Anthropic: A PR Buzz Champion
April 9, 2026
Another dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold.
The first big PR play that called my attention to Anthropic and Claude was the, “Gee, we don’t kill people.” A a person who has worked for government agencies engaged in what government agencies do, I am not around too many professionals who say, “We don’t kill people.” As a former low-level worker at a blue chip consulting firm, I learned that one sold projects to government agencies without tossing in, “Hey, you know, we don’t want our information, services, and tools to — like, you know, well— kill people. Not a recommended career path.
Great news! Robots at a terminal did not elicit a warning about prompts that violate Venice.ai’s decency guardrails. Okay, good enough.
However, Anthropic is a BAIT outfit (big AI tech, if you are not familiar with my writing that some AI detectors think is actually output by an AI system, not a dinobaby in rural Kentucky). I noted writes up like “Anthropic Labeled a Supply Chain Risk, Banned from Federal Government Contracts.” The announcement did what US government decisions usually do. The story generated buzz around Anthropic as a BAIT outfit as a firm with morals, ethics, and principles. Who knew? A Silicon Valley BAIT outfit that presumes to tell a client, “Dude, like, you know, well, you can’t use our software to do bad things.”
Flash forward to a second PR event. I learned today (April 8, 2026) that the company has another “we’re the ethical AI outfit” campaign underway. “Anthropic Says Its Most Powerful AI Cyber Model Is Too Dangerous to Release Publicly — So It Built Project Glasswing” reports:
Anthropic on Tuesday announced Project Glasswing, a sweeping cybersecurity initiative that pairs an unreleased frontier AI model — Claude Mythos Preview — with a coalition of twelve major technology and finance companies in an effort to find and patch software vulnerabilities across the world’s most critical infrastructure before adversaries can exploit them.
Okay, Glasswing, a metaphor for fragility or a fragile see-through insect, is the do-good approach to responsible AI. Furthermore, Anthropic used its super wonderful BAIT innovation to “land” some companies who in theory share Anthropic’s commitment to doing good. The cited write up states:
The launch partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. Anthropic says it has also extended access to more than 40 additional organizations that build or maintain critical software, and is committing up to $100 million in usage credits for Claude Mythos Preview across the effort, along with $4 million in direct donations to open-source security organizations.
What’s Glasswing (doesn’t that evoke images of fragility when the objective is, according to Nicholas Taleb the author of Antifragile: Things That Gain from Disorder) going to do? The Venture Beat article explains:
At the center of Project Glasswing sits Claude Mythos Preview, a general-purpose frontier model that Anthropic says has already identified thousands of high-severity zero-day vulnerabilities — meaning flaws previously unknown to software developers — in every major operating system and every major web browser, along with a range of other critical software.
Now the “transparent” PR part:
“We do not plan to make Claude Mythos Preview generally available due to its cybersecurity capabilities,” Newton Cheng, Frontier Red Team Cyber Lead at Anthropic, told VentureBeat in an exclusive interview. “However, given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout — for economies, public safety, and national security — could be severe.”
Okay, but aren’t some of these partners the very outfits who sell system that are, in fact, security risks? And a couple of these Anthropic Glasswing fliers are going to make their software more secure when other AI technology will attempt to find ways to snooker users, breach defenses, and spoof systems?
But the point is not the cat-and-mouse cyber security game. The real objective is to build a warm, amber aura of a bright sunny technology around today’s AI. The approach taken by Anthropic is definitely less expensive than buying advertising in the Wall Street Journal, attending selected cyber security conferences, and running TikTok-type videos.
But the big benefit is getting the message: “We are responsible” to the public and to the “partners” who are now going to have an opportunity to learn what other wonderful functionality Claude has. Will this lead to sales? My view is, “Yep, that’s the under publicized objective.”
The Venture Beat article adds:
Finding thousands of zero-days at once sounds impressive. Actually handling the output responsibly is a logistical nightmare — and one of the sharpest criticisms that security researchers have raised about AI-driven vulnerability discovery. Flooding open-source maintainers, many of whom are unpaid volunteers, with an avalanche of critical bug reports could easily do more harm than good. Cheng told VentureBeat that Anthropic has built a triage pipeline specifically to manage this problem. “We triage every bug that we find and then send the highest severity bugs to professional human triagers we have contracted to assist in our disclosure process by manually validating every bug report before we send it out to ensure that we send only high-quality reports to maintainers,” he said. That pipeline is designed to prevent exactly the scenario that maintainers fear most: an automated firehose of unverified reports. “We do not submit large volumes of findings to a single project without first reaching out in an effort to agree on a pace the maintainer can sustain,” Cheng added.
