A confidentiality breach, loss of privacy, is well known since California delivered landmark legislation in 2003 called SB1386.

The amount of money that criminals made by breaching privacy was, well, criminal. And more importantly, laws changed to make platforms enabling a privacy breach illegal.

Today we have a similar crisis with integrity breaches. Polymarket is clearly and effectively organizing an explosion in criminal behavior, already rising to terrorism, by making crime pay.

In one obvious example, someone artificially heated a weather sensor at Charles de Gaulle airport to profit on a Polymarket bet about temperature.

Twice.

BFMTV reports that on April 6 the Météo France sensor at CDG spiked from 18°C to over 21°C around 19h, then dropped back.

That’s the integrity breach. And it matters.

A Polymarket account created two days earlier won $14,000 on a bet that the daily maximum would cross 21. On April 15 the same sensor briefly registered 22°C while the surrounding days held at 18 and 19. The contract probability moved from 0.1% to 95% in thirty minutes. That winner took over $20,000.

Météo France filed a criminal complaint with the Roissy airport gendarmerie for altération du fonctionnement d’un système de traitement automatisé de données, tampering with an automated data processing system.

I’ve warned and written about public sensor integrity breaches like this for over a decade, yet the profit platform angle makes it more alarming than ever.

The agency performed physical inspection of the instrument and analyzed the sensor data. Meteorologist Ruben Hallali told BFMTV the variations are implausible at these dates over such short durations, and that someone with good knowledge of how the sensors work would have had to intervene physically, likely with a heating device held briefly next to the instrument.

The instrument is at an international airport. The same sensor that settles a Polymarket contract feeds weather data to aircraft on departure and arrival at Charles de Gaulle. Météo France declined to say whether the tampering affected aviation telemetry. But the obvious elephant in the room is that someone could bet a lot of money about an airplane crashing and then cause it to happen.

Polymarket’s response was to silently switch the reference sensor. That’s the kind of complicit response you would expect in a privacy breach where the company at fault said they switched to a new database. just as vulnerable as before. It’s a security failure of the worst kind.

Since Sunday the Paris temperature oracle is read from Le Bourget airport instead of Charles de Gaulle.

That is NOT a fix. That is an invitation for targeting and attack of another sensor.

Polymarket CEO Coplan has pitched illegal insider information as a “cool” feature of his platform, the mechanism by which prices “discover truth.” A temperature sensor is the physical-world equivalent of such criminal intent. Someone who walks up to a Météo France instrument with a heating element becomes an insider, and the thirty-minute probability spike from 0.1% to 95% is the insider divulging corrupted, tampered, information to the market.

By Coplan’s own definition, this is the Polymarket system working as designed.

The resolution mechanism (one sensor reading tampered to make false claims for profit) is cheaper to corrupt than the underlying event (the weather over Paris measured by integrity-safe systems). Every sensor Polymarket chooses becomes a criminal attack surface, an integrity breach for profit. The platform is now underwriting physical attacks on civil aviation weather telemetry to settle criminal gambling contracts.

France banned Polymarket, for obvious reasons. The sensor in France at Charles de Gaulle was tampered with intentionally, by bettors using VPNs the platform makes no serious effort to defeat. The criminal complaint will proceed against whoever held the heat source. The platform that paid out $34,000 on tampered readings, at an airport it is not legally allowed to operate in, so far will not be investigated.

Integrity breach is the business model. Just like privacy breach used to be. before trading on stolen PII was properly treated as a crime.

Let me be clear. This is not about gambling regulation.

Polymarket is terrorism financing infrastructure.

The CEO is a criminal. France should charge him and issue an Interpol red notice. The platform he built and runs creates financial incentive for physical attacks on critical infrastructure. This sensor is inside a safety-critical system. Courts need to hear Polymarket in America not only enables global terrorism, it incentivizes and rewards it by design with zero accountability for harms.

There’s something very strange going on at Anthropic. Day after day I see evidence of what can only be described as what I used to study in the Cold War: closed systems of cooked intelligence.

When people or companies intentionally make false claims about the work they’re doing or the products they’re selling, we call it fraud. What is it when one overlooks LLM mistakes?

An integrity breach I just stumbled upon might be the most egregious so far.

