strike Earth and destroy a city. Astronomers have discovered only 1% of them. Asteroid Day is an effort to educate the public and encourage policy makers to fund this important effort.

King Tut may have celebrated an ancient Asteroid Day by asking his assistants to make a dagger out of a broken-off asteroid that landed on Earth. Astronomers discovered that the blade of the knife contained much more nickel than is found in terrestrial iron, an amount consistent with iron meteorites, especially with one found in the year 2000 in the Kharga region in northern Egypt. For more information about the dagger, go to http://goo.gl/BHBivd. (via: Bruce Palmquist, Daily Record)

[ed. Brian May was also an astrophysicist? Wow. A man of many talents. Another one would be Jeff "Skunk" Baxter, guitarist for Steely Dan and US missile defense contractor/consultant.]

Saturday, June 27, 2026

Leviathan Waking

[ed. I'd suggest reading this first: The Once And Future Fable #2.]

Imagine that there were no Food and Drug Administration (FDA), but there remained a large pharmaceutical sector, similar in size and scope to the one the United States enjoys today. In this alternate world, imagine that drugs were not licensed or otherwise formally approved by regulators; there were even officials in the executive branch who boasted that the U.S., unlike other countries, would not get into the regulatory morass of licensing drugs.

One day, a pharmaceutical developer warns that they think they have made a drug that cures a major Cancer at one dosage but is lethal at a slightly higher dosage. The company says, for this reason, that they are going to restrict release only to pre-approved patients and monitor their usage of the drug carefully—a sharp break from prior industry practice but one that the company insists, controversially, is necessary. This particular company had been advocating for years for stricter drug regulation, much to the chagrin of the government.

This causes a stir, and the government, not quite knowing what to do, announces that it will give drug developers the helpful option to show their drugs’ safety profiles to government officials before they are released. They are adamant that this is a voluntary program. The pharmaceutical company, being hopelessly literal nerds, and if we are being honest, more than a little bit obstinate, decides to release their drug without going through the voluntary program. “We already paused general availability of the drug while we did our own safety study, so we don’t need the government’s testing, and besides it is voluntary, isn’t it?” the company seems to be saying.

But then a handful of patients get side effects severe enough to hospitalize them, but not severe enough to be lethal. The government gets understandably upset, particularly considering their lack of experience in regulating drugs. “You talked up your own safety practices so much, and now we have people in the hospital. You are telling us that you are comfortable releasing chemicals that can put people into the hospital?,” the government argues to the company.

The company’s literal and obstinate nerds say, “well, we’ve thought about drug safety regulation quite a bit, and given how common hospitalization of a small number of patients is with a new drug, compared to the lifesaving benefits of our drug for millions, yes, we think the benefits outweigh the risks in this case.” But trust has already broken down, and this abstract, technocratic defense falls on deaf ears. “People are being hospitalized,” the government says.

And so the government bans the drug, indefinitely. It is not clear what the government wants more: a remedy for this specific side effect, a solution to all side effects from drugs, or, really, an apology from the company, as well as the sensation of domination over these disobedient, obstinate, and literal nerds.

In a matter of weeks, in our alternative world, the United States went from a system that was implausibly laissez-faire for the level of risk involved in this industry, to a system that was, in the eyes of essentially all expert onlookers, incomprehensibly strict and risk averse.

Fable, Jailbreaks, and Export Controls: What Happened

This, of course, is my read of what happened in the Trump Administration’s latest dispute with the AI company Anthropic. For those not following the blow-by-blow, what happened, in a few sentences, is:
1. Anthropic released Fable, a commercial version of their very-powerful Mythos model with severe guardrails to prevent misuse.

2. People liked it, though broadly speaking thought the guardrails were far too strict.

3. A few days later, officials in the Trump Administration (it is not clear who) became aware of a jailbreak that got around some of Fable’s safeguards (it is not clear how severely), and demanded that Anthropic de-deploy the model (it is not clear with how much specificity the government expressed the concern).

4. Anthropic did not de-deploy the model (it is not clear why), so the government imposed worldwide export controls against all non-U.S. persons on Fable and Mythos.

5. Because Anthropic lacks the ability to validate U.S. personhood for end users, this meant they had to pull down the models globally, for everyone. In fact, by some accounts, Anthropic has had to suspend internal usage of their model because of the risk that their own non-U.S. person employees might use the model.
You’ll notice the clause “it is not clear” repeated frequently above. The sheer opacity of everything that is unfolding makes it hard to analyze. There is no text for me to draw on, and no actual policy to criticize. There is simply a game of he-said, she-said played between two actors whose animosity toward one another is only growing and who both, if we are honest, seem to be making things worse for themselves and for the whole industry. [ed. Iran, anybody?]

by Dean Ball, Hyperdimensional |  Read more:
Image: via
[ed. Why does this same chaos script keep repeating with everything this administration touches. Rhetorical question. See also: White House Will Ad Hoc Decide Who Can Individually Access GPT-5.6 (DWAtV).] 

[ed. Update: Sorry, this has nothing to do with AI frontier models, but everything to do with decision-making in this administration. Can't help but laugh (or cry)... Promises Made, Promises Kept (Defector):]
***
"If everyone in the United States weren't living downstream from its consequences, it would be a pretty good tragic flaw that Donald Trump wants more than anything to be seen as a brilliant man who has always been right about everything when he is transparently a butterfingered dunce whose professional expertise more or less begins and ends at making cutting remarks from a safe distance and directing other people to file nuisance lawsuits on his behalf. If assessed from a sufficient remove, the spread between the opening proposition—the man who knows more about every subject than any expert without even having to study or even pay attention to any of it, because he is just that much of a natural talent—and the relentlessly oafish output is a great bit, if admittedly also a bit one-note.

