There is a growing discomfort around writing that has been produced with the help of AI. Some of that discomfort is justified. Some of it is misplaced. Most of it, I think, comes from treating AI use as a binary condition.

Either a piece is human writing, or it is AI slop. That binary framing is too simple.

Writing now exists on a spectrum. At one end is a piece researched, written, edited, and published entirely by a human. At the other end is a piece generated entirely by a model, with little or no human judgment involved. Most serious use sits somewhere between those two points. A person may use AI to explore a topic, check grammar, improve flow, challenge an argument, summarize sources, or help structure a draft. None of those uses are identical. They do not carry the same implications, and they should not be treated as if they do.

The term “AI slop” captures something real, but it is too often used as if it settles the matter. It does not. There is a meaningful difference between lazy automated publishing and human work that uses AI as part of the process. The first replaces judgment. The second can support it.

The visceral reaction makes sense when a publisher presents a piece as if it came entirely from their own hand, while quietly outsourcing most of the thinking and writing to a model. The objection is not only about the tool. It is about the implied deception, and the intellectual dishonesty behind it. The reader is being asked to attribute effort, authorship, and judgment to someone who may not have supplied much of any of it.

That is why the reaction feels so close to the reaction people have to plagiarism. It is not exactly the same act, but it touches the same nerve. Someone is taking credit for intellectual work in a way that misrepresents what they actually contributed. There is a kind of chest-puffing in it: look at what I made, look at what I thought, look at what I wrote. If that claim is false, or even materially exaggerated, people are right to feel manipulated.

The distrust does not only come from the reader being duped, it comes from the writer trying to borrow authority they had not earned.

Code seems to provoke a different reaction. AI-assisted programming is already common, and although people debate its risks, the discussion is usually less morally charged than it is with prose. I think part of the reason is that code has to do something. It has to run. It has to satisfy a requirement. Its behavior can be tested, inspected, and verified.

None of this makes AI-generated code safe or good. Quite the opposite. A piece of software can be functionally complete and still be insecure, brittle, unmaintainable, or wrong in ways that only become visible later. “Vibe coding” may produce something that appears to work, but appearance is not correctness. In software, the consequences eventually surface. Bad code creates operational debt. It creates security risk. It fails under pressure. The person who ships it, and the people who depend on it, pay the price.

The “reap what you sow” aspect changes how people perceive AI use in programming. If an experienced developer uses AI to speed up implementation, generate scaffolding, explore alternatives, or catch mistakes, the important question is not whether AI was involved. The important question is whether the developer can evaluate the result. Expertise still matters because the output has to survive contact with reality.

Writing is different.

A written piece does not fail in the same empirical way. It can sound fluent while being hollow. It can appear thoughtful while laundering someone else’s reasoning. It can carry the rhythm of expertise without containing much judgment. A reader can be persuaded that a piece reflects the mind of an individual when, in practice, very little individual thought went into it. This is the harder problem.

I do not think the answer is to pretend AI-assisted writing can be cleanly separated from human writing. It cannot. The boundary is already blurry, and it will only become harder to police as models improve. Detection tools may estimate whether a piece was written with AI, but I do not know how much trust to place in those tools. More importantly, they put the burden on the reader. If disclosure is absent, the reader has to investigate after the fact.

That is backwards.

The publisher knows how the piece was produced. The reader usually does not. Disclosure does not solve every problem, but it gives the reader enough information to make their own decision.

My own position is straightforward. I view AI as a tool in the writing process. I use it to save time, improve clarity, help with structure, catch grammar and spelling issues, and support research. I may use it to test the flow of an argument or identify gaps in a draft.

I do not want AI to decide what I think. I do not want it to replace the act of forming a view. I want it to help me express the view more clearly, check whether the structure holds, and reduce the mechanical drag around writing. That is a different use case from asking a model to generate a finished opinion and publishing it under my name.

At the same time, I do not think every reader will draw the line where I do. Some people will reject AI-assisted writing entirely. That is their right. Others will care only about whether the piece was useful, informative, accurate, or enjoyable. That is also defensible. What matters is that they are not forced to make that decision in the dark.

For me, two questions matter more than the purity of the process: did the piece convey something useful, and was the use of AI disclosed honestly?

The first question matters most. If a piece informs me, clarifies something, makes me think, or gives me a useful frame, I am not especially concerned with quantifying exactly which sentence came from a human and which sentence was shaped by a machine. That line is not only hard to measure; it may be the wrong line to focus on. A human can write useless prose without AI. A model can help produce clear prose under human direction. The presence of the tool does not settle the quality of the work.

The second question matters because it affects trust. Disclosure is not a confession. It is context. It tells the reader how the work was made, and it lets them decide how much that matters to them.

There is an analogy here with wristwatches, though it only goes so far. When quartz watches entered the market, traditional Swiss watchmakers treated them as inferior intrusions into a world built on craftsmanship. Mechanical watches represented precision, beauty, tradition, and human skill. Then cheap quartz watches began to dominate because they told time accurately, required less maintenance, and were accessible to far more people.

The analogy is imperfect. Writing is not a watch, and authorship is not the same thing as timekeeping. But there is a parallel in the reaction. A tool arrives that does some part of the job faster, cheaper, and often well enough for the practical purpose. People who value the older craft react with understandable suspicion. Some of that suspicion protects real values. Some of it becomes denial.

AI-assisted writing is not going away. Humans will use it to draft, edit, research, summarize, polish, and sometimes generate entire pieces. Some of that work will be bad. Some will be dishonest. Some will be useful. Some will be better than what the same person could have produced without the tool.

The reader will have to decide what they accept.

My view is that the obligation of the writer is to be honest about the process, responsible for the claims, and serious about the reasoning. If AI helps with that, I see no reason to pretend otherwise.

And yes, AI did assist me during the writing of this article.

When vulnerability discovery becomes a function of targeted AI compute

Software security is entering a new regime.

The old regime was constrained by scarce human attention. A serious vulnerability researcher needed time, expertise, intuition, tooling, and a reason to inspect a particular target. Many systems were not secure because every defect had been eliminated. They were secure because only a limited number of capable people could afford to look closely enough.

That constraint is weakening.

The new primitive is simple: point cyber-capable AI compute at a codebase. The objective can be defensive or offensive. The same process can be used to harden software or to exploit it. A model can inspect source, reason through control flow, identify dangerous patterns, construct test cases, and in increasingly capable systems, turn findings into working exploits.

This changes the meaning of software security. A system is no longer protected mainly by the scarcity of elite human attention. It is protected, or exposed, by the balance of model attention directed for and against it. Security becomes a function of how much cyber-capable AI compute is allocated to a target, how capable that compute is, and how quickly the resulting findings can be absorbed.

Software security is becoming a token-spend arms race.

The New Security Equation

From first principles, software security in this regime becomes a competition between two uses of the same capability. One side points AI compute at software to harden it. The other points AI compute at software to break it.

The distinction is not technical. It is intentional.

This is the shift Thomas Ptacek described in “Vulnerability research is cooked”: the collapse of scarce expert attention as the limiting factor in vulnerability discovery. If the old constraint was finding enough capable people with enough time to inspect enough code, the new constraint is increasingly how much capable model attention can be aimed at the target. (Sockpuppet)

A request to “find vulnerabilities in this code” is structurally ambiguous. It can be defensive research, exploit preparation, internal audit, bug bounty work, or prelude to intrusion. OpenAI has acknowledged this ambiguity directly in its trusted-access cyber work, noting that vulnerability-finding tasks can be either legitimate defensive work or misuse depending on context. OpenAI has also described GPT-5.5 and GPT-5.5-Cyber as part of a trusted-access system for cybersecurity capability rather than a uniformly available product surface. (OpenAI)

The relevant unit of security competition is therefore no longer just the researcher, the audit firm, or the internal red team. It is targeted model attention.

The quantity side is straightforward: how much inference is allocated to the target? The quality side is equally important: how capable is the model being applied? A small amount of weak model attention may produce noise. A large amount of frontier cyber-capable model attention may produce validated, reproducible, high-severity findings. The practical security of a codebase is increasingly shaped by the volume and quality of that attention.

Money has always mattered in security. Organizations with larger budgets could hire better researchers, pay for audits, build fuzzing infrastructure, fund red teams, and maintain faster patch pipelines. What is new is the directness of the conversion. Before, money bought human capacity indirectly. Now it buys automated search pressure more directly.

Tokens become security pressure.

The Fire Hose Problem

This does not mean defense automatically wins. In the short term, it may mean the opposite.

The current asymmetry is that discovery scales faster than remediation. AI-assisted vulnerability discovery can produce findings at machine speed. Mitigation still flows through human and institutional bottlenecks: triage, reproduction, severity assessment, patch design, code review, regression testing, release management, disclosure, deployment, and monitoring.

Attackers need one useful vulnerability. Defenders must process all of them.

Mozilla’s recent work with Anthropic illustrates the scale shift. In March, Mozilla described an Anthropic-assisted effort that produced 14 high-severity bugs, 22 CVEs, and 90 additional bugs in Firefox. (Mozilla Blog) A few weeks later, Mozilla reported that Firefox 150 included fixes for 271 vulnerabilities identified during an initial evaluation with Claude Mythos Preview. Mozilla later clarified that it fixed 423 security bugs in April releases, with the 271 Mythos-attributed bugs forming only part of a broader AI-assisted and traditional security pipeline. (Mozilla Blog)

Those numbers are not merely impressive. They reveal the fire hose.