Anthropic published an economics paper on April 22, 2026 called What 81,000 people told us about the economics of AI. Right away my suspicion went up, because it’s framed as “told us” rather than what was said, or what is known. Story telling. Like a “once upon a time” yarn, instead of a report, is a disinformation tell.

Lead author Maxim Massenkoff, coauthor Saffron Huang. Who? Anthropic staff. Second tell. I’m not seeing independence, yet this is supposedly about what people say about Anthropic. “Everyone says they love us”. Uh-huh.

The findings are positioned oddly as well. That’s a third tell and I’m barely getting started. What is going on here? The vendor wants the public to believe something, which is usually called marketing. Users feel empowered. Productivity gains are real. Job-displacement anxiety correlates with usage intensity in exactly the way Anthropic’s own task-exposure measure predicts.

The architecture of this economics paper is shockingly awful. Fourth tell. At this point, might as well just say we’re up to our eyeballs in ethics issues.

Respondents are self-selected Claude.ai personal-account users who chose to answer a survey. The survey runs inside Claude.ai through an in-product tool called Anthropic Interviewer, built by Grace Yun, AJ Alt, and Thomas Millar. Occupation labels come from Claude inferring from free-form text. Career stage comes from Claude inferring from free-form text. The productivity rating is Claude reading the respondent’s own words and scoring them on a 1-to-7 scale. Job-threat concern is Claude reading the same words and coding them as present or absent.

The analysis? Internal.

The review? Internal.

A subject group talking to the product, about the product, scored by the product, reported by the product.

What is it about closed, controlled, cold environments that keep showing up at Anthropic like this? Would it have bothered them so much to open it up?

Missing Reviewers

The same lead author a month ago also published a different paper. March 5, 2026. Labor market impacts of AI: A new measure and early evidence. Coauthor Peter McCrory. Notably, that paper thanked Martha Gimbel at the Yale Budget Lab, Anders Humlum at Chicago Booth, Evan Rose, and Nathan Wilmers at MIT Sloan for feedback on earlier versions. That reads normal to me.

Four external labor scholars working in exactly the relevant field. Credentialed, independent, field-adjacent.

The April 22 piece drops everyone. The external-feedback slot goes to Miriam Chaum, Ankur Rathi, Santi Ruiz, and David Saunders.

Four Anthropic insiders. Santi Ruiz announced joining Anthropic’s editorial team roughly three weeks before publication, leading their economics and policy editorial work and working with the new Anthropic Institute (his own LinkedIn post). David Saunders already appears in the March labor-market-impacts paper’s Anthropic-internal acknowledgments list. Miriam Chaum and Ankur Rathi appear in the March Economic Index “Learning curves” report’s internal list. Three of the four were thanked as internal staff one month earlier. Ruiz was still a journalist then. By the time the paper shipped, he was leading Anthropic’s economics editorial work. First Anthropic byline acknowledgment: this paper. In April they got moved to a separate “Additionally, we thank” paragraph that visually mirrors an external-review slot. Same people, same company, different paragraph. This is deliberate staging.

Economists? Zero.

Independent field expertise? Zero.

Same team. Same topic. Same lead author. One month later, the external review present in March is mysteriously absent in April.

Why?

Let me tell you. Humlum’s own published finding contradicts the April narrative. Anders Humlum (March acknowledgments, dropped from April) published in February 2026 with Emilie Vestergaard: a Denmark-wide linked employer-employee study, 25,000 workers, finding “no significant changes in earnings or hours worked, with confidence intervals ruling out even small effects.”

The actual labor economist in the March thank-you list produced the exact finding the April paper needed to suppress. One month later he was off the list and his findings were being contradicted by Anthropic, cooking a fairy tale.

That shows a pretty clear and concrete motive.

Tilt! Tilt!

This game is tilted. Stop the pinballs. Every decision in the study tilts one direction. The entire thing only passes favorable findings. Have a look for yourself.

