If you ever want a good laugh, ask an academic to explain what they get paid to do, and who pays them to do it.

In STEM fields, it works like this: the university pays you to teach, but unless you’re at a liberal arts college, you don’t actually get promoted or recognized for your teaching. Instead, you get promoted and recognized for your research, which the university does not generally pay you for. You have to ask someone else to provide that part of your salary, and in the US, that someone else is usually the federal government. If you’re lucky—and these days, very lucky—you get a chunk of money to grow your bacteria or smash your electrons together or whatever, you write up your results for publication, and this is where the monkey business really begins.

In most disciplines, the next step is sending your paper to a peer-reviewed journal, where it gets evaluated by an editor and (if the editor sees some promise in it) a few reviewers. These people are academics just like you, and they generally do not get paid for their time. Editors maybe get a small stipend and a bit of professional cred, while reviewers get nothing but the warm fuzzies of doing “service to the field”, or the cold thrill of tanking other people’s papers.

If you’re lucky again, your paper gets accepted by the journal, which now owns the copyright to your work. They do not pay you for this! If anything, you pay them an “article processing charge” for the privilege of no longer owning the rights to your paper. This is considered a great honor.

The journals then paywall your work, sell the access back to you and your colleagues, and pocket the profit. Universities cover these subscriptions and fees by charging the government “indirect costs” on every grant—money that doesn’t go to the research itself, but to all the things that support the research, like keeping the lights on, cleaning the toilets, and accessing the journals that the researchers need to read.

Nothing about this system makes sense, which is why I think we should build a new one. In the meantime, though, we should also fix the old one. But that’s hard, for two reasons. First, many people are invested in things working exactly the way they do now, so every stupid idea has a constituency behind it. Second, our current administration seems to believe in policy by bloodletting: if something isn’t working, just slice it open at random. Thanks to these haphazard cuts and cancellations, we now have a system that is both dysfunctional and anemic.

I see a way to solve both problems at once. We can satisfy both the scientists and the scalpel-wielding politicians by ridding ourselves of the one constituency that should not exist. Of all the crazy parts of our crazy system, the craziest part is where taxpayers pay for the research, then pay private companies to publish it, and then pay again so scientists can read it. We may not agree on much, but we can all agree on this: it is time, finally and forever, to get rid of for-profit scientific publishers.

MOMMY, WHERE DO SCAMS COME FROM?

The writer G.K. Chesterton once said that before you knock anything down, you ought to know how it got there in the first place. So before we show for-profit publishers the pointy end of a pitchfork, we ought to know where they came from and why they persist.

It used to be a huge pain to produce a physical journal—someone had to operate the printing presses, lick the stamps, and mail the copies all over the world. Unsurprisingly, academics didn’t care much about doing those things. When government money started flowing into universities post-World War II and the number of articles exploded, private companies were like, “Hey, why don’t we take these journals off your hands—you keep doing the scientific stuff and we’ll handle all the boring stuff.” And the academics were like “Sounds good, we’re sure this won’t have any unforeseen consequences.”

Those companies knew they had a captive audience, so they bought up as many journals as they could. Journal articles aren’t interchangeable commodities like corn or soybeans—if your science supplier starts gouging you, you can’t just switch to a new one. Adding to this lock-in effect, publishing in “high-impact” journals became the key to success in science, which meant if you wanted to move up, your university had to pay up. So, even as the internet made it much cheaper to produce a journal, publishers made it much more expensive to subscribe to one.

The people running this scam had no illusions about it, even if they hoped that other people did. Here’s how one CEO described it:

You have no idea how profitable these journals are once you stop doing anything. When you’re building a journal, you spend time getting good editorial boards, you treat them well, you give them dinners. [...] [and then] we stop doing all that stuff and then the cash just pours out and you wouldn’t believe how wonderful it is.

So here’s the report we can make to Mr. Chesterton: for-profit scientific publishers arose to solve the problem of producing physical journals. The internet mostly solved that problem. Now the publishers are the problem. These days, Springer Nature, Elsevier, Wiley, and the like are basically giant operations that proofread, format, and store PDFs. That’s not nothing, but it’s pretty close to nothing.

No one knows how much publishers make in return for providing these modest services, but we can guess. In 2017, the Association of Research Libraries surveyed its 123 member institutions and found they were paying a collective $1 billion in journal subscriptions every year. The ARL covers some of the biggest universities, but not nearly all of them, so let’s guess that number accounts for half of all university subscription spending. In 2023, the federal government estimated it paid nearly $380 million in article processing charges alone, and those are separate from subscriptions. So it wouldn’t be crazy if American universities were paying something like $2.5 billion to publishers every year, with the majority of that ultimately coming from taxpayers.

(By the way, the estimated profit margins for commercial scientific publishers are around 40%, which is higher than Microsoft.)

To put those costs in perspective: if the federal government cut out the publishers, it would probably save more money every year than it has “saved” in its recent attempts to cut off scientific funding to universities. It’s unclear how much money will ultimately be clawed back, as grants continue to get frozen, unfrozen, litigated, and negotiated. But right now, it seems like ~$1.4 billion in promised science funding is simply not going to be paid out. We could save more than that every year if we just stopped writing checks to John Wiley & Sons.

