Three thousand years ago, or so the children’s books say, a city fell because its own defenders pulled down their wall and let the attackers stroll in without a fight. It’s a lesson we all are supposed to know, not least of all anyone tasked with defense of their nation.

You probably recognize the story immediately if I say the Greeks left a wooden horse on the beach and sailed out of sight. But the part of the story that gets obscured is how they planted an agent named Sinon, to pose as a deserter, who swore the wooden horse was a sacred offering. The planted deception, the disinformation campaign, is key to the oceanographic sensor story in America today.

The Trojan priest Laocoon saw the horse for what it was, warned against gifts from the Greeks, and threw a spear into its flank. When the sea sent serpents to strangle him and his sons, the Trojans read it as an omen against him: the man who doubted the horse was punished, so that horse was thought even more to be holy, instead of him.

Then there was Cassandra, under Apollo’s curse, who spoke true prophecy and warned everyone only to suffer from them ignoring her. She said light the horse on fire. Instead they breached their own ramparts, gladly brought the horse inside, and celebrated ignorantly.

And so the story goes, the huge strong walls that had held against ten years of Greek armies came down in an evening, by the hands of the Trojans themselves. It was a gift to the Greeks, as if no walls existed at all.

At this point let me remind you that the shrill narrative of the Trump administration has been to build walls and stop the invaders from entering. There is now copious evidence he has been doing the exact opposite, removing America’s most effective barriers to invasion and instead welcoming adversaries inside.

The reason why I’m going back three thousand years, in terms of national security doctrine, is because the mistakes I see today are the same as ever. The oldest surviving military treatise in the West, Aeneas Tacticus on how to survive a siege, spends most of its pages on the enemy within rather than on walls or rations: the traitor at the gate leads to the faction that swings it open, despite the sentinel whose warning gets him silenced. The men now holding the American walls, Hegseth at Defense, Vance a step behind, Trump above them both, are busy re-enacting the worst Greek tragedy, while acting like the Trojans having a feast of defeat.

It is unbelievable but true, that three weeks ago the National Science Foundation started pulling deep-sea instruments off the ocean floor. This was the start of a plan to dismantle four of the five arrays of the Ocean Observatories Initiative, more than 900 sensors in all. The Endurance Array off Oregon and Washington came up first. The Irminger Sea array, between Greenland and Iceland, was booked for 2027.

I say it’s unbelievable because anyone who studied the Cold War knows that second patch of water by another name. Anyone who studied war at all probably knows why you don’t pull deep-sea instruments actively building decades of oceanographic data to accurately map battlefields.

The stretch I want to focus on for a minute is the Greenland-Iceland-United Kingdom gap (GIUK). Over many decades the United States had blanketed it with seafloor hydrophones called SOSUS. It caught every Soviet submarine transiting from the Kola Peninsula into the Atlantic. The mission stayed classified until 1991. The arrays were filed for forty years under a single cover word: oceanographic.

I’ll say it again. Ocean science is intelligence gathering of the kind that sets winners apart from losers in battlespace.

The OOI moorings now coming out measure temperature, salinity, and sound speed. Sound speed is the variable that governs how acoustic energy travels through water, which is to say how sonar works. The civilian and military needs are reading the same data from the ocean. Erin Sikorsky, who ran climate and environmental analysis for the National Intelligence Council and now directs the Center for Climate and Security, already put it on the public record two weeks ago so I’m not spilling anything here: the sensors are a national security story far more than the science story. The unbelievable part is that Washington is choosing to see less of the ocean at the exact moment the adversaries are rushing in to use it far more.

The anti-oceanographic plan lasted about two weeks. I would guess that someone with military intelligence authority, someone who hasn’t been purged yet by the evangelicals taking over the Pentagon to eliminate independent thought, was able to get the message through that the sensors are essential to defending the country. On June 18 the Senate passed the Saving the OOI Act, a bill under two hundred words from Jeff Merkley of Oregon and Lisa Murkowski of Alaska that bars federal money for decommissioning until a genuine review happens.

It passed unanimously.

And then, within a day, the administration walked the plan back. All of that, given the gravestones all around from a congress that can’t act and a president who can’t stop, says this is exactly what I’m saying it is. Stopping a self-inflicted blinding of the North Atlantic took a Republican from Alaska, a Democrat from Oregon, and a rushed floor vote that had zero opposition.

