Scotland’s “Cato” Plan: Bigger Than the Auschwitz Main Camp, For… Nobody

Birkenau’s function was murder, genocide at industrial scale. A very similar looking and sounding facility called “Cato” in Scotland claims it will be for computation for an end user who remains unidentified, under an application whose statement of intent permits modification once one is found.

The uncertainty of use makes the appearance and description of the design the only evidence on the table. The perimeter architecture is Holocaust camp scale. The design vocabulary is the classical canon, deployed here exactly as the Hitler regime deployed it, as legitimation for an enclosure. The landscaping is explained as screening, and whatever the motive, the effect is a facility removed from daily sight. The community benefit is a promised fund announced before any tenant, any figure, or any terms, a pledge with nothing behind it that anyone can verify.

The lesson from Nazi Germany is that the aesthetics, the classical framing and the screening methods are what enable the unthinkable, the mechanism Jonathan Glazer put on screen in The Zone of Interest (2023): a family garden flourishing against the camp wall, the hedge doing the moral work.

The movie you see observes the mundane day-to-day lives of a well-off German family. Over and over, the father, Rudolf (played by Christian Friedel), goes to and from work; the mother, Hedwig (Anatomy of a Fall’s Sandra Hüller), tends to her garden; and their children, a rambunctious bunch, play with their toys. In the movie you hear, however, there’s intermittent gunfire, bursts of screams, and an ever-present industrial cacophony. Along with snatches of dialogue and glimpses of details—the costuming, the barbed wire, the smoke—the film makes clear what’s going on: Rudolf is Rudolf Höss, the real-life longest-serving commandant of Auschwitz, and this is a portrait of how he and his Nazi family actually lived, going about their days adjacent to the death camp he ran.

Let me put it like this. A 69-hectare double-fenced compound is apparently being named for a Stoic, dressed by Polykleitos, hidden by “bunds”, built for a tenant nobody will name.

The Cato architects cite the ancient Greek stoa and the proportional ideas found in Polykleitos’s Canon, describing proportion, order and harmony as expressions of a deeper philosophical worldview. Polykleitos’s Canon was precisely the proportional system the Third Reich claimed as its aesthetic lineage. Riefenstahl’s Olympia opens with Myron’s Discobolus dissolving into the body of a living German athlete, the explicit visual argument that the Greek ideal survives in the Aryan body. Hitler personally purchased the Discobolus Palombara in 1938 and installed it in the Munich Glyptothek as ancestral property. Breker’s state sculpture carried the classical canon into the New Reich Chancellery, his bronzes flanking the court of honour. Günther and Rosenberg wrote the Greeks into Nordic race history as a formal doctrine.

It’s impossible to make this stuff up. Nazis invoke antiquity as proportion, order, and harmony to confer civilizational legitimacy to an atrocity. To be clear, the canon itself belongs to everyone. Edinburgh calls itself the Athens of the North and keeps an unfinished Parthenon on Calton Hill. A colonnade proves nothing. The tell is the combination: classical dress, camp-scale perimeter, screening vegetation, and a function nobody will state. Any one element on its own is innocent, as you find all over the world. All four together fits a very narrow and specific pattern with a documented history.

Rudolf Höss stated that good train connections and the possibility of camouflaging the extermination process dictated the choice of Birkenau as the site. The SS planted a green belt of trees and hedges around Crematoria II through V, landscaping deployed as sightline management. Cato’s plan calls them landscape bunds, with new woodland, wetland, hedgerow, scrub, and wildflower meadow habitats wrapped around the security perimeter. Theresienstadt got its Verschönerung for the June 1944 Red Cross visit: fresh paint, gardens, a staged film, the enclosure marketed as a gift to its inhabitants.

One Cato data hall is about the size of fifty Birkenau barracks, due to modern engineering. Birkenau contained approximately 300 barracks and buildings within about 140 hectares, single-story horse-stable barracks of roughly 400 m² each, giving a total built footprint somewhere around 120,000 m². Cato puts 160,000 m² of footprint into seven halls at 35 metres tall. Seven buildings, phased over several years, will exceed the combined footprint of three hundred.

Putin’s Luxury Yachts Spotted, Fleeing Strikes by Ukraine

A luxury yacht of Putin’s, exposed by Alexei Navalny’s team six months before he was poisoned to death in an Arctic prison, is being evacuated.