Lots of awful people are like this, and a great percentage of the degenerate gentry that is Trump's truest and most durable base is extremely like this: Dumb old bullies all grandiose and soft from golf and infidelity; illiterate real-estate types with detailed opinions on The Differences Between The Races; the luridly unemployable adult children of car-dealership guys; anhedonic beneficiaries of a good investment or two who have, through sheer restless indolence and various dull biases, backed into some truly berserk and totally bespoke authoritarian worldviews. Aging phone addicts who think the country "needs a pharaoh." Ruddy tax evaders who fear cities and are insecure about their boats. None of these people really do things especially well, and all of them are visibly getting worse, but they are all far enough from experiencing any kind of consequences that they can't really imagine failing at anything they try.

This mindset scales all the way up to some of the most powerful people in human history, but it is the same all the way down. It amounts to the belief that only these particular wimpy pink goofs, each one the protagonist of reality, can be entrusted to run things, and that any problem can be solved by telling some underling to handle it, and also to the idea that such an order becomes a glorious and vindicating solution immediately after it is issued. Nothing that follows will ever be their fault. Provided you do not care about or pay attention to the world, this worldview absolutely rocks."

Friday, June 26, 2026

What If It All Came Out?

The nightmare began with an annoyance as benign and commonplace as a housefly. “Hi there Matt,” the July 11, 2024, email read. “We received a message from you earlier today through our support page related to a changed password on your account … If you didn’t make a support request,” the sender asked politely, “please let us know.”

Matthew Van Andel, 44, who goes by the nickname Dutch, had never heard of “nullbulge.se,” the domain name that sent the message. It appeared to be a classic phishing attempt, a prompt to get him to reply to the email with personal information. So he marked it as spam, swatting it away with a near-automatic series of clicks. Van Andel worked in technology at Disney corporate in Burbank. He loved his job at “the Happiest Place on Earth”; over his seven years at the company, he and his wife, Nicole, had become Disney adults, taking advantage of discounted park tickets with their two kids. Their house in La Crescenta, where Van Andel was working remotely when he got the email, was filled with Mickey and Star Wars and Marvel memorabilia.

Fifteen minutes later, another message arrived from the same sender. This one took a different tack. “Hi Matt. We regret to inform you we have gained access to certain sensitive information related to your personal life.” Van Andel would have deleted this, too, but he had received exactly the same message on Discord, a platform he used to chat about gaming. And it contained specific information that only a few people could, or should, know. “We noticed you had a conversation with Aadya and Shawn about being at Granville for ‘$veg && $keto,’” it read. That was strange. Aadya and Shawn were Van Andel’s co-workers; “$veg && $keto” was a joke about lunch that Van Andel had made while chatting to them on Slack, the internal-messaging system Disney used, a few days earlier.

Seeing his own private words on the screen, Van Andel messaged Disney’s information-security department. The emails had been sent to his personal account, which he was reading on his personal gaming PC in his home office. Info-sec told him his Slack account and work laptop appeared to be operating normally. Still disturbed, Van Andel deleted the second email. Immediately a third arrived: “You think we didn’t see you mark our first test as spam? Then our actual attempt [at] contact went right in the trash.” Van Andel felt his stomach drop. Someone had live access to his account and was watching him use it.

As an engineer, Van Andel thought he had above-average personal op-sec. He ran anti-virus software on his computer. He used Proton Mail, which encrypts messages between users. He turned on multifactor authentication for serious stuff like iCloud. For the past decade, he depended on a password manager called 1Password, which generates random, long, and complex passwords; stores them; and automatically remembers them whenever a user needs to sign in. For Van Andel, 1Password even managed his multifactor-authentication codes. But his diligent, longtime use of his password manager turned out to be Van Andel’s vulnerability. Having all that information in one handy place meant that once someone else was inside, they had a master key to every aspect of his life: his iCloud, iMessage, emails, photos, PayPal, financial information, medical records, social media, his parents’ financials. Over 1,000 accounts. The only way someone could have gotten into his email was if they had cracked his 1Password; when Van Andel realized they must have access to everything, the room began to spin.

He had no idea why the hackers had targeted him or what their plan was, whether they would drain his family’s finances or stalk his home. Eventually, after running another anti-virus program, he found a piece of malware hidden in a plug-in he had downloaded from GitHub, the open-source coding site, one day in February when he was messing around with an AI image generator. He had checked the code himself, it had looked legitimate, and others had reviewed it positively. But it seems it contained a Trojan-horse virus that gave the hackers free rein of his PC. Once inside, they just had to wait for Van Andel to log in to 1Password. From there, they were able to steal all his credentials, plus many of his multifactor-authentication codes, so every time Van Andel logged in to an app, a website, or an account, they could follow behind him. They’d had access for months.

By morning, Van Andel had received a call from Disney info-sec: The intruders had revealed themselves on a blog post celebrating the hack as NullBulge, an activist collective “protecting artists’ rights and ensuring fair compensation for their work,” according to their website. It was later reported that they were Russian furries. They had dumped the contents of Van Andel’s 1Password onto BitTorrent along with his full name — every personal log-in credential, his messages, his bank information, his medical diagnoses, his Amazon account. They’d also managed to access more of Disney’s data than just Van Andel’s Slack messages and published that too: employee Social Security numbers and Slack messages, budget spreadsheets and passport information for the company’s cruise-line workers. It was a massive breach. As people around the world tried to use the information NullBulge had posted, Van Andel’s iPhone began pinging every few seconds with attempts to get into his accounts. Someone logged in to his children’s Roblox profiles and began defacing them with Nazi screeds. Unknown callers left voice-mails. “Dude, your life is over, haha,” one said. “Just leave the country; that’s my advice. Good luck, have fun, and I hope your type 2 diabetes doesn’t get the best of you.” Van Andel raced around the house unplugging Ring cameras and Amazon Echos. Discovering every new potential violation was like learning he was bleeding from a limb he didn’t remember he had. Viscerally, painfully, he could feel the overwhelming breadth and permanence of everything he had ever recorded online, ephemeral and vital and intimate and stupid. Somehow it was only the first wave of exposure he would endure.

by Bridget Read, Intelligencer |  Read more:
Image: Tracy Ma
[ed. Privacy is dead. Edward Snowden is still exiled in Russia.]

