<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:googleplay="http://www.google.com/schemas/play-podcasts/1.0"><channel><title><![CDATA[A Discipline of Seeing: Architectures of Resilience]]></title><description><![CDATA[The postwar structures that organized power are cracking under asymmetric pressure. The running argument here: what replaces them, who builds it, and can it hold?]]></description><link>https://karpf.substack.com/s/architectures-of-resilience</link><image><url>https://substackcdn.com/image/fetch/$s_!1AIs!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F10d5e8db-fe28-458e-922b-e15a2967460c_818x818.png</url><title>A Discipline of Seeing: Architectures of Resilience</title><link>https://karpf.substack.com/s/architectures-of-resilience</link></image><generator>Substack</generator><lastBuildDate>Thu, 02 Jul 2026 15:20:30 GMT</lastBuildDate><atom:link href="https://karpf.substack.com/feed" rel="self" type="application/rss+xml"/><copyright><![CDATA[Brandon Karpf]]></copyright><language><![CDATA[en]]></language><webMaster><![CDATA[karpf@substack.com]]></webMaster><itunes:owner><itunes:email><![CDATA[karpf@substack.com]]></itunes:email><itunes:name><![CDATA[Brandon Karpf]]></itunes:name></itunes:owner><itunes:author><![CDATA[Brandon Karpf]]></itunes:author><googleplay:owner><![CDATA[karpf@substack.com]]></googleplay:owner><googleplay:email><![CDATA[karpf@substack.com]]></googleplay:email><googleplay:author><![CDATA[Brandon Karpf]]></googleplay:author><itunes:block><![CDATA[Yes]]></itunes:block><item><title><![CDATA[Navigating the GPS threat landscape]]></title><description><![CDATA[Source: T-Minus Space-Cyber Briefing]]></description><link>https://karpf.substack.com/p/navigating-the-gps-threat-landscape</link><guid isPermaLink="false">https://karpf.substack.com/p/navigating-the-gps-threat-landscape</guid><dc:creator><![CDATA[Brandon Karpf]]></dc:creator><pubDate>Fri, 26 Jun 2026 13:55:52 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!GHvQ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F00317955-1ef0-41ba-9fec-642060239094_2640x1320.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://thecyberwire.com/podcasts/tminus-space-cyber-briefing/712/notes" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!GHvQ!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F00317955-1ef0-41ba-9fec-642060239094_2640x1320.jpeg 424w, https://substackcdn.com/image/fetch/$s_!GHvQ!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F00317955-1ef0-41ba-9fec-642060239094_2640x1320.jpeg 848w, https://substackcdn.com/image/fetch/$s_!GHvQ!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F00317955-1ef0-41ba-9fec-642060239094_2640x1320.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!GHvQ!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F00317955-1ef0-41ba-9fec-642060239094_2640x1320.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!GHvQ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F00317955-1ef0-41ba-9fec-642060239094_2640x1320.jpeg" width="1456" height="728" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/00317955-1ef0-41ba-9fec-642060239094_2640x1320.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:728,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:124186,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:&quot;https://thecyberwire.com/podcasts/tminus-space-cyber-briefing/712/notes&quot;,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://karpf.substack.com/i/203702322?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F00317955-1ef0-41ba-9fec-642060239094_2640x1320.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!GHvQ!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F00317955-1ef0-41ba-9fec-642060239094_2640x1320.jpeg 424w, https://substackcdn.com/image/fetch/$s_!GHvQ!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F00317955-1ef0-41ba-9fec-642060239094_2640x1320.jpeg 848w, https://substackcdn.com/image/fetch/$s_!GHvQ!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F00317955-1ef0-41ba-9fec-642060239094_2640x1320.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!GHvQ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F00317955-1ef0-41ba-9fec-642060239094_2640x1320.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption">Image by N2K Networks for the T-Minus Space-Cyber Briefing (thecyberwire.com)</figcaption></figure></div><h3><strong><a href="https://thecyberwire.com/podcasts/tminus-space-cyber-briefing/712/notes">Listen to the episode</a></strong></h3><p>On the T-Minus Space-Cyber Briefing this week, I joined Maria Varmazis and Dave Bittner to work through a <a href="https://youtu.be/tz23G_UXCGA?si=I_2n_L8zCXYovwql">Veritasium investigation</a> into years of strange GPS interference over Europe, Greenland, and Canada. The geometry ruled out a ground source: 75 brief events between 2019 and 2026, spread across a continent-sized footprint, point to something in space, most plausibly a Russian early-warning satellite in a Molniya orbit. Whether that signal is an offensive capability or a wartime-reserve communications band parked next to GPS and leaking each time it&#8217;s tested, the takeaway holds. For the first time we have clear evidence that the cheap, ground-based GPS jamming/spoofing we&#8217;ve discussed for years has been extended into the space architecture itself.</p><p>The part that should worry decision-makers is the resilience gap. GPS is the most important utility nobody treats as critical infrastructure. It sets the timing that cryptography, the power grid, and internet connectivity depend on, yet a phone receives a signal roughly as strong as a car headlight seen from 12,000 miles away. When communications fail or undersea cables are cut, we have fallback options. When water treatment fails, we have fallback options. For position, navigation, and timing, we have almost none. The better news is that the fixes are real and arriving. I wrote about all of this in more detail in <em><a href="https://open.substack.com/pub/karpf/p/the-backup-was-always-a-clock">The Backup was Always a Clock</a></em>.</p><p><strong>Key topics covered on the podcast:</strong></p><ul><li><p><strong>Jamming In Orbit:</strong> The cheap &#8220;$30 jammer&#8221; asymmetry has long lived on the ground; the new and notable fact is clear evidence of an interference capability operating from space.</p></li><li><p><strong>The PNT Resilience Gap:</strong> Position, navigation, and timing is the one critical-infrastructure domain with no real fallback, and we lack even a complete inventory of what depends on it.</p></li><li><p><strong>Quantum As Exit:</strong> The strategic value of quantum navigation and quantum clocks is not securing GPS but removing the dependency on it, so timing survives even when the signal is jammed or spoofed.</p></li></ul><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p>]]></content:encoded></item><item><title><![CDATA[The National Reflex]]></title><description><![CDATA[The internet has no borders. Our defense of it has nothing but.]]