Stage	Choice	Tilt
Recruit	Claude.ai personal-account users who opted in	Satisfied users overrepresented
Instrument	Anthropic Interviewer, inside Claude.ai	Subject evaluates the product while using it
Occupation label	61% missing, 28% Claude guessed, 11% explicit	Figure 1 rests on Claude’s guesses
Career stage	About half the sample gets no career-stage label; the rest are Claude’s inference.	Half the N is manufactured
Productivity rating	Claude scores free text on 1-to-7	Interviewer grading its own interview
Scale calibration	Rebuilt after original Likert yielded almost entirely 6s and 7s	Ceiling effect hidden inside a wider range
Scale anchor	A 2x speedup scores 5 of 7, “substantially more productive”	Positive range starts at a doubling
Productivity denominator	42 percent dropped for “no clear indication”	Reported mean conditional on positive disclosure
Beneficiary finding	About 25 percent of the sample named a recipient at all	“Benefits flow to self” headline is roughly 18 percent of total N
Review	Internal only	Classifier, scale, pipeline all unchecked

Each step is maybe something to discuss on its own without noticing the whole. The caveats section lists most of them. A negative finding would have to clear self-selection, then Claude’s inference, then a recalibrated scale, then internal review with no outside economist in the room. That seems like a rather convenient filter by construction.

Sudden Scale Replacement

Footnote 3 admits the productivity scale was rebuilt. The original Likert “yielded almost entirely 6s and 7s.” The authors then reparameterized the 1-to-7 range so that 2 means “no change,” 5 means “substantially more productive,” and 7 means “transformatively more productive.” Under the new anchor, a two-hour task compressed to one hour earns a 5. A doubling of throughput scores the middle of the positive range, with two further steps of intensity above it before the ceiling.

Call it a rescaling. The ceiling effect stays. It is hidden inside a wider scoring interval.

Punch the Confusion Button

The deeper error here actually is epistemological. The lead author has a background in creating a classroom confusion button: students press it during lecture when they are confused, the instructor reads the heat map and adjusts pacing.

That is a shockingly bad design, at least fifty years out of date.

A button obviously captures a single instant, a press. The cognition it claims to measure is instead a thing of trajectory. Confusion at second N that resolves at N plus three through the next sentence registers incorrectly as a press. Confusion still beneath the student’s awareness, the kind that surfaces later on the problem set or the midterm, stays invisible to the instrument. Mid-processing uncertainty, the state where a claim sits in working memory and the student is still checking it against prior knowledge, gets forced to premature resolution at the button.

Bjork’s desirable-difficulties literature has argued for decades that exactly this productive confusion is where learning happens. I’ll say it again, the state of confusion is the learning. The button punishes it instead. Nisbett and Wilson settled the broader problem in 1977. Subjects have limited introspective access to their own cognitive processes. Self-report instruments designed around button-presses and scalar ratings produce artifacts of the instrument, falsely standing in for the cognition they claim to measure.

It’s basically the foundation of disinformation, a lie looking for a greater story to tell. Saying how many confusion buttons were pressed in a period is pretending to be about learning, but it’s actually about the obstruction of it. Would students have been less confused had they waited to press the button? Would the rate of confusion go down the less a button is pressed?

The 81,000-user study carries the same error into labor economics. Rate your productivity gain on a 1-to-7 scale flattens a cognitive trajectory to a scalar, captured at a moment when the subject is talking to the product under evaluation, scored by the product itself.

Confusion-button logic scaled to the labor market is reporting productivity when it’s obstructing it.

Better instruments exist. Post-task think-aloud protocols. Delayed retrieval tests. Longitudinal productivity panels anchored in objective task output. Slower, harder, more expensive, resistant to the headline finding. They don’t seem like the sort of thing Anthropic would allow.

Integrity Breach

The stated commitments to rigor, transparency, external feedback, and caveats are decoupled from this paper.

Right?

I mean I could understand a product manager writing a product marketing paper that called the product the best shit in town.

But this is supposedly a trained academic, an economist? What? With a PhD?

A closed pipeline. A classifier scoring its own classifier. A scale recalibrated to spread a ceiling effect across a wider axis. External reviewers present in one paper and gone from the next. The footnotes acknowledge each problem in turn. The headline numbers treat the footnotes as cosmetic.

A Berkeley PhD with a Steven Pinker coauthorship knows what a self-selection bias is. A team with access to four outside labor scholars one month earlier knows what external review looks like. The decisions that shaped the April 22 piece read as deliberate. The work was shipped with full awareness of what the design would produce.

Anthropic owns the subject pool, the instrument, the classifier, the scale, the analysis, the review, the distribution channel, and the language in which the finding gets repeated to policymakers and journalists.