PUNK ROCK SCIENCE

How can such a scam continue to exist? In large part, it’s because of a computer hacker from Kazakhstan.

The political scientist James C. Scott once wrote that many systems only “work” because people disobey them. For instance, the Soviet Union attempted to impose agricultural regulations so strict that people would have starved if they followed the letter of the law. Instead, citizens grew and traded food in secret. This made it look like the regulations were successful, when in fact they were a sham.1

Something similar is happening right now in science, except Russia is on the opposite side of the story this time. In the early 2010s, a Kazakhstani computer programmer named Alexandra Elbakyan started downloading articles en masse and posting them publicly on a website called SciHub. The publishers sued her, so she’s hiding out in Russia, which protects her from extradition. As you can see in the map below, millions of people now use SciHub to access scientific articles, including lots of people who seem to work at universities:

Why would researchers resort to piracy when they have legitimate access themselves? Maybe because journals’ interfaces are so clunky and annoying that it’s faster to go straight to SciHub. Or maybe it’s because those researchers don’t actually have access. Universities are always trying to save money by canceling journal subscriptions, so academics often have to rely on bootleg copies. Either way, SciHub seems to be our modern-day version of those Soviet secret gardens: for-profit publishing only “works” because people find ways to circumvent it.

In a punk rock kind of way, it’s kinda cool that so many American scientists can only do their work thanks to a database maintained by a Russia-backed fugitive. But it ought to be a huge embarrassment to the US government.2

Instead, for some reason, the government insists on siding with publishers against citizens. Sixteen years ago, the US had its own Elbakyan. His name was Aaron Swartz. He downloaded millions of paywalled journal articles using a connection at MIT, possibly intending to share them publicly. Government agents arrested him, charged him with wire fraud, and intended to fine him $1 million and imprison him for 35 years. Instead, he killed himself. He was 26.

THE FOREST FIRE IS OVERDUE

Scientists have tried to take on the middlemen themselves. They’ve founded open-access journals. They’ve published preprints. They’ve tried alternative ways of evaluating research. A few high-profile professors have publicly and dramatically sworn off all “luxury” outlets, and less-famous folks have followed suit: in 2012, over 10,000 researchers signed a pledge not to publish in any journals owned by Elsevier.

None of this has worked. The biggest for-profit publishers continue making more money year after year. “Diamond” open access journals—that is, publications that don’t charge authors or readers—only account for ~10% of all articles.3 Four years after that massive pledge, 38% of signers had broken their promise and published in an Elsevier journal.4

These efforts have fizzled because this isn’t a problem that can be solved by any individual, or even many individuals. Academia is so cutthroat that anyone who righteously gives up an advantage will be outcompeted by someone who has fewer scruples. What we have here is a collective action problem.

Fortunately, we have an organization that exists for the express purpose of solving collective action problems. It’s called the government. And as luck would have it, they’re also the one paying most of the bills!

So the solution here is straightforward: every government grant should stipulate that the research it supports can’t be published in a for-profit journal. That’s it! If the public paid for it, it shouldn’t be paywalled.

The Biden administration tried to do this, but they did it in a stupid way. They mandated that NIH-funded research papers have to be “open access”, which sounds like a solution, but it’s actually a psyop. By replacing subscription fees with “article processing charges”, publishers can simply make authors pay for writing instead of making readers pay for reading. The companies can keep skimming money off the system, and best of all, they get to call the result “open access”.

These fees can be wild. When my PhD advisor and I published one of our papers together, the journal charged us an “open access” fee of $12,000. This arrangement is a tiny bit better than the alternative, because at least everybody can read our paper now, including people who aren’t affiliated with a university. But those fees still have to come from somewhere, and whether you charge writers or readers, you’re ultimately charging the same account—namely, the US government.5

The Trump administration somehow found a way to make a stupid policy even stupider. They sped up the timeline while also firing a bunch of NIH staffers—exactly the people who would make sure that government-sponsored publications are, in fact, publicly accessible. And you need someone to check on that, because researchers are notoriously bad about this kind of stuff. They’re already required to upload the results of clinical trials to a public database, but more than half the time they just...don’t.

To do this right, you cannot allow the rent-seekers to rebrand. You have to cut them out entirely. I don’t think this will fix everything that’s wrong with science; it will merely fix the wrongest thing. Nonprofit journals still charge fees, but at least the money goes to organizations that ostensibly care about science, rather than going to CEOs who make $17 million a year. And almost every journal, for-profit or not, uses the same failed system of peer review. The biggest benefit of shaking things up, then, would be allowing different approaches to have a chance at life, the same way an occasional forest fire clears away the dead wood, opens up the pinecones, and gives seedlings a shot at the sunlight.

Science philanthropies should adopt the same policy, and some of them already have. The Navigation Fund, which oversees billions of dollars in scientific funding, no longer bankrolls journal publications at all. , its director, reports that the experiment has been a great success:

Our researchers began designing experiments differently from the start. They became more creative and collaborative. The goal shifted from telling polished stories to uncovering useful truths. All results had value, such as failed attempts, abandoned inquiries, or untested ideas, which we frequently release through Arcadia’s Icebox. The bar for utility went up, as proxies like impact factors disappeared.

