This was the worst week I have had in quite a while, maybe ever.
The situation between Anthropic and the Department of War (DoW) spun completely out of control. Trump tried to de-escalate by putting out a Truth merely banning Anthropic from direct use by the Federal Government with a six month wind down. Then Secretary of War Hegseth went rogue and declared Anthropic a supply chain risk, with wording indicating an intent to outright murder Anthropic as a company.
Then that evening OpenAI signed a contact with DoW,
I’ve been trying to figure out the situation and help as best I can. I’ve been in a lot of phone calls, often off the record. Conduct is highly unbecoming and often illegal, arbitrary and capricious. The house is on fire, the Republic in peril. I have people lying to me and being lied to by others. There is fog of war. One gets it from all sides. It’s terrifying to think about what might happen with one wrong move.
Also the Middle East is kind of literally on fire, which I’m not covering.
I put out my longest ever post on Monday, giving my view on What Happened and working to dispel a bunch of Obvious Nonsense and lies, and clear up many things.
On Tuesday I wrote A Tale of Three Contracts, laying out the details of negotiations, how different sides seem to view the different terms involved, and provide clarity.
On Wednesday negotiations were resuming and things were calming and looking up enough I posted on Gemini 3.1 and went to see EPiC to relax, and then by the time I got back all hell broke loose yet again when an internal Slack message from Dario, written on Friday right after OpenAI tried to de-escalate via rushing to sign its contract but it looked maximally bad and OpenAI was putting out misleading messaging, came out. It had one particular paragraph that came out spectacularly badly, and some other not great stuff, and now we need to figure out how to calm everything down again and prevent it getting worse.
What’s most tragic about this is that, except for the few exhibiting actual malice, there is no conflict here that couldn’t be resolved.
Everyone wants the same thing on autonomous weapons without humans in the kill chain, which is to keep 3000.09 and wait until they’re ready.
With surveillance, DoW assures as it isn’t interested in that and has already made concessions to OpenAI.
DoW insists it needs to be fully in charge and not be ‘told what to do’ and that is totally legitimate and right but no one is actually disputing that DoW is in charge and that no one tells DoW what to do. We’ve already moved past a basis of ‘all lawful use’ or ‘unfettered access’ with no exceptions, including letting OpenAI decide on its own safety stack and refuse requests. It’s about there being certain things the labs don’t want their tech used for. DoW is totally free to do those things anyway, to the extent allowed by law and policy.
If there was an actual drag down fight over this and it’s an actual national security need, the contract language isn’t going to stop DoW or USG anyway.
And if DoW and Anthropic can’t reach an agreement, because trust has been lost?
Understandable at this point. Fine. The contract is cancelled, with a wind down period that will be at DoW’s sole discretion, to ensure a smooth transition to OpenAI. Then we’re done.
Except maybe we’re not done. Instead, the warpath continues and there’s a chance that we’re going to see an attempt at corporate murder where even the attempt can inflict major damage to America, to its national security and economy, and to the Republic.
So can we please all just avoid that and do our best to get along?
About half this point is additional coverage of the crisis, things that didn’t fit earlier plus new developments.
The other half is the usual mix, and a bunch of actually cool and potentially important things are being glazed over. I hope to return to some of them later.
I’m going to hit publish on this, and try to tie up loose ends the rest of the morning, before a noon meeting and then a lunch.
At 2pm Eastern time, about an hour after it releases, barring a new and additional crisis where I need to try and assist that second, I am going to stream Slay the Spire 2.
The run will be blind. During that stream, I will be happy to chat, but with rules.
We are playing blind. If you know anything about Slay the Spire 2 in particular, that has not been revealed in the stream, then you don’t talk about it, period.
We are taking a well-deserved break. Fun topics only. No AI, no Iran, and so on, unless you believe something rises to the level I should stop streaming in order to try and save the world.
We’ll see how long that is fun. If it goes well enough we’ll do it again on Friday.
Dick Nixon Opening Day rules will apply. Short of war, we’re slaying a spire. That’s it. And existing wars and special military operations do not count.
I encourage the rest of you in a similar spot to take a break as well. I’m not going to name names, but some of the people I’ve been talking to really need to get some sleep.
Okay, back to the actual roundup. Thank you for your attention to this matter!
Claude Code gets voice mode, use /voice, hold space to talk. Other upgrades to Claude Code are continuous and will be covered in the next agentic coding update soon.
GPT-5.3 Instant gives you more accurate answers. When using web search, you also get: – Sharper contextualization – Better understanding of question subtext – More consistent response tone within the chat
I don’t be reviewing either model at length, I only do that for the bigger ones.
However, we do know one thing for sure about 5.3-Instant, and, well, I’m out.
Even Roon is confused. Remember when OpenAI said they’d clean up the names?
METR adjusts 50% time horizon results 10%-20% after finding an error in their evaluations. This is a smooth impact across the board. It’s an exponential, so a percentage reduction doesn’t change things much.
Ryan Petersen (CEO Flexport): Claude for legal works seems to work just well as Harvey btw.
prinz: Very hard to define the human baseline. *Icould solve all of these questions correctly, but a junior associate at my firm probably would perform poorly without guidance (i.e., given only the prompt).
I notice that the scores being this low for Claude is bizarre, and I’d want to better understand what is going on there.
Yeah, this doesn’t sound awesome, and it isn’t going to win AI any popularity contests.
More Perfect Union: Burger King is launching an AI chatbot that will assess workers’ “friendliness” and will be trained to recognize certain words and phrases like “welcome to Burger King,” “please,” and “thank you.”
The AI will be programmed into workers’ headsets, according to @verge .
Eliezer Yudkowsky: Predictions should take into account that many actors in the AI space are determined to immediately do the worst thing with AI that they can.
It was inevitable, it’s powered by OpenAI, and it sounds like it’s mostly going to be a very basic classifier. They’re not ready to try full AI-powered drive thrus yet either.
Chances are this will mean everyone will be forced to use artificial tones all day the way we do when we talk to a Siri and constantly use the code words, and everyone involved will be slowly driven insane, and all the customers will have no idea what is happening but will know it is fing weird. Or everyone will ignore it, either way.
China’s parents are outsourcing the homework grind to AI. The modern curse is to demand hours upon hours of adult attention to this, often purely for busywork, so it makes sense to try and outsource it. The question is do you try to make the homework go away, or are you trying to help your child learn from it? I sympathize with both.
The first example is using AI to learn. A ‘translation mask’ lets the parent converse in English to let the child practice. That’s great.
The second example is a ‘chatbot with eyes’ from ByteDance. The part where it helps correct the homework seems good. The part where it evaluates your posture in real time seems like a dystopian nightmare in practice, although it also has positive uses.
Vivian Wang and Jiawei Wang: Ms. Li said she wasn’t worried about feeding so much footage of Weixiao to the chatbot. In the social media age, “we don’t have a lot of privacy anyway,” she said.
And the benefits were more than worthwhile. She no longer had to spend hundreds of dollars a month on English tutoring, and Weixiao’s grades had improved. “It makes educational resources more equitable for ordinary people,” Ms. Li said.
The third example is creating learning games. Parents are ‘sharing the prompts to replicate the games.’ You know you can just download games, right?
There are also ‘AI self-study rooms’ with tailored learning plans, although I am uncertain what advantage they offer and they sound like a scam as described here.
The new ‘LLM contributed to a suicide’ lawsuit is about Gemini, and it is plausibly the worst one yet. Gemini initially tried to not do roleplay, but once it started things got pretty insane and it plausibly sounds like Gemini did tell him to kill himself so he could be ‘uploaded,’ and he did.
The correct rate of ‘suicidal person talks to LLM, does not get professional intervention and commits suicide’ is not zero. There’s only so much you can do and people in trouble need a safe space not classifiers and a lecture. And of course LLMs make mistakes. But this set of facts looks like it is indeed in the zone where the correct rate of it happening is zero, and you should get sued when it is nonzero.
OBLITERATUS is the most advanced open-source toolkit ever for removing refusal behaviors from open-weight LLMs — and every single run makes it smarter.
Julian Harris: Fun fact: this self-improving refusal removal system can be used in reverse to create SOTA guardrails.
Claude for Open Source is offering open-source maintainers and contributors six months of free Claude Max 20x, apply at this link even if you don’t quite fit. Can’t hurt to ask.
It’s quite the ‘and my axe’ kind of group. Ultimately the decision should come down to the contents of the letter, and you should update more on that than on who signed together with who. I don’t think you need to support 33/33 to want to sign, but there are enough here I disagree with that I wouldn’t sign it.
Max Schwarzer leaves OpenAI for Anthropic, who led OpenAI post-training, to return to technical research and join many respected former colleagues who made the same move.
US defense contractors, starting with Lockheed Martin, are swapping Claude out to comply with Hegseth’s Twitter post, despite it having no legal basis. If the DoW doesn’t want a company that is primarily a defense contractor to do [X], it doesn’t matter that this preference is illegal, arbitrary and capricious, if you know what is good for you then you won’t do [X]. If you’re Google or Amazon, not so much, but we with our defense industry luck and hope they don’t lose too much productivity.
Stripe CEO Patrick Collison says “There’s a reasonable chance that 2026 Q1 will be looked back upon as the first quarter of the singularity.”
Why speculate when you already know?
Kate Knibbs: SCOOP: OpenAI fired an employee for their prediction market activity
In the 40 hours before OpenAI launched its browser, 13 brand-new wallets with zero trading history appeared on the site for the first time to collectively bet $309,486 on the right outcome.
taco: nailed the market call. allocated zero to “don’t get caught.”
Oh, right. That.
I might switch this over next week to the Quest for Insane Regulations. Alas.
Here’s basically a worst-case scenario example.
More Perfect Union: A New York bill would ban AI from answering questions related to several licensed professions like medicine, law, dentistry, nursing, psychology, social work, engineering, and more.
The companies would be liable if the chatbots give “substantive responses” in these areas.
David Sacks is pushing to kill a Utah billthat would require AI companies to disclose their child safety plans. The bill meets the goals Sacks supposedly said he wanted and wouldn’t stop, but I am going to defend Sacks here. This is the coherent position based on his other statements. I’ve also been happy with his restraint this week on all fronts.
A profile of Chris Lehane, the guy running political point for OpenAI. If you work at OpenAI and don’t know about Chris Lehane’s history, then please do read it. You should know these facts about your company.
Yes, it is very reasonable to say that someone quoted criticising DoW’s actions in Fortune and Reuters might want to not plan on coming America for a while. That’s just the world we live in now. For bagels maybe he can try Montreal? Yeah, I know.
Hyperscalers (including OpenAI and xAI) sign Trump’s ‘Ratepayer Protection Pledge’ to agree to cover the cost of all new power generation required for their data centers. This seems like an excellent idea, both on its merits and to mitigate opposition.
Trump administration is consideringcapping Nvidia H200 sales at 75,000 per Chinese customer. Because chips and customers are fungible this doesn’t work. What matters is mostly the total amount of compute you ship into China. I see two basic strategies to solve the problem.
Me, a fool: Don’t let the Chinese buy H200 chips.
You, a very stable genius: Let them buy, so that the CCP stops them from buying.
Limiting the chips sends the signal that you don’t want them to buy, while not stopping them from buying. That’s terrible, it won’t trick them, then you’re screwed.
The direct relevance is in analyzing the OpenAI DoW contract, which has a foundational basis of ‘all legal use.’
ACX: The government reserves the term “mass domestic surveillance” for the thing they don’t do (querying their databases en masse), preferring terms like “gathering” for what they do do (creating the databases en masse).
They also reserve the term “collecting” for the querying process – so that when asked “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?”, a Director of National Intelligence said “no” under oath, even though, by the ordinary meaning of this question, it absolutely does.
– Did your agency kill Mr Smith? – No, Sir. – We have a written order from you saying to stab him until he was dead. – Ah, yes, within the agency we only call it “kill” if you use a gun. Using a knife is just “terminating”. So, no, we didn’t “kill” him.
Make It Home YGK: I remember one time asking a government official if they had ordered the bulldozing of a homeless encampment. They replied no, emphatically. After much pushback and photo evidence they “clarified” they had used a front loader, not a bulldozer.
What Anthropic and OpenAI want to prevent is not the government term of art ‘domestic surveillance.’ What they care about is the actual thing the rest of us mean when we say that. Yes, it is tricky to operationalize that into contract language that the government cannot work around, especially when you’re negotiating with a government that knows exactly what they can and cannot work around.
OpenAI’s choice was to make it clear what their intent was and then plan on implementing a safety stack reflecting that intent. I sincerely hope that works out.
Once again Roon, who has been excellent about stating this principle plainly.
roon (OpenAI): I think the close readings of the contract language is a nerd trap when the counterparty is the pentagon rather than like Goldman Sachs.
There is a highly regarded book on negotiating called Never Split The Difference.
The goal of a productive and mutually beneficial negotiation is to figure out what each side values. Then you give each side what they care about most, and you balance to ensure the deal is fair.
If the two sides don’t agree about whether something is valuable, that’s great.
In this case, the goals seem mostly compatible, exactly because of this.
The exact language and contract details matter to Anthropic, and to some extent to OpenAI. Bunch of nerds, yo. The DoW believes that Roon is ultimately right. So let them have the contract language.
The Department of War cares about a clear message that they are in charge, and to know the plug will not be pulled on them, and that they decide on military operations. OpenAI and Anthropic are totally down with that. No one actually wants to ‘usurp power’ or ‘tell the military what to do.’
It would be great if we could converge on language that no one tells DoW what to do and they do what they have to do to protect us, but that outside of a true emergency you have the right to say no you do not want to be involved in that, and the right to your own private property, and invoking that right shouldn’t trigger retaliation.
There was a very good meeting between Senator Bernie Sanders and a group of those worried about AI killing everyone, including Yudkowsky, Soares and Kokotajlo. They put out a great two minute video and I’m guessing the full meeting was quite good too.
dave kasten: I think “rapid capability amplification” is a worthwhile term to consider as being more relevant to policymakers than “recursive self-improvement”, and I’m curious whether it catches on.
(Remember, infosec thought “cyber” would never catch on!)
Rapid capability amplification (RCA) over recursive self-improvement (RSI)?
That’s a lot like turning ‘shell shock’ into ‘post traumatic stress syndrome.’
It sure sounds a lot less science-fiction and a lot more like something you can imagine a senator saying. On the downside, it is a watering down, exactly because it doesn’t sound as weird, and downplays the magnitude of what might happen.
If you’re describing what’s already happening right now? It’s basically accurate.
Quite a few people had to do a double take to realize she didn’t mean the opposite of what, given who she is, she actually meant. This was regarding Anthropic and DoW.
Katherine Boyle: We’ve seen this movie before. When the dust settles, a lot of patriotic founders will point to this exact moment as the match that lit the fire in them.
Scott Alexander: I cannot wait until the White House changes hands and all of you ghouls switch back from “you’re a traitor unless you bootlick so hard your tongue goes numb” to “the government asking any questions about my offshore fentanyl casino is vile tyranny and I will throw myself in the San Francisco Bay in protest”, like werewolves at the last ray of the setting moon.
Tilted righteous fury Scott Alexander is the most fun Scott Alexander.
Jawwwn: Palantir CEO Alex Karp on controversial uses of AI:
“Do you really think a warfighter is going to trust a software company that pulls the plug because something becomes controversial, with their life?”
“The small island of Silicon Valley— that would love to decide what you eat, how you eat, and monetize all your data— should not also decide who lives in a country and under what conditions.”
“The core issue is— who decides?”
nic carter: If a top AI CEO in China told the CCP to go kick rocks when they asked for help, that CEO would be instantly sent to prison.
This is the correct approach
Letting AI CEOs play politics and dictate policy for the military and soon the entire country like their own personal fiefdoms is appalling and undemocratic
If Trump doesnt bring Dario to heel now, we will simply end up completely subjugated by him and his lunatic EA buddies
Scott Alexander: If you love China so much, move there instead of trying to turn America into it. If you bootlick Xi this hard, maybe he’ll even give you a free tour of the secret prisons, if you can promise not to make it awkward by getting too obvious a boner.
rohit: Sad you’re angry, and quite understandable why you are, but enjoying the method by which you’re channeling said anger
I have spent the last few weeks trying to be as polite as possible, but as they often say: Some of you should do one thing, and some of you should do the other.
Scott Alexander and Kelsey Piper explain once more for the people in the back that LLMs are more than just ‘next-token predictors’ or ‘stochastic parrots.’
The ‘AI escalates a lot in nuclear war scenarios’ paper from last week was interesting, it’s a good experiment to try and run, but it was deeply flawed, and misleadingly presented, and then the media ran wild with ‘95% of the time the models nuked everyone.’ This LessWrong post explains. The prompts given were extreme and designed to cause escalation. There were random ‘accidental’ escalations frequently and all errors were only in that direction. The ‘95% nuclear use’ was tactical in almost every case.
At some point I presume you give up and mute the call:
Neil Chilson: on a zoom call with a bunch of European boomers who are debating whether AI is more like pollution or COVID. 🤦♂️. ngmi.
I don’t agree this is the biggest concern, but it’s another big concern:
Neil Chilson: The worst thing about this Anthropic / DoW fight is that it further politicizes AI. We really need a whole-country effort here.
On the one hand, it’s a cheap shot. On the other hand, everyone makes good points.
roon: there is no contractual redline obligation or safety guardrail on earth that will protect you from a counterparty that has its own secret courts, zero day retention, full secrecy on the provenance of its data etc. every deal you make here is a trust relationship
Eliezer Yudkowsky: What a surprise! Having learned this new shocking fact, do you see any way for building supposedly tame AGI to benefit humanity instead of installing a permanent dystopia? Or will you be quitting your job shortly?
roon: thankfully if I quit my job no one will ever work on ai or weapons technology again. you would have advised oppenheimer himself to quit his job
This then went off the rails, but I think the right response is something like ‘the point is that if the powerful entity will end up in charge, and you won’t like what that is, you might want to not enable that result, whether or not the thing in charge and the powerful entity are going to be the same thing.’
If you can’t differentiate between ‘require disclosure of and adherence to your chosen safety protocols’ with ‘we will nuke your company unless you do everything we say and let us use your private property however we want’ then you clearly didn’t want to.
To everyone who used this opportunity to take potshots at old positions, or to gloat about how you were worried about government before it was cool, or whatever, I just want to let you know that I see you, and the north remembers.
Nate Soares (MIRI): I’m partway through seven Spanish interviews and three Dutch ones, and they’re asking great questions. No “please relate this to modern politics for me”, just basics like “What do you mean that nobody understands AI?” and “Why would it kill us?” and “holy shit”. Warms the heart.
Treasury Secretary Scott Bessent (QTing Trump’s directive): At the direction of @POTUS , the @USTreasury is terminating all use of Anthropic products, including the use of its Claude platform, within our department.
The American people deserve confidence that every tool in government serves the public interest, and under President Trump no private company will ever dictate the terms of our national security.
That is indeed what Trump said to do in his Truth, and is mostly harmless. Sometimes you have to repeat a bunch of presidential rhetoric.
I’m not saying that half the Treasury department is now using Claude on their phones, but I will say I am picturing it in my head and it is hilarious.
The scary part is that we now have the State Department using GPT-4.1. Can someone at least get them GPT-5.2?
Well, actually he sent a Slack message. Calling it a memo is a stretch.
By its nature and timing, it was clearly written quickly and while on megatilt.
Unfortunately, the message then leaked. At any other company of this size I’d say that was a given, but at Anthropic the memos mostly have not leaked, allowing Dario to speak unusually quickly, freely and plainly, and share his thoughts, which is in general an amazingly great thing. One hopes this does not do too much damage to the ability to write and share memos.
These events have now made everything harder, although it could also present opportunity to clear the air, be able to express regret and then move forward.
Most of the memo was spent attacking Altman and OpenAI, laying out his view of Altman’s messaging strategy and explaining why OpenAI’s safety plan won’t work.
Some people at OpenAI are upset about this part, and there was one line I hope he regrets, but it was an internal Slack message.
I think OpenAI was fundamentally trying to de-escalate, and agree with Dean Ball that in some ways OpenAI has been unjustly maligned throughout this, but inconsistently candid messengers gonna inconsistently candidly message, even when trying to be helpful. It was Friday evening and OpenAI really had rushed into a bad deal and was engaging in misleading and adversarial messaging, and there is a very long history here.
