Frontier AI models and regulatory capture

Regulatory capture of frontier AI models would be an absolute gift to the ecosystem of companies blessed to use them. Here’s a directly related prediction from Steve Yegge on June 18, 2026:

The AI race isn’t going to slow down, and AI will continue to grow exponentially in capability. Unfortunately, most of you aren’t going to see it progress anymore.

I am now in the camp who believe that we are only at most two or three model generations away from AI finally being controlled like nuclear weapons. Only a few will have access to superintelligence above the classes of models we’re seeing this year. As far as I can tell, most Fortune 500 companies will either not have access at all, or it will be tightly controlled for only a small subset of the company. And it will be supervised.

I think those with access to powerful frontier models will sell intelligence like a vending machine: You send them a software spec or a problem to solve, and their models implement it for you, on their servers, with your dollars.

The AI labs are opposed to this today. To wit, here is OpenAI’s GPT-5.6 announcement on June 26, 2026:

We believe in broad access, and we plan to make GPT‑5.6 Sol, Terra, and Luna generally available in the coming weeks. As part of our ongoing engagement with the U.S. government, we previewed our plans and the models’ capabilities ahead of today’s launch. At their request, we are starting with a limited preview for a small group of trusted partners whose participation has been shared with the government, before releasing more broadly. During this preview, we will continue testing and coordinating closely with partners as we work toward broader availability. We don’t believe this kind of government access process should become the long-term default. It keeps the best tools from users, developers, enterprises, cyber defenders, and global partners who need them. We are taking this short-term step because we believe it is the strongest path to broader availability in the coming weeks, while we work with the Administration to develop the cyber Executive Order framework and a repeatable process for future model releases.

It’s interesting to game out how they might reconsider, should the frontier labs find themselves in a situation where broad B2B adoption is no longer viable (or, is simply harder than leaning into an intelligence cartel).

  1. Exploits don’t cause cyberattacks: On thinking clearly about frontier AI advances and cyber conflict - “[M]ost of today’s attacker constituencies can currently achieve most of their desired outcomes using traditional means: simple phishing, credential stuffing, exploitation of known CVEs, etc. These constituencies aren’t likely to explode into hockey-stick adoption of AI vulnerability research tools. ❡ This should discipline our thinking about Mythos generating a discontinuous volume of cyberattacks, because, again, most attacker constituencies just aren’t blocked by vulnerability research for most of their workflows.”

  2. Finding Zero-Days with Any Model: Vulnerability discovery is an orchestration problem, not a frontier-model problem. - “[W]ell-resourced adversaries already use orchestrated workflows to hunt for zero-days at scale. They operate free from vendor usage policies, AUP friction during legitimate research, API rate limits on multi-hour runs, and curated access lists for embargoed frontier models. The seven-step refusal during severity assessment is exactly the asymmetry at issue: a defender doing legitimate work hit friction that a well-resourced adversary using uncensored open-weight models would not.”

May 19, 2026

Every AI Subscription Is a Ticking Time Bomb for Enterprise Permalink

For several years now, the pendulum has continued its swing towards “more AI, at any cost”, and it now feels like it has reached its apex.

OpenAI, Anthropic, Google, and the rest are running an industry-wide loss-leader program at a scale that has no precedent. They are selling enterprises filet mignon at gas station hot dog prices and calling it a business model. The gap between what your company pays for AI subscriptions and what it actually costs to serve those seats is not a rounding error. It is a gulf. And every organization that has built workflows, products, or entire business units on top of these subsidized prices is standing right on the edge of it. ❡ This should be front of mind for every CTO, CFO, and head of operations reading this. Because when the pricing corrects, and it will, the companies that treated AI as a permanently cheap utility are going to wake up to bills that make their current SaaS spend look quaint.

Security Operations Center (SOC) outcomes in the age of AI

For all the hype around AI and agentic Security Operations Center (SOC) solutions, what truly matters comes down to two questions:

  • What threats can you detect today that you couldn’t before?
  • What existing threats can you now detect consistently and provably faster?

There’s no shortage of benefits to leveraging AI across a cybersecurity program, and it’s easy to get lost in everything AI can do. But job number one for any SOC is detecting and responding to cybersecurity threats, and it doesn’t matter much how this is achieved (i.e., I don’t care if it’s humans or robots), so long as it’s effective.

Whether you’re a SOC manager, analyst, or buyer evaluating AI or agentic SOC solutions, working backwards from what your SOC is already supposed to deliver cuts through virtually all of the AI-related hype and noise.

Exploits and malware are still subject to the laws of physics

Why AI-powered vulnerability discovery and software exploitation don’t change the fundamentals of durable defense.

AI is going to make it faster and easier to find vulnerabilities and exploit them. Many advanced models including Claude Mythos, trained on code, CVEs, and exploitation tradecraft, will compress the time between vulnerability discovery and weaponization. This is real, and it deserves serious attention. But before we catastrophize, we should anchor to a few stubborn truths.

We’ve always had more malware than detection logic

Signature-based detection was always a losing race. Malware variants and malicious artifacts have outnumbered signatures for as long as both have existed. Behavioral detection improved the math considerably, and for organizations that invest in depth of coverage, it casts a net that most adversaries, human or AI-driven, will struggle to avoid. Still, the gap between what adversaries produce and what defenders detect has always been nonzero. AI widens this gap by lowering the cost for adversaries to scale the production side of the equation, but AI doesn’t fundamentally change its structure.

All software is subject to the laws of physics. An exploit has to be delivered, and if it lands, it has to be followed by additional, observable activities. An exploit may subvert a given control or suppress an expected behavior at a given stage of the attack chain, but it doesn’t exempt the target system from the constraints, controls, and observability built into the environment.

An exploit unlocks a door, but even chained exploits orchestrated by AI agents are not a skeleton key.

What defenders who are winning actually do

Organizations that are well-positioned today got there by making sound architectural decisions and disciplined operational choices:

Minimize attack surface. Rather than trying to defend everything equally, force activity through a small number of well-understood, well-defended, carefully monitored pathways or chokepoints. Shape the battlespace in your favor.

Implement zero trust and segmentation principles throughout. Require a combination of device and identity trust as a prerequisite for access, enforced at as many layers and as often as practical. An adversary who gains a foothold still has to make moves—segmentation and conditional access make movement impractical, or at minimum, noisy and observable.

Use deception to backstop other defensive controls. Honeytokens, decoy assets, and deceptive infrastructure have two defining characteristics: legitimate users don’t trigger them, and they are exceptionally inexpensive to deploy. Any interaction is, by definition, suspicious. In a world of high alert volume and limited analyst time, that kind of signal is invaluable.

Watch what’s left, and what’s most likely to be abused, like a hawk. The set of adversary techniques that appear in the majority of real-world intrusions is not large. From Red Canary’s 2026 Threat Detection Report:

[O]ver the last five years, we’ve detected at least one of the 10 most prevalent techniques in 46 percent of all detections. Over the same time period, we detected at least one of the top 20 techniques in 63 percent of detections.

The defenders who are winning have optimized for the set of prevalent techniques that almost all adversaries use, building detection coverage against it, investing in rapid investigation workflows, and standing up response capabilities that can act decisively when a threat is confirmed.

The volume problem is real, but also solvable

Attack volume will increase. There is no serious argument against that. More actors with access to more capable tools will generate more exploits and malware variants, more intrusion attempts, more noise.

Defenders who are well-positioned today will still be well-positioned tomorrow. Not because nothing is changing, but because the principles that make a defense durable—attack surface reduction, zero trust, high-fidelity signals, and behavioral detection—become considerably more important in the face of increased adversary volume, speed, and efficacy.

The clock has gotten faster. Time-to-detect, time-to-investigate, and time-to-respond all need to come down. AI agents and emerging automation are well suited for exactly this: triage, investigation acceleration, and response orchestration are tractable problems, and the tools are improving quickly.

AI is and will continue to change the nature of threats as we know them today. But I don’t believe it will change the fundamental structure of the problem for thoughtful defenders.