></description><link>https://karpf.substack.com/p/the-national-reflex</link><guid isPermaLink="false">https://karpf.substack.com/p/the-national-reflex</guid><dc:creator><![CDATA[Brandon Karpf]]></dc:creator><pubDate>Wed, 24 Jun 2026 12:03:06 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!iEJn!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0137430-9a11-4bd7-bc6d-038d6aaebe25_5272x2962.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!iEJn!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0137430-9a11-4bd7-bc6d-038d6aaebe25_5272x2962.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!iEJn!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0137430-9a11-4bd7-bc6d-038d6aaebe25_5272x2962.jpeg 424w, https://substackcdn.com/image/fetch/$s_!iEJn!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0137430-9a11-4bd7-bc6d-038d6aaebe25_5272x2962.jpeg 848w, https://substackcdn.com/image/fetch/$s_!iEJn!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0137430-9a11-4bd7-bc6d-038d6aaebe25_5272x2962.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!iEJn!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0137430-9a11-4bd7-bc6d-038d6aaebe25_5272x2962.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!iEJn!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0137430-9a11-4bd7-bc6d-038d6aaebe25_5272x2962.jpeg" width="1456" height="818" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/b0137430-9a11-4bd7-bc6d-038d6aaebe25_5272x2962.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:818,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:935450,&quot;alt&quot;:&quot;Aerial view of a cable-laying ship trailing its cable across open water to shore, the global network stitched line by line.&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://karpf.substack.com/i/203306083?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0137430-9a11-4bd7-bc6d-038d6aaebe25_5272x2962.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Aerial view of a cable-laying ship trailing its cable across open water to shore, the global network stitched line by line." title="Aerial view of a cable-laying ship trailing its cable across open water to shore, the global network stitched line by line." srcset="https://substackcdn.com/image/fetch/$s_!iEJn!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0137430-9a11-4bd7-bc6d-038d6aaebe25_5272x2962.jpeg 424w, https://substackcdn.com/image/fetch/$s_!iEJn!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0137430-9a11-4bd7-bc6d-038d6aaebe25_5272x2962.jpeg 848w, https://substackcdn.com/image/fetch/$s_!iEJn!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0137430-9a11-4bd7-bc6d-038d6aaebe25_5272x2962.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!iEJn!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb0137430-9a11-4bd7-bc6d-038d6aaebe25_5272x2962.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption">Photo by Kelly via Pexels</figcaption></figure></div><div><hr></div><p>Let&#8217;s trace one internet packet.</p><p>It leaves your phone, hops to a cell tower, gets processed into the base station and passed to a gateway, slides into a regional carrier, gets handed up to a long-haul backbone, dives into a submarine cable somewhere off the coast, surfaces on another continent inside a company you have never heard of, and lands on a server a few thousand miles from where it started. Then some stuff happens to it (very technical, I know), and another packet makes the same journey in reverse. The round trip took far less time than the blink you just did. It happened a few billion more times while you read that sentence.</p><p>The same mesh that carried your packet from your phone also carries the signal that holds a grid substation below its trip threshold, the telemetry that keeps a floodgate where the operator left it, the dispatch that routes a freight car of chlorine through a rail yard, the load-balancing chatter between two data centers propping up a bank at close, and every bit of the most sensitive secrets held by governments the world over. Water, power, transportation, communications, finance, defense, and the compute under all of it. All of it rides one mesh, stitched across industries and across borders, indifferent to both. Your packet does not know it left the country. It does not know it crossed out of the power grid&#8217;s world and into the phone network&#8217;s. It just travels. </p><div class="callout-block" data-callout="true"><p><em>By the way, this is the core brilliance in the design principles of the internet. When David Clark, et al., invented this in the early 1970s, the idea of a completely agnostic and infinitely scalable global transport network was radical. But that&#8217;s another article.</em></p></div><p>One caveat, otherwise I <em>will</em> get letters: the internet isn&#8217;t one clean topology. It&#8217;s meshed in the core, trees out at the edges, rings around the cities, a handful of cables holding the continents together, a dude with a ponytail in Topeka. &#8220;Mesh&#8221; is just the least-wrong single word for the only property that matters here: all of it connects, eventually, to all the rest.</p><p>And the thing we built to defend it? A room, in one country, door shut, with a list of who gets a key, vetted one passport at a time, by a guy named Ron who drives his 2013 Ford Fusion between in-person security interviews across two states.</p><blockquote><p>The threat lives in the mesh. The defense lives in the room. That gap is the whole problem.</p></blockquote><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe now&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/subscribe?"><span>Subscribe now</span></a></p><h2><strong>The adversary already plays the board as it is</strong></h2><p>Salt Typhoon (AKA the hacking group affiliated with China&#8217;s Ministry of State Security AKA the boogie-man of the cyber world and one of the most sophisticated hacking groups out there) maneuvered systematically into the global telecom backbone and lived there, quietly, for years. By the time officials finished counting, they had confirmed at least nine US telecom and infrastructure companies compromised and more than 80 globally, with breaches reaching across dozens of countries through the carriers that connect them. Deputy National Security Advisor Anne Neuberger offered one detail in December 2024 that should keep you up at night: in one provider, a single administrator account had access to more than 100,000 routers. Compromise the account, inherit the network.