Anthropic’s humans and smart software have anticipated issues. There is, however, one tiny assertion that I struggle to accept. As the system looks for issues, Anthropic’s royal we enters the picture, and I quote:
We triage every bug that we find …
Anthropic then doubles down on the categorical affirmative, allegedly saying:
by manually validating every bug report….
A high school debater might ask, “If you do not know the scope of the issues or the volume, how can you state Anthropic will “manually validate every bug we find”? And, then ask, “How can a human who presumably coded with errors be relied upon to identify an error and remediate it if the software is from a system not widely supported like a legacy Hitachi mainframe or older IBM MVS/TSO system?”
I am not sure sophisticated wizards from BAIT (big AI tech) companies have qualms about categorical affirmatives, but I do. My concern is piqued when there is a precedent for creating “we are the good guys” PR. OpenAI, for example, provides its software to certain government entities known to take kinetic action. But not the good guys like Anthropic.
Before ending my dinobaby blog post with the trivial high school debater questions, I want to ask, “What BAIT outfit suffered a loss of some of its software.” If I believe the information in “What Anthropic’s Leak Means For The Coming Wave Of ‘Dark Code’,” Anthropic, the security conscious good guy, had the problem. This Forbes’ article notes:
The leak, triggered by a human error, exposed 500,000 lines of source code of Anthropic’s star product Claude Code.
If a company cannot protect its own valuable asset, how can I be expected to believe the statements which are categorical affirmative. By this example, Anthropic has demonstrated it has security problems. So “every” and “cyber security” and “bug finding.” Yeah. Got it. How do glass wings handle stress, variable temperature, and content marketing thrown at them? What if there is an AI bug zapper tuned for those with glass wings and PR that positions one AI company as the bestest in the integrity field? Zzzzapp.
Stephen E Arnold, April 9, 2026
Smart Software Seems to Lack a Capability: Adaptation to That Which It Was Not Trained
April 8, 2026
Another dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold.
William James, the American thinker much loved by first year psychology students, coined the phrase “a certain blindness.” As I recall, the idea is that each humanoid cannot perceive certain things. Scammers use the principle to get money out of grandmas and lonely widowers. Smart people with money instinctively know that they do not have any blindnesses whatsoever.
Smart software operates on the principle, probably because of the limitations of the training sets and the Rube Goldberg machine built from algorithms that power artificial intelligence. I am not sure how one fixes a humanoid who believes he or she has 360 degree sightedness or a smart software system crafted by BAIT outfits. Oh, BAIT is my lingo for “big AI tech.”
I read “AI Can Beat Chess Grandmasters, But It Can’t Adapt to Modern Video Games.” If the write up is spot on, the implication is that when a humanoid does something not in a training set, the smart software is lost in space. The write up says:
AI is still pretty bad at handling a new video game it has never seen before…. According to researchers, many of AI’s biggest gaming successes are based on systems that are finely tuned to one specific game. In those defined boundaries, AI can basically become superhuman. But as soon as there are slight changes to the rules or environments, its impressive performance can collapse.
As Jack Benny used to say, “Yipes.”
The article points out:
The research paper adds that reinforcement learning can produce impressive results, but acceptable goals are only achieved after millions or billions of simulated runs. So the system becomes an expert in the exact situation it is trained for. But all of this falls apart when any changes are introduced. Even something as simple as shifted colors or repositioned objects on a screen can break it.
I can visualize the responses from the BAIT outfits now. The jibber jabber will boil down to denial and misdirection. And why not? Which BAIT outfit wants to have investors and stakeholders shout, “You misled us” or “You are mendacious” or “You are a crook.”
The write up adds:
LLMs (Large Language Models) do not solve this either. NYU [researcher] says they perform surprisingly poorly on unfamiliar games. When it does start doing well, this is usually in custom game-specific scaffolding to interpret game states, manage memory, and execute actions. Strip that extra support away, and performance drops fast.