The limiting factor is no longer whether high-quality vulnerabilities can be found. The limiting factor becomes whether an organization can absorb the rate at which they become visible. This is not a bug-finding problem anymore. It is a throughput problem.

Why “Zero-Days Are Numbered” Is the Wrong Conclusion

Mozilla titled one of its pieces “The zero-days are numbered.” The optimism is understandable. If defenders can cheaply discover the same classes of vulnerabilities that elite attackers once found through scarce human effort, then the attacker’s advantage should erode. Mozilla argues that the gap between machine-discoverable and human-discoverable bugs is closing, and that this may allow defenders to find defects before attackers do.

But the conclusion is too clean.

It treats software vulnerability as if it were mostly a finite stock of latent defects waiting to be drained. Once the stock is discovered and patched, the argument implies, the system moves toward a much safer equilibrium.

That framing misunderstands the domain.

Software is not a fixed object. It is a moving production system. New vulnerabilities are created by new features, new dependencies, new integrations, new generated code, new deployment patterns, new permissions, new protocols, new agent workflows, and new assumptions about how systems will be used.

Even that understates the problem. A piece of software does not operate in isolation. Even if its own codebase were frozen, it would still run on hardware, operating systems, drivers, runtimes, browsers, libraries, package managers, build systems, deployment platforms, identity providers, observability tools, and third-party services that continue to change outside the producer’s direct control.

The attack surface is not bounded by the repository.

Third-party dependencies are especially important here. They are part of the effective software system, but they sit outside the producer’s direct span of control. A project may harden its own code while remaining exposed through an upstream library, a transitive dependency, a compiler bug, a container image, a kernel issue, or a cloud platform behavior it does not control.

Declaring that bugs are finite is therefore not merely optimistic. It is a gross misunderstanding of the domain. Software security is not the exhaustion of a static defect inventory. It is the management of a changing system embedded inside other changing systems.

That misunderstanding is serious. Incumbents that interpret AI-assisted vulnerability discovery as the beginning of the end of zero-days may underinvest precisely when the scope of the security landscape is expanding. Organizations that fail to grasp this shift will do so to their own detriment.

The stock of old vulnerabilities can shrink. The frontier does not disappear.

In heavily hardened software, AI-assisted review may reduce the inventory of existing human-discoverable defects. That would be a real improvement. But it does not imply the end of zero-days. It implies a repricing of vulnerability discovery. The cost of finding certain classes of bugs rises, the volume of findings falls, and the race shifts toward continuous hardening.

Mozilla itself gestures at the caveat: if AI-generated development causes codebases to exceed human comprehension, bug complexity may scale alongside discovery capability. That point matters more than the optimistic headline. If AI accelerates both software production and vulnerability discovery, then the long-term equilibrium depends on whether defensive automation, review, and deployment can keep pace with churn.

The zero-days are not numbered.

The old discovery bottleneck is.

The Cumulative Attacker

The deepest asymmetry is not that attackers have AI and defenders do not. The asymmetry is aggregation.

A software producer is usually a singular entity. It has one security team, one backlog, one release process, one set of priorities, and one budget. Even when the organization is large, remediation is internally coordinated.

Offense is plural. Many independent actors can point compute at the same target. Their efforts do not need to be coordinated to accumulate pressure. One criminal group, one state-linked team, one bug bounty hunter, one curious researcher, one competitor, and one opportunistic attacker can all inspect the same codebase or exposed surface. Their compute is separate, but the pressure on the target is cumulative.

The defender faces the aggregate.

This matters especially for smaller software producers. A startup or small open-source project may not be able to match the total amount of hostile or opportunistic model attention directed at it once it becomes interesting. Its security posture is no longer determined only by its own practices. It is determined by the ratio between its defensive capacity and the cumulative offensive search pressure it attracts.

That ratio can become brutal.

A large company can buy model access, hire security engineers, maintain internal red teams, run continuous scanning, pay for external audits, and absorb high-volume disclosure. A small team cannot replicate that machinery. It may ship high-quality software and still be structurally exposed if enough external compute is aimed at it.

The protection of obscurity weakens when inspection becomes cheap.

The Security Budget Reallocation

This changes resource allocation.

If vulnerability discovery becomes cheaper, faster, and more scalable, then software producers cannot treat security as a fixed overhead category. The amount of revenue allocated to software hardening will have to rise. Not only in headcount, but in compute, tooling, triage systems, patch validation, dependency monitoring, red-team automation, and release infrastructure.

The old security budget was sized for a world in which high-quality vulnerability discovery was constrained by scarce human attention. That world is disappearing. A producer that maintains the same defensive posture while external model attention increases against its software is not standing still. It is falling behind.

The shift will not be evenly distributed. Large firms will absorb it through dedicated security teams, privileged model access, internal red-team infrastructure, continuous AI-assisted auditing, and more aggressive dependency management. Smaller firms will feel it as margin pressure. Security will consume a larger share of engineering capacity and a larger percentage of revenue, even when the product itself has not changed.

This is the economic consequence of the fire hose. Once vulnerability discovery scales, hardening must scale with it. The alternative is an expanding gap between the rate at which vulnerabilities become visible and the rate at which they can be fixed.

Security spend therefore becomes less discretionary. It becomes a structural cost of operating software in a world where targeted AI compute can be aimed at any sufficiently valuable codebase.

The Access Gate

Token spend is only one side of the arms race. The other side is permission.

The most capable cyber models are not simply sitting behind an ordinary price page. They are increasingly governed through access programs, trust tiers, evaluations, and selection processes. Anthropic launched Project Glasswing around Claude Mythos Preview, explicitly framing the model as unusually capable at computer security tasks and describing controlled efforts to use it to secure critical software. Anthropic also reported that Mythos Preview was dramatically more capable than Opus 4.6 at turning vulnerabilities into working exploits in their Firefox benchmark. (Red Anthropic)

OpenAI is moving in the same structural direction. Its trusted-access cyber program describes cybersecurity capability as something to be scaled across vetted defenders, not simply exposed uniformly to all users. (OpenAI) Public reporting on GPT-5.5-Cyber similarly describes access expanding to vetted cyber defenders, especially those protecting critical infrastructure. (Axios)

This creates a two-gate system.

First, can you afford enough cyber-capable inference?

Second, are you allowed to use the model class that matters?

Security capability becomes not only capital-intensive, but permissioned. The selection committee becomes part of the security stack. A firm with sufficient money but insufficient trust may not receive access. A small open-source maintainer may be defending widely deployed software but still lack the institutional standing required to use the strongest defensive tools. A state actor may not care about token cost at all, but may be constrained by whether it has access to frontier models, domestic equivalents, stolen access, or open-weight substitutes.

The resource is not just compute.

It is admitted compute.

The Mythos Boundary

This is why the Mythos pattern matters.

The release of a cyber-capable model under selective access does not merely introduce a new tool. It creates a capability perimeter. Some actors are inside the perimeter. Others are outside it. Those inside can apply advanced model attention to their codebases and infrastructure. Those outside must rely on weaker models, commercial substitutes, community access, or traditional methods.

That perimeter may be justified. These models are dual-use. If a system can find and exploit vulnerabilities at a high level, unrestricted access would create obvious risks.

But the security consequence remains. Permissioned access means defensive advantage is unevenly distributed.

The question is not whether AI helps defenders. It clearly can. The question is which defenders.

A large browser vendor with early access to Claude Mythos Preview can direct frontier model attention at one of the most hardened codebases in the world and patch hundreds of vulnerabilities. A small project maintaining critical but underfunded infrastructure may not get that same access. Yet attackers may still direct whatever model capability they can obtain at the project.

That is not a level playing field. It is a stratified security market.

Open Source as Defensive Aggregation

This creates a counterintuitive implication.

For smaller players, open source may become more important, not less.

The naive view is that open source increases exposure because attackers can inspect the code. In the AI-security regime, that concern does not disappear, but it becomes incomplete. Attackers can often inspect enough anyway: through published packages, binaries, APIs, dependency graphs, behavior, leaked code, or black-box probing. If a target is valuable, model attention will find a path toward it.

The question becomes who can aggregate defensive attention.

Closed source concentrates defense inside the producer. That can work for large firms with large security budgets and privileged model access. It is harder for small teams. If only the producer can inspect and harden the code, then the producer must match the cumulative external search pressure alone.

Open source allows defense to become cumulative.

Maintainers, users, downstream vendors, researchers, foundations, security teams, and interested companies can all point defensive attention at the same shared artifact. That does not eliminate maintainer overload. In fact, it may worsen it unless triage and patch workflows also improve. But structurally, open source gives smaller projects a path to pooled defense.

If offense becomes cumulative, defense must become cumulative too.

That may be the only viable path for software whose importance exceeds the security budget of its producer.

The Plateau

The token-spend arms race will not produce infinite vulnerabilities forever.

The relationship between spend and findings will likely have phases. In the first phase, returns are high. AI-assisted systems discover latent vulnerabilities that were previously too expensive, too obscure, or too time-consuming to find. This is the fire hose moment.

In the second phase, the obvious and semi-obvious defects are removed from heavily examined software. Returns diminish. More compute is required to find fewer useful issues. The codebase becomes harder.

In the third phase, vulnerability discovery becomes tied more closely to churn. New code, new dependencies, new refactors, new generated components, and new integration surfaces create fresh search space. The race does not end, but the frontier moves from backlog discovery to continuous hardening.