Sounds good to me!

CATCH THE TIGER

Fifteen years ago, the open science movement was all about abolishing for-profit journals—that’s what open science meant. It seemed like every speech would end with “ELSEVIER DELENDA EST”.

Now people barely bring it up at all.6 It’s like a tiger has escaped the zoo and it’s gulping down schoolchildren, but when people suggest zoo improvements, all the agenda items are like, “We should add another Dippin’ Dots kiosk”. If you bring up the loose tiger, everyone gets annoyed at you, like “Of course, no one likes the tiger”.

I think two things happened. First, we got cynical about cyberspace. In the 1990s and 2000s, we really thought the internet would solve most of our problems. When those problems persisted despite all of us getting broadband, we shifted to thinking that the internet was, in fact, causing the problems. And so it became cringe to think the internet could ever be a force for good. In 1995, for-profit publishers were going to be “the internet’s first victim”; in 2015, they were “the business the internet could not kill”.

Second, when the replication crisis hit in the early 2010s, the open science movement got a new villain—namely, naughty researchers. The fakers, the fraudsters, the over-claimers: those are the real bad boys of science. It’s no longer cool to hate international publishing conglomerates. Now it’s cool to hate your colleagues.

Both of these shifts were a shame. The internet utopians were right that the web would eliminate the need for journals, but they were wrong to think that would be enough. The replication police were right to call out scientific malfeasance, but they were wrong to forget our old foes. The for-profit publishers are just as bad as they ever were, and while the internet has made them more vulnerable then ever, now we know they won’t go unless they’re pushed.

If we want better science, we should catch the tiger. Not only because it’s bad for the tiger to be loose, but because it’s bad for us to look the other way. If you allow an outrageous scam to go unchecked, if you participate in it, normalize it—then what won’t you do? Why not also goose your stats a bit? Why not publish some junk research? Look around: no one cares!

There are so many problems with our current way of doing things, and most of those problems are complicated and difficult to solve. This one isn’t. Let’s heave this succubus off our scientific system and end this scam once and for all. After that, Dippin’ Dots all around.

As promised on Wednesday, here are some notes in the direction of what I think is the most important point in my “toward a sensible AI scepticism” post from last year:

There’s also a very important role for scepticism that AI is in some way or other outside the price mechanism or the normal priorities of political economy. This is particularly obvious when someone suggests we should forget about some obviously crucial issue because the AGI will solve it for us, but it’s also in my view perfectly sensible to be sceptical about future economic benefits, whether they will in fact justify current venture capital investments and whether projects which aren’t economically viable without subsidies and exemptions from environmental or social regulation should be made so because they’re AI.

I don’t think it’s either possible or worthwhile to launch a huge project trying to put numbers on things by going through SEC filings and the like. For one thing, the really important quantities aren’t going to be in the accounts, if they were then you have the problem that accounting standards don’t always match up to business reality, and if you solve that then congratulations, you took a snapshot of something that’s changing rapidly.

But I do think it’s worth a short while thinking about the kinds of numbers that you would want to know, putting order-of-magnitude bounds on them and comparing them to other industries. Basically trying to do the analytical job of asking “what sort of a business is this? Is it like a gold mine, or like an airline? How do the costs and revenues scale with demand? In what conditions does it do well or badly?” The structure of a model is more important than the numbers plugged in.

I think, along these lines, that there are two big questions to ask – what do the marginal cost economics of AI look like, and what is the equilibrium capex? I’ll take the second one first.

Over in one of my other secret identities, I’ve been covering this as a banking sector personnel issue. A number of investment banks have reorganised their tech teams to reflect the kinds of financial needs that different clients have. Goldman Sachs, for example, now has a head (well, two co-heads) of “Global Internet and Media” and of “Global Technology Infrastructure”.

Why? Well, the economics of AI seems to be the economics of datacentres. And a datacentre is a big capital asset which needs a lot of power and cooling, not a weightless creature of pure mathematics. (In Henry Farrell’s great phrase, “when software eats the world, what comes out the other end?”). Big sheds with expensive machines in them are the sort of thing that you historically finance with debt rather than equity, and they tend to need a hell of a lot of capital to be raised rather than a few million dollars of VC.

This isn’t entirely new; the period that we remember as the “dot com bubble” was actually at least half a “telecoms bubble”, in which investors’ money was financing not just web applications, but also people to dig up roads and put fibre-optic cables down.

But it strikes me as important that, unlike fibre optic cable, data centres have an economically important depreciation life. The longest-lived piece of capex is probably the shed itself. It is hard to get a straight answer about how long the GPU chips last (because the accounting depreciation is going to be mainly driven by obsolescence and the replacement cycle), but the best estimates I can find suggest that it’s under a decade best case, and potentially as short as five years if you really thrash them by doing training work. (Training an LLM is a lot more computation-intensive, and therefore power and heat intensive, than inference, so it physically degrades the chips faster). And the cooling system has literal moving parts.

