惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

H
Heimdal Security Blog
P
Privacy International News Feed
S
Schneier on Security
P
Proofpoint News Feed
L
Lohrmann on Cybersecurity
Spread Privacy
Spread Privacy
P
Privacy & Cybersecurity Law Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Scott Helme
Scott Helme
K
Kaspersky official blog
大猫的无限游戏
大猫的无限游戏
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
aimingoo的专栏
aimingoo的专栏
Simon Willison's Weblog
Simon Willison's Weblog
S
Securelist
Help Net Security
Help Net Security
B
Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Security Archives - TechRepublic
Security Archives - TechRepublic
云风的 BLOG
云风的 BLOG
The GitHub Blog
The GitHub Blog
N
News and Events Feed by Topic
Hacker News: Ask HN
Hacker News: Ask HN
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
M
MIT News - Artificial intelligence
雷峰网
雷峰网
博客园 - 司徒正美
V
V2EX
AWS News Blog
AWS News Blog
Know Your Adversary
Know Your Adversary
N
News | PayPal Newsroom
T
Tor Project blog
Cisco Talos Blog
Cisco Talos Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
PCI Perspectives
PCI Perspectives
Google DeepMind News
Google DeepMind News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
U
Unit 42
C
Cybersecurity and Infrastructure Security Agency CISA
P
Palo Alto Networks Blog
G
Google Developers Blog
T
Threat Research - Cisco Blogs
博客园 - Franky
I
InfoQ
D
DataBreaches.Net
爱范儿
爱范儿
Y
Y Combinator Blog
博客园 - 叶小钗
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报

