Quite bluntly, have you actually read the proposal and compared it against our current situation? Are you seriously worried Anthropic is going to continue their nefarious consolidation of power by… looping in trusted partners to double-check their safety results?
I am suggesting a short period of early release access. We have already seen from the Mythos release that this is actually sufficient to patch critical software and ensure the release is less publicly disruptive. I have no clue how a few months of early access results in a serious “imbalance of control”—at worst, you can trivially fix this by rotating what groups get early access, neh?
Equally, if you’re worried about betrayal, surely that makes it better to have a trusted group of a few hundred people, rather than “the entire population of Earth”? It is quite obviously easier to monitor a few dozen organizations for malicious usage and bad actors, versus the entire public population.
We have somehow survived the problem of vetting who the “good guys” are despite the attackers incentives for centuries. It’s the basic concept of security clearances.
If you get a net safety benefit, I think most of it will actually just come from reducing the absolute amount of use your model gets.
That is part of what I am suggesting, yes. Conversely, “withdrawing it entirely” gets you absolutely zero new information, so I’m not sure how that’s possibly a fair comparison.
Perhaps I failed to communicate something clearly, but this all reads like a ridiculous strawman of my actual proposal, which is simply “we should have independent organizations involved in mundane auditing, so that more people are aware of capabilities before they become public, and we can involve the relevant security teams”
P.S. Cyber has been a common professional term for decades so maybe save the linguistic snobbery for your own personal blog? I don’t see what purpose is served by spelling out your personal distaste with one particular word I used, and I struggle to read it as anything other than an insult when you say it “reeks of clueless”. You could have been polite, or just cut the footnote entirely.
Edited to Add: Okay, I reviewed my post and comment and I don’t mention “bioterrorism” anyway so I’m now extremely convinced you’ve confused my post for someone else’s—why are you writing an entire footnote about something I never brought up?
Quite bluntly, have you actually read the proposal and compared it against our current situation?
Yes. But I didn’t read it carefully enough, and I let myself mentally import aspects of actual Glasswing that you didn’t actually mention. I don’t think it makes a critical difference, though.
The first thing I let get me was that you talk about it much more as a test of the model than I think actual Glasswing was. I believe that Glasswing was much more about selectively letting people use the known capabilities, with basically no intention to treat the early access people as evaluators or approvers of the model itself. You seem to see your proposal as some of both, though. As long as there’s any component at all where the early access people get to use the capabilities any of their own purposes, at least some significant power concentration concern remains.
Second, I mentally included followon stuff that wasn’t strictly part of Glasswing, but that’s strongly associated with it in my mind. In Glasswing, the early access group got Mythos. Later, everybody else got Fable, which intentionally nerfs many of the capabilities of Mythos, to the point of making it basically unusable for a lot of people and applications. That nerfing seems to be meant to be permanent. You didn’t mention that, although I think it’s pretty reasonable to expect something like it to be part of any real implementation of what you propose. If so, that amplifies the power concentration issue.
Are you seriously worried Anthropic is going to continue their nefarious consolidation of power by… looping in trusted partners to double-check their safety results?
No, I’m afraid of power concentrating in the people they “loop in”.
… and honestly I don’t care if their intentions are nefarious or not, only about the results.
I have no clue how a few months of early access results in a serious “imbalance of control”
If it’s just early access, with no greater limitations on what the public eventually gets than on what the early users get, then that reduces the power concentration concern… somewhat. That’s a pretty big assumption, though. Would you mean to commit to never reducing the general-release capabilities based on what the early access found?
Even assuming pure early access, though, a few months is still a significant fraction of a “model cycle”. It’s not an advantage you can ignore.
at worst, you can trivially fix this by rotating what groups get early access, neh?
I assume you’re not suggesting rotating among just anybody who shows up and asks, only rotating among those who meet some criteria for being “trusted partners”. In practice, that’s going to be a small set of similar entities with similar goals and outlooks, probably with their own web of cooperative relationships. So, no, that doesn’t fix it.