</p><p>Volt Typhoon (AKA the hacking group affiliated with China&#8217;s Army Cyberspace Force AKA the Chinese military AKA the ones who are supposed to blow stuff up) is a more chilling story. CISA, the FBI, and the NSA assessed in February 2024 that the group had pre-positioned inside US critical infrastructure for disruption: living off the land, leaving no malware to find, sitting inside communications, energy, water, and transportation networks. They are waiting by the valves, like that sketchy guy smoking a cigarette standing in the shadows just outside the streetlight&#8217;s reach.</p><p>Those two campaigns and the packet we traced ride the same mesh, for the same reason the packet does. That is where the reach lives. The attack surface is everyone&#8217;s network added together. Every carrier, every handoff, every border crossing, every legal jurisdiction, every seam where one company&#8217;s responsibility ends and the next one&#8217;s has not quite started. The adversary gets all of it. We defend the part we own and can touch and quietly assume the seams belong to somebody else. They don&#8217;t belong to anybody. The adversary worked that out years ago.</p><h2><strong>The chair I&#8217;m sitting in</strong></h2><p>I have watched this mismatch from three seats.</p><p>Years on the watchfloors at the NSA and US Cyber Command, where the national frame was simply the air you breathed, and where you could watch an adversary cross multiple regions while your authority to do anything about it stopped cleanly at one. Then three years as an editor at N2K CyberWire, covering the sector-by-sector information-sharing groups, the federal agencies that fed them, and the security startups cashing in, watching institutions inherit their shape rather than choose it. And now coordinating security across a global carrier whose traffic crosses dozens of national borders before breakfast.</p><p>Operator, chronicler, carrier. Three different chairs, and from every one of them the defense keeps coming out the wrong shape.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-national-reflex?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/p/the-national-reflex?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p><h2><strong>Our collective reflex</strong></h2><p>Nobody builds the wrong defense on purpose. It&#8217;s a reflex repeated so many times that it&#8217;s beginning to look like a law of nature.</p><p>In May 1998, Presidential Decision Directive 63 asked each US critical-infrastructure sector to stand up a body that would share threat information with the federal government. The ISACs (Information Sharing and Analysis Centers) were born from that directive, one per sector, each one a US institution feeding a US agency. In 1998 this was exactly correct. The scariest thing on the network that year was a teenager with a war-dialer (literally just a modem that dialed a lot of phone numbers really fast), and the most transnational object in your house was the fax machine manufactured in <a href="https://www.nytimes.com/2013/02/14/world/asia/in-japan-the-fax-machine-is-anything-but-a-relic.html?unlocked_article_code=1.sFA.w_Fe.zPHvufVr9pPr&amp;smid=url-share">Japan</a> that would get called three times a day by the teenager with the war-dialer. Sound geometry for the world it was drawn in.</p><p>The world moved and the geometry stayed. I wrote in <em><a href="https://karpf.substack.com/p/whos-minding-the-store">Who&#8217;s Minding the Store?</a></em> about the federal coordinating hub thinning out, losing the people and the standing to play its part. The problem here sits one layer deeper. Resourcing is the smaller half of it; the shape is the rest. Add money to the wrong shape and all you buy is a better-funded room that&#8217;s still walled off from the things that matter.</p><p>The most recent version of the reflex arrived earlier this month. In June 2026 the US telecom sector announced its own independent private industry ISAC (the Communications Cybersecurity ISAC) with eight of the largest US carriers as founding members, a sensible and overdue answer to the fact that Salt Typhoon walked their networks for years. Its own leadership has said plainly that it will not be fully effective until membership grows. That is the right move for the people making it. Vet your circle. Share with people you can haul into a US courtroom if they leak. Legal safeharbor from anti-trust law. Draw the boundary where the clearances and the liability already stop. Every one of those calls is correct on its own, and the sum of them is a defense built around the map and the industry instead of around the network.</p><p>Say I&#8217;m building a defense for the Washington Commanders. I recruit the best players in college football: Alabama, Georgia, Michigan, THE Ohio State University, the Naval Academy (ha!). I hire the best coaches, the best trainers, the most famous nutritionists on TikTok. I&#8217;ve raised buttloads of money, so why not. And then on opening night my defensive line gets run over by a truck packed with high explosives, because I was supposed to build a <em>security</em> defense, not a defensive line. Every part was excellent. The shape was wrong.</p><p>The reflex to think in terms of geographic boundaries and industry verticals is nobody&#8217;s mistake. It is a hundred reasonable people each drawing the smallest circle they can trust, seeing where those circles overlap, and building on the margins.</p><h2><strong>We already go transnational. We just pick the wrong moments.</strong></h2><p>The same government that builds its standing defense one country wide goes transnational the second the task changes.</p><p>When the task is to <em>name</em> the threat, the border evaporates. The August 2025 advisory that exposed Salt Typhoon and named the Chinese supplier firms behind it was not a US document. CISA co-sealed it with twenty-six partner agencies across more than a dozen countries: the rest of the Five Eyes (the US, UK, Canada, Australia, New Zealand), then Germany, Italy, Japan, the Czech Republic, Finland, Spain, Sweden, and more. Somebody looked at that threat, decided it was transnational, and built the response to match.</p><p>When the task is to <em>break</em> something, the border evaporates again. Operation Endgame, May 2024: a dozen countries, more than a hundred servers seized in one coordinated week, the largest takedown of malware-delivery infrastructure ever run, national jurisdictions treated like chalk lines you can step over. We are, it turns out, world-class at getting a dozen nations to kick down the same door in the same morning. Be clear, though! <em>This is offense, and it&#8217;s reactive. </em>No less important. Just don&#8217;t confuse it with a good defense.</p><p>Ask those same nations to sit in a standing room and <em>defend</em> the door together, and suddenly everyone remembers they have a sovereignty thing that afternoon and, wouldn&#8217;t ya know it, look at the time.</p><blockquote><p>We will choreograph twelve countries to break infrastructure in a week. We will not choreograph two to defend it as a standing posture.