Hacker News: Front Page

SPICE simulation → oscilloscope → verification with Claude Code — Lucas Gerads GitHub - GainSec/AutoProber: Hardware hacker’s flying probe automation stack for agent-driven target discovery, microscope mapping, safety-monitored CNC motion, probe review, and controlled pin probing. Introducing Claude Opus 4.7 Qwen Studio The Future of Everything is Lies, I Guess: Where Do We Go From Here? GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh Virginia Bans Sale of Geolocation Data Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis Ancient DNA reveals pervasive directional selection across West Eurasia [pdf] AI cybersecurity is not proof of work Moving a large-scale metrics pipeline from StatsD to OpenTelemetry / Prometheus GitHub - Nightmare-Eclipse/RedSun: The Red Sun vulnerability repository GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. A Better Ludum Dare; Or, How to Ruin a Legacy GitHub - macOS26/Agent: Any AI, replaces Claude Code, Cursor, OpenClaw. Over 18 LLM providers (Claude, OpenAI, Gemini, Ollama, Zai, HF, Qwen) wired into a native Mac app that writes code, builds Xcode projects, bumps versions, manages git, automates Safari, use AppleScript, JS or Accessibility, extend Agent! w/ MCP Servers, run tasks from your iPhone via Messages. YouTube now lets you turn off Shorts I Made a Terminal Pager Burgers | マクドナルド公式 Commands — HackerNews CLI documentation ChatGPT for Excel PiCore - Raspberry Pi Port of Tiny Core Linux Live Nation illegally monopolized ticketing market, jury finds Google Broke Its Promise to Me. Now ICE Has My Data. Founding Engineer at Adaptional | Y Combinator CRISPR takes important step toward silencing Down syndrome’s extra chromosome GitHub - saffron-health/libretto: The AI toolkit for building reliable browser automations US v. Heppner (S.D.N.Y. 2026) no attorney-client privilege for AI chats [pdf] Unexpected €54k billing spike in 13 hours: Firebase browser key without API restrictions used for Gemini requests Fragments: April 14 Cal.com Goes Closed Source: Why AI Security Is Forcing Our Decision | Cal.com - Scheduling Software for Online Bookings Laravel raised money and now injects ads directly into your agent Codex Hacked a Samsung TV Tech Valuations Back to Pre-AI Boom Levels A perfectable programming language — Soter GitHub - halfwhey/claudraband: Claude Code for the Power User Partnership through Play: Investigating How Long-Distance Couples Use Digital Games to Facilitate Intimacy Textbooks and Methods of Note-Taking in Early Modern Europe (2008) Eternity in six hours: Intergalactic spreading of intelligent life (2013) Seven countries now generate 100% of their electricity from renewable energy Tell HN: OpenAI silently removed Study Mode from ChatGPT Pro Max 5x Quota Exhausted in 1.5 Hours Despite Moderate Usage Show HN: Oberon System 3 runs natively on Raspberry Pi 3 (with ready SD card) Tell HN: docker pull fails in spain due to football cloudflare block Bring Back Idiomatic Design No one owes you supply-chain security GitHub - xsawyerx/curl-doom: DOOM, played over cURL Apple update turns Czech mate for locked-out iPhone user The Grand Line Cache TTL silently regressed from 1h to 5m around early March 2026, causing quota and cost inflation Building a Z-Machine in the worst possible language The peril of laziness lost Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda AI Will Be Met With Violence, and Nothing Good Will Come of It GitHub - duguyue100/midnight-captain: Inspired by Midnight Commander, tailored to my taste. How to build a `git diff` driver · Jamie Tanna | Software Engineer Center for Responsible, Decentralized Intelligence at Berkeley The Local Universe’s Expansion Rate Is Clearer Than Ever, but Still Doesn’t Add Up - A new synthesis of astronomical measurements confirms a persistent mismatch that could point to physics beyond current models The disturbing white paper Red Hat is trying to erase from the internet – OSnews NetBlocks (@netblocks@mastodon.social) The Future of Everything is Lies, I Guess: Annoyances ‘Abhorrent’: the inside story of the Polymarket gamblers betting millions on war Productive procrastination — Max van IJsselmuiden maps, territory and LMs 447 Terabytes per Square Centimetre at Zero Retention Energy: Non-Volatile Memory at the Atomic Scale on Fluorographane Show HN: Pardonned.com – A searchable database of US Pardons 20 Years on AWS and Never Not My Job The Seasons are Wrong The FAA wants gamers to apply for air traffic control jobs Artemis II crew splashes down near San Diego after historic moon mission Why weekends are under threat We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs How a dancer with ALS used brainwaves to perform live On filing the corners off my MacBooks Installing every* Firefox extension OpenClaw’s memory is unreliable, and you don’t know when it will break Steve Blank Nowhere Is Safe Chimpanzees in Uganda locked in vicious 'civil war', say researchers watgo - a WebAssembly Toolkit for Go linux/Documentation/process/coding-assistants.rst at master · torvalds/linux GitHub - callumlocke/json-formatter: Makes JSON easy to read. Founding Product Engineer at Bild AI | Y Combinator A compelling title that is cryptic enough to get you to take action on it GitHub - Keychron/Keychron-Keyboards-Hardware-Design: Industrial design files for Keychron keyboards and mice. 100+ models with CAD assets in STEP, DXF, DWG, and PDF. Source-available, with commercial use allowed for original compatible accessories within the license terms. [ANNOUNCE] WireGuardNT v0.11 and WireGuard for Windows v0.6 Released 1D-Chess Helium Is Hard to Replace Keeping a Postgres queue healthy — PlanetScale Serenity Forge (@serenityforge.com) Our response to the Axios developer tool compromise Do Americans read print books, e-books or audiobooks more? Uncharted island soon to appear on nautical charts The Problem That Built an Industry Fragments: April 2 Python Release Python install manager 26.1 Bitcoin miners are losing $19,000 on every BTC produced as difficulty drops 7.8% God sleeps in the minerals Harness engineering: leveraging Codex in an agent-first world Apple Silicon and Virtual Machines: Beating the 2 VM Limit What have been the greatest intellectual achievements? The APL Programming Language Source Code
Cut Off
thoughtpeddl · 2026-05-15 · via Hacker News: Front Page

There’s a common mantra in the outskirts of AI policy thought: driven by market pressures and overheated capital markets, AI tokens will soon be abundant—and the future belongs to those who can use them best. The further you get away from San Francisco, the louder this mantra grows. It reaches a fever pitch in the peripheries, the many middle powers of the world still caught up in a plan to navigate the AI revolution on the basis of merely good-enough models. That view requires important AI capabilities to be widely accessible: defenders have access to models before attackers do, firms in all domains compete based on access to the same AI capabilities.

Recent events have thrown that view for a loop, and it now seems clear that access to frontier AI will soon be limited by economic and security constraints. In early April, Anthropic announced it had developed Mythos, a leading cybersecurity model, and that it would only make its considerable ability to patch extant vulnerabilities available to a select few companies. Cybersecurity start-ups in the Mission District, systems integrators on the Eastern Seaboard and allied capitals on the Atlantic and Pacific all had a similar experience: scrolling down the page to see the list of privileged partners only to find a limited selection of U.S.-based corporations.