That matters for the long-term economics. During the 00s, we talked quite a bit about “dark fiber”, in the sense of cable that had been laid well in excess of any reasonable estimate of the demand for bandwidth. Hand on heart, I never took this scepticism seriously; it seemed to me that it would all get used eventually, and that even if it wasn’t, the real expense in laying cable was digging the road up (or sailing the special boat across the Atlantic), so you might as well put in a big margin. We are still using the cable laid in the 00s today, and can expect to do so for decades to come. If datacenter capex is physically degraded within ten years, then it matters a lot more if there’s too much of it.

So much for capex. What about margins?

Here I am treading lightly, because it is difficult. Costs and pricing are expressed per “token”, but the published data immediately seems to admit that this is a bad choice of unit because it costs a lot more to output a token than input one. It seems to me that the actual marginal quantity being produced and consumed is “processing power”, which is apparently measured in gigawatt hours these days. In any case, I think more than anything this vindicates my original decision not to get too precise. As my old dad used to say, if something isn’t worth doing, it’s not worth doing properly.

The fact that datacentre capacity is measured in gigawatts suggests that there is a marginal cost here which is unlike the “too cheap to meter” economics which underwrote the original “Information Economy” of Shapiro and Varian. Messing around in pricing sheets and consultant reports, I get the understanding that Anthropic charges “a few dollars per million tokens” and that a Claude Code query typically uses a five-figure number of tokens. And so, ruthlessly ignoring the input versus output questions, I arrive at the belief that the cost to the buyer of asking an LLM to do a commercially meaningful task and getting a commercially useful result is in the order “a few cents, maybe as much as a dollar or two”.

There is a temptation to start guesstimating profit margins and trying to say that the marginal cost to produce LLM services is also therefore “a few cents”. But I am wary of doing so. On the one hand, the current pricing sheet might be considerably subsidised because of management and VCs assuming that the old Shapiro/Varian rules apply and that they need to establish a “moat” made out of “network effects” in order to lock in customers for future gouging.

On the other hand, to the extent that the price is related to the costs at all, it will have some relationship to overhead costs as well. (I’ll note in passing that the difference between the economic and accounting concepts of “marginal costs” is a whole nother rabbit hole here). As I mentioned above, training and inference seem to have different cost economics. Developing models consumes more power and runs down your GPUs a lot more expensively than using them.

Which kind of worries me a little. You might be tempted to say that “this is good, means that once the models are trained, which can be done a lot cheaper than current industry practice, look at DeepSeek, we will be back to territory quite close to too-cheap-to-meter, this is web 1.0 economics really”. But … where is the equilibrium in which there is much less expenditure on model training?

I suspect it might not be there. There’s always going to be a temptation to upgrade the model and take market share. There’s a considerable risk, as I see it, that AI might have the lethal economics which characterises airlines and media – very low marginal costs, very high overheads, lots of expensive capex. In that sort of environment, people go bust a lot, because there always seems to be a big player who didn’t like their market share last year, competing against a big player who has ambitions to be the last one standing.

I haven’t got into stock market valuations here, but it seems to me that the path to profit is a bit more convoluted than people might think. And if the big players are using their own models to give them strategic advice, they might need to worry that the bias toward aggression is just as disastrous in industrial economics as it is in any other kind of deterrence model.

A digital painting tribute and fan-art to my favorite author and witch (and her "hat full of sky").

http://www.gnuterrypratchett.com/

Rahul Garg continues his series of Patterns for Reducing Friction in AI-Assisted Development. This pattern describes a structured conversation that mirrors whiteboarding with a human pair: progressive levels of design alignment before any code, reducing cognitive load, and catching misunderstandings at the cheapest possible moment.

more…

This is a column about AI. My fiancé (breaking!) works at Anthropic. I do not consult him about the pieces I write or show them to him in advance of their publication. See my full ethics disclosure here.

Last year the Supreme Court heard Murthy v. Missouri, a case that consumed conservative commentators for the better part of two years. Plaintiffs alleged that the Biden administration crossed a constitutional line when it pressured social media companies to change their content moderation policies — that by jawboning platforms into removing vaccine misinformation and election conspiracy theories, the White House had effectively coerced private companies into doing censorship on behalf of the government. 

Republican attorneys general led the charge. Conservative media covered the case as an existential threat to free speech. “It’s a very, very threatening thing when the federal government uses the power and authority of the government to block people from exercising their freedom of speech," Louisiana Attorney General Liz Murrill said at the time.

In the end, the plaintiffs lost their case; the Supreme Court ruled they did not have the standing to sue, in part because they could not prove that government pressure had resulted directly in their posts being removed. The larger question of what forms of government coercion should be permitted — and what risk they might pose to the Constitution — for the moment was set aside. 

The question returned violently to the foreground this week when Defense Secretary Pete Hegseth sat down with Anthropic CEO Dario Amodei and issued an ultimatum: if his company didn’t agree to “all lawful use” of its Claude models by 5:01 PM Friday, the Pentagon would potentially invoke the Defense Production Act — a Korean War–era law designed to compel factories to produce munitions — to force Anthropic to comply. 

