History, Sailing, Security

Hegseth Says Lynching Noose Campaigner is Head of Navy

Leave a comment

Have you seen the toxic campaign by the guy in Virginia who Hegseth just appointed to lead the Navy? It’s a lynching coin.

Source: Virginia Senate

In case that photo is a little too shiny, here’s the raw image; simply a noose, hanging an animal, invoking both Virginia and Navy violent racist history.

Let’s run a thought experiment. A retired Navy Captain named Lynching, running for office in Virginia, hands out a coin reading “I want my senator to be Lynching” with a hanged figure.

Who calls a lynching campaign clever? In Virginia. Does someone really say “but his name is Lynching” or “how funny”? Does someone say “but the figure being hanged is subhuman?”

Let me be clear about the history of the noose on the coin, since we’re talking about lynching here. Thomas Jefferson as Governor of Virginia ordered Charles Lynch to “suppress conspiracy” in 1780. Conspiracy for what? I’ll get to that.

Lynch then tied men to a tree, lashed them and “hung” them by the thumbs. Two years later he called it officially “Lynch’s Law”, presumably as an import of the old English guilty-until-proven-innocent “Lydford Law”.

I oft have heard of Lydford law,
How in the morn they hang and draw,
And sit in judgment after.

A few years after the severe lashings and hangings by Lynch, the town of Lynchburg, Virginia was chartered by his brother. They have remained connected ever since and to this day.

What conspiracy brought the tree-based lashings and hangings? Well, it was really about enslaved Black people who had pursued the freedoms that Dunmore’s November 7, 1775 Proclamation promised them. The British Crown’s military command was at the time the only clear available emancipation pathway for American Blacks. Sir Henry Clinton’s Philipsburg Proclamation of June 30, 1779 expanded it further to include any American Black regardless of whether they took up arms. It’s estimated as many as 100,000 Blacks fled slavery-obsessed American rebels in order to seek freedom under the Crown. The colonies were in a fight to preserve slavery. By Jefferson’s 1980 order, American Blacks were to face the grave danger of being Lynched, a long while before the city of Lynchburg had been named.

Jefferson directly called out King George III in both the Virginia Constitution and the draft Declaration of Independence (later struck out) on charges of “prompting our negroes to rise” instead of remain down as slaves. Yes, the same guy who authored the “all men being created equal” also said he waged war with the British Crown because the King had said Virginian Blacks deserved freedom. Jefferson by 1780 therefore wasn’t just establishing Lynch’s Law generically against “loyalists” but setting up a method by which Black people would remain enslaved in America to him, instead of free under rule of the British Crown.

Fast forward and Virginia recorded roughly 100 documented lynchings between 1880 and 1930. The Equal Justice Initiative still maintains the count.

Almost every documented lynching between the 1830s and 1960s. Source: Smithsonian. Monroe Work Today/Auut Studio

Virginia is without a doubt the state where Cao’s noose imagery would land the hardest. A candidate who campaigns on lynching in Virginia is performing a very specific act. It also happened at a very specific time. Loudoun County, where Cao lives in Purcellville, is known for the Leesburg lynching of Page Wallace in 1880. Del. David Reid, who represents Loudoun, sponsored the 2025-2026 budget line funding new historical markers at Virginia lynching sites such as Wallace. This was the context for Cao to print and circulated a lynching coin in the same county, in the same political season, while his neighbors in the General Assembly were appropriating money to mark the trees.

What’s the matter with Cao? Here is a man whose family fled racial and political violence, and yet he used lynching for his official campaign currency to win the votes of people for whom that image is seen as heritage rather than horror.

He was five years old in 1975 when his family fled Saigon. His father was working with the South Vietnamese government, which is to say already inside the class whose survival depended on alignment with American power. Then they were in West Africa, reportedly on USAID work, which apparently is why Cao sometimes jokes that he is an African-American. Then Virginia. Then Thomas Jefferson High School, onto the Naval Academy, EOD, the Pentagon, Bannon… and MAGA. The lesson absorbed early was empires kill people who fail to make themselves useful. He kept making himself useful.

Within the Navy and its primary shipbuilding base, nooses have been a recurring instrument of racial intimidation in three distinct settings: aboard ship, on shipyard floors, and inside the warships under construction.