Interesting. But the AI push is that smart software is the next big thing. If BAIT outfits build it, people will come. Well, that’s the theory. Ignore the surveys that suggest a significant number of people are wary of smart software. What will happen when smart software and smart systems get the sub optimal answer. That will be exciting for some.
Stephen E Arnold April 8, 2026
Anthropic Complains about IP Theft and Then Gives Its IP Away Via a Security Lapse
April 7, 2026
Let’s go back a few weeks. Earlier this year, I recall reading this Business Insider story: “Anthropic Says Deepseek And Other Chinese AI Companies Fraudulently Used Claude.” The news?
“Anthropic said the distillation efforts were “industrial-scale campaigns” that included roughly 24,000 fraudulent Claude accounts that generated over 16 million exchanges “in violation of our terms of service and regional access restrictions…. Distillation is the process of training a less powerful model on the output of a more powerful model. The practice is a legitimate way that many US companies use to train their models for public release. Increasingly, major US companies are also stating that their Chinese competitors are improperly using the practice to steal their work.”
The allegation is that Anthropic released updates to their models, then the Chinese companies copied them within hours. Another issue Anthropic identified is that bad distillation poses security issues, such as the development of bioweapons. Some people believe that Anthropic used other people’s information without permission to train its models. There was a lawsuit and Anthropic paid out $1.5 billion but didn’t admit any wrongdoing.
Is this a version of the pot calling the kettle discolored? Maybe it is what’s good for the goose is definitely not good for certain ganders?
Anthropic stated that China’s AI companies: Deepseek, Moonshot AI, and MiniMax used Claude to augment their own algorithms with distillation.
Now let’s think about what happened on or around March 30, 2026. Here’s a typical headline about Anthropic’s misfire: “Anthropic Leaks Part of Claude Code’s Internal Source Code.” That incident obviated the need to steal Anthropic’s intellectual property. The company could not get its act together and watched a couple of its digital circus animals wander off to be captured and processed by anyone with an Internet connection and a link to the code. Wasn’t Anthropic labeled a supply chain risk by the US government? Did Anthropic’s management lapse validate that US government statement?
The CNBC write up notes:
A source code leak is a blow to the startup, as it could help give software developers, and Anthropic’s competitors, insight into how it built its viral coding tool. A post on X with a link to Anthropic’s code has amassed more than 21 million views since it was shared at 4:23 a.m. ET on Tuesday [March 31, 2026]. The leak also marks Anthropic’s second major data blunder in under a week. Descriptions of Anthropic’s upcoming AI model and other documents were recently discovered in a publicly accessible data cache, according to a report from Fortune on Thursday, [March 26, 2026].
I know that the Big AI Tech or BAIT outfits have many highly intelligent people. But there is the nagging thought in the back of my mind that some people at the firm say and do some less than brilliant things.
Whitney Grace, April 7, 2026
Palantir Technologies: Nicked by Sharp Marketing and Metaphors
March 24, 2026
Another dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold.
I learned about an article by reading a March 13, 2026 report titled “It Beggars Belief: MoD Sources Warn Palantir’s Role at Heart of Government Is Threat to UK’s Security.” The write up says:
Palantir, the US AI surveillance and security firm with hundreds of millions of pounds in UK government contracts, poses “a national security threat to the UK”, according to two anonymous high-level sources working with the Ministry of Defence.
My problem is that the sources are anonymous. The UK has struggled with certain types of software. One example comes to mind: The British Post Office. Another is the National Health Services’ arm wrestling with software. Plus, I am not familiar with the online publication The Nerve.
Thanks, Venice.ai. Good enough.
One of the anonymous sources in The Nerve’s write up allegedly said:
“Allowing a single entity, foreign or domestic, to have such far-reaching, pervasive access is inherently dangerous. How our national cybersecurity center has allowed this beggars belief.”
Jim Killock, executive director of the Open Rights Group, allegedly told The Nerve:
“If the US has detailed insights across everything that the MoD does, then in the event of us being recalcitrant about helping the US bomb some country, they can remind us – subtly or unsubtly – what they might do in retaliation. “The Ministry of Defence or the prime minister must have some inkling of the risks, but now we find ourselves hitched to an erratic, dangerous, megalomaniac power in denial of its own limits. If Palantir knows everything, it just gives them huge extra leverage.”