Established software that receives enough defensive model attention may become substantially more secure. That is the optimistic case, and it is real. But the transition is not free. It requires spend, access, triage capacity, and organizational discipline. Without those, the fire hose simply reveals more than the defender can fix.

The State Actor Exception

For corporations and individuals, the binding constraint is often currency. More money buys more tokens, more audits, more tooling, and more security staff.

For states, the constraint is different. A state actor may not be limited by token spend in the ordinary sense. It may be limited by access to frontier cyber-capable models, domestic capability, procurement channels, stolen credentials, or the ability to develop equivalent systems. At that level, cyber-capable model access becomes strategic infrastructure.

This makes the access layer politically significant.

If advanced cyber models materially improve both exploitation and hardening, then control over those models becomes part of national security policy. Trusted access programs, export controls, model evaluations, critical-infrastructure partnerships, and government stress tests are not peripheral. They are part of the emerging cyber balance.

The arms race is not only between attackers and defenders. It is between institutions with different levels of access to automated vulnerability discovery.

Conclusion

Software security has become a token-spend arms race, but tokens are only the visible unit. The deeper resource is targeted AI attention.

A codebase can now be subjected to continuous automated scrutiny by defenders, attackers, researchers, vendors, and states. The outcome depends on how much compute is applied, how capable the model is, how much access the actor has, and how quickly the resulting findings can be turned into patches.

This does not mean software security is doomed. It means the old equilibrium is over.

The scarcity of elite human attention once limited both offense and defense. Cyber-capable AI weakens that scarcity. Vulnerability discovery becomes cheaper, faster, and more scalable. Remediation does not automatically follow. The result is a fire hose: high-quality findings arriving faster than many organizations can absorb.

Large institutions may adapt by buying compute, securing privileged access, and rebuilding security operations around continuous AI-assisted hardening. Smaller players will need another path. For many of them, the only viable answer may be defensive aggregation: open code, shared scrutiny, pooled tooling, and communities capable of matching cumulative offensive attention with cumulative defensive effort.

The question “How secure is this software?” is therefore changing.

It no longer asks only whether the code was well written.

It asks how much capable model attention has been directed at it.

And how much more is being directed against it.

An empirical toolchain for evaluating the Exp-Minus-Log representation

When I first read All elementary functions from a single operator by Andrzej Odrzywołek, I had the reaction that elegant technical ideas sometimes provoke: I wanted to play with it immediately.

The paper proposes an unusual claim. A single binary operator,

together with the constant 1, is sufficient to generate the ordinary repertoire of elementary mathematics. Arithmetic operations, exponentials, logarithms, trigonometric functions, algebraic functions, and constants such as $e$, $\pi$, and $i$ are all claimed to be reachable through repeated composition of the same node type.

That is a remarkable result, and in my view it is easy to underestimate.

Single-author papers that present elegant unifications are often dismissed as clever curiosities: mathematically neat, conceptually amusing, but ultimately peripheral. That may yet prove to be the consensus here. But I suspect the underlying idea deserves more serious attention than that reflex allows.

Whether Exp-Minus-Log (EML) ultimately becomes important is for time to decide. What is already clear is that Andrzej Odrzywołek has identified something conceptually striking: a surprising compression of a function family many people implicitly assume must remain structurally plural.

I opened a new repository and started writing a goyacc parser. That parser became eml-parser.

What began as curiosity quickly turned into a larger question: if EML is structurally this simple, can it also be computationally useful?

Why This Matters Beyond Novelty

The immediate temptation is to treat EML as a mathematical curiosity: a neat reduction, a surprising universality result, something to admire and move on from.

What interested me more was its computational shape.

Symbolic regression (SR) attempts to recover interpretable mathematical formulas directly from data. Instead of fitting parameters to a predefined model family, it searches for formulas themselves. In practical terms, symbolic regression systems try to answer questions such as:

• what equation generated this dataset,
• which expression best balances simplicity and fit,
• can an underlying law be recovered rather than merely approximated?

That search depends heavily on representation.

Traditional symbolic regression systems often operate over heterogeneous operator sets: addition, subtraction, multiplication, division, powers, exponentials, logarithms, trigonometric functions, and so on. Candidate expressions are built from many unrelated primitives with different arities, identities, and simplification rules.

EML suggests a different possibility.

If many familiar functions can be represented inside a uniform binary grammar, then symbolic regression may be able to search a more regular expression family.

That does not automatically make the problem easier. Uniformity can conceal depth, redundancy, and severe combinatorial growth. But it transforms the question from speculation into something testable.

The repository exists to make that question testable: can EML function as a useful substrate for symbolic regression?

From Paper to Toolchain

The project began with a deliberately narrow scope.

I did not want to build a grand symbolic-regression system on top of untested assumptions. I wanted a controlled foundation:

• a parser,
• a typed AST,
• evaluation backends,
• normalization,
• reproducible experiments,
• and a clean path for future search strategies.

The raw language remains intentionally small. It accepts only:

• the constant 1,
• variables,
• eml(left,right).

That is enough. Every larger expression in the paper still reduces to repeated compositions of those atomic forms.

Named mathematical concepts such as $\sin$, $\cos$, $\tan$, $\sqrt{x}$, or $\operatorname{pow}$ do not belong in the grammar itself. They live in a separate concept dictionary.

This split matters. The parser owns the atomic language; the dictionary owns named mathematics. Concepts can expand recursively until only raw EML remains. That keeps the language small while allowing richer constructions above it.

In practice, $\exp(x)$ may reduce directly to a raw EML tree. $\tan(x)$ may reduce first to lower-level concepts such as $\sin(x)$ and $\cos(x)$. Those lower-level concepts may reduce further through additional definitions until only raw EML remains. The result of full expansion is always a raw EML tree.

That architectural boundary has proven valuable.

Why I Chose Go

The implementation is currently written in Go for practical reasons.

Go is excellent for building typed internal representations, parser tooling, deterministic experiment harnesses, and CLI-oriented development loops quickly. goyacc made it straightforward to own the grammar fully rather than treat parsing as an incidental detail.

At the current stage, the dominant unknowns are not systems-level bottlenecks. They are representational and empirical questions:

• does the search space behave reasonably,
• can formulas be recovered reproducibly,
• where do current methods fail,
• which normalizations help,
• how much does numeric precision matter?

Go is more than sufficient for answering those questions quickly.

Why Zig Is A Plausible Later Target

If the repository continues to mature, Zig is a plausible future runtime for some layers of the system.

The likely pressure points are already visible:

• high-precision arithmetic,
• native interop with mature numeric libraries such as GMP, MPFR, or MPC,
• tighter memory control for search-heavy workloads,
• lower-overhead runtime behavior for large candidate-generation loops.

That would not imply that Go was the wrong starting point. It would simply reflect a change in constraints.

Right now, velocity matters most. Later, numeric control and systems-level efficiency may matter more. If that moment comes, Zig is a serious candidate.

Current Experimental Direction

The repository is presently an empirical research vehicle rather than a polished end-user tool.

Its core methodology is intentionally conservative.

Every symbolic-regression experiment starts from a known target law and asks a limited question:

Can the current system recover the intended structure from data under explicit search bounds?

That is controlled recovery, not open-ended discovery.

This distinction matters because symbolic regression is full of exaggerated claims. Numeric approximation is often presented as formula recovery. Selective successes are shown without negative controls. Search limits are hidden. Failure is reframed as progress.

I wanted the opposite posture: reproducible experiments, explicit targets, named search bounds, classified outcomes, and a clear separation between approximate fits and structural recovery.

That discipline is more valuable than inflated early wins.

What The Current Results Actually Show

So far, the evidence is modest but useful.

Under the present bounded enumerative search regime, small targets such as $\exp$ and $\log$ can be recovered exactly. At least one small nested composite target is also recoverable.

Larger-library targets such as $\sin$, sigmoid, and broader additive composites currently fail honestly under present limits.

That should not be read as a verdict on EML itself, nor as a verdict on Odrzywołek’s paper.

It is primarily a statement about the current implementation:

• present search strategy,
• present search budget,
• present normalization strength,
• present evaluator limits,
• present absence of constant fitting or optimizer-guided refinement.

Those boundaries are exactly what I wanted to expose.

Why I Keep Working On It

There are many interesting ideas that remain interesting only at a distance.

EML has not felt like one of them.

The more I work on it, the more directions it seems to open:

• symbolic regression over a uniform grammar,
• compiler-style rewriting and canonicalization,
• multiple evaluator backends,
• proof-oriented export,
• empirical study of representational search spaces,
• comparisons against heterogeneous operator vocabularies.

Some projects are useful.

Some projects are fun.

The dangerous ones are both.

This repository has become distracting precisely because it keeps suggesting new experiments.

What Would Count As Real Progress

The standard for success should remain high.

Meaningful progress, at least in my view, will come from repeated evidence that the representation provides practical leverage under controlled conditions. That would include developments such as:

• broader reproducible recovery suites,
• honest comparison against other SR representations,
• improved normalization reducing search waste,
• fitted constants and hybrid search methods,
• stronger high-precision validation,
• formal export into proof systems,
• evidence that the EML representation provides measurable advantages rather than aesthetic ones.

The bar is appropriately high, and EML does not yet meet it.

Yet.