</p></blockquote><p>We find the lawyers and the budget the moment we want a takedown. Which leaves habit. Plain institutional habit. The kind nobody remembers choosing.</p><h2><strong>Finance already built the thing. In 1999.</strong></h2><p>One sector never caught the reflex at all.</p><p>The first ISAC ever created, born from that same 1998 directive, was the financial-services one (FS-ISAC). It did not stay in the room. Today it runs more than 5,000 member firms, with users in around 75 countries and members holding something north of $100 trillion in assets, out of offices in The Hague, London, and Singapore. The bankers, of all people, built the internationalist institution. The bankers. The same guys who can&#8217;t sneeze without sixteen regulators jumping up their noses.</p><p>FS-ISAC removes the easy objection. Propose vetted cross-border defense out loud and our reflex responds that it sounds lovely but cannot be built: too sensitive, too tangled in law, too naive about who you can trust. Except it has been built. It is twenty-seven years old, it vets trust across seventy-five countries every day, and it clears its throat every time a bank gets hit. So the question stops being whether this can exist and becomes why finance is the only one who bothered to make it.</p><p>But even FS-ISAC solved only half the geometry. It crossed the national border and stopped at the industry one: banks talking to banks about bank problems. The mesh ignores that border too. The packet we traced never cared whether it carried a wire transfer or a grid setpoint, and Salt Typhoon sat in the same backbone every other sector rides on top of. A circle drawn tight around one industry has the same flaw as one drawn tight around one country. It owns its slice and leaves the seams to nobody.</p><p>We accept this shared responsibility for physical commons without blinking. When piracy made the Gulf of Aden ungovernable, no single navy tried to police the lane alone. A combined task force formed, many navies under one framework, because the sea lane belonged to everyone and to no one. To quote one of my favorite movies, <em>&#8220;Nobody owns the water. It&#8217;s God&#8217;s water, man!&#8221;</em> The global information network is the same kind of commons, but we haven&#8217;t gotten around to calling it one.</p><p>Which lets me extend a metaphor from <em><a href="https://karpf.substack.com/p/the-impossible-seat">The Impossible Seat</a></em>, where I described an ally building its own fire department. The thing about a fire department is that it only fights fires inside the city limits. And this fire is actually a flood in the watershed, where the water crosses every line on the map and respects none of them. A town brigade is the right answer to a house fire. It&#8217;s the wrong tool entirely for a flood that started three counties upstream.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-national-reflex?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/p/the-national-reflex?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p><h2><strong>The strongest objection</strong></h2><p>Cyber defense trades in dangerous material: classified signals, zero-day detail, the actual playbook you would run to defend a network. You cannot hand that to foreign carriers whose own networks might already be owned by the adversary you are defending against. And Salt Typhoon was (is) <em>inside</em> telecom networks. Share your defensive hand with a compromised node and you have just briefed your opponent. Seen this way, a narrow, vetted, domestic-industry room is plain good tradecraft. We call this OpSec (Operations Security. No, not <em>operational</em> security. Pet peeve, that). The national border is the cheapest place on earth to verify trust, and the bigger you make a sharing body, the more it starts to look like one vault holding everyone&#8217;s secrets, which is to say a target.</p><p>All of that is real, and I will not pretend otherwise. The penetration risk is genuine and Salt Typhoon is the proof. Classification and liability really do stop at the border by default. A naively open global body would be a collection bonanza for the other side.</p><p>The trouble with the objection is what it actually protects, which is <em>not</em> the network. It protects the org chart, the clean lines of who holds which clearance, who carries which liability, whose courtroom you can haul a leaker into. None of that makes us safer. The bankers solved that problem a generation ago, and the allied frameworks already move classified data across exactly these borders. Meanwhile the tradeoff is the same: a national room defends only the slice of the network, while the adversary lives in the whole thing added together. Follow the OpSec argument to its logical end and it defends the smallest possible circle, which is also the smallest possible fraction of the attack surface. The seam you refuse to reach across is the exact seam Salt Typhoon already owns and uses to their advantage. The answer is vetted breadth, on the pattern finance has run for twenty-seven years.</p><h2><strong>What the right shape looks like</strong></h2><p>So what goes in the room&#8217;s place? Not a world government for packets. Nobody wants the UN running BGP. </p><div class="callout-block" data-callout="true"><p><em>BGP being the primary global routing protocol that decides how packets get routed between gargantuan slices of the network and, I am not making this up, was invented in 1989 and was designed to implicitly trust everything. Whatever security it now has got bolted on decades later, and most of the internet still hasn't bothered to turn those features on.</em></p></div><p>And we also don&#8217;t want one giant vault holding every nation&#8217;s secrets, because that vault is just a bigger, juicier version of the problem we started with.</p><p>What you want looks more like plumbing than diplomacy. The national ISACs stay exactly where they are, doing the domestic vetting they already do well. You run a thin pipe between them: a vetted channel where the US telecom body and an allied carrier body can hand each other a single indicator at machine speed, under rules written on a calm Tuesday instead of improvised at 3 a.m. with the building on fire. And the carriers actually moving the targeted traffic, most of them not American, stop being bystanders and start being sensors. Right now the providers sitting closest to the threat are the ones we wired in last. </p><blockquote><p>The best smoke detectors in the building, unplugged, in the room nobody checks.</p></blockquote><p>I know exactly how this sounds. Standards body. Working group. The phrase &#8220;cross-border coordination framework&#8221; has ended more careers by boredom than any adversary ever has. But none of the parts are hypothetical. The vetting model exists in finance. The legal scaffolding exists in the allied agreements that already move classified data. The muscle memory exists in Operation Endgame and in the attribution coalitions. The only thing missing is the decision to keep the door open on a normal day, instead of unlocking it only when we want to name a threat or break one.