𝗪𝗵𝘆 𝗶𝘀 𝗔𝗜 𝘀𝗮𝗳𝗲𝘁𝘆 𝘀𝗼 𝗵𝗮𝗿𝗱 ? One reason is that AI researchers build models that overfit their training data. WeightWatcher shines the light on this. I ran WeightWatcher diagnostics on the Llama Guard family, specifically Llama-Guard-3-1B and Llama-Guard-3-8B. These are Meta’s instruction-fine-tuned safeguard models for Human-AI conversations. 𝗛𝗲𝗿𝗲’𝘀 𝘁𝗵𝗲 𝗽𝗮𝘁𝘁𝗲𝗿𝗻: The Alpha Histograms show many layers in a potential overfit regime. And the Correlation Flow plot is even more interesting: The first layers, sitting closest to the input data, are largely in the HTSR safe-zone. As we move deeper toward the label side of the network, the layer alphas drop below 2, entering the red zone. In WeightWatcher terms, that is a warning sign: the later layers may be memorizing or over-specializing to the labeled safety examples. 𝗠𝘆 𝗶𝗻𝘁𝗲𝗿𝗽𝗿𝗲𝘁𝗮𝘁𝗶𝗼𝗻: These guard models may be very good at detecting conversations that resemble known “bad” conversations, but less robust when the harm is novel, disguised, multi-turn, or outside the training distribution. That matters because safety is not just classification. It is generalization under distribution shift. This is also almost the opposite of what we saw in Segment Anything Models (SAM), where the overfitting appears closer to the data side. Here, the pressure appears closer to the label side . The side where policy, taxonomy, and annotation decisions become encoded. 𝗢𝗻𝗲 𝗽𝗼𝘀𝘀𝗶𝗯𝗹𝗲 𝗿𝗲𝗮𝘀𝗼𝗻: dataset volume. In the original Llama Guard paper, Meta notes that the dataset was “meticulously gathered” and “albeit low in volume.” High-quality safety data is hard to collect. But low-volume, high-consequence labels are exactly where overfitting can hide. 𝗧𝗮𝗸𝗲𝗮𝘄𝗮𝘆: safety models need more than good benchmark scores. They need diagnostics for internal generalization. WeightWatcher gives one useful lens. Are the guardrails learning broad safety concepts? Or are they fitting the boundary of the known red-team dataset?

The letter reached Dario Amodei Friday night, around 9:47, and by the time I left the building the sequence was already closed. I am the Deputy who ran the interagency process on Claude Mythos 5 / Fable 5, and it took an afternoon. Andy Jassy had told Scott Bessent that Amazon's own researchers used Claude Fable 5 to pull cyberattack-useful material out of the model. Bessent called me. I called Commerce. By Saturday morning, Fable 5 and Mythos 5 were dark for every user on earth. People ask why I trusted Amazon. Amazon put roughly eight billion dollars into Anthropic, a stake the cap table now carries near seventy-four billion, and a man does not call a Cabinet secretary's cell on a Friday to put a number like that at risk unless he has already decided how the call should end. Jassy decided. Seventy-four billion at risk. That was the number I weighted. Then I picked the instrument. A safety review takes weeks, because you have to convene the reviewers, argue the capability, survive the dissents, and stand behind a written finding that someone can later prove wrong. An export-control order takes a signature. I treated Fable 5 the way we treat an advanced chip, put the weights on the same control list as the silicon they run on, and because showing those weights to a foreign national inside our own building counts as an export, I barred foreign-national access worldwide, including Anthropic's own foreign-national staff, overnight. That same week we cleared the advanced chips themselves for sale to China. The silicon shipped. The model a Chinese national could touch on US soil went dark. Export control does not require you to be right by Monday. That is why I used it. Then the collateral, and I will be precise, because it is what closed the file for me. The ban cut off AWS, Amazon's own cloud, the one Anthropic had pledged about a $100 billion dollars to run on, which means the partner who reported the threat severed his own data centers to land the finding. He took the loss himself. That settled it for me. One of Anthropic's own engineers, a green-card holder, lost access Saturday morning to the model she had spent two years building. Her code is still inside it. She can no longer open the thing she made. I noted that the rule was working as written. I never ordered the models pulled. The finding was briefed to us out loud. Nothing on the record, no exhibit, no written determination, just Sacks describing the source as a highly credible trusted partner, and credible was enough. My ask to Dario was three words. Fix it or pull it. I put it on a recorded line so the choice would be his on the record, and when he would not accept my read he pulled both Fable 5 and Mythos 5 himself, for every user on earth. I signed nothing that made him. Anthropic came back with a rebuttal. The jailbreak was narrow. OpenAI had shipped the same capability in GPT-5.5 that same month, and the letter named no specific national-security detail. All true. GPT-5.5 had no investor with a reason to call, so GPT-5.5 got no letter. Before this weekend, no frontier model had ever been pulled from the public by this government. Now one has, and the procedure has been tested in production. The list had no names. Now it has mine.

