Good morning from Baltimore!

Politics, Capital, and Attention

There are two things that I am trying to understand, both captured very well in Bloomberg’s Tuesday evening homepage.

1. AI: Can’t go too far these days without someone talking about AI - how it’s a bubble how it’s the future how it’s both a bubble and the future. And the broader question there is about how the stock market can be so divorced from reality (or maybe, it’s just about understanding what reality the stock market inhabits)

2. The economic decisions of the Trump administration

In the below image, Trump highlights both. He says that the Democrats have shutdown the government, citing a successful economy AND a successful stock market (but sometimes it’s Bidens economy, so you never really know). He says he is open to meeting about healthcare, which is great progress toward ending said shutdown.

But that line about the stock market is interesting. He’s right! It is a record stock market! Presumably, stocks would be cowering at this point.

• Tariffs beat down profits (we now have tariffs on trucks, which is a flip-over-the-economic-table kind of move as it will make literally everything more expensive)

• The dollar is flailing in the wind - and sure, a weaker dollar helps multinationals, but it also challenges returns

• Many of the recent political decisions - no matter how you feel about them! - are creating an isolated United States, which likely isn’t good for economic growth.

Political instability usually rattles investors, but US investors seem to only see the United States of AI and literally nothing else. Ruchir Sharma wrote in the FT that “America is now one big bet on AI” which is true and as he points out, it’s a costly bet:

Outside of the AI plays, even European stock markets have been outperforming the US this decade, and now that gap is starting to spread. So far in 2025, every major sector from utilities and industrials to healthcare and banks has fared better in the rest of the world than in the US.

The US stock market is booming, but it’s all relative. There is a lot of glee in talking about bubbles. If you remove yourself from the situation, it is rather exciting to watch big companies toss around billions of dollars. It’s thrilling to gleefully tweet “the crash is COMING! Buckle up!” There is a sense of stability in the madness - we all know it’s absurd, no one knows if it’s going to work (not even the guys in charge), and it gives everyone something to talk about.

It gives the government immense power

Because the indexes are green, the government can apparently cancel funding that has already been congressionally approved, threaten allies, or bail out Argentina while railing against “globalism”. The feedback loop is simple:

• Markets rise → Public confidence holds → Political risk premiums fall → Markets rise again.

I think for a while I thought that the stock market was just ignoring politics. But it isn’t! It is politics now, a political actor that can grant or withhold legitimacy1. Artificial intelligence fuels valuations, those valuations stabilize public confidence, that confidence grants the administration power, and the administration protects the system that sustains it.

The stock market has never been the economy - it’s really a reflection of what the economy dreams it could be in a world where share buybacks translate to meaningful productivity. But as AI swallows up more and more capital, it is both the economy and the stock market - and the government.

Gold keeps going up too.

Normally, equities and gold move in opposite directions. Stocks up, gold down. Fear or faith, pick one. But not now. The S&P is surging on AI optimism while gold is surging toward $4,000 an ounce. It is up 51% this year, the best performing asset this year2. The dollar is down 10%3. Both fear and faith are rallying simultaneously, which is rare and usually not a great sign.

Odd Lots had a good interview on the push-and-pull here. Viktor Shvets sees a cycle - tech is ripping apart society (apparently a good investment) so people are buying gold as a “hedge against destruction”.

The US equity market doesn’t seem to care. Both are winning right now, but both can’t be right forever. The US equity market is betting everything on one story:

• Nearly 40% of US GDP growth this year comes from AI.

• According to Morgan Stanley, “roughly 75% of S&P 500 returns, 80% of earnings growth, and 90% of capital expenditures growth” can be attributed to the AI data center build out.

• AI companies hold $1.2T in debt, the largest segment in the investment grade market.

• Nvidia, Microsoft, and Apple now account for over 20% of the S&P 500 index.

The underlying idea here is that AI surely will generate boundless bounty later, so valuations don’t have to make sense now. Nothing has to make sense now!

The Circle of Joy

The AI companies are spending a lot of money, primarily with each other. It’s a circular economy of speculation, as Bloomberg wrote about here.