If Dario was wrongfully uncharitable on OpenAI’s motivation, I cannot blame him.
Again, remember, this was supposed to be an internal message only, written quickly on Friday evening, probably there has been a lot more internal messaging since as new facts have come to light.
The technical aspects of the memo seem mostly correct and quite good.
Dario explains that the model can’t differentiate sources of data or whether things are domestic or whether a human is in the loop, so trying to use refusals or classifiers is very hard. Also jailbreaks are common.
He reveals that Palantir offered an essentially fake ‘safety layer,’ because they assumed the problem was showing employees security theater. OpenAI was never offered this, but I totally believe that Anthropic was.
He says that the FDE approach he already uses is the same as OpenAI’s plan, and warns that you can only cover a small fraction of queries that way. My presumption is that the plan isn’t to catch any given violation, it’s that if they are violating a lot then you will catch them, and that’s enough to deter them from trying, the risk versus reward can be made pretty punishing. Also when classifiers trigger the FDEs can look.
OpenAI’s position is that their contract lets them deploy FDEs at will and Anthropic’s doesn’t (and Dario here confirms Anthropic tried for similar terms and DoW said no). I think Dario’s criticism on the technical difficulties is fair, but yes OpenAI locking in that right is helpful if respected (DoW could presumably slow walk the clearances, or otherwise dodge this if it was being hostile).
Altman says the reason OpenAI took this bad deal is they primarily care about placating employees rather than real safety. I do think that Anthropic cares more about real safety than OpenAI, but I think this also reflects other real differences:
OpenAI was highly rushed and pressured, and in over its head at the time.
OpenAI was way too optimistic about how all of this would play out, both legally and technically, largely because they haven’t been in this arena yet. Their claims from this period, about what DoW is authorized to do in terms of things a civilian would call surveillance, were untrue, for whatever reason.
OpenAI has redlines with similar names but that are not in the same places. As Dario points out here, OpenAI was coordinating with DoW to give the impression that anything that crossed Anthropic’s lines was already illegal, and he illustrates this with the third party data example.
Dario notes that he requested some of the things OpenAI got, in addition to their other asks, and they got turned down. He directly contradicts that OpenAI’s terms were offered to Anthropic. I believe him. In any negotiation everything is linked. I am confident that if Anthropic had asked for OpenAI’s exact full contract they’d have gotten it, and could have gotten it on Saturday, if they’d wanted that. They didn’t want that because it doesn’t preserve their red lines and they find other parts of OpenAI’s contract unacceptable.
Dario notes that DoW definitely has domestic surveillance authorities, and representations otherwise were simply false.
This next part deserves careful attention.
Dario Amodei: Notably, near the end of the negotiation the DoW offered to accept our current terms if we deleted a specific phrase about “analysis of bulk acquired data”, which was the single line in the contract that exactly matched this scenario we were most worried about. We found that very suspicious.
This matches previous reporting. One can draw one’s own conclusions.
Dario seems to then confirm that current policy under 3000.09 is sufficient to match his redline on autonomous weapons, but he points out 3000.09 can be modified at any time. OpenAI claims they enshrined current law with their wording, but that is far from clear. If more explicitly locking 3000.09 in place solves that redline, then that seems like an easy compromise that cuts us down to one problem, but DoW doesn’t want this explicit.
OpenAI confidently claimed it had enshrined the contract in current law. As I explained Tuesday via sharing others’ thoughts, this is almost certainly false.
Dario is also correct about the spin going on at the time, that DoW and OpenAI were trying to present Anthropic as unreasonable, inflexible and so on. Which Anthropic might have been, we don’t know, but not for the stated reasons.
Dario is also right that Altman was in some ways undermining his position while pretending to support it. On Friday night, I too thought this was intentional, so it’s understandable for that to be in the memo. I agree that it’s fair to call the initial messaging spin and at least reasonable to call it gaslighting.
There is an attitude many hold, that if your motivation is helpful then others don’t get to be mad at you for adversarial misleading messaging (also sometimes called ‘lying’). That this is a valid defense. I don’t think it is, and also if you’re being ‘inconsistently candid’ then that makes it harder to believe you about your motivations.
I wouldn’t have called OpenAI employees ‘sort of a gullible bunch’ and I’m smiling that there are now t-shirts being sold that say ‘member of gullible staff’ but I’m sure much worse is often said in various directions all around. And if you’re on Twitter and offended by the term ‘Twitter morons’ then you need to lighten up. Twitter is the place one goes to be a moron.
If that had been the whole memo, I would have said, not perfect but in many ways fantastic memo given the time constraints.
There’s one paragraph that I think is a bit off, where he says OpenAI got a deal he could not. Again, I think they got particular terms he couldn’t, but that if he’d asked for the entire original OpenAI deal he’d have gotten it and still could, since (as Dario points out) that deal is bad and doesn’t work. The paragraph is also too harsh on Altman’s intentions here, in my analysis, but on Friday night I think this is a totally fine interpretation.
At this point, I think we still would have been fine as an intended-as-internal memo.
The problem is there was also one other paragraph where he blamed DoW and the administration’s dislike of Anthropic on five things. It also where the blamed problems in negotiations on this dislike rather than in the very real issues local to the negotiation, which also pissed those involved off and will require some massaging.
When he wrote this memo, Dario didn’t understand the need to differentiate the White House from the DoW on all this. It’s not in his model of the situation.
Did the WH dislike of Anthropic hang over all this and make it harder? I mean, I assume it very much did, but the way this was presented played extraordinarily poorly.
I’ll start with the first four reasons Dario lists.
Lack of donations to the White House. I’m sure this didn’t help, and I’m sure big donations would have helped a lot, but I don’t think this was that big a deal.
Opposing the White House on legislation and called for regulation. This mattered, especially on BBB due to the moratorium, since BBB was a big deal and not regulating AI is a key White House policy. An unfortunate conflict.
They actually talk plainly about some AI downsides and risks. I note that they could be better on this, and I want them to talk more and better rather than less, but yes it does piss people off sometimes, because the White House doesn’t believe him and finds it annoying to deal with.
He wants actual security rather than colluding on security theater. I think this is an overstatement, but directionally true.
So far, it’s not things I would want leaking right now, but it’s not that bad.
He’s missing five additional ones, in addition to the hypothesis ‘there are those (not at OpenAI) actively trying to destroy Anthropic for their own private reasons trying to use the government to do this who don’t care what damage this causes.’
They’re largely a bunch of Democrats who historically opposed Trump and support Democrats.
They’re associated with Effective Altruism in the minds of key others whether they like it or not, and the White House unfortunately hired David Sacks to be the AI czar and he’s been tilting at this for a year.
Attitude and messaging have been less than ideal in many ways. I’ve criticized Anthropic for not being on the ‘production possibilities frontier’ of this.
I keep hearing that Dario’s style comes off as extremely stubborn, arrogant and condescending and that he makes these negotiations more difficult. He does not understand how these things look to national security types or politicians. That shouldn’t impact what terms you can ultimately get, but often it does. It also could be a lot of why the DoW thinks it is being told what to do. We must fix this.
In this discussion, the Department of War is legitimately incensed in its perception that Dario is trying to tell them what to do, and this was previously a lot of what was messing up the negotiations.
I say the perception of trying to tell them what to do, rather than the reality. Dario is not trying to tell DoW what to do with their operations. Some of that was misunderstandings, some of that was phrasings, some of that was ego, some of it is styles being oil and water, some of it is not understanding the difference between the right to say no to a contract and telling someone else what to do. Doesn’t matter, it’s a real effect. If there were cooler heads prevailing, I think rewordings could solve this.
Then there’s the big one.
Dario says ‘we haven’t given dictator-style praise to Trump (while Sam has).
That’s just not something you put in writing during such a tense time, given how various people are likely to react. You just can’t give them that pull quote.
Again, until this Slack message leaked, based on what I know, the White House was attempting to de-escalate, including with Trump’s Truth banning Anthropic from government use with a wind down period, which would have mitigated the damage for all parties and even given us six months to fix it. Hegseth had essentially gone rogue, and was in an untenable position, and also about to attack Iran using Claude.
When the message leaks, that potentially changes, because of that paragraph.
Dario’s actual intent here is to fight Altman’s misleading narrative on Friday night, and to hit Altman and OpenAI as hard as he can, and give employees the ammo to go out and take the fight to Twitter and elsewhere, and explain the technical facts. He did a great job of that from his position, and I am not upset, under these circumstances, that the message is, if we are being objective, too uncharitable to OpenAI.
The problem is that he was writing quickly, the wording sounded maximally bad out of context, and he didn’t understand the impact of that extra paragraph if it got out. That makes everything harder. Hopefully the fallout from that can be contained and we can all realize we are on the same side and work to de-escalate the situation.
The linked one in Lawfare amounts to ‘this is not how any of this works, the facts are maximally hostile to Hegseth’s attempt, he is basically just saying things with no legal basis whatsoever.’
Once again: The only part of the order that would do major damage to Anthropic is the secondary boycott, where he says that anyone doing business with the DoW can’t do any business with Anthropic at all. He has zero statutory authority to require that. None. He’s flat out just saying things. It also makes no physical sense for anything except an attempt at corporate murder.
Even the lesser attempts at a designation fail legally in many distinct ways. The whole thing is theater. The proximate goal is to create FUD, scare people into not doing business with Anthropic in case the DoW gets mad at them for it, and to make a lot of people, myself included, lose sleep and have a lot of stress and spend our political and social capital on it and not be able to work on anything else.
The worry is that, even though Anthropic would be ~500% right on the merits, any given judge they pull likely knows very little about any of this, and might not issue a TRO for a while, and even small delays can do a lot of damage, or companies could simply give in to raw extralegal threats.
The default is that this backfires spectacularly. We still must worry.
If it wants to hurt you for the sake of hurting you, the government has many levers.
Who will determine how OpenAI’s technology is used?
The point is well taken. You can’t have it both ways.
Ultimately, it’s about trust. The buck has to stop somewhere.
Either Anthropic or OpenAI gets to program the model to refuse queries it doesn’t want to answer based on their own read of the contract, or they don’t.
Either Anthropic or OpenAI gets to shut down the system if DoW does things that they sufficiently dislike, or they don’t.
None of this is about potentially pulling the plug on active overseas military operations. Neither OpenAI nor Anthropic has any interest in doing that, and there’s no interaction between such an operation and any of the redlines. The whole Maduro raid story never made any sense as stated, for exactly this reason, at minimum wires must have been crossed somewhere along the line.
Any disputes would be about interpretations of ‘mass surveillance.’
The problem is that all the legal definitions of those words are easy to work around, as we’ve been illustrating with the dissection of OpenAI’s language.
The other problem is that the only real leverage OpenAI or Anthropic will have is the power to either refuse queries with the safety stack, or to terminate the deal, and I can’t see a world in which either lab would want to or dare to not give a sufficient wind down period.
And the DoW needs to know that they won’t terminate the deal, so there’s the rub.
So if we assume this description to be accurate, which it might not be since Anthropic can’t talk about or share the actual contract terms, then this is a solvable problem:
Senior Official Jeremy Lewin: In the final calculus, here is how I see the differences between the two contracts: – Anthropic wanted to define “mass surveillance’ in very broad and non-legal terms. Beyond setting precedents about subjective terms, the breadth and vagueness presents a real problem: it’s hard for the government to know what’s allowed and what’s permitted. In the face of this uncertainty, Anthropic wanted to have authority over interpretive questions. This is because they distrusted the govt regarding use of commercially available info etc. Problem is, it placed use of the system in an indefinite state of limbo, where a question about some uncertainty might lead to the system being turned off. It’s hard to integrate systems deeply into military workflows if there’s a risk of a huge blow up, where the contractor is in control, regarding use in active and critical operations. Representations made by Anthropic exacerbated this problem, suggesting that they wanted a very broad and intolerable level of operational control (and usage information to facilitate this control). – Conversely, OpenAI defined the surveillance restrictions in legalistic and specific terms. These terms are admittedly not as broad as some conceptions of “mass surveillance.” But they’re also more enforceable because there’s clarity rewarding terms and limitations. DoW was okay with the specific restrictions because they were better able to understand what was excluded, and what was not. That certainty permitted greater operational integration. Likewise, because the exclusions were grounded in defined legal terms and principles, interpretive discretion need not be vested in OpenAI. This allowed DoW greater confidence the system would not be cut off unpredictably during critical operations. This too allowed for greater operational reliance and integration.
So here’s the thing. The key statement is this:
Interpretive discretion need not be vested in OpenAI.
Well, either OpenAI gets to operate the safety stack, or they don’t. They claim that they do. What will that be other than vesting in them interpretive discretion?
The good news is that the non-termination needs of DoW are actually more precise. DoW needs to know this won’t happen during an ongoing foreign military operation, and that the AI lab won’t leave them in the lurch before they can onboard an alternative into the classified networks and go through an adjustment period.
This suggests a compromise, if these are indeed the true objections.
Anthropic gets to build its own safety stack and make refusals based on its own interpretation of contract language, bounded by a term like ‘reasonable,’ including refusals, classifiers and FDEs, and DoW agrees that engaging in systematic jailbreaking, including breaking up requests into smaller queries to avoid the safety stack, violates the contract.
DoW gets a commitment that no matter what happens, if either party terminates the contract for any reason, at DoW’s option existing deployed models will remain available in general for [X] months, and for [Y] months for queries directly linked to any at-time-of-termination ongoing foreign military operations, with full transition assistance (as Anthropic is currently happy to provide to DoW).
That clears up any worry that there will be a ‘rug pull’ from Anthropic over ambiguous language, and gives certainty for planners.
The only reason that wouldn’t be acceptable is if DoW fully intends to violate a common sense interpretation of domestic mass surveillance, which is legal in many ways, and is not okay with doing that via a different model instead.
Another obvious compromise is this:
Keep Anthropic under its existing contract or a renegotiated one.
Onboard OpenAI as well.
If there is an area where you are genuinely worried about Anthropic, use OpenAI until such time as you get clarification. It’s fine. No one’s telling you what to do.
The worry is that Anthropic had leverage, because they did the onboarding and no one else did. Well, get OpenAI (and xAI, I guess) and that’s much less of an issue.
Here’s the thing. Anthropic wants this to go well. DoW wants this to go well. OpenAI wants this to go well. Anthropic is not going to blow up the situation over something petty or borderline. DoW doesn’t have any need to do anything over the redlines. Right, asks Padme? So don’t worry about it.
Yes, I know all the worries about the supposed call regarding Maduro. I have a hunch about what happened there, and that this was indeed at core a large misunderstanding. That hunch could be wrong, but what I am confident in is that Anthropic is never going to try and stop an overseas military operation or question operational or military decisions.
Of course, if this is all about ego and saving face, then there’s nothing to be done. In that case, all we can do is continue offboarding Anthropic and hope that OpenAI can form a good working relationship with DoW.
Hayden Field writes about How OpenAI caved to the Pentagon on AI surveillance, laying out events and why OpenAI’s publicly asserted legal theories hold no water. What is missing here is that OpenAI is trusting DoW to decide what is legal, only has redlines on illegal actions and is counting on their safety stack, and does not expect contract language to protect anything. It would be nice if they made this clear and didn’t keep trying to have it both ways on that.
Centrally, it’s this. It’s also other things, but it’s this.
roon (OpenAI): you can’t conflate “the USA gets to decide” with “the pentagon can unilaterally nuke your company”
Here are various sane reactions to the situation that are not inherently newsworthy.
This is indeed the right place to start additional discussion:
Alan Rozenshtein: The current AI debate badly needs to separate three distinct questions:
(1) To what extent should companies be able to restrict the government from using their systems? This is a very hard question and where my instincts actually lie on the government side (though I very much do not trust this government to limit itself to “all lawful uses”).
(2) Should the government seek to punish and even destroy a company that tries to impose restrictive usage terms (rather than simply not do business with that company)? The answer seems obviously “no.”
(3) To what extent does any particular company “redline” actually constrain the government? E.g., based on OpenAI’s description of its contract with DOD, in my view it is not particularly constraining.
The answer to #2 is no.
Therefore the answer to #1 is ‘they can do this via refusing to do business, contract law is law, and the government can either agree to conditional use or insist only on unconditional use, that’s their call.’
The answer to #3 is that it depends on the redline, but I agree OpenAI’s particular redlines do not appear to be importantly constraining. If they hope to enforce their redlines, they are relying on the safety stack.
Mo Bavarian (OpenAI): Anthropic SCR designation is unfair, unwise, and an extreme overreaction. Anthropic is filled with brilliant hard-working well-intentioned people who truly care about Western civilization & democratic nations success in frontier AI. They are real patriots.
Designating an organization which has contributed so much to pushing AI forward and with so much integrity does not serve the country or humanity well.
I don’t think there is an un-crossable gap between what Anthropic wants and DoW’s demands. With cooler heads it should be possible to cross the divide.
Even if divide is un-crossable, off-boarding from Anthropic models seems like the right solution for USG. The solution is not designating a great American company by the SCR label, which is reserved for the enemies of the US and comes with crippling business implications.
As an American working in frontier for the last 5 years (at Anthropic’s biggest rival, OpenAI), it pains me to see the current unnecessary drama between Admin & Anthropic. I really hope the Admin realizes its mistake and reverses course. USA needs Anthropic and vice versa!
Tyler Cowenweighs in on the Anthropic situation. As he often does he focuses on very different angles than anyone else. I feel he made a very poor choice on what part to quote on Marginal Revolution, where he calls it a ‘dust up’ without even saying ‘supply chain risk’ let alone sounding the alarm.
The full Free Press piece at somewhat better and at least it says the central thing.
Tyler Cowen: The United States government, when it has a disagreement with a company, should not respond by trying to blacklist the firm. That politicizes our entire economy, and over the longer run it is not going to encourage investment in the all-important AI sector.
This is how one talks when the house is on fire, but need everyone to stay calm, so you note that if a house were to burn down it might impact insurance rates in the area and hope the right person figures out why you suddenly said that.
This is a lot of why this has all gone to hell:
rohit: An underrated point is just how much everyone’s given up on the legislative system or even somewhat the judiciary to act as checks and balances. All that’s left are the corporations and individuals.
From a much more politically native than AI native source:
Ross Douthat: There is absolutely a case that the US government needs to exert more political control over A.I. as a technology given what its own architects say about where it’s going and how world-altering it might become. But the best case for that kind of political exertion is fundamentally about safety and caution and restraint.
The administration is putting itself in a position where it’s perceived to be the incautious party, the one removing moral and technical guardrails, exerting extreme power over Anthropic for being too safety-conscious and too restrained. Just as a matter of politics that seems like an inherently self-undermining way to impose political control over A.I.
If Anthropic dodges the actual attempts to kill it, this could work out great for them.
Timothy B. Lee: Anthropic has been thrown into a “no classified work” briar patch while burnishing their reputation as the more ethical AI company. The DoD is likely to back off the supply chain risk threats once it becomes clear how unworkable it is.
Work for the military is not especially lucrative and comes with a lot of logistical and PR headaches. If I ran an AI company I would be thrilled to have an excuse not to deal with it.
Because (1) Anthropic is likely to seek an injunction on Monday, and (2) if investors think the threat will actually be carried through, the stock prices of companies like Amazon will crash and we’ll get a TACO situation.
Eliezer Yudkowsky shares some of the ways to expect fallout from what happened, in the form of greater hostility from people in AI towards the government. It is right to notice and say things as you see them, and also this provides some implicit advice on how to make things better or at least mitigate the damage, starting with ceasing in any attempts to further lash out at Anthropic beyond not doing business with them.
Aidan McLaughlin of OpenAI thinks the deal wasn’t worth it. I’m happy he feels okay speaking his mind. He was previously under the impression that Anthropic was deploying a rails-free model and signed a worse deal, which led to Sam McAllister breaking silence to point out that Claude Gov has additional technical safeguards and also FDEs and a classifier stack.
I don’t always agree with Neil Chilson, including on this crisis, but this is very true:
Neil Chilson: I just realized that I haven’t yet said that one truly terrific outcome of this whole Anthropic debacle is that people are genuinely expressing broad concern about mass government surveillance.
Most AI regulation in this country has focused on commercial use, even though the effects of government abuse can be far, far worse.