What’s interesting is that a personage using the alias sschueller provided a pointer to a February x, 2026, article in the Swiss online publication Republik. Its article “How Tenaciously Palantir Courted Switzerland” provided some additional color about Palantir Technologies.
Here’s are some quotes from the Republik write up. Are they accurate? I have no idea. I find them interesting, however.
“Palantir is here to disrupt. (…) and, when it’s necessary, to scare our enemies and occasionally kill them.”
and
“The rise of the West has not been made possible by the superiority of its ideas, values, or religion, but rather by its superiority in the use of organized violence.”
and
CTO Shyam Sankar said that Palantir products help “optimize the kill chain.”
I find Palantir somewhat amusing. The company named itself after a seeing stone, a fictional creation in the fantasy novel, The Lord of the Rings by J..R.R. Tolkien. The palentiri are not likely to save whales and snail darters.
Several observations seem to be warranted:
- Palantir’s PR is either doing its job or it is failing in its effort to present the firm in a positive manner
- Specialized software companies may find their marketing methods turn off certain commercial and government customers
- The company seems to engender fear, not just concern. (Is that a reason why most specialized software companies walk softly and market without becoming poster kids like NSO Group for questionable practices.)
Net net: My view is that some US technology companies are feeding negative perceptions about American business, technologies, and trustworthiness. But I am a dinobaby in rural Kentucky. What do I know about American firms selling to non-US entities? Nothing. Absolutely nothing. Why worry?
Stephen E Arnold, March 24, 2026
Software In Public Hands Is Now High Grade
March 17, 2026
Here’s a scary thought that we didn’t see coming: Top line AI hacking software is now in the hands of bad actors worldwide. Plan Hub reports in “How the Software Works: Bypassing Encryption” that former Olympian Ryan Wedding brought high grade technology to Canada. High-grade tools, such as zero-click phone hacking, were only available to intelligence agencies and nation-states. Some bad actors can track users in real time and read messages transmitted via systems many think are secure.
“…ODITs (On-Device Investigative or Interception Tools bypass this entirely by hacking the endpoint, the phone itself. Once the software gains deep root or kernel-level access to the device’s operating system (iOS or Android). It no longer needs to crack the encryption. Instead, it operates like a digital shadow, silently reading messages on the screen after they are decrypted. Logging keystrokes, and activating the microphone or GPS at will.”
Some call these “in the wild software” mercenary-grade tools. Some are clones or pirated versions of FinSpy/FinFisher from Gamma International, Hermit from RCS Lab, Reign from QuaDream, Predator from Cytrox/Intellexa Alliance, Pegasus from the NSO Group, and the custom ODIT used in the Canadian matter. But what about insiders who compromise an organization from within with authorized credentials?
Google recognizes the problem. The firm bought Wiz for about $32 billion. Forbes says, “Israel-based Wiz secured the largest acquisition in Google’s history and will deliver billion-dollar returns to its founders and investors.”
The question is, “Will the Google-Mandiant-Wiz set up ameliorate the security problems organizations face?” My hunch is that Google will say, “Absolutely.”
But the mice now have smart software, huge targets to probe, and upside of surprise. Plus, there is the annoying problem of insiders who compromise the organization for fun or money. That’s what one well known author calls the “elephant of surprise.” The marketing professionals at the giant online ad company will explain that my concerns are those of an uninformed, nearly dead dinobaby. Yeah, keep telling your story.
Stephen E Arnold, March 17, 2026
Has Paragon Knocked NSO Group Off the Leader Board for Great Marketing?
March 2, 2026
Another dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold.
NSO Group has been a good example of what happens when PR and marketing is viewed as no big deal. These two soft functions are definitely significant in certain contexts; for example, public awareness of mobile security.
I am not sure if the information in “The Israeli Spyware Firm That Accidentally Just Exposed Itself” is 100 percent accurate. I have not seen many references to this article published on February 12, 2026. I am writing this short blog post on February 23, 2026. It is possible that the write up simply is not that significant in the midst of some kinetic outfits near Iran and the constant refrains of Epstein Epstein Epstein.
