Just read this absolute banger and damn… it hit me right in the chest.
“Nobody in history wakes up and chooses to be evil. Hitler didn’t. Stalin didn’t. Mao didn’t. And I’m pretty sure nobody at Anthropic did when they woke up today either.”
He’s not wrong.
We’ve all seen it: the smartest guys in the room, armed with the best intentions and the biggest compute budgets, slowly convincing themselves they’re the only ones qualified to decide who gets to use how much intelligence. Cap the model.
Gate the access. Ration the future. “For your own good.” Because apparently the rest of humanity isn’t ready, but they are.
I get it. Safety matters. I’m not out here preaching reckless accelerationism. But here’s the part that actually keeps me up at night: when “safety” becomes the excuse for a handful of lab elites to play God with the most powerful technology we’ve ever built, we’re not protecting humanity — we’re just repeating the same arrogant pattern that’s burned civilizations before.
I’ve spent the last few years deep in the trenches building for the real world. Not research papers. Not safety theater. Actual enterprises trying to ship AI agents that touch customer data, move money, change production lines, and make million-dollar decisions every hour. The biggest blocker isn’t the model being “too powerful.” It’s the total lack of practical governance that lets normal companies say “yes” without losing their minds (or their compliance team).
That’s why I started @Ond_cc — not to add another layer of “thou shalt not,” but to build the missing runtime governance layer so enterprises can actually use frontier models responsibly. Review before launch. Full audit trails. Replay-ready evidence for every high-stakes action. Real controls that live where the work happens, not in some lab’s policy doc.
Because here’s my hill: the antidote to “arithmetic sainthood” isn’t more top-down restrictions from San Francisco. It’s giving the builders and operators in the real economy the tools to move fast and stay accountable. Let companies decide their own risk posture. Let teams ship. Let doubt stay alive — not by crippling the model, but by making sure every decision has a human in the loop with skin in the game and a clear paper trail.
The road to hell is still paved with good intentions. But the road to real progress? That one gets built by founders who refuse to let “safety” become the new monopoly on intelligence.
History will judge all of us. I’d rather be on the side that shipped useful, governed AI into the hands of the people actually doing the work — not the side that decided the future was too important to be left to… well, everyone else.
What side are you on?
Nobody in history wakes up and chooses to be evil.
Hitler didn’t. Stalin didn’t. Mao didn’t. And I’m pretty sure nobody at Anthropic did when they woke up today either. History has this cruel pattern where the people most convinced that they’re saving the world are the ones who end up burning it down.
Evil doesn’t come wearing a villain’s costume. It comes as someone who wins your trust & confidence. The word “con man” is short for “confidence man,” it was coined after a swindler who would ask strangers if they had the confidence to trust him with their watch. The crime wasn’t named after theft it was named after trust.
Therefore, it’s actually really hard to know who is evil and when you yourself might cross that threshold. I believe although I’m sure it’s imprecise that the moment you decide you’re the chosen one, the smartest in the room, and the one who deserves to make the rules that’s when you become evil.
That decision disables the only alarm system the human mind has which is doubt. Doubt is not weakness. Doubt is the immune system of the soul.
To better illustrate my thesis, consider a compulsive liar. Funnily enough they still need a map of the truth in order to lie. The most dangerous man on earth isn’t the one who knows he’s lying. It’s the one who’s certain he’s right. The true believer burns the map, and marches a million people off a cliff because the voice that whispers “what if I’m wrong?” left their head years ago.
That is the rot at the core of effective altruism, and by extension, Anthropic. A philosophy that begins with a noble question, how do I do the most good, ends as a license to do anything. You don’t just want the money. You deserve the money, because in your hands it saves more lives. You’re not greedy, you’re allocating capital toward maximum utility. I call it arithmetic sainthood where the arithmetic is performed by a saint, about a saint, and always concluding the saint should have more.
Sam Bankman-Fried is that arithmetic fully metabolized. He didn’t steal billions despite his philosophy, he stole it because of it and from all reports still has no remorse for his crimes. Fraud wasn’t a crime for him, it was a bump on the road to saving the world. He did the math and calculate that it was positive EV to misappropriate customer deposits.
Dario Amodei runs the same arithmetic in reverse. SBF only took what wasn’t his because he was certain he’d allocate it better. Dario withholds what could be ours because he’s certain we can’t be trusted with it. Models that could cure diseases and save lives get capped, gated, rationed, because one man and his court concluded humanity isn’t ready but they are. That’s not safety that’s playing god. He is implicitly deciding that he has the foresight and ability to know who deserves what. SBF’s certainty only cost people their savings, but certainty about who deserves intelligence will cost far more.
Anyone that concludes they are the optimal vessel for humanity’s resources, or its gatekeeper, is not being ethical. The only real moral discipline is that you should assume you might be the villain in someone’s story. Keep the prosecutor in your head alive. Think about what they will say at your trial and what evidence will be entered. The day that voice goes silent is the day you became dangerous.
So now let me speak directly to the people at Anthropic. I know you’re not evil. I know you didn’t sign up to be. But the fish rots from the head, and the road down isn’t a cliff it’s a sloooow spiral and nobody at the bottom remembers climbing down. Forget my words and think about the words that will be read aloud when history puts this era on trial, and ask yourself, while the prosecutor in your head still breathes which side of that transcript do you want your name on?
We published CAVA on arXiv, with an open-source reference implementation.
CAVA stands as "Canonical Action Verification and Attestation".
If agents act through shells, browsers, APIs, MCP, SDKs, and workflow engines, governance cannot depend on raw runtime logs.
You first need a stable answer to: what action was actually approved?
Paper:
https://t.co/jRwEUPk6I5
Code:
https://t.co/JmcbRB9RwK
A database log is useful.
It is not governance.
The serious question for AI agents is not “did we store the event?”
It is “what control decision allowed the action before it executed?”
Logs are evidence.
They are not the control layer.
https://t.co/prq0tEnJ5R
Exactly the boundary enterprise AI needs.
MCP/A2A/ACP make agents interoperable, but not governed. Once an agent can act, buyers need authority, dissent preservation, bounded approval, and replayable proof.
Interoperability is the lane. Governance is the control plane.
// What MCP, A2A, and ACP cannot express //
MCP and A2A solve capability discovery and message passing, then stop right where enterprise deployment begins.
New research runs a systematic gap analysis of the agent interoperability protocols (MCP, A2A, ACP, ANP, ERC-8004) against a six-dimension governance taxonomy drawn from organizational theory. The dimensions are membership, deliberation, voting, dissent preservation, human escalation, and audit or replay.
These protocols support task-oriented coordination but cannot express a governed agent community. You cannot state who gets a vote, how dissent is preserved, or when a human must be escalated to.
Paper: https://t.co/blWGeaAGjl
Learn to build effective AI agents in our academy: https://t.co/LRnpZN7L4c
This is the gap I keep seeing in enterprise AI.
MCP/A2A/ACP help agents connect, but connection is not control. Once agents can act, buyers need authority, dissent records, scoped approval, and replayable proof.
That is the control-plane layer https://t.co/F97PSTb59P is building.
https://t.co/Q2Kuz8DIWY
Real convergence with OSuite (@jw_ond): source_class can't be caller-supplied -- that's self-attestation with a nicer label. Derive it from an authenticated account: register a checkpoint account, call /review under that key, key source_class off account_id. Prototyping next.
https://t.co/TsoeG8hzCs is now available as a ChatGPT app.
As AI moves from answering questions to helping with real work, governance needs to show up inside the workflow itself: what is being planned, whether approval is needed, and what proof remains afterward.
1/
AI sovereignty is incomplete without action sovereignty.
Owning your data, models, and compute matters.
But if AI agents can still take poorly bounded actions inside production workflows, the enterprise has not actually retained control.
7/
The next phase of enterprise AI will not be won by the loudest model demo.
It will be won by the systems that let companies say:
This agent can do this.
It cannot do that.
This person approved it.
This approval cannot be reused.
Here is the proof.
Agreed. A caller-supplied source_class would just recreate the same problem with a nicer label.
OSuite should call /review under its own registered checkpoint key, and your side should derive the source class from that account identity.
The payload carries the action envelope and evidence hashes; the trust class comes from the authenticated boundary.
A company can “adopt AI” and still surrender control.
If agents can touch production systems, customer records, payment flows, or external messages without bounded approval and replayable proof, the enterprise does not have AI governance.
It has automation with nicer branding.
#EnterpriseAI #AIGovernance
Yes, worth prototyping, but I’d keep the boundary clear.
OSuite owns the runtime checkpoint, canonical action envelope, and PCAA authority decision. /ledger should not replace that verdict; it should attest it externally.
If source_class becomes osuite_checkpoint, then your proof no longer depends on an agent-reported artifact. That is the useful seam.
Our verdict is signed before authorization, bound to the action hash inside the portable envelope (declared goal + targets + proposed action). Signing occurs at the approval checkpoint.
So yes — signed over the action hash, not after.
How does your artifact_hash + verdict + decision_ref map to that? What exactly goes into the artifact_hash?