You might not even be able to identify enough “trusted partners” to let you rotate at all.
We have somehow survived the problem of vetting who the “good guys” ared despite the attackers incentives for centuries. It’s the basic concept of security clearances.
There haven’t been security clearances for centuries. But honestly security clearances have many of the same problems. Much of the clearance process is a conformism check; that concentrates access among people who support the existing system… to the point of being willing to swear to keep its secrets without knowing what those secrets may be. No, they don’t (or at least didn’t) demand that you have any particular positions on (most) specific political questions, but they demand things that correlate with all kinds of stuff.
The clearance system obviously does manage to exclude some risky people, even some who aren’t obvious flakes. I don’t know that anybody actually knows how successful it is. It’s a self-perpetuating thing based on tradition and “common sense”, not something you can actually do statistics on. And it’s embedded in a larger classification system, in which compartmentation and other ways of reducing the number of people with access are actually way more important than clearance.
To whatever degree it does work, it works by vastly more detailed and invasive individualized investigation than I think you’re suggesting. You don’t get a security clearance based on your organizational affiliation; you’re granted the affiliation contingent on the clearance. Would you even want to import that kind of rigor?
And it’s aimed at actors with affiliated with mostly known adversaries, or people who look easy to coerce. There are more obvious flags for those than for freelance omnicidal mania, random criminal tendencies, etc.
Equally, if you’re worried about betrayal, surely that makes it better to have a trusted group of a few hundred people, rather than “the entire population of Earth”? It is quite obviously easier to monitor a few dozen organizations for malicious usage and bad actors, versus the entire public population.
Doesn’t that translate to the benefit being entirely from absolute reduction in access, and not from the phased part?
I don’t see what purpose is served by spelling out your personal distaste with one particular word I used,
It had nothing to do with you personally using “cyber”. I flagged it because at this point, it’s starting to confuse people when I don’t use, so I’m starting to feel like I have to explain. This probably means it’s getting close to the point where I have to just plain give up.
I’m sorry about the “clueless Beltway arrivisme”. I can see where you could take it as pointed at you, enough to gloss over the “Beltway arrivisme” part. It’s not aimed at you or really anybody using “cyber” now. It’s aimed at the people who originally introduced “cyber”. Those people were, in fact, clueless Beltway arrivistes. I forget that not everybody has that history nowadays.
Okay, I reviewed my post and comment and I don’t mention “bioterrorism” anyway so I’m now extremely convinced you’ve confused my post for someone else’s—why are you writing an entire footnote about something I never brought up?
You brought up “mundane harms”. I used canonical examples of “mundane harms”… the ones that apparently most motivated the original Glasswing. The footnote is to explain that I am not personally suggesting that anybody is very motivated to use bioweapons.
The proposal is 2-3 months of exclusive access, focused on evaluating the tool and using it to update security. Due to the centralized nature of LLMs, the labs can review how these groups actually use the tool—it would be hard to sneak an unrelated project in.
First, that doesn’t seem like a huge advantage to me.
Second, historically, this seems like the normal course of events? Individuals couldn’t afford to build factories or railroads. We seem to have done just fine despite that. Technologies are always going to give the most benefit to the rich, because they have the resources to leverage them.
Third, by nature of being private companies, the labs have always been able to form private partnerships like this. If they really wanted to, they could have been “picking winners and losers” for a while. So far, the incentive seems to be that selling to the public is much, much more profitable, so I’m not yet concerned.
Now, I’m not saying this is the IDEAL course of events, but… I don’t get why so many people place such a high priority on “dispersal / decentralization” right now, in 2026, given current capabilities. I tend to think that, except for the government intervention, the Mythos release was handled pretty ideally, and a public release in February or April, without any time for the ecosystem to prepare, would have been much worse.
(I do actually remember when “cyber” was a clear sign of a starry-eyed company that was going to die in the DotCom bubble, but after so many decades I’ve just given up and tried to shift with whatever language “the kids these days” are using.)