</p><h2><strong>Back to the packet</strong></h2><p>Trace it one more time. It leaves your phone, crosses the tower, the regional carrier, the cable, the foreign company you will never hear of, and lands a continent away, still not knowing it left home. Everything that matters rides that same mesh: the dam, the substation, the freight car, the bank at close. The adversary already organizes around that shape. It is the only player at the table treating the board as the thing it actually is, which is to say imaginary.</p><p>A defense should be the shape of the thing it defends. We already know the shape is reachable. We snap into it the moment the job is to name a threat or break one. And it scales fine, because the bankers have run it across seventy-five countries for almost thirty years. What is missing is smaller than any of that. It is the willingness to stop drawing the smallest circle we can vet, by nation and by industry, and to start drawing the circle the threat already lives in.</p><p>The watershed is flooding, and the flood has never once stopped to check a passport.</p><div><hr></div><blockquote><p><em>If you enjoy A Discipline of Seeing, it would mean the world to me if you shared it with others. Please use the button below to send my Substack to someone who might find my work interesting. Thanks!</em></p><p><em>&#8212; Brandon</em></p></blockquote><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/?utm_source=substack&amp;utm_medium=email&amp;utm_content=share&amp;action=share&quot;,&quot;text&quot;:&quot;Share A Discipline of Seeing&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/?utm_source=substack&amp;utm_medium=email&amp;utm_content=share&amp;action=share"><span>Share A Discipline of Seeing</span></a></p><div><hr></div>]]></content:encoded></item><item><title><![CDATA[The Backup Was Always a Clock]]></title><description><![CDATA[GPS has no fallback, the program to upgrade it just collapsed, and the most credible replacement is a clock the Royal Navy bolted into a robot submarine.]]></description><link>https://karpf.substack.com/p/the-backup-was-always-a-clock</link><guid isPermaLink="false">https://karpf.substack.com/p/the-backup-was-always-a-clock</guid><dc:creator><![CDATA[Brandon Karpf]]></dc:creator><pubDate>Wed, 10 Jun 2026 12:03:48 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!JI6d!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be6b7c2-16e3-4797-bf7f-922df0eaa7db_6720x4480.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!JI6d!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be6b7c2-16e3-4797-bf7f-922df0eaa7db_6720x4480.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!JI6d!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be6b7c2-16e3-4797-bf7f-922df0eaa7db_6720x4480.jpeg 424w, https://substackcdn.com/image/fetch/$s_!JI6d!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be6b7c2-16e3-4797-bf7f-922df0eaa7db_6720x4480.jpeg 848w, https://substackcdn.com/image/fetch/$s_!JI6d!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be6b7c2-16e3-4797-bf7f-922df0eaa7db_6720x4480.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!JI6d!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be6b7c2-16e3-4797-bf7f-922df0eaa7db_6720x4480.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!JI6d!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be6b7c2-16e3-4797-bf7f-922df0eaa7db_6720x4480.jpeg" width="1456" height="971" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/3be6b7c2-16e3-4797-bf7f-922df0eaa7db_6720x4480.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:971,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1402055,&quot;alt&quot;:&quot;A gold pocket watch resting on an antique world map, the navigation problem GPS solved by hiding the clock in orbit.&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://karpf.substack.com/i/201344845?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be6b7c2-16e3-4797-bf7f-922df0eaa7db_6720x4480.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="A gold pocket watch resting on an antique world map, the navigation problem GPS solved by hiding the clock in orbit." title="A gold pocket watch resting on an antique world map, the navigation problem GPS solved by hiding the clock in orbit." srcset="https://substackcdn.com/image/fetch/$s_!JI6d!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be6b7c2-16e3-4797-bf7f-922df0eaa7db_6720x4480.jpeg 424w, https://substackcdn.com/image/fetch/$s_!JI6d!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be6b7c2-16e3-4797-bf7f-922df0eaa7db_6720x4480.jpeg 848w, https://substackcdn.com/image/fetch/$s_!JI6d!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be6b7c2-16e3-4797-bf7f-922df0eaa7db_6720x4480.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!JI6d!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be6b7c2-16e3-4797-bf7f-922df0eaa7db_6720x4480.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption">Photo by Paul Hudson via Pexels</figcaption></figure></div><div><hr></div><p>On the night of 22 October 1707, four ships of the Royal Navy struck the rocks of the Scilly Isles. Two thousand sailors drowned in the dark. Admiral Sir Cloudesley Shovell&#8217;s fleet was coming home from Gibraltar and the men aboard were experienced, professional sailors. Salty, in our vernacular. They had charts, compasses, leadlines, and centuries of hard-won seamanship. What they did not have was the time.</p><p>That might sound like a figure of speech but it was literally their cause of death. Longitude (your east-west position on a spinning globe) is a clock problem. Your local time comes free from the sky: noon is whenever the sun sits highest overhead. What the sky won&#8217;t tell you is the time back at a fixed reference like Greenwich, and the gap between the two is your position. The earth turns fifteen degrees every hour, so every hour of difference puts you another fifteen degrees around the world. That gap is the only thing a clock at sea has to hold onto. In 1707 no clock could hold it on a pitching deck through cold, heat, and salt. The fleet did not know what hour it was at Greenwich and it did not know where it was. So it sailed full into rocks that sat exactly where rocks had always sat.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>I&#8217;ve been thinking about Scilly lately because the most in-demand clock in human history is more exposed to failure than ever.