The apparent decision to move the yacht north [to the Northern Fleet’s main naval base at Severomorsk in the Kola Bay] is believed to be driven by concerns that Ukrainian drones could target the vessel while it is berthed either in Kaliningrad or near St Petersburg. Ukrainian drones have in recent weeks struck the strategically important Russian naval base at Kronstadt and several oil terminals in the area.

As it sailed along the Norwegian coast, Kosatka (or Graceful) was escorted by the Northern Fleet’s anti-submarine destroyer Severomorsk and the newly commissioned special patrol vessel Voevoda, whose name translates as “warlord”.

Graceful is the second Putin-linked yacht to leave European waters, given the Victoria departed the Black Sea for Bodrum on June 30. The Graceful transited Danish straits with anti-drone netting covering its decks, revealing the fear Putin’s “luxury” floats on now while his country burns around him.

U.S. Military “patrol” in American City Shoots and Kills Citizen

This is the headline Posse Comitatus was written to prevent, and the Trump deployment was engineered precisely to sit in the statute loophole: soldiers under nominal state status, executing a federally convened and federally funded policing mission, with a governor’s signature. We were told Republicans would never allow it, and here we see the exact opposite. MAGA are the ones erasing the blue line, using the Army like it’s “America First” soldiers in 1919 Elaine, Arkansas again.

Authorities said the soldiers in Memphis were responding with local police to reports of gunshots around 4 a.m. when they began pursuing an armed man fleeing on foot. The guardsmen opened fire after the man turned toward them with his weapon, according to the city’s police department.

The victim is Tyrin Johnson, 20, shot twice in the chest according to his family, a construction worker taking university classes who had his first child earlier this year.

Nobody will say whether this was the first time deployed soldiers fired on a civilian since the operation began. TBI data records at least four officer-involved shootings tied to the task force, although the two in May involved no military weapons discharge. When reporters asked whether Sunday marked the first Guard discharge, and how many shots were fired, both TBI and the Guard went silent.

Is Credal Building the Palantir of Agentic AI?

Two Palantir staff left to build a startup, and what they built is a centralized system that watches every question employees ask, every document an AI retrieves on their behalf, and every action an agent takes across an enterprise.

Sometimes I ask myself who would gladly admit they worked at Palantir. For several years, after it first started, a regular flow of staff would leave and reach out to me personally to discuss the ethical dilemmas that forced them to quit. I literally held a confession box routine in the pizza parlors and cafes of downtown San Francisco, effectively Big Data Ethics counseling. Some of the brightest people I ever met, who had gone to work expecting to do good, came out expressing severe disappointment, soul-searching like people processing the evil they had helped build.

When I see the inverse, the proud Palantir alums overtly stating they are launching more surveillance centralized for more use-cases, I guess I’m the person expected to call it out for what it is.

Credal, founded in 2022 by Jack Fischer and Ravin Thambapillai after five and seven years respectively at Palantir, sells what it calls “The Control Plane for Enterprise Agents.” Their tagline is an embarrassment. The control plane is where power concentrates, and they named the product for amassing power over people, as if Palantir has inverted ethics in America.

The company documentation is candid about what the platform does, which makes the analysis below straightforward: no whistleblowers, no leaked memos, just their own words.

Architecture

Credal is structurally indistinguishable from a surveillance platform, built as a data custody and observation layer. Their documentation describes indexing unstructured data from Slack, Confluence, Google Drive, Salesforce, and databases into a central context layer running on infrastructure the vendor operates or ships. Administrators get, in Credal’s own framing, a single control panel showing every agent using a given system, full audit logging, and usage visibility across the organization. Prompts, retrievals, and actions all transit the vendor’s code. Only the vendor can make the distinction between governance and surveillance verifiable, and nothing they publish does.

We all know what that means based on breaches like Uber’s “God View”. A system that ingests an organization’s communications and documents into a centralized store, mediates all queries against that store, logs who asked what and what they were shown, and reports it to a monitoring authority. That is literally a commercialized intelligence system.

Staff trained on Palantir’s architecture emerge selling surveillance and governance as the same capability to different orgs. Palantir built a generation of systems on exactly this duality, so the repetition is unsurprising. The founders’ stated insight was that their Palantir background in enterprise data positioned them to build a data platform doing the same thing again, with sprinkles on top.

Structural Warning

Intent is unknowable and irrelevant to the judgment. The relevant question for any customer, and the only question a security review should ask, is: can a Palantir-derived surveillance system achieve safety?