Again, the noose symbol is very particular to the person using it in the context they are using it.

Look at the 2017 case on USS Ramage came from a shipyard worker in Pascagoula. Or what about the 2021 case on USS Lake Champlain with a sailor who placed the noose on a Black crewmate’s rack, confessed, and was removed. Would it be any different if he left the “Hung” coin? The 2023 case on USS Laboon, a Norfolk-based Arleigh Burke destroyer at General Dynamics NASSCO Norfolk, involved three separate noose placements targeting one sailor in February alone. Two on the rack, one on the floor next to it. What if they were Hung coins? The Navy spokesman confirmed on the record that the targeted sailor was the only one affected and that he declined transfer off the ship. February 2021 also produced the parallel hate-speech graffiti incident on USS Carl Vinson, contemporaneous with the Lake Champlain case, prompting Admiral Aquilino to fly from Hawaii to San Diego for a fleet stand-down.

But the thing I want to raise most is that Cao was born just before a series of Marine Detachments selecting Black sailors for nightstick beatings. Most famously, the USS Kitty Hawk, October 12, 1972, then the USS Hassayampa, October 16, 1972, and the USS Constellation, November 3-4, 1972. All the white sailors, who we can say today with absolute certainty were the aggressors, were ignored. Twenty-five Black sailors on the Kitty Hawk alone, however, were charged with rioting in their own defense, as Marv Truhe has since documented.

Here’s the proper context that a boy born in 1970s Vietnam, who later joined the Navy, really brings to mind with his lynching symbolism:

The final witness was an airman, Michael Laurie, who said he saw Mallory participate in the attack. Laurie said he recognized Mallory because they’d spent time together a few months earlier in a bar in Hong Kong.

Truhe presented evidence showing Mallory hadn’t been in Hong Kong then, a gotcha moment that seemingly undercut Laurie’s credibility. It didn’t matter. The judge convicted Mallory and gave him a bad conduct discharge.

Stunned, the defense team pondered its next move. The NAACP was providing lawyers and advice, and it agreed to fund a tactic seemingly drawn from a crime novel or Hollywood thriller. They hired a private detective to see if he could befriend Laurie and get him to admit he’d lied in court.

It worked. Laurie bragged, in conversations that were secretly recorded, about hating Black people and committing perjury. He said he’d been part of the riot — “We all went out there and stomped some ass” — and said investigators afterward hadn’t “even asked us if we fought back or anything.”

Mallory’s conviction was reversed and the charges dismissed. Widespread publicity about the tapes put the Navy on the defensive about whether it had selectively prosecuted Black sailors.

Suddenly, the defendants who had been kept in the brig for more than three months were released. Charges against one sailor, then another, got dropped after witnesses backed away from identifying them as assailants.

The lynching coin is not a joke.

It is a white supremacist credential. Cao is using it as an entry token to the Hegseth show. Hegseth, whose own iconography reads as Crusader extremism to every medieval historian asked, has spent fifteen months removing Black and female officers from the senior ranks of the Navy and the Army.

A man now handing out lynching coins from the top is no more a surprise than if he started wearing white sheets to work.

The Navy that prosecuted twenty-five Black sailors on the Kitty Hawk, repeatedly calling them uneducated and lesser intelligence, now reports up to the man who grew up learning the exact wrong lessons. He has minted a noose in enamel and joked to Steve Bannon that a Vietnamese man wearing a KKK hood for lynchings would need to have it made with eye-slits instead of round holes.

The Department of the Navy did not acquire this lynching-rhetoric man in spite of it, whether a KKK hood or his KKK coin. It acquired him because of it.

Two and a half centuries after Jefferson sent Lynch to violently deny American Blacks their freedom, the same Commonwealth has sent the same message.

Security

Migrate to 44 Now or Get Quantum Cracked

Leave a comment

Raise your bloodied hand missing fingers if you lived through SHA-1 deprecation. What about 3DES?

For those who don’t remember, Xiaoyun Wang, Yiqun Lisa Yin & Hongbo Yu published the collision attack in 2005. Google’s ad-revenue funded deep bench of engineers produced a working collision in 2017. The twelve miserable years between them were filled with noise about why the sunset timeline was unrealistic. Standards bodies ran interop events that nobody implemented, and CAs kept selling SHA-1 certs until the registrars stopped taking them. Banks, proving the old adage that privilege and power make you stupid, kept shipping SHA-1 internal certs long into 2019.