And, to be clear, this is just Step 1, today—let’s start ensuring that future models don’t cause a Mythos-tier security shitstorm; let’s start finding out which companies have a good track record at evaluating models; let’s start tracking how long it takes to go from “Glasswing” to “Public”.
These all give us barometers for when things get more dangerous. If Mythos 2 doesn’t cause another spike in security bugs, it can probably get shoved out the door ASAP. Conversely, if it takes twice as long for companies to secure their systems the second time around, then Mythos 3 is more likely to be even more of a serious security risk and we might want to start pushing harder on other regulations.
Quite bluntly, have you actually read the proposal and compared it against our current situation? Are you seriously worried Anthropic is going to continue their nefarious consolidation of power by… looping in trusted partners to double-check their safety results?
I am suggesting a short period of early release access. We have already seen from the Mythos release that this is actually sufficient to patch critical software and ensure the release is less publicly disruptive. I have no clue how a few months of early access results in a serious “imbalance of control”—at worst, you can trivially fix this by rotating what groups get early access, neh?
Equally, if you’re worried about betrayal, surely that makes it better to have a trusted group of a few hundred people, rather than “the entire population of Earth”? It is quite obviously easier to monitor a few dozen organizations for malicious usage and bad actors, versus the entire public population.
We have somehow survived the problem of vetting who the “good guys” are despite the attackers incentives for centuries. It’s the basic concept of security clearances.
That is part of what I am suggesting, yes. Conversely, “withdrawing it entirely” gets you absolutely zero new information, so I’m not sure how that’s possibly a fair comparison.
Perhaps I failed to communicate something clearly, but this all reads like a ridiculous strawman of my actual proposal, which is simply “we should have independent organizations involved in mundane auditing, so that more people are aware of capabilities before they become public, and we can involve the relevant security teams”
P.S. Cyber has been a common professional term for decades so maybe save the linguistic snobbery for your own personal blog? I don’t see what purpose is served by spelling out your personal distaste with one particular word I used, and I struggle to read it as anything other than an insult when you say it “reeks of clueless”. You could have been polite, or just cut the footnote entirely.
Edited to Add: Okay, I reviewed my post and comment and I don’t mention “bioterrorism” anyway so I’m now extremely convinced you’ve confused my post for someone else’s—why are you writing an entire footnote about something I never brought up?
Yes. But I didn’t read it carefully enough, and I let myself mentally import aspects of actual Glasswing that you didn’t actually mention. I don’t think it makes a critical difference, though.
The first thing I let get me was that you talk about it much more as a test of the model than I think actual Glasswing was. I believe that Glasswing was much more about selectively letting people use the known capabilities, with basically no intention to treat the early access people as evaluators or approvers of the model itself. You seem to see your proposal as some of both, though. As long as there’s any component at all where the early access people get to use the capabilities any of their own purposes, at least some significant power concentration concern remains.
Second, I mentally included followon stuff that wasn’t strictly part of Glasswing, but that’s strongly associated with it in my mind. In Glasswing, the early access group got Mythos. Later, everybody else got Fable, which intentionally nerfs many of the capabilities of Mythos, to the point of making it basically unusable for a lot of people and applications. That nerfing seems to be meant to be permanent. You didn’t mention that, although I think it’s pretty reasonable to expect something like it to be part of any real implementation of what you propose. If so, that amplifies the power concentration issue.
No, I’m afraid of power concentrating in the people they “loop in”.
… and honestly I don’t care if their intentions are nefarious or not, only about the results.
If it’s just early access, with no greater limitations on what the public eventually gets than on what the early users get, then that reduces the power concentration concern… somewhat. That’s a pretty big assumption, though. Would you mean to commit to never reducing the general-release capabilities based on what the early access found?
Even assuming pure early access, though, a few months is still a significant fraction of a “model cycle”. It’s not an advantage you can ignore.
I assume you’re not suggesting rotating among just anybody who shows up and asks, only rotating among those who meet some criteria for being “trusted partners”. In practice, that’s going to be a small set of similar entities with similar goals and outlooks, probably with their own web of cooperative relationships. So, no, that doesn’t fix it.
