I honestly thought they were long dead, maybe jealousy/resentment over the motorola deal brought them to try to do a hit piece?

Adding my vouch here, for what it's worth. It is well known that actual security-conscious people/professionals trust Graphene, while Copperhead has long been a mostly-neglected hostile takeover.

(epistemic status: this was written in a weekend, it's not necessarily up to rigorous academic standards)

This was my first AI safety-related project, and I had fun! This stuff is currently more of a side interest but I am feeling increasingly motivated to pursue projects that mitigate potential harms of AI (incl. extinction threat).

Syscon: Kernel-Level Syscall Monitoring for AI Agent Control in Sandboxed Environments | Apart Research Apart Research is an independent research organization focusing on AI safety. We accelerate AI safety research through mentorship,
collaborations, and research sprints

Syscon uses syscall logs (seccomp-bpf, audit) to form taint graphs tying low-level control flows to high-level tool calls.

We track execution across multiple boundaries (e.g. A forks B, writes to file C. D reads file C and makes a network connection to E...)

apartresearch.com/project/sysc...

Happy to report my team's project "Syscon" co-won the LinuxArena track of the 2026 Apart AI Control Hackathon!

Bare minimum OPSEC here is finding a way to anonymously obtain bitcoin if one must pay for the upgraded version. @proton.me should endeavor to support Monero for their subscription services.

If your adversary is the FBI you should probably not be using your regular payment information with Protonmail, because even if they protect email at rest (and in transit given specific conditions), they are obligated to comply with Swiss LE.

How Vulnerable Are Computers to an 80-Year-Old Spy Technique? Congress Wants Answers A pair of US lawmakers are calling for an investigation into how easily spies can steal information based on devices’ electromagnetic and acoustic leaks—a spying trick the NSA once codenamed TEMPEST.

Senators Wyden and Brown are requesting an investigation into side-channel and TEMPEST attacks. www.wired.com/story/how-vu...

Low-lifes like that interview guy used this exact same baiting strategy to market his product. At this point the strategy seems sort of obvious.

At what point is this stuff just advertisement for a particular mediocre ChatGPT wrapper with canvas integration. The bleak reality is that students at all levels are using regular models to cheat, and whether they have to click 4 or 5 times to submit an assignment doesn't really change anything.

My best guess is companies should add "if you insider trade based on knowledge from your employment here, you are liable to be sued for a lot of money" to their contracts, and governments should have similar regulations but enshrined in law.

I generally lead towards there being some good in prediction markets (I think predictive accuracy is a positive externality when it's something real and not sports) but I don't have a good answer for the problem of wide-scale insider trading affecting decision making in government and companies.

Wait, I'm pretty sure insider trading is not forbidden generally on Kalshi or Polymarket. So the only reason there was punishment here is because Kalshi had a contract with his employer? Hmm

I know all the power users are disabling permissions, but the best these things are getting out of me is "you're allowed to read anything in this folder", and even then I'd rather there be strict OS-level sandboxing to enforce it.

What did you think --dangerously-skip-permissions meant, vibes? Essays?

Golden Gate Claude When we turn up the strength of the “Golden Gate Bridge” feature, Claude’s responses begin to focus on the Golden Gate Bridge. For a short time, we’re making this model available for everyone to inter...

Re: model distillation theft, Anthropic could do the funniest thing right now.
www.anthropic.com/research/sma...
www.anthropic.com/news/golden-...

Our GNL domain list has some overlap with censorship measurements of domains from existing lists (Tranco, CitizenLab), and contains almost 300,000 censored domains not covered by either of these lists.

We also explore the rumor of Geedge deployments in Algeria.

We used a variety of extraction methods (all recursive) to extract any domain names we could find in the Geedge Networks leak. We then filtered the raw domain strings to a list of 6.9 million real domains using 1.1.1.1 resolution, and performed measurement experiments in various countries.

I presented our work: "Geedge Cases: Censorship Measurement Insights from the Geedge Networks Leak" to FOCI 26 (winter, online) today, detailing our pipeline for finding domain censorship rules in the Geedge Networks leak.

(this is a gag, to be clear, but Claude made a very fancy diagram for it)

Cooking up new forms of rock-paper-scissors

having seen "1-letter usernames" on my side of Signal, I was surprised to see it's common enough elsewhere to mention. I wonder if there's a common thread for why people do this. Maybe paranoia from back before Signal added "dont allow discovery from phone numbers"?

If this post shows up on some analyst's radar, let it be known that I think 钻洞鼬 would be a pretty good codename.

Do PRC security researchers give foreign threat actors^W^W security researchers cool codenames? Asking for a friend.

My team and I are happy to accept "Best Circumvention Tool" at Jump The Wall at DistrictCon 1! More details to come!

The Nvidia exec fears PhDs reading this

I mostly agree personally but also, it's not peer reviewed or anything.

It's mostly a joke -- tier 1 security conferences (Usenix, NDSS, S&P) carry a lot of weight with academics so they tend to be preferred for presenting work over smaller conferences or non-academic events like CCC.

But counterpoint - CCC is fun and arguably has a larger reach.

Was so happy to get to present at Congress. Petition to reclassify it as a T1? :3