The cryptanalysts were not wrong. The institutions were not on time, because they aren’t funded by advertising and so they have to mind actual margins. The margin managers push back on deadlines because pushing back is cheaper than protecting customers.

Fun fact, PCI DSS has always been about payment card brands whacking banks with a huge stick to get them to upgrade consumer safety. 2016 was the absolute deadline for TLS v1.0 deprecation and banks cried a tidal wave that pushed it back all the way to 2018. Bad for you, bad for me, good for bank margins.

Anyway, my beard is grey enough already. Let’s talk about today. The same pattern is playing out again, only the deadlines are shorter and the damage is worse. The cryptanalysts are publishing. The institutions are dragging. The vendors are hedging. Pour one out to my colleagues already six feet under, who no longer have the pleasure of rotating keys.

Filippo Valsorda is the bellwether. Two years ago he was the guy telling everyone to ship Kyber hybrids. This month he is telling everyone to skip hybrid signatures. Done. Dusted. Your window closed.

It’s pure ML-DSA-44 or nothing.

Today I’m here to tell you that anything still negotiating classical-only key exchange in 2026 should from this point forward be treated as a potential active compromise. I am not saying “future risk.” This isn’t “areas for improvement.”

Active. Compromise.

As in, assume someone is sitting in your traffic right now and is going to read it later like you didn’t protect it, because you didn’t.

The reason hybrid signatures just blew up is the vendors invested in the wrong insurance. Eighteen composite key types in the IETF draft. Sixteen revisions of the spec already, with another year of revisions to come. Wire format negotiation. Certificate chain handling. Years of vendor work, then years of operator work, all to hedge against the possibility that ML-DSA gets classically broken before the quantum computers arrive.

It’s an interesting game. Watching the world’s best cryptanalysts beating on ML-DSA for eight years has produced nothing. It is still running like a champ. The hedge is looking more and more like a gamble that failed.

Meanwhile classical key exchange is cooked. Stick a fork in it. I’ve been warning CISOs on hundreds of calls for the last year that 2027 would be a shitshow if they didn’t get prepared for what’s coming. Google’s internal PQ deadline now is officially 2029. We’re looking at a fuse just 33 months long. Google Quantum AI published in March that the resources to break secp256k1 fit under 500,000 physical qubits with runtime measured in minutes. The Chevignard, Fouque, and Schrottenloher paper at EUROCRYPT 2026 cut the logical qubit count for breaking P-256 nearly in half, from 2,124 down to 1,193. The numbers that mattered six months ago no longer apply. ECC breaks first because its smaller keys need fewer qubits. RSA breaks second. The most exposed thing on your network is your modern X25519/ECDSA stack, not some legacy RSA box gathering dust bunnies in the corner. OpenSSH put a warning on non-PQ key agreement in the last release, the same way they warn on self-signed certs and weak passwords.

That’s actual real-world urgency.

Constant monitoring of the NIS2 sectors for Quantum preparedness has unlocked a ton of key management insights. Ask me anything.

The German BSI requires hybrid for both KEX and signatures. The French ANSSI requires hybrid for both. And the American NIST is somewhere in the middle, slow-walking a hybrid mandate while industry lobbying keeps it stuck in voluntary guidance. The Anthropic cartel is leading that effort.

I’m reading an IETF draft 16 of the composite signatures spec while the engineer who built the original Kyber hybrids is saying forget it. Too late. Wrap it up.

This sucks for those of us trying to run an operation because every scanner will grade the same TLS endpoint differently depending on which way an authority blows.

Welcome back to the stupidity of the SHA-1 transition, only with deadlines shaved down six years and consequences a lot worse than a forged certificate. The breach already happened. Someone is soaking up your traffic now. They read it when their qubits arrive.

I wrote some of this up in plain mode on [PQ]probe so you can share it at work:

The hybrid signature split: Filippo Valsorda has reversed his position on hybrid signatures: pure ML-DSA-44 is fine for sigs, hybrid stays for KEX, non-PQ KEX is a potential active compromise. The shift puts BSI’s hybrid mandate and the new Geomys/OpenSSH posture on a collision course. Scanners will need to report against both.

