That’s a valid point, yes. But shoddy opsec doesn’t mean no opsec.
Or replace “stopped disclosing its advancements” with “started caring about opsect related to its most important projects”.
I’m skeptical to which extent the latter can be done. That’s like saying an AI lab should suddenly care about AI safety. One can’t really bolt a security mandate onto an existing institution and expect a competent result.
That’s a valid point, yes. But shoddy opsec doesn’t mean no opsec.
Or replace “stopped disclosing its advancements” with “started caring about opsect related to its most important projects”.
I’m skeptical to which extent the latter can be done. That’s like saying an AI lab should suddenly care about AI safety. One can’t really bolt a security mandate onto an existing institution and expect a competent result.