Just as importantly, I do not currently see evidence that rules it out either. There is still substantial work to be done before a decisive answer can be reached in either direction.

Closing Thought

The strongest claim I am comfortable making today is a narrow one.

Andrzej Odrzywołek’s paper presents an idea serious enough to test rather than merely admire.

A minimal one-operator language, paired with concept expansion and reproducible experiments, is already sufficient to ask meaningful questions about symbolic regression. Whether it becomes a practically strong route is still unresolved.

That uncertainty is not a weakness. It is the reason the project exists.

And for the moment, it remains interesting enough to keep distracting me from other work.

I will keep you apprised.

When an Advertising Empire Faces an Existential Threat

In discussions about Alphabet and artificial intelligence, the situation is often framed as a familiar technology contest: can Google remain competitive in models, can Gemini keep pace, can DeepMind continue to produce frontier research, and can Alphabet retain leadership in a market that now includes OpenAI, Anthropic, and other challengers?

That framing is too narrow. Artificial intelligence is not, for Alphabet, primarily an adjacent contest.

Alphabet is entering this transition from inside a specific economic structure. That structure determines both the nature of the threat and the kind of response the situation requires.

The Revenue Structure

Alphabet is often described as a diversified technology company. The description is not false, but it is incomplete in the one place that matters most.

Its financial center of gravity remains advertising.

In 2025, Alphabet generated $402.8 billion in total revenue. Of that, $294.7 billion came from Google advertising. Google Search and other advertising accounted for $219.2 billion, and YouTube advertising contributed another $45.2 billion. Google Cloud was large at $58.7 billion. Subscriptions, platforms, and devices added $48.0 billion. Yet the basic structure remained unchanged. The company was still funded primarily by advertising.

This distinction matters because advertising is not simply one revenue line among many. It is the economic foundation on which the rest of Alphabet’s strategic freedom rests. The company’s research capacity, capital flexibility, and tolerance for long investment cycles are all reinforced by the durability of that engine.

That engine depends on continued control over the surfaces through which user intent is expressed, routed, and monetized.

Search has long served that role. YouTube has done so in a parallel way for a different class of attention. Together they have supported an empire built not merely on software, but on the repeated capture of human intent at scale.

That is why the rise of large language models is more dangerous to Alphabet than ordinary competition. What is under pressure is not simply product positioning, but the long-term security of the mechanism through which Alphabet captures intent and turns it into revenue.

The Threat Before Decline

This does not require Search to have already entered visible collapse. That is not what the present evidence shows.

Alphabet’s own reporting indicates that Google Search and other revenue continued to grow through 2025. The company also said in 2025 that it continued to see overall query growth, including on Apple devices and platforms.

But structural threats do not need to begin as top-line decline in order to be real. They begin when the first signs appear that the old route is no longer the only route.

That is what makes the Safari signal significant. In May 2025, Apple executive Eddy Cue said searches on Safari had fallen for the first time in the period he described and linked that decline to users turning to AI. Google responded by saying that total query volume remained higher overall. Those claims are not mutually exclusive. Search can continue growing in aggregate while still showing the first visible signs of substitution in important channels.

That is the condition that matters.

The strategic danger to Alphabet is not that Search has already failed. It is that the first credible signs have appeared that Search may no longer remain the singular default path through which users resolve information and action. If models increasingly answer, decide, summarize, and execute without routing users through Google-controlled advertising surfaces, then the long-term exposure is obvious.

Search does not need to disappear in order to lose centrality. It only needs to become less necessary.

That is a different kind of threat than the kind Alphabet has historically managed.

The Economic Asymmetry

If that were the whole story, the analysis would be straightforward. Alphabet would face a major threat to its core revenue engine and would have to adapt as best it could.

But the structure is more interesting than that. Alphabet does not only have exposure. It also has unusual room to act.

As of the end of 2025, Alphabet held $126.8 billion in cash, cash equivalents, and short-term marketable securities. During the same year, it generated $164.7 billion in operating cash flow and $73.3 billion in free cash flow. This is not simply inherited scale. It is ongoing financial power of unusual magnitude.

This matters because the firms most commonly described as Alphabet’s frontier AI rivals are funded from much narrower structures.

OpenAI has grown at extraordinary speed. Its annualized revenue had surpassed $25 billion by March 2026. In the same period, it raised $122 billion at a valuation of about $852 billion. It is not expected to become cash-flow positive until 2029 and is targeting roughly $600 billion in compute spending through 2030.

Anthropic is now operating at comparable scale. Its annualized revenue had reached $30 billion by April 2026, overtaking OpenAI’s previously disclosed annualized pace. It also raised $30 billion in February 2026 at a $380 billion valuation.

These firms are no longer small. But their structure remains narrower.

Their economics depend much more directly on monetizing model access, enterprise usage, and related AI services. Alphabet’s position is different. Alphabet does not need intelligence itself to remain scarce in order to preserve the whole of its business. It can afford lower margins at the model layer more easily than firms whose survival depends on charging for that layer directly. Value can still be recaptured elsewhere: in cloud, in ecosystem lock-in, in developer pathways, in operating systems, in distribution, and in the control of the broader execution environment.

That difference is decisive. Alphabet is not merely a participant in the market that is emerging; it is one of the few actors capable of changing the economics of that market itself.

From Competition to Attrition

This is where most analysis becomes too narrow.

It continues to treat Alphabet as though its strategic task were to win a peer race against OpenAI and Anthropic. Under that view, the main questions concern model quality, product speed, distribution, and benchmark progression.

But Alphabet’s strongest position does not lie primarily in outperforming those firms within the same frame. Its stronger position lies in the fact that it can survive a harsher pricing environment more easily than its competition.

That changes the strategic logic.

A company whose business depends on premium access to intelligence is vulnerable to declining scarcity. A company whose economic core lies elsewhere can help accelerate that decline without placing itself under equal pressure. Alphabet does not need frontier model access itself to remain the only profitable surface. It only needs the surrounding structure to remain favorable to its broader control.

That creates the basis for a war of attrition.

The company can lower the threshold for local deployment, compress the perceived distance between premium and non-premium model access, use open and semi-open releases not merely as ecosystem gifts but as downward pressure on the defensibility of the model-access business itself, and make the market harsher for firms whose cost structures require greater preservation of scarcity.

This is not an incidental side effect of its position. It is the strategic implication of its position.

A Dangerous Precedent

There is also a reason this situation should be read with more anxiety than optimism.

Alphabet has faced a narrowing window before.

In cloud, Google possessed formidable internal infrastructure, major technical advantages, and many of the ingredients that should have allowed it to shape the market early. Yet it did not convert those strengths into dominant position. Azure and Google Cloud became the second- and third-biggest cloud players, but AWS remained the defining force, with Azure firmly ahead of Google. Google Cloud did expand market share meaningfully over time, but from the position of an also-ran rather than the market’s defining power.

The point is not that Google failed to build strong technology. The point is that having a window of opportunity is not the same as using it correctly.

Cloud should now function as precedent rather than reassurance. The last time Google had the assets to shape a major structural transition, it failed to translate technical position into strategic primacy. That history matters because the stakes are higher here. In cloud, Google risked underperformance in an adjacent strategic market. In AI, it risks long-term pressure on the revenue core that finances the whole company.

A company that already failed to exploit one major window should not assume the next one will remain open indefinitely.

A Shrinking Window of Opportunity

Yet even a structural advantage does not remain available forever.

Timing matters.

A strategy of attrition is easiest to execute while rivals remain financially dependent, organizationally narrow, and not yet deeply embedded. It becomes harder as they accumulate capital, enterprise contracts, infrastructure commitments, and broader systemic importance.

That transition is already underway.

OpenAI’s latest fundraising round was not merely large. It was of a scale that begins to change the character of the firm itself. Anthropic’s combination of revenue scale and financing does the same. These firms are no longer simply challengers. They are becoming institutions. The possibility of failure at firms such as OpenAI or Anthropic is already being discussed in terms of broader systemic consequences.

This does not mean they are literally too big to fail. It means that the commercial feasibility of bleeding them out declines with every additional quarter of scale.

That is the part of the situation that should sharpen urgency at Alphabet. The company still has the resources to act from a position of overwhelming strength. But the usefulness of that strength depends on time. A weapon available too late is not the same as a weapon available when it could still shape the structure of the field.

The Problem of Internal Temperature

At this point the decisive issue is no longer external. It is whether Alphabet understands the nature of its own predicament with sufficient consistency to respond proportionately.

Large organizations do not act with full force merely because the facts support such action. They act with full force when the seriousness of the threat is distributed through the organization at sufficient intensity. If urgency varies too widely across the company, then response varies with it.

Inside a company that large, the same moment can be absorbed by too many existing frames at once: model competition, cloud opportunity, ecosystem expansion, search continuity, and the reassuring fact that the revenue machine still works.

Under those conditions, the company does not merely disagree with itself. It loses the ability to arrive at the temperature required by the situation.

That is how inertia operates in successful firms. It does not present itself as passivity. It presents itself as continuity. The company continues to move, continues to invest, continues to launch, continues to optimize. But it does so at the temperature of business as usual even while the basis of that business is coming under structural pressure.

Hubris intensifies this condition. Not hubris in the theatrical sense, but the quieter form: the belief that because the fortress has held for so long, its vulnerability must still be limited. Search has been so dominant for so long that its future erosion can still appear gradual, distant, or containable even when the mechanism of substitution is already visible.