Thursday, June 25, 2026

America Has a Pangram Problem

AI-detection tools are getting better. But they still aren’t good enough.

Basically every recent, high-profile accusation of someone passing off AI-generated writing as their own has started in the same way: with a tool called Pangram. In March, when a horror novel from a major publishing house was pulled just days before its scheduled U.S. release date, it was in part because Pangram, an AI-detection program, had identified the text as AI-generated. Other people have fed text into Pangram to suggest that chatbots have been used to write articles in major newspapers including The New York Times, multiple short stories awarded a prestigious literary prize, and most recently, significant chunks of Pope Leo XIV’s encyclical warning about the dangers of AI. The tool is also used by universities to vet student work and scientific associations to scan research papers. As panic builds over AI-generated writing, Pangram is at the foundation.

Just a few years ago, it seemed like it might never be possible to instantly and reliably determine whether a piece of text was written by a bot or a person. In 2023, one detection tool, ZeroGPT, declared the U.S. Constitution to be AI-written; the same year, OpenAI abandoned its AI detector altogether owing to a “low rate of accuracy.” And that was when the quality of ChatGPT’s writing was markedly worse than it is today. But detection tools have gotten much better of late—and Pangram, in particular, has emerged as the gold standard: Paste a chunk of text into Pangram, and the model appraises what portions were “AI Generated,” “AI Assisted,” or “Human Written.”

Yet an AI detector that is mostly reliable might in some ways be more dangerous than a broken one. While Pangram is accumulating the power to end reputations and careers, the tool does make mistakes, perhaps to a greater extent than is currently understood. In turn, AI accusations could very quickly spiral into a witch hunt.

Pangram says its algorithm is so accurate that it incorrectly identifies text as an AI output only about one in every 10,000 times. “There is a great responsibility, a huge weight” in saying something is AI-generated, Max Spero, Pangram’s CEO, told me. “The only reason we do so is because we’re extremely confident.” Several independent analyses have also confirmed that it is quite good. One paper, from the University of Chicago, found that Pangram had almost no false positives on some 3,000 sample texts of roughly 500 to 1,000 words.

But Pangram’s ability to guarantee something was written by a human is shakier. Spero pointed me to a test showing that Pangram’s false-negative rate, or how frequently the model incorrectly labels text as human, is closer to one-in-70 (although some other assessments say it is more accurate than that).

Part of the problem is that Pangram is in an arms race with the major AI labs, which have an interest in making the writing of ChatGPT and Claude sound as natural and human as possible. And at the same time, Pangram has to deal with AI “humanizers”—programs designed explicitly to disguise AI text as your own. Reddit users rave about a humanizer called Walter Writes AI, which I decided to test out for myself. I had ChatGPT and Claude write brief articles, then pasted them into Walter Writes AI. The program, like other humanizer tools, does some anodyne rewording, swaps one clunky transition clause for another, and introduces grammatical oddities. For instance, ChatGPT’s “The numbers are no longer small enough to ignore” became “The sheer size of these usage figures can no longer be ignored.” When I pasted any output from Walter Writes AI into Pangram, it invariably told me that the twice-baked AI article was human-written. (It’s worth mentioning that The Atlantic forbids using AI-generated text unless labeled as such, and that I do not use AI for research.) [...]

Further complicating matters are the opaque ways in which Pangram and similar tools are designed. The model was trained by feeding it mountains of examples written by a human and by a bot—a book review in an actual magazine, then a review about the same book in the style of the same magazine, but produced by ChatGPT—until it can tell the two apart. This is akin to feeding millions of photos of cats and dogs into an image-recognition algorithm until it learns to spot the differences. Pangram cannot point to much specific evidence or patterns in diction, phrasing, or punctuation to support why it deems something AI or human. (I do not, for instance, understand why “these usage figures” was more human than “the numbers.”) Moreover, while Pangram distinguishes between “lightly” and “moderately AI-assisted,” these broad categories can mean just about anything short of copy-pasting from Claude—using AI for research, coming up with counterarguments, as a thesaurus, for a grammar check. The algorithm’s inner workings are “pretty uninterpretable,” Spero said, and although he wants to make Pangram’s “AI-assisted” label more granular, he is also “still not sure how possible it is.” Amid concerns of overreliance on AI chatbots, we risk simply layering on dependence on yet another black-box algorithm.

Spero told me that Pangram should “never be the ending arbiter” but instead a starting point for a more thorough investigation, and that the company looks into every reported error its model makes. He also noted that all sorts of detection technology we rely on—smoke detectors, TSA scanners—have base error rates too. On some level, in all these cases the biggest problems lie not in the technologies themselves but in what they’re trying to detect. It’s a problem that buildings catch on fire. It’s a problem that AI is seeping haphazardly into every facet of written communication.

by Matteo Wong, The Atlantic |  Read more:
Image: Atlantic/Getty
[ed. This seems like a transient issue to me. If AI is eventually able to write something (or create art) that's undetectable from what a human would produce, who cares? (except for writers and artists, obviously). You don't see this controversy in coding. See also: AI-Writing Scandals Are Getting Very Confusing (Atlantic). Also via DWAtV:
***
Again, we learn not that AI is a good writer, or that humans are bad writers, but that the literary prize judgment processes are worthless.
Jack: That which can be won with undisclosed AI output should be

Nabeel S. Qureshi: *Another* apparently AI-generated story wins a literary prize, this time judged by a panel including the novelist Ruth Ozeki.

Literary prizes need to start including Pangram checks in their process, or else change the rules to make AI writing ok. It’s very simple! [...]
How should we think about ‘witch hunts’ where people identify writing as AI?
Shashank Joshi: One of the worst trends of recent months: pseudoscientific witch-hunts using AI detection tools
The hunts are fully scientific. The detection tools work, at least for now. I have yet to see a case where Pangram said something was AI, and the piece was neither written using AI nor crafted intentionally to fool Pangram. There are some cases of heavy copyediting that trigger Pangram, but if it’s heavy enough to trigger Pangram then I consider that to be on you.