</p><p>On 1 June, <em>Foreign Policy</em> ran a piece called <em>The Epidemic of GPS Jamming</em>, cataloguing interference from the Baltic to the Strait of Hormuz. On 5 June, the physics YouTube channel <em>Veritasium</em> published a forensic hunt for whatever has been jamming GPS across Europe, tracing it to a space-based Russian source, built on research by Todd Humphreys at UT Austin. The same day, <em>404 Media</em> reported that Steven Murdoch, a security researcher at University College London, had worked out that every GPS satellite has quietly been broadcasting encrypted military key traffic for about twenty years in a 176-bit field that every receiver on earth pulls down and almost nobody had ever bothered to read.</p><p>And behind all of it sits a fact the viral cycle skipped. On 17 April 2026, the Space Force cancelled the program meant to modernize GPS&#8217;s own ground control, after sixteen years and $6.27 billion against a $3.7 billion original estimate, calling the integration timeline &#8220;insurmountable.&#8221; The most advanced military on earth could not finish the upgrade to the system that has no backup.</p><p>So the natural conclusion is that we need a new way to know where we are.</p><p>That is the wrong conclusion, and getting it wrong is how you misread the entire problem.</p><h2><strong>It was never about where you are</strong></h2><p>Under the hood, GPS is actually a constellation of atomic clocks in orbit, each one broadcasting, very precisely, what time it <em>thinks</em> it is. Your receiver listens to at least four (in reality many more), measures how long each signal took to arrive, corrects for the fact that time itself runs measurably faster 12,500 miles up, in the weaker gravity where the satellites orbit, than on the ground (thank you, relativity), and solves for the only position consistent with those independent travel times. A GPS fix measures <em>time</em> and converts it into space at the speed of light. Position falls out of timing. Timing is the load-bearing wall.</p><blockquote><p>Position falls out of timing. Timing is the load-bearing wall.</p></blockquote><p>Which defines the whole problem because the infrastructure that depends most desperately on GPS does not navigate anything at all. The power grid uses GPS timing to keep its phasor measurements synchronized across thousands of miles of transmission line. Financial markets and trading floors stamp transactions against it. Cellular networks lean on it to hand your call between towers. Fifteen of the sixteen critical-infrastructure sectors the Department of Homeland Security tracks run on this one signal, and a 2019 RTI International study commissioned by NIST puts the cost of a GPS outage near <em>a billion dollars a day</em>. None of those systems wants to know where it is. They want to know what time it is, and they want every other node in the system to agree down to the nanosecond.</p><p>The Murdoch discovery lands harder once you see this. For twenty years the thing we treat as a humble positioning utility has also been a covert military broadcast channel, quietly distributing the cryptographic key material that keeps military forces in sync. That makes GPS a target twice over. Kill the signal and the forces that depend on it lose their position. Kill the signal and they lose their secure communications too, because cryptography is the backbone of every military network. One strike, and they go blind and mute in the same instant.</p><p>So the real question is how to keep time when the clocks in the sky go dark. We have answered this question before.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-backup-was-always-a-clock?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/p/the-backup-was-always-a-clock?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p><h2><strong>Harrison&#8217;s legacy</strong></h2><p>The Scilly disaster was bad enough to move a government. In 1714, Parliament passed the Longitude Act and offered up to &#163;20,000 (about $5 million in today&#8217;s currency) to anyone who could solve the problem at sea. A board of the era&#8217;s grandest astronomers assumed the answer would come from the heavens, from charting the moon against the stars.</p><p>It came from a carpenter. John Harrison, a self-taught clockmaker from Yorkshire, spent four decades building a sea clock that would hold Greenwich time through anything the ocean threw at it, and the Board spent most of those same decades refusing to pay him his reward. His H4, finished in 1759 and sea-trialed to Jamaica two years later, was the size of a large pocket watch and lost about five seconds on the crossing. The astronomers wanted the stars. The answer was a better clock, carried by the Royal Navy, that let a captain know what time it was somewhere else.</p><div class="callout-block" data-callout="true"><p>There&#8217;s a delightful British mini-series about this called <em>Longitude</em>. Michael Gambon plays John Harrison. I remember watching it with my Dad when I was nine years old and it stuck with me ever since.</p></div><p>I keep coming back to this story because three centuries later the freshest credible answer to GPS-denial is also a clock, also carried by the Royal Navy. In October 2025, the British firm Infleqtion demonstrated a quantum optical atomic clock called Tiqker aboard an uncrewed Royal Navy submarine across multiple dives. Quantum! Yes, it&#8217;s real technology that exists in the field. Well, the sea in this case. Navigation has been a timekeeping problem for three hundred years. GPS did not change that. It hid it, by lofting the clocks into the heavens and making the timing invisible. The jamming and spoofing now hitting GPS the world over is the moment the hidden dependency became visible again.</p><p>So where is our H4? The honest answer is a whole workshop, and the pieces sit at wildly different stages of done.</p><h2><strong>The replacement, sorted by how real it is</strong></h2><p>Ignore the roadmaps and ask three questions of every candidate: does it work today, is it in field trials, or is it still a physics paper.</p><p><strong>Deployed today, and drifting.</strong> Chip-scale atomic clocks already ride inside radios, radar, and drones; Microchip&#8217;s SA65-LN is half an inch tall and sips under 300 milliwatts. They are the holdover layer. When GPS drops, they coast. But a coasting clock drifts, so it buys hours, not days. Nowhere near a long-term resilience solution. The only operational commercial satellite alternative is Iridium&#8217;s timing service, inherited from its 2024 acquisition of Satelles, beaming a signal roughly a thousand times stronger than GPS from low orbit. One provider, by subscription. The boring terrestrial answer is a ground network called eLoran: China runs it nationwide, the UK is funding it inside a &#163;155 million PNT program, and the United States has had the legal mandate to build it since 2018 (and has built nothing to date).</p><p><strong>In field trials, and promising.