Once that belief takes hold, the company responds as a giant entering a new arena rather than as an empire confronting pressure on the revenue heart that made it an empire.

That difference in framing determines everything that follows.

Governance and the Missing Escalation

This is where governance becomes central.

A company can possess motive, means, and a shrinking window of opportunity and still fail if its internal structure cannot translate those conditions into unified action. The issue is not the presence or absence of intelligence inside the company. The issue is whether the structure of decision-making allows the company to react as though it is in a strategic emergency rather than a major but manageable transition.

This is the deeper significance of the contrast with Meta.

The relevant difference is not style or personality. It is that concentrated governance can react as one organism, while a consensus empire reacts through internal convergence across multiple power centers. In routine periods that difference is manageable. Under existential pressure it becomes strategic.

Alphabet’s structure is well suited to managing scale, balancing internal interests, and preserving a highly successful order. Those are not the same capacities required for escalation.

If the threat is severe enough, then a company cannot behave as though it is merely adding one more major initiative to an already functioning empire. It must behave as though the continued security of that empire is itself in question.

That is the threshold this situation increasingly resembles.

Strategic Emergency

If Alphabet had fully internalized the nature of the threat, it would not be operating at the temperature of ordinary adaptation. It would be operating at the temperature of strategic emergency.

It would understand that this is not merely a race for AI prominence. It is a struggle over whether the company that monopolized intent capture on the web can continue to occupy that position in a world where intent is increasingly mediated, compressed, and executed elsewhere.

It would understand that its advertising machine still gives it extraordinary force, but that this force derives from a structure now under pressure. It would understand that the firms challenging it are growing fast enough that delay itself is costly. It would understand that the central risk is not simply being outbuilt, but remaining too consensus-bound, too inertial, and too temperature-fragmented to respond with the severity the moment requires.

The danger to Alphabet is therefore not only the rise of OpenAI, Anthropic, or any particular rival. It is that the company continues to behave as though it is entering an important new market when it should already be in all-hands-on-deck mode.

Conclusion

Alphabet still derives the majority of its revenue from advertising. Search and YouTube remain the principal supports of the company’s economic structure. The first credible signals of substitution pressure on those surfaces have already appeared, even if top-line collapse has not. At the same time, Alphabet still has the balance sheet and cash generation to act from a position of unusual strength, while its principal rivals remain more dependent on the direct monetization of model access.

That combination should produce a very specific conclusion.

Alphabet should not be experiencing this moment as business as usual with more AI attached to it.

It should be experiencing it as an enemy at the gates.

When Access to Intelligence Becomes a Tiered Market

In discussions about frontier AI, it is often assumed that more powerful models will make intelligence more abundant. But abundance and access are not the same thing.

A model can become more capable while access to that capability becomes more stratified. In fact, the two may increasingly move together. The frontier can expand while the perimeter around it hardens.

This is the beginning of the token divide.

The token divide does not describe tokens merely as a technical accounting unit. It describes a market structure in which access to the strongest models, the highest limits, the longest-running workflows, and the most productive agentic loops is progressively segmented by price. OpenAI’s current pricing already reflects a ladder from Free to Plus to Pro to Business and Enterprise, with Plus at $20 per month and Pro at $200 per month, while Anthropic prices API access directly in token usage and states that Claude Opus 4.6 remains priced at $5 per million input tokens and $25 per million output tokens.

This is not a minor commercial detail. It changes how intelligence is distributed.

From Reach to Extraction

Early in a platform cycle, the dominant objective is often reach.

The priority is adoption, habit formation, and integration into everyday workflows. Generosity serves growth. Friction is reduced. Limits are set high enough to encourage dependency. During that phase, the strategic question is not how much value can be extracted from each user. It is how many users can be brought inside the system.

That phase appears to be ending.

OpenAI said in February 2026 that ChatGPT had reached 900 million weekly active users and 50 million paying subscribers. At that scale, the company is no longer merely proving demand. It is managing a market large enough for segmentation itself to become a core strategic lever.

Once a user base reaches that scale, the logic changes. The question becomes how access is divided.

The Pricing Shift

The pricing shift is visible in two different forms.

Anthropic’s approach is the more direct one. Usage is increasingly tied to token consumption. Revenue rises with actual compute demand. Heavy use is not hidden behind a flat monthly abstraction. It is exposed and billed. OpenAI’s approach is more layered. It combines broad subscriptions with progressively higher access tiers and, in some products, movement toward token-based accounting as well. OpenAI’s help documentation says Codex pricing was updated in April 2026 to align with API token usage rather than per-message pricing for Plus, Pro, Business, and new Enterprise customers.

These are different tactical responses to the same structural condition.

Agentic usage is expensive. Long-running workflows, parallel tasks, and deep reasoning loops consume far more compute than casual chat. A pricing model built for light conversational use becomes difficult to sustain once users begin treating frontier models as working systems rather than novelty interfaces. Anthropic’s public pricing for Claude Opus 4.6 and OpenAI’s tiered ChatGPT plans both make that pressure visible.

The token divide begins there.

It begins when frontier access is no longer priced mainly to attract users, but to sort them.

The Growing Divide

One consequence is easy to see: the divide grows.

As stronger models, higher limits, longer contexts, deeper research tools, and more sustained agent execution move upward into higher-priced plans, the distance between those who can afford frontier usage and those who cannot begins to widen. That widening does not need to be mathematically exponential to be structurally significant. It is enough that it compounds.

A user with access to the best model does not merely get better answers.

That user gets more attempts: more failed experiments survived, more iterations completed, more search space explored, more parallel workflows sustained, and more mistakes caught before they become costly.

In an agentic environment, these differences stack.

The result is that pricing no longer governs only quantity of use. It governs developmental velocity.

This is what makes the token divide more serious than an ordinary premium upgrade path. It is not just a matter of convenience. It is a matter of how much productive cognition can be purchased and sustained over time. OpenAI’s public plan structure already reflects large jumps in access between Free, Plus, and Pro, while Anthropic’s API pricing makes the cost of sustained advanced usage explicit.

The Small-Team Advantage

But that is not the whole picture.

The same structure that widens the divide also increases the leverage of small actors.

A single developer, or a pair of developers, with strong judgment and mastery of multi-agent workflows can now command an amount of software labor that would previously have required a much larger team. In that setting, the bottleneck shifts. Raw implementation ceases to be the main constraint. The main constraints become architectural clarity, orchestration skill, and budget discipline.

This is not a trivial shift.

It is liberating.

A $200 monthly budget for a frontier plan, or a few hundred dollars in carefully managed token spend, can now give a small operator access to an amount of synthetic labor that would once have been inaccessible. The human governance layer becomes more important precisely because the execution layer has become more fluid. OpenAI’s Pro tier is explicitly positioned around heavier use and substantially higher limits than Plus, while Anthropic’s pricing makes clear that the more capable agentic workflows remain available to those willing and able to pay for them.

That means the token divide has a dual effect: it stratifies access while also compressing the amount of scale required to matter. Those outcomes are not contradictory. They are two sides of the same transition.

The App Store Analogy

This pattern is not entirely new.

The early App Store also appeared radically flattening. Small developers could reach mass markets, and in some cases could compete with established firms on nearly equal footing. Distribution had been compressed. A single successful app could generate returns previously reserved for much larger organizations.

But that flattening was never unconditional.

It sat behind a gate: Apple hardware, Apple tooling, Apple rules, Apple economics. Over time, larger companies learned how to operate inside that gate more systematically. Individual success remained possible, but the broader relative advantage of scale reasserted itself. More resources still meant more development capacity, more marketing, more iteration, more resilience, and a better chance of success.

Frontier AI appears likely to follow a similar trajectory.

The initial effect is empowering because the technology genuinely increases the output of small teams. But once access to the strongest models becomes more metered and tiered, capital advantage begins to re-enter the system. The leverage of the individual rises in absolute terms, while the relative distance between large and small actors remains capable of widening.

That is not a failure of the technology.

It is a consequence of its pricing structure.

The Unknown Variable

This entire dynamic depends on one important uncertainty: whether local and open systems remain materially behind the closed frontier.

If they do, the token divide hardens. The strongest closed systems remain the best way to purchase high-end machine cognition, and those who can afford more of that cognition continue to move faster.

If they do not, the divide weakens.

Google’s Gemma 4 release matters in this context because it shows that strong open models continue to improve, and Google said in April 2026 that Gemma downloads had passed 400 million. That is evidence of real diffusion. It is not yet proof of frontier equivalence. Gemma 4 may be highly capable while still remaining below the practical ceiling of the strongest closed offerings.

That distinction matters.

The token divide is not inevitable in the strongest sense. It is conditional on the persistence of closed-model superiority at the top end. If open or local stacks cross the threshold of practical equivalence for the most valuable workflows, then access-based stratification becomes harder to sustain. If they do not, then the divide remains structurally significant.

The Structural Tension

This is why the token divide should not be understood as a simple story of exclusion.

It is more complicated than that.

Frontier AI may allow a single skilled developer to compete with a thirty-person software house in ways that were previously impossible. At the same time, the increasing use of tiered subscriptions, metered token billing, and higher-cost access paths may ensure that those with deeper pockets still ride the crest of the wave for longer.

The technology can flatten execution while preserving hierarchy.

It can reduce the scale required to compete while still increasing the value of being able to pay for more compute, more limits, and more continuity of access.

