Former cyber exec AXA, Deutsche Bank
Former Founding CISO DarkMatter
Former CTO EMEA & Global VP Cyber Solutions BlackBerry Cylance
Former PSG reserve ENISA
I was wrong
I've been saying for months that open source AI models are 6 months behind frontier
They caught up. GLM 5.2 is as good as Opus 4.8
This changes everything. If you run GLM 5.2 locally no government can take it away. You become sovereign
And even if you run through APIs, its a fraction of the cost
The battlefield is different now. If open source is as good as frontier, and people have cheaper alternatives, governments can't be as quick to regulate. It will destroy the frontier AI labs
All of this is such a massive win for the people
If you are not paying attention to local models yet, you are making a tremendous mistake
⚡️This is a huge signal.
This is the moment allied AI sovereignty becomes unavoidable.
The U.S. just told the closest allied bloc on Earth that access to frontier cognition is an American national-security decision.
Britain asked for a carve-out.
The answer was no.
That is the signal.
The hierarchy is now visible:
Capability first.
Alliance second.
Commerce third.
That is a hard break from the old software world. In the old world, allies bought American products, companies signed contracts, cloud access worked, and everyone pretended digital infrastructure was neutral. Frontier AI has crossed out of that frame. The strongest models now sit inside U.S. sovereign control.
The UK denial is the real dagger because Britain is not a hostile actor. It is Five Eyes. It is NATO. It is one of the closest intelligence partners the U.S. has. If even Britain cannot get a carve-out, every other government understands the message instantly.
American AI access is permissioned.
The permission comes from Washington.
The permission can change.
The “completely illogical” line is the doctrine. From the U.S. security view, carve-outs create holes. A British user, Canadian user, EU company, foreign-national employee, overseas contractor, or allied research lab can still become a transfer path. Once the model is treated as controlled capability, friendship does not erase leakage risk.
That is why this is much bigger than Anthropic.
The event has now escaped the company-specific box. It has become a sovereign-dependency story. Every government looking at this now has to ask whether critical workflows should depend on a model that can be pulled by U.S. export-control logic.
Hospitals.
Defense contractors.
Banks.
Energy grids.
Courts.
Universities.
Government ministries.
Cyber teams.
National labs.
The question becomes simple: what happens if the model goes dark?
That question is now alive in every capital.
This will accelerate sovereign AI policy. Canada, the UK, Europe, Japan, the Gulf, India, and others will still use American models because the capability gap is real. They will also build fallback layers: domestic compute, local inference, open-weight systems, sovereign clouds, data residency, model portability, national evals, and government-controlled AI infrastructure.
Most of them will not catch the U.S. frontier soon. That does not matter. Sovereignty is not only about matching the frontier. It is about ensuring the administrative nervous system of the country does not depend entirely on someone else’s switch.
This also strengthens the decentralized AI catalyst.
The market does not need to believe decentralized AI beats Anthropic tomorrow.
It needs to understand that centralized frontier AI is jurisdictional, permissioned, and politically gated.
Once that becomes common knowledge, alternatives gain strategic value.
i love this exploit! universal SELinux bypass still works to this day. I released it for Qualcomm based processors and just realized I never released the Exynos version so here it is unprivated: https://t.co/rW1Kr8CLva
Stealing US science output for the last two years? Well, let’s be honest, it’s not like the U.S. was going to be using them. And frankly, letting china steal the cyber warfare plans is probably for the best. Maybe now someone can focus on making good ones instead.
Had a sit down with MSRC, while I can't say full details we had a constructive discussion on the state of things aimed at the following (and remember I'm just the messenger):
MSRC handling vulnerability submissions and researcher communication
GitHub removal of cybersecurity repros and the pivotal need for safe harbor for TTPs and 0days
I won't be commenting on the recent 0day releases being dropped by a certain researcher because that is a unique case.
I will be discussing the other topics tho:
While GitHub is owned by Microsoft they are still acting independently, I was assured that the removal of researcher GitHub accounts and code was NOT being authorized or done by MSRC. They fully understand the need for 0days and code to be available for testing and cybersecurity defenses is as important as it is for offensive needs, they don't not want code to be fragmented and us going back to the days of milw0rm. MSRC is going to look into these, and I conveyed the need to do this since other places like YouTube and twitch are also cracking down on cybersecurity accounts.
The email between MSRC and researchers discussing 0day talks at BH / Defcon and asking them to report what they are talking about is another topic I discussed. This was actually for Microsoft to help coordinate mitigations and tech review the talks that were in their pipeline (btw they have sent this email or it's equivalent for years, it's not new). We discussed ideas to improve these emails and how things could be misinterpreted from both sides.
I think MSRC has their work cut out for themselves, but I can say that there are still lots of very passionate researchers there still trying to do good things. And I'm very thankful for them taking the time to sit down with me.