• Nvidia invested $100 billion in OpenAI to build out AI infrastructure, and so OpenAI could buy $100 billion worth of Nvidia chips. OpenAI has signed about $1 trillion in deals this year. They are raising a bunch of debt to fund this because they do not have the revenue (right now, it’s about $12 billion) to finance the deals. xAI is raising money from Nvidia to buy Nvidia processors?

• OpenAI is buying 6 gigawatts of AMD chips over the next few years and also has the ability to buy up to 10% of AMD shares for the cost of one penny each?

• Everyone is making money because they are all making money from each other.

Bain & Co. estimates this wave of AI infrastructure spending will require $2 trillion in annual revenue by 2030 to justify it which is more than the combined 2024 revenues of Apple, Amazon, Alphabet, Microsoft, Meta, and Nvidia.

The companies primarily make money through (1) subscriptions and (2) money paid to use these data centers.

But the companies have two headwinds.

1. The $2T required here is more than 5x the annual subscription market, meaning they are going to need for a lot of people to pay for this. A lot of people don’t want to pay.

2. The hardware depreciates in two to three years. Unlike the fiber laid during the dot-com boom, none of this will mature into durable capacity, as the WSJ highlighted.

So what do you do when you need 5x the global subscription software market to cover costs?

You make a social media app.

Everyone Gets a Social Media Company

1. OpenAI launched Sora, a TikTok-like app that’s more focused on creation and posting than being “social” (whatever that means anymore) and Meta launched Vibes, another AI video feed. The goal here is likely to sell ads, in the same way that TikTok does. Carcinization and advertisement (adinization?): everything is destined to be a crab, everything is destined to be an ad.

This is interesting for a few reasons.

1. AI is extraordinarily expensive but still searching for demand: Training frontier models will likely cost billions of dollars. But only a small fraction of people pay for these services. Some companies are starting to abandon it. Building a social media company is a sign that they’re chasing volume. They need eyeballs, data, and ads to offset the costs of scaling.

2. Social media is a last-resort monetization model: When tech companies can’t make enough money on software licensing, subscriptions, or enterprise products, they default to attention. It’s reliable: people scroll; advertisers pay. The thing to watch here is that people are increasingly upset by social media, with almost 50% of teens saying that it harms people their age. John Burn Murdoch argues that we have passed peak social media.

3. It signals a maturity problem: Right now, the supply of AI capabilities is growing faster than actual use cases. The economy hasn’t figured out what to do with all this intelligence yet, so it’s turning it into spectacle. And there are clear consequences - the technology is good. It’s good enough to be used maliciously and it will be. And there is very little talk of policy or guardrails to rein it in.

4. It mirrors the late-stage tech pivot pattern: We saw this with crypto: when speculative returns dried up, projects pivoted to “community” and “social.” We saw it with Web3: when utility collapsed, companies turned to “metaverse” marketing (ahem, some of them changed the name of their whole company). Now we’re seeing it with AI: a turn toward social platforms that keep the narrative alive and keep investors engaged.

AI was sold as the end of slop but what it delivered was more slop. The market rewards attention, not utility, and both AI and politics has adapted to that logic.

The story that’s supposed to justify $2 trillion in annual revenue by 2030 has pivoted to... selling ads on AI-generated TikTok videos. That’s maybe the big payoff. That’s what’s sustaining the market confidence that’s granting political latitude. Gold traders see this. That’s why they’re hedging. Equity traders see it too but they just think the story lasts long enough to get a bag and get out.

The Government

And the bags are plentiful. AI’s sheer power - social media app or not - gives the government political cover. As long as portfolios are green, the electorate stays somewhat calm. The administration is effectively borrowing confidence from the AI bubble. Speculation has become governance.

Understanding this loop explains both of those questions I had.

• The market stays green because of AI speculation.

• That market stability creates political latitude.

• That latitude allows the administration to do otherwise-impossible things.

• And the administration protects the AI investments that sustain the loop.

Investors are trying to bet on which company the Trump administration will invest in next.

• Intel roared up 82% after Trump shoveled $10 billion into them for a 10% stake.