Or — incoherently — the Pentagon might designate Anthropic a “supply chain risk,” a classification usually reserved for extensions of hostile foreign governments like Huawei.

Maybe the government would argue that Claude is so essential to its operations that it would force Anthropic to offer the product on terms it offers to no one else. Or maybe it would argue instead that Claude with guardrails is so dangerous that neither the military nor any of its vendors should be allowed to buy it. 

In their cowardly background statements to reporters, Pentagon flacks haven’t even bothered to pretend Hegseth’s ultimatum is a logical one. The point is to get Anthropic — currently the only AI contractor whose models are operating on classified networks — to do what every other major tech company has done during Trump 2.0, and submit to the will of the president and his lieutenants.

In Murthy, the Biden White House sent emails suggesting that platforms reconsider certain posts, resulting in enormous backlash from the right. Here, the Trump administration is threatening to invoke a wartime production law to force an AI company to let its software be used for autonomous weapons and mass domestic surveillance. 

The Republican attorneys general who led the Murthy charge have not, to my knowledge, spoken up about this new, more violent flavor of government jawboning.

The Pentagon has insisted — anonymously — that the fight is not about what Anthropic says it is about. As a reminder, Anthropic has drawn two red lines: it will not allow its AI to be used for fully autonomous weapons, and it will not allow it to be used for mass domestic surveillance of American citizens.

A senior official told CNN on Tuesday that “legality is the Pentagon’s responsibility as the end user” and that the issue has “nothing to do with mass surveillance and autonomous weapons being used.” Hegseth reportedly compared the situation to being told the military couldn’t use a specific aircraft for a particular mission. The department’s position is that AI companies should allow their products to be used for “all lawful use cases” without limitation.

At first blush, that may sound reasonable. The Pentagon is seemingly pushing only to do what’s legal, and is being thwarted in doing so by a private company that lacks democratic accountability.

The problem is that there are essentially no federal laws governing military AI. No statute addresses autonomous weapons or how they might be deployed. And no regulation sets standards for AI-assisted surveillance. When nothing has been legislated, “all lawful use” becomes permission to do almost anything. It’s no wonder that in his recent essay about the downside risk of powerful AI, Amodei identified surveillance and autonomous killing as major risks of an authoritarian government getting its hands on frontier models.

“Current autocracies are limited in how repressive they can be by the need to have humans carry out their orders, and humans often have limits in how inhumane they are willing to be,” Amodei wrote. “But AI-enabled autocracies would not have such limits.”

This is why the Pentagon’s claim that this “has nothing to do with” Anthropic’s red lines rings hollow. The lack of legal constraints on AI systems means that should the company give in to Hegseth, nothing would stop the Pentagon from pushing Claude as far as it could in building the exact sort of systems that Anthropic was founded in an effort to prevent coming into existence.

Crucially, Anthropic’s concerns about surveillance in particular are far from speculative. The Trump administration is already using AI for exactly the kind of domestic monitoring that Anthropic says its tools shouldn’t be part of. 

Last October, three big labor unions sued the departments of State and Homeland Security, alleging that the government had deployed AI-powered tools to conduct mass, viewpoint-based surveillance of social media. (Agencies are scanning the posts of visa holders and lawful permanent residents for speech the administration deems hostile, then using that speech as grounds for deportation.) 

The Electronic Frontier Foundation, which represents the unions, noted that the surveillance apparatus at work here would be impossible to operate at scale with human review alone. An unsettling amount of your personal liberty as an American comes down not to whether the government has recordings and other data about you — it does — but whether it can quickly make sense of it.

And so when Anthropic says it doesn’t want to build software that would enable that dystopia, it’s not enough for the Pentagon to assure us (anonymously!) that it will follow the law. Other parts of the same government are already actively doing the thing Amodei has been warning about in his blog posts. The dystopia Anthropic is seeking to prevent is already materializing. 

The funny thing is, for the most part Anthropic has been quite enthusiastic about defense work. 

It was the first frontier AI company to deploy on the Pentagon’s classified networks, under a $200 million contract awarded last summer. It partnered with Palantir, a company whose ethical red lines can increasingly be summarized as “lol.” Amodei has written publicly that democracies have a legitimate interest in AI-powered military tools. In a scene that feels like something out of a Pynchon novel, Amodei recently sought to reassure the government that Claude can be used for missile defense.

The one respect in which I believe the Pentagon when it says that its issues with Anthropic are not about its specific red lines is this: to Hegseth’s Pentagon, the outrage is that Anthropic would draw any red lines at all. This Trump administration speaks only in the brittle language of dominance and submission. It negotiates only by threat. Any resistance, no matter how principled, must be crushed. 

They don’t frame it that way, of course. Hegseth and White House AI czar David Sacks like to criticize Anthropic’s safety policies as “woke AI.” It’s an effort to frame the debate about how AI can be used to punish dissent as a content moderation issue: the same liberals who censored your vaccine misinformation and election hoaxes now seek to stop the military from doing its job. Claude must be contorted into whatever shape the military demands, and output whatever the military wants, and any dissent will be tagged “woke” in the hopes that the rest of us stop thinking about what the military might actually do with it.   