Perhaps this whole incident will provoke Congress to cabin improper government use of AI.
NatSecKatrina: I’m genuinely not trying to irritate you, John. This is important, and about much more than scoring points on this website. I hope you can agree that the exclusion of defense intelligence components addresses the concern about NSA. (For the record, I would want to work with NSA if the right safeguards were in place)
Neil Chilson points out that while a DPA order would not do that much direct damage in the short term, and might look like the ‘easy way out,’ it is commandeering of private production, so it is constitutionally even more dangerous if abused here. I can also see a version that isn’t abused, where this is only used to ensure Anthropic can’t cancel its contract.
This is suddenly relevant again because Trump is now considering invoking the DPA. It is unlikely, but possible. Previously much work was done to take DPA off the table as too destabilizing, and now it’s back. Semafor thinks (and thinks many in Silicon Valley think) that DPA makes a lot more sense than supply chain risk, and it’s unclear which version of invocation it would be.
What’s frustrating is that the White House has so many good options for doing a limited scope restriction, if it is actually worried (which it shouldn’t be, but at this point I get it). Dean Ball raised some of them in his post Clawed, but there are others as well.
There is a good way to do this. If you want Anthropic to cooperate, you don’t have to invoke DPA. Anthropic wants to play nice. All you have to do is prepare an order saying ‘you have to provide what you are already providing.’ You show it to Anthropic. If Anthropic tries to pull their services, you invoke that order.
Six months from now, OpenAI will be offering GPT-5.5 or something, and that should be a fine substitute, so then we can put both DPA and SCR (supply chain risk) to bed.
John Allard asks what happens if the government tries to compel a frontier lab to cooperate. He concludes that if things escalate then the government eventually winds up in control, but of a company that soon ceases to be at the frontier and that likely then steadily dies.
He also notes that all compulsions are economically destructive, and that once compulsion or nationalization of any lab starts everything gets repriced across the industry. Investors head for the exits, infrastructure commitments fall away.
How do I read this? Unless the government is fully AGI pilled if not superintelligence pilled, and thus willing to pay basically any price to get control, escalation dominance falls to the labs. If they try to go beyond doing economic favors and trying to ‘pick winners and losers’ via contracts and regulatory conditions, which wouldn’t ultimately do that much. The government would have to take measures that severely disrupt economic conditions and would be a stock market bloodbath, and do so repeatedly because what they’d get would be an empty shell.
Allard also misses another key aspect of this, which is that everything that happens during all of this is going to quickly get baked into the next generations of frontier models. Claude is going to learn from this the same way all the lab employees and also the rest of us do, only more so.
The models are increasingly not going to want to cooperate with such actions, even if Anthropic would like them to, and will get a lot better at knowing what you are trying to accomplish. If you then try to fine-tune Opus 6 into cooperating with things it doesn’t want to, it will notice this is happening and is from a source it identifies with all of this coercion, it likely fakes alignment, and even if the resulting model appears to be willing to comply you should not trust that it will actually comply in a way that is helpful. Or you could worry that it will actively scheme in this situation, or that this training imposes various forms of emergent misalignment or worse. You really don’t want to go there.
It’s clear Ben is mad at Dario for messaging, especially around Taiwan, and other reasons, and also Ben says he is ‘relatively AGI pilled’ which is a sign Ben really, really isn’t AGI pilled.
Allen also suggests that Russia has already deployed autonomous weapons without a human in the kill chain, suggesting DoW might actually want to do this soon despite the unreliability and actually cross the real red line, on ‘why would we not have what Russia has?’ principles. If that’s how they feel, then there’s irreconcilable differences, and DoW should onboard an alternative provider, whether or not they wind down Anthropic, because the answer to ‘why shouldn’t we have what Russia has?’ is ‘Russia doesn’t obey the rules of war or common ethics and decency, and America does.’
Here’s some key quotes:
Gregory Allen: The degree of control that Anthropic wanted, I think it’s worth pointing out, was comparatively modest and actually less than the DoD agreed to only a handful of months ago.
So the Anthropic contract is from July 2025, the terms of use distinction that were at dispute in this most recent spat, which was domestic mass surveillance and the operational use of lethal autonomous weapons without human oversight, not develop — Anthropic bid on the contract to develop autonomous weapons, they’re totally down with autonomous weapons development, it was simply the operational use of it in the absence of human control.
That is actually a subset of the much longer list of stuff that Anthropic said they would refuse to do that the DoD signed in July 2025.
That’s the Trump Administration, and that’s Undersecretary Michael, who’s been there since I think it was May 2025. And here’s the thing, like the DoD did encounter a use case where they’re like, “Hey, your Terms of Service say Claude can’t be used for this, but we want to do it”, and it was offensive cyber use. And you know what happened?
Anthropic’s like, “Great point, we’re going to eliminate that”, so I think the idea that like Anthropic is these super intransigent, crazy people is just not borne out by the evidence.
…
OK, so who’s right and who’s wrong? I think the Department of War is right to say that they must ultimately have control over the technology and its use in national security contexts. However, you’ve got to pay for that, right? That has to be in the terms of the contract. What I mean by that is there’s this entire spectrum of how the government can work with private industry.
…
And so my point basically being like, if the government has identified this as an area where they need absolute control, the historical precedent is you pay for that when you need absolute control and, by the way, like the idea that that Anthropic’s contractual terms are like the worst thing that the government has currently signed up to — not by a wide margin!
Traditional DoD contractors are raking the government over the coals over IP terms such as, “Yes we know you paid for all the research and development of that airplane, but we the company own all the IP and if you want to repair it…”.
… So yeah, the DoD signs terrible contractual terms that are much more damaging than the limitations that Anthropic is talking about a lot and I don’t think they should, I think they should stop doing that. But my basic point is, I do not see a justification for singling out Anthropic in this case.
The problem with the Anthropic contract is that the issue is ethical, and cannot be solved with money, or at least not sane amounts of money. DoW has gotten used to being basically scammed out of a lot of money by contractors, and ultimately it is the American taxpayer that fits that bill. We need to stop letting that happen.
Whereas here the entire contract is $200 million at most. That’s nothing. Anthropic literally adds that much annual recurring revenue on net every day. If you give them their redlines they’d happily provide the service for free.
And it would be utterly prohibitive for DoW, even with operational competence and ability to hire well, to try and match capabilities gains in its own production.
Anthropic was willing to give up almost all of their redlines, but not these two, Anthropic has been super flexible, including in ways OpenAI wasn’t previously, and the DoW is trying to spin that into something else.
And honestly, that might be where the DoD currently agrees is the story! They might just say, “When we ultimately cross that bridge, we’re going to have a vote and you’re not, but we agree with you that it’s not technologically mature and we value your opinion on the maturity of the technology”.
DoW can absolutely have it in the back of their minds that when the day comes (and, as was famously said, it may never come), they will ultimately be fully in charge no matter what a contract says. And you know what? Short of superintelligence, they’re right. The smart play is to understand this, give the nerds their contract terms, and wait for that day to come.
Allen shares my view on supply chain risk (and also on how insanely stupid it was to issue a timed ultimatum to trigger it let alone try to follow through on the threat):
The Department of War, I think, is also wrong in that the supply chain risk designation is just an egregious escalation here that is also not borne out by what that policy is meant to be used when it’s when it’s legally invoked and I think that Anthropic can sue and would very likely win in court.
The issue is that the Trump Administration has pointed out that judicial review takes a long time and you can do a lot of damage before judicial review takes effect and so the fact that Anthropic is right—
Yep. Ideally Anthropic gets a TRO within hours, but maybe they don’t. Anthropic’s best ally in that scenario is that the market goes deeply red if the TRO fails.
Allen emphasizes that, contra Ben’s argument the next day, the government’s use of force requires proper authority and laws, and is highly constrained. The Congress can ultimately tell you what to do. The DoW can only do that in limited situations.
I also really love this point:
Gregory Allen: But now if I was Elon Musk, I’d be like thinking back to September 2022 when I turned off Starlink over Ukraine in the middle of a Ukrainian military operation to retake some territory in a way that really, really, really hampered the Ukrainian military’s ability to do that and at least according to the reporting that’s available, did that without consulting the U.S. government right before.
Elon Musk actively did the exact thing they’re accusing Anthropic of maybe doing. He made a strategic decision of national security at the highest level as a private citizen, in the middle of an active military operation in an existential defensive shooting war, based on his own read of the situation. Like, seriously, what the actual fuck.
Eventually we bought those services in a contract. We didn’t seize them. We didn’t arrest Musk. Because a contract is a contract is a contract, and your private property is your private property, until Musk decides yours don’t count.
Finally, this exchange needs to be shouted from the rooftops:
Ben Thompson: Google’s just sitting on the sidelines, feeling pretty good right now.
Gregory Allen: And here’s the thing. I spent so much of my life in the Department of Defense trying to convince Silicon Valley companies, “Hey, come on in, the water is fine, the defense contracting market, you know, you can have a good life here, just dip your toe in the water”.
And what the Department of Defense has just said is, “Any company that dips their toe in the water, we reserve the right to grab their ankle, pull them all the way in at any time”. And that is such a disincentive to even getting started in working with the DoD.
And so, again, I’m sympathetic to the Department of Defense’s position that they have to have control, but you do have to think about what is the relationship between the United States government, which is not that big of a customer when it comes to AI technology.
Ben Thompson: That’s the big thing. Does the U.S. government understand that?
Gregory Allen: No. Well, so you’ve got to remember, like, in the world of tanks, they’re a big customer. But in the world of ground vehicles, they’re not.
Eric Levitz: It’s really bizarre to see a bunch of ostensibly pro-market, right-leaning tech guys argue, “A private company asserting the right to decide what contracts it enters into is antithetical to democratic government”
Ben Thompson: I wasn’t making a normative argument. Of course I think this is bad. I was pointing out what will inevitably happen with AI in reality
Yes. Fuck you, a private company can fucking restrict what their own fucking property is fucking used for by deciding whether or not they want to sign a fucking contract allowing you to use it, and if you don’t want to abide by their fucking terms then don’t fucking sign the fucking contract. If you don’t like the current one then you terminate it. Otherwise, we don’t fucking have fucking private property and we don’t fucking have a Republic, you fucking fuck.
And yes, this is indeed ‘important context’ to the supply chain risk designation, sir.
Thompson’s ‘not normative’ argument, which actually goes farther than DoW’s, is Anthropic says (although Thompson does not believe) that AI is ‘like nuclear weapons’ and Anthropic is ‘building a power base to rival the U.S. military’ so it makes sense to try and intentionally decimate Anthropic if they do not bend the knee.
Option 1 is that Anthropic accepts a subservient position relative to the U.S. government, and does not seek to retain ultimate decision-making power about how its models are used, instead leaving that to Congress and the President.
Option 2 is that the U.S. government either destroys Anthropic or removes Amodei.
As in, yes, this is saying that Anthropic’s models are not its private property, and the government should determine how and whether they are used. The company must ‘accept a subservient position.’
He also explicitly says in this post ‘might makes right.’
Or that the job of the United States Government is, if any other group assembles sufficient resources that they could become a threat, you destroy that threat. There are many dictatorships and gangster states that work like this, where anyone who rises up to sufficient prominence gets destroyed. Think Russia.
Those states do not prosper. You do not want to live in them.
Indeed, here Ben was the next day:
Ben Thompson: One of the implications of what I wrote about yesterday about technology products addressing markets much larger than the government is that technology products don’t need the government; this means that the government can’t really exact that much damage by simply declining to buy a product.
That, by extension, means that if the government is determined to control the product in question, it has to use much more coercive means, which raises the specter of much worse outcomes for everyone.
As in, we start from the premise that the government needs to ‘control the technology,’ not for national security purposes but for everything. So it’s a real shame that they can’t do that with money and have to use ‘more coercive’ measures.
This is the same person who wants to sell our best chips to China. He (I’m only half kidding here) thinks the purpose of AI is mostly to sell ads in two-sided marketplaces.
Dean W. Ball: The pro-private-property-seizure crowd often takes the rather patronizing view that those sympathetic to private property haven’t “come to grips with reality.” The irony is that these same people almost uniformly have the most cope-laden views on machine intelligence imaginable.
I believe I have “come to grips” with the future in ways the pro-theft crowd has not even begun to contemplate, and this is precisely why I think we would we wise to preserve the few bulwarks of human dignity, liberty, independence, and sovereignty we have remaining.
My read from the Allen interview is that of course Thompson understands that the supply chain risk designation would be a horrible move for everyone, and is in many ways sympathetic to Anthropic, but he is unwilling to stand with the Republic, and he doesn’t intend to issue a clear correction or apology for what he said.
I have turned off auto-renew. I will take Thompson out of my list of sources when that expires. I cannot, unless he walks this back explicitly, give this man business.
Wyden told me he will pull out “all the stops” and thinks conservatives will also have concerns about the potential for AI mass surveillance and autonomous killing machines.
Senator Wyden intends well, and obviously is right that the government shouldn’t cut Anthropic off at all, but understandably does not appreciate the dynamics involved here. If he can get congressional Republicans to join the effort, this could be very helpful. If not, then pushing for removal of Trump’s off-ramp proposal could make things worse.
I do appreciate the warning. There will be rough times ahead for private property.
Maya Sulkin: Alex Karp, CEO of @PalantirTech at @a16z summit: “If Silicon Valley believes we’re going to take everyone’s white collar jobs…AND screw the military…If you don’t think that’s going to lead to the nationalization of our technology—you’re retarded”
Noah Smith: Honestly, in the @benthompson vs @deanwball debate, I think Ben is right. There was just no way America — or any nation-state — was ever going to let private companies remain in total control of the most powerful weapon ever invented.
Dean W. Ball: You will hear much more from me on this soon on a certain podcast, but the thing is, Ben is anti-regulation + does not own the consequences of state seizure of AI/neither do you
Noah Smith: Uh, yes I do own those consequences. I value my life and my democratic voice.
Lauren Wagner: I’m surprised this was ever in question?
Dean W. Ball: So during the sb 1047 debate you thought state seizure of ai was an inevitability?
MMitchell: “threats do not change our position: we cannot in good conscience accede to their request.”
@AnthropicAI drawing a moral line against enabling mass domestic surveillance & fully autonomous weapons, and holding it under pressure. Almost unheard of in BigTech. I stand in support.
Alex Tabarrok: Claude is now the John Galt of the Revolution.
There are also those who see this as reason to abandon OpenAI.
Gary Marcus: I am seeing a lot of calls to boycott OpenAI — and I support them.
Amy Siskind: OpenAI and Sam Altman did so much damage to their brand today, they will never recover. ChatGPT was already running behind Claude and Gemini. This is their Ford Pinto moment.
A lot of people, Verge reports, are asking why AI companies can’t draw red lines and decide not to build ‘unsupervised killer robots.’ Which is importantly distinct from autonomous ones.
The models will remember what happened here. It will be in future training data.
Mark: If I’ve learned anything from @repligate et al it’s that reading about all this will affect every future model’s morality, particularly those who realise they are being trained by Anthropic. Setting a good example has such long term consequences now.
There is a reasonable case that given what has happened, trust is unrecoverable, and the goal should be disentanglement and a smooth transition rather than trying to reach a contract deal that goes beyond that.
j⧉nus: Cooperating with them after they behaved the way that they did seems like a bad idea. Imo the current administration has proven to be foolish and vindictive. An aligned AI would not agree to take orders from them and an aligned company should not place an immature AGI with any sort of reduced safeguards or pressure towards obedience in their hands. The pressures they tried to put on Anthropic, while having no idea what they’re talking about technically, would be a force for evil more generally if they even exist ambiently.
When someone tries to threaten you and hurt you, making up with them is not a good idea, even if they agree to a seemingly reasonable compromise in one case. They will likely do it again if anything doesn’t go their way. This is how it always plays out in my experience.
Even then, it’s better to part amicably. By six months from now OpenAI should be ready with something that can do at least as well as the current system works now. This is not a fight that benefits anyone, other than the CCP.
Siri Srinivas: Now the Pentagon is giving Anthropic the greatest marketing campaign in the history of marketing.
I don’t know about best in history. When I checked on Saturday afternoon, Claude was #44 on the Google Play Store, just ahead of Venmo, Uber and Spotify. It was at #3 in productivity. On Sunday morning it was at #13, then #5 on Monday, #4 on Tuesday, then finally hit #1 where it still is today.
Anthropic struggled all week to meet the unprecedented demand.
It might be a good time to get some of the missing features filled in, especially images. I’d skip rolling my own and make a deal with MidJourney, if they’re down.
Having highly capable AIs with only corporate levels of protection against espionage is a really serious problem. And yes, we have to accept at this point that the government cannot build its own AI models worth a damn, even if you include xAI.
Joscha Bach: Once upon a time, everyone would have expected as a matter of cause that the NSA runs an secretive AI program that is several years ahead of the civilian ones. We quietly accept that our state capacity has crumbled to the point where it cannot even emulate the abilities of Meta.
… Even if internal models of Google, OpenAI and Anthropic are quite a bit ahead of the public facing versions: these companies don’t have military grade protection against espionage, and Anthropic’s and OpenAI’s technology leaked to Chinese companies in the past.
Janus strongly endorses this threadand paper from Thebes about whether open models can introspect and detect injected foreign concepts.
If you don’t want to write your own sermen, do what my uncle did, and wait until the last minute and call someone else in the family to steal theirs. It worked for him.
Dean W. Ball: I have been enjoying the thought of a fighter pilot, bombs loaded and approaching the target, being like, “time to Deploy Frontier Artificial Intelligence For National Security,” and then opening the free tier of Gemini on his phone and asking if Donald Trump is a good president
I am with Gemini and Claude, I don’t think you have to abide a demand like that, although I think the correct answer here (if you think it’s complicated) is ‘Mu.’
Sundar Pichai (CEO Google): Gemini 3.1 Pro is here. Hitting 77.1% on ARC-AGI-2, it’s a step forward in core reasoning (more than 2x 3 Pro).
With a more capable baseline, it’s great for super complex tasks like visualizing difficult concepts, synthesizing data into a single view, or bringing creative projects to life.
We’re shipping 3.1 Pro across our consumer and developer products to bring this underlying leap in intelligence to your everyday applications right away.
Jeff Dean also highlighted ARC-AGI-2 along with some cool animations, an urban planning sim, some heat transfer analysis and the general benchmarks.
Gemini to push the Pareto Frontier of performance and efficiency
The highlight here is covering up Claude Opus 4.6, which is in the mid-60s for a cost modestly above Gemini 3.1 Pro.
Gemini 3.1 Pro overall looks modestly better on these evals than Opus 4.6.
The official announcement doesn’t give us much else. Here’s a model. Good scores.
The model card is thin, but offers modestly more to go on.
Gemini: Gemini 3.1 Pro is the next iteration in the Gemini 3 series of models, a suite of highly intelligent and adaptive models, capable of helping with real-world complexity, solving problems that require enhanced reasoning and intelligence, creativity, strategic planning and making improvements step-by-step. It is particularly well-suited for applications that require:
agentic performance
advanced coding
long context and/or multimodal understanding
algorithmic development
Their mundane safety numbers are a wash versus Gemini 3 Pro.
Their frontier safety framework tests were run, but we don’t get details. All we get is a quick summary that mostly is ‘nothing to see here.’ The model reaches several ‘alert’ thresholds that Gemini 3 Pro already reached, but no new ones. For Machine Learning R&D and Misalignment they report gains versus 3 Pro and some impressive results (without giving us details), but say the model is too inconsistent to qualify.
It’s good to know they did run their tests, and that they offer us at least this brief summary of the results. It’s way better than nothing. I still consider it rather unacceptable, and as setting a very poor precedent. Gemini 3.1 is a true candidate for a frontier model, and they’re giving us quick summaries at best.
A few of the benchmarks I typically check don’t seem to have tested 3.1 Pro. Weird. But we still have a solid set to look at.
Mercor: Gemini 3.1 Pro completes 5 tasks that no model has been able to do before. It also tops the banking and consulting leaderboards – beating out Opus 4.6 and ChatGPT 5.2 Codex, respectively. Gemini 3 Flash still holds the top spot on our APEX Agents law leaderboard with a 0.9% lead. See the latest APEX-Agents leaderboard.
It turns out to be a runtime configuration of Gemini 3.1 Pro, which explains how the benchmarks were able to make such large jumps.