• The government invested $35 million in a Vancouver-based mining business partly owned by Trump donor John Paulson, giving Paulson approximately $70 million additional dollars.

If the government invests in your company, you’re rich! Apparently the grid is next! A far cry from Reagan’s quip that “the nine most terrifying words in the English language are ‘I’m from the government and I’m here to help.’ Now, the nine most terrifying words “I’m from the government and I’m blocking your datacenter” or something. It’s a very strange form of socialism!

Outside of AI, the US economy is wobbling.

• Manufacturing activity has contracted.

• ADP data showed that in 3 out of the past 4 months, the private sector lost jobs.

• Carlyle Group developed their own proprietary labor market data (necessary during a shutdown) based on their portfolio companies and real estate investments that apparently shows a completely flattened labor market.

• But other components of the economy - like inflation and GDP growth - don’t show signs of a recession. The labor market does, which is very strange.

Which is why both gold and equities keep climbing. The equity market believes the AI story overrides everything else. The gold market believes something is fundamentally breaking. They’re both reacting to the same underlying reality, but they just have different theories about what happens next.

I spoke with Austan Goolsbee of the Chicago Federal Reserve about the labor market, and our conversation will be up tomorrow as their data says something else - but everything is confusing. The reality is confusing.

So: the stock market inhabits a different reality where AI speculation is all that really matters. We are in a rate-cutting cycle, with loose fiscal policy - might as well spend a ton of money on everything. The Mag7 will be completely fine either way.

And what explains the Trump administration’s economic decisions? Well, as long as the stocks stay up4, the administration has room to do things that would be impossible during volatility. Cancel appropriations. Block elected representatives from being sworn in. Invest public money in donor companies!

The stock market has become an emotional infrastructure that allows speculative sovereignty and has created an economy that governs through its own price chart.

Both gold and equities are surging because they’re hedging different kinds of collapse. Gold trades on fear of the system. AI trades on faith in the story. That both are rallying tells you something about where we are.

This is what it means to live in the United States of AI. Democracy as an asset class or something. For now, the line keeps going up. But speculation isn’t stability, and the permission government borrows from investors is never really its own.

Thanks for reading.

Presently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing

You see it all the time after a tragedy occurs somewhere, and people flock to offer their sympathies via the "thoughts and prayers" line. Sympathy is great, and we should all express that sentiment appropriately. The criticism, however, is that the line is often offered as a substitute for meaningful action. Responding to an incident with "thoughts and prayers" doesn't actually do anything, which brings us to court injunctions in the wake of a data breach.

Let's start with HWL Ebsworth, an Australian law firm that was the victim of a ransomware attack in 2023. They were granted an injunction, which means the following:

The final interlocutory injunction restrained hackers from the ALPHV, or “BlackCat”, hackers group from publishing the HWL data on the internet, sharing it with any person, or using the information for any reason other than for obtaining legal advice on the court’s orders.

To paraphrase, the injunction prohibits the Russian crime gang that hacked the law firm and attempted to extort them from publishing the data on the internet. Right... The threat actor was subsequently served with the injunction, to which, per the article, they responded in an entirely predictable fashion:

Fuck you fuckers

And then they dumped a huge trove of data. Clearly, criminals aren't going to pay any attention whatsoever to an injunction, but this legal construct has reach far beyond just the bad guys:

The injunction will also “assist in limiting the dissemination of the exfiltrated material by enabling HWLE to inform online platforms, who are at risk of publishing the material”, Justice Slattery said.