Saturday, June 20, 2026

SignalTrace: New Levels of Surveillance

If you thought Flock cameras were concerning, meet what comes next. 

A company called Leonardo has developed a system called ELSAG SignalTrace. It broke into public awareness just days ago and is already being marketed to law enforcement agencies across the country. It makes Flock Safety look modest by comparison. 

Here is what SignalTrace does: 

It clips sensors directly onto existing license plate reader cameras — the same poles, the same hardware already installed in your community. No new infrastructure required. A software and sensor upgrade is all it takes. 

Every time you drive past one of these upgraded cameras, the sensor sweeps up the unique electronic identifiers of every device in your vehicle. Your cell phone. Your smartwatch. Your wireless headphones. Your fitness tracker. Your laptop. Your tablet. Your car's own infotainment system. Your tire pressure sensors. Your vehicle's Bluetooth hotspot. 

And your pet's microchip. 

Every one of those devices emits a signal. SignalTrace captures those signals, timestamps them, ties them to your license plate, and stores them in a searchable database for future investigative use. The result is what Leonardo calls an electronic fingerprint — a unique profile built not from your face or your name, but from the constellation of devices you carry with you every day. 

Leonardo announced the ELSAG EOC Plus patent as early as May 2024, describing it as an electronic detection system for identifying people of interest through electronic device signatures. SignalTrace is the commercial product built on that foundation. The patent came first. The marketing came after. The sales calls are happening now. 

Here is where it gets worse. 

SignalTrace is explicitly designed to track vehicles even when the license plate cannot be read. If your plate is obscured, dirty, or misread — it does not matter. The system identifies your vehicle by the electronic fingerprint of the devices inside it instead. The plate reader becomes optional. The surveillance does not. 

The strategic advantage for police agencies is adoption friction. SignalTrace can be pitched as an extension of an existing ALPR ecosystem rather than a wholly separate surveillance buildout. That is exactly what happened with Flock. License plate readers went in first. Video came later through a software update. Nobody voted on the expansion. Nobody was told. SignalTrace follows the same playbook — attach to existing infrastructure and expand what it captures without requiring a new procurement process, a new vote, or a new public conversation. 

Who is Leonardo and why does their background matter? 

Leonardo US Cyber and Security Solutions is not a Silicon Valley startup. It is the American subsidiary of Leonardo S.p.A. — one of the largest aerospace, defense, and security conglomerates in the world, headquartered in Rome, Italy. Recent public market estimates place Leonardo S.p.A.'s market capitalization at approximately €29.76 billion — roughly $32 billion USD. For context that is nearly four times Flock Safety's valuation. [...]

What is ELSAG — and why SignalTrace is more dangerous than it sounds. 

ELSAG is Leonardo's license plate recognition product line — the company's core law enforcement technology that has been deployed across American communities for over two decades. ELSAG cameras are what you think of when you picture a standard license plate reader. Fixed cameras on poles. Mobile units mounted on patrol vehicles. Solar powered. Cellular connected. Reading plates and logging vehicle data. 

ELSAG is already deployed in all fifty states. Virginia State Police is a documented customer. Leonardo holds statewide procurement contracts in New York, Maryland, New Mexico, Ohio, and Pennsylvania among others, and is listed on the federal GSA schedule available to agencies nationwide. Their cameras are already on street poles and patrol vehicles across the country — quietly, routinely, and largely without public awareness. 

SignalTrace is not a new camera. It is not a new company. It is an upgrade — a sensor that clips directly onto ELSAG cameras already in the field and adds a new layer of data collection on top of the license plate reading that was already happening. The same pole. The same hardware. A new sensor attached to it that now also sweeps up every electronic device signal in every passing vehicle. 

That is precisely what makes it so significant. The deployment barrier is almost zero. Any law enforcement agency that already has Leonardo ELSAG cameras can add SignalTrace capability without purchasing new infrastructure, without a new procurement process, and — depending on how their existing contract is written — potentially without returning to their city council for approval. Sound familiar? It should. It is the exact same function creep mechanism that allowed Flock Safety to add video streaming, vehicle fingerprinting, and AI people search to cameras that were originally sold as simple plate readers. 

The infrastructure goes in first. The capabilities expand later. The public finds out last — if at all. [...]

The data retention problem. 

With Flock we at least know the default data retention period is 30 days — though the contract language grants Flock a perpetual license to use that data regardless. With SignalTrace the situation is more opaque. Leonardo's product materials state that all data collected may be uploaded to the EOC server and archived for future queries and analysis — with no published retention limit. How long does Leonardo store your electronic fingerprint? Who has access to it? Can it be shared with other agencies or federal entities? Can it be purchased by data brokers? Leonardo's materials do not answer these questions. That silence is itself an answer. 

The retail and private deployment problem. 

Leonardo is actively marketing SignalTrace to shopping malls, retail centers, and private businesses — not just law enforcement. Their materials describe deploying SignalTrace in parking lots and inside shopping centers to track individuals involved in organized retail crime. By identifying and correlating electronic devices carried by suspects, retailers can gain critical insights into criminal patterns. 

That means SignalTrace sensors could be on private property you visit every day — your grocery store parking lot, your shopping mall, your workplace — operated by a private company with no law enforcement oversight, no warrant requirement, no public accountability, and no notification to you. Your electronic fingerprint captured every time you park your car. Stored indefinitely. Shared with whoever the private operator decides to share it with. 

The no-plate-needed problem — and what it means for pedestrians. 

The implication of being able to track a vehicle by its electronic fingerprint without reading the plate goes further than most people realize. Deliberately obscuring your plate — which some people do to avoid surveillance — provides zero protection against SignalTrace. The sensor does not need the plate. It reads your phone. 

More critically — the sensor does not know or care whether the device it is reading is inside a vehicle or in the pocket of a pedestrian walking past the pole. A person walking down the sidewalk past a SignalTrace-equipped camera is emitting the same Bluetooth and Wi-Fi signals as a person driving past in a car. The system's sensors capture signals from whatever passes within range. Whether that includes pedestrian device capture is not addressed in Leonardo's public materials. The fact that it is not addressed is worth noting. [...]

SignalTrace does not aggregate your vehicle's movements. It aggregates your personal electronic identity — every device you carry, every signal you emit — and ties it permanently to a location, a timestamp, and a plate number. It does not track your car. It tracks you. Personally. Individually. Every time you pass a sensor, whether you are suspected of anything or not. 

by BlackBetty (Anonymous), X |  Read more:
Image: Natasha Eliya/Michigan Daily via
[ed. Public service announcement. Are they actually able to do this with the weak signal of wifi and Bluetooth? Wouldn't be surprised. See also: SignalTrace just weaponized your AirPods against license plate readers nationwide (Cambridge Analytica).]

Thursday, June 18, 2026

Introducing Peace 1.0™

“President Trump said he hoped the war with Iran would soon be in the ‘rearview mirror’ on Tuesday, even as the terms of a cease-fire he signed remained secret and Vice President JD Vance acknowledged that it was ‘a very general document’ with few details.” – New York Times
- - -
After several profitable quarters from our line of War Mongering products, which include blowing up water facilities and a school, as well as temporarily disrupting one-fifth of the world’s oil shipments, we’re excited to announce the rollout of our new product: Peace 1.0™.

Peace 1.0™ is a revolutionary conflict-reduction platform that leverages diplomacy, reduced bombing, and reopened shipping lanes to create value for shareholders, with potential benefits for people living throughout the region.

We’re starting with a regional rollout in Iran, but early testing suggests that customers respond positively to features like the absence of active warfare, longer lifespans, and a fragile sense of security.

FAQ

What is included in Peace 1.0™?
Peace 1.0™ includes a one-page memorandum, several unresolved technical questions, and a loose promise to figure out what the agreement actually means at a later date.

How is Peace 1.0™different from previous versions of peace?
Unlike legacy peace, Peace 1.0™ improves on the original by providing many of the same benefits while adding exciting new features, including higher oil prices, increased regional instability, damaged infrastructure, and a sense that war might break out again at any moment.

Is Peace 1.0™ a fully developed product?
Following startup best practices and to get our product to market faster, we’re releasing a minimum viable product that removes nearly all of the details customers typically associate with a peace agreement.

Why are the contents of Peace 1.0™ a secret?
New products always have a few technical glitches, like a lack of specifics on how the product actually works, and we don’t want customers to delay adoption until Peace 2.0.

What metrics will determine whether Peace 1.0™ is a success?
We’ll be tracking key performance indicators such as the number of missile launches (single digits are ideal), lower insurance premiums for cargo ships, and whether peace feels slightly less certain than it did before.

Are you planning on rolling out Peace 1.0™ to other parts of the world?
Our War Mongering division is working tirelessly to identify potential growth markets. Until then, we’ll be holding off on a global launch.

Are you discontinuing your War Mongering line of products?
Absolutely not. War Mongering products, combined with Peace 1.0™, work symbiotically to drive fast-growing revenue. In fact, every successful rollout of Peace creates exciting new opportunities for future wars, while every war creates additional demand for Peace. We’re so confident in this business model that our long-term goal is to become the world’s leading provider of both.

by Kate Chrisman, McSweeny's |  Read more:
Image: via
[ed. See also: The Art of the Nuclear Deal (McSweeny's).]

Wednesday, June 17, 2026

Trump Does Not Understand the War He Lost

Donald Trump arrived in France yesterday for this morning’s G7 summit and promptly confirmed America’s capitulation to Iran. Instead of merely repeating the outlines of what looks to be a terrible peace deal, however, Trump made a series of statements so bizarre, even by his usual standards, that they raise the question of whether the president still understands the words that come out of his own mouth.

The president began with a classic Trumpian move, daring his listeners to forget today what they knew yesterday. Just this winter, Trump had promised the Iranian people that the tyrants who ruled them would be gone. But now? “I never cared about regime change,” he told reporters, waving away his failure to achieve a primary strategic goal by denying that it had ever been a goal at all.

Things got a little weirder, however, when he described the Iranians who have stepped in to replace the regime leaders killed in U.S. strikes: “We’re dealing with people that I think are very rational people. And they were nice to deal with.”

“They were strong people, smart people,” he added. And then he dropped this remarkable claim: “They’re not radicalized, and they’re, you know, looking to help their country.”

This definitely not-radicalized group that Trump seems to like includes the new supreme leader, Mojtaba Khamenei (whose father, wife, and son were killed by U.S. strikes), and the still-standing Islamic Revolutionary Guard Corps, all of whom have shown no compunction about lashing out in any direction during Trump’s “cease-fire,” the make-believe pause in the war during which no one actually ceased firing.

Trump’s description of the current regime in Tehran as a bunch of swell guys was brewed in a heavy-duty vat of wishful thinking. It’s an extreme version of Trump’s tendency, when he’s been outplayed by powerful enemies, to describe his opponents as basically reasonable people. (He has done the same over the years with dictators and autocrats in North Korea, Russia, and China, among other countries.) This is his way of assuring the public that he did not get taken to the cleaners—because, of course, his affable partners would never do that.

Trump fared no better talking about the Iranian nuclear program. Iran’s stockpile of highly enriched uranium exists largely because Trump unilaterally called off U.S. participation in the Joint Comprehensive Plan of Action, the 2015 agreement that was meant to prevent Iran from enriching uranium beyond minimal levels for civilian uses. After the U.S. and Israeli attacks last year, and yet more pounding during Operation Epic Fury, that uranium remains underground, either hidden in storage or buried beneath tons of rubble; some of it can likely be recovered and enriched for military uses. Trump has said, repeatedly, that Iran must hand it over.

Until today.

“I call it the nuclear dust, their enriched material, right?” Trump said. (Why he calls it this remains a mystery.) Does America still insist on its removal from Iran? Well, maybe.

