Category Archives: Security

Energy, History, Security

AI Is Not a Fascist Artifact

Leave a comment

Several people have asked what I thought when Jürgen Geuter, writing as tante, argued that AI is a fascist artifact.

He’s not saying AI is being deployed badly. He’s saying AI is inherently fascist. He places it in the category Langdon Winner reserved for technologies that demand a particular social order, the way the atom bomb demands a centralized command state. You cannot run that particular bomb democratically. In that sense, tante wants the model in the same classification.

I get it. I typically talk about minefields or cluster bombs as inhumane, and therefore a crime. If we can classify a weapon off limits, we can feel comfortable saying it crosses a bright line.

The problem for me is how his argument refutes itself.

He leans on Stafford Beer’s maxim that the purpose of a system is what it does. As such, tante reads the purpose of AI off its most disgusting and reprehensible deployments. Palantir, an overtly fascist company out to destroy democracy, markets its software as a weapon for kill decisions. Andreessen, a mockery of itself, demands the right to build without regulation while also demanding regulations that erase its critics. Image models inherit the racism of the data scraped to train them. These deployments are all good examples of the bad, and they are reactionary.

The lean into Beer comes from tante saying he is an admirer. Beer built Project Cybersyn, a centralized computer system meant to coordinate the nationalized economy of Allende’s Chile.

Stafford Beer’s VSM (Viable System Model)

That’s interesting because it’s in the similar class as the bad examples above. Centralized computational coordination of an economy. By tante’s own logic a system is whatever it does, so Cybersyn was socialist because it served socialism. The politics are defined by the person in control and to what end they are aiming.

Record scratch.

This is the applied, contingent politics tante insists does not exist. He cannot endorse the principle that a system is what it does and condemn the model class as fascism in the same breath. That principle is what makes Cybersyn liberatory, and it puts the politics in the operator of the system.

Going back to Winner instead, we should separate two kinds of political technology. For example, when Robert Moses built overpasses so low that large buses carrying poor families could not reach the beach, that was politics by design. The bomb is different from the overpass. Its politics are in the functional necessity. In other words, the evidence tante uses is all about the overpass. The frontier vendors would concentrate power because of how it is financed and owned, not because a working model can only exist in a form that prevents poor families from going to the beach.

On that point, we have evidence of models that pass the test. Apertus, from ETH Zurich and EPFL, was pretrained from scratch on rights-clean data. Pleias built its models on the Common Corpus the same way. Run the weights locally through Ollama with no telemetry and no API, and the capability should be free of fascism. The model does not need its lab, while the bomb still needs the state. And this trend seems like common sense.

M28/M29 Davy Crockett entered service in May 1961. It fired an “atomic watermelon” with 20 tons of force up to 2.5 miles away, bad news for the operators.

What the bomb actually requires is not centralized command but a centralized means of production: a secret, capital-heavy, state-scale enrichment and weapons base. The Davy Crockett above makes the case clear. The Army handed the trigger to a three-man crew, the most decentralized nuclear launch ever fielded, and it still came out of Los Alamos and the Atomic Energy Commission. You can decentralize the distribution. You cannot decentralize production. Every warhead that has existed came out of that base.

The simple contradictions by tante make me wonder why he didn’t see them. He grants that oppressive tools can be turned against their makers. Ok, so they become good? But then he still tries to land the campaign to destroy AI. Destruction doesn’t follow from the premise that the tool is dual-use. If the politics is in the ownership and operation, the answer is to take ownership and operate another way: public compute, worker control over deployment. Destroy AI foolishly tries to name an enemy, which unfortunately could be the self.

The reactionary political economy of frontier AI is a real problem. The firms deserve the harshest criticism, especially Palantir. Calling the company fascist makes perfect sense to me, but their tools don’t carry the same labels. I’m no more likely to say an LLM has to be fascist than the rest of their compute infrastructure. And I say that because if you follow tante’s very broken and self-defeating logic, we start signaling that to build the alternative is forbidden if not impossible. And that’s simply not true.