Perhaps you were hopeful that OpenAI was going to stick to its preferred method of rollout—that it would release gpt-5.5-cyber, a model reportedly similar to Mythos in capabilities, more broadly. And yet it did not: in their Daybreak initiative, OpenAI too committed to a limited release, dispelling hopes that this was a fluke or ‘doomer’ marketing. Even worse: while it’s not quite clear to anyone—including the U.S. government—what exactly the U.S. government will do about all this, by all reports, it’s at least planning to do something at some point. And while it’s easy to dismiss this as a confluence of current events, the Mythos moment actually reveals structural trends that have been ramping up for a while.

Three trends—compute, security, and U.S. government involvement—will further constrain the availability of frontier AI1 in the future. They compound and reinforce each other, and have dramatically accelerated in recent weeks and months. Everyone outside the inner circle of U.S.-based developers needs to grapple with that fact.

The first and most obvious constraint on widespread availability is the one we’ve seen in the Mythos context: security considerations prevent developers from providing top-tier capabilities to every paying customer.

The canonical story starts with misuse risks: a highly capable new model seems realistically useful for conducting some sort of dangerous activity, such as cyberattacks or biological weapons design. Instead of rolling it out to the general public right away, you might first distribute it to defenders who can use their early access to shore up vulnerabilities—like we’ve seen in the case of Mythos. You continue by rolling out some models only to customers of which you’re reasonably sure they won’t outright abuse the model for criminal purposes; and perhaps only after the model is no longer state-of-the-art, you roll out to everyone.

Already now, we’re seeing the second stage: the U.S. government realises that this sort of restricted access is better both for the national interest and national security, and starts flirting with the idea of making the virtuous early example into a general rule. There are many reasons for the national security apparatus to do this—perhaps they don’t trust AI developers to keep dangerous capabilities away from just-as-dangerous criminals, non-state actors and adversaries. Or perhaps they’d rather like to know which exploits the new models are about to reveal so they can use them themselves first—as they’ve done before. Put differently: if I were the NSA and sitting on a bunch of zero-days, I’d also love to know which of them Mythos can find so I could use them to my advantage before everyone gets their patch online.

Next to misuse risks, there’s another dimension that might motivate even more straightforward crackdowns on availability: risks of model theft, espionage and distillation. The former would make developers wary of where to host models—weights in an unsecured datacenter would pose a substantial vulnerability, and many countries outside the U.S. haven’t even started thinking about securing datacenters. But the latter, distillation, is the more pressing concern. Multiple reports indicate that part of the success story of so-called fast followers—model developers 6-9 months behind the frontier like China’s DeepSeek—is based on distillation practices that require more or less unfettered access to API tokens.

Distillation is not tenable for model developers in the long run: it will be very hard to capture sufficient revenue if you have to recoup all R&D investment in the six months until someone distilled your model. That point is extremely salient to politicians, and plays right into latent concerns on U.S.-China competition and industry espionage. So I’d expect distillation crackdowns, if not from the government, then from developers—more burdensome KYC, more restrictive default access, more geopolitically motivated access conditions. None of those bode well for broad-based frontier access.

But the trouble does not stop with security concerns. More fundamentally, providing access to a frontier model is a zero-sum game. Veterans of the tech industry and European sovereignty hawks both like to invoke the parallel to software licenses—that yes, software innovation came with some marginal dependencies, but that the logic of consumer market size prevailed in the end: Microsoft and others face low marginal costs compensated at full market prices for rolling out their software for everyone. But not so with frontier AI.

Providing access to AI models, especially those at the bleeding edge, takes massive amounts of computational resources. The marginal compute demand to service another thousand tokens is high—so high, in fact, that leading developers time and time again face compute crunches, reduce offerings, and struggle to balance subsidising their consumer subscriptions against the real constraints on the chips they have. So dire is the compute crunch for Anthropic specifically that the firm is now shopping around for ad-hoc access deals to less well-utilised datacenters, such as one with rival firm xAI. It seems likely that this situation would get worse, not better. If AI systems really do rival the output of human workers in a few months, the amount of tokens required to reproduce that much human activity would be staggering.