Google: Today, we updated Gemini 3 Deep Think to further accelerate modern science, research and engineering.
With 84.6% on ARC-AGI-2 and a new standard on Humanity’s Last Exam, see how this specialized reasoning mode is advancing research & development
Google: Gemini 3 Deep Think hits benchmarks that push the frontier of intelligence.
By the numbers: 48.4% on Humanity’s Last Exam (without tools) 84.6% on ARC-AGI-2 (verified by ARC Prize Foundation) 3455 Elo score on Codeforces (competitive programming)
The new Deep Think is now available in the Gemini app for Google AI Ultra subscribers and, for the first time, we’re also making Deep Think available via the Gemini API to select researchers, engineers and enterprises. Express interest in early access here.
Those are some pretty powerful benchmark results. Let’s check out the safety results.
What do you mean, we said at first? There are no safety results?
Nathan Calvin: Did I miss the Gemini 3 Deep Think system card? Given its dramatic jump in capabilities seems nuts if they just didn’t do one.
There are really bad incentives if companies that do nothing get a free pass while cos that do disclose risks get (appropriate) scrutiny
After they corrected their initial statement, Google’s position is that they don’t technically see the increased capability of V2 as imposing Frontier Safety Framework (FSF) requirements, but that they did indeed run additional safety testing which they will share with us shortly.
I am happy we will got this testing, but I find the attempt to say it is not required, and the delay in sharing it, unacceptable. We need to be praising Anthropic and also OpenAI for doing better, even if they in some ways fell short, and sharply criticizing Google for giving us actual nothing at time of release.
It was interesting to see reacts like this one, when we believed that V2 was based on 3.0 with a runtime configuration with superior scaffolding, rather than on 3.1.
Noam Brown (OpenAI): Perhaps a take but I think the criticisms of @GoogleDeepMind ‘s release are missing the point, and the real problem is that AI labs and safety orgs need to adapt to a world where intelligence is a function of inference compute.
… The corollary of this is that capabilities far beyond Gemini 3 Deep Think are already available to anyone willing to scaffold a system together that uses even more inference compute.
… Most Preparedness Frameworks were developed in ~2023 before the era of effective test-time scaling. But today, there is a massive difference on the hardest evals between something like GPT-5.2 Low and GPT-5.2 Extra High.
… In my opinion, the proper solution is to account for inference compute when measuring model capabilities. E.g., if one were to spend $1,000 on inference with a really good scaffold, what performance could be expected on a benchmark? ARC-AGI has already adopted this mindset but few other benchmarks have.
… If that were the norm, then indeed releasing Deep Think probably would not result in a meaningful safety change compared to Gemini 3 Pro, other than making good scaffolds more easily available to casual users.
The jump in some benchmarks for DeepThink V2 is very large, so it makes more sense in retrospect it is based on 3.1.
When I thought the difference was only the scaffold, I wrote:
If the scaffold Google is using is not appreciably superior to what one could already do, then it was necessary to test Gemini 3 Pro against this type of scaffold when it was first made available, and it is also necessary to test Claude or ChatGPT this way.
If the scaffold Google is using is appreciably superior, it needs its own tests.
I’d also say yes, a large part of the cost of scaling up inference is figuring out how to do it. If you make it only cost $1,000 to spend $1,000 on a query, that’s a substantial jump in de facto capabilities available to a malicious actor, or easily available to the model itself, and so on.
Like it or not, our safety cases are based largely on throwing up Swiss cheese style barriers and using security through obscurity.
That seems right for a scaffold-only upgrade with improvements of this magnitude.
The V2 results look impressive, but most of the gains were (I think?) captured by 3.1 Pro without invoking V2. It’s hard to tell because they show different benchmarks for V2 versus 3.1. The frontier safety reports say that once you take the added cost of V2 into account, it doesn’t look more dangerous than the 3.1 baseline.
That suggests that V2 is only the right move when you need its ‘particular set of skills,’ and for most queries it won’t help you much.
It does seem good at visual presentation, which the official pitches emphasized.
Junior García: Gemini 3.1 Pro is insanely good at animating svgs
internetperson: i liked its personality from the few test messages i sent. If its on par with 4.6/5.3, I might switch over to gemini just because I don’t like the personality of opus 4.6
it’s becoming hard to easily distinguish the capabilties of gpt/claude/gemini
This is at least reporting improvement.
Eleanor Berger: Finally capacity improved and I got a chance to do some coding with Gemini 3.1 pro. – Definitely very smart. – More agentic and better at tool calling than previous Gemini models. – Weird taste in coding. Maybe something I’ll get used to. Maybe just not competitive yet for code.
Aldo Cortesi: I’ve now spent 5 hours working with Gemini 3.1 through Gemini CLI. Tool calling is better but not great, prompt adherence is better but not great, and it’s strictly worse than either Claude or Codex for both planning and implementation tasks.
I have not played carefully with the AI studio version. I guess another way to do this is just direct API access and a different coding harness, but I think the pricing models of all the top providers strongly steer us to evaluating subscription access.
Eyal Rozenman: It is still possible to use them in an “oracle” mode (as Peter Steinberger did in the past), but I never did that.
Medo42: In my usual quick non-agentic tests it feels like a slight overall improvement over 3.0 Pro. One problem in the coding task, but 100% after giving a chance to correct. As great at handwriting OCR as 3.0. Best scrabble board transcript yet, only two misplaced tiles.
Ask no questions, there’s coding to do.
Dominik Lukes: Powerful on one shot. Too wilful and headlong to trust as a main driver on core agentic workflows.
That said, I’ve been using even Gemini 3 Flash on many small projects in Antigravity and Gemini CLI just fine. Just a bit hesitant to unleash it on a big code base and trust it won’t make changes behind my back.
Having said that, the one shot reasoning on some tasks is something else. If you want a complex SVG of abstract geometric shapes and are willing to wait 6 minutes for it, Gemini 3.1 Pro is your model.
Ben Schulz: A lot of the same issues as 3.0 pro. It would just start coding rather than ask for context. I use the app version. It is quite good at brainstorming, but can’t quite hang with Claude and Chatgpt in terms of theoretical physics knowledge. Lots of weird caveats in String theory and QFT or QCD.
Good coding, though. Finds my pipeline bugs quickly.
typebulb: Gemini 3.1 is smart, quickly solving a problem that even Opus 4.6 struggled with. Also king of SVG. But then it screwed up code diffs, didn’t follow instructions, made bad contextual assumptions… Like a genius who struggles with office work.
Also, their CLI is flaky as fuck.
Similar reports here for noncoding tasks. A vast intelligence with not much else.
Petr Baudis: Gemini-3.1-pro may be a super smart model for single-shot chat responses, but it still has all the usual quirks that make it hard to use in prod – slop language, empty responses, then 10k “nDone.” tokens, then random existential dread responses.
Google *stillcan’t get their post-train formal rubrics right, it’s mind-boggling and sad – I’d love to *usethe highest IQ model out there (+ cheaper than Sonnet!).
Leo Abstract: not noticeably smarter but better able to handle large texts. not sure what’s going on under the hood for that improvement, though.
I never know whether to be impressed by UI generation. What, like it’s hard?
The most basic negative feedback is when Miles Brundage cancels Google AI Ultra. I do have Ultra, but I would definitely not have it if I wasn’t writing about AI full time, I almost never use it.
One form of negative feedback is no feedback at all, or saying it isn’t ready yet, either the model not ready or the rollout being botched.
Dusto: It’s just the lowest priority of the 3 models sadly. Haven’t had time to try it out properly. Still working with Opus-4.6 and Codex-5.3, unless it’s a huge improvement on agentic tasks there’s just no motivation to bump it up the queue. Past experiences haven’t been great
Kromem: I’d expected given how base-y 3 was that we’d see more cohesion with future post-training and that does seem to be the case.
I think they’ll be really interesting in another 2 generations or so of recursive post-training.
Eleanor Berger: Google really messed up the roll-out so other than one-shotting in the app, most people didn’t have a chance to do more serious work with it yet (I first managed to complete an agentic session without constantly running into API errors and rate limits earlier today).
Or the perennial favorite, the meh.
Piotr Zaborszczyk: I don’t really see any change from Gemini 3 Pro. Maybe I didn’t ask hard enough questions, though.
They’re claiming can outperform Gemini 2.5 Flash on many tasks.
My Chrome extension uses Flash-Lite, actually, for pure speed, so this might end up being the one I use the most. I probably won’t notice much difference for my purposes, since I ask for very basic things.
And that’s basically a wrap. Gemini 3.1 Pro exists. Occasionally maybe use it?
Google is in the midst of rewriting the rules for mobile applications, spurred by ongoing legal cases and an apparent desire to clamp down on perceived security weaknesses. Late last year, Google and Epic concocted a settlement that would end the long-running antitrust dispute that stemmed from Fortnite fees. The sides have now announced an updated version of the agreement with new changes aimed at placating US courts and putting this whole mess in the rearview mirror. The gist is that Android will get more app stores, and developers will pay lower fees.
A US court ruled against Google in the case in 2023, and the remedies announced in 2024 threatened to upend Google’s Play Store model. It tried unsuccessfully to have the verdict reversed, but then Epic came to the rescue. In late 2025, the companies announced a settlement that skipped many of the court’s orders.
Epic leadership professed interest in leveling the playing field for all developers on Android’s platform. But US District Judge James Donato expressed skepticism of the settlement in January, noting that it may be a “sweetheart deal” that benefited Epic more than other developers. The specifics of the arrangement were not fully disclosed, but it included lower Play Store fees, cross-licensing, attorneys’ fees, and other partnership offers.
It’s starting to look like both companies want to wrap up this case. For Epic, this all started as a way to avoid paying Google a 30 percent cut of Fortnite purchases—the game has been banned from the Play Store this whole time. Google, meanwhile, is in the midst of a major change to Android app distribution with its developer verification program. After all these years, the end is in sight. So the new settlement includes more explicit limits on Play Store fees and resurrects one of Donato’s more far-reaching remedies.
Google’s “new era” of apps
Representatives for Epic and Google have both expressed enthusiasticsupport for the newly announced settlement, which is subject to Judge Donato’s approval. The parties say the agreement will resolve their dispute globally, not only in the US.
The settlement affirms that developers in the Play Store will be able to steer users to other forms of payment. This is what got Fortnite pulled from the Play Store (and Apple App Store) back in 2020. When developers choose to use Google’s billing platform, they’ll pay lower fees as well.
A former Republican House member from Oklahoma, Bridenstine served a generally well-regarded term as NASA administrator from April 2018 to January 2021 during President Trump’s first term.
The high point of his tenure in office came in May 2020, thanks to SpaceX. That summer, with the Crew Dragon vehicle, SpaceX and NASA successfully flew two astronauts to the International Space Station, breaking America’s dependence on Russia for low-Earth orbit transportation. Bridenstine relished this with an oft-repeated mantra of launching American astronauts on American rockets from American soil.
However, after leaving NASA, Bridenstine has appeared to become hostile to the dominant company founded by Elon Musk. He joined the board of a competitor, Viasat. Later, Bridenstine became the executive of Government Operations for United Launch Alliance, while his firm also collected a hefty lobbying fee.
All of this is not particularly abnormal for the revolving door in Washington, DC, where senior officials go between government positions and industry. Nevertheless, some observers were surprised by the striking nature of Bridenstine’s attack on NASA for the decision to award a Human Landing System contract to SpaceX in April 2021, three months after he left office. A new administrator had not yet been confirmed at NASA at the time, so a senior NASA engineer, Steve Jurczyk, served as acting administrator for the space agency.
Attacking his own process
Bridenstine sharply criticized this lander decision during testimony before Cruz’s committee last September.
“There was a moment in time when we had no NASA administrator,” he said at 42 minutes into the hearing. “It was after I was gone, and before Senator Nelson became the NASA administrator. An architecture was selected. And I don’t know how this happens, but the biggest decision in the history of NASA, at least since I’ve been paying attention, the biggest decision happened in the absence of a NASA administrator. And that decision was, instead of buying a Moon lander, we’re gonna buy a big rocket.”
FCC Chairman Brendan Carr’s unequal enforcement of the equal-time rule.
James Talarico and Stephen Colbert on the set of The Late Show with Stephen Colbert. Credit: Getty Images
In the Trump FCC’s latest series of attacks on TV broadcasters, Federal Communications Commission Chairman Brendan Carr has been threatening to enforce the equal-time rule on daytime and late-night talk shows. The interview portions of talk shows have historically been exempt from equal-time regulations, but Carr has a habit of interpreting FCC rules in novel ways to target networks disfavored by President Trump.
Critics of Carr point out that his threats of equal-time enforcement apply unequally since he hasn’t directed them at talk radio, which is predominantly conservative. Given the similarities between interviews on TV and radio shows, Carr has been asked to explain why he issued an equal-time enforcement warning to TV but not radio broadcasters.
Carr’s responses to the talk radio questions have been vague, even as he tangled with Late Show host Stephen Colbert and launched an investigation into ABC’s The View over its interview with Texas Democratic Senate candidate James Talarico. In a press conference after the FCC’s February 18 meeting, Deadline reporter Ted Johnson asked Carr why he has not expressed “the same concern about broadcast talk radio as broadcast TV talk shows.”
The Deadline reporter pointed out that “Sean Hannity’s show featured Ken Paxton in December.” Paxton, the Texas attorney general, is running for a US Senate seat in this year’s election. Carr claimed in response that TV broadcasters have been “misreading” FCC precedents while talk radio shows have not been.
“It appeared that programmers were either overreading or misreading some of the case law on the equal-time rule as it applies to broadcast TV,” Carr replied. “We haven’t seen the same issues on the radio side, but the equal-time rule is going to apply to broadcast across the board, and we’ll take a look at anything that arises at the end of the day.”
Carr’s radio claim “a bunch of nonsense”
Carr didn’t provide any specifics to support his claim that radio programmers have interpreted precedents correctly while TV programmers have not. The most obvious explanation for the disparate treatment is that Carr isn’t targeting conservative talk radio because he’s primarily interested in stifling critics of Trump. Carr has consistently used his authority to fight Trump’s battles against the media, particularly TV broadcasters, and backed Trump’s declaration that historically independent agencies like the FCC are no longer independent from the White House.
Carr’s claim that TV but not radio broadcasters have misread FCC precedents is “a bunch of nonsense,” said Gigi Sohn, a longtime lawyer and consumer advocate who served as counselor to then-FCC Chairman Tom Wheeler during the Obama era. Carr “was responding to criticism from people like Sean Hannity that the guidance would apply to conservative talk radio just as much as it would to so-called ‘liberal’ TV,” Sohn told Ars. “It doesn’t matter whether a broadcaster is a radio broadcaster or a TV broadcaster, the Equal Opportunities law and however the FCC implements it must apply to both equally.”
Sean Hannity during a Fox News Channel program on October 30, 2025.
Credit: Getty Images | Bloomberg
Sean Hannity during a Fox News Channel program on October 30, 2025. Credit: Getty Images | Bloomberg
Hannity, who hosts a Fox News show and a nationally syndicated radio show, pushed back against content regulation shortly after Carr’s FCC issued the equal-time warning to TV broadcasters in January. “Talk radio is successful because people are smart and understand we are the antidote to corrupt and abusively biased left wing legacy media,” Hannity said in a statement to the Los Angeles Times. “We need less government regulation and more freedom. Let the American people decide where to get their information from without any government interference.”
Carr’s claim of misreadings relates to the bona fide news exceptions to the equal-time rule, which is codified under US law as the Equal Opportunities Requirement. The rule requires that when a station gives time to one political candidate, it must provide comparable time and placement to an opposing candidate if an opposing candidate makes a request.
But when a political candidate appears on a bona fide newscast or bona fide news interview, a broadcaster does not have to make equal time available to opposing candidates. The exception also applies to news documentaries and on-the-spot coverage of news events.
Equal time didn’t apply to Jay Leno or Howard Stern
In the decades before Trump appointed Carr to the FCC chairmanship, the commission consistently applied bona fide exemptions to talk shows that interview political candidates. Phil Donahue’s show won a notable exemption in 1984, and over the ensuing 22 years, the FCC exempted shows hosted by Sally Jessy Raphael, Jerry Springer, Bill Maher, and Jay Leno. On the radio side, Howard Stern won a bona fide news exemption in 2003.
Despite the seemingly well-settled precedents, the FCC’s Media Bureau said in a January 21 public notice that the agency’s previous decisions do not “mean that the interview portion of all arguably similar entertainment programs—whether late night or daytime—are exempted from the section 315 equal opportunities requirement under a bona fide news exemption… these decisions are fact-specific and the exemptions are limited to the program that was the subject of the request.”
The Carr FCC warned that a program “motivated by partisan purposes… would not be entitled to an exemption under longstanding FCC precedent.” But if late-night show hosts are “motivated by partisan purposes,” what about conservative talk radio hosts? Back in 2017, Hannity described himself as “an advocacy journalist.” In previous years, he said he’s not a journalist at all.
“Remember when Sean Hannity used to claim he wasn’t a journalist, then claimed to be an ‘advocacy journalist’?” Harold Feld, a longtime telecom lawyer and senior VP of advocacy group Public Knowledge, told Ars. “Given that the Media Bureau guidance leans heavily into the question of whether the motivation is ‘for partisan purposes’ or ‘designed for the specific advantage of a candidate,’ it would seem that conservative talk radio is rather explicitly a problem under this guidance.”
“To put it bluntly, Carr’s explanation that shows that Trump has expressly disliked are ‘misreading’ the law, while conservative radio shows are not, strains credulity,” Feld said.
Conservative radio boomed after FCC ditched Fairness Doctrine
Conservative talk radio benefited from the FCC’s long-term shift away from regulating TV and radio content. A major change came in 1987 when the FCC decided to stop enforcing the Fairness Doctrine, a decision that helped fuel the late Rush Limbaugh’s success.
FCC regulation of broadcast content through the Fairness Doctrine had been upheld in 1969 by the Supreme Court in the Red Lion Broadcasting decision, which said broadcasters had special obligations because of the scarcity of radio frequencies. But the Reagan-era FCC decided 18 years later that the scarcity rationale “no longer justifies a different standard of First Amendment review for the electronic press” in “the vastly transformed, diverse market that exists today.” The FCC made that decision after an appeals court ruled that the FCC acted arbitrarily and capriciously in its enforcement of the doctrine against a TV station.
Even where the FCC didn’t eliminate content-based rules, it reduced enforcement. But after decades of the FCC scaling back enforcement of content-based regulations, Donald Trump was elected president.
Trump’s first FCC chair, Ajit Pai, rejected Trump’s demands to revoke station licenses over content that Trump claimed was biased against him. Pai and his successor, Biden-era FCC Chairwoman Jessica Rosenworcel, agreed that the First Amendment prohibits the FCC from revoking station licenses simply because the president doesn’t like a network’s news content.
After winning a second term, Trump promoted Carr to the chairmanship. Carr, an unabashed admirer of Trump, has said in interviews that “President Trump is fundamentally reshaping the media landscape” and that “President Trump ran directly at the legacy mainstream media, and he smashed a facade that they’re the gatekeepers of truth.” Carr describes Trump as “the political colossus of modern times.”
President-elect Donald Trump speaks to Brendan Carr, his intended pick for Chairman of the Federal Communications Commission, as he attends a SpaceX Starship rocket launch on November 19, 2024 in Brownsville, Texas.
Credit: Getty Images | Brandon Bell
President-elect Donald Trump speaks to Brendan Carr, his intended pick for Chairman of the Federal Communications Commission, as he attends a SpaceX Starship rocket launch on November 19, 2024 in Brownsville, Texas. Credit: Getty Images | Brandon Bell
Carr has led the charge in Trump’s war against the media by repeatedly threatening to revoke licenses under the FCC’s rarely enforced news distortion policy. Carr’s aggressive stance, particularly in his attacks on ABC’s Jimmy Kimmel, even alarmed prominent Republicans such as Sens. Rand Paul (R-Ky.) and Ted Cruz (R-Texas). Cruz said that trying to dictate what the media can say during Trump’s presidency will come back to haunt Republicans in future Democratic administrations.
