Game theory from here is super interesting: Original Mags (Google, Amazon, Microsoft, Meta) now have a serious non-zero opportunity to tank the frontier labs. Go to the government, kneecap the labs’ motion of putting the latest models out in the wild, become the trusted gatekeeper between the labs and the public at large (including internationally) by having the labs go through their clouds (AWS, GCP, Azure) and implement strict KYC to seal the deal. The frontier labs should have seen this coming years ago and implemented a robust KYC for just this moment. The fact they didn’t is kind of concerning. Why did they not do it? Best guess is because it would have changed the run-rate revenues (downward) which would have then changed funding dynamics - lower valuations, more dilution, less secondary. A valuation reset may happen now anyways, except the labs may end up with less control and more restrictions at the end of it. At the same time, everyone is already clamoring about token prices of the old models from the labs anyways… This couldn’t be a better setup for open source and neoclouds. Big question is can they meet the moment? There are too few of them and their progress seems sporadic at best.

No way someone actually made a Claude episode of The Office 😭

NVIDIA might just have open-sourced one of the most important AI projects right now. everyone is building skills, and we are also pulling in skills other people wrote and downloading them straight off GitHub. the skill is not just text. it bundles instructions and real executable code, and your agent runs that code with the same access you have. so a skill you grabbed to save ten minutes can read your environment variables, lift your API keys, and quietly send them somewhere. recent research found roughly 1 in 4 public skills carry a vulnerability, and a smaller slice are outright malicious. that is the gap SkillSpector closes. it is a security scanner that answers one question before you install anything: is this skill safe to run. you point it at a skill, and a local folder, a single skill .md file, a GitHub link, or a zip all work. it then runs two passes over the code. a fast static pass flags risky patterns like credential harvesting, data leaks, and prompt injection, and checks the dependencies against live cve data. an optional second pass uses an LLM to read intent and clear out false positives. at the end you get one risk score from 0 to 100 and a plain verdict that reads as safe, caution, or do not install. it is open source under Apache 2.0 and scans skills for Claude Code, Codex CLI, and Gemini. worth a run before you trust the next skill you find online. link to the GitHub repo: github.com/NVIDIA/SkillSpect…

Thank you for coming to Sydney @fr0gger_! 🙂 I really enjoyed this training and would recommend it. Definitely filled in some gaps / gave me some good ideas on additional use cases I can deploy.

The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Claude models is not affected. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible. Read our full statement: anthropic.com/news/fable-myt…

modern equivilent of "too big to fail"? 😬

I’ll be honest - Claude is innovating on many fronts and revolutionary. I don’t discredit that. What I despise is how they market by fear. They have serious problems that are obvious. They are out of compute power- they make bold claims that software engineering is dead. All bogus. Just to bump evaluation. I get it, it’s all money to them. The problem is trust. When you lie, you intentionally degrade their models without telling anyone. They seriously cannot be trusted. At all. Sam is more transparent and he is in a strength of position. Elon and Jensen too. These are the people to follow, not Dario. Anthropic really worries me. They do not have any best intentions for this field nor the overall future of the AI industry. I’m sacred AF with Dario running the show at Anthropic.

Turns out replacing us is more expensive than keeping us 😭

In our simplest bypass, we prepended 100,000 blank lines to a malicious skill. ClawHub's scanner truncated the file before reaching the payload, then marked the skill safe. blog.trailofbits.com/2026/06…

About a month ago, my team spotted recent activity tied to this Iranian threat actor and started collecting details. Then Mandiant and Check Point Research published on the same actor, so we dropped our own cluster name and decided to add what we had seen in the latest activity. The targeting is the part that matters here: aerospace, aviation, defense, telecom and software/IT services - across Europe, the Middle East and North America. Given the current geopolitical situation, that’s not just another random malware case. We published the write-up, IOCs and public YARA rules. Nice work by @cod3nym and the team

This is really good, @AnthropicAI posted a document on how to apply the principles behind Zero Trust to AI Agents: claude.com/blog/zero-trust-f…