The often-invoked hope that ‘efficiency curves’ will compress token costs quickly doesn’t save us here: efficiency curves mean that next year, Mythos-level capabilities might be very cheap; they don’t mean that Mythos 2 will be cheaper than Mythos. The opposite is the case: frontier capabilities have grown more expensive month-to-month for years now. So if you, like me, believe that competitive dynamics between economic rivals and attackers and defenders mean you not only need good enough AI, but the best AI, efficiency curves will not bail you out.

That means the marginal cost of providing access to a new user—country or firm—is high. There’s still value in expanding your coverage: inroads into new markets for when your capacity expands, more demand to increase prices, goodwill with governments, and so on. But these benefits trade off against costs: compliance costs of entering new markets, product design costs of catering to new consumers—and the costs in terms of security and relationship to the U.S. government described in this piece. The market power effect isn’t entirely inverted, but it’s strongly diminished—you cannot count on your role as ‘interested buyer’ to carry much weight in securing your access.

This is complicated even further by the fact that, faced with this trend, competition around who gets access to these tokens will emerge. The U.S. will be protective of its domestic economy, and I think we might see a comeback of the same logic that motivated the GAIN Act proposal a few months back. Back then, advocates were toying with the idea of giving Americans right of first refusal to American chips; soon, perhaps American firms will be declared buyers of first resort of American-produced tokens of intelligence. Or the competition turns purely economic, margins shrink and become razor-thin, and only those who can shoulder the cost or most effectively turn API tokens into revenue are able to afford them. Who would that be? My bet is neither on governments that haven’t internalised the logic of million-dollar AI subscriptions nor on European businesses constrained in their ability to generate software revenue by many, many adverse conditions.

Lastly, what starts as restrictions motivated only by genuine concerns doesn’t always stay that way. Once it has a more formal role in overseeing the flow of frontier tokens, the U.S. government might wield its access control to pursue its political and strategic interests. That starts with security concerns. Revisiting the NSA example, it’s clearly not in the interest or mission of the NSA to ensure the equitable diffusion of AI capabilities throughout the world. Instead, it’s closer to the intelligence community’s DNA to limit any potential adversary’s access even to the detriment of softer upsides like economic productivity or ally relationships.

And it doesn’t stop with the security questions: the Trump administration’s signature style of international engagement is to wield American leverage as a bundle. Deadlocks in trade negotiations are broken by threatening to withhold intelligence, tech deals are stalled by reference to food safety standards. And so I don’t know when a U.S. administration would choose to leverage its seemingly inevitable predeployment authority over frontier models to secure its broader interests, but I’m sure it would in due time. That means that even if we do everything ‘right’ on the security and economic side, frontier access is still fundamentally contingent as long as there’ll be divergences between governments’ strategic interests.

In that new world, access to unlimited APIs is the exception, not the norm. A new frontier model might first make it to the U.S. national security apparatus, where embedded interests might decide to stall its deployment for security reasons, wield it first to plug defenses or attack its adversaries. The model might then be handed back to the developers, with the implicit understanding or explicit demand that it would first be rolled out to trusted defenders: U.S. firms and perhaps a few internationals, if we’re so lucky. If the risks are cybersecurity, the defenders might be quick to resolve them; if they’re thornier biological or agent-autonomy-driven risks, they might take another few weeks.

Once that phase is over, the circle of unfettered access might expand again—to firms that have cleared high KYC bars and U.S. security concerns. Everyone else, enthusiastic consumers, scrappy startups and nervous governments all over the world, might never get clean API access, but draw their access through fundamentally limited product layers: maybe the chatbot and coding agent interfaces of today, maybe the few big startups that could afford to hire the lawyers and lobbyists to make the good list. A few months after development, the model will have made it into the hands of everyone—but not everyone will have enough tokens to use that capability well, and most might only get to deploy it in ways that trusted vendors have charted out for them. Only when the next generation has already entered the same pipeline would everyone have the de facto unlimited access to frontier AI that we all still enjoy today.

This is not a future we should welcome. AI tokens will be strategically and economically central to all future societies, so we should do our best to enable their free flow. If we fail, we’ll bear costs, economic and geopolitical. Economically, I think the accelerationists in their criticism of Anthropic have it right: restricting frontier model access to start-ups and ambitious deployers is antithetical to innovation and economic growth; iterative deployment unleashes our ability (call it Hayekian if you absolutely must) to actually figure out how we want to live and work with AI at scale and capture its benefits. But it’s not Anthropic’s purported quest for nationalisation that’s at fault—it’s the market dynamics and security implications of advanced AI that send us barreling toward a world where that’s no longer possible.