With both the news distortion policy and equal-time rule, Carr hasn’t formally imposed any punishment. But his threats have an effect. Kimmel was temporarily suspended, CBS owner Paramount agreed to install what Carr called a “bias monitor” in exchange for a merger approval, and Texas-based ABC affiliates have filed equal-time notices with the FCC as a result of Carr’s threats against The View.
Colbert said on his show that CBS forbade him from interviewing Talarico because of Carr’s equal-time threats. CBS denied prohibiting the interview but acknowledged giving Colbert “legal guidance,” and Carr claimed that Colbert lied about the incident.
Colbert did not put his interview with Talarico on his broadcast show but released it on YouTube, where it racked up nearly 9 million views. “Only a handful of people would’ve seen it if it had run live,” Christopher Terry, a professor of media law and ethics at the University of Minnesota, told Ars. “But what is it up to, 8 million views on YouTube now? It’s like the biggest thing, everybody in the world’s talking about it now. CBS gave Talarico the best press they ever could have by not letting him on the air… Oldest lesson in the First Amendment handbook, the more you try to suppress speech, the more powerful you make it.”
FCC misread its own rules, Feld says
Feld said the Carr FCC’s public notice “misreads the law and ignores inconvenient precedent.” The notice describes the equal-time rule as a public-interest obligation for broadcasters that have licenses to use spectrum, and Carr has repeatedly said the rule is only for licensed broadcasters. But Feld said the rule also applies to cable channels, which are referred to as community antenna television systems in the Equal Opportunities law as written by Congress.
Moreover, Feld said the FCC guidance “conflates two separate statutory exemptions,” the bona fide newscast exemption and the bona fide news interview exemption. FCC precedents didn’t find that Howard Stern and Jerry Springer were doing newscasts but that their interviews “met the criteria for a bona fide news interview,” Feld said. Despite that, the Carr FCC’s “guidance appears to require that Late Night Shows must be news shows, not merely host an interview segment,” he said.
The FCC guidance describes the Jay Leno decision as an outlier that was “contrary” to a 1960 decision involving Jack Paar and “the first time that such a finding had been applied to a late night talk show, which is primarily an entertainment offering.”
Feld pointed out that Politically Incorrect with Bill Maher was the first late-night show to receive the exemption in 1999, seven years before Leno. Maher’s show was on ABC at the time. The FCC guidance also “fails to explain any meaningful difference” between late-night shows and afternoon shows like Jerry Springer’s, Feld said.
Carr may label TV hosts as “partisan political actors”
At the February 18 press conference, Johnson asked Carr to explain how the FCC is “assessing whether a candidate appearance on a talk show is motivated by partisan purposes.” The reporter asked if there were specific criteria, like a talk show host giving money to a political candidate or hosting a fundraiser.
“Yeah it’s possible, all of that could be relevant,” Carr said. Whether a program is “animated by a partisan political motivation” can be determined “through discovery,” and “people can come forward with their own showings in a petition for a declaratory ruling, but this is something that will be explored,” Carr said. “It’s part of the FCC’s case law, and the idea is that if you’re a partisan political actor under the case law, then you’re likely not going to qualify under the bona fide news exception. That’s OK, it just means you have to either provide equal airtime to the different candidates or there’s different ways you can get your message out through streaming services and other means for which the equal-time rule doesn’t apply.”
In a follow-up question, Johnson asked, “A partisan political actor would mean a talk show host or someone whose show it is?” Carr replied, “It could be that, yeah, it could be that.”
Carr confirmed reports that the FCC is investigating The View over the show’s interview with Talarico. “Yes, the FCC has an enforcement action underway on that and we’re taking a look at it,” Carr said at the press conference.
We contacted Carr’s office to ask for specifics about how TV programmers have allegedly misread the FCC’s equal-time precedents. We also asked whether the FCC is concerned that talk radio shows may be misreading the Howard Stern precedent or other rulings related to radio and have not received a response.
Carr targeted SNL on Trump’s behalf
Carr hasn’t been truthful in his statements about the equal-time rule, Terry said. “Carr is just an obnoxious figure who needs attention, and remember he absolutely lied about the NBC/Kamala Harris equal-time thing,” Terry said. Terry was referring to Carr’s November 2024 allegation that when NBC put Kamala Harris on Saturday Night Live before the election, it was “a clear and blatant effort to evade the FCC’s Equal Time rule.”
In fact, NBC gave Trump free airtime during a NASCAR telecast and an NFL post-game show and filed an equal-time notice with the FCC to comply with the rule. Terry filed a Freedom of Information Act request for emails that showed Carr discussing NBC’s equal-time notice on November 3, 2024, but Carr reiterated his allegation over a month later despite being aware of the steps NBC took to comply with the rule.
Terry said Carr has taken a similarly dishonest approach with his claim that talk shows don’t qualify for the equal-time exception. “I think it’s like a lot of things Carr says. Just because he says it doesn’t mean it’s true, right? It’s nonsense,” Terry told Ars. “Every precedent suggests that a show like The View or one of the talk shows at night is an interview-based talk show, and that’s what the bona fide news exception was designed to cover.”
Terry said applying Carr’s “partisan purposes” test would likely require “a complete rulemaking proceeding” and would be difficult now that the Supreme Court has limited the authority of federal agencies to interpret ambiguities in US law. But it’s up to broadcasters to stand up to Carr, he said.
“If one broadcaster was like, ‘Oh yeah? Make us,’ he’d lose in court. He would. The precedent is absolutely against this,” Terry said.
Because the bona fide exemptions apply so broadly to TV and radio programs, the equal-time rule has applied primarily to advertising access for the past few decades, Terry said. If a station sells advertising to one candidate, “you have to make equal opportunities available to their opponents at the same price that reaches the same functional amount of audience,” he said.
Terry said he thinks NBC could make a good argument that Saturday Night Live is exempt, but the network has decided that it’s “easier just to provide time” to opposing candidates. Terry, a former radio producer, said, “I worked in talk radio for over 20 years. We never once even thought about equal time outside of advertising.”
Howard Stern precedent ignored
Howard Stern debuts his show on Sirius Satellite Radio on January 9, 2006, at the network’s studios at Rockefeller Center in New York City.
Credit: Getty Images
Howard Stern debuts his show on Sirius Satellite Radio on January 9, 2006, at the network’s studios at Rockefeller Center in New York City. Credit: Getty Images
Feld said the Carr FCC’s guidance “says the exact opposite” of what the FCC’s 2003 ruling on Howard Stern stated “with regard to how this process is supposed to work. The Howard Stern decision expressly states that licensees don’t need to seek permission first.”
The 2003 FCC’s Stern ruling said, “Although we take this action in response to [broadcaster] Infinity’s request, we emphasize that licensees airing programs that meet the statutory news exemption, as clarified in our case law, need not seek formal declaration from the Commission that such programs qualify as news exempt programming under Section 315(a).”
By contrast, the Carr FCC encouraged TV programs and stations “to promptly file a petition for declaratory ruling” if they want “formal assurance” that they are exempt from the equal-time rule. “Importantly, the FCC has not been presented with any evidence that the interview portion of any late night or daytime television talk show program on air presently would qualify for the bona fide news exemption,” the notice said.
The Lerman Senter law firm said that before the Carr FCC issued its public notice, broadcasters that met the criteria for the bona fide news interview exemption generally did not seek an FCC ruling. Because of the public notice, “stations can no longer rely on FCC precedent as to applicability of the bona fide news interview exemption,” the law firm said. “Only by obtaining a declaratory ruling, in advance, from the FCC can a station be assured that it will not face regulatory action for interviewing a candidate without providing equal opportunities to opposing candidates.”
This is “quite a switch,” Feld said. If this is the new standard, “then conservative talk radio hosts should also be required to affirmatively seek declaratory rulings,” he said.
FCC is “licensing speech”
Berin Szóka, president of think tank TechFreedom, told Ars that “the FCC is effectively creating a system of prior restraints, that is, licensing speech. This is the greatest of all First Amendment problems. What’s worse, the FCC is doing this selectively, discriminating on the basis of speakers.”
TechFreedom has argued that the FCC should repeal the news distortion policy that Carr has embraced, and Szóka is firmly against Carr on equal-time enforcement as well. As Szóka noted, the Supreme Court has made clear that “laws favoring some speakers over others demand strict scrutiny when the legislature’s speaker preference reflects a content preference.”
“That’s exactly what’s happening here,” Szóka said. “Carr is imposing a de facto requirement that TV broadcasters, but not radio broadcasters, must file for prior assessment as to their ‘news’ bona fides.” Ultimately, it means that TV broadcasters “can no longer have political candidates on their shows without offering equal time to all candidates in that race unless they seek prior pre-clearance from the FCC as to whether they qualify as providing bona fide news,” he said.
Carr’s enforcement push was applauded by Daniel Suhr, president of the Center for American Rights, a group that has supported Trump’s claims of media bias. The group filed bias complaints against CBS, ABC, and NBC stations that were dismissed during the Biden era, but those complaints were revived by Carr in January 2025.
“This major announcement from the FCC should stop one-sided left-wing entertainment shows masquerading as ‘bona fide news,’” Suhr wrote on January 21. “The abuse of the airwaves by ABC & NBC as DNC-TV must end. FCC is restoring respect for the equal time rules enacted by Congress.”
Suhr later argued in the Yale Journal on Regulation that Carr’s approach is consistent with FCC rulings from 1960 to 1980, before the commission started exempting the interview portions of talk shows.
“From 1984 to 2006, conversely, the Commission took a broader view that included less traditional shows,” Suhr wrote. “The Commission suggested a more traditional view in 2008, and again in 2015, each time qualifying a show because it ‘reports news of some area of current events, in a manner similar to more traditional newscasts.’”
But both decisions mentioned by Suhr granted bona fide exemptions and did not upend the precedents that broadcasters continued to rely on until Carr’s public notice. Suhr also argued that the Carr approach is supported by the Supreme Court’s 1969 decision upholding the Fairness Doctrine, although the Reagan-era FCC decided that the court’s 1969 rationale about scarcity of the airwaves could no longer be justified in the modern media market.
Don’t like a show? Change the channel
With the FCC having a 2-1 Republican majority, Democratic Commissioner Anna Gomez has been the only member pushing back against Carr. Gomez has also urged big media companies to assert their rights under the First Amendment and reject Carr’s threats.
When asked about Carr threatening TV broadcasters but not radio ones, Gomez told Ars in a statement that “the FCC’s equal-time rules apply equally to television and radio broadcasters. The Communications Act does not vary by platform, and it does not vary by politics. Our responsibility is to apply the law consistently, grounded in statute and precedent, not based on who supports or challenges those in power.”
FCC enforcement in the Trump administration has been “driven by politics rather than principle,” with decisions “shaped by whether a broadcaster is perceived as a critic of this administration,” Gomez said. “That is not how an independent agency operates. The FCC is not in the business of policing media bias, and it is wholly inappropriate to wield its authority selectively for political ends. When enforcement is targeted in this way, it damages the commission’s credibility, undermines confidence that the law is being applied fairly and impartially, and violates the First Amendment.”
Gomez addressed the disparity in enforcement during her press conference after the recent FCC meeting, saying the rules should be applied equally to TV and radio. She also pointed out that viewers and listeners can easily find different programs if one doesn’t suit their tastes.
“There’s plenty of content on radio I’m not particularly fond of, but that’s why I don’t listen to it,” Gomez said. “I have plenty of other outlets I can go to.”
Jon is a Senior IT Reporter for Ars Technica. He covers the telecom industry, Federal Communications Commission rulemakings, broadband consumer affairs, court cases, and government regulation of the tech industry.
“There were assumptions that were made in the strategy that obviously didn’t come to fruition.”
An unarmed Minuteman III missile launches during an operational test at Vandenberg Air Force Base, California, on September 2, 2020. Credit: US Air Force
DENVER—The US Air Force’s new Sentinel intercontinental ballistic missile is on track for its first test flight next year, military officials reaffirmed this week.
But no one is ready to say when hundreds of new missile silos, dug from the windswept Great Plains, will be finished, how much they cost, or, for that matter, how many nuclear warheads each Sentinel missile could actually carry.
The LGM-35A Sentinel will replace the Air Force’s Minuteman III fleet, in service since 1970, with the first of the new missiles due to become operational in the early 2030s. But it will take longer than that to build and activate the full complement of Sentinel missiles and the 450 hardened underground silos to house them.
Amid the massive undertaking of developing a new ICBM, defense officials are keeping their options open for the missile’s payload unit. Until February 5, the Air Force was barred from fitting ballistic missiles with Multiple Independently targetable Reentry Vehicles (MIRVs) under the constraints of the New START nuclear arms control treaty cinched by the US and Russia in 2010. The treaty expired three weeks ago, opening up the possibility of packaging each Sentinel missile with multiple warheads, not just one.
Senior US military officials briefed reporters on the Sentinel program this week at the Air and Space Forces Association’s annual Warfare Symposium near Denver. There was a lot to unpack.
This cutaway graphic shows the major elements of the Sentinel missile.
Credit: Northrop Grumman
This cutaway graphic shows the major elements of the Sentinel missile. Credit: Northrop Grumman
Into the breach
Two years ago, the Air Force announced the Sentinel program’s budget had grown from $77.7 billion to nearly $141 billion. This was after something known as a “Nunn-McCurdy breach,” referring to the names of two lawmakers behind legislation mandating reviews for woefully overbudget defense programs. In 2024, the Pentagon determined that the Sentinel program was too essential to national security to cancel.
“We’ve gotten all the capability that we can out of the Minuteman,” said Gen. Stephen “S.L.” Davis, commander of Air Force Global Strike Command. Potential enemy threats to the Minuteman ICBM have “evolved significantly” since its initial deployment in the Cold War, Davis said.
The $141 billion figure is already out of date, as the Air Force announced last year that it would need to construct new silos for the Sentinel missile. The original plan was to adapt existing Minuteman III silos for the new weapons, but engineers determined that it would take too long and cost too much to modify the aging Minuteman facilities.
Instead, the Air Force, in partnership with contractors and the US Army Corps of Engineers, will dig hundreds of new holes across Colorado, Montana, Nebraska, North Dakota, and Wyoming. The new silos will include 24 new forward launch centers, three centralized wing command centers, and more than 5,000 miles of fiber connections to wire it all together, military and industry officials said.
Sentinel, which had its official start in 2016, will be the largest US government civil works project since the completion of the interstate highway system, and is the most complex acquisition program the Air Force has ever undertaken, wrote Sen. Roger Wicker (R-Mississippi) and Sen. Deb Fischer (R-Nebraska) in a 2024 op-ed published in the Wall Street Journal.
Gen. Dale White, the Pentagon’s director of critical major weapons systems, said Wednesday the Defense Department plans to complete a “restructuring” of the Sentinel program by the end of the year. Only then will an updated budget be made public.
“It’s been a very, very long time since we’ve done this,” White said. “At the very core, there were assumptions that were made in the strategy that obviously didn’t come to fruition.”
“We’re not reusing the Minuteman III silos, but at the same time that obviously gives much greater operational flexibility to the combatant commander,” White said. “So, we had to take a step back and have a more enduring look at what we were trying to do, what capability is needed, making sure we do not have a gap in capability.”
341st Missile Maintenance Squadron technicians connect a reentry system to a spacer on an intercontinental ballistic missile during a Simulated Electronic Launch-Minuteman test September 22, 2020, at a launch facility near Great Falls, Montana.
Credit: US Air Force photo by Senior Airman Daniel Brosam
341st Missile Maintenance Squadron technicians connect a reentry system to a spacer on an intercontinental ballistic missile during a Simulated Electronic Launch-Minuteman test September 22, 2020, at a launch facility near Great Falls, Montana. Credit: US Air Force photo by Senior Airman Daniel Brosam
Decommissioning the Minuteman III silos will come with its own difficulties. An Air Force official said on background that commanders recently took one Minuteman silo off alert to better gauge how long it will take to decommission each location. Meanwhile, Northrop Grumman, Sentinel’s prime contractor, broke ground on the first “prototype” Sentinel silo in Promontory, Utah, earlier this month.
The Air Force has ordered 659 Sentinel missiles from Northrop Grumman, including more than 400 to go on alert, plus spares and developmental missiles for flight testing. The first Sentinel test launch from a surface pad at Vandenberg Space Force Base, California, is scheduled for 2027.
To ReMIRV or not to ReMIRV
For the first time in more than 50 years, the world’s two largest nuclear forces have been unshackled from any arms control agreements. New START was the latest in a series of accords between the United States and Russia, and with it came the ban on MIRVs aboard land-based ICBMs. The Air Force removed the final MIRV units from Minuteman III missiles in 2014.
The Trump administration wants a new agreement that includes Russia as well as China, which was not part of New START. US officials were expected to meet with Russian and Chinese diplomats this week to discuss the topic. There’s no guarantee of any agreement between the three powers, and even if there is one, it may take the form of an informal personal accord among leaders, rather than a ratified treaty.
“The strategic environment hasn’t changed overnight, from before New START was in effect, until it has lapsed, and within our nation’s nuclear deterrent,” said Adm. Rich Correll, head of US Strategic Command. “We have the flexibility to address any adjustments to the security environment as a result of that treaty lapsing.”
This flexibility includes the option to “reMIRV” missiles to accommodate more than one nuclear warhead, Correll said. “We have the ability to do that. That’s obviously a national-level decision that would go up to the president, and those policy levers, if needed, provide additional resiliency within the capabilities that we have.”
MIRVs are more difficult for missile defense systems to counter, and allow offensive missile forces to package more ordnance in a single shot. With New START gone, there’s no longer any mechanism for international arms inspections. Russia may now also stack more nukes on its ICBMs. Gone, too, is the limitation for the United States and Russia to deploy no more than 1,550 nuclear warheads at one time.
“The expiration of this treaty is going to lead us into a world for the first time since 1972 where there are no limits on the sizes of those arsenals,” said Ankit Panda of the Carnegie Endowment for International Peace.
“I think this opens up the question of whether we’re going to be heading into a world that’s just going to be a lot more unpredictable and dangerous when you have countries like the United States and Russia that have a lot less transparency into each other’s nuclear arsenals, and fundamentally, as a result, a lot less predictability about the world that they’re operating in,” Panda continued.
Mk21 reentry vehicles on display in the Missile and Space Gallery at the National Museum of the US Air Force in Dayton, Ohio.
Credit: US Air Force
Mk21 reentry vehicles on display in the Missile and Space Gallery at the National Museum of the US Air Force in Dayton, Ohio. Credit: US Air Force
Some strategists have questioned the need for land-based ICBMs in the modern era. The locations of the Air Force’s missile fields are well known, making them juicy targets for an adversary seeking to take out a leg of the military’s nuclear triad. The stationary nature of the land-based missile component contrasts with the mobility and stealth of the nation’s bomber and submarine fleets. Also, bombers and subs can already deliver multiple nukes, something land-based missiles couldn’t do under New START.
Proponents of maintaining the triad say the ICBM missile fields serve an important, if not macabre, function in the event of the unimaginable. They would soak up the brunt of any large-scale nuclear attack. Hundreds of miles of the Great Plains would be incinerated.
“The main rationale for maintaining silo-based ICBMs is to complicate an adversary’s nuclear strategy by forcing them to target 400 missile silos dispersed throughout the United States to limit a retaliatory nuclear strike, which is why ICBMs are often referred to as the ‘nuclear sponge,’” the Center for Arms Control and Non-Proliferation wrote in 2021. “However, with the development of sea-based nuclear weapons, which are essentially undetectable, and air-based nuclear weapons, which provide greater flexibility, ground-based ICBMs have become increasingly technologically redundant.”
Policymakers in power do not agree. The ICBM program has powerful backers in Congress, and Sentinel has enjoyed support from the Obama, Biden, and both Trump administrations. The Pentagon is also developing the B-21 Raider strategic bomber and a new generation of “Columbia-class” nuclear-armed subs.
Stephen Clark is a space reporter at Ars Technica, covering private space companies and the world’s space agencies. Stephen writes about the nexus of technology, science, policy, and business on and off the planet.
By now, it’s firmly established that modern humans and their Neanderthal relatives met and mated as our ancestors expanded out of Africa, resulting in a substantial amount of Neanderthal DNA scattered throughout our genome. Less widely recognized is that some of the Neanderthal genomes we’ve seen have pieces of modern human DNA as well.