Hold onto how close America came to literally destroying itself by removing all the undersea “walls” and rolling the adversarial horse in like game over.

The reason the GOP gave for taking a hatchet to sensors was ideological and openly stated. Project 2025 named the relevant NOAA research office the source of much of the agency’s climate “alarmism”. Project 2025 doesn’t like alarms it can’t corrupt so it advised that the preponderance of climate work be disbanded. Russell Vought wrote the budget, with a political radical’s hand. The instruments started coming out of the water by an inversion of logic: knowing what’s happening is waste, while knowing nothing is efficiency. They called it “ending woke science” as if being awake is bad and being asleep is the optimal condition for those serving the nation. The plan literally read as a coastal superpower no longer measuring anything about the coast.

There is a simple explanation, left unsaid far too long. To call it ideology and stop there comes up short of what ideology is and does historically. The climate denial fanatics don’t just happen to target undersea defense networks. The faction that wants the monitors gone has been cultivated for a decade by Russian active measures, documented in a Republican-led House report in 2018, and in 2024 it was paid outright, when the Justice Department charged RT with funneling roughly ten million dollars to American influencers whose stated purpose, in the Department’s words, was to amplify domestic divisions and weaken the United States. The administration stood down the service built to catch the Russian corruption, terminating the FBI’s Foreign Influence Task Force on the Attorney General’s first day and scattering its Russia hands onto immigration files.

This is reflexive control, the Soviet manipulation doctrine running underneath the KGB active measures Putin practiced for sixteen years as an officer. He knows to feed an adversary a constructed reality until they dismantle defenses and experience suicidal acts as their own conviction. It’s the Trojan welcome party for the Greek “gift” horse.

The timing of the threat rise actually corresponds almost directly to the American radicals removing defenses against them. As the pressure to pull the listening posts built, Russian state television host Vladimir Solovyov told Trump on July 10, 2025 that two Poseidon torpedoes could erase both American coasts in a radioactive tsunami. On October 28, Putin claimed a successful Poseidon test, two days after announcing a long-range test of the Burevestnik cruise missile. The second purpose-built carrier submarine, Khabarovsk, is fitting out at Severodvinsk now, a hull conceived to carry that one weapon and little else.

Then China joined the story. In Beijing on September 3, for a parade marking the end of the Second World War, Putin and Kim Jong Un applauded China rolling out the AJX002. This eighteen-to-twenty-meter underwater drone has a silhouette of the Poseidon. And when Russian state media called it a Chinese Poseidon, Chinese social media reframed it with the name “Hello America”. The serious analysts who track these hulls, H I Sutton and the editors at Naval News, will tell you the doomsday label is political and not in the hardware. Fans of Stanley Kubrick movies will recognize that the announcement itself is the weapon.

There is an actual undersea revolution going on and the last twelve months have been accelerating rapidly. Ukraine built theirs out of simple logic after nearly its whole navy became irrelevant in 2014 to modern warfare. Their modern Magura V5, a carbon-fiber boat costing roughly a quarter million dollars, was in February 2024 the first naval drone to sink a warship in combat. Russia was repeatedly embarrassed by the asymmetry of drones. By the end of that year the same boats had put more than half a billion dollars of damage into the Black Sea Fleet and driven it out of Sevastopol. In May 2025 a missile-armed Magura V7 shot down two Russian Su-30 fighters, the first aircraft killed by a sea drone. On December 15, 2025, an SBU Sea Baby became the first uncrewed underwater vehicle to strike a submarine, a Kalibr-armed Kilo-class boat tied up at Novorossiysk, the very port Russia had retreated to for safety.

The lesson is clear for any American studying their own coastline and ports. We’re talking about forces that are attritable, networked, manufactured by the hundred, and lethal to legacy platforms that cost a thousand times more. The American reply so far has been lemons: Anduril’s Dive-XL is the kind of vendor-lock, self-funded, fixed-price theater I already documented. The Russian doomsday torpedo is mirrored in Silicon Valley concepts of future threats. Fantasy is much easier to sell than the truth about how a country wins underwater, building a sophisticated static intelligence network that allows cheap things at volume to dominate the space.