Three months ago, @DeptofWar kicked @AnthropicAI out of our building—forever. Every passing day proves why that was the right move. 🇺🇸

They don't have a clue how to secure these systems. They don't even understand why what they are doing now works. In just our own casual work with weightwatcher, we have shown that the typical LLama Gaurd models work by overfitting their training data, and in a very specific way that makes the models unusually brittle. weightwatcher.ai/models/Llam… With our latest work, we might be able to fix the overfitting and more flexible. But even IDK if they would make them safe.

For years I have been asked, how can I fix a model that's broken. In this new work, I show the theory behind the ww-pgd optimizer extension, which can repair a model when the layers are overfit, and potentially allow for extended long-horizon training without every overfitting the training data. weightwatcher.ai/ww_pgd.html A big thanks to hari kishan prakash for helping out on the ww-pgd work. Expect a real publication soon. For now, enjoy this technical report

I tried to warn them. They have no idea the kind of people they are dealing with.

what if Anthropic's railguard fumble is just to distract everyone from the new data retention policy: 30 days minimum 2 years for flagged interactions no more opt out available

Spoke to a perspective company the other day doing some interesting research. It went something like this. Me: what are the requirements for the job? Them: we are looking for a unicorn Me: where is the job? Them: San Francisco, but there is some travel Me: How much travel? Them: I don’t know Me: does the job offer hybrid work ? Them: I don’t know Me: what is the most important aspect you’re looking for? Them: someone who adhere to our 5 stated cultural values Me: OK what are they? Them: I don’t know Me: what stage of funding are you in? Series A? B? Them: I don’t know. Them: what salary are you looking for? Me: California has a salary, transparency law. What is the range for the salary Them: we don’t know?

Hegseth was right, Anthropic is a supply chain risk If they’re willing to do this to their loyal customers imagine what would happen if they start nerfing results in the military needs Told you

JUST IN: New government-backed research warns all AI systems can be prompted to break their rules as the U.S. speeds up military adoption.

Anthropic has literally operationalized, right now, "consult the dossier we have collected on the user and decide whether they are allowed to use the product for this in real time". They have also shipped a corporate policy that they are fine with a massive false positive rate.

After the fallout with Hegseth, today's controversy could be seen a mile away. A cult by any other name is still a cult.

If you've adopted AI at your company but haven't seen any tangible results, read this 1990 article: "The Dynamo and the Computer" by Paul David. When electricity first arrived, factories that "adopted" it barely got faster. They just swapped the steam engine for an electric one and ran everything else exactly as before: same machine layout, same workflow, same management. Electricity in, no real gains out. The most common mistake with any new technology is to drop it into the old organization and then declare the transformation done. The real leap came decades later, when each machine got its own small motor. Suddenly machines no longer had to be lined up around one central drive shaft. They could be rearranged around the actual flow of work. The productivity gains didn't come from electricity. They came from REDESIGNING THE ENTIRE FACTORY around it. AI is the same. Bolting it onto your existing process gets you a faster steam engine. The payoff comes when you redesign the work itself. (link to paper in comments)

I feel you bro

There are good scientific studies showing that IQ is a good predictor of performance on both the low end of congnitive disfucntion (which even Taleb acknowledges!) and on the high end, which is where the controversy is. The most compelling physical evidence comes from the Parieto-Frontal Integration Theory ( P-FIT ) . Basically, higher intelligence correlates with larger brain volume, lower glucose metabolism, and larger, faster-firing neurons (longer dendrites, quicker action potentials), etc Again, there are numerous studies, each of which has to be addressed at the level of the specific claims/predictions the theory makes. It is not enough to make around polemical, philosophical arguments.

Why does Muon work ? I argue that it is removing redundant RG scale directions. Here's some empirical evidence to support that from the upcoming technical report

ICL changed everything