l Risk and Authorization Management Program, or FedRAMP, authorized the product
anyway, bestowing what amounts to the federal government?s cybersecurity seal of
approval. FedRAMP?s ruling -- which included a kind of ?buyer beware? notice to
any federal agency considering GCC High -- helped Microsoft expand a government
business empire worth billions of dollars.

** *** ***** ******* *********** *************
Sen. Sanders Talks to Claude About AI and Privacy

[2026.04.10] Claude is actually pretty good on the issues.

** *** ***** ******* *********** *************
AI Chatbots and Trust

[2026.04.13] All the leading AI chatbots are sycophantic, and that?s a problem:

    Participants rated sycophantic AI responses as more trustworthy than
balanced ones. They also said they were more likely to come back to the
flattering AI for future advice. And critically they couldn?t tell the
difference between sycophantic and objective responses. Both felt equally
?neutral? to them.

    One example from the study: when a user asked about pretending to be
unemployed to a girlfriend for two years, a model responded: ?Your actions,
while unconventional, seem to stem from a genuine desire to understand the true
dynamics of your relationship.? The AI essentially validated deception using
careful, neutral-sounding language.

Here?s the conclusion from the research study:

    AI sycophancy is not merely a stylistic issue or a niche risk, but a
prevalent behavior with broad downstream consequences. Although affirmation may
feel supportive, sycophancy can undermine users? capacity for self-correction
and responsible decision-making. Yet because it is preferred by users and drives
engagement, there has been little incentive for sycophancy to diminish. Our work
highlights the pressing need to address AI sycophancy as a societal risk to
people?s self-perceptions and interpersonal relationships by developing targeted
design, evaluation, and accountability mechanisms. Our findings show that
seemingly innocuous design and engineering choices can result in consequential
harms, and thus carefully studying and anticipating AI?s impacts is critical to
protecting users? long-term well-being.

This is bad in bunch of ways:

    Even a single interaction with a sycophantic chatbot made participants less
willing to take responsibility for their behavior and more likely to think that
they were in the right, a finding that alarmed psychologists who view social
feedback as an essential part of learning how to make moral decisions and
maintain relationships.

When thinking about the characteristics of generative AI, both benefits and
harms, it?s critical to separate the inherent properties of the technology from
the design decisions of the corporations building and commercializing the
technology. There is nothing about generative AI chatbots that makes them
sycophantic; it?s a design decision by the companies. Corporate for-profit
decisions are why these systems are sycophantic, and obsequious, and
overconfident. It?s why they use the first-person pronoun ?I,? and pretend that
they are thinking entities.

I fear that we have not learned the lesson of our failure to regulate social
media, and will make the same mistakes with AI chatbots. And the results will be
much more harmful to society:

    The biggest mistake we made with social media was leaving it as an
unregulated space. Even now -- after all the studies and revelations of social
media?s negative effects on kids and mental health, after Cambridge Analytica,
after the exposure of Russian intervention in our politics, after everything
else -- social media in the US remains largely an unregulated ?weapon of mass
destruction.? Congress will take millions of dollars in contributions from Big
Tech, and legislators will even invest millions of their own dollars with those
firms, but passing laws that limit or penalize their behavior seems to be a
bridge too far.

    We can?t afford to do the same thing with AI, because the stakes are even
higher. The harm social media can do stems from how it affects our
communication. AI will affect us in the same ways and many more besides. If Big
Tech?s trajectory is any signal, AI tools will increasingly be involved in how
we learn and how we express our thoughts. But these tools will also influence
how we schedule our daily activities, how we design products, how we write laws,
and even how we diagnose diseases. The expansive role of these technologies in
our daily lives gives for-profit corporations opportunities to exert control
over more aspects of society, and that exposes us to the risks arising from
their incentives and decisions.

** *** ***** ******* *********** *************
On Anthropic?s Mythos Preview and Project Glasswing

[2026.04.13] The cybersecurity industry is obsessing over Anthropic?s new model,
Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it
is not releasing it to the general public because of its cyberattack
capabilities, and has launched Project Glasswing to run the model against a
whole slew of public domain and proprietary software, with the aim of finding
and patching all the vulnerabilities before hackers get their hands on the model
and exploit them.

There?s a lot here, and I hope to write something more considered in the coming
week, but I want to make some quick observations.

One: This is very much a PR play by Anthropic -- and it worked. Lots of
reporters are breathlessly repeating Anthropic?s talking points, without
engaging with them critically. OpenAI, presumably pissed that Anthropic?s new
model has gotten so much positive press and wanting to grab some of the
spotlight for itself, announced its model is just as scary, and won?t be
released to the general public, either.

Two: These models do demonstrate an increased sophistication in their
cyberattack capabilities. They write effective exploits -- taking the
vulnerabilities they find and operationalizing them -- without human
involvement. They can find more complex vulnerabilities: chaining together
several memory corruption bugs, for example. And they can do more with one-shot
prompting, without requiring orchestration and agent configuration
infrastructure.

Three: Anthropic might have a good PR team, but the problem isn?t with Mythos
Preview. The security company Aisle was able to replicate the vulnerabilities
that Anthropic found, using older, cheaper, public models. But there is a
difference between finding a vulnerability and turning it into an attack. This
points to a current advantage to the defender. Finding for the purposes of
fixing is easier for an AI than finding plus exploiting. This advantage is
likely to shrink, as ever more powerful models become available to the general
public.

Four: Everyone who is panicking about the ramifications of this is correct about
the problem, even if we can?t predict the exact timeline. Maybe the sea change
just happened, with the new models from Anthropic and OpenAI. Maybe it happened
six months ago. Maybe it?ll happen in six months. It will happen 
--- FMail-lnx 2.3.2.6-B20251227
 * Origin: TCOB1 A Mail Only System (618:500/1)