In other words, the data is also off limits to the good guys. Journalists, security firms and yes, Have I Been Pwned (HIBP) are all impacted by injunctions like this. To some extent, you can understand this when the data is as sensitive as what a law firm typically holds, and you need only use a little bit of imagination to picture how damaging it can be for data like this to fall into the wrong hands. But data in a breach of a company like Qantas is very different:

And now here’s mine. Still no indication of specifically which service was breached, but feels very much like loyalty program data (i.e. nothing to do with specific flights, password, passport or payment details). pic.twitter.com/r7KnlfM8TV

— Troy Hunt (@troyhunt) July 11, 2025

As well as my interest in running HIBP, I also appear to be a victim of their data breach, along with my wife and kids. And just to highlight how much skin I have in the game, I'm also a Qantas shareholder and a very loyal customer:

Sitting at the airport about to take my 301st (tracked) @Qantas flight. Nice banter with the staff: “you can lose my data, just don’t lose my bags” 😬 pic.twitter.com/ZGxc4I0aB1

— Troy Hunt (@troyhunt) July 2, 2025

As such, I was particularly interested when they applied for, and were granted, a court injunction of their own. Why? What possible upside does this provide? Because by now, it's pretty clear what's going to happen to the data:

This is from a Telegram channel run by the group that took the Qantas data, along with some other huge names:

🚨🚨🚨BREAKING - New data leak site by Scattered LAPSUS$ Hunters exposes Salesforce customers. Dozens of global companies involved in a large-scale extortion campaign.

Scattered LAPSUS$ Hunters claims to have breached Salesforce, exfiltrating ~1B records.
They accuse Salesforce… pic.twitter.com/u2PAO7miyP

— Hackmanac (@H4ckmanac) October 3, 2025

"Scattered LAPSUS$ Hunters" is threatening to dump all the data publicly in a couple of days' time unless a ransom is paid, which it won't be. The quote from the Telegram image is from a Qantas spokesperson, and clearly, the injunction is not going to stop the publishing of data. Much of my gripe with injunctions is the premise that they in some way protect customers (like me), when clearly, they don't. But hey, "thoughts and prayers", right?

Without wanting to give too much credit to criminals attempting to ransom my data (and everyone else's), they're right about the media outlets. An injunction would have had a meaningful impact on the Ashley Madison coverage a decade ago, where the press happily outed the presence of famous people in the breach. Clearly, the Qantas data is nowhere near as newsworthy, and I can't imagine a headline going much beyond the significant point balances of certain politicians. The data just isn't that interesting.

The injunction is only effective against people who meet the following criteria:

1. People who know there's an injunction in place
2. People who are law-abiding
3. People in Australia *

The first two points are obvious, and an asterix adorns the third as it's very heavily caveated. This from a chat with a lawyer friend thir morning who specialises in this space:

it would depend on which country and whether it has a reciprocal agreement with Australia eg like the UK and also who you are trying it enforce it against and then it’s up to the court in that country to determine - but as this is an injunction (so not eg for a debt against a specific person) it’s almost impossible - you  can’t just register a foreign judgement somewhere  against the world at large as far as I know.

So, if the injunction is so useless at providing meaningful protections to data breach victims, what's the point? Who does it protect? In researching this piece, the best explanation I could find was from law firm Clayton Utz:

Where that confidentiality is breached due to a hack, parties should generally do - and be seen to be doing - what they can to prevent or minimise the extent of harm. Even if injunctions might not impact hackers, for the reasons set out above, they can provide ancillary benefits in relation to the further dissemination of hacked information by legitimate individuals and organisations. Depending on the terms, it might also assist with recovery on relevant insurance policies and reduce the risk of securities class actions being brought.

That term - "be seen to be doing" - says it all. This is now just me speculating, but I can envisage lawyers for Qantas standing up in court when they're defending against the inevitable class actions they'll face (which I also have strong views on), saying "Your honour, we did everything we could, we even got an injunction!" In a previous conversation I had regarding another data breach that had successfully been granted an injunction, I was told by the lawyer involved that they wanted to assure customers that they'd done everything possible. That breach was subsequently circulated online via a popular clear web hacking site (not "the dark web"), but I assume this fact and the ineffectiveness of the injunction on that audience was left out of customer communications. I feel pretty comfortable arguing that the primary beneficiary of the injunction is the shareholder, rather than the customer. And I assume the lawyers charge for their time, right?

Where this leaves us with Qantas is that, on a personal note, as a law-abiding Australian who is aware of the injunction, I won't be able to view my data or that of my kids. I can always request it of Qantas, of course, but I won't be able to go and obtain it if and when it's spread all over the internet. The criminals will, of course, and that's a very uncomfortable feeling.