Thanks, Venice.ai. Good enough.
What does the write up say as actual factual.
Here’s the main point of the story from Ahmedeldin’s report:
Israeli surveillance company Paragon Solutions briefly exposed its own spyware dashboard on LinkedIn, revealing the hidden architecture of a billion-dollar surveillance empire built on the backs of journalists, activists, and ordinary people.
Yep, good old LinkedIn. I am not 100 percent certain why spyware, intelware, and policeware vendors [a] have a LinkedIn page or [b] why those working as contractors or employees at these *ware firm allow individuals to put any information on any social media about what is secretive products for specialized applications. The fact that LinkedIn was a conduit strikes me as a big time mistake in governance. I personally have not felt comfortable with *ware outfits pitching their “products” after egregious security breaches have taken place when these types of systems were up and running. The problems range from commercial nightmares like SolarWind to nation state issues like the October attack on festival goers in Israel. Yep, governance is more important than marketing or over confidence.
Here’s a secondary point in the write up:
Once spyware achieves device-level persistence, access pathways inevitably extend beyond the narrow confines vendors claim and describe. The technical reality is clear: if you can compromise a device, you can access everything…. The $900 million valuation of Paragon Solutions reveals the brutal economics of surveillance capitalism.
The article wants to make darned sure the reader knows that governments cannot be trusted with sophisticated *ware. In the context of certain nation states going all in for smart software from third parties, the idea is planted that bad things will happen. News flash: Bad things have already happened and regulators and law makers have not been able to do much about these “leaky” systems.
What’s the fix? What’s the reader supposed to do?
Here’s the conclusion to the write up:
This is a crisis of global proportion, a threat to human dignity that crosses borders and transcends politics. The question is no longer whether we should be concerned about surveillance. The question is whether we will allow this system to continue unchecked, whether we will demand accountability from those who profit from our vulnerability, whether we will reclaim our digital lives from those who would turn our devices into tools of control.
Where’s the fix? Where’s the citizen pressure on elected officials? Where’s the external repair person for the damaged moral compasses in the leadership of certain big tech companies?
I hear crickets.
Stephen E Arnold, March 2, 2026
Palantir Technologies: What Is with Kim Dotcom?
February 16, 2026
Another dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold.
I walk the dog and I check out some newsfeeds. The Pinboard.in service provided a snip that said “Palantir was allegedly hacked.” The linked showed me a segment of a Kim Dotcom tweet. When I returned to my office with a happy dog, I clicked the linked again. Nope. Not valid. I poked around on X.com and my Russian language feed. X.com said, “Something has gone wrong.” Okay, no surprise.
I have zero clue if the story is true. If it is, it strikes me that some government cyber professionals will verify the validity or the inaccuracy of Kim Dotcom’s post. Here is the original, which I tracked down using some of my old-fashioned, dinobaby methods:
The original tweet asserts as actual factual:
Peter Thiel and Alex Karp commit mass surveillance of world leaders and titans of industry on a massive scale.
In my experience, I am not sure this lines up 100 percent with what Palantir actually does do. But Kim Dotcom doesn’t call me to learn about the right click wheel, the tie up with Microsoft, or the firm’s Wall Street Journal ads which said the company was an artificial intelligence outfit. Firms in the intelware business have a bit of a dual personality: There is the software and what it can do right now with a particular data set. Then there is the software presented in a demo in a trade show booth. Sometimes the two worlds are slightly different.
Mr. Dotcom asserts as the shining truth these factoids:
Palantir is creating nuclear and bio weapon capabilities for Ukraine and is working closely with the CIA to defeat Russia. They [sic] believe they [sic] are one year away. They [sic] plan to achieve this by keeping Russia busy with meaningless peace negotiations.
There you go. A curious mind might ask, “Who is keeping whom busy?”
I found this statement intriguing:
Palantir is an arm of the CIA and all data from international is copied into a CIA spy cloud.
I ran a few queries on the Web search systems’ “news” sites. I checked one of my favorite Russian sources PCnews.ru and the Yandex.com system. I did not poke around on Telegram. I don’t have my “Telegram only” device with me, but I will check this evening when I leave my cave like office in rural Kentucky.