The answer, for Credal, is hand-waving with generic policy documents. Contractual terms, a SOC 2 Type II report, HIPAA-ready configurations, Data Privacy Framework registration. These are weak, just attestations about process, audited periodically, by auditors the vendor engages. They are not disclosing the properties of the system that any auditor or customer can verify. Their code is closed. Their audit logs are produced by the entity judging them, avoiding independence. There is no external mechanism by which a customer can confirm that their observation layer observes less than everything Palantir would.

A system whose safety rests entirely on unverifiable policy should be evaluated by its structure, not the glossy brochures. Palantir itself leaked its own tools and key customer list to TechCrunch in 2015, and a 2021 misconfiguration gave FBI employees unwarranted access. The systems that watch everyone are not exempt from failure, and certain types of vendors have a documented record of screwing it up completely.

Structurally, an agentic surveillance platform has been built from first steps to violate the distributed nature of privacy. Centralization for observation moves the burden of demonstrating otherwise to the vendor, and the demonstration would have to be structural: verifiable builds, inspectable enforcement code, customer-held keys, tamper-evident logs the vendor cannot rewrite. Until then, “trust us” is the entire security model, offered by alumni of the company that made “trust us” indefensible.

Dangerous EU Exposure

For European customers the product fails under jurisdictional requirements.

Credal was created to be a rapid-valuation venture-backed US company. Its EU legal story, per the founders’ own statements to press, leans on Data Privacy Framework registration. The DPF is the third attempt at a US-EU transfer mechanism; the Court of Justice of the EU invalidated the first two, Safe Harbor in 2015 and Privacy Shield in 2020, both times over US government access to data held by US providers. A compliance posture built on the third iteration of a twice-invalidated mechanism shows they haven’t done more than the bare minimum, which could evaporate any day.

Jurisdiction does not stop at the transfer mechanism. Under the US CLOUD Act, a US provider is subject to US legal process for data in its possession, custody, or control regardless of where the servers sit. Credal’s architecture therefore maximizes risk to non-US customers: the product’s value proposition is in data custody. The corpus, the query history, the audit trail of what every employee asked and saw, all held by a US entity that also serves the US Federal Government as a customer. An EU customer can’t avoid the fact that no data processing agreement will protect against harm. The vendor knows the agreement binds them and not the American government, putting their customers in harm’s way.

The on-premises option shifts the servers, not the trust model. Closed code running on your hardware is still closed code. What are you allowed to verify about what it phones home, what its update channel delivers, or what its logging omits? Orca’s amended complaint documented Wiz architecture reading customer snapshots into Wiz’s own cloud account while Wiz marketing claimed snapshots never leave the customer tenant. On-prem deployment of an unverifiable system is a different variation of the same question, opposite of a proper answer.

The EU Cloud and AI Development Act (COM(2026) 502 final) makes it clear. Its sovereignty requirements are aimed at vendors like this one: critical AI infrastructure whose custody, code, and legal exposure resolve to a non-EU entity. A European organization routing its internal communications and its agents’ actions through this centralized architecture is installing a foreign-controlled observation layer at the center of its operations, without protection from American political whimsy.

Test Time

There is a simple test for whether a governance platform is distinguishable from a surveillance platform: can the customer verify they are free from surveillance, or only get marketing docs?

Everything Credal publishes describes a system where the customer is told. Certifications attest, contracts promise, dashboards display what the vendor’s code chooses to display. Nothing published describes a mechanism by which a customer, or a regulator, could independently confirm the system’s behavior against its claims.

Companies who define products the way Credal does are playing against transparency while asking for trust. Customers who evaluate the architecture on structure alone, regardless of intention, should note an agentic observation layer with unverifiable behavior is a privacy anti-pattern, if not a national security exposure. The assessment stands because only the vendor can make it falsifiable, and the vendor, not the customer, holds the means to do so.

The founders learned at Palantir that the control plane is where power concentrates. Palantir’s police deployments show what concentrated observation becomes in practice: a secret predictive program run without the knowledge of New Orleans city government, LAPD training manuals for searching people by race and family association, a German constitutional court ruling against it. In Hesse, the German state that pioneered Palantir’s Gotham as hessenDATA, police insiders pulled non-public personal data from the force’s databases that surfaced in neo-Nazi death threats against a lawyer, politicians, and an artist, signed “NSU 2.0”, and not a single officer was convicted. Centralized observation does not stay pointed where the brochure promises. European customers should recognize the pattern before signing.