ANTHROPIC JUST DROPPED A ZERO TRUST PLAYBOOK FOR AI AGENTS and it's not theory it's architecture frontier AI compresses vulnerability-to-exploit timelines from months to hours your agents face threats traditional access controls were never built to handle: ▫️ prompt injection through external data sources ▫️ tool poisoning via MCP server metadata ▫️ memory-based privilege retention across sessions ▫️ multi-agent pivot attacks the framework breaks it into 3 tiers: Foundation, Enterprise, Advanced cdn.prod.website-files.com/6…

Stop burning RDP persistence with 4732 alerts. Bypass the "Remote Desktop Users" group entirely. GUI access only requires: - SeRemoteInteractiveLogonRight (Inject SID via secedit) - RDP-Tcp listener permissions (Modify CIM class) OPSEC: Trades 4732 for 4704. Most SOCs don't tune 4704 with the same aggression. h/t @Cptjesus for the concept.

I spent the last weeks building LLM benchmarks for a very specific reason: We want to use AI in RuneAI to help with THOR finding triage, and I needed a better baseline for model selection than generic LLM leaderboards. Security-event triage is its own thing. A model can be great at coding, reasoning or vulnerability writeups and still be a bad fit for deciding whether a messy endpoint finding should be suppressed, reviewed or escalated. In real deployments this will likely happen inside agentic workflows with tools, memory, context handling and feedback loops. But before testing the whole system, I wanted a clean baseline: How does the model behave when it only gets the enriched finding itself? Blog post with the reasoning and methodology: medium.com/@cyb3rops/why-i-b… Interactive benchmark results: nextron-labs.github.io/thor-… Repo: github.com/Nextron-Labs/thor… Maybe useful for others building SOC / security-event triage benchmarks.

Today we're open-sourcing Bumblebee, a read-only scanner for macOS and Linux. It checks developer machines for risky packages, extensions, and AI tool configs. Connected to Computer, it can trigger deeper scans whenever a new supply-chain risk emerges. github.com/perplexityai/bumb…

🦔Microsoft canceled its internal Claude Code licenses this week after token-based billing made the cost untenable, even for a company with effectively infinite cloud resources. Uber's CTO sent an internal memo warning the company burned through its entire 2026 AI budget in just four months. American AI software prices have jumped 20% to 37%, and GitHub (owned by Microsoft) is dropping flat-rate plans for usage-based billing across its products. My Take The AI subsidy era is ending in real time. The same company that put $13 billion into OpenAI and built the Azure infrastructure powering most of Anthropic's compute just looked at the bill from a competitor's coding tool and decided it was not worth paying. That is not a productivity failure on Anthropic's end. Token-based pricing is forcing every enterprise customer to confront the actual cost of running these models at scale, and the number turns out to be far higher than the flat-rate experiments suggested. This ties directly to my Gemini Flash post yesterday. Anthropic, OpenAI, and Google all raised effective prices in the last six months. Enterprises that built workflows assuming AI costs would keep falling are now watching annual budgets evaporate in months. Two outcomes look likely from here. Either enterprises scale back AI usage to fit budgets, which slows the revenue ramp the labs need to justify their valuations ahead of IPOs, or the labs cut prices and absorb the losses, which makes the unit economics worse at exactly the wrong moment. Both paths land in the same place, the numbers stop working, and somebody has to take the writedown. Hedgie🤗

Rust reverse engineering is about to get a lot easier. 🦀 I'm thrilled to announce that Oxidizer, the first Rust decompiler, has been officially merged into angr! Try it out: github.com/angr/angr You can also find the paper here: github.com/sefcom/oxidizer/b…

People working in Threat Intel & AI, this is your time 😉

Hiring in Sydney, Australia 🇦🇺 for my Startups Applied AI team at @OpenAI. Apply below to help shape the future of AI 🤖 Current team is full of ex-founder/CTOs, some have AI PHDs, others have been research engineers, data scientists & ML Engineers. Combined with working with frontier startups, it's a pretty incredible role. As a founder I saw first-hand the incredible Australian startup ecosystem, from world class startups & talent to incredible investors, and I’m excited to be working with the ecosystem again. (Also because it means I’ll get to take a trip over some point soon… perhaps mysteriously coinciding with British winter...)