China not only is rattling a large Poseidon-shaped drone at America, it has been constructing a seabed-to-space sensing grid it calls Transparent Ocean and fielding the largest fleet of extra-large underwater drones of any navy, machines tuned in part to exploit any sensor nets it expects adversaries to keep.

By comparison the United States, already holding sunk cost of the most mature undersea surveillance advantage ever assembled, is nuts to pull public instruments out of the GIUK gap. The Trump administration moves are self-defeating. They would tear out America’s own ears, in the one gap where it spent forty years listening for Soviet boats, while its rivals parade torpedoes shaped like press releases, when its internal fights have become someone else’s weapon. Removing sensors means the walls come down, and it would be by the host’s own hand, because the adversary has funded and steered the faction that wants them down.

The undersea battlespace is where foreign military intelligence has been pumping heavy amounts of compromise. The enemy turns quarrels into domestic disarmament, to get right-wing radicals to willingly remove the walls protecting America. A unanimous Senate caught the Trump mistake this time. The buoys will stay, for now. The hand that reached for the door handle to open it is the permanent problem, and it will reach again the first quiet week the national security adults in the room look elsewhere. The technique to open the door was built so the target disarms itself and frames the collapse of American national security as an “efficiency”.

Or consider the mirror image. China pays fishermen bounties to hunt down and pull the adversary’s sensors out of its own waters, a campaign its Ministry of State Security frames as an unseen covert war of espionage in the seas off its coast. One country pays to tear out others’ sensors. The other pays to tear out its own.

The post said foreign spy agencies had for years tried to analyze Chinese naval activities, create “underwater maps” of the country’s maritime coastline and monitor its offshore oil and gas deposits.

The ministry urged researchers, fishermen and vessel owners to remain vigilant and “report suspicious devices.”

China has previously rewarded anglers for turning in alleged maritime spy devices. Some have received up to 500,000 yuan (about $73,000) for their help, according to CBS News’ partner network BBC News.

The Register asked for my opinion on the Mozilla blog post that pumps up Mythos. I gave them a short answer. Here’s the long form.

As a disinformation historian, I see tell-tale signs in the marketing from Mozilla beyond it just being disguised as engineering report. A conclusion comes first; examples get curated to support it; an authority signs; urgency closes; whatever would falsify has been pushed off the table to the floor.

To be fair, modern marketing follows the same shape as disinformation because they are rooted in the same thing in America, the WWI propaganda office. Mozilla’s new post on hardening Firefox with Claude Mythos Preview adheres to doctrine at length.

A marketing claim would be that you cannot run a mile under six minutes without drinking Coca-Cola. Then a sponsored athlete says they just did it. Compare that with measurement, which would say before Coca-Cola the athlete ran six minutes and after Coca-Cola, five. One is just a reading, a belief. The other is research, science.

The fundamental problem with the Mozilla post is that logically it keeps stabbing itself with its own swordplay. There are three claims that all need to stay alive at the same time for the post to make sense, and yet they are in danger of killing each other.

1. Security work over time has been rigorous.
2. 271 latent bugs survived it.
3. Mythos was uniquely necessary to surface them.

Any two of these break the third.

If prior work was rigorous and 271 bugs survived, the bugs were findable under concentrated effort with existing tools. Mythos drops to one option among several. The uniqueness claim falls.

Try betting on rigor with uniqueness instead, and the marginal yield should be small. 271 is far past small. The rigor claim breaks.

If you try to read prior work as inadequate, the 271 fits. The post becomes a rebranding of old underinvestment as new capability. And the whole framing collapses.

The chart in the post shows this three-way collision. Twenty to thirty fixes per month for fourteen months, then suddenly 423. The prior baseline represented either diligent attention or sustained underinvestment. April’s number forces a big choice, an explanation, and the post avoids it entirely. It lays on the floor.

Let’s look at it from the top down. The post opens by naming exactly two causes for the breakthrough.

First, the models got a lot more capable. Second, we dramatically improved our techniques for harnessing these models.

Two, not one. Two.

A real finding would next isolate which of these produced which effect. Mozilla names two causes and then jumps straight to attribution of the single result to just one of them. 271 bugs, credited to Mythos Preview. No explanation why. Mozilla built the harness. Anthropic gets the credit. Something isn’t right there, particularly because the harness could in fact be the entire difference in findings. The post rules out clean attribution in its opening and then drops a dirty one as its headline.