One Russian link resolved, and I was able to read courtesy of a free online translation system this article: “Dotcom Reported Hacking of the Software Developer for the CIA Palantir. ” That write up said:
“According to reports, Palantir has been subjected to a hacker attack. Artificial intelligence was used to gain access with superuser rights,” he wrote on his page on the social network X (ex. Twitter).
Palantir is an AI company, the WSJ ad told me this. How could one AI fool another AI? I assume exactly the same way malware centric Chrome extensions make life interesting for users of Google Chrome, a product of the Mandiant and Deepseek technologies. Stuff happens.
Several observations are warranted in my opinion:
- Either Kim Dotcom has been hacked and an entity is using him as a convenient vector for fakery or Kim Dotcom is telling the truth and adding some fighter jet illumination to the back of his T shirt
- The link problem raises some interesting thoughts as well. How can Pinboard.in users react so quickly to a post and then take down that post. Pinboard.in is a stable service, but it is definitely not spoof proof. I routinely report porn spammers, SEO wonks, and the lohita outfit to Pinboard. It does take action sometimes, but not at what I would call hopping bunny rabbit speed. The speed of disappearance is fascinating.
- The assertions are quite remarkable. They are presented without evidence. I do know that Palantir when it first first birthed in that fertile Silicon Valley spirit sold a project to a three letter agency. I do not know if Palantir enjoys insider status with the freedom to pump global data into a government system. Maybe, but perhaps this seems inflammatory, not informative.
Net net: This is an interesting use of social media. One tweet got me moving. If something interesting comes out of this demonstration of social media’s “value,” we will post it. For now. I just have questions. Oh, we love the right click wheel thing.
Stephen E Arnold, February 16, 2026
Quick Tip: How to Make Enemies and Meet Law Enforcement Professionals
February 6, 2026
The name of this Bored Panda article explains everything: “‘People Are Idiots’: Fighter Jets Scrambled To Escort Flight Over Passenger’s Wi-Fi Hotspot Name.” Panic erupted on a Turkish Airlines flight when officials suspected an explosive on board. NATO jets were dispatched and escorted the flight to its destination.
Turkish flight TJ1853 took off from Istanbul and was flying to Barcelona, Spain. Three hours into the flight, the pilots and authorities suspected there were explosives on the plan. They thought this after reading a Wi-Fi hotspot name on board. The name of the hotspot was “I have a b*mb, everyone will d*e”.
The plane circled for twenty minutes while an emergency alert was sent to NATO. French fighter jets took off, met the flight midair, and escorted the plane to Barcelona. Here’s what happened next:
“After entering Spain’s airspace, Spanish military jets took over from the NATO jets and continued escorting the flight to its destination. After the skwark 7700 code (issued for a general emergency) was declared, the flight was diverted to an isolated part of the Barcelona-El Prat Airport to minimize risk to other flights.”
After landing and scouring the plane for explosives, authorities determined it was a false alert and began to hunt down the responsible party. The clever person’s name was not immediately released.
It’s one thing to name your Wi-Fi hotspot something silly. On the other hand, you could be sporty, make some enemies, and meet some law enforcement professionals. My person view is that clever is one thing and stupid is another.
Whitney Grace, February 6, 2026
Security Chaos: So We Just Live with Failure?
January 14, 2026
Another dinobaby post. No AI unless it is an image. This dinobaby is not Grandma Moses, just Grandpa Arnold.
I read a write up that baffled me. The article appeared in what I consider a content marketing or pay to play publication. I may be wrong, but the content usually hits me as an infomercial. The story arresting my attention this morning (January 13, 2026) is “The 11 Runtime Attacks Breaking AI Security — And How CISOs Are Stopping Them.” I expected a how to. What did the write up deliver? Confusion and a question, “So we just give up?”
The article contains this cheerful statement from a consulting firm. Yellow lights flashed. I read this:
Gartner’s research puts it bluntly: “Businesses will embrace generative AI, regardless of security.” The firm found 89% of business technologists would bypass cybersecurity guidance to meet a business objective. Shadow AI isn’t a risk — it’s a certainty.
Does this mean that AI takes precedence over security?
The article spells out 11 different threats and provides solutions to each. The logic of the “stopping runtime attacks” with methods now available struck me as a remarkable suggestion.