</strong> This is where the genuinely new physics flies. Infleqtion&#8217;s Tiqker on the British submarine. Xona Space Systems launched Pulsar-0 in June 2025, the first fully authenticated navigation signal from low orbit, up to a hundred times stronger than GPS and far harder to spoof. Their planned 258-satellite constellation is years from complete. Q-CTRL field-tested a quantum inertial navigator that held position within about 620 feet over an 80-mile run, with no satellite in the loop at all. SandboxAQ flew a system that navigates by reading the Earth&#8217;s magnetic field, unjammable by construction. Every one of these is real, demonstrated, and not yet something you can buy by the fleet.</p><p><strong>Verified in a lab, and breathtaking.</strong> In July 2025, NIST set an accuracy record with their aluminum-ion quantum-logic clock good to about nineteen decimal places. To translate, this clock is so accurate that if it ran from the Big Bang until today it would drift less than a second. We bolted a ruggedized cousin of that physics into a drone sub and sent it underwater, which is either the most or the least dignified thing that has ever happened to an engineering marvel that rivals the Gods.</p><p>Nothing on that list, today, fully replaces GPS. That is the engineering verdict, and anyone selling you a cleaner one is selling something. The replacement is a layered stack at mixed maturity, strongest at the dull holdover tiers, least finished and highest-ceiling at the quantum end. Which raises the obvious question: somebody is paying for all of this. Who?</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/?utm_source=substack&amp;utm_medium=email&amp;utm_content=share&amp;action=share&quot;,&quot;text&quot;:&quot;Share A Discipline of Seeing&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/?utm_source=substack&amp;utm_medium=email&amp;utm_content=share&amp;action=share"><span>Share A Discipline of Seeing</span></a></p><h2><strong>Follow the money</strong></h2><p>Not the government. Venture capital is writing the check. Quantum companies pulled in $3.77 billion in nine months of 2025, roughly triple all of 2024. NVIDIA backed Quantinuum, PsiQuantum, and QuEra inside a single week last September. Infleqtion is going public through a SPAC at a $1.8 billion valuation; Xona closed a $170 million Series C. And on 3 June 2026, in the same news week the internet learned GPS was being jammed from orbit, Quantinuum priced the largest traditional IPO a quantum company has ever run, raising $1.68 billion at a market value near $15.7 billion.</p><div class="callout-block" data-callout="true"><p>Disclosure: I advise <strong>Aliro Quantum</strong>, which sits in this ecosystem. None of the firms named above are clients.</p></div><p>I have sat in the venture chair long enough to read what a wave like that is actually saying. First, the money believes assured timing is about to be a product with real defense and infrastructure demand behind it, which it is. Second, a company priced near 500 times its revenue is not being valued on its clocks. The backup to a piece of national infrastructure is being assembled by startups optimizing for their next funding round and addressable market.</p><p>Consider the deal this swap rewrites. Next to the internet, GPS is the most generous thing the American taxpayer ever built: a fleet of atomic clocks the Space Force maintains and lets the whole planet read for free, forever, no login, no invoice, no tier. Your phone, a tractor in Kansas, a German power substation, and the missiles pointed back at us all pull the same time off the same clocks for the same price, which is nothing. A venture-backed clock cannot work that way. It has to be metered, renewed, and sold hard enough to justify the valuation, because a company that gives its timing away has no business model. We are trading a public good every American quietly funds for a private one somebody always has to be selling.</p><blockquote><p>We are trading a public good every American quietly funds for a private one somebody always has to be selling.</p></blockquote><h2><strong>The mandate without the check</strong></h2><p>The United States built the gift, and the United States should keep it. Instead it named the problem in law, twice, and walked away from it. The National Timing Resilience and Security Act of 2018 directed the Department of Transportation to stand up a land-based backup timing system. In February 2020, Executive Order 13905 went further, ordering a GPS-independent source of national time within 180 days.</p><p>Eight years and three administrations later, the deadline is a memory and the system does not exist. There were studies. There were demonstration contracts. There were reports about the importance of reports. China built the boring ground network. Britain is paying for one. America wrote itself a requirement, handed itself a deadline, missed it, and let the whole thing lapse across both parties without anyone quite deciding to.</p><p>This is the move I keep watching across critical infrastructure, the one I traced in <em><a href="https://karpf.substack.com/p/whos-minding-the-store">Who&#8217;s Minding the Store?</a></em> and <em><a href="https://karpf.substack.com/p/the-mythos-deferral">The Mythos Deferral</a></em>: a function that used to be statutory and federal quietly going informal and commercial. On GPS the abdication is cleaner than usual because you can lay it against the government&#8217;s own missed deadlines. Venture-funded firms are building the backup the state mandated. That is a choice, repeated every budget cycle, to treat national resilience as a talking point rather than an architecture that needs building.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe now&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/subscribe?"><span>Subscribe now</span></a></p><h2><strong>The strongest case I&#8217;m wrong</strong></h2><p>The techno-optimist&#8217;s argument is that there is no PNT crisis demanding a federal rescue. The market is solving this faster and cheaper than any government program, and cancelling OCX was good hygiene that killed a sixteen-year failure to free money for bets that actually fly. A diverse private stack, optical clocks and authenticated LEO signals and quantum inertial units, is more resilient by construction than a single government backup could be. Monoculture is the disease. The state-built eLoran the rest of the world is fielding is yesterday&#8217;s tech.</p><p>I concede most of that. Federal PNT procurement is genuinely broken. Hell, federal <em>procurement</em> is genuinely broken. The commercial pace is genuinely real. A layered private stack could genuinely be more resilient than one more government satellite program.