Next, Mozilla admits Opus 4.6 was already producing in the same pipeline. This is one of the most important facts that needs to be highlighted in every conversation about Mythos.

We began with small-scale experiments prompting the harness to look for sandbox escapes with Claude Opus 4.6. Even with this model, we identified an impressive amount of previously-unknown vulnerabilities.

A controlled comparison would specify the Opus 4.6 baseline and then move towards Mythos as a delta. Mozilla published the Mythos number and left the baseline blank, a propagandist wave of the hand. The marginal contribution of Mythos over Opus 4.6 sits unstated. And if you read the Anthropic initial Mythos announcements, even they suggest Sonnet and Opus were doing far better discovery, leaving Mythos to a marginal, minor role. We have Mozilla floating 271 in the air without any way to get it to ground truth.

And then Mozilla admits the model itself is fungible.

Once the end-to-end pipeline is in place, it’s trivial to swap in different models when they become available.

Ok, ok, this is actually a huge swipe at Anthropic. Different models doesn’t specify same provider. Agnosticism crept into a religious tome, because users naturally want to be free of vendor lock-in. If models swap into a Mozilla security pipeline freely, then the most important variable is that pipeline and not the model. Mozilla built the thing that hooks into any model. The post then sleepwalks into credit for the model. That allocation of credit runs against the post’s own technical claim.

At this point, I’m ready to shred the Mozilla post, open the chicken coop and put down some new bedding. However, dear reader, apparently their show must go on and so I present you another logic flaw.

AI analysis provides much more comprehensive coverage of this critical surface.

More comprehensive than what, exactly? That’s a comparison statement without any comparison. Eating your shoe provides much more fiber for your belly. I fear the people writing never took a philosophy 101 course. The post gives literally no elements needed to stand up the comparison. This bomb of a sentence is dropped with the form of a finding, and lands a dud, with the content of an assertion.

Then comes the big closer.

Anyone building software can start using a harness with a modern model to find bugs and harden their code today. We recommend getting started now.

Research papers invite you to try to reproduce, validate, see if you get the same outcome. Replication is satisfying to those who want more than “believe me, this snake oil really cures you”. Sales pitches close deals. The Mozilla post shouldn’t fool anyone familiar with America’s troubled history with carnival barkers.

Mozilla makes a particularly troubling move at this point. They try to spin their empty narrative into an industry standard, which smells yet again like Anthropic trying to corner the security industry. Best-practice claims by a vendor and a big customer of their should not suddenly become liability baselines. A team running libFuzzer, AddressSanitizer, ThreadSanitizer, and CodeQL at full intensity should not face presumptive negligence claims if a bug surfaces that one VC-backed PE-pushed vendor’s harness might have caught. If you link the bar to rhetoric, you get a rhetorical bar detached from engineering ethics. That is regulatory capture by a vendor making a self-fulfilling recommendation to preempt regulation, let alone legislation. Belief is produced and weaponized into liability.

It’s like how Coca Cola ran marketing that was effectively “Drink Fanta for health” in Nazi Germany as if not drinking it was unhealthy.

A better Mozilla report would have run Mythos and existing tooling head-to-head against the same code, then published the overlaps and the unique finds.

Mozilla published a 1940s Fanta health benefits brochure instead.

To be clear. Real bugs are real. Faster fixes help fix. It’s the hand-wavy self-dealing capability claim that makes the missing study somehow turn into this logically flawed press release.

Science publishes methods. Science is transparent. Mozilla did the opposite by writing outcomes and skipping straight to saying readers should adopt the approach. Why? Based on what, exactly? If they don’t invite scrutiny, and pull back the curtain, they are peddling hopes and prayers.

And given that Anthropic is saying customers will now have their data handed over to Elon Musk, I suggest you seriously consider whether you want any of if in his Hitler-saluting hands.

Sponsored athlete crosses the finish line and holds up the Fanta bottle. The camera zooms in close, frames the Nazi regime refreshment as a cause of great success. The control case is cut out of view, after running in the next lane without the logos. Jesse Owens posts a time far better than the uber Fanta man. The authority-controlled frame chooses for you which curated data point gets pushed to your attention.