I've always been lucky with MSRC interactions, and if you aren't and need a line thru to them for legitimate reasons, let me know, I'm happy to meditate when it is necessary.
“Air gapped”-ish, n:
A network that is only connected to the internet via another network. Similar to an air gapped network, lacking only the security properties of isolation.
I keep seeing signals
- AI coding ROI being questioned
- Hallucinations in places where hallucinations matter
- Heavily subsidized subscriptions
- Banks getting nervous around AI valuations
- Margin debt near dot-com levels
- Research showing limits that don’t fit the narrative
- Governments stepping in and restricting access to frontier models
None of these things matter on their own. But they all point in the same direction. I don’t know who pulls money out first.
But if expectations start breaking, it could get ugly very quickly.
⚡️This was a sovereignty collision, and Anthropic lost.
The jailbreak was probably the trigger, not the true object.
The true object is control over the deployment of frontier cognition before the state has absorbed the defensive, intelligence, and cyber implications of that cognition being globally available.
Anthropic’s mistake, if reporting is right, was treating the government pause request like a normal policy disagreement.
A frontier lab cannot tell the national-security state to pound sand after the state has decided the model creates adversarial uplift. That immediately converts a technical dispute into a power dispute. Power disputes with the U.S. government do not end with the company setting the rules.
The government likely panicked, but the panic came from a real structural fear: once a model is strong enough to give skilled operators leverage, safeguards become legally and politically insufficient. No one in government can bet national defense on “we think jailbreaks are narrow.” The question becomes: what happens when the best adversarial user finds the non-narrow one before CISA, NSA, Anthropic, or the defense ecosystem adapts?
That is why the “few weeks” line matters. The state is buying time to ingest the model’s defensive utility before the rest of the world gets equal access. That is the arms-race logic. Commercial release cannot front-run sovereign hardening anymore.
Fable comes back, but the frontier era just changed.
Access will probably return in a tiered, monitored, more identity-bound form. U.S.-verified users first. Enterprise and government customers first. Foreign national access constrained or delayed. Cyber capability harder-gated. More retention. More surveillance. More pre-release state review. More quiet coordination. Less “launch and patch.” More “clear and deploy.”
The bigger consequence is industry-wide. Every frontier lab just learned the actual rule: cooperate before launch or get governed after launch. The next models will go through government review windows that look voluntary on paper and mandatory in practice. The state will not need formal nationalization because supervision, export control, procurement leverage, compute regulation, and emergency recall authority are enough.
Anthropic may be technically right and strategically doomed on the argument.
Perfect jailbreak resistance is impossible. Narrow jailbreaks exist everywhere. Their process complaint is legitimate. But national security does not care about clean process once the perceived downside is adversary uplift from a frontier system.
This is the first visible recall-risk event for frontier AI.
That is the real phase change.
AI labs are no longer just companies shipping models. They are strategic cognition operators under sovereign tolerance. The public still sees apps. The state sees capability transfer. The state frame wins.
Fable was probably too capable, too global, too fast, and too imperfectly controllable for the government’s comfort. Anthropic tried to defend it as a commercial product with safeguards. The government treated it like a dual-use system with insufficient national absorption time.
That is the new regime.
Fable returns wounded.
Anthropic gets put on a shorter leash.
Other labs bend early.
Frontier AI becomes quietly licensed.
Public access to the strongest cognition narrows over time.
The open frontier was shorter than people thought.
The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees.
The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance.
Access to all other Claude models is not affected.
We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible.
Read our full statement: https://t.co/bwn0sximKZ
Fable 5 is state-of-the-art on nearly all tested benchmarks, with exceptional performance in software engineering, knowledge work, scientific research, and vision.
The longer and more complex the task, the larger Fable 5’s lead over our other models.
Introducing Claude Fable 5: a Mythos-class model that we’ve made safe for general use.
Its capabilities exceed those of any model we’ve ever made generally available.
Fable 5 is the same underlying model as Mythos 5, but with cybersecurity and biology blocks. Mythos is the first model that's made me feel that we've entered the next phase of model progress.
For years, we've talked about cybersecurity / self-improvement / autonomy / model-dominated coding / biology implications of model progress. Some of these are issues to defend against; some are areas to advance. Mythos has made me & our team feel like we've seen the earliest glimpse of the world we've been talking about.
Also, we published a lot of cyber eval results in the system card, including some evals we designed recently, as well as details of safeguards. In most cases, Mythos 5 ~= Mythos Preview. We found it ticked up on the new ExploitBench eval, and we opted to put that in the eval table so people can calibrate/update on advances in cyber capabilities to be prepared for. (We don't want to compete on offensive capabilities and don't try to.) But overall, Mythos 5 is an efficient model, about equal to Mythos Preview in most cases. I'd really like more people to design new security evals! The better models get, the more our limited evals only see a small part of the picture.