</p><p>But markets fund <em>ownable</em> problems, not <em>universal</em> ones. A startup sells assured timing to the customers who can pay: the defense integrator, the hyperscale data center, the 5G operator. It does not guarantee the signal reaches the rural electric co-op or the municipal water authority, and critical infrastructure (AKA, the foundation of society) is only as resilient as its weakest timing-dependent node. Interoperability, universal availability, and adversary-grade hardening are public-good properties, and fragmented private products under-supply them every time. &#8220;The market has it handled&#8221; is true for the well-capitalized and false for the long tail. Pointed one way, the same tech stack builds a more resilient country; pointed another, a stratified and brittle one. The technology can do either. The deciding factor is the architecture, and right now nobody with the authority to make that call is making it.</p><h2><strong>Back to the rocks</strong></h2><p>Harrison&#8217;s clock solved one ship&#8217;s problem. Ours is a system-of-systems problem, networked across sixteen sectors, with an adversary actively trying to make the clock lie, which is something the open ocean never did. The old metaphor of GPS as a single thread the world hangs from points at the fix, too. You do not make a thread stronger by finding a better thread. You make it stronger by weaving many threads into a cord, many clocks and many signals at many altitudes, so that cutting any one of them changes nothing.</p><blockquote><p>You do not make a thread stronger by finding a better thread. You make it stronger by weaving many threads into a cord.</p></blockquote><p>We can build that cord. The pieces exist at every stage from the workshop bench to the lab to the deep end of physics. What we cannot do is assume it weaves itself, or trust the market to weave it for us as a universal good. A heap of competing private threads is just a more expensive way to hang yourself by one of them.</p><p>Three hundred and nineteen years after Scilly, the Royal Navy is once again sea-trialing a clock to solve navigation. That rhyme is the lesson surfacing again, because we buried it in the heavens and forgot it was there: whoever holds the most reliable clock holds the most reliable position. We solved it with a carpenter&#8217;s watch once. We will solve it again, with quantum mechanics this time, if we can remember that the hard part was never the clock.</p><p>It was deciding to pay for it.</p><p>&#8212; Brandon</p><div><hr></div><blockquote><p><em>If you enjoy A Discipline of Seeing, it would mean the world to me if you shared it with others. Please use the button below to send my Substack to someone who might find my work interesting. Thanks!</em></p><p><em>Brandon</em></p></blockquote><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/?utm_source=substack&amp;utm_medium=email&amp;utm_content=share&amp;action=share&quot;,&quot;text&quot;:&quot;Share A Discipline of Seeing&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/?utm_source=substack&amp;utm_medium=email&amp;utm_content=share&amp;action=share"><span>Share A Discipline of Seeing</span></a></p>]]></content:encoded></item><item><title><![CDATA[Two Sentences on Telegram]]></title><description><![CDATA[Part 1 of 3. Iran ordered its cyber proxy to stand down, in public, on a feed anyone could read.]]></description><link>https://karpf.substack.com/p/two-sentences-on-telegram</link><guid isPermaLink="false">https://karpf.substack.com/p/two-sentences-on-telegram</guid><dc:creator><![CDATA[Brandon Karpf]]></dc:creator><pubDate>Wed, 20 May 2026 19:06:06 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!QUbs!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb420f0af-d76a-4121-b452-e27a74c1d8fd_5472x3648.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!QUbs!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb420f0af-d76a-4121-b452-e27a74c1d8fd_5472x3648.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!QUbs!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb420f0af-d76a-4121-b452-e27a74c1d8fd_5472x3648.jpeg 424w, https://substackcdn.com/image/fetch/$s_!QUbs!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb420f0af-d76a-4121-b452-e27a74c1d8fd_5472x3648.jpeg 848w, https://substackcdn.com/image/fetch/$s_!QUbs!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb420f0af-d76a-4121-b452-e27a74c1d8fd_5472x3648.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!QUbs!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb420f0af-d76a-4121-b452-e27a74c1d8fd_5472x3648.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!QUbs!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb420f0af-d76a-4121-b452-e27a74c1d8fd_5472x3648.jpeg" width="1456" height="971" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/b420f0af-d76a-4121-b452-e27a74c1d8fd_5472x3648.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:971,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:2045495,&quot;alt&quot;:&quot;Surface-mounted electrical conduit and a red fire alarm running across a bare salmon-pink exterior wall.&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://karpf.substack.com/i/198598346?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb420f0af-d76a-4121-b452-e27a74c1d8fd_5472x3648.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Surface-mounted electrical conduit and a red fire alarm running across a bare salmon-pink exterior wall." title="Surface-mounted electrical conduit and a red fire alarm running across a bare salmon-pink exterior wall." srcset="https://substackcdn.com/image/fetch/$s_!QUbs!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb420f0af-d76a-4121-b452-e27a74c1d8fd_5472x3648.jpeg 424w, https://substackcdn.com/image/fetch/$s_!QUbs!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb420f0af-d76a-4121-b452-e27a74c1d8fd_5472x3648.jpeg 848w, https://substackcdn.com/image/fetch/$s_!QUbs!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb420f0af-d76a-4121-b452-e27a74c1d8fd_5472x3648.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!QUbs!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb420f0af-d76a-4121-b452-e27a74c1d8fd_5472x3648.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="callout-block" data-callout="true"><p><em>This is Part 1 of <strong>Architectures of</strong> <strong>Cyber Power</strong>, a series on the various ways a State builds and employs cyber power. Here is <a href="https://karpf.substack.com/p/moscow-built-it-first">Part 2</a> and <a href="https://karpf.substack.com/p/which-one-is-right">Part 3</a>.</em></p></div><p>On or about April 9, 2026, the Iranian state-directed cyber group Handala posted to its Telegram channel. Two sentences.</p><p>The first: &#8220;According to the orders from the highest leadership of the Resistance Axis, we have currently postponed overt confrontation with the United States.&#8221;</p><p>The second: &#8220;Handala, at full force, continues its cyber operations against the infrastructure of the Zionist regime.&#8221;</p><p>Those messages are the cleanest piece of public evidence the open-source community has ever had of a state-directed cyber proxy receiving a chain-of-command order. It happened on Telegram, by the proxