Technology

Who Gets the Real Thing

A Chinese model, a cyber weapon the public cannot touch, and a UFO clip that does not match its own caption. The common question is who controls access and who controls the story.

Manish Singh/June 28, 2026/5 min read

Five things crossed my feed in the same week, and they look unrelated until you ask the only question worth asking about any loud claim: who benefits from you believing it. A Chinese AI lab said to have caught up with a secret American cyber model. An American government quietly pulling the plug on frontier models. A two-tier rollout where the strong version goes to the state and the elites while everyone else gets the watered-down one. And a viral clip of UFOs splitting apart over Las Vegas with the words DISCLOSURE DAY IS HERE. Different subjects, same fault line. It is always about who is allowed to have the real thing, and who gets to narrate what happened.

The headline that does not say what it claims

Start with the cleanest example of a claim collapsing under its own compression. The post says China's Zhipu AI "matches Anthropic's Claude Mythos" at finding security bugs. That is a strong sentence. It is also not what the evidence shows.

The actual source is a single Semgrep benchmark, cheekily titled "We have Mythos at Home." On one task, detecting Insecure Direct Object Reference flaws across real codebases, Zhipu's open-weight GLM-5.2 scored about 39 percent F1, beating Claude Code at roughly 32 percent, and it found vulnerabilities at about 17 cents each. Notice what is missing. The comparison is against Claude Code running Opus-class models, not against Mythos, which is access-restricted and which nobody outside Anthropic's trusted programs can run. There is no Mythos head-to-head. There cannot be one. The "matches Mythos" framing is an inference dressed as a result.

Semgrep itself was honest about the limits. Their stated caveat was "this is one task, one dataset, one run," and their own purpose-built pipeline still beat both models at 53 to 61 percent. The question they were really chasing was how much of the performance comes from the model versus the harness around it, and the answer leaned toward the harness. Guillermo Rauch, who built Next.js, pushed back publicly on the parity story for exactly this reason: the circulating numbers come from a narrow test, not a contest with the restricted model.

None of that makes GLM-5.2 a non-event. It is a 744-billion-parameter mixture-of-experts model, MIT licensed, weights on Hugging Face, reportedly trained on Huawei Ascend chips with no Nvidia hardware, released the day after the US restricted foreign access to Anthropic's top models. That timing is the actual story. An open, cheap, sovereign model that lands within a few points of the closed frontier on coding benchmarks does not need to beat a secret American cyber tool to matter. It just needs to be good enough, open, and a fraction of the price. That is what punctures the containment logic, not a benchmark pun.

I will note one thing that deserves skepticism in the other direction. There are distillation allegations floating around, including suspiciously high answer-correlation between GLM and Claude outputs. The documented large-scale distillation case Anthropic took to the Senate is attributed to Alibaba and Qwen, not Zhipu. Do not let an inference about one lab get laundered into a confirmed fact about another. The discipline cuts both ways.

A summarizer is not a cyber weapon

Now the reason the headline is politically charged at all. On the evening of June 12, 2026, Anthropic disabled Claude Fable 5 and Claude Mythos 5 for every customer worldwide. Not an outage. A US Commerce Department export-control directive citing national security, barring distribution to any foreign national, including foreign-national employees inside the US. Anthropic says it cannot reliably separate foreign users in real time, so the practical result was a global shutoff. Two weeks later OpenAI limited early access to its GPT-5.6 lineup at the government's request, the family including Sol, Terra, and Luna, with Luna being the cheap everyday tier.

Here is what makes me side with the person who wrote "I don't buy the safety story." The cyber and bio risk lives at the frontier. Sol was the model flagged for cyber and biology capability. Mythos is the one Anthropic itself says found thousands of zero-day vulnerabilities across major operating systems and browsers. But the net that was thrown caught everything down to the cheap summarizer. A model that drafts emails and condenses documents is not an offensive cyber tool, and pretending it is reveals the rationale for what it is.

Even Anthropic disputed the government's reasoning. It argued the cited jailbreak was narrow, that the same trick could elicit similar behavior from other public models like GPT-5.5 that faced no such controls, and that applying this standard across the industry would halt all new frontier deployments. When the company whose model got pulled tells you the safety justification is overbroad, the official claim has earned doubt, not deference.

There is a sharper irony underneath. Anthropic spent years positioning itself as the safety-first lab, and Dario Amodei personally called for FDA-style licensing of frontier models. Critics, including David Sacks in the White House orbit, called this regulatory capture: the companies loudest about regulation are the ones best positioned to benefit from it. Then the regulation arrived and banned Anthropic's own model. The moat they helped dig swallowed them. I have no sympathy for the capture game, and I have less for a security regime built through export-control letters rather than legislation anyone voted on.