“The whole mountain has collapsed on top. We have cameras on it,” Trump said. “You could make the case ‘Why are you even bothering?’ ’cause it’s not really valuable. It’s, you know, it’s probably half a million dollars’ worth. It’s not very valuable stuff, but I think psychologically we wanna get it.”

The United States and Israel ostensibly went to war with Iran last summer over the prospect of the Tehran regime developing a bomb, and that same threat has supposedly been at the center of America’s largest military operation in decades—but now the highly enriched uranium isn’t very valuable? The president wants it for “psychological” reasons? (This is reminiscent of his comment that America should seize Greenland because it was “psychologically” important to him.) Does the commander in chief understand what he’s saying? More important, will Iran keep tons of highly enriched uranium under this new deal or not?

“The biggest thing,” Trump said today, is that “Iran will not have a nuclear weapon.” That’s fine, except that it didn’t have one before, either, and now it has an even greater incentive to get one. But nuclear issues are very complex and technical, so let’s move on to Trump’s comments about something less complicated: Middle Eastern politics.

Once again, the president seemed unable to comprehend either the situation or his own words. No one outside of the Trump administration has yet seen the final memorandum of understanding that Trump and the Iranians have signed, least of all, according to some reports, the Israelis. If the outlines of the deal are in line with the administration’s own talking points, it’s bound to cause serious agita in Jerusalem: The terms reportedly require a cessation of Israeli hostilities with Hezbollah in Lebanon, a tricky condition considering that Israel was not a party to the negotiations. This is probably why Prime Minister Benjamin Netanyahu announced yesterday that Israel would maintain its presence in Gaza, Lebanon, and Syria for “as long as necessary.”

Trump, in other words, is trying to deal away Israel’s right to defend itself, treating it less as a sovereign country and more as a kind of 51st U.S. state run by an annoying governor who needs to get with the program. But what if Iran’s proxy Hezbollah attacks Israel? According to the president, the Israelis need to calm down, and he minimized Hezbollah as “a little pinprick out there that constantly rears its head.” [...]

Trump has never shown very much concern about the conduct of Israeli military operations anywhere (including the war in Gaza, which he viewed primarily as a public-relations problem). But now that he needs to rein in Jerusalem at Tehran’s behest, he has taken the position that the Israelis are causing too much damage in Lebanon. And in a stunning reminder that alliances for Trump are only expedients, he pivoted to praising al-Sharaa and criticizing Israel, saying that if Israel “can’t do the job without killing everyone else, he’ll do the job.”

This kind of flip-flop illustrates Trump’s view of global politics: States are just a bunch of playing cards that he can rearrange at will, which makes watching him talk about foreign policy this way like watching someone cheating at solitaire. Even now, after many years as president, he is constantly frustrated to find out how little leverage he has when other nations refuse to abandon their own interests and do as he commands.

Trump’s comments about the Middle East may not make any sense, but one thing that has emerged in 4K clarity is that the only world leader who got pantsed worse than Trump in all of this was Netanyahu. No one should pity Israel’s prime minister: He brought this situation upon himself and his nation. Netanyahu, along with the Iran-war hawks in the United States, somehow thought that he could be smart or flattering or persuasive enough to avoid the inevitable burn that comes from trusting Donald Trump. Netanyahu refused to see that Trump, when it comes to self-interest, is as predictable as a sunrise: When something he’s involved with goes bad, he walks away and lets others suffer the chaos he’s created. [...]

None of this makes any sense, except as desperate rationalizations from a man who cannot face facts and admit defeat. Trump has always had a tenuous relationship with the truth, but evidence is mounting that on the most important questions of war and peace, the president of the United States seems to be losing his grip on reality itself.

by Tom Nichols, The Atlantic | Read more:
Image: via
[ed. No coherent foreign policy other than flaunting American military power and trying to make Trump appear 'strong' (even if it's just taking out a few fishing boats). It really is that simple (minded). See also: Introducing Peace 1.0™ (McSweeny's).]

Mosquito Drones

[ed. Predictable. I remember Neal Stephenson describing drone swarms in his book The Diamond Age: A Young Lady's Illustrated Primer. There may be some issues with outdoors applications but a swarm released into a building could be deadly (especially if payloads include a small shot of neurotoxin.]

Tuesday, June 16, 2026

Qian Xuesen: "Father of Chinese Rocketry"; Deported Illegal Immigrant

Qian Xuesen (Chinese: 钱学森; December 11, 1911 – October 31, 2009; also spelled as Tsien Hsue-shen) was a Chinese aerospace engineer and cyberneticist who made significant contributions to the field of aerodynamics and established engineering cybernetics. He achieved recognition as one of America's leading experts in rockets and high-speed flight theory prior to his deportation to China in 1955.

Qian received his undergraduate education in mechanical engineering at National Chiao Tung University in Shanghai in 1934. He traveled to the United States in 1935 and attained a master's degree in aeronautical engineering at the Massachusetts Institute of Technology in 1936. Afterward, he joined Theodore von Kármán's group at the California Institute of Technology in 1936, received a doctorate in aeronautics and mathematics there in 1939, and became an associate professor at Caltech in 1943. While at Caltech, he co-founded NASA's Jet Propulsion Laboratory. He was recruited by the United States Department of Defense and the Department of War to serve in various positions, including as an expert consultant with a rank of colonel in 1945. He became an associate professor at MIT in 1946, a full professor at MIT in 1947, and a full professor at Caltech in 1949.

During the Second Red Scare in the 1950s, the United States federal government accused him of communist sympathies. In 1950, despite protests by his colleagues and without any evidence of the allegations, he was stripped of his security clearance. He was given a deferred deportation order by the Immigration and Naturalization Service, and for the following five years, he and his family were subjected to partial house arrest and government surveillance in an effort to gradually make his technical knowledge obsolete. After spending five years under house arrest, he was released in 1955 in exchange for the repatriation of American pilots who had been captured during the Korean War. He left the United States in September 1955 on the American President Lines passenger liner SS President Cleveland, arriving in mainland China via Hong Kong.