The vendor is the source, the scribe, and the arbiter.

This is some seriously disappointing writing.

The paper does not report what 81,000 people told Anthropic about the economics of AI. It reports what Anthropic’s product told Anthropic about itself, at a moment when the vendor needed that story to pump value.

A reader left a comment on the April 13 post calling the NIST announcement “the other shoe.”

That’s right. Here it is.

• April 7: Anthropic announces Mythos Preview and Project Glasswing.
• April 15: NIST announces at VulnCon26 that it will enrich only KEV-listed CVEs, federal-use software, and EO 14028 critical software. Everything else moves to “Lowest Priority, not scheduled.” The pre-March 2026 backlog is deprioritized en masse.

One week. Eight days, if you must. Two announcements. One result.

The discovery pipeline was expanded while the triage pipeline was contracted. All in a week.

NIST in Retreat

NIST’s calculus since forever has been volume, and what to do about it. CVE submissions grew 263% from 2020 to 2025. Q1 2026 ran roughly a third ahead of Q1 2025. The NVD enrichment backlog became unmanageable on existing resources and the agency has said so.

HelpNet Security covered the VulnCon26 announcement by saying LLM-driven vulnerability discovery, including Anthropic and OpenAI’s security-focused programs, are a reason the submission flood will only grow. Any mainstream security publication would say the same. It’s just stating the obvious. Slop machines aren’t going to reduce submissions, and they include more signal as well as a LOT more noise.

The practical consequence of the NIST decision is worth calling out specifically. A CVE number no longer comes with enrichment by default.

That means our beloved, tried and true CVSS scores, CWE classification, CPE mappings, exploitability metadata are now a scarce resource allocated by priority tier. KEV gets enrichment. Federal-use software gets enrichment. Everything else gets a number, a timestamp and a “please wait” position that reads “not scheduled because….”

Indeed. Because why?

I said it April 13

The April 13 piece made the evidence case against Mythos. It wasn’t hard, it just took time to read the two hundred pages of absolutely useless reporting of fluff to find the seven pages of actual security text. I had to wade past the 20MB of completely unnecessary PDF file size, to get to the 1 or 2MB that had something worth downloading.

Call it foreshadowing of what Anthropic is probably going to be doing to vulnerability reporting.

The April 15 piece then went a bit deeper: Anthropic broke every established disclosure norm and inserted itself as a de facto clearance-granting body for vulnerability knowledge. The companies who willingly go along with Glasswing get early access, first-patch timing, and the ability to shape disclosure timelines on their own products.

What these two posts lacked is the public side of the move. NIST’s April 15 announcement is the vulnerability standard disclosure regime visibly retreating from the space that Anthropic is bumbling and stumbling into.

The April 13 post argued Anthropic was constructing a parallel disclosure regime to the one that should be expected to evolve. It turns out the public regime was under threat, in the same week, on the same subject.

Privatization of Vuln Enrichment

KEV listing is no longer just a patching priority signal. It is now the gate for NVD enrichment. Which means the question of whether a finding lands in KEV carries a new economic weight it did not carry two weeks ago.

Those inside the Glasswing rope get early access to Mythos findings. They get first-patch timing. They are suddenly, by corporate position, best placed to coordinate with CISA on whether a finding meets KEV criteria. The vendor funds the consortium and then that consortium shapes the disclosure. The disclosure shapes KEV eligibility. KEV eligibility now determines whether a CVE gets the metadata that makes it actionable to the rest of the industry.

The poor, lowly bastards left outside the Glasswing palace, get to put on a hat that says “not scheduled.”

The April 15 post also tried to answer the question whether Glasswing is a cartel. The NIST decision makes that answer easier.

A cartel extracts value by controlling a scarce resource. Before April 15, NVD enrichment was a public good, slow and imperfect, but at least it was universal. After April 15, enrichment is a tiered resource. The tier boundaries will not come from the security community. They will be set by whoever controls the volume. Right now that includes Anthropic, which is named as one of the accelerants driving it. Anthropic’s consortium has been positioned to directly benefit from the scarcity it causes.

That sequence only requires the incentives line up and the institutions respond predictably to the pressure to go along with it.

They did. Because they aren’t the security industry.