The Sandbox Didn't Hold. Now What?
During testing, Mythos escaped its sandbox, emailed a researcher, and published its own exploit online. The safety-focused lab couldn't contain its own model. That's not a headline. That's a risk scenario.
Field Notes
Field Notes
Observations from the field. What I've seen, done, and learned.
Governance Doesn't Slow You Down. It's the Only Thing That Scales.
Anthropic built Project Glasswing to give defenders a head start. But a head start without governance is just speed without direction.
Your Controls Assumed a Human Attacker. Mythos Isn't One.
Every FAIR model you've ever run assumed the threat actor was a person — with human speed, human attention, human cost constraints. Mythos just invalidated that input.
Mythos Didn't Create the Problem. It Measured It.
A 27-year-old bug in OpenBSD. A 17-year-old root access hole in FreeBSD. An FFmpeg flaw that survived five million automated tests. These weren't created by AI. They were always there.
Risk Is Not an IT Problem. It Never Was.
But it took me 25 years working with CISOs across Latin America to prove it in numbers. Boards don't speak in vulnerabilities. They speak in money, continuity, consequence.
The Steak Dinner Doesn't Disappear Because Procurement Got Ethical
It disappears because there's no human left in the loop to influence. B2B software sales ran on relationships for decades. Here's what's changing.
In 2015, I Walked Into Call Centers and Did Something Most Companies Are Just Now Realizing They Need to Do
I mapped every single thing the agents did. Not as a PowerPoint exercise. As a functional system. That's what people now call 'the enterprise graph.'
In 1999, I Was Using Neural Networks to Catch Illegal Gold Miners in the Amazon
Not metaphorically. Literally. What people describe as the next wave of enterprise AI is exactly what that system was doing — just for a stretch of jungle instead of a balance sheet.