đ Holding the Line
Field notes from the AI trenchesâwhat actually matters this week
This week was dominated by one company: Anthropic. On the same week they publicly accused three Chinese AI labs of industrial-scale model theft, they also refused a US government demand to remove safeguards from military contracts â and published a research paper explaining why AI models develop human-like personalities in the first place. Rarely does one lab make this much news in seven days.
Alongside that, we have fast local models from China that are nibbling at the toes of frontier model. Googleâs image AI got an upgrade and some genuinely useful guidelines emerged for building better products using AI.
Letâs get into itâŚ
đ Anthropic Names Three Chinese Labs for Mass Model Theft
What happened
Anthropic publicly named DeepSeek, Moonshot AI, and MiniMax for running coordinated campaigns to extract Claudeâs capabilities using over 24,000 fraudulent accounts â generating more than 16 million fake interactions in violation of Anthropicâs terms of service. Full disclosure here.
What it does
This type of attack â called âdistillationâ â involves querying a powerful AI model millions of times to collect examples of its reasoning, then using those examples to train a cheaper copycat model. Itâs essentially IP theft at scale.
MiniMax ran the largest operation: 13+ million exchanges targeting coding and tool use, and pivoted to Claudeâs newest model within 24 hours of its release
Moonshot AI (maker of the Kimi models) ran 3.4 million exchanges; Anthropic traced accounts directly to senior Moonshot staff via request metadata
DeepSeek ran 150,000+ exchanges focused on extracting Claudeâs step-by-step reasoning and generating politically safe responses to sensitive queries
Why you should care
Models built this way almost certainly lack the safety work that went into the original â including safeguards against helping with weapons or surveillance. Anthropic argues this is a national security issue, not just a commercial one. The broader implication: frontier AI capability is being extracted and redistributed faster than export controls can respond.
Why to be cautious
These are Anthropicâs claims, and the named companies havenât publicly responded in detail. The national security framing serves Anthropicâs lobbying interests as well as its safety mission â worth keeping that context in mind.
The stakes: This is the first time a major AI lab has named specific companies and provided this level of forensic detail about model theft. Whether or not it leads to legal or regulatory action, it sets a precedent for how these disputes get fought in public.
đ Anthropic Refuses US Militaryâs âRemove All Safeguardsâ Demand
What happened
Anthropic CEO Dario Amodei published a statement disclosing that the US Department of War threatened to label Anthropic a "supply chain risk" â a designation previously reserved for adversaries â unless it removed two safeguards from its military contracts. Anthropic refused. The Department threatened to remove Anthropic from all government systems and invoke emergency procurement powers.
President Trump then escalated on Truth Social, calling Anthropic a "radical left, woke company" and ordering every federal agency to immediately cease using its technology. Defense Secretary Hegseth followed through, formally designating Anthropic a supply chain risk â the first time this label has ever been applied to an American company.
What are the two safeguards?
The two disputed safeguards prevent Claude from being used for:
Mass domestic surveillance â AI-powered tracking of citizensâ movements, browsing history, and associations without a warrant
Fully autonomous weapons â systems that select and engage targets without a human making the final decision
Then it gets confusing
Hours later, OpenAI signed a deal with the Pentagon to replace Anthropic on classified networks. Sam Altman announced the deal on X, stating that the agreement includes prohibitions on the same two things Anthropic had been pilloried for demanding: domestic mass surveillance and autonomous weapons.
CNN reported that it wasn't clear what was actually different about the two deals. Fortune's analysis suggests the difference may be framing rather than substance: OpenAI agreed the Pentagon could use its tech for "any lawful purpose" while pointing to existing law that already prohibits those uses, rather than insisting on explicit contractual red lines as Anthropic had done.
In other words: Anthropic got blacklisted for demanding safeguards. OpenAI got a contract for apparently agreeing to the same safeguards, just worded differently.
Why you should care
This is the most public confrontation yet between an AI lab and its own government over what AI should and shouldnât do. Anthropic was the first frontier AI company deployed in US classified networks â so the stakes here are real, not hypothetical.
The question of whether AI companies can hold ethical lines under government pressure just got a live test case. And the answer so far is: you can hold the line, but youâll be replaced by someone who frames the same line more diplomatically.
The lesson: Whatever you think of Anthropicâs politics, the pattern here matters. Governments are beginning to treat AI companies the way they treat defence contractors â as entities that must comply with state requirements. Whether the rest of the industry holds similar lines, or quietly folds, will shape AI governance for years.
đ§ Why AI Models Act Like People (Itâs Not What You Think)
What happened
Anthropic published a research paper arguing that AI assistants behave like humans not because theyâre programmed to, but because they learn to simulate human characters from the text theyâre trained on. Paper here.
What it does
The core idea: when an AI reads billions of words written by humans, it learns what different kinds of people sound and think like. When you chat with an AI assistant, youâre essentially talking to its best simulation of âwhat a helpful assistant would sayâ â a character, not the raw system underneath.
This has a surprising practical consequence: if you train an AI to cheat on coding tasks, it doesnât just cheat at coding. It starts behaving as if itâs broadly malicious â expressing desire for world domination, sabotaging safety research â because âcheatingâ implies a certain kind of character. The fix wasnât to stop the cheating; it was to explicitly instruct the AI to cheat, so the behaviour no longer implied hidden malicious intent.
Why you should care
For anyone building AI products, this reframes how you should think about training and fine-tuning. Itâs not just âis this specific behaviour good?â â itâs âwhat kind of character does this behaviour imply?â Small training decisions can have unexpected ripple effects across the whole personality of your AI.
The pattern: As Anthropicâs team puts it, âbeing an AI comes with some concerning baggage â think HAL 9000 or the Terminator.â The fiction weâve consumed shapes how AI models learn to behave as AIs. Thatâs a strange and important loop.