The Amish refuse the public grid. The line to the utility is a tether to the outside world, and that relationship as dependence is what they reject. Electricity itself is fine. Build your own windmill, run it locally, and no one objects. The objection was never to electricity itself, which has no political stake. It was to the politics of someone else taking control.

Security

Viginum Just Wrote a Sales Brochure for Blackcore Disinformation

Leave a comment

I’ve been scratching my head about the Viginum report on Blackcore. As a quick introduction, the report says an orchestrated online disinformation campaign didn’t work, since the fake accounts didn’t persuade anyone. And so you would think that’s a relief. But instead, I have a nagging feeling that what is actually being sold isn’t the persuasion.

The Blackcore demo page offered a persuasion method and 1,600 avatars to do it with. But the product is more about something that can take a beating, compromise by public exposure, and keep on running campaigns anyway. Delete the shells, keep the registered toolmaker, edit the avatars, reload and fire again. The Viginum report in that context proves the product works as designed, by showing a full pressure takedown isn’t able to take it down.

The report names who’s at the top. The 8200-to-INCD-to-Cygun chain leads to Yigal Unna, a real law firm, a real address, a registry number. So they could name him. And in Section 4 they do the thing that looks like the start of a prosecution. They write atteinte aux intérêts fondamentaux de la Nation, harm to the fundamental interests of the Nation. That phrase is one of the four boxes that VIGINUM’s founding decree requires it to check before it can call anything foreign interference. Section 4 checks the box, VIGINUM detects and names, and yet it cannot prosecute.

Ok. Ready. And then? Nothing happens. Why?

The operation is built to handle it. The foundation layer is fake accounts and disposable websites. Those are illegal and they’re hidden, and after the press coverage in May they evaporated. Flip a switch, they’re gone. The top layer is the opposite: the report says there are legal companies, registered in Sweden and the UK, with named directors. They’re clean on paper, which means finding them nets nothing. They make software. Making software isn’t a “harm“.

The trap is the foundation is easily erased while the parts floating above aren’t breaking any laws. VIGINUM climbs all the way to the top of the system and finds a registered businessman who can say he just sells the usual marketing tools.

Fun history fact: modern marketing was born in WWI government propaganda offices. Creel’s Committee on Public Information under Woodrow Wilson was a civilian agency, the first large-scale propaganda bureau the United States ever ran. The famous Bernays worked inside it. Lippmann spent the war in Army military intelligence, working on Allied propaganda aimed at German troops at the front. The concepts of manufacturing consent back at home were assembled as state service at war between 1917 and 1919, and then privatized into Madison Avenue the moment the war ended.

After WWI Edward Bernays left the military propaganda office to sell the same methods to corporations. He claimed Goebbels adopted them to push Hitler into power.

The reason an investigation goes all the way up to a former head of Israel’s national cyber agency is that this isn’t some random shop. It’s the normal Israeli cyber-export path working as intended: people leave military intelligence, the money and legal cover follow them into private companies, the state encourages it.

Israeli intelligence operators become marketing tool vendors, or “security” monitoring tool vendors.

When investigators reach the root, they can’t claim a company broke the rules. So the technical report builds a case and then looks like it flames out with a generic firm. It can’t cross into demanding a trial for a foreign government’s economic strategy. The report lands on “the Service will continue its investigations” because there is no solution yet for what is really being sold.

And the irony, therefore, is that the French report ends up a sales brochure: Israeli disinformation sold as a resilience product.

History, Security

Stammtischler by Klee

Leave a comment

In 1931, Paul Klee sketched “Drinking Companion” (Stammtischler), as if to capture the obnoxious, poorly informed loud mouth you wouldn’t want in charge of anything.

Klee was one of the first German artists the Nazis labeled “degenerate,” which Nazis said meant Jewish, so they accused him of being Jewish. He was not Jewish.

The Nazis had been losing popularity in 1932 but then they abruptly seized power, with Hitler appointed in January 1933 to Chancellor. Klee was dismissed from the Düsseldorf academy, his home was searched by the Gestapo, and he moved with his family to Bern, Switzerland. In 1937 the Nazis still attacked him, trying to shame him in a “Degenerate Art exhibition” that compared his work to mental illness.