Upon his return, he helped lead development of the Dongfeng ballistic missile and the Chinese space program. He also played a significant part in the construction and development of China's defense industry, higher education and research system, rocket force, and a key technology university. For his contributions, he became known as the "Father of Chinese Rocketry" and was nicknamed the "King of Rocketry". He is recognized as one of the founding fathers of Two Bombs, One Satellite.

In 1957, Qian was elected an academician of the Chinese Academy of Sciences. He served as a Vice Chairman of the National Committee of the Chinese People's Political Consultative Conference from 1987 to 1998.

He was the cousin of engineer Hsue-Chu Tsien, who was involved in the aerospace industries of both China and the United States. He is a cousin of the father of Roger Y. Tsien, the 2008 winner of the Nobel Prize in Chemistry. [...]

Outside of rocketry, Qian had a presence in numerous areas of study. He was among the creators of systematics, and made contributions to science and technology systems, somatic science, engineering science, military science, social science, the natural sciences, geography, philosophy, literature and art, and education. His advancements in the concepts, theories, and methods of the system science field include studying the open complex giant system. Additionally, he helped establish the Chinese school of complexity science. His research advanced the discipline of engineering cybernetics, which emphasized the importance of design principles in practical engineering.

via: Wikipedia |  Read more:
Image: unknown
[ed. Prelude to the post that follows (re: Gov. vs. Anthropic's Fable).]

American Government Takes Down Claude Fable

No good policy gets announced shortly after 5pm eastern on a Friday.

Here we go again.

The Once And Future Fable

The United States Department of Commerce, as per a letter from Commerce Secretary Howard Lutnick, apparently in response to a narrow jailbreak identified by Amazon, has classified Fable 5 and Mythos 5 as being subject to US export controls. That explicitly means cutting off access to all ‘foreign nationals,’ even within the United States, even if they are Anthropic employees.

Given Anthropic has no means to verify citizenship at this time, that meant complete shutdown of the model, at least for the time being.
Anthropic: The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Anthropic models will not be affected.

Dean W. Ball: I can’t tell if this is lawfare against Anthropic in particular or extreme national-security hawkery. Regardless, it is simply cartoonish.
The justification for this appears to be rather flimsy, at best, and based on lack of understanding of what even is a jailbreak or how defense in depth works.
Anthropic: We received the directive from the government today at 5:21pm (ET). The letter did not provide specific details of its national security concern. Our understanding is that the government believes it has become aware of a method of bypassing, or “jailbreaking” Fable 5.

We reviewed a demonstration of this specific technique being used to identify a small number of previously known, minor vulnerabilities. These vulnerabilities all appear relatively simple, and we have found that other publicly-available models are able to discover them as well without requiring a bypass.
As we have stated publicly, we believe the government should have the ability to block unsafe deployments, as part of a statutory process that is transparent, fair, clear, and grounded in technical facts. This action does not adhere to those principles.
We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible.
That left Anthropic with no options but to entirely withdraw it from the market, at least for the time being, since they have no way to verify who is and is not a United States citizen. [...]

This Action And Its Implementation Are Absurdly Stupid

If you take the action at face value, rather than as an attempt to lash out at Anthropic, there is no way to pretend this is not deeply, deeply stupid.
Dean W. Ball: If this is true, it is just baffling. An administration whose posture is that we *should* export advanced AI chips to China, which also wants to ban… Britain (and every other non-American on Earth)… from using our best models? I have no words.

zooko ⓩ: Judging from [the announcement], I imagine that some senior government official was shown a jailbreak—something they had never seen before and didn’t know about—and this was their kneejerk reaction.

Dean W. Ball: If implemented as this reporting suggests, Anthropic’s latest models would be subject to export controls to all *non-Americans,* including non-American nationals based in the US. This means you should expect to have to prove your citizenship to use Anthropic models. [...]
What Happens Now?

It is a regular thing for the Executive Branch of the United States Government, these days, to issue declarations of policy that are, to use the technical term, absolutely bonkers and stunningly destructive with no reasonable way to implement them, often without stopping to realize what they are doing.

It is also a regular thing for them to then quietly walk those policies largely or entirely back, once the consequences become clear, leaving only relatively minor total devastation in their wake.

Alas, it is also a regular thing for them to leave at least a substantial portion of the new stupid and destructive policy in place indefinitely, and sometimes we keep all of it, or they even keep going further.

Or Anthropic could give the White House what it wants, no matter who is right about whether doing so makes any sense.

We are not short on examples of any of this.

One thing that must now be considered is that many employees of OpenAI, Google and Anthropic, and other AI labs, are not United States persons.
Yo Shavit (OpenAI): Unless this changes, OpenAI researchers on visas need to plan for the fact they’ll probably lose access to internal models, and therefore their ability to do their jobs moving forward, sometime in the next couple months.

I hope the company acts to prevent that.

dave kasten: Uhhh so incidentally, does anyone have a plan to prevent all the non-US citizen AI scientists from going to join foreign labs after they get bored of playing Wordle at work for a month, or are we just sort of planning on having the greatest counterproliferation failure since we deported Qian Xuesen in 1955 and gave Mao a rocket program?
If we drive all foreign talent out of our AI labs, and otherwise actually go down the current road, that is one of the few things that could put China and other competitors back in the game in earnest, both slowing us down and speeding them up.

At Anthropic, Amanda Askell and Andrej Karpathy are examples of employees who suddenly are unable to work with Claude Mythos 5, even after Anthropic sorts out a new access control system.

by Zvi Mowshowitz, DWAtV |  Read more:

[ed. Who knows what axe is being grinded here, the stupidity appears to transcend logical analysis. See also: The Once And Future Fable #2 (Update):]
***
On Friday evening the United States Government has forced Anthropic to take down all access to Fable and Mythos.

It’s been a rough weekend. [...]
1. More details have come to light. There remains some fog of war, but we now have a rather good idea why Claude Fable and Mythos were, deeply stupidly, taken down.

2. A narrow jailbreak was discovered, of the type Anthropic warned in advance obviously existed. All demonstrated outputs are things GPT-5.5 can not only produce, but produce without any sort of jailbreak or bypass.