That is the real tension.

The token divide does not eliminate empowerment.

It conditions it.

Conclusion

The common intuition is that more capable models should make intelligence more abundant.

That intuition is incomplete.

What matters is not only how much intelligence exists, but how access to that intelligence is structured. Once frontier models move from reach-building to extraction, tokens cease to function merely as an internal billing unit. They become the mechanism through which access is divided, throttled, and priced.

That is the token divide.

Its effect is not singular: it widens the divide between users who can afford sustained frontier access and those who cannot; it gives small, highly skilled operators a level of leverage that would once have been unattainable; and it may empower individuals in absolute terms while preserving or even amplifying structural advantage in relative terms.

Whether that divide endures depends on a separate question: whether local and open systems can narrow the gap to the point of practical irrelevance.

If they can, access becomes harder to monopolize.

If they cannot, then frontier AI will not simply be a story of intelligence becoming cheaper.

It will also be a story of intelligence becoming tiered.

When Defensive Scarcity Creates a Strategic Perimeter

The significance of Mythos does not lie primarily in Anthropic’s claim that the model is dangerous. It lies in what Anthropic is doing because of that claim.

Anthropic is not treating Mythos as an ordinary frontier release. It is treating access to Mythos as something that must itself be selectively governed. The company says Claude Mythos Preview is a general-purpose unreleased frontier model that can surpass all but the most skilled humans at finding and exploiting software vulnerabilities, that it has already found thousands of high-severity vulnerabilities across major operating systems and browsers, and that it does not plan to make Mythos Preview generally available.

If that characterization is accurate, then caution is understandable. But caution alone does not settle the question; it changes it.

The Safety Argument

Anthropic’s public case is coherent on its own terms.

The company is not describing Mythos as a narrow cyber tool. It is describing it as a general frontier model whose gains in coding, reasoning, and autonomy have produced a downstream cyber capability severe enough to alter the balance between defenders and attackers. In that framing, the danger is not only that the model knows more. It is that it may compress the distance between vulnerability existence, vulnerability discovery, and vulnerability exploitation. Anthropic presents that compression as the reason broad release would be irresponsible.

That argument deserves to be taken seriously.

A company that genuinely believes it has trained a model capable of materially accelerating offensive cyber operations would be difficult to defend if it released that model as a normal public product.

Project Glasswing

Project Glasswing is Anthropic’s answer to the release problem. The initiative brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, while Anthropic also says it has extended access to more than 40 additional organizations that build or maintain critical software infrastructure. It has committed up to $100 million in usage credits and direct donations to open-source security organizations. Anthropic presents this as an urgent attempt to put Mythos-class capability to work for defensive purposes before similar capabilities proliferate more broadly.

That rules out the simplest criticism.

This is not a case in which Anthropic merely withheld a powerful model from the public and sold it to the highest bidder under a safety slogan. There is an actual defensive architecture here. There is also explicit recognition that the open-source layer matters. The Linux Foundation is included. Additional maintainers of critical infrastructure are included. Anthropic is at least attempting to frame this as more than an elite enterprise preview.

That strengthens Anthropic’s case.

It also makes the deeper problem harder to avoid.

Selective Defense

The central issue is not whether Anthropic has a public-interest rationale.

It is whether selective defense remains purely defensive once access itself becomes a source of asymmetry.

If Mythos materially improves vulnerability discovery and remediation, then the institutions that receive it first gain a real advantage over the digital environment they inhabit. Their systems can be hardened earlier. Their internal visibility can improve sooner. Their response cycles can compress faster. Others remain outside that perimeter, waiting for access, approval, partnership, or eventual diffusion. Anthropic may describe that as responsible prioritization. It is also a selective redistribution of security capability.

That may be justified.

It is still asymmetry.

This is where the release logic becomes more complicated than the phrase “defense first” suggests. Defense is not a universal category. Someone decides which defenders count first. Someone decides which systems are critical enough. Someone decides which institutions are inside the perimeter and which remain outside it.

That allocative power is not incidental to the story. It is part of the story.

The Open-Source Layer

The tension becomes clearer once the software ecosystem is viewed from below rather than above.

Modern digital society is not sustained only by hyperscalers, banks, operating system vendors, and cybersecurity firms. It is also sustained by shared open-source infrastructure, underfunded foundations, and maintainers whose work sits much closer to the base of the stack. Anthropic’s own materials make that impossible to ignore. The company says Mythos has found vulnerabilities in widely shared infrastructure including OpenBSD, FFmpeg, and the Linux kernel. It says those vulnerabilities were reported and patched, and it presents this as evidence of defensive value.

That point cuts both ways.

It strengthens Anthropic’s case because it shows that the company is not wrong about the stakes. If a model can uncover flaws that survived decades of review in software like that, then the security problem is real. But it also sharpens the contradiction. If the strongest justification for selective release is that shared infrastructure must be hardened before comparable offensive capability proliferates, then the maintainers of that shared infrastructure should not appear as a secondary moral afterthought. They should be central to the governing logic of access.

Anthropic has publicly acknowledged that layer. It has not publicly shown that this layer governs the allocation. That is a narrower claim than saying open source has been ignored, and it is also the more serious one.

Divergent Interests Inside the Defensive Perimeter

Project Glasswing is presented as a defensive coalition, but that description is incomplete.

A coalition of software companies, infrastructure firms, open-source institutions, and governments does not automatically imply a unified objective. These actors may all care about cybersecurity, but they do not necessarily optimize for the same outcome.

For a software vendor, the preferred outcome is usually straightforward: identify vulnerabilities, patch them quickly, and reduce exposure across the installed base.

For a national security state, the calculus can be different. A vulnerability is not only a flaw to be removed. It can also be a source of strategic access. The United States formally recognizes this tension through the Vulnerabilities Equities Process, which exists because agencies may face a choice between disclosing vulnerabilities so they can be fixed and restricting disclosure for intelligence or law-enforcement purposes. That conflict is therefore not speculative. It is institutionalized.

This means the category Anthropic calls defenders is not internally coherent.

Some members of the perimeter may want the world’s software hardened as quickly as possible. Others may have reasons to preserve selective asymmetry. These goals can overlap in part. They do not collapse into one another.

That tension is not new. Governments have repeatedly pushed technology companies on lawful access and encryption, while those companies have argued that deliberately weakened protections create broader systemic risk. Apple made that case explicitly in its public dispute with the FBI, arguing that creating a mechanism to bypass security protections would not remain safely contained. The Five Eyes governments have also openly urged technology providers to create lawful access solutions and warned that legislative or other measures could follow if voluntary cooperation proves insufficient.

The outward projection of unity therefore does not resolve the deeper conflict.

It may conceal it.

Government Access and Commercial Access

This is where the structure becomes especially difficult to read cleanly.

Anthropic places governments and companies within the same broad defensive narrative. But Anthropic also already maintains a separate line of Claude Gov models for U.S. national security customers, designed for classified environments and tailored to government use. That means differentiated access by customer class is not hypothetical. It already exists.

That fact raises obvious questions even where public evidence remains incomplete.

Will government users receive the same Mythos as corporate users, or a modified version? Will state customers gain deeper capability, less constrained tooling, or more sensitive operational latitude? If a government user values retained access in some cases while a software company values immediate remediation, whose priority governs the perimeter?

The public record does not answer those questions.

But it does make them reasonable questions.

Once a frontier lab grants selective access to a model it says is too dangerous for the public, and once part of that selective perimeter includes state actors whose interests may diverge from broad software hardening, access control ceases to be a narrow product decision. It becomes a geopolitical allocation problem.

A New Role for Frontier Labs

Once a frontier model is withheld from general release but distributed selectively to chosen institutions, the lab that controls it is no longer operating only as a product company.

It is operating as an allocator of strategic capability.

That role may be unavoidable. If Anthropic’s characterization of Mythos is broadly correct, then general release would be difficult to justify. Project Glasswing may therefore represent a genuine attempt to create a defensive head start before the wider diffusion of similar capabilities. Anthropic’s case should not be dismissed out of hand.

But necessity does not eliminate the need for scrutiny.

It increases it.

Because once a private company begins deciding which institutions receive early access to capabilities that may materially affect the security of shared digital infrastructure, public safety and strategic customer formation become difficult to separate cleanly. Anthropic may be trying to reduce systemic risk. It may also be constructing a bespoke perimeter of institutions that can pay, partner, and persist as long-term privileged users of Mythos-class capability. Those two things are not mutually exclusive.

That is what makes the situation structurally uncomfortable.

The Question Mythos Raises

The most important question is therefore not whether Anthropic should have released Mythos openly.

It should not have, if Anthropic’s own characterization is accepted.

The more difficult question is whether Mythos reduces systemic risk by giving defenders a head start, or whether it redistributes that risk by hardening one selected perimeter faster than the shared software substrate beneath it while leaving unresolved conflicts inside that perimeter itself.

Project Glasswing makes Anthropic’s case more credible because it shows that the company is attempting a structured defensive rollout rather than a normal premium release.

Project Glasswing also makes the tension harder to ignore because it reveals who gets first access, and therefore reveals the asymmetry Anthropic is deliberately creating.

That tension should not be flattened.

Anthropic may be acting responsibly.

Anthropic may also be normalizing a regime in which the most strategically significant frontier models are neither public tools nor ordinary enterprise products, but selectively allocated instruments whose first beneficiaries include institutions that do not fully share the same interest in universal hardening.