Security

Trump Abruptly Bans Foreigners Using Anthropic’s Top Models

Leave a comment

Think you can use American products? Think again. In fact, every company in the world right now needs to be moving off American technology or preparing for a move, because Trump just showed how he can shut it down like oil.

Anthropic had released Fable two months after declaring its models too dangerous to be released. Fable was said to be proof that safety was solved, soon after they had said the opposite. What it in fact delivered was a machine that refused to work.

This has become a rather sad theme in the AI industry. Zero integrity control, causing outages.

The “service safety” they designed was a denial of service, the literal opposite. The detection system was so aggressive that ordinary requests were kicked out. A model that shuts down at a benign prompt is not secured. It is broken. That is insecurity, by definition. The company called insecurity their security release. They sold denial of service as a premium feature and labeled protection.

The United States read the Anthropic marketing about dangers and believed it. Hook, line and sinker! The gullible and unpredictable Trump administration demanded access be revoked for a thing that couldn’t reliably be accessed. On 12 June the Commerce Department issued an immediate export control directive suspending all access to Fable 5 and Mythos 5, the first time the federal government has reached into a deployed commercial model and switched it off.

To be accurate, Anthropic had never designed access around denying foreigners. The Trump administration is obsessed with punishing people based on an “alien” designation (“artfremd” in Nazi Germany). So the Trump order was to deny access to foreigners and Anthropic was forced to disable it for everyone instead.

This is reminiscent of 2009-era stuff when the initial cloud providers were shocked, shocked I tell you, to find out ITAR is real. Here we are today with Anthropic claiming they can’t tell a foreign national from anyone else in real time, so the model is down. As if ITAR is real. Again.

Perhaps the right way to read all of this is that the American government just demonstrated a footgun clumsily and loudly, that at any minute they will cut off the world from American-based technology. The Straight of Hormuz disaster is just the beginning. They did it with Microsoft, now they are targeting Anthropic.

The warning shot to the world is the big, centrally distributed American services aren’t trustworthy. They are at the whim of Trump. Just like oil.

The stupid part of the story, aside from America being a hot-headed tin-pot dictatorship under the thumb of ex-KGB, is that Anthropic is pleading that there’s no danger to the public, while the government still believes the Anthropic claims that there’s danger to the public.

…the level of capability displayed there is widely available from other models (including OpenAI’s GPT-5.5), and is used every day… we disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people. If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers.

Anthropic says whoa you can’t just block a model for being “too dangerous”, only we can do that as a marketing trick.

The capability the government feared, by Anthropic’s own account, is a model reading a codebase and fixing flaws, something it concedes other public models already do without restriction. So the Trump order protects no one from a tool the vendor now insists is ordinary.

A product that shut itself down aggressively to prevent usage has been certified as a weapon and withdrawn from a public that could never use it in the first place. Even the jailbreak is downplayed by Anthropic as nothing to fear.

The Anthropic incoherence is a huge problem, as I have pointed out flaws with their Mythos system card and again flaws with their Fable system card.

For example, look at how an Anthropic card in 3.1.1 opens by calling Mythos 5 the most capable cyber model they have ever evaluated, then in the next breath files it in Tier 1, their lower risk category, defined as human-dependent assistance with known techniques.

I can not get over how dumb America looks right now. Incoherence and disproportion take the main stage, not any absence of capability. The Trump ban is for the low tier by definition. Reading a codebase and fixing previously known bugs is textbook Tier 1: meaningful assistance with known methods, still needing a human. Arguably beneath it, since it is defensive. So America has openly stated to the world an export control blocks a Tier 1 interaction over a capability Anthropic reserves for Tier 2.

It’s like Trump banning GPU export because they can generate images. Dude, it’s what people buy them to do. That’s not even dual-use, that’s just use. And then we have to deal with the fact that Anthropic designed a thing that powers off when you power it on.

Unusable once by design.

Unusable twice by decree.

American integrity is twisting in the breeze like an infamous bridge we were all supposed to study so it would never happen again.

Tacoma Narrows bridge design fell apart in a moderate 40mph breeze. Anthropic Fable falls apart with basic prompts. The danger is in the design failures, not in the citizenship of the person trying to use it.