From an HIBP perspective, we obviously can't load that data. It's very likely that hundreds of thousands of our subscribers will be impacted, and we won't be able to let them know (which is part of the reason I've written this post - so I can direct them here when asked). Granted, Qantas has obviously sent out disclosure notices to impacted individuals, but I'd argue that the notice that comes from HIBP carries a different gravitas: it's one thing to be told "we've had a security incident", and quite another to learn that your data is now in circulation to the extent that it's been sent to us. Further, Qantas won't be notifying the owners of the domains that their customers' email addresses are on. Many people will be using their work email address for their Qantas account, and when you tie that together with the other exposed data attributes, that creates organisational risk. Companies want to know when corporate assets (including email addresses) are exposed in a data breach, and unfortunately, we won't be able to provide them with that information.

I understand that Qantas' decision to pursue the injunction is about something much broader than the email addresses potentially appearing in HIBP. I actually think much of the advice Qantas has given is good, for example, the resources they've provided on their page about the breach:

These are all fantastic, and each of them has many good external resources people worried about scams should refer to. For example, ScamWatch has this one:

And cyber.gov.au has a handy tip courtesy of our Australian Signals Directorate makes this suggestion:

Not to miss a beat, our friends at IDCARE also offer great advice:

And, of course, the OAIC has some fantastic guidance too:

The scam resources Qantas recommends all link through to a service that will never return the Qantas data breach. Did I mention "thoughts and prayers" already?

Presumably, some time in the eighteenth century, in a pit somewhere, the dumbest man in Cwm Rhondda seriously said something like “why does the foreman care so much about bloody canaries? Why are we having to cut a shift short and lose pay just for the sake of his pet?”. And this became a joke repeated down the mines until the invention of the Davy Lamp.

But here we are today, and people still seem not to understand that when development is stalled by protected habitats for bats, newts and snails, it’s not really the snails we’re protecting.

There are three kinds of species that are mentioned in the various habitat protection legislation. Some things are protected simply because they’re endangered themselves[1]. Some are “keystone species”, which are protected because they’re known to occupy an important place in the system and if they go, a lot of cascading damage will ensure.

But there are also a bunch of little critters (often invertebrates like the fabled newts and salamanders) which need to be monitored as part of the job of assessing the health of a particular habitat. And, of course, if you monitor something at regular intervals, and take action when it appears to be endangered, then that looks a lot like protection for the actual thing; just like it looked to Dewi Twp in 1788 like the foreman was looking after his canary.

Water regulation is a bit of a wicked problem in this regard, because the nature of groundwater is that when you draw some of it out in one place, the effects might show up somewhere else. In the particular site in Horsham which our Chancellor was talking about, developments have been stalled for a while in a big area, because in the course of monitoring a couple of protected sites (including one of the three habitats of the whirlpool snails), Natural England noticed that things were drying out at a faster rate than expected.

This is, actually a big problem. The whole of south east England has inadequate reservoirs (due to the kind of problems I wrote about in The Problem Factory), and consequently makes too much use of the underground aquifer. It’s been known for ages that this was unsustainable.

When you start seeing the predicted problems actually happening, unfortunately that really is a “down tools lads” moment for housing development, until you can do a bunch of expensive survey work and find out exactly what’s happening to the aquifer. Quite apart from anything, you don’t necessarily want to be building tens of thousands of houses in a location where it turns out that supplying them with water is going to be vastly more expensive than you had planned for.

I think there’s a real risk of the phenomenon “IBGYBG” happening here. In the run-up to the financial crisis of the 2000s, a lot of bad deals went out the door because the people selling them figured that “I’ll be gone, you’ll be gone”; the consequences would only become apparent after all the parties involved in structuring the deals had moved on in their careers or retired.