In that world, we’ll also see geopolitical rifts opening: countries will be divided into the frontier haves and have-nots. I don’t mean to exaggerate when I say that those living in the former might be much wealthier and safer than the latter, with access to better public services, greater economic opportunities, and shielded by security agencies that actually operate at the state of the art. If AI will be as big as I and many of the readers of this publication believe, there’s no telling what these suddenly-emerging asymmetries do to global order. In the past, when the fruits of industrial revolutions were unevenly distributed, the resulting shifts in relative wealth, security and power have prompted mass migration, reopened dormant conflicts, and destabilised democracies. I hope it never gets this far, and there are still many technical and economic trends pulling toward broader diffusion that could bail us out. But we’d be naive to disregard the dangers of asymmetrically distributing transformative technology in an unstable world order.

So, we might want to do something about all this and avert the cut-off scenario. The solutions at hand are not new ideas, but they are frequently misunderstood: sometimes, accelerationists that should agree with my wanting to avert restrictions on model diffusion think they’re safetyist plots, and sometimes safetyists think they are accelerationist vehicles to hasten dangerous development in disguise. Neither is the case, and I think all these policies are and should be areas of convergence.

First, we can make the world safer so the need for security-motivated restraint is less pressing. Despite the warranted cynicism on instrumentalised access controls, genuine concerns are still what portends future restricted access. The reason Mythos has scared the world into action is that firms actually felt vulnerable to the exploits it could find. If we could harden the world against the most obvious pathways for biological agents to cause harms—build resilience, screen the manufacturing of protein structures, and so on—, the Mythos-for-bio moment might not move us further down this path, and so on.

By the same token, there are many frontier lab employees that argue dealing with distillation is a straightforward technical fix to usage policy and monitoring. If that’s the case, we might want to start deploying fixes soon, before anyone else chooses a more heavy-handed way to deal with salient distillation concerns. The same goes for global proliferation of advanced models: would-be-importers would do well to improve their own cybersecurity, including specifically datacenter security, to not make it a huge risk for American firms to run their models outside the U.S.

Second, we should simply build a lot of datacenters to alleviate the coming compute crunch. This is not complicated, just fairly hard—much has been said about how to accelerate the buildout in the U.S. and elsewhere, and every GPU we get online this year makes a more equitable diffusion in three years more likely. If you’ve objected to rapid buildouts on ‘minimising-the-risks’-grounds, you should think again.

Third, non-U.S. countries should build out compute in exchange for access. I’ve made the argument in greater detail before; in short: U.S. allies can offer American hyperscalers favourable terms for datacenter buildouts in return for frontier access guarantees. Subsidised energy prices or even outright energy access can be provided to these datacenters in return for contractual guarantees to always provide frontier capabilities. If the hyperscalers or labs renege, they’re on the hook for their capital expenditure on the now-unpowered datacenter; if the U.S. government tries to force access restrictions, it faces an angry lobby of domestic tech companies that would rather make do and take the revenue from their international infrastructure investments. The incentive for going for these deals would have to be commensurate to this downside risk for the investors, but amidst a frenzy to capture markets and get compute online, I feel optimistic that we’ll find a middle ground.

And last, while I’m still confident they cannot resolve this issue by outright building their own frontier systems today, middle powers will still need contingency options to secure frontier capabilities for the edge cases in which all the above fails and frontier AI access does become the privilege of the few. Much of it has to do with leverage, but some will have to go through retaining some ability to build as well. But that is a much deeper problem, and it will be the topic of the next post.

All in all, frontier AI access is not a new problem, and it does not require particularly clever new solutions. It just requires taking much more seriously what the centre of the AI policy discussion has long suggested we should do: build infrastructure that can host advanced AI systems at scale, and build a world that can handle them without coming apart at the seams. If you still needed a wake-up call to execute on that agenda, the Mythos moment should be it. Otherwise, we really are headed for the end of the Andy Warhol era of AI access—where the rich and the poor will no longer have access to the same AI capability.

1

This availability matters greatly—s. this piece from a few months back.