In terms of where we go from here, here are some current thoughts:
1/ It's important we get Mythos cyber capabilities to defenders. We just have to do it safely and cautiously. We're working on an expanded trusted access program. We're working with government and industry to do this. I sort of envision the next 1-2 years being a large scale effort to make the world resilient + design & implement new approaches to security.
2/ I think cybersecurity will start merging with AI security and alignment. Let's say you're a defender and you want to use a model -- will it break out of its sandbox? Will it stop where you tell it to stop? This is one reason I'm excited about working on cybersecurity. In the limit, it's the same thing as AI security.
3/ I really want people to develop new evals for... defensive cybersecurity, hardware security, autonomously running a business, advanced biology, and other parts of national security. Our internal eval ship rate is way, way up because Mythos makes it easy to iterate, especially on the engineering aspect of building evals. (Sometimes, we ask new hires to make a new eval on their first day, and another on the next).
I’m excited we’re making this available as Fable 5, because I think the world spending time with the model is the most important way to calibrate.
One of the best curated lists of security research I have come across.
Hundreds of blog posts, writeups, and papers covering kernel exploitation, browser exploitation, firmware security, IoT hacking, reverse engineering, malware analysis, hypervisor research, hardware hacking, and more.
Organized by year from 2011 to 2025. Updated regularly. 3.3k stars.
Author: @0xor0ne
https://t.co/maNCJW2qWo
#ReverseEngineering #MalwareAnalysis #InfoSec
A careless code blunder just blew the lid off Beijing’s multi-million dollar AI propaganda operation targeting the West. France's digital interference watchdog, Viginum, has officially exposed "Fawn Mianju," a covert network of 13 multilingual fake news sites running on advanced automation and generative AI. The sophisticated network was completely compromised after a computer engineer working as a Senior Project Manager at China's state-run CGTN Digital accidentally left his login credentials exposed in the code.
This operation, which expanded on findings first uncovered by U.S. cybersecurity firm Graphika in 2025, operated with deep financial backing. The domains were registered in Beijing, hosted on Alibaba Cloud, and utilized expensive infrastructure alongside paid plugins to artificially manipulate search engine rankings. Using digital keys linked directly to AI language models, the network automatically scraped CGTN articles, lightly rewrote them, and republished over 2,300 articles, often within less than an hour of the original state media broadcast.
Sites like the French-language "Actu Méridien" were weaponized to manipulate public opinion across 89 countries, heavily targeting Western audiences and Francophone African youth. The articles aggressively peddled pro-Beijing narratives, painting China as the undisputed leader of the Global South and green energy transition while explicitly telling Western readers that aligning with Chinese interests would bring them massive benefits.
Despite the cutting-edge tech and heavy state funding, the operation was an organic flop. The articles struggled to breach 15,000 views, with nearly 40 percent of its top social media engagement traced back to fake accounts in Burundi whose sole purpose was to artificially inflate the content. While the reach was limited, French authorities warn that the operation exposes Beijing’s rapidly escalating capability to launch fully automated, stealth disinformation campaigns designed to quietly erode Western democratic alignment.
#Disinformation #CyberSecurity #France #China #AIPropaganda #Geopolitics #Viginum #NationalSecurity
The cybersecurity policy and regulatory drumbeat has gotten too big to track alone — EU CRA, state-level AI laws, UK CMA rewrite, AU IoT regime, UN cybercrime treaty.
So we made a shared calendar.
The @disclose_io Upcoming Dates page now tracks every deadline, regulation, CFP, and bill that matters for VDP and security research — US (fed + state) / EU / UK / AU.
Show up at Hackers on the Hill — June 16, US Capitol, DC — @iamthecavalry's policy briefing day.
Tell us what we're missing.
https://t.co/nUyfjshJtT
400M users worldwide have had their TVs and phones hijacked by a company selling the private bandwidth to corporate customers who want to appear as normal users on internet.
You know, like being infected with a botnet, but this is "legal" because page 354 on your telly said so.
Mozilla says Mythos helped identify 271 vulnerabilities in Firefox 150.
I went through the commits, CVEs, and bug links to see what that number really means.
My takeaway: relax folks.
https://t.co/9LEqL7sXX6
What I like most about this story is that most of the superhuman nation-state hacking capabilities tend not the exist within said nation-states for $reasons, thus creating the exact need [for an ‘AI mutant who feeds off the blockchain’]
JUST IN: Anthropic co-founder Jack Clark reportedly warned new recruits to “get hobbies that aren’t computers,” saying the company is building a “superhuman coder with nation-state hacking capabilities.”