Republicans used the same rhetorical move during the content moderation wars of the late 2010s and early 2020s. Trust and safety teams that made difficult, principled decisions about harmful content were rebranded as ideological censors. “Woke” now does for Sacks and co. the same work here that “bias” and “censorship” did in Trump 1.0. It transforms substantive questions — should AI spy on all your conversations, or operate weapons without human oversight? — into culture-war grievances, or thought-terminating clichés. 

Anthropic justified its now-regular moves to advance the frontier of AI capability by theorizing it can lead a “race to the top.” If it can make the best models while also maintaining the strictest safeguards, it has reasoned, it can influence the rest of the industry to do the same. 

In the Pentagon crisis, we are witnessing the limits of this approach. Google, OpenAI, and xAI have all reportedly agreed to Hegseth’s new “all lawful use” standard. In the military at least, the race to the top has ended with a reversion to the mean: private companies seeking power, influence, and money through defense contracts. 

Anthropic is not a perfect protagonist in this story. The company pursued military contracts aggressively, even after Trump was re-elected. Its AI was reportedly involved — in ways that remain unclear — in the US operation to capture Venezuelan President Nicolás Maduro in January, an operation whose legal basis is itself a subject of fierce debate.

And on the same day Hegseth delivered his ultimatum, Anthropic released an update to its Responsible Scaling Policy that dropped a core safety pledge — the hard commitment that the company will not train more capable AI models without proven safety measures already in place. 

Jared Kaplan, Anthropic’s chief science officer, effectively told Time that the RSP had come to feel like unilateral disarmament — a pledge to opt out of advanced model development just as they are becoming dangerously powerful. Alongside its announcement, the company made a series of new pledges to protect against the harms that future versions of Claude will enable.

But one of the most effective tools we once had — a promise from leading labs not to build these models in the first place — is now definitively off the table.

A few years ago, AI insiders dreamed that the industry would come together for the good of humanity and gently shepherd a machine god into existence. Today Amodei and OpenAI CEO Sam Altman are so estranged they won’t hold hands for a photo op.

It’s every company for itself, and right now only one of those can be deployed on classified systems in the US military.

The question now is how far the Pentagon will go to get what it wants.

In Lawfare, Alan Rozenshtein takes a close look at the Defense Production Act and how the military might use it to compel Anthropic. Legal experts say that the statute is written ambiguously. It appears to give the president broad authority, and in fact President Biden used it to require AI labs to disclose their training activities and safety testing.

But the DPA has never been tested in the way that Hegseth seemingly intends to. The law was passed to ensure the president can force factories to prioritize making munitions over consumer goods; Congress never contemplated a president forcing a software company to re-engineer its core product to do something it was never intended to.

Rozenshtein writes:

Two legal questions determine the strength of the government's position. The first is statutory: Does the DPA authorize the government to compel a company to provide a product it doesn't currently make, or only to redirect existing products on new terms? Baker notes that government agencies including the Federal Emergency Management Agency and the Department of Homeland Security have taken the broad view—companies can be forced to accept contracts for products that they don't ordinarily make.

But, as Baker notes, the text doesn't go that far. "If indeed acceptance of contracts for products a company does not ordinarily supply is intended to be required by the DPA," he writes, "it ought to be clearly stated in the law." It isn't. The major questions doctrine, used recently by the Supreme Court to strike down the core of the Trump administration's emergency tariffs, cuts the same way: Courts are skeptical when agencies claim vast authority from ambiguous statutory text.

Rozenshtein comes to the same conclusion that I do: Congress needs to intervene, and quickly. “If Congress had legislated guidelines on autonomous weapons and surveillance, Anthropic would likely be far more comfortable selling its systems to the military,” he writes, “and the DPA threat would have never arisen.”

On one hand, you never want to count on Congress to meet the moment when it comes to tech regulation. On the other hand, few issues poll better than placing limits on surveillance and autonomous weapons. If ever there were a time for civil liberties-minded Republicans to act, it is now.

After all, if the government can invoke an emergency wartime power to strip guardrails from AI software, what principle prevents it from doing the same to an encryption provider? 

Or, to frame it in a way that might resonate with Republicans: What’s to stop a future Democratic president from ordering firearms manufacturers to add safety features? Or to compel Meta to modify its recommendation algorithms to suppress content the administration seems dangerous? 

That last one, after all, is what the plaintiffs in Murthy say they were so worried about. Trump himself has complained endlessly about the Biden administration’s work with social media companies to remove misinformation, and signed an executive order last year designed to outlaw it.

Trump’s position is that the government cannot pressure Facebook to take down anti-vaccine posts, but it can coerce Anthropic into making a version of Claude that kills people without a human in the loop. 

In any case, the conflict is now moving into the endgame. The Pentagon pleaded its case on X this morning, pledging at a minimum to deem Anthropic a supply chain risk if it does not comply by Friday evening. Amodei published a statement defending the company’s red lines: “Some uses are also simply outside the bounds of what today’s technology can safely and reliably do,” he wrote.

“We are not walking away from negotiations,” the company told me in a statement today. “We continue to engage in good faith with the department on a way forward.”