Three things to do this week. Drop classical-only key exchange yesterday. Ship X25519MLKEM768 hybrid for KEX. Ship pure ML-DSA-44 for signatures. Change pants.

Sorry, four things.

Since your remaining 33 months are going to be half that by the time budget approval stops fixating on AI nonsense, I made [PQ]probe as comprehensive, cheap and easy as possible. Mind the handshake size change. You can use our PQ calculator to see what hits the wire.

A Berlin, Germany official called me an “artfremd” (alien) to my face and told me to go back where I came from so many times, I made it our logo.

Grab your probe, get on 44 now or get cracked.

History, Security

How Robert E. Lee Laundered His Rapes and Black Children

Leave a comment

An 1865 newspaper article reported that Robert E. Lee’s wife had forty mixed-race half-siblings living in the Washington, D.C. area. Forty. Her father had acknowledged at least one of them, Maria Carter Syphax, to her face. Her husband managed the household, the plantations, and the estate for decades.

The official record says Lee fathered seven children. The country of Trump-Epstein historiography permits no more.

This is what record laundering looks like.

And here’s a thought I want you to hold in mind as you read this post: Lynching got measured because perpetrators wanted it measured. Postcards, newspaper accounts, public spectacle, named participants. The phenomenon was performed for the record. The Tuskegee dataset and EJI’s later compilations of lynchings could exist because the underlying acts were always run as celebrations. Rape of Black women was the inverse architecture. A private prerogative, denied even by those who exercised it, rarely prosecuted, never aggregated except in large receipts from selling Black children into human trafficking markets.

Enslaved Black women who were being systemically erased, denied records, had no legal recourse against rape by white men.

The formal opening of the courts after emancipation produced negligible prosecution for the next century. Crystal Feimster locates the only meaningful procedural opening at the Civil War military justice system, where Lincoln’s Lieber Code defined wartime rape as a crime and produced the first record of Black women bringing charges. Civilian state courts remained closed in practice.

The lynching of Black men on rape charges was a deflection device that protected white-male rape of Black women. Rape was the prerogative. Lynching was the policing tool that defended the prerogative by displacing the accusation.

Household of Rape

George Washington Parke Custis built Arlington House as a shrine to the man who raised him. He filled it with enslaved labor inherited from Mount Vernon. He enslaved his own children. He fathered children with the women he enslaved.

The Mount Vernon Ladies’ Association states the matter plainly. Custis was commonly believed to have fathered children by enslaved women in his possession. Those children were often freed or singled out for special treatment. He acknowledged Maria Carter Syphax to her face. He is also believed to have fathered a girl named Lucy with the enslaved woman Caroline Branham. The 1865 newspaper claim of forty Washington-area half-siblings to Mary Custis Lee is not Black family folklore. It is contemporary white print.

This was the household Robert E. Lee married into in 1831.

He took it over as Custis’s executor in 1857. He ran it through 1862. He inherited the moral economy along with the property. In Lee’s world, fathering children with the enslaved women of one’s own household was already understood as a feature of upper-class Virginia plantation life. The maid who served Mary Custis Lee was Mary Custis Lee’s half-sister. Both women lived in that arrangement. So did Lee.

The Monster

Lee owned people with intent. He chased them when they ran. He returned them to bondage. In 1859 he ordered Wesley Norris whipped fifty lashes after Norris escaped and was recaptured. He called for brine to be poured on the wounds. Norris’s testimony was published in 1866.

Most notably the Lost Cause apparatus forcibly suppressed evidence such as this for over a century until Elizabeth Brown Pryor’s Reading the Man (2007) and Michael Fellman’s earlier work cracked the Lee edifice and re-established it.

In his 1865 letter to Andrew Hunter, Lee defended slavery as the optimal arrangement between the races so long as it operated under what he considered humane law and Christian influence. He cast Black subjugation as his divinely ordered tutelage. He believed enslaved people were better off in his bondage than free. He understood slavery as his right to inflict discipline, religiously sanctioned, strictly enforced.