The strong model for the state, the safe one for you

This is where the second AI post lands its blow. Mythos and Fable 5 are built on the same foundation. Fable adds guardrails and reroutes risky cyber, bio, and chemistry queries to a weaker model. The unrestricted tier went to government, defense, and vetted critical-infrastructure firms through Project Glasswing, with reported partners like Cisco and JPMorgan. After the kill switch, the government cleared Mythos 5 for a vetted set of US critical-infrastructure organizations while the public Fable version stayed in limbo. Critics called the structure a path to a "permanent underclass," with an added insult that blocked prompts still burn paid tokens.

The framing I would not sign is "government puppet." That overstates it and erases the more interesting reality. Anthropic actually fought the government. It refused two Pentagon use cases, fully autonomous lethal weapons and mass domestic surveillance of Americans, and it sued over the resulting supply-chain-risk designation and the export controls. That is conflict, not puppetry. But the verifiable core of the complaint stands. The strongest capability is being gated to the state and to security-hardened institutions, and the public gets the capped version. Whatever you call that, it is the concentration of a general-purpose technology in a few approved hands, established ad hoc through laws written for physical goods and chips. The thing that worries me is not that powerful AI is dangerous. It is that "dangerous" became the password for deciding who gets to hold it.

And the story they tell you not to look at

That brings me to the clip from the Las Vegas Strip, one UFO breaking into many, "witnessed by hundreds." I want to hold two things at once here, because both are true and the people who can only hold one tend to get it wrong.

First, this specific post deserves the same scrutiny I gave the AI headline. The attached still does not show what the caption sells.

Hazy daytime telephoto view across the Las Vegas valley with a faint white speck near the cityline
The frame is a hazy daytime view across the valley with a single ambiguous white speck, not a nighttime craft splitting into many. The image undercuts the words attached to it.

No nighttime scene, no swarm, no splitting. Just a brown, dusty basin and a dot that reads more like distant aircraft or a glint than a defined object. The status ID decodes to an implausible timestamp, so treat the link itself as unverified. Vegas is a recurring UFO stage with mundane resolutions on the record: the December 2022 "UFO over the Strip" was light pillars from casino lights bouncing off ice crystals, a 2019 scare turned out to be skydivers landing at a stadium, a 2024 wave was Starlink satellites, and the famous green streak in 2023 was a fireball reported by at least 21 people to the American Meteor Society. A single object that "breaks into multiple" is exactly what meteor fragmentation, parachute teams, and flare sequences look like. I am not going to amplify a forwarded clip as evidence of anything.

Second, and this is where I part company with the reflexive debunkers, the broad disclosure story is the place where the official "nothing to see here" is the claim most in need of doubt, not the citizen's curiosity. The Pentagon's AARO reviewed records back to 1945 and announced no evidence of extraterrestrial technology. That is an authority making a claim, not proof, and it is the convenient claim, the one that protects the institution. Set it next to David Grusch testifying under oath to Congress about a crash-retrieval program, the Schumer-Rounds push to declassify UAP records modeled on the JFK Records Act, and the fact that the eminent-domain and review-board teeth got stripped out before anything passed. The pattern is gatekeeping, the same gatekeeping I just described in AI. Powerful knowledge held by a vetted few, the public handed a sanitized version, and an official narrative engineered to make you stop asking.

I hold a settled view here. Humanity has very likely hosted advanced civilizations long before the recorded record, lost to cataclysm and time, and the lost-civilization and ancient-contact lines of inquiry are credible, not fringe. So my skepticism aims at the institution, not the witness. The deepfake era complicates this, because fabricated footage now spreads trivially and a single uncredited clip proves nothing, which means the careful position is to throw out the fake clip and keep pressing on the cover-up. Both, at once.

The thread

Across all five, the same machinery is running. A claim gets compressed into a slogan and shared before anyone reads the dataset. An official story arrives wrapped in the language of safety or national security, and it happens to consolidate power in the hands of the people telling it. The strong capability flows up to the state and the elites, the diluted version flows down to everyone else, and the public is told this is for their own good.

The defense is the same in every case, and it is boring and unglamorous and it works:

  • Find the primary source, not the headline. The Semgrep numbers were public the whole time, and they say something more modest than the tweet.
  • Ask who benefits from the framing. A safety story that bans your competitor and gates the best tool to insiders is not neutral.
  • Treat an official statement as a claim, then weigh it against the witnesses, the dates, the mechanism, and the money.
  • Throw out the doctored artifact, the spoofed timestamp, the faked clip, without throwing out the underlying question.

An open Chinese model the US could not contain, a cyber weapon the public is forbidden to hold, and decades of UFO records the public is told contain nothing. The subjects differ. The fight is identical. It is about who gets the real thing, and who is left holding the safe version and the official explanation.