Tricky

Many have reached out to me regarding the new Cyber EO. A few thoughts: First, President Trump is the most pro-innovation president we’ve ever had. He’s made it clear that the U.S. has to win the AI race and that a pro-innovation, pro-energy, and pro-infrastructure policy is the way to do that. Thanks to President Trump, AI will generate over a 2% tailwind to GDP growth this year, with hundreds of thousands of new construction jobs and 25-30% wage increases for blue collar workers. President Trump is the reason that we have an AI boom happening right now. The change in the EO from a 90 day to 30 day period is a game changer because it allows our AI labs to comply with the voluntary framework without delaying new model releases. They can synchronize their efforts under the EO with other pre-release activities. Furthermore, I’ve been advised by the lawyers who draft EOs that 30 days means calendar days, not business days. In the AI race, every day counts. As OSTP well notes, “The EO creates a process for frontier labs to voluntarily share cutting-edge cyber models in order to secure critical infrastructure and strengthen the government’s own cyber defenses. We are NOT conducting oversight of all new models, as that level of government overreach would have chilling effects on free speech and innovation.” OSTP’s characterization is completely consistent with the discussions that I have participated in, where it was agreed that the EO is intended to apply only to models that represent a meaningful step-change in cyber capabilities (eg Mythos), not to incremental version numbers of existing models (eg Opus 4.7 -> 4.8). Finally, I understand the concerns of many that this could morph into an “FDA for AI”. Of course bureaucratic mission creep is always a danger and this should be closely monitored. But the EO expressly forbids the creation of a new licensing, preclearance, or permitting regime. Most importantly, I do not believe that President Trump would allow this to happen. As AI presents new policy challenges (such as cyberweapons), I believe that everyone in the administration is working diligently to navigate the issues with the American people in mind. I look forward to working with the Treasury, NSA, ONCD and others on the implementation of this framework.

Last week, Anthropic announced Project Glasswing alongside Claude Mythos Preview, a model they described as so powerful at finding vulnerabilities they couldn't release it. The announcement featured AWS, Microsoft, Google, and Apple as partners, $100M in compute credits, and a clear message: this is dangerous, and only we can be trusted to deploy it safely. The results were real. Thousands of zero-days across every major OS and browser. A 27-year-old bug in OpenBSD. A 16-year-old bug in FFmpeg. Fully autonomous exploit chains that would have taken human researchers weeks. But here's what bothered me: all the credit went to the model. Read the technical blog carefully and a different picture emerges. The real innovation isn't the model. It's the workflow: - Rank every file in a codebase by attack surface - Fan out hundreds of parallel agents, each scoped to one file - Use crash oracles (AddressSanitizer, UBSan) as ground truth - Run a second verification agent to filter noise - Generate exploits as a triage mechanism for severity That's a pipeline. And pipelines are model-agnostic. At Lazarus AI, we spend our days deploying custom AI in places where "just use the closed API" isn't an option: regulated industries, enterprise, and government. When I saw Glasswing, my instinct was the same one I have every week: strip out the proprietary model, keep the architecture, run it on whatever model is best for the customer. Clearwing is a fully open-source vulnerability discovery engine. Crash-first hunting, file-parallel agents, oracle-driven verification, variant hunting, adversarial verification. Works with any LLM. I tested it with OpenAI Codex 5.4 and reproduced Glasswing's findings. I'm now reproducing results with our own ReAligned model - Qwen3.5 finetuned to Western alignment. Mythos is certainly a great model. The N-day exploit walkthroughs in Anthropic's blog show real reasoning depth. But it's an incremental improvement over Opus, the same way Opus was over Sonnet, and Sonnet over Haiku. It's not a leap to superintelligence. It's the next point on a curve we've been watching for years. What actually changed the game was the workflow. Defenders shouldn't have to wait for access to a gated model to secure their software. These vulnerabilities have been sitting in codebases for decades. The tools to find them should be available to everyone: the open source maintainer running FFmpeg on a Saturday, the startup that can't afford $125/M output tokens, the researcher in a country where Anthropic doesn't operate. Clearwing is MIT licensed and available now. https://t.co/E0WP5njZQJ Clearwing enables a wide variety of security activities. Handle with care. It is sharp.

>Cosmos: drops the best blockchain OS tech for free >Everyone: uses it to launch countless chains with their own tokens and cash out. >”Devs failed to create value accrual and create real revenue streams. Cosmos is dead.” >Cosmos finally tries to monetize through enterprise modules so they don’t die. >”Devs have turned hostile and are monetizing the stack 😭” >Skill issue. Pay the license or build your own solution king.