A man capable of ordering brine in fresh whip wounds was more than capable of raping the women he “divinely” controlled. The question is whether the social structure he inhabited, the household he managed, and the women who were his constant hostages produced what such structures produce everywhere they exist.

The structure was not exceptional. After Congress banned the international slave trade in 1808, the reproductive labor of enslaved women became the plantation economy’s growth engine. Rape produced children. Children produced sale. Sale produced profit. The bodies of enslaved women were the commodity factory. The output, the historiography insists, was exceptional.

Say Rape

The vocabulary matters. Liaisons. Relationships. Concubinage. Mistresses. These are euphemisms drafted later by white historians of the white South to describe coercion they would not name. Enslaved women had no legal personhood and no capacity to consent. The act under conditions of total ownership is sexual violence. The record-keeping vocabulary that softens it is part of the laundering.

Hilberg’s stages of destruction begin with definition. Definition determines what counts. Every word that reduces a forced act to a chosen one is a small architectural choice in the larger structure of denial.

Laundering of Rapist Lee

Three mechanisms.

Archival capture. The Lee papers concentrate at Washington and Lee University, the Virginia Museum of History and Culture, and Stratford Hall. These institutions were curated for a century by only Lee descendants and Lost Cause partisans. Douglas Southall Freeman’s 1934 Pulitzer biography set the canon with family cooperation. Honest material was weeded before it ever entered processing, to curate a fiction. When Pryor finally accessed previously unpublished family papers in the 2000s, what she surfaced reframed Lee on slavery, on family conflict, and on his treatment of the enslaved. She did not find paternity evidence. The honest reading is that paternity evidence, had it ever been written down, was the first thing weeded.

Evidentiary asymmetry. White genealogies pass on parchment. Black claims of white paternity require DNA, court records, and corroborating witnesses to count. Family Bibles recorded white births. Plantation books logged enslaved births in separate columns, usually without paternity. And of course we know America’s historical profession was overwhelmingly white and male until the 1970s, with Ulrich Phillips’s apologetic frame dominant until Kenneth Stampp, and treated enslaved testimony as inherently unreliable. After emancipation the one-drop rule incentivized passing, which severed what paper trails remained.

Reputational gatekeeping. The Society of the Lees of Virginia, the United Daughters of the Confederacy, and the Washington and Lee stewards constructed and policed the saintly Lee for over a century. They existed to deny America the proper burial of Lee, instead keeping open the severe wounds he caused and never properly accounted for. The Confederate monument program, Stone Mountain, the Robert E. Lee Memorial designation at Arlington House: these are not artifacts. They are an active maintenance operation of propaganda that refuses to admit General Grant won unconditional victory. The function is to make certain claims unsayable, erasing Black voices.

This is not negligence. This is losers of the Civil War using their competence to remain complicit in white supremacist platforms. The curators understood what they were doing. They knew which questions would not be permitted. They knew which answers would not be archived.

Jefferson as Framing

The Thomas Jefferson Foundation finally accepted Sally Hemings paternity in 2000. It took two hundred years, a 1998 Y-chromosome study, and oral history maintained by Hemings descendants across seven generations. That’s the kind of white supremacist resistance erected to deny obvious history. The Hemings case had advantages that Lee paternity claims do not. Jefferson’s male line was small. His exact location at conception windows was documented. The accusations were contemporaneous, published by James Callender in 1802.

Lee paternity is harder to resolve because Lee paternity was made more diffuse. He had four sons who reproduced. His brother Smith Lee, his cousins, and many male Lee kin shared the Y-chromosome. A positive Y match shows Lee paternal-line descent without isolating Robert E. Lee specifically. Resolution requires triangulation across multiple claimant families, autosomal admixture analysis, and documentary corroboration that the archive has been curated to prevent.

The harder the case, the longer the Lee laundering project continues.

Known Knowns

Oral histories survive. Family genealogies maintained by Black descendants survive. Names recur. The Lees of Virginia organization receives inquiries from Lee descendants of color who have been told for generations who their ancestors were. The Arlington House “Family Circle” reunion in 2023 brought white Lee descendants and the descendants of those the Lees enslaved together for the first time. NPR and the Park Service framed the gathering as if there was reconciliation. It was more likely the establishment of evidence. These families know what the archive does not record, and the hundred years’ late framing of reconciliation says why.