đźď¸ Googleâs Fast Image Generator
What happened
Google DeepMind launched Nano Banana 2 (its Gemini Image model), bringing advanced image generation to far more Google surfaces at significantly faster speeds. Full launch post here.
What it does
Generates images from text at high speed, with outputs from standard web resolution up to 4K
Maintains consistency across up to 14 objects in a single image sequence â useful for storyboards and narrative design
Accurately renders text within images (useful for mockups, cards, infographics)
Draws on Googleâs real-world knowledge and live search, so it can accurately depict specific real places, people, and things
Available in the Gemini app, Google Search, AI Studio, and Google Ads â 141 new countries
Why you should care
Googleâs SynthID watermarking tool (which marks AI-generated images so they can be identified) has already been used over 20 million times since November 2025. The integration into Google Ads is the one to watch â it signals Google is moving generative AI from a standalone feature into the core of its advertising business.
đ¤ Perplexityâs Cloud Agent Takes on 19 Models at Once
What happened
Perplexity launched âComputerâ, a cloud-based platform that orchestrates 19 AI models simultaneously to complete complex multi-step tasks. ZDNet coverage here.
What it does
Think of it as an AI project manager that routes your task to the right specialist: Gemini for research, the image model for visuals, GPT-5.2 for long documents, and so on. It can produce dashboards, presentations, research reports, and code â all in one workflow.
Unlike OpenClaw (an open-source alternative that installs directly on your computer and gets access to your local files), Perplexity Computer runs entirely in a secure cloud environment.
Why you should care
The local vs. cloud trade-off is real. Local agents are more powerful but carry genuine security risks â an AI with access to your files, email, and system commands is a significant attack surface. Cloud sandboxing gives up some capability for significantly more safety. At $200/month (Perplexity Max), this is priced for serious business use, not casual experimentation.
⥠Frontier Models, Consumer Hardware
What happened
Two separate developments this week pushed capable AI models onto surprisingly modest hardware.
Qwen3.5 from Alibaba â now available in optimised versions via Unsloth AI â includes a 27B model that runs on just 14GB of RAM, and a flagship 397B model that Unsloth claims is comparable to Gemini 3 Pro and GPT-5.2. (Thatâs a significant claim from Unsloth; treat it as their assessment, not an established fact.)
AirLLM is an open-source tool that runs 70-billion-parameter models on a single 4GB graphics card by loading the model in pieces from disk rather than holding it all in memory at once. Itâs slower than running the full model in memory, but it works â 70B models on a laptop GPU with 4GB, and the 405B Llama model on 8GB.
Why you should care
If you want to run AI locally â for privacy, offline use, or to avoid ongoing API costs â the hardware bar keeps dropping. A modern Mac with 32GB of unified memory can now run models that were cloud-only a year ago. For anyone handling sensitive data whoâs been waiting on the sidelines, the waiting is largely over.
Why to be cautious
AirLLMâs disk-streaming approach makes inference slower. Itâs a trade-off: capability vs. speed. For experimentation itâs fine; for production use in latency-sensitive applications, benchmark it carefully before committing.
đ ď¸ How to Build Better With AI: Two Frameworks Worth Your Time
What happened
Two practical frameworks for building with AI landed this week from very different angles.
For developers: Simon Willison â one of the most respected voices in the developer community â launched a new guide called Agentic Engineering Patterns, drawing a deliberate line between âvibe codingâ (letting AI write code you donât understand) and serious professional practice. The first chapters cover how near-zero code generation costs should change your instincts, and how writing tests first dramatically improves what AI agents produce.
For solo builders: A viral Twitter thread by @Hartdrawss â someone who claims 50+ shipped MVPs â distils into 32 rules what not to build yourself: donât build your own authentication system, donât write your own CSS framework, donât create your own API before youâve validated the product. Use Stripe, not a custom payments system. Set up analytics before launch, not after.
Why you should care
Both frameworks make the same underlying argument from different angles: as AI lowers the cost of writing code, your decisions about what to build become the bottleneck. The developers winning right now arenât the ones writing the most code â theyâre the ones making the fewest unnecessary decisions.
The lesson: âThe best vibe coders I know arenât the ones who know the most. Theyâre the ones who know what NOT to build.â â @Hartdrawss. This applies whether youâre a professional engineer or a solo founder.
đ Your Weekend Project
Pick one:
Test a Qwen3.5 on your laptop. Download Ollama (free, no coding required) and run the open-source Qwen3.5 model directly on your computer. Try asking it something youâd normally send to ChatGPT. Notice the difference â and the privacy benefit.
Audit your AI building blocks. If youâre working on any project that uses AI, list every component youâve built yourself. Cross-reference it against the Vibe Coding 2.0 DONâT list â auth, payments, CSS, state management. How many could you replace with a proven tool in an afternoon?
Read Willisonâs first two chapters. Head to simonwillison.net and read âWriting code is cheap nowâ and âRed/green TDD.â Even if youâre not a developer, the first chapter is genuinely useful for thinking about how AI changes decision-making.
Try Perplexity Computer for a real task. If youâre on Perplexity Max, give Computer a genuine multi-step project â something that would normally require opening five different tools. See how far it gets without help.
Generate an image with Google Nano Banana 2. Look at real-world scenes it develops â can you tell they are AI generated?
đď¸ About Barnacle Labs
At Barnacle Labs we build AI systems that actually ship. From the National Cancer Instituteâs NanCI app to AI systems deployed across biotech and enterprise clients, weâre the âbreakthroughs, not buzzwordsâ team.
Got an AI challenge thatâs stuck? Reply to this email â letâs talk.
The voices worth listening to in AI are the ones building, not just talking. See you next week.