Category Archives: Security

Food, Security

Why Ritter Sport Won’t Quit Supplying Russians at War

Leave a comment

Ritter Sport announced it had two reasons for staying in Russia. Jobs and children.

Jobs first.

The CEO in 2024 said leaving would cost two hundred posts at Waldenbuch, and a family firm stands by its workers. Then in April 2026 the company ousted him and cut nearly two hundred posts, its first layoffs in over a hundred and ten years. The reason wasn’t Russia. They named the price of cocoa. The Russian sales continue, the second-largest market held flat by the company’s own account, even while the jobs it was meant to protect are gone.

Then children. Ritter Sport said this:

Russian children also like chocolate.

An appeal to our emotion. Meanwhile their Russian website appeals to the opposite customer. A limited collection and a new biscuit and coffee bar. Scarcity marketing of coffee. Children who merely like chocolate require no limited edition, and no coffee.

Russian soldiers do.

The remark also dates to 2024, after the March 2023 International Criminal Court arrest warrants issued for Vladimir Putin and his children’s commissioner over the unlawful deportation of Ukrainian children to Russia. For a year the standing legal question had been how some Russian children came to be Russian. Ritter Sport was practically saying Russia can abduct with chocolate.

It’s a family company, claiming to be mindful of the next generation. Theirs and Russia, in the main.

Security

FreeFable Says the Mythos Monster They Sold You Is a Mouse

Leave a comment

We all know the story by now. Last Friday on 12 June the Commerce Department issued an export control directive on Anthropic’s Fable 5 and Mythos 5, citing national security, and both models were pulled from every customer the same evening.

Two days later a lobby group at freefable.org asked the government to lift it. Their letter argues that these models are nothing special. That’s essentially what I’ve been saying on this blog since the start, so you’d think I’d be excited to see the lobbyists bring the industry to where I’ve always been.

The problem is, nine weeks earlier I saw many of the same people argue the exact opposite, in writing, at length, and for money.

That’s not right.

Who You Gonna’ Call?

In April the Cloud Security Alliance published The AI Vulnerability Storm: Building a Mythos-ready Security Program, led by Knostic CEO Gadi Evron with Rich Mogull of CSA and Rob T. Lee of SANS. It warned security leaders their ground had moved suddenly and they needed to panic. It named an entire era after one single Anthropic model. It sold readiness, in person, with events booked through June.

In June the Free Fable letter told Secretary Lutnick the same capability is nothing more than commodity, replicable on GPT-5.5, Opus, Sonnet, and Kimi 2.7. Basically anything. And that the research that triggered this new ban was defensive all along.

Four Horsemen of AI-pocalypse

Looking at the list, I see four people signed both. Gadi Evron, who led the April paper. Rich Mogull, who co-wrote it. Katie Moussouris and Joshua Saxe, who contributed to it. Two documents, two months, two opposite arguments, same four names on each.

Table Time

April: AI Vulnerability Storm! June: Free Fable
The capability “AI-driven offense is the new baseline.” Attackers gain the asymmetric benefit. Defensive code review that “should not be considered an offensive capability.”
Its size A step change. An era named after the model. Not uniquely good. Replicable on GPT-5.5, Sonnet, and Kimi 2.7.
The clock Discovery to weaponization collapsed to hours. Defenders cannot keep pace. The model lets defenders find and fix flaws faster than adversaries.
The stakes Re-architect now. Glasswing disclosures are the first of many waves. Removing the model carries no real risk worth the action.
Proliferation Broad availability of machine-speed discovery is the storm itself. Adversaries are advancing, so defenders must keep ours in hand.
The safeguards A capability potent enough to require an invite-only, managed rollout. Safeguards so aggressive they were a joke in the community on launch day.

What Is Our Industry Doing?

Nothing about the capability changed between April and June. The model is the same model. The code-review behavior the letter now calls defensive is the same behavior the April paper filed under “AI-driven offense is the new baseline“. Being accurate should be the goal, not picking a side based on payoff. In April the threat was called large and in charge, because that sells a Mythos-ready program, sells SANS seats, sells the consulting that follows a board briefing.