The Syphax precedent matters. William Syphax used his Interior Department position to push S. 321 through Congress in 1866 and recover his mother’s seventeen acres. Black descendants did the work. White male historians did not, and still play ignorant to this day. The federal government acknowledged Maria Carter Syphax’s claim because the Syphax family forced acknowledgement. There is no parallel mechanism for Lee paternity claims. There is no committee chairman in the descendants’ line. There is no statute available.

Every Lee Statue is a Rape Signal

The probability that Robert E. Lee, embedded in a household where his father-in-law had openly fathered children with enslaved women, where the daughter of his own father-in-law lived as a maid to his wife while sharing her father, where forty mixed-race half-siblings were a matter of contemporary Washington print, where he held absolute power over the bodies of women who could not refuse him for over thirty years, fathered no children with those women is the probability the record demands.

That probability is not a historical inference. It is a construct designed to permit the statue.

The man who was capable of Wesley Norris was capable of more than Wesley Norris. The household that produced forty acknowledged half-siblings to Mary Custis Lee did not stop producing them when Lee took over as executor. The archive that omits the question is silent because the answer was never permitted to enter the record.

Record laundering is the operating mechanism by which dangerous men become marble. The marble is the evidence that the laundering worked. The historiography is the laundering. The statue is the receipt. And as historians have proven, when Lee took over Washington College, systemic rape of Black girls in the area by his students was the result.

John M. McClure’s “The Freedmen’s Bureau School of Lexington versus ‘General Lee’s Boys'” documents Washington College students attempting to abduct and rape Black schoolgirls from the Freedmen’s Bureau school, often joined by VMI cadets. Pryor noted that students at Washington College formed their own chapter of the KKK and were known by the local Freedmen’s Bureau to attempt to abduct and rape Black schoolgirls from the nearby Black schools, with at least two attempted lynchings by Washington students during Lee’s tenure, and Lee punished racial harassment more laxly than trivial offenses or turned a blind eye.

Think about what Lee really stood for in his years after being the “general” with one of the worst records in the Civil War, highest mortality rate of his men. This is a point that never gets enough emphasis. Not only was Lee never rated as true general material, given a long tenure as a middling Colonel before suddenly becoming a pro-slavery military leader, his performance was atrocious.

The brutality of Lee the loser is well documented, despite the legions of white men in cosplay denial, even naming their offspring after one of the worst failures in history. Can you imagine being in Germany today and meeting someone named Adolf Hitler? America is awash with men who don’t mind at all being named Robert Lee.

McWhiney and Jamieson’s Attack and Die documents Lee’s 20.2 percent killed-and-wounded rate as the highest among major Confederate generals, exceeding Bragg’s 19.5 percent and Hood’s 10.2 percent. Glatthaar’s General Lee’s Army shows the same army-level pattern: aggressive tactics that bled the Army of Northern Virginia faster than the Confederacy could replace it. Lee’s army incurred 55,280 more casualties than Grant’s, despite supposedly being on the strategic defensive in a manpower-short Confederacy.

Lee spent years covering up his personal record of raping Black women by controlling the records at an institution that became known for deploying young white men to rape Black girls. It’s no coincidence.

It was foreshadowing for every Lee statue erected after his lonely death to continue Civil War by other means, a documented marker for statistically significant increases in local lynchings. Rape data does not exist in comparable form. The same regime produced both.

Only one was permitted to be counted.

Darker colors denoting higher numbers of lynching victims and each dot representing the location of a Confederate memorialization. Source: Samuel Powers, Proceedings of the National Academy of Sciences
Almost every documented lynching between the 1830s and 1960s. Source: Smithsonian. Monroe Work Today/Auut Studio
America First by 1915 was defined by domestic terror gangs erecting statues of Robert E. Lee, signaling violent capture of an area
FiveThirtyEight interactive map of Confederate monuments

Security

Microsoft on AI: Delegation Corrupts Data and You

Leave a comment

In 2012 I was compelled by breaches I was investigating to give talks around the world, on the threat to data integrity. One of those talks described the rise of automation systems that would behave like the Loch Ness Monster, where the quality of information would kill the profit.

In other words we risk an unresolved/corrupted state becoming more valuable to vendors than the resolved one. Users delegate because they lack expertise or time to verify. Vendors structurally benefit from that gap. Resolution never comes, because that would end the ruse.