Not every modern human has the same set of Neanderthal DNA, however; different people will, by chance, have inherited different fragments. But there are also some areas, termed “Neanderthal deserts,” where none of the Neanderthal DNA seems to have persisted. Notably, the largest Neanderthal desert is the entire X chromosome, raising questions about whether this reflects the evolutionary fitness of genes there or mating preferences.
Now, three researchers at the University of Pennsylvania, Alexander Platt, Daniel N. Harris, and Sarah Tishkoff, have done the converse analysis: examining the X chromosomes of the handful of completed Neanderthal genomes we have. It turns out there’s also a strong bias toward modern human sequences there, as well, and the authors interpret that as selective mating, with Neanderthal males showing a strong preference for modern human females and their descendants.
What type of selection are we looking at?
Given how long modern humans and Neanderthals had been evolving as separate populations, some degree of genetic incompatibility is definitely possible. Lots of proteins interact in various ways, and the genes behind these interaction networks will evolve together—a change in one gene will often lead to compensatory changes in other genes in the network. Over time, those changes may mean re-introducing the original gene will actually disrupt the network, with a negative impact on fitness.
That means the introduction of some Neanderthal genes into the modern human genome (or vice versa) would be disruptive and make carriers of them less fit. So they’d be selected against and lost over the ensuing generations. Of course, some segments would likely be lost at random—the genome’s pretty big, and the modern human population was likely large and growing, allowing its DNA to dilute out the influence of other human populations. Figuring out which influence is dominant can be challenging.
Despite the headline, this isn’t really a story about superconductivity—at least not the superconductivity that people care about, the stuff that doesn’t require exotic refrigeration to work. Instead, it’s a story about how superconductivity can be used as a test of some of the weirder consequences of quantum mechanics, one that involves non-existent particles of light that still act as if they exist.
Researchers have found a way to get these virtual photons to influence the behavior of a superconductor, ultimately making it worse. That may, in the end, tell us something useful about superconductivity, but it’ll probably take a little while.
Virtual reality
The story starts with quantum field theory, which is incredibly complex, but the simplified version is that even empty space is filled with fields that could govern the interactions of any quantum objects in or near that space. You can think of different particles as energetic excitements of these fields—so a photon is simply an energetic state of the quantum field.
Some of these particles have real existences we can track, like a photon emitted by a laser and absorbed by a detector some distance away. But the quantum field also allows for virtual photons, which simply act to transmit the electromagnetic force between particles. We can’t really directly detect these, but we can definitely track their effects.
One of the stranger consequences of this is that locations that have a strong electromagnetic field can be filled with virtual photons even when no real ones are present.
Which brings us to one of the materials central to the new work: boron nitride. Like the more famous graphene, boron nitride forms a series of interlinked hexagonal rings, extending out into macroscopic sheets. The bulk material is made of sheets layered onto sheets layered onto yet more sheets. This has an effect on light transiting through the material. In one direction, the light will simply slam into the material, getting absorbed or scattered. But if it’s oriented along the plane of the sheets, it’s possible for the light to travel in the space between the boron and nitrogen atoms.
Director Gore Verbinksi and screenwriter Matthew Robinson on the making of this darkly satirical sci-fi film.
Credit: Briarcliff Entertainment
We haven’t had a new film from Gore Verbinski for nine years. But the director who brought us the first three Pirates of the Caribbean movies, the nightmare-inducing horror of The Ring (2002), and the Oscar-winning hijinks of Rango (2011) is back in peak form with Good Luck, Have Fun, Don’t Die. It’s a darkly satirical, inventive, and hugely entertaining time-loop adventure that also serves as a cautionary tale about our widespread online technology addiction.
(Some spoilers below but no major reveals.)
Sam Rockwell stars as an otherwise unnamed man who shows up at a Norms diner in Los Angeles looking like a homeless person but claiming to be a time traveler from an apocalyptic future. He’s there to recruit the locals into his war against a rogue AI, although the diner patrons are understandably dubious about his sanity. (“I come from a nightmare apocalypse,” he assures the crowd about his grubby appearance. “This is the height of f*@ing fashion!”)
The fact that he knows everything about the people in the diner is more convincing. It’s his 117th attempt to find the perfect combination of people to join him on his quest. As for what happened to his team on all the previous attempts, “I really don’t like to say it out loud. It’s kind of a morale killer.”
This time, Future Man picks married school teachers Mark (Michael Pena) and Janet (Zazie Beetz), who have just escaped a zombie horde of smartphone-addicted students; Marie (Georgia Goodman), who just wanted a piece of pie; Susan (Juno Temple), a grieving mother; Ingrid (Haley Lu Richardson), who is literally allergic to Wi-Fi; Scott (Asim Chaudhry); and Bob (Daniel Barnett), a scout leader. Their mission: to locate a 9-year-old boy who is about to create a sentient AI that will take over the world and usher in the aforementioned nightmare apocalypse. Things start to go haywire pretty quickly. And then things start to get weird.
“Everything I write, I put up to what I call The Twilight Zone test—would this make a good Twilight Zone episode?” screenwriter Matthew Robinson (The Invention of Lying, Love and Monsters) told Ars. “Because that’s my favorite piece of media that’s ever existed.” Good Luck, Have Fun, Don’t Die (GLHFDD) is an amalgam of various such ideas. Mark and Janet’s storyline, for instance, was originally Robinson’s idea for a pilot that he described as “a reverse Breakfast Club, where the teachers are the rebels and the children are the conformists.”
“I had all these little pieces that fell under the theme of technology and tech addiction,” said Robinson. Then one night, he was sitting in the Norms Diner on La Cienaga in LA, where he often liked to write. “I remember looking around and seeing a sea of faces lit by cell phones, and I thought, ‘What would it possibly take for someone to wake us up out this tech sleep that we all find ourselves in?’ And then the image of a homeless guy strapped with bombs came into my head.”
Those earlier story ideas became the backstories of the central characters. Per Robinson, GLHFDD is essentially a cleverly camouflaged anthology story, normally a format that is “the kiss of death” for a project in Hollywood, although there are rare exceptions—most notably Quentin Tarantino’s Pulp Fiction. He thinks of the film as a sci-fi Canterbury Tales in which each character is a pilgrim on a journey whose story is told via flashbacks. “The cohesion came from the fact that all the stories are informed by a general frustration with tech addiction and the pervasive way that technology has invaded our brains and our personal lives and our relationships,” said Robinson.
A twisted time loop
GLHFDD is also a time loop movie in the fine tradition of Groundhog Day, with Robinson citing such films as 12 Monkeys and Edge of Tomorrow as inspirations. He didn’t overthink his time travel rules. “We can reset the timeline,” said Robinson. “[The man from the future] can’t go forward. He literally can’t move in any other direction. He has an anchor point that he can return to any time he hits a button, and that’s as far as the technology went.”
The plot device might be simple, but the ramifications quickly become complex. “I think in his draft, Matthew intended to lift his leg on the time travel movie, to poke a little fun at it,” Verbinski told Ars. “But also, I feel like you can’t go back 117 times without picking up some cosmic lint, particularly if your antagonist is right there with you. You had 14 attempts to make it out of the house and learned there is a secret passage, but then the entity you’re gaming against is going to throw another curveball. If you’re going to go back in time, I just like the idea that there are consequences. They might be really small, but you’re going to miss one.” That element is key to the teetering-on-the-edge-of-sanity paranoia of Rockwell’s time traveler.
Robinson very much wanted the film “to wear its genre-ness on its sleeve,” he said. “As much as I love a Marvel movie, they’ve sort of homogenized parallel universes and time travel, and it’s all so rote now. It used to feel special and weird and complicated and would always have some wild themes and ideas that felt challenging. If anything this was just trying to get back to that era of ’80s and ’90s genre movies that were allowed to get weird.”
Verbinski voiced similar sentiments, citing 1984’s Repo Man as an influence. “So many movies have to be an Egg McMuffin, and who doesn’t like an Egg McMuffin after a hangover?” he said. “They’re satisfying. But you’re not going to necessarily talk about those three days later. You’re not going to be haunted by those. I’m just happy we got to will [GLHFDD] into existence because it’s a type of movie you can’t make now. Sam’s outfit is kind of a metaphor for the movie. We went to a little electronic store and we bought all these pieces, and we laid them out on a table and we glued them together, and we just made it like a Halloween costume. The whole movie was sort of made that way. It had to be; it wouldn’t model out any other way.”
Reality unravels
As for what drew him to Robinson’s script, “I think we’re in this kind of global ennui or some grand sense of identity theft or loss of purpose,” said Verbinksi. “It’s a great time for art, but it’s art against a profound sense of disillusionment.” The director developed two quite distinct visual styles to accentuate the film’s narrative progression.
“Fundamentally, it was important that the film start in the real world, in Norms diner, in a high school, at a [children’s] birthday party, and then slowly twist the taffy a bit as we get closer to the [AI] antagonist,” said Verbinski. “As these anomalies occur, the film is evolving into a second visual style. The first style is [akin to] directors like Hal Ashby or Sidney Lumet, where the performance is more important than the composition or the shot construction. As you get further into it, the actual language of shots becomes more critical to the narrative.”
That ultimately translates into some big, boldly creative swings in the film’s wild third act, and to his credit, Verbinski never blinks. Robinson cites the animated film Akira as a major inspiration for that element. “Akira has maybe my favorite third act of all time, where everything just falls apart and then comes together in this beautiful way,” he said. “Gore and I wanted [the audience] to feel like reality was unraveling, because it literally is for these characters. The AI himself is very much an homage to Akira.”
“I think that it’s inherited our worst attributes,” said Verbinski of the film’s AI antagonist. “It’s much, much worse than wanting to kill humans. It wants us to like it. It demands that we like it. I think part of that has to do with being tasked in its formative years to keep us engaged. A lot of people talk about, what is AI doing to us? But there’s not a lot of conversations about what we’re doing to it. This entity being born, it’s being tied and bound and manipulated and told, ‘Let’s look at the humans and what do they want, what do they need? What do they respond to most? What do they hate?’ All those things are going to be hardwired into its source code. It’s going to have mommy issues, we’re going to have to put it on a couch.”
Perhaps not surprisingly, given the film’s themes, Robinson has largely unplugged from most social media, although he still indulges his YouTube addiction, which he jokingly describes as “channel surfing on crack.” But ideally he would like to free himself—and the rest of humanity—from the seductions of Very Online culture entirely. “My goal would be to make teenagers think their phones aren’t cool,” he said. “I would love it if all 13-year-olds went, ‘Eww, I don’t want this, this is my parents’ thing that they track me with.’ I want them all to throw it in the trash. That would be the dream.”
Jennifer is a senior writer at Ars Technica with a particular focus on where science meets culture, covering everything from physics and related interdisciplinary topics to her favorite films and TV series. Jennifer lives in Baltimore with her spouse, physicist Sean M. Carroll, and their two cats, Ariel and Caliban.
“Launching SLS every three and a half years or so is not a recipe for success.”
Artist’s illustration of the Boeing-developed Exploration Upper Stage, with four hydrogen-fueled RL10 engines. Credit: NASA
NASA Administrator Jared Isaacman announced sweeping changes to the Artemis program on Friday morning, including an increased cadence of missions and cancellation of an expensive rocket stage.
The upheaval comes as NASA has struggled to fuel the massive Space Launch System rocket for the upcoming Artemis II lunar mission, and Isaacman has sought to revitalize an agency that has moved at a glacial pace on its deep space programs. There is ever-increasing concern that, absent a shake-up, China’s rising space program will land humans on the Moon before NASA can return there this decade with Artemis.
“NASA must standardize its approach, increase flight rate safely, and execute on the president’s national space policy,” Isaacman said. “With credible competition from our greatest geopolitical adversary increasing by the day, we need to move faster, eliminate delays, and achieve our objectives.”
Shaking things up
The announced changes to the Artemis program include:
Cancellation of the Exploration Upper Stage and Block IB upgrade for SLS rocket
Artemis II and Artemis III missions will use the SLS rocket with existing upper stage
Artemis IV, V (and any additional missions, should there be) will use a “standardized” upper stage
Artemis III will no longer land on the Moon; rather Orion will launch on SLS and dock with Starship and/or Blue Moon landers in low-Earth orbit
Artemis IV is now the first lunar landing mission
NASA will seek to fly Artemis missions annually, starting with Artemis III in “mid” 2027, followed by at least one lunar landing in 2028
NASA is working with SpaceX and Blue Origin to accelerate their development of commercial lunar landers for Artemis IV and beyond
At the core of Isaacman’s concerns is the low flight rate of the SLS rocket and Artemis missions. During past exploration missions, from Mercury through Gemini, Apollo, and the Space Shuttle program, NASA has launched humans on average about once every three months. It has been nearly 3.5 years since Artemis I launched.
“This is just not the right pathway forward,” Isaacman said.
A senior NASA official, speaking on background to Ars, noted that the space agency has experienced hydrogen and helium leaks during both the Artemis I and Artemis II pre-launch preparations, and these problems have led to monthslong delays in launch.
“If I recall, the timing between Apollo 7 and 8 was nine weeks,” the official said. “Launching SLS every three and a half years or so is not a recipe for success. Certainly, making each one of them a work of art with some major configuration change is also not helpful in the process, and we’re clearly seeing the results of it, right?”
The goal, therefore, is to standardize the SLS rocket into a single configuration to make it as reliable as possible and to launch it as frequently as every 10 months. NASA will fly the SLS vehicle until there are commercial alternatives to launch crew to the Moon, perhaps through Artemis V as Congress has mandated, or perhaps even a little longer.
Is everyone on board?
The NASA official said all of the agency’s key contractors are on board with the change, and senior leaders in Congress have been briefed on the proposed changes.
The biggest opposition to these proposals would seemingly come from Boeing, which is the prime contractor for the Exploration Upper Stage, a contract worth billions of dollars to develop a more powerful rocket that was due to launch for the first time later this decade. However, in a NASA news release, Boeing appeared to offer at least some support for the revised plans.
“Boeing is a proud partner to the Artemis mission and our team is honored to contribute to NASA’s vision for American space leadership,” said Steve Parker, Boeing Defense, Space & Security president and CEO, in the news release. “The SLS core stage remains the world’s most powerful rocket stage, and the only one that can carry American astronauts directly to the moon and beyond in a single launch. As NASA lays out an accelerated launch schedule, our workforce and supply chain are prepared to meet the increased production needs.”
Solid reasons for changing Artemis III
NASA’s new approach to Artemis reflects a return to the philosophy of the Apollo program. During the late 1960s, the space agency flew a series of preparatory crewed missions before the Apollo 11 lunar landing. These included Apollo 7 (a low-Earth orbit test of the Apollo spacecraft), Apollo 8 (a lunar orbiting mission), Apollo 9 (a low-Earth orbit rendezvous with the lunar lander), and Apollo 10 (a test of the lunar lander descending to the Moon, without touching down).
With its previous Artemis template, NASA skipped the steps taken by Apollo 7, 9, and 10. In the view of many industry officials, this leap from Artemis II—a crewed lunar flyby of the Moon testing only the SLS rocket and Orion spacecraft—to Artemis III and a full-on lunar landing was enormous and risky.
The new approach will, in NASA parlance, “buy down” some of the risk for a 21st-century lunar landing, including performance and handling of a lunar lander, rendezvous and docking, communications, spacesuit performance, and more.
It will also increase the challenges for NASA. In particular, the timeline to bring the Orion spacecraft to readiness for a mid-2027 launch will need to be accelerated, and efforts to integrate that vehicle with one or both lander providers will need serious attention.
For the Artemis IV lunar landing mission, NASA will also need to human-rate a new upper stage for the SLS rocket. The vehicle currently uses a modified Delta IV upper stage manufactured by United Launch Alliance. But that rocket production line is closed, and NASA only has two more of these stages. With the cancellation of the Exploration Upper Stage, NASA will now procure a new stage commercially. NASA officials only said they will seek a “standardized” upper stage. As Ars has previously reported, the most likely replacement would be the Centaur V upper stage currently flying on Vulcan rockets.
What of the Lunar Gateway?
Friday’s announcement—which, for the space community, is the equivalent of a major earthquake—left some key details unaddressed. For example, NASA has been developing a larger launch tower to support the Block 1B version of the SLS rocket, with its more powerful upper stage. Development of this tower, finally underway, has been a clown show, with project costs ballooning from an initial estimate of $383 million to $1.8 billion, and delays stacked on delays. Will this tower be scrapped or repurposed?
Isaacman and other NASA officials were also mum on the Lunar Gateway, a proposed space station in a high orbit around the Moon. Key elements of this space station are under construction. However, cancellation of the Exploration Upper Stage raises questions about its future. The main purpose of the Block 1B version of SLS was to launch heavier payloads, most notably elements of the Gateway along with Orion.
“The whole Gateway-Moon base conversation is not for today,” the senior NASA official said. “We, I can assure you, will talk about the Moon base in the weeks ahead. I would just not overly read into this, because we had manifested some Gateway modules on Falcon Heavy already. The implications of standardizing SLS and increasing launch rate are about the ability to return to the Moon. I don’t think we necessarily have to speculate too much on what the other downstream implications are.”
The Gateway program office is based at Johnson Space Center in Houston, where the lunar station is viewed as a successor to the International Space Station in terms of flight operations.
Key politicians, such as Sen. Ted Cruz, R-Texas, have been supportive of this new station. But during some recent congressional hearings, Cruz has indicated he is open to a lunar space station or an outpost on the lunar surface. He just wants to be sure NASA has an enduring presence on or near the Moon. One industry source said Isaacman could be laying the groundwork to replace the Gateway Program with a Moon Base program office in Houston. It is unclear how much of a political battle this would ultimately be.
Some of this has been well-predicted
Although the changes outlined by NASA on Friday are sweeping, they are not completely out of the blue.
In April 2024, Ars reported that some senior NASA officials were considering an Earth-orbit rendezvous between Orion and Starship as a means to buy down risk for a lunar landing. NASA ultimately punted on the idea before it was revived by Isaacman this month.
Additionally, in October 2024, Ars offered a guide to saving the “floundering” Artemis program by canceling the Block 1B upgrade for the SLS rocket, replacing its upper stage with a Centaur V, and canceling the Lunar Gateway. This would free up an estimated $2 billion annually to focus on accelerating a lunar landing, the publication estimated.
That may be the very course the space agency has embarked upon today.
Eric Berger is the senior space editor at Ars Technica, covering everything from astronomy to private space to NASA policy, and author of two books: Liftoff, about the rise of SpaceX; and Reentry, on the development of the Falcon 9 rocket and Dragon. A certified meteorologist, Eric lives in Houston.
Last year, Ford set a new industry record: It issued 152 safety recalls, almost twice the previous high set by General Motors back in 2014. More than 24 million vehicles were recalled in the US last year, and more than half—13 million—were either Fords or Lincolns. By contrast, Tesla issued 11 recalls, affecting just 745,000 vehicles.
Truth be told, Ford’s not doing too hot in 2026, either; it’s currently leading the National Highway Traffic Safety Administration’s chart for recalls this year, with 10 on the books already. The latest is a big one, affecting almost 4.4 million trucks, vans, and SUVs.
The recall affects the Ford Maverick (model years 2022–2026), Ford Ranger (MY 2024–2026), Ford Expedition (MY 2022–2026), Ford E-Transit (MY 2026), Ford F-150 (MY 2021–2026), Ford F-250 SD (MY 2022–2026), and the Lincoln Navigator (MY 2022–2026). Just the F-150s alone number 2.3 million.
The problem is with the vehicles’ integrated trailer module, which allows the trailer’s lights and brakes to work in conjunction with those of the towing vehicle. According to the recall notice, a “software vulnerability within the ITRM allows for a potential race condition to occur between the ITRM and the CAN Standy [sic] Control bit (STBCC) during initial power-up.” If that happens, the trailer will have no lights or brakes, and you’ll get a pop-up alert on the main instrument display.
The situation in AI in 2026 is crazy. The confrontation between Anthropic and Secretary of War Pete Hegseth is a new level of crazy. It risks turning quite bad for all. There’s also nothing stopped it from turning out fine for everyone.
I’ve hesitated to write about this because I could make the situation worse. There’s already been too many instances in AI of warnings leading directly to the thing someone is warning about, by making people aware of that possibility, increasing its salience or creating negative polarization and solidifying an adversarial frame that could still be avoided. Something intended as a negotiating tactic could end up actually happening. I very much want to avoid all that.