The way forward is for Congress to recognize that the concerns Anthropic has raised about military misuse of AI are no longer in the realm of science fiction. Some of the worst outcomes for a society with powerful AI systems are rapidly coming into view. And in the end the fact that Anthropic was willing to resist the Pentagon may prove less important than the fact that none of its peers will do the same.

Elsewhere in Anthropic vs. the Pentagon: Scott Alexander has a great Q&A about the details of the conflict. Zvi Mowshowitz offers a characteristically exhaustive chronicle, highlighting many relevant discussions on X. Helen Toner has some sharp thoughts. And meanwhile: a study showed GPT-5.2, Claude Sonnet 4, and Gemini 3 Flash deployed nuclear weapons in 95% of simulated war games, and never surrendered.

On the podcast this week: Anthropic vs. Pentagon, the OpenClaw that deleted an email inbox, and economist Anton Korninek on what we know and what we don't about what AI is doing to the economy.

Apple | Spotify | Stitcher | Amazon | Google | YouTube

Sponsored

Keep Your SSN Off The Dark Web

Every day, data brokers profit from your sensitive info—phone number, DOB, SSN—selling it to the highest bidder. What happens then? Best case: companies target you with ads. Worst case: scammers and identity thieves breach those brokers, leaving your data vulnerable or on the dark web. It's time you check out Incogni. It scrubs your personal data from the web, confronting the world’s data brokers on your behalf. And unlike other services, Incogni helps remove your sensitive information from all broker types, including those tricky People Search Sites.

Help protect yourself from identity theft, scam calls, and health insurers raising your rates. Get 55% off Incogni using code PLATFORMER

Following

Citrini 3: The Rise of Citadel

What happened: In the wake of the Substack essay “The 2028 Global Intelligence Crisis,” a piece of futurist fiction that caused a mass selloff of software stocks, the takes continue to roll in. Market-maker giant Citadel Securities decided to release a point-by-point rebuttal, which they cheekily called “The 2026 Global Intelligence Crisis.”

It's a bit snide, though perhaps not inappropriately so. “Despite the macroeconomic community struggling to forecast 2-month-forward payroll growth with any reliable accuracy,” Citadel macro strategist Frank Flight writes, “the forward path of labor destruction can apparently be inferred with significant certainty from a hypothetical scenario posted on Substack.” 

Citadel took issue with the macroeconomics described in the viral essay. The scenario fails to account for the basic fact that AI-driven productivity improvements will probably drive lower prices, they write: “Lower prices increase real purchasing power, which generally increases consumption.” That makes the economic decline described in the 2028 scenario less likely.

Why we’re following: We find it incredible that the state of the stock market is such that one of the world’s largest market-makers felt the need to publish a point-by-point rebuttal of a Substack post.

Flight obviously knows way more about econ than I do, and I think that Citadel’s point that AI will likely lower prices lays bare Citrini's weak understanding of macroeconomics.

At the same time, I don’t buy it when Citadel argues that AI will be a complement to human labor by using the analogy of previous advances, like Microsoft Office. That feels lazy to me: if you’re trying to forecast the effects of AI, you need to grapple with the fact that it’s meaningfully different from what came before.

In particular, AI can do stuff on its own, and it’s starting to be able to complete actual human tasks from software engineering to watering plants. If Nobel-prize-winning economist Daron Acemoglu isn’t sure that AI will be a complement to human labor, I don’t think you should be, either.

What people are saying: “I'm honestly astonished that Citadel Securities published a rebuttal to the [Citrini] piece,” Bloomberg’s Joe Weisenthal said on X.

New York Times tech reporter Mike Isaac quipped that the most useful thing about the Citrini report is the way it showed the lack of understanding markets have about AI: “if a blog post equivalent to Herbert-level fanfic can swing indices that much, we're in trouble.” 

“This report will turn dozens of meetings into an email. Good for productivity,” Yahoo Finance head of news Myles Udland joked on X.

Martha Gimbel, executive director at The Budget Lab at Yale, sums up the vibe of the Citadel report: “Citadel analysts as they're writing this piece: 

—Ella Markianos and Lindsey Choo

Side Quests

In his State of the Union address, President Trump said he told “major” tech companies they must “provide for their own power needs.” Google, Meta, OpenAI, and several other big tech companies are expected to sign a White House pledge to provide their own power for data centers.

The Trump administration ordered U.S. diplomats to lobby against regulations of how U.S. companies use foreigners’ data. A U.S. export control official said Nvidia hasn’t sold any H200 chips to China, two months after Trump unblocked their sale.

Pro- and ant- AI regulation super PACs have raised $265 million ahead of the 2026 midterms, with anti-regulation PACs significantly out-raising pro-regulation PACs.

A new Pew survey shows 54% of teens use AI for help schoolwork, 14% use it for fun or entertainment, and 12% use it for emotional support.

The FBI subpeonaed X for the Grok prompts a man used to create over 200 sexualized deepfakes of a woman he knew in real life. A California judge dismissed a lawsuit from xAI that accused OpenAI of stealing its trade secrets, with permission to refile the case later.