Tesla “AI” has killed many people with exactly this fraud. The car is sold as resolved autonomy. The driver delegates because they trust Elon Musk. The gap between what the system actually does and what he tells them it does is where the bodies pile up. DOGE AI is worse. The same fraud applied to federal systems, killing hundreds of thousands.

And now a new Microsoft paper examines 52 domains, 19 models, parsing pipelines, and backtranslation theory to prove that the “telephone game” at children’s birthday parties is real.

LLMs Corrupt Your Documents When You Delegate

Information passed through enough lossy nodes degrades to noise. Water is wet. End of story? Not really, because people still don’t believe in drowning. This post is about the science of describing the dangerously wet properties of water.

Vendors are selling LLM-mediated workflows as lossless. It’s a lie. You delegate the work and you don’t get your work back. You get something that looks like your work. The paper measures how much it isn’t, at scale. The phenomenon is far older than computing. The industry measurement is the contribution.

Every interaction is a translation. Translation has loss. Chained translation compounds loss. None of this is novel. The novelty is that AI behaves like a rumor mill while vendors sell it as a query platform. Databases have ACID guarantees, checksums, replication consistency. Breaches are detectable and the system tells you. LLMs have plausibility optimization. Breaches are designed to be undetectable because detectability would break the product. Treating one as the other is the category error. Selling one as the other is the fraud.

Why are frontier models corrupting so much data? Confidence is the product. RLHF rewards outputs that read as authoritative, and authority means smoothness. A model that flagged its own uncertainty at every edit would be unusable as a delegate. So the training pressure runs the other way: produce something plausible, deliver it cleanly, do not interrupt the user’s workflow with doubt. Better players in the telephone game produce more confident-sounding distortions, not more accurate transmissions. The kid who whispers “I think she said something about a dog” is more honest than the kid who confidently states “the elephant went to Paris.” Frontier models are the confident kid. They are rewarded for being confident and wrong.

This is where the Loch Ness pattern I presented in 2012 is most useful. The user delegates because they lack the time or expertise to verify. The model produces output that looks like the work. The user moves on. The corruption is detectable only by someone running a parser against a known seed, which is to say: only by the researchers who built this benchmark. Everyone else operates downstream of silent damage. The unresolved state of “did the model preserve my document or not” is structurally more valuable to the vendor than the resolved state, because resolution would surface the failure rate and end the sale. The product depends on the user not being able to check.

Leaded gasoline ran on the same logic. The harm was real, the measurement was suppressed, and the product depended on the public being unable to prove what it was being told didn’t exist.

Degradation is not gradual. Models maintain near-perfect reconstruction across most rounds, then drop 10-30 points in a single interaction. Sparse, severe, invisible to anyone without a reference seed. By round 20, 86-95% of relays across all tested models have experienced at least one critical failure. Stronger models do not avoid the failures. They delay them, which extends the period during which the user trusts the system before the artifact breaks.

The corruption is not random. It drifts toward training distribution. The palm tree becomes a generic tree-shape. The Manet becomes a generic café scene. The 12-shaft twill becomes patterned fabric. Whatever made the original specific – the cultural particularity, the technical precision, the structural integrity of the source – erodes toward training-set average. Delegated editing is structurally a homogenization process. Specificity dies first because specificity is what models have least of in their priors.

More translation steps, more loss. Anyone who has run signal through a chain of analog effects pedals knows this. Each stage adds noise floor. Vendors are selling pedalboards as mastering chains. Adding tools degrades performance by an average of 6%. The harness consumes 2-5x more input tokens, models invoke 8-12 tools per task, and they prefer file rewriting over code execution in domains where code execution would be safer. GPT 4.1 uses code for only 10% of edits; GPT 5.4 reaches 45%. Agentic systems are inducing the long-context degradation they were supposed to escape, and being sold as the solution to it.

Anthropic, OpenAI, and Google cannot stop integrity breaches without breaking the thing they sell. xAI is engineered as the opposite of integrity. Data corruption is not something they want to, or even can, patch. It is the structural property of plausibility optimization. Imagine a privacy policy with that disclaimer. Oh, wait. That’s Facebook.