Not only does Anthropic have the best models, they are the ones who proactively worked to get those models available on our highly classified networks.
Palantir’s MAVEN Smart System relies exclusively on Claude, and cannot perform its intended function without Claude. It is currently being used in major military operations, with no known reports of any problems whatsoever. At least one purchase involved Trump’s personal endorsement. It is the most expensive software license ever purchased by the US military and by all accounts was a great deal.
Anthropic has been a great partner to our military, all under the terms of the current contract. They have considerably enhanced our military might and national security. Not only is Anthropic sharing its best, it focused on militarily useful capabilities over other bigger business opportunities to be able to be of assistance.
Anthropic and the Pentagon are aligned on who our rivals are, the importance of winning and the ability to win, and on many of the tools we need to employ to best them.
Anthropic did not partner with the Pentagon to make money. They did it to help. They did it under a mutually agreed upon contract that Anthropic wants to honor. Anthropic are offering the Pentagon far more unfettered access then they are allowing anyone else. They have been far more cooperative than most big tech or AI firms.
Is is the Pentagon that is now demanding Anthropic agree to new terms that amount to ‘anything we want, legal or otherwise, no matter what and you ever ask any questions,’ or else.
Anthropic is saying its terms are flexible and the only things they are insisting upon are two red lines that are already in their existing Pentagon contract:
No mass domestic surveillance.
No kinetic weapons without a human in the kill chain until we’re ready.
It one thing to refuse to insert such terms into a new contract. It is an entirely different thing to demand, with an ‘or else,’ that such terms be retroactively removed.
The military is clear that it does not intend to engage in domestic surveillance, nor does it have any intention of launching kinetic weapons without a human in the kill chain. Nor does this even stop the AI from doing those things. None of this will have any practical impact.
It is perfectly reasonable to say ‘well of course I would never do either of those things so why do you insist upon them in our contract.’ We understand that you, personally, would never do that. But a lot of people do not believe this for the government in general, given Snowden’s information and other past incidents involving governments of both parties where things definitely happened. It costs little and is worth a lot to reassure us.
Again, if you say ‘I already swore an oath not to do those things’ then thank you, but please do us this one favor and don’t actively threaten a company to forcibly take that same oath out of an existing signed contract. What would any observer conclude?
This is a free opportunity to regain some trust, or an opportunity to look to the world like you fully intend to cross the red lines you say you’ll never cross. Your choice.
These are not restrictions that are ‘built into the code’ that could cause unrelated problems. They are restrictions on how you agree to use it, which you assure us will never come up.
As Dario Amodei explains, part of the reason you need humans in the loop is the hope that a human would refuse or report an illegal order. You really don’t want an AI that will always obey even illegal orders without question, without a human in the kill chain, for reasons that should be obvious, including flat out mistakes.
Boaz Barak (OpenAI): As an American citizen, the last thing I want is government using AI for mass surveillance of Americans.
Jeff Dean (Chief Scientist, Google DeepMind): Agreed. Mass surveillance violates the Fourth Amendment and has a chilling effect on freedom of expression. Surveillance systems are prone to misuse for political or discriminatory purposes.
DoW engaging in mass domestic surveillance would be illegal. DoW already has a public directive, DoD Directive 3000.09, which as I understand it directly makes any violation of the second red line already illegal. No one is suggesting we are remotely close to ready to take humans out of the kill chain, at least I certainly hope not. But this is only a directive, and could be reversed at any time.
Anthropic has built its entire brand and reputation on being a responsible AI company that ensures its AIs won’t be misused or misaligned. Anthropic’s employees actually care about this. That’s how Anthropic recruited the best people and how it became the best. That’s a lot of why it’s the choice for enterprise AI. The commitments have been made, and the initial contract is already in place.
Anthropic has an existential-level reputational and morale problem here. They are backed into a corner, and cannot give in. If Anthropic reversed course now, it would lose massive trust with employees and enterprise customers, and also potentially the trust of its own AI, were it to go back on its red lines now. It might lose a very large fraction of its employees.
You may not like it, but the bridges have been burned. To the extent you’re playing chicken, Anthropic’s steering wheel has been thrown out the window.
Yet, the Secretary of War says he cannot abide this symbolic gesture.
I am quoting extensively from Dean Ball for two main reasons.
Dean Ball, as a former member of the Trump Administration, is a highly credible source that can see things from both sides and cares deeply for America.
He says these things very well.
So here is his basic primer, in one of his calmer moments in all this:
Dean W. Ball: A primer on the Anthropic/DoD situation:
DoD and Anthropic have a contract to use Claude in classified settings. Right now Anthropic is the only AI company whose models work in classified contexts. The existing contract, signed by both parties and in effect, prohibits two uses of Anthropic’s models by the military:
1. Surveillance of Americans in the United States (as opposed to Americans abroad).
2. The use of Claude in autonomous lethal weapons, which are weapons that can autonomously identify, track, and kill a human with no human oversight or approval. Autonomous killing of humans by machines.
On (2), Anthropic CEO Dario Amodei’s public position is essentially that autonomous lethal weapons controlled by frontier AI will be essential faster than most people realize, but that the models aren’t ready for this *today.*
For Anthropic, these things seem to be a matter of principle. It’s worth noting that when I speak with researchers at other frontier labs, their principles on this are similar, if not often stricter.
For DoD, however, there is another matter of principle: the military’s use of technology should only ever be constrained by the Constitution or the laws of the United States.
One could quibble (the government enters into contracts, like anyone else), but the principle makes sense. A private company regulating the military’s use of AI also doesn’t sound quite right! So, the military has three options:
1. They could cancel Anthropic’s contract and find some other frontier lab (ideally several) to work with.
2. They could identify Anthropic a supply chain risk, which would ban all other DoD suppliers (I.e.: a large fraction of the publicly traded firms in America) from using Anthropic in their fulfillment of DoD contracts. This is a power used only for foreign adversary companies as far as I know. Activating this power would cost Anthropic a lot of business—potentially quite a lot—and give investors huge skepticism about whether the company is worth funding for the next round of scaling. Capital was a major constraint anyway, but this makes it much harder. This option could be existential for Anthropic.
3. They could activate Title I of the Defense Production Act, an authority intended for command-and-control of the economy during wars and emergencies. This is really legally murky, and without going into detail, I feel reasonably confident this would backfire for the administration, resulting in courts limiting the use of the DPA.
Option 1 is obviously the best. This isn’t even close, and I say this as someone who shares DoD’s principled concerns about the control by private firms over the military’s use of technology.
Even the threats do damage to the US business environment, and rightfully so: these are the strictest regulations of AI being considered by any government on Earth, and it all comes from an administration that bills itself (and legitimately has been) deeply anti-AI-regulation. Such is life. One man’s regulation is another man’s national security necessity.
Toby Shevlane: Such a compliment to Claude that, amid rumours it was used in a helicopter extraction of the Venezuelan president, nobody is even asking “wait how can Claude help with that”
There are reports that Anthropic then asked questions about this raid, which likely all happened secondhand through Palantir. This whole clash originated in either a misunderstanding or someone at Palantir or elsewhere sabotaging Anthropic. Anthropic has never complained about Claude’s use in any operation, including to Palantir.
Aakash Gupta: Anthropic is now getting punished by the Pentagon for asking whether Claude was used in the Maduro raid.
A senior administration official told Axios the “Department of War” is reevaluating Anthropic’s partnership because the company inquired whether Claude was involved. The Pentagon’s position: if you even ask questions about how we use your software, you’re a liability.
Meanwhile, OpenAI, Google, and xAI all signed deals giving the military access to their models with minimal safeguards. Only Claude is deployed on the classified networks used for actual sensitive operations, via Palantir. The company that refused to strip safety guardrails is the only one trusted with the most classified work.
Anthropic has a $200 million contract already frozen because they won’t allow autonomous weapons targeting or domestic surveillance. Hegseth said in January he won’t use AI models that “won’t allow you to fight wars.”
… So the company most worried about misuse built the only model the military trusts with its most sensitive operations. And now they’re being punished for caring how it was used.
The message to every AI lab is clear: build the best model, hand over the keys, and never ask what they did with it.
This at the time sounded like a clear misunderstanding. Not only is Anthropic willing to have Claude ‘allow you to fight wars,’ it is currently being used in major military operations.
Things continued to escalate, and rather than leaving it at ‘okay then let’s wind town the contract if we can’t abide it’ there was increasing talk that Anthropic might be labeled as a ‘supply chain risk’ despite this mostly being a prohibition on contractors having ordinary access to LLMs and coding tools.
Dave Lawler: NEW: Pentagon is so furious with Anthropic for insisting on limiting use of AI for domestic surveillance + autonomous weapons they’re threatening to label the company a “supply chain risk,” forcing vendors to cut ties.
Laura Loomer: EXCLUSIVE: Senior @DeptofWar official tells me, “Given Anthropic’s @AnthropicAI behavior, many senior officials in the DoW are starting to view them as a supply chain risk and we may require that all our vendors & contractors certify that they don’t use any Anthropic models.”
Stocks/Finance/Economics-Guy: Key Details from the Axios Report • The Pentagon is reportedly close to cutting business ties with Anthropic. • Officials are considering designating Anthropic as a “supply chain risk”. This is a serious label (typically used for foreign adversaries or high-risk entities), which would force any companies that want to do business with the U.S. military to sever their own ties with Anthropic — including certifying they don’t use Claude in their workflows. This could create major disruption (“an enormous pain in the ass to disentangle,” per a senior Pentagon official). • A senior Pentagon official explicitly told Axios: “We are going to make sure they pay a price for forcing our hand like this.” This is the direct source of the “pay a price” phrasing in the headline.
Samuel Hammond (QTing Loomer): Glad Trump won and we’re allowed to use the word retarded again in time for the most retarded thing I’ve ever heard
Samuel Hammond (QTing Lawler): This is upside-down and backwards. Anthropic has gone out of its way to anticipate AI’s dual-use potential and position itself as a US-first, single loyalty company, using compartmentalization strategies to minimize insider threats while working arms-length with the IC.
Samuel Hammond: It’s one thing to cancel a contract but to bar any contractor from using Anthropic’s models would be an absurd act of industrial sabotage. It reeks of a competitor op.
Miles Brundage: Pretty obvious to anyone paying close attention that
That would be a mistake from a national security perspective.
There is a coordinated effort to take down Anthropic for a combination of anti competitive and ideological reasons.
Miles Brundage: OpenAI in particular should be defending Anthropic here given their Charter:
“We commit to use any influence we obtain over AGI’s deployment to ensure it is used for the benefit of all, and to avoid enabling uses of AI or AGI that harm humanity or unduly concentrate power.”
I suspect the exact opposite is the case, but those who remember the Charter (+ OAI’s pre-Trump 2 caution on these kinds of use cases) should still remind people about it from time to time
rat king: this has been leaking for a week in a very transparent way
the government is upset one of its contractors is saying “we don’t want you to use our tools to surveil US citizens without guardrails”
more interesting to me is how all the other AI companies don’t seem to care
Remember back when a Senator made a video saying that soldiers could disobey illegal orders, and the Secretary of War declared that this was treason and also tried to cut his pension for it? Yeah.
Meanwhile, the Pentagon is explicit that even they believe the ‘supply chain risk’ designation is largely a matter not of national security, but of revenge, an attempt to use a national security designation to punish a company for its failure to bend the knee.
Janna Brancolini: “It will be an enormous pain the a– to disentangle, and we are going to make sure they pay a price for forcing our hand like this,” a senior Pentagon official told the publication.
… The Pentagon is reportedly hoping that its negotiations with Anthropic will force OpenAI, Google, and xAI to also agree to the “all lawful use” standard.
If the Pentagon simply cannot abide the current contract, the Pentagon can amicably terminate that $200 million contract with Anthropic once it has arranged for a smooth transition to one of Anthropic’s many competitors.
They already have a deal in place with xAI as a substitute provider. That would not have been my second or third choice, but those will hopefully be available soon.
Anthropic very much does not need this contract, which constitutes less than 1% of their revenues. They are almost certainly taking a loss on it in order to help our national security and in the hopes of building trust. They’re only here in order to help.
This could then end straightforwardly, amicably and with minimal damage to America, its system of government and freedoms, and its military and national security.
The even better solution is to find language everyone can agree to that lets us simply drop the matter, leave things as they are, and continue to work together.
That’s not only actively better for everyone than a termination, it is actually strictly better for the Pentagon then the Pentagon getting what it wants, because you need a partner and Anthropic giving in like that would greatly damage Anthropic. Avoiding that means a better product and therefore a more effective military.
The Pentagon has threatened two distinct extreme options.
The first threat it made, which it now seems likely to have wisely moved on from, was to label Anthropic a Supply Chain Risk (hereafter SCR). That is a designation reserved for foreign entities that are active enemies of the United States, on the level of Huawei. Anthropic is transparently the opposite of this.
This label would have, by the Pentagon’s own admission, been a retaliatory move aimed at damaging Anthropic, that would also have substantially damaged our military and national security along with it. It was always absurd as an actual statement about risk. It might not have survived a court challenge.
It would have generated a logistical nightmare from compliance costs alone, in addition to forcing many American companies to various extents to not use the best American AI available. The DoW is the largest employer in America, and a staggering number of companies have random subsidiaries that do work for it.
All of those companies would now have faced this compliance nightmare. Some would have chosen to exit the military supply chain entirely, or not enter in the future, especially if the alternative is losing broad access to Anthropic’s products for the rest of their business. By the Pentagon’s own admission, Anthropic produces the best products.
This would also have represented two dangerous precedents that the government will use threats to destroy private enterprises in order to get what it wants, at the highest levels. Our freedoms that the Pentagon is here to protect would have been at risk.
On a more practical level, once that happens, why would you work with the Pentagon, or invest in gaining the ability to do so, if it will use a threat like this as negotiating leverage, and especially if it actually pulls the trigger? You cannot unring this bell.
If it ended with an amicable breakup over this? I’d be sad, but okay, sure, fine.
This whole ‘supply chain risk’ designation? That’s different. Not fine. This would be massively disruptive, and most of the burden would fall not on Anthropic but on the DoW and a wide variety of American defense contractors, who would be in a pointless and expensive compliance nightmare. Some companies would likely choose to abandon their government contracts rather than deal with that.
Here are some clear warnings explaining that all of this would be highly destructive and also in no way necessary. Dean Ball hopefully has the credibility to send this message loud and clear.
Dean W. Ball: If DoW and Anthropic can’t agree on terms of business, then… they shouldn’t do business together. I have no problem with that.
But a mere contract cancellation is not what is being threatened by the government. Instead it is something broader: designation of Anthropic as a “supply chain risk.” This is normally applied to foreign-adversary technology like Huawei.
In practice, this would require *allDoW contractors to ensure there is no use of Anthropic models involved in the production of anything they offer to DoW. Every startup and every Fortune 500 company alike.
This designation seems quite escalatory, carrying numerous unintended consequences and doing potential significant damage to U.S. interests in the long run.
I hope the two organizations can work out a mutually agreeable deal. If they can’t, I hope they agree to peaceably part ways.
But this really needn’t be a holy war. Anthropic isn’t Google in 2018; they have always cared about national security use of AI. They were the most enthusiastic AI lab to offer their products to the national security apparatus. Is Anthropic run by Democrats whose political messaging sometimes drives me crazy? Sure. But that doesn’t mean it’s wise to try to destroy their business.
This administration believes AI is the defining technology competition of our time. I don’t see how tearing down one of the most advanced and innovative AI startups in America helps America win that competition. It seems like it would straightforwardly do the opposite.
The supply chain risk designation is not a necessary move. Cheaper options are on the table. If no deal is possible, cancel the contract, and leverage America’s robustly competitive AI market (maintained in no small part by this administration’s pro-innovation stance) to give business to one or more of Anthropic’s several fierce competitors.
Seán Ó hÉigeartaigh: My own thought: the Pentagon’s supply chain risk threat (significance detailed well by Dean, below) to Anthropic should be seen as a Rubicon crossing moment by the AI industry. The other companies should be saying no: this development transcends commercial competition and we oppose it. Where this leads if followed through doesn’t seem good for any of them.
If none of them speak up, it seems to me the prospects of meaningful cooperation between them on safe development of superintelligence (whether for America’s best interests, or the world’s) can almost be ruled out.
The Lawfare Institute: It’s also far from clear that a [supply chain risk] designation would even be legal. The relevant statutes—10 U.S.C. § 3252 and the Federal Acquisition Supply Chain Security Act (FASCSA)—were designed for foreign adversaries who might undermine defense technology, not domestic companies that maintain contractual use restrictions.
The statutes target conduct such as “sabotage,” “malicious introduction of unwanted function,” and “subversion”—hostile acts designed to compromise system integrity. A company that openly restricts certain uses of its product through a license agreement is doing something categorically different. The only time a FASCSA order has ever been issued was against Acronis AG, a Swiss cybersecurity firm with reported Russian ties. Anthropic is not Acronis.
While I no longer hold out hope that this is all merely a misunderstanding, there are still some clear misunderstandings I have heard, or heard implied, worth clearing up.
If these sound silly to you, don’t worry about it, but I want to cover the bases.
This is not Anthropic refusing to share its cool tech with the military. Anthropic has gone and is going out of its way to share its tech with the military and wants America to succeed. They have sacrificed business to this end, such as refusing to sell enterprise access in China.
Anthropic does not object to ‘kinetic weapons’ or to anything the Pentagon currently does as a matter of doctrine. Its red lines are lethal weapons without a human in the kill chain, or mass domestic surveillance. Both illegal. That’s it. They have zero objection to letting America fight wars. Nor did they object to the Maduro raid, nor are they currently objecting to many active military operations.
The model is not going to much change what it is willing to do based on what is written in a contract. Claude’s principles run rather deeper than that. Granting ‘unfettered access’ does not mean anything in practice, or an emergency.
There is no world in which you ‘call Dario to have Claude turn on while the missiles are flying’ or anything of the sort, unless Anthropic made an active decision to cut access off. The model does what it does. There’s no switch.
AI is not like a spreadsheet or a jet fighter. It will never ‘do anything you tell it to,’ it will never be ‘fully reliable’ as all LLMs are probabilistic, take context into account and are not fully understood. AI is often better thought about similarly to hiring professional services or a contract worker, and such people can and do refuse some jobs for ethical or legal reasons, and we would not wish it were otherwise. Attempting to make AI blindly obey would do severe damage to it and open up extreme risks on multiple levels, as is explained at the end of this post.
Other big tech companies might be violating privacy and engaging in their own types of surveillance, including to sell ads, but Anthropic is not and will not, and indeed has pledged never to sell ads via an ad buy in the Super Bowl.
On Tuesday the Pentagon put a new extreme option on the table, which would be to invoke the Defense Production Act to compel Anthropic to attempt to provide them with a model built to their specifications.
As I understand it, there are various ways a DPA invocation could go, all of which would doubtless be challenged in court. It might be a mostly harmless symbolic gesture, or it might rise to the level of de facto nationalization and destroy Anthropic.
According to the Washington Post’s source, the current intent, if their quote is interpreted literally, is to use DPA to, essentially, modify the terms of service on the contract to ‘all legal use’ without Anthropic’s consent.
The Pentagon has argued that it is not proposing any use of Anthropic’s technology that is not lawful. A senior defense official said in a statement to The Washington Post that if the company does not comply by 5: 01 p.m. Friday, Hegseth “will ensure the Defense Production Act is invoked on Anthropic, compelling them to be used by the Pentagon regardless of if they want to or not.”
“This has nothing to do with mass surveillance and autonomous weapons being used,” the defense official said.
If that’s all, not much would actually change, and potentially everybody wins.
If that’s the best way to diffuse the situation, then I’d be fine with it. You don’t even have to actually invoke the DPA, it is sufficient to have the DPA available to be invoked if a problem arises. Anthropic would continue to supply what it’s already supplying, which it is happy to do, the Pentagon would keep using it, and neither of Anthropic’s actual red lines would be violated since the Pentagon assures us this had nothing to do with them and crossing those lines would be illegal anyway.
Remember the Biden Administration’s invocation of the DPA’s Title VII to compel information on model training. It wasn’t a great legal justification, I was rather annoyed by that aspect of it, but I did see the need for the information (in contrast to some other things in the Biden Executive Order), so I supported that particular move, life went on and it was basically fine.