If so, Mythos matters not only because of what it can do. It matters because of who gets to do it first.

When Openness Becomes Structurally Destabilizing

The significance of Gemma 4 does not lie primarily in its benchmark position, its parameter counts, or its deployment targets. It lies in where the release lands within the structure of the market.

Google introduced Gemma 4 as an Apache 2.0 open model family built from the same research base as Gemini, with explicit emphasis on advanced reasoning, agentic workflows, multimodality, long context, and deployment across local and larger compute environments. It is not an experimental side branch. It is a serious open-weight release from one of the few firms plausibly competing for commercial dominance at the same time.

That combination is unusual.

Open-weight pressure on commercial model vendors has often come from firms operating outside the center of the U.S. commercial stack. Chinese firms played a major role in that shift. DeepSeek’s releases helped demonstrate that open weights could exert real pressure on the economics of commercial frontier systems, while Moonshot’s Kimi K2.5 extended that pressure into multimodal and agentic territory.

For a time, this suggested a clear directional trend. The gap between commercial systems and open-weight alternatives appeared likely to keep narrowing through outward diffusion. If the strongest open challengers kept releasing aggressively, the scarcity on which commercial model access depends would come under increasing pressure.

That is no longer the only visible trend.

Alibaba, after helping establish Qwen as one of the strongest open-weight ecosystems, has recently begun releasing newer high-performance models such as Qwen3.5-Omni and Qwen3.6-Plus as proprietary offerings aimed at enterprise monetization. The underlying logic is not difficult to see. Ecosystem expansion and value capture are not the same objective. A firm may release openly to gain relevance, then become more selective once direct monetization becomes more attractive.

This matters because selective closure at the top reopens distance.

If the strongest open challengers no longer diffuse their best increments at the same rate, the gap between open and commercial systems becomes more stable again. Not because open models stop improving, but because the frontier becomes less freely transmissible.

That creates an opening, and Google stepped into it.

Two Different Exposure Profiles

The strategic significance of Gemma 4 becomes clearer once the U.S. field is divided into two groups.

The first consists of firms with large alternative revenue structures. Google belongs here. Meta largely does as well. For such firms, model capability is strategically important, but it does not have to carry the full weight of monetization on its own. Intelligence can reinforce other systems: cloud, operating systems, productivity software, developer ecosystems, distribution channels, advertising surfaces.

The second consists of firms more directly dependent on turning model access itself into durable recurring revenue while carrying large capital and infrastructure burdens. OpenAI and Anthropic are more exposed to this condition.

This distinction is structural, not moral: a diversified firm can survive falling scarcity more easily than a model-native firm can.

That is what makes Gemma 4 more consequential than an ordinary open release. When an outsider releases strong open weights, incumbents face pressure from below. When a central commercial player does the same, the pressure is applied from within the same competitive layer.

Google is not abandoning the proprietary market by releasing Gemma 4. It is occupying both sides of the boundary at once.

Openness From the Center

That position is strategically powerful.

Gemma 4 strengthens Google’s ecosystem, expands developer adoption, and increases the reach of Google-defined tooling and model assumptions. That is the obvious part. The less obvious part is what such a release does to the rest of the market.

By normalizing a highly capable open-weight family from within the commercial leadership tier, Google weakens the argument that advanced capability must remain primarily behind paid interfaces. Commercial models do not disappear under those conditions. But the basis of their defensibility shifts.

Access alone becomes a weaker moat.

As that moat weakens, value migrates toward adjacent layers: infrastructure, workflow integration, enterprise embedding, identity and trust, compliance, distribution, and operational reliability.

This does not eliminate advantage.

It reallocates it.

That reallocation is especially dangerous for firms whose business models remain more directly tied to monetizing model access itself. They face pressure from two directions at once. Above them sits the fixed cost of large-scale inference and capital expenditure. Below them sits the diffusion of increasingly capable open-weight alternatives.

In such an environment, the central question is not who is ahead.

It is who is exposed.

The Unintended Pressure

Google may not be pursuing Gemma 4 as an explicit attack on the business model of OpenAI or Anthropic. The visible motives are easier to describe in conventional terms: ecosystem expansion, developer goodwill, local deployment, compatibility with broader Google AI surfaces, and influence over the open-weight layer.

But intent is not the decisive variable here. Market structure is.

A company with Google’s revenue diversity can afford to make capable intelligence cheaper, more portable, and less scarce in ways that are structurally more dangerous to model-native rivals than to itself. Even without a deliberate predatory strategy, the consequence can still resemble one. Scarcity erodes. Pricing pressure rises. Model access becomes harder to defend as the core unit of value.

That is what makes the release destabilizing: not because Gemma 4 immediately collapses the commercial market, but because it shifts expectations about what must remain commercial at all.

Why This Matters Now

The timing sharpens the effect.

Had Gemma 4 arrived in a world where Chinese frontier challengers were still pushing the open-weight ceiling outward without hesitation, it would still have mattered. But it would have looked more like participation in an already established trajectory.

Instead, it arrives at a moment when some of the strongest open-weight pressure from China is beginning to split: continued openness in some areas, increasing selectivity and proprietary capture in others. That makes Google’s move more than additive. It is positional.

Where others were beginning to narrow the diffusion frontier, Google widened it again.

That does not make Google less commercial.

It makes its commercial position more resilient than that of firms whose monetization depends more directly on preserving distance between open and paid capability.

The Strategic Significance

Gemma 4 should therefore not be read mainly as a product release.

It is a structural move within a changing market.

Chinese firms helped demonstrate that open weights could compress the economic distance to commercial systems. Some now appear to be rediscovering the limits of openness once monetization becomes more urgent. Google stepped into that transition and filled the space with a release strong enough to reset expectations from the center of the market rather than the edge.

That is the strategic significance of Gemma 4.

Its intended effect is ecosystem expansion.

Its unintended effect is to increase instability in the economics of commercial model exclusivity.

Once a firm in Google’s position helps normalize powerful open weights, the market becomes harder for more exposed rivals to stabilize on their own terms.

The release does not end the distinction between open and commercial models.

It makes that distinction harder to defend.

The Structural Reallocation of Value in the LLM Industry

Executive Summary

The large language model (LLM) industry is often analyzed as a competition for scale: ever-increasing model size, expanding compute clusters, and rising capital commitments. That framing is incomplete.

The industry is better understood as a layered system undergoing structural transition. Three forces are converging:

1. Cost collapse compresses infrastructure advantage.
2. Performance convergence approaches the perception threshold.
3. Sovereignty incentives accelerate capability diffusion and fragment global consolidation.

These forces do not eliminate advantage. They alter where advantage can persist.

As inference efficiency improves and performance differences narrow, scale leadership alone becomes less defensible. When capability gaps fall below perceptual thresholds and local deployment becomes viable, exclusive access to intelligence weakens as a moat. At the same time, geopolitical pressures reduce the stability of global platform dominance by incentivizing parallel ecosystems.

The industry is bifurcating into two functional roles:

• Attention systems, optimized for engagement and centralized inference.
• Intent compilers, optimized for execution and compression of human interaction.

The likely long-term trajectory is commoditization of the intent compiler layer. The timing of that transition remains uncertain and path-dependent.

For capital allocators, the decisive question is not who builds the most capable model. It is which layers retain durable control as capability diffuses—and which layers become structurally exposed under cost collapse, perceptual convergence, and sovereignty-driven fragmentation.

I. The Category Error in “The AI Race”

Public discourse frames AI as a single race. That is a category error.

Artificial intelligence is a layered system. Large language models sit inside deep learning, which sits inside machine learning, which sits inside artificial intelligence. Around these layers exist orthogonal domains: hardware, distributed systems, infrastructure, identity, workflow integration.

Leadership in one layer does not imply leadership in another. The LLM race is therefore not a unified sprint toward intelligence, but a competition across:

• Model capability
• Infrastructure efficiency
• Deployment topology
• Integration depth
• Regulatory positioning
• Sovereign alignment

Misunderstanding this layered structure leads to misallocation of capital.

II. Cost Collapse and the Inhibiting Lead

In frontier AI, the dominant structural cost is inference. Training is episodic; inference is continuous.

Attention-driven systems process vast volumes of tokens daily. Infrastructure commitments—data centers, accelerators, power contracts—are sized around sustained inference throughput.

This matters because the industry operates under cost-collapse dynamics. Architectural improvements diffuse rapidly, optimization techniques propagate, hardware efficiency increases generationally, and open-weight replication shortens lag.

When cost per unit of capability declines faster than infrastructure can be amortized, early scale becomes exposed. This is the inhibiting lead: the firm that built for yesterday’s cost regime may be structurally burdened relative to a later entrant deploying under improved efficiency conditions.

In such environments, the question is not who is ahead. It is who is overexposed.

III. The Perception Threshold and Competitive Compression

Technical improvement does not automatically translate into economic advantage. Beyond a certain boundary, additional performance gains become imperceptible to users.

Once capability differences fall below that perception threshold:

• Switching incentives decline.
• Benchmark leadership loses pricing power.
• Integration and reliability dominate.

This dynamic interacts directly with cost collapse. If performance converges while infrastructure remains capital intensive, differentiation compresses precisely as exposure rises.

Engineering progress continues, but competitive advantage plateaus.

IV. Data Duality and the Illusion of Progress

Model progress operates along two axes:

• Skill-forming data, which builds structural reasoning capability.
• Fact-forming data, which refreshes temporal relevance.