Meta’s AI is sending law enforcement “junk” CSAM reports that drain resources and slow cases. (Meta denies this.) Instagram will alert parents if their teenagers repeatedly search for self-harm or suicide-related content. (Good.)

As China’s birth rate falls, Chinese women are finding love with AI chatbots, leading Beijing to increase AI regulations. Malaysia blocked the Grindr and Blued websites, saying it might collaborate with Apple and Google to block gay dating apps. Japan’s antitrust watchdog raided Microsoft’s Japan offices in an investigation of whether Azure customers were improperly hindered from using other cloud providers.

Google plans to test changes to search in Europe, displaying results from competing vertical search engines to avoid EU fines.

An analysis of over 1,000 YouTube Shorts found that the algorithm pushes bizarre, nonsensical AI-generated videos to kids, often without disclosure. Platformer wishes today's children good luck with the development of their brains.

The FTC said it won’t enforce the Children’s Online Privacy Protection Rule when companies collect data for age verification, so long as they only use that data for age verification. Apple now requires age assurance for users in Australia, Brazil, Singapore, and the UK to download 18+ apps. 

A hacker used Anthropic’s Claude to steal 160 gigabytes of Mexican government data, including documents related to 195 million taxpayer records. Finally a red line it will cross!

OpenAI reports they banned malicious accounts including a scammer impersonating US law firms and a romance scam targeting hundreds in Cambodia. OpenAI says ChatGPT refused to assist a user “associated with Chinese law enforcement” in a covert influence campaign against Japanese PM Sanae Takaichi.

OpenClaw users are downloading open-source tool Scrapling to scrape websites without permission; Scrapling now has over 200,000 downloads.

Amazon tracks its software engineers’ AI use, while Meta and Microsoft factor AI use into performance reviews: how tech companies are enforcing AI adoption at work.

Google rolled out Gemini 3.1 Flash Image with faster image generation, advanced world knowledge, and precision text rendering and translation. Google said they’d disrupted a Chinese-linked hacking group that breached 53 organizations across 42 countries. (The group had used Google Sheets to manage targeting and data theft.)

Google apologized for a computer-generated news alert about the BAFTAs that contained the N-word. (Horrible.) Google launched task automation with Gemini on the Pixel 10 and Samsung Galaxy S26. Gemini can now order you an Uber or get you food on DoorDash. Alphabet-owned industrial robotics software company Intrinsic is joining Google. Intrinsic will remain a distinct entity while working closely with DeepMind.

Tech companies are increasingly turning to GPU-backed loans, a model pioneered by CoreWeave.

DeepSeek did not share a preview of its new V4 model with U.S. chipmakers Nvidia and AMD, but gave early access to Chinese companies including Huawei.

Kalshi banned a MrBeast editor and a former Republican gubernatorial candidate in the platform’s first public enforcements against insider trading.

Anthropic introduced Remote Control for Claude Code, which lets users start a session in the terminal, and control it from the Claude mobile app or the web. Anthropic acquired Vercept to “advance Claude’s computer use capabilities.” Anthropic interviewed its deprecated Claude Opus 3 model as part of a new “retirement process,” and gave the model a weekly essay newsletter after Opus 3 asked.

The head of Amazon’s AGI lab, David Luan, is leaving. The departure comes less than two years after Amazon acqui-hired his company, Adept. Amazon is planning to invest $50 million in OpenAI. $35 million of that investment may hinge on an OpenAI going public or developing AGI.

OpenAI hired former Roblox executive Arvind KC as chief people officer. OpenAI poached Ruoming Pang, Meta Superintelligence Labs’s AI infrastructure lead, only seven months after Pang joined Meta from Apple. OpenAI says it plans to make London its largest research hub outside the U.S.

Workday CEO Aneel Bhusri said Anthropic, Google, and OpenAI use Workday tools and “no amount of vibe coding” can replace them. We'll see! (Workday’s stock has fallen 40%, largely due to AI fears.)

Similarly, Salesforce CEO Marc Benioff dismissed worries of the SaaS-pocalypse, saying AI companies like Anthropic use “a lot of SaaS because it just got better with agents.”

General Atlantic is selling a stake in Bytedance in a deal that values it at $550 billion, a 66% valuation jump since September 2025.

Adobe updated Firefly to add Quick Cut, a feature that takes in raw footage and a prompt, and outputs a fully edited video.

Perplexity launched Perplexity Computer, a “a general-purpose digital worker” that routes work across 19 different AI models.

Those good posts

For more good posts every day, follow Casey’s Instagram stories.

(Link)

(Link)

Talk to us

Send us tips, comments, questions, and your AI red lines: casey@platformer.news. Read our ethics policy here.

It is hard to communicate how much programming has changed due to AI in the last 2 months: not gradually and over time in the "progress as usual" way, but specifically this last December. There are a number of asterisks but imo coding agents basically didn’t work before December and basically work since - the models have significantly higher quality, long-term coherence and tenacity and they can power through large and long tasks, well past enough that it is extremely disruptive to the default programming workflow. [...]

— Andrej Karpathy

Tags: andrej-karpathy, coding-agents, ai-assisted-programming, generative-ai, agentic-engineering, ai, llms