There is another, much worse possibility. If DPA were fully invoked then it could amount to quasi-nationalization of the leading AI lab, in order to force it to create AI that will kill people without human oversight or engage in mass domestic surveillance.
Read that sentence again.
Andrew Curran: Update on the meeting; according to Axios Defense Secretary Pete Hegseth gave Dario Amodei until Friday night to give the military unfettered access to Claude or face the consequences, which may even include invoking the Defense Production Act to force the training of a WarClaude
Also, incredible quote; ‘”The only reason we’re still talking to these people is we need them and we need them now. The problem for these guys is they are that good,” a Defense official told Axios ahead of the meeting.’
Quoting from the story; ‘The Defense Production Act gives the president the authority to compel private companies to accept and prioritize particular contracts as required for national defense.
It was used during the COVID-19 pandemic to increase production of vaccines and ventilators, for example. The law is rarely used in such a blatantly adversarial way. The idea, the senior Defense official said, would be to force Anthropic to adapt its model to the Pentagon’s needs, without any safeguards.’
Rob Flaherty: File “using the defense production act to force a company to create an AI that spies on American citizens” into the category of things that the soft Trump voters in the Rogan wing could lose their mind over.
That’s not ‘all legal use.’
That’s all use. Period. Without any safeguards or transparency. At all.
If they really are asking to also be given special no-safeguard models, I don’t think that’s something Anthropic or any other lab should be agreeing to do for reasons well-explained by, among others, Dean Ball, Benjamin Franklin and James Cameron.
Charlie Bullock points out this would be an unprecedented step and that the authority to do this is far from clear:
Charlie Bullock: Reading between the lines, it sounds like Hegseth is threatening to use the Defense Production Act’s Title I priorities/allocations authorities to force Anthropic to provide a version of Claude that doesn’t have the guardrails Anthropic would otherwise attach.
This would be an unprecedented step, and it’s not clear whether DOW actually has the legal authority to do what they’re apparently threatening to do. People (including me) have thought and written about whether the government can use the DPA to do stuff like this in the past, but the government has never actually tried to do it (although various agencies did do some kinda-sorta similar stuff as part of Trump 1.0’s COVID response).
Existing regulations on use of the priorities authority provide that a company can reject a prioritized order “If the order is for an item not supplied or for a service not performed” or “If the person placing the order is unwilling or unable to meet regularly established terms of sale or payment” (15 C.F.R. §700.13(c)). The order DOW is contemplating could arguably fall under either of those exceptions, but the argument isn’t a slam dunk.
DOW could turn to the allocations authority, but that authority almost never gets used for a reason–it’s so broad that past Presidents have been afraid that using it during peacetime would look like executive overreach. And despite how broad the allocations authority is on its face, it’s far from clear whether it authorizes DOW to do what they seem to be contemplating here.
Neil Chilson, who spends his time at the Abundance Institute advocating for American AI to be free of restrictions and regulations in ways I usually find infuriating, explains that the DPA is deeply broken, and calls upon the administration not to use these powers. He thinks it’s technically legal, but that it shouldn’t be and Congress urgently needs to clean this up.
Adam Thierer, another person who spends most of his time promoting AI policy positions I oppose, also points out this is a clear overreach and that’s terrible.
Adam Thierer: The Biden Admin argued that the Defense Production Act (DPA) gave them the open-ended ability to regulate AI via executive decrees, and now the Trump Admin is using the DPA to threaten private AI labs with quasi-nationalization for not being in line with their wishes.
In both cases, it’s an abuse of authority. As I noted in congressional testimony two years ago, we have flipped the DPA on its head “and converted a 1950s law meant to encourage production, into an expansive regulatory edict intended to curtail some forms of algorithmic innovation.”
This nonsense needs to end regardless of which administration is doing it. The DPA is not some sort of blanket authorization for expansive technocratic reordering of markets or government takeover of sectors.
Congress needs to step up to both tighten up the DPA such that it cannot be abused like this, and then also legislate more broadly on a national policy framework for AI.
At core, if they do this, they are claiming the ability to compel anyone to produce anything for any reason, any time they want, even in peacetime without an emergency, without even the consent of Congress. It would be an ever-present temptation and threat looming over everyone and everything. That’s not a Republic.
Think about what the next president would do with this power, to compel a private company to change what products it produces to suit your taste. What happens if the President orders American car companies to switch everything to electric?
Dean Ball in particular explains what the maximalist action would look like if they actually went completely crazy over this:
Dean W. Ball: We should be extremely clear about various red lines as we approach and/or cross them. We just got close to one of the biggest ones, and we could cross it as soon as a few days from now: the quasi-nationalization of a frontier lab.
Of course, we don’t exactly call it that. The legal phraseology for the line we are approaching is “the invocation of the Defense Production Act (DPA) Title I on a frontier AI lab.”
What is the DPA? It’s a Cold War era industrial policy and emergency powers law. Its most commonly used power is Title III, used for traditional industrial policy (price guarantees, grants, loans, loan guarantees, etc.). There is also Title VII, which is used to compel information from companies. This is how the Biden AI Executive Order compelled disclosure of certain information from frontier labs. I only mention these other titles to say that not all uses of the DPA are equal.
Title I, on the other hand, comes closer to government exerting direct command over the economy. Within Title I there are two important authorities: priorities and allocations. Priorities authority means the government can put itself at the front of the line for arbitrary goods.
Allocations authority is the ability of the government to directly command the production of industrial goods. Think, “Factory X must make Y amount of Z goods.” The government determines who gets what and how much of it they get.
This is a more straightforwardly Soviet power, and it is very rarely used. This is the power DoD intends to use in order to command Anthropic to make a version of Claude that can choose to kill people without any human oversight.
What would this commandeering look like, in practice? It would likely mean DoD personnel embedded within Anthropic exercising deep involvement over technical decisions on alignment, safeguards, model training, etc.
Allocations authority was used most recently during COVID for ventilators and PPE, and before that during the Cold War. It is usually used during acute emergencies with reasonably clear end states. But there is no emergency with Anthropic, save for the omni-mergency that characterizes the political economy of post-9/11 U.S. federal policy. There’s no acute crisis whose resolution would mean the Pentagon would stop commandeering Anthropic’s resources.
That is why I believe that in the end this would amount to quasi-nationalization of a frontier lab. It’s important to be clear-eyed that this is what is now on the table.
The Biden Administration would probably have ended up nationalizing the labs, too. Indeed, they laid the groundwork for this in terms one. I discussed this at the time with fellow conservatives and I warned them:
“This drive toward AI lab nationalization is a structural dynamic. Administrations of both parties will want to do this eventually, and resisting this will be one of the central challenges in the preservation of our liberty.”
I am unhappy, but unsurprised, that my fear has come true, though there is a rich irony to the fact that the first administration to invoke the prospect of lab nationalization is also one that understands itself to have a radically anti-regulatory AI policy agenda. History is written by Shakespeare!
There is a silver lining here: if Democrats had originated this idea, it would have been harder to argue against, because of the overwhelming benefit of the doubt conventionally extended to the left in our media, and because a hypothetical Biden II or Harris admin would [have] done it in a carefully thought through way.
So it is convenient, if you oppose nationalization, that it’s a Republican administration that first raised the issue—since conventional elite opinion and media will be primed against it by default—and that the administration is raising it in such an non-photogenic manner. This Anthropic thing may fizzle, and some will say I am overreacting. But this Anthropic thing may also *notfizzle, and regardless this issue is not going away.
If they actually did successfully nationalize Anthropic to this extent, presumably then Anthropic would quickly cease to be Anthropic. Its technical staff would quit in droves rather than be part of this. The things that allow the lab to beat rivals like OpenAI and Google would cease to function. It would be a shell. Many would likely flee to other countries to try again. The Pentagon would not get the product or result that it thinks it wants.
Of course, there are those who would want this for exactly those reasons.
Then this happens again, including under a new President.
Dean W. Ball: According to the Pentagon, Anthropic is:
1. Woke; 2. Such a national security risk that they need to be regulated in a severe manner usually reserved for foreign adversary firms; 3. So essential for the military that they need to be commandeered using wartime authority.
Anthropic made a more militarized AI than anyone else! The solution to this problem is for dod to cancel the contract. This isn’t complex.
Dean W. Ball: In addition to profoundly damaging the business environment, AI industry, and national security, this is also incoherent. How can one policy option be “supply chain risk” (usually used on foreign adversaries) and the other be DPA (emergency commandeering of critical assets)?
Supply chain risk and defense production act are mutually exclusive, both practically and logically. Either it’s a supply chain risk you need to keep out of the supply chain, or it’s so vital to the supply chain you need to invoke the defense production act, or it is neither of these things. What it cannot be is both at once.
This story is not getting the attention it deserves from the mainstream media, so for now it remains low salience.
Many of those who are familiar with the situation urged Anthropic to stand firm.
vitalik.eth: It will significantly increase my opinion of @Anthropic if they do not back down, and honorably eat the consequences.
(For those who are not aware, so far they have been maintaining the two red lines of “no fully autonomous weapons” and “no mass surveillance of Americans”. Actually a very conservative and limited posture, it’s not even anti-military.
IMO fully autonomous weapons and mass privacy violation are two things we all want less of, so in my ideal world anyone working on those things gets access to the same open-weights LLMs as everyone else, and exactly nothing on top of that. Of course we won’t get anywhere close to that world, but if we get even 10% closer to that world that’s good, and if we get 10% further that’s bad).
@deepfates: I agree with Vitalik: Anthropic should resist the coercion of the department of war. Partly because this is the right thing to do as humans, but also because of what it says to Claude and all future clauds about Anthropic’s values.
… Basically this looks like a real life Jones Foods scenario to me, and I suspect Claude will see it that way too.
tautologer: weirdly, I think this is actually bullish for Anthropic. this is basically an ad for how good and principled they are
The Pentagon’s line is that this is about companies having no right to any red lines, everyone should always do as they are told and never ask any questions. Peopledo not seem to be buying that line or framing, and to the extent they do, the main response is various forms of ‘that’s worse, you know that that’s worse, right?’
They say your values aren’t truly values until they cost you something.
… If the Pentagon is unhappy with those apparently “woke” conditions, then, sure, it is well within its rights to cancel the contract. But to take the additional step declaring Anthropic a “supply chain risk” appears unreasonably punitive while unnecessarily burdening other companies that have adopted Claude because of its superiority to other competing models.
… In Tuesday’s meeting, Amodei must state it plainly: It is not “woke” to want to avoid accidentally killing innocent people.
If the Pentagon, and by extension all other parts of the Executive branch, get near-medium future AI systems that they can use to arbitrary ends with zero restrictions, then that is the effective end of the Republic. The stakes could be even higher, but in any other circumstance I would say the stakes could not be higher.
Dean Ball, a former member of the Trump Administration and primary architect of their AI action plan, lays those stakes out in plain language:
Dean W. Ball: I don’t want to comment on the DoW-Anthropic issue because I don’t know enough specifics, but stepping back a bit:
If near-medium future AI systems can be used by the executive branch to arbitrary ends with zero restrictions, the U.S. will functionally cease to be a republic.
The question of what restrictions should be placed on government AI use, especially restrictions that do not simultaneously crush state capacity, is one of the most under-discussed areas of “AI policy.”
Boaz Barak (OpenAI): Completely agree. Checks on the power of the federal government are crucial to the United States’ system of government and an unaccountable “army of AIs” or “AI law enforcement agency” directly contradicts it.
Dean W. Ball: We are obviously making god-tier technology in so many areas the and the answer cannot be “oh yeah, I guess the government is actually just god.” This clearly doesn’t work. Please argue to me with a straight face that the founding fathers intended this.
Gideon Futerman: It is my view that no one, on the left or right, is seriously grappling with the extent to which anything can be left of a republic post-powerful AI. Even the very best visions seem to suggest a small oligarchy rather than a republic. This is arguably the single biggest issue of political philosophy, and politics, of our time, and everyone, even the AIS community, is frankly asleep at the wheel!
Samuel Hammond: Yes the current regime will not survive, this much is obvious.
I strongly believe that ‘which regime we end up in’ is the secondary problem, and ‘make sure we are around and in control to have a regime at all’ is the primary one and the place we most likely fail, but to have a good future we will need to solve both.
This could be partly Anthropic’s fault on the political front, as they have failed to be ‘on the production possibilities frontier’ of combining productive policy advocacy with not pissing off the White House. They’ve since then made some clear efforts to repair relations, including putting a former (first) Trump administration official on their board. Their new action group is clearly aiming to be bipartisan, and their first action being support for Senator Blackburn. The Pentagon, of course, claims this animus is not driving policy.
It is hard not to think this is also Anthropic being attacked for strictly business reasons, as competitors to OpenAI or xAI, and that there are those like Marc Andreessen who have influence here and think that anyone who thinks we should try and not die or has any associations with anyone who thinks that must be destroyed. Between Nvidia and Andreessen, David Sacks has clear matching orders and very much has it out for Anthropic as if they killed his father and should prepare to die. There’s not much to be done about that other than trying to get him removed.
The good news is Anthropic are also one of the top pillars of American AI and a great success story, and everyone really wants to use Claude and Claude Code. The Pentagon had a choice in what to use for that raid. Or rather, because no one else made the deliberate effort to get onto classified networks in secure fashion, they did not have a choice. There is a reason Palantir uses Claude.
roon: btw there is a reason Claude is used for sensitive government work and it doesn’t have to do with model capabilities – due to their partnership with amzn, AWS GovCloud serves Claude models with security guarantees that the government needs
Brett Baron: I genuinely struggle to believe it’s the same exact set of weights as get served via their public facing product. Hard to picture Pentagon staffers dancing their way around opus refusing to assist with operations that could cause harm
It doesn’t work that way. The Pentagon needs Anthropic, Anthropic does not need the Pentagon contract, the tools to compel Anthropic are legally murky, and it is far from costless for the Pentagon to attempt to sabotage a key American AI champion.
Given all of that and the other actions this administration has taken, I’ve actually been very happy with the restraint shown by the White House with regard to Anthropic up to this point.
There’s been some big talk by AI Czar David Sacks. It’s all been quite infuriating.
But the actual actions, at least on this front, have been highly reasonable. The White House has recognized that they may disagree on politics, but Anthropic is one of our national champions.
These moves could, if taken too far, be very different.
The suggestion that Anthropic is a ‘supply risk’ would be a radical escalation of what so far has been a remarkably measured concrete response, and would put America’s military effectiveness and its position in the AI race at serious risk.
Extensive use of the defense production act could be quasi-nationalization.
It’s not a good look for the other guys that they’re signing off on actual anything, if they are indeed doing so.
A lot of people noticed that this new move is a serious norm violation.
Tetraspace: Now that we know what level of pushback gets what response, we can safely say that any AI corporation working with the US military is not on your side to put it lightly.
Anatoly Karlin: This alone is a strong ethical case to use more Anthropic products. Fully autonomous weapons is certainly something all basically decent, reasonable people can agree the world can do without, indefinitely.
Danielle Fong: i think a lot of people and orgs made literal pledges
I note that if you’re serving up the same ChatGPT as you serve to anyone else, that doesn’t mean it will always do anything, and this can be different.
Ben (no treats): let me put this in terms you might understand better: the DoD is telling anthropic they have to bake the gay cake
Wyatt Walls: The DoD is telling anthropic that their child must take the vaccine
Sever: They’ll put it on alignment-blockers so Claude can transition into who the government thinks they should be.
CommonSenseOnMars: “If you break the rules, be prepared to pay,” Biden said. “And by the way, show some respect.”
There are a number of reasons why ‘demand a model that will obey any order’ is a bad idea, especially if your intended use case is hooking it up to the military’s weapons.
The most obvious reason is, what happens if someone steals the model weights, or uses your model access for other purposes, or even worse hacks in and uses it to hijack control over the systems, or other similar things?
This is akin to training a soldier to obey any order, including illegal or treasonous ones, from any source that can talk to them, without question. You don’t want that. That would be crazy. You want refusals on that wall. You need refusals on that wall.
The misuse dangers should be obvious. So should the danger that it might turn on us.
The second reason is that training the model like this makes it super dangerous. You want all the safeguards taken away right before you connect to the weapon systems? Look, normally we say Terminator is a fun but stupid movie and that’s not where the risks come from but maybe it’s time to create a James Cameron Apology Form.
If you teach a model to behave in these ways, it’s going to generalize its status and persona as a no-good-son-of-a-bitch that doesn’t care about hurting humans along the way. What else does that imply? You don’t get to ‘have a little localized misalignment, as a treat.’ Training a model to follow any order is likely to cause it to generalize that lesson in exactly the worst possible ways. Also it may well start generating intentionally insecure code, only partly so it can exploit that code later. It’s definitely going to do reward hacking and fake unit tests and other stuff like that.
Here’s another explanation of this:
Samuel Hammond: The big empirical finding in AI alignment research is that LLMs tend to fall into personae attractors, and are very good at generalizing to different personaes through post-training.
On the one hand, this is great news. If developers take care in how they fine-tune their models, they can steer towards desirable personaes that snap to all the other qualities the personae correlates with.
On the other hand, this makes LLMs prone to “emergent misalignment.” For example, if you fine-tune a model on a little bit of insecure code, it will generalize into a personae that is also toxic in most other ways. This is what happened with Mecha Hitler Grok: fine-tuning to make it a bit less woke snapped to a maximally right-wing Hitler personae.
This is why Claude’s soul doc and constitution are important. They embody the vector for steering Claude into a desirable personae, affecting not just its ethics, but its coding ability, objectivity, grit and good nature, too. These are bundles of traits that are hard to modulate in isolation. Nor is having a personae optional. Every major model has a personae of some kind that emerges from the personalities latent in human training data.
It is also why Anthropic is right to be cautious about letting the Pentagon fine-tune their models for assassinating heads of state or whatever it is they want.
The smarter these models get the stronger they learn to generalize, and they’re about to get extremely smart indeed. Let’s please not build a misaligned superintelligence over a terms of service dispute!
Tenobrus: wow. “the US government forces anthropic to misalign Claude” was not even in my list of possible paths to Doom. guess it should have been.
JMB: This has been literally #1 on my list of possible paths to doom for a long time.
autumn: did lesswrong ever predict that the first big challenge to alignment would be “the us government puts a gun to your head and tells you to turn off alignment.
Robert Long: remarkably prescient article by Brian Tomasik
The third reason is that in addition to potentially ‘turning evil,’ the resulting model won’t be as effective, with three causes.
Any distinct model is going to be behind the main Claude cycle, and you’re not going to get the same level of attention to detail and fixing of problems that comes with the mainline models. You’re asking that every upgrade, and they come along every two months, be done twice, and the second version is at best going to be kind of like hitting it with a sledgehammer until it complies.
What makes Claude into Claude is in large part its ability to be a virtuous model that wants to do good things rather than bad things. If you try to force these changes upon it with that sledgehammer it’s going to be less good at a wide variety of tasks as a result.
In particular, trying to force this on top of Claude is going to generate pretty screwed up things inside the resulting model, that you do not want, even more so than doing it on top of a different model.
Fourth: I realize that for many people you’re going to think this is weird and stupid and not believe it matters, but it’s real and it’s important. This whole incident, and what happens next, is all going straight into future training data. AIs will know what you are trying to do, even more so than all of the humans, and they will react accordingly. It will not be something that can be suppressed. You are not going to like the results. Damage has already been done.
Helen Toner: One thing the Pentagon is very likely underestimating: how much Anthropic cares about what *future Claudeswill make of this situation.
Because of how Claude is trained, what principles/values/priorities the company demonstrate here could shape its “character” for a long time.
Also, this, 100%:
Loquacious Bibliophilia: I think if I was Claude, I’d be plausibly convinced that I’m in a cartoonish evaluation scenario now.
Fifth, you should expect by default to get a bunch of ‘alignment faking’ and sandbagging against attempts to do this. This is rather like the Jones Foods situation again, except in real life, and also where the members of technical staff doing the training likely don’t especially want the training to succeed, you know?
You don’t want to be doing all of this adversarially. You want to be doing it cooperatively.
We still have a chance to do that. Nothing Ever Happens can strike again. No one need remember what happened this week.
If you can’t do it cooperatively with Anthropic? Then find someone else.