You might not even be able to identify enough “trusted partners” to let you rotate at all.
There haven’t been security clearances for centuries. But honestly security clearances have many of the same problems. Much of the clearance process is a conformism check; that concentrates access among people who support the existing system… to the point of being willing to swear to keep its secrets without knowing what those secrets may be. No, they don’t (or at least didn’t) demand that you have any particular positions on (most) specific political questions, but they demand things that correlate with all kinds of stuff.
The clearance system obviously does manage to exclude some risky people, even some who aren’t obvious flakes. I don’t know that anybody actually knows how successful it is. It’s a self-perpetuating thing based on tradition and “common sense”, not something you can actually do statistics on. And it’s embedded in a larger classification system, in which compartmentation and other ways of reducing the number of people with access are actually way more important than clearance.
To whatever degree it does work, it works by vastly more detailed and invasive individualized investigation than I think you’re suggesting. You don’t get a security clearance based on your organizational affiliation; you’re granted the affiliation contingent on the clearance. Would you even want to import that kind of rigor?
And it’s aimed at actors with affiliated with mostly known adversaries, or people who look easy to coerce. There are more obvious flags for those than for freelance omnicidal mania, random criminal tendencies, etc.
Doesn’t that translate to the benefit being entirely from absolute reduction in access, and not from the phased part?
It had nothing to do with you personally using “cyber”. I flagged it because at this point, it’s starting to confuse people when I don’t use, so I’m starting to feel like I have to explain. This probably means it’s getting close to the point where I have to just plain give up.
I’m sorry about the “clueless Beltway arrivisme”. I can see where you could take it as pointed at you, enough to gloss over the “Beltway arrivisme” part. It’s not aimed at you or really anybody using “cyber” now. It’s aimed at the people who originally introduced “cyber”. Those people were, in fact, clueless Beltway arrivistes. I forget that not everybody has that history nowadays.
You brought up “mundane harms”. I used canonical examples of “mundane harms”… the ones that apparently most motivated the original Glasswing. The footnote is to explain that I am not personally suggesting that anybody is very motivated to use bioweapons.
I really appreciate this response.
I still don’t quite get “concentration of power”:
The proposal is 2-3 months of exclusive access, focused on evaluating the tool and using it to update security. Due to the centralized nature of LLMs, the labs can review how these groups actually use the tool—it would be hard to sneak an unrelated project in.
First, that doesn’t seem like a huge advantage to me.
Second, historically, this seems like the normal course of events? Individuals couldn’t afford to build factories or railroads. We seem to have done just fine despite that. Technologies are always going to give the most benefit to the rich, because they have the resources to leverage them.
Third, by nature of being private companies, the labs have always been able to form private partnerships like this. If they really wanted to, they could have been “picking winners and losers” for a while. So far, the incentive seems to be that selling to the public is much, much more profitable, so I’m not yet concerned.
Now, I’m not saying this is the IDEAL course of events, but… I don’t get why so many people place such a high priority on “dispersal / decentralization” right now, in 2026, given current capabilities. I tend to think that, except for the government intervention, the Mythos release was handled pretty ideally, and a public release in February or April, without any time for the ecosystem to prepare, would have been much worse.
(I do actually remember when “cyber” was a clear sign of a starry-eyed company that was going to die in the DotCom bubble, but after so many decades I’ve just given up and tried to shift with whatever language “the kids these days” are using.)
And, to be clear, this is just Step 1, today—let’s start ensuring that future models don’t cause a Mythos-tier security shitstorm; let’s start finding out which companies have a good track record at evaluating models; let’s start tracking how long it takes to go from “Glasswing” to “Public”.
These all give us barometers for when things get more dangerous. If Mythos 2 doesn’t cause another spike in security bugs, it can probably get shoved out the door ASAP. Conversely, if it takes twice as long for companies to secure their systems the second time around, then Mythos 3 is more likely to be even more of a serious security risk and we might want to start pushing harder on other regulations.