The mice are the bad actors. Notice that the capable security system is now unable to deal with the little creatures. The realtime threats overwhelmed the expensive much hyped-cyber cat. Thanks, Venice.ai. Good enough.
Let’s look at three of the 11 threats and their solutions. Please, read the entire write up and make you own decision about the other eight problems presented and allegedly solved.
The first threat is called “multi turn crescendo attacks.” I had no idea what this meant when I read the phrase. That’s okay. I am a dinobaby and a stupid one at that. It turns out that this fancy phrase means that a bad actor plans prompts that work incrementally. The AI system responds. Then responds to another weaponized prompt. Over a series of prompts, the bad actor gets what he or she wants out of the system. ChatGPT and Gemini are vulnerable to this orchestrated prompt sequence. What’s the fix? I quote:
Stateful context tracking, maintaining conversation history, and flagging escalation patterns.
Really? I am not sure that LLM outfits or licensees have the tools and the technical resources to implement these linked functions. Furthermore, in the cat and mouse approach to security, the mice are many. The find and react approach is not congruent with runtime threats.
Another threat is synthetic identify fraud. The idea is that AI creates life like humans, statements, and supporting materials. For me, synthetic identities are phishing attacks on steroids. People are fooled by voice, video and voice, email, and SMS attacks. Some companies hire people who are not people because AI technology advances in real time. How does one fix this? The solution is, and I quote:
Multi-factor verification incorporating behavioral signals beyond static identity attributes, plus anomaly detection trained on synthetic identity patterns.
But when AI synthetic identity technology improves how will today’s solutions deal with the new spin from bad actors? Answer: They have not, cannot, and will not with the present solutions.
The last threat I will highlight is obfuscation attacks or fiddling with AI prompts. Developers of LLMs are in a cat and mouse game. Right now the mice are winning for one simple reason: The wizards developing these systems don’t have the perspective of bad actors. LLM developers just want to ship and slap on fixes that stop a discovered or exposed attack vector. What’s the fix? The solution, and I quote, is:
Wrap retrieved data in delimiters, instructing the model to treat content as data only. Strip control tokens from vector database chunks before they enter the context window.
How does this work when new attacks occur and are discovered? Not very well because the burden falls upon the outfit using the LLM. Do licensees have appropriate technical resources to “wrap retrieved data in delimiters” when the exploit may just work but no one is exactly sure why. Who knew that prompts in iambic pentameter or gibberish with embedded prompts ignore “guardrails”? The realtime is the killer. Licensees are not equipped to react and I am not confident smart AI cyber security systems are either.
Net net: Amazon Web Services will deal with these threats. Believe it or not. (I don’t believe it, but your mileage may vary.)
Stephen E Arnold, January 14, 2026
Telegram Has a Plumber and a Pinger But Few Know
January 12, 2026
While reviewing research notes, the author of the “Telegram Labyrinth” spotted an interesting connection between Telegram and a firm with links to the Kremlin. A now-deleted Reuters report alleged that Telegram utilizes infrastructure linked to the FSB. The provider is Global Network Management (GNM), owned by Vladimir Vedeneev, a former Russian Space Force member with a Russian security clearance. Vedeneev’s relationship with Pavel Durov dates back to the VKontakte era, and he reportedly provided the networking foundation for Telegram in 2013.
Vedeneev maintains access to Telegram’s servers and possessed signatory authority as both CEO and CFO for Telegram. He also controls Electrotelecom, a firm servicing Russian security agencies. While Durov promises user privacy, Vedeneev’s firms provides a point of access. If exercised, Russia’s government agencies could legally harvest metadata via deep packet inspection. Registered in Antigua and Barbuda, the legal set up of GNM provides a possible work-around for EU and US sanctions on some Telegram-centric activities. GNM operates with opaque points of presence globally, raising questions about its partnerships with Google, Cloudflare, and others.
Stephen E Arnold hypothesizes that Telegram and GNM are tightly coupled, with Durov championing privacy while his partner facilitates state surveillance access. Political backing likely protects this classic “man in the middle” operation possible. If you want to read the complete article in Telegram Notes, click this link.
Kent Maxwell, January 12, 2026
-
- Subscribe to Beyond Search
Feature archive
News archive
-