3. The White House demanded Anthropic take down Fable to ‘fix’ the situation, and did not listen when Dario tried to explain that there was no situation to fix.
When Anthropic did not do so, the White House hit them with an export restriction that they knew would force Fable and Mythos down for everyone.

A lot of nihilists are justifying this decision, and blaming Anthropic, all of whom are very much confirming that they adhere to Dean Ball’s portrait of the United States Government as a dying NPC hospice patient we have to properly placate with the proper vibes and genuflection so they don’t lash out at us. Except they equate this with strength and righteousness, because might makes right, power and vibes.

This is a fast developing story with a large speed premium, so I apologize for any errors, and for the structure likely not being ideal. We do the best we can.

What we do not know is:
1. What was motivating the government to make these decisions.

2. How deeply they were confused about how any of this works.

3. Whether they demanded and are demanding a narrow fix or a global fix. Narrow fix is probably easy. Global fix is probably impossible.
4. What they intend to do next and what they are trying to accomplish.
The good outcome would be that this is a terrible misunderstanding, a reflection of a panic reaction, which can be sorted out quickly, after which we can restore access. Or where they otherwise face enough pressure they quickly realize they made a mistake, or Anthropic can do something to quickly assuage their concerns even if it is dumb. There will still be a terrible precedent set, which comes with a lot of permanent damage to trust in American AI, to our business climate, to our ability to employ vital foreign AI talent, to America’s relationships to its allies, to the progress of Project Glasswing and our cyber security, and to the rule of law.
***
[ed. In addition, see: Seductive Salience (the inevitable politization of AI regulation).]

Friday, June 5, 2026

In Support of Mandatory Nucleic Acid Synthesis Screening and Recordkeeping

As life sciences researchers, builders of AI and biotechnology, and experts with a wide range of views on how to approach AI policy, we call on legislators to make screening of orders for synthetic nucleic acids — and the equipment needed to make them — mandatory.

The ability to order synthetic DNA online has accelerated vaccine development, powered basic research, and made it possible for small teams to access capabilities that used to be confined to major institutions. Since the publication of protocols to reconstruct viruses from strands of DNA more than two decades ago, it has also been recognized as a point in the biotechnology supply chain where a bad actor could cause outsized harm. Recognizing the vulnerability, synthesis companies formed the International Gene Synthesis Consortium in 2009 to develop and implement voluntary safeguards against misuse.

While the issue is not new, the pace of progress in artificial intelligence is. AI systems now outperform PhD-level virologists on questions about highly technical laboratory procedures in their own domains of expertise. The evidence about what this means for present-day biosecurity threats is genuinely mixed, but the trend is hard to dispute. AI systems are improving rapidly, and alongside incredible benefits to science and medicine, there is a real possibility that the knowledge barriers which have historically prevented bad actors from obtaining biological weapons will meaningfully erode.

Support for screening does not depend on any particular view of AI; the biosecurity case has been recognized by scientists and governments for decades. Screening is also one of the best understood and least disruptive biosecurity measures available. It asks providers of synthesized DNA and manufacturers of synthesis machines to check synthesis requests for sequences of concern and to verify customer legitimacy before shipping orders. Providers should also record synthesis orders and sequence data to support legitimate biosecurity investigations, so that any threat that might evade initial screening can be traced back to its source — including when individual sequences would not raise concern in isolation. Awareness of traceability itself deters misuse.

Many of the largest and most responsible providers in the industry already screen and record orders voluntarily because it is well understood that they have an important role to play in maintaining public trust in and mitigating potential misuse of this important technology.

For these reasons, the undersigned support mandatory nucleic acid synthesis screening, including recordkeeping, in the United States.

Given the pace at which the underlying technology is changing, we believe the need is urgent. Congress should act this session, and we applaud the legislative efforts currently underway. To ensure a consistent national standard rather than a patchwork of conflicting laws, states should also consider implementing requirements based on existing federal and industry guidelines.

This is a rare moment of agreement across stakeholders that are often at odds. We hope policymakers will meet it with decisive action.

Sincerely,
Signatories: — *Everybody*
[ed. No brainer, right? You don't just leave potential life-threatening bio-warfare components laying around with no oversight. Right?]
***
Amrith Ramkumar (WSJ): Top artificial-intelligence executives are joining security experts in calling for Congress to protect against biological threats posed by AI, adding to growing pressure on lawmakers to address the technology’s risks.

Three major chief executive officers—OpenAI’s Sam Altman, Anthropic’s Dario Amodei and Demis Hassabis of Google’s DeepMind AI lab—are among the signatories of a letter urging Congress to require safeguards when companies order synthetic DNA and RNA, a key step in developing certain vaccines and biotech breakthroughs.

… It was organized by two tech-focused think tanks that said the topic is a rare source of agreement among libertarians, progressives, researchers and rival executives.

Dean W. Ball: I am honored to have signed on to this letter. This is an urgent priority for near-term action by Congress. Biotech is advancing rapidly on its own, and I—and many others—believe the “Mythos moment” in AI/bio is coming soon. It is time for action.

revisions to existing nucleic acid screening requirements were mandated by an EO POTUS signed a year ago; I worked on them while in govt. I genuinely don’t know what happened to that work after I left but it is nine months behind schedule. Congress acting is better anyway.

Joshua Teperowski Monrad: People are so astounded when I tell them this isn't already law

Alec Stapp: it really is insane [...]
Other signatories include Patrick Collison, Paul Graham, Mustafa Suleyman, Alexandr Wang and a lot more where that came from.

We need such letters, despite this having ~100% support among those who understand any side of this, this is such a slam dunk that we should be doing this even before considerations of AI making malicious action vastly easier.

Why? Because political awareness is basically still near zero:
Will Poff-Webster: When I was a Senate staffer and occasionally got the chance to bring up biosecurity risks from AI, the response was often, “What? AI might be able to do that?”

This letter shows how easy it’d be for Congress to act on this