Evron sells a posture product. He needs a monster to sell monster services.

In June the threat was completely drained, because a small threat defeats an export control that pulls the model out of vendors’ hands and freezes a market.

From large to small, depending on whatever helps sell, sell, sell.

Somebody Isn’t There

Notably, I was disappointed to see people sign on in April. More than 250 CISOs redlined the April paper live, by its own account. A campaign that broad, assembled that fast, around one vendor’s model, is its own kind of evidence. The heavy promotion and pressure to be in the room when the industry vendors decide what to panic about was a bit too on the nose.

Look now at Jen Easterly, former director of CISA. Rob Joyce, former cyber chief at NSA. Chris Inglis, former National Cyber Director. Bruce Schneier. Rob T. Lee of SANS. All of them lent the April paper its gravity. I mention it because none of them, so far, have put their name to the June lobby letter. Signing it contradicts their April selves. So perhaps it’s notable that these names of reputational capital still anchor to the initial FUD. I mean that of the names who built the April alarm, only the commercial ones crossed over to sign the new letter.

I know some will say that their April paper hedged, that Mythos wasn’t really about one model and that the capability predated Mythos. Ok, but that’s misleading. The paper mentioned one vendor and one vendor only repeatedly, page after page. So the advice to “prepare for a real and spreading capability” is defensible, except “do not export-control one vendor of it” goes back to the same sole vendor that the April report hammered on too.

And while such hedging and liability vagueness could cover a general threat of AI, it does not cover the very obvious recategorization going on. In April the capability was offense, the new baseline of attack. In June it was a defensive code check that should not count as offensive. The same people flipped 180 on capability claims, based on what? Export control?

I have written that the ban itself is incoherent, an export control on a Tier 1 interaction over a capability Anthropic files under Tier 2. Now, I’m writing that the letter answering it is incoherent as a reflection.

The lobby letter is proof the April campaign was wrong, but it doesn’t land as a mea culpa among those running both. If the letter is to be believed, its signatories can’t be. Two incoherences are being pointed at each other, as if the public would want a coin-operated flip-flop laundry to lead America’s security industry.

History, Security

This Day in 1381: Biometric Age Verification Leads to Beheadings

Leave a comment

In the spring of 1381 the English crown levied a poll tax on everyone aged fifteen and over. To verify age the collectors were said to need to inspect bodies directly. The story goes, perhaps exaggerated, perhaps a metaphor to expose state-sanctioned rape, that there would be official measuring of pubic hair, meaning the cost of dignity was about to land hardest on poor young girls.

If you’re already thinking wow this sounds like modern age-gating, ID checks, facial-age estimation, using the body as the verification surface, you’re on the right path. The people in the position least able to refuse were being targeted with the most invasive and permanent “classifier” system, hundreds of years ago.

As collection in early 1381 began to roll-out it became so dangerous, due to protests, that collectors refused to work in London, and on the 30th of May two of them were assaulted in Essex.

Two weeks later, on this day, the 14th of June, it really blew up. Before the crown could muster a coherent response, tens of thousands had marched on London. The 14-year old Richard II rode out to meet them on open ground at Mile End, where he conceded a charter abolishing serfdom and granted a blanket pardon. Around thirty clerks were put to work writing sealed manumissions for every manor and shire, and the king’s own banner was sent to each county as warranty of his word. He sent most of them home believing him. It was a trick. He rode to Waltham, declared the charters all null and void because they had been extracted from him under duress, and told the peasants on June 22 “rustics you were, and rustics you are still.” His word was worthless, and he kept none of it, instead escalating and hanging some 1,500 people.

You wretches, detestable on land and sea; you who seek equality with lords are unworthy to live. Give this message to your colleagues: rustics you were and rustics you are still: you will remain in bondage, not as before but incomparably harsher. For as long as we live we will strive to suppress you, and your misery will be an example in the eyes of posterity. However, we will spare your lives if you remain faithful and loyal. Choose now which course you want to follow.

With that kind of state treachery in mind, I have to point out a notable difference from protests in England back then versus today. There is no single neck carrying the decision today for pushing biometric age verifications on children, unlike Sudbury, Hales, and Legge, upon whom the crowd focused their rage. Sudbury was Archbishop of Canterbury and Chancellor of England; Hales was Treasurer, Grand Prior of the Knights Hospitaller, a crusader. Legge ran the commission that reassessed the tax. The public removed them all from the Tower and beheaded them on Tower Hill, to parade their heads through the streets on poles.

So now you know how things turned out for England’s council of a 14-year old King that tried in 1381 to enact biometric verification of other teenagers.

History, Poetry, Security

Why We Need a Separation of AI Church and State

Leave a comment

Margaret Hu has been making this argument for years, before I caught up to it. She is a professor of law at William and Mary, directs the Digital Democracy Lab, and has testified before Congress on AI regulation.

She just mentioned the separation of AI Church and State has been a rising topic for several years, most recently on the Federal Newswire podcast.

She pointed out separation of Church and State rhymes with separation of AI and State. The Church minted the coin and then charged for salvation. The labs mint the token and charge for salvation. Same institutional makeup, eight centuries apart. That got me thinking:

Church Coin AI Token
The instrument Placed on the altar Submitted via API
Who mints Empire grants it, commune holds it, the Church absorbs it and the ius monetae migrating across one disc of metal The lab holds it, ungoverned
Booked twice The offering in the box, plus a credit struck against purgatory Compute revenue, plus a mark-to-market gain on the same dollar
The salvation sold Time taken off the afterlife AGI, alignment, civilization rescued, cure disease, reduce labor, blah blah blah
The half you can audit 70,000 coins found beneath Scandinavian church floors Amazon’s 16.8 billion dollar mark, booked in the open
The half you cannot The grace. Never recoverable The capability claim. Never independently proven
The trinity Mints the coin, sells the salvation, writes the law of usury Mints the token, sells the salvation, writes the safety framework

Where This Ends is Ugly

An institution that mints the money, sells the salvation, and writes the morality of money holds all three levers with no independence or separation. Nothing inside would work to pry them apart. The medieval version did not reform by memo. It was Luther who nailed the indulgence (the AI double-booking of his day) to a door in 1517. Then a brutal correction unfolded over the next hundred and thirty years. Princes seized the mints and the monastery lands. The wars of religion ran into the Thirty Years War, which emptied as much as a third of the German lands in the worst regions.

The act of “disestablishment” (prying mint and salvation away from the sword) was Westphalia in 1648.

The AI labs clearly are bringing back the trinity and infusing it into the state: we just saw an export ban on who may run a model, we just saw empty warehouses permitted as datacenters and ruled as critical infrastructure, with the national-security frame doing all the consecrating. They may as well say national holiness. Elon Musk may as well be called the holy emperor of SpaceX, presiding over what looks like the biggest fraud in history. The records are blunt about the very high price of undoing the Church coin collapse. Elon Musk isn’t going to disestablish himself any sooner than he will admit he isn’t going to achieve driverless by 2017 or land on Mars by 2018.

Someone has to seize the AI tokens before more people die from AI. Or to put it how was said a very long time ago:

Doch schweig ich noch von dem, was ärger als der Tod,
Was grimmer denn die Pest und Glut und Hungersnot:
Daß auch der Seelen Schatz so vielen abgezwungen.

Andreas Gryphius wrote that in 1636, mid-war, which reads: “and yet I stay silent on what is worse than death, grimmer than plague and fire and famine: that the treasure of the soul was wrested from so many.”

The AI token is today’s Seelenschatz: sold as salvation, never proven, never refunded. The medieval fix wasn’t a stronger emperor. That kind of escalation always fails. It was prying the mint, the salvation, and the sword into separate hands and holding the line. Separate the AI Church from the State before the unauditable claim bills us in death again.