Skill formation saturates gradually; fact formation resets continuously. Markets often mistake recency for intelligence.

As structural capability approaches perceptual saturation, fact refresh becomes more visible than skill growth. Releases can appear dramatic even when structural capability stabilizes.

This dynamic reinforces convergence. Apparent leaps can mask narrowing differentiation.

V. Local Parity and Deployment Topology

Local parity emerges when performance differences between centralized and local models fall below practical perception.

Equality is not required. Perceptual equivalence is sufficient.

As optimization, quantization, and hardware efficiency improve, locally deployable models become viable across bounded enterprise contexts.

Once local parity is achieved:

• Exclusive access to centralized intelligence ceases to function as a durable moat.
• Adoption decisions incorporate autonomy and jurisdictional control.
• Dependency risk becomes a strategic variable.

This is not merely a technological event. It is a structural inflection point.

VI. The Control Plane Split

As capability diffuses and parity expands, LLM deployment bifurcates.

Attention Systems

Attention systems are optimized for:

• Session duration
• Interaction density
• Centralized inference
• Engagement economics

They monetize human presence.

Intent Compilers

Intent compilers are optimized for:

• Task resolution
• Tool orchestration
• Workflow integration
• Interaction compression

They monetize reduced friction.

These two roles operate under opposing optimization targets: one extends interaction, the other compresses it. They coexist today within vertically integrated providers, but over time they are likely to separate functionally.

The economic variable is not model size. It is the allocation of the human hour.

VII. Sovereignty as a Structural Force

The LLM industry does not operate solely within commercial competition. LLMs are increasingly perceived as strategic infrastructure.

Outside the United States, adoption decisions incorporate sovereignty considerations:

• Dependency minimization
• Jurisdictional exposure
• Regulatory asymmetry
• Strategic autonomy

Capable models now exist across multiple geopolitical blocs. Diffusion is no longer hypothetical.

In this environment, the objective for some state actors is not dominance. It is prevention of dominance. That changes the equilibrium.

Diffusion becomes strategically incentivized, replication becomes subsidized, and parallel ecosystems become acceptable.

Global monopoly becomes structurally difficult. The LLM industry is moving toward multipolar fragmentation rather than unified consolidation.

VIII. Timescale: Consolidation Before Diffusion

Commoditization is a trajectory, not an event.

Near term:

• Frontier incumbents consolidate.
• Control-plane bundling deepens.
• Enterprise procurement favors convenience.
• Ecosystem gravity strengthens.

Medium term:

• Tool protocols standardize.
• Local parity expands.
• Sovereign deployments accelerate.
• Fragmentation stabilizes.

Long term:

• Intent compilers become infrastructural plumbing.
• Margin migrates to adjacent layers.

The uncertainty lies in duration. Cost collapse accelerates diffusion, enterprise inertia slows it, and geopolitics compresses global monopolization windows while potentially entrenching regional dominance.

IX. Margin Migration

If the intent compiler layer commoditizes, value relocates.

Upward:

• Workflow ownership
• Tool ecosystems
• Distribution control
• Enterprise integration platforms

Downward:

• Hardware acceleration
• Secure execution environments
• Identity and access control
• Observability and governance layers

The compiler becomes necessary but insufficient. Durable margin accrues to those who control:

• The orchestration graph.
• The data surface.
• The integration boundary.

Attention systems may retain margin through engagement economics. Intent compilers trend toward standardization.

This is not industry collapse. It is value reallocation.

X. Implications for Capital Allocation

The structural forces described above suggest regime-dependent exposure rather than uniform outcomes. Several asymmetries are emerging:

1. Infrastructure Exposure Under Cost Collapse
Players whose economics depend on sustained high-throughput inference are exposed when efficiency improves faster than their infrastructure can adjust. If cost per token declines faster than infrastructure can be amortized, early scale may convert from advantage into balance-sheet rigidity. The relevant variable is not current capability, but capital elasticity under changing cost regimes.

2. Diminishing Pricing Power Beyond the Perception Threshold
When performance differences fall below practical perception, benchmark leadership loses pricing leverage. At that boundary, cost, integration depth, reliability, and distribution become decisive. Technical superiority that remains imperceptible ceases to generate proportional economic return.

3. Local Parity and Autonomy Incentives
As locally deployable models reach perceptual equivalence within bounded workflows, dependency risk becomes a first-order adoption variable. Exclusive access to centralized intelligence weakens as a durable moat. Competitive differentiation shifts toward operational systems rather than model capability itself.

4. Sovereignty as a Constraint on Global Dominance
In sovereignty-sensitive markets, dominance can become self-limiting. The greater the concentration of capability within a single jurisdiction, the stronger the incentive for parallel capability to emerge. This does not eliminate incumbency, but it shortens the window for uncontested global consolidation and increases the probability of multipolar equilibrium.

5. Margin Migration Rather Than Margin Destruction
If the intent compiler layer commoditizes over time, value does not disappear—it relocates. Durable advantage is more likely to accrue to those controlling:

• Workflow integration
• Identity and access control
• Tool ecosystems
• Distribution boundaries
• Hardware abstraction and execution environments

The compiler becomes necessary infrastructure. Control over its surrounding ecosystem becomes economically decisive.

The central economic variable across these dynamics is human attention time. Attention systems monetize it by extending interaction. Intent compilers create value by compressing it.

The strategic question for allocators is therefore not which model is largest, but which layer maintains durable control over the boundary between human intention and machine execution—and how that control behaves under cost collapse, perceptual convergence, and sovereignty-driven fragmentation.

Advantage will persist in this industry. It will not persist in the same place.

Conclusion

The LLM industry is not a singular race for intelligence. It is a transition from centralized capability scarcity toward distributed execution infrastructure within a geopolitically fragmented environment.

Cost collapse challenges early scale. Perceptual convergence compresses differentiation. Sovereignty accelerates diffusion.

Commoditization of the intent compiler layer appears structurally likely, but the timeline remains uncertain.

Capital advantage will not disappear. It will migrate.

Understanding where—and on what timescale—is the central analytical task for this industry.

When Diffusion Becomes Strategically Incentivized

Public analysis of artificial intelligence competition often assumes a commercial framework: firms invest, firms compete, firms win or lose, and market share shifts accordingly.

That framework is useful, but incomplete.

Large language models are increasingly perceived not merely as products, but as infrastructure. Infrastructure operates under a different logic because it does not exist only within markets. It also exists within jurisdictions.

Once a technology becomes strategically significant, sovereignty enters the equation.

Beyond Commercial Incentives

In purely commercial competition, firms seek dominance. They pursue scale, efficiency, and distribution in order to secure advantage over rivals. Consolidation is a natural outcome when network effects, capital intensity, or technical superiority allow it.

But when a technology is treated as strategic infrastructure, dominance itself can become destabilizing.

States and institutions do not evaluate risk solely in terms of price and performance. They evaluate it in terms of dependency. Reliance on an external provider—especially one governed by a foreign jurisdiction—introduces exposure that cannot be measured only in economic terms.

In such contexts, the objective is not necessarily to win. It may be to prevent unilateral control.

This shift in objective alters the competitive equilibrium.

Dependency as a Risk Variable

As capable models become embedded in workflows, decision systems, and critical processes, the question of control becomes structural.

Who controls access? Who controls updates? Who controls pricing? Under whose jurisdiction does the system operate?

When advanced capability is delivered exclusively through centralized infrastructure, dependence deepens. Even moderate performance advantages may be outweighed by concerns about jurisdictional exposure, regulatory asymmetry, or strategic vulnerability.

The threshold for “good enough” therefore shifts. It is no longer determined solely by technical superiority; it is shaped by autonomy.

Diffusion Under Strategic Pressure

In a purely commercial environment, diffusion follows economic incentives. Knowledge spreads because it is profitable to replicate it.

In a sovereignty-sensitive environment, diffusion is also strategically incentivized.

Parallel ecosystems may be funded for redundancy as much as competition. Replication may be pursued for autonomy as much as market share. Open deployment models gain appeal not just because they are flexible, but because they preserve control.

This does not eliminate competition. It changes its structure.

Global monopoly becomes harder to sustain, while multipolar capability becomes more stable.

Even if one ecosystem achieves temporary leadership, the existence of viable alternatives reduces the likelihood of durable global dominance.

Fragmentation Without Collapse

Sovereignty pressure does not imply technological stagnation. Nor does it imply equal capability across blocs. Performance differences may persist.

What changes is the consolidation dynamic.

Instead of a single global standard, multiple regional or jurisdictional ecosystems can coexist. Standards may converge technically while remaining institutionally distinct. Interoperability may exist alongside political separation.

In such an environment, diffusion accelerates even when commercial incentives alone might have favored concentration.

The presence of capable alternatives—even if marginally inferior—constrains the strategic leverage of leaders.

The Structural Consequence

When sovereignty becomes a decision variable, the industry no longer operates under a single competitive logic.

Commercial scale and technical leadership continue to matter, but autonomy and jurisdictional control become parallel forces.

This alters the expected trajectory of consolidation.

The question shifts from who can dominate globally to who can sustain advantage within fragmented ecosystems.

In markets governed solely by commercial incentives, monopoly is possible.

In markets governed by sovereignty incentives, monopoly becomes structurally unstable.

The large language model industry increasingly resembles the latter.