The nature of early warning systems is that if they’re functioning, they stop activity when it isn’t causing any harm. And so at the point where the red light flashes, it looks like bureaucracy gone mad has prevented the development of 20,000 family homes in order to protect some funny snails. The trouble is, that in fifty years’ time, when the aquifer is depleted, the houses are worthless because of subsidence, the river is a kill-zone and everything has to be put right at much greater cost, all the people who wanted to get the red tape out of the way and be builders rather than blockers will not be picking up the phone. In fact, they’ll most likely be nonplussed at the idea that anyone might point the finger for this completely unpredictable environmental act of God anywhere near them.

The purpose of this blog is “things that stick in your mind”, and the thing that’s stuck fastest in my mind is what an old friend said to me when we met up for a pint this summer. “Looking around at this world, all I can really say is that I’m glad I’m old enough and have enough money to just watch all of this happen and then die”.

[1] The specific snails in the case I linked to are also actually extremely rare themselves, poor things, but it’s clear from reading the position statement that Natural England is worried about a lot of things happening in the habitat zones affecting a lot more things than the snails.

I guess I haven’t clearly articulated this in writing, but friends do not let friends without substantive IT work experience and/or a credible IT degree take cybersecurity career bootcamps in 2025.

They are up to no good. Shenanigans. Malfeasance. They are not a safe way to get a job.

As promised earlier in the week, here is a rare example of me proposing something positive rather than moaning all the time. Although I don’t think there is much to be gained from tweaking judicial review (and considerable potential to do damage, both by missing important objections and by further undermining the sense of democratic legitimacy of the process), there is a real problem in planning that needs to be addressed.

And that problem is what might be called the SOPPPP – a Strategic Objection Purely to Protect Property Prices.

Subscribe now

I think what really bothers people about the environmental, habitat and other protections is the perception that they are being used in bad faith. And this does happen; in researching the Sheephouse Wood Bat Mitigation Structure, I was struck by the fact that Buckinghamshire Council had, very late in the process, issued a lot of Tree Protection Orders on woodland that they had never thought worth protecting until it became clear that they weren’t going to be able to rely on Natural England and the bat habitats to deflect HS2 for them. The

That sort of behaviour can’t be tolerated; I don’t think it’s actually as common as the people who want to leave the Aarhus Convention suspect, but I can see why they think that way. Bad faith use of the legal system is incredibly corrosive of public trust; it’s much more antisocial behaviour than painting graffiti on a bus stop.

I said on Wednesday that infrastructure planning problems, in my mental model, share a common structure with the problem of libel law, which explains why both of these fields have consistently disappointed us with successive rounds of reform that don’t work. Libel risk is, unfortunately and due to the extreme expensiveness of lawyers, close to existential for news organisations. Consequently, they take the same approach to it that infrastructure developers take to planning risk; rather than maximising expected value, they first need to reduce the likelihood of a bad outcome below some threshold value. In newspapers, that means that good stories get spiked.

Libel also has the problem of strategic abuse, to the extent that they have a name for it – the Strategic Lawsuit Against Public Participation or SLAPP. And giving a name to the practice of using meritless lawsuits to intimidate critics has had an affect. Once you’ve given it a name, you can start to legislate against the practice; lots of places now have actual anti-SLAPP statutes, and even where there isn’t one on the books, there’s a bit of precedent and basis for a judge to take into account whether something is a SLAPP or not when making case management decisions and considering motions to dismiss.

And once you’ve named something, you can stigmatise it. Lawyers who care about their professional reputation don’t like to be associated with SLAPPs. If you want to SLAPP someone, you usually end up going to one of the firms that are known to be SLAPP merchants, which reduces their effectiveness because it alerts everyone to what’s going on.

So – I think one useful reform (that wouldn’t even cost anything!) would be to introduce the SOPPPP concept to planning, and even maybe pass some token legislation against them. I think it would be extremely difficult to ever actually prosecute someone for abuse of the planning process, but laws do sometimes send a message. You could include it in the standards in public life that elected representatives shouldn’t get involved in this sort of thing and should be censured if they do. And professional services firms would have to make more of a choice about the kinds of clients they took on, if they didn’t want to get a bad name.

Click here to go see the bonus panel!

Hovertext:
The worst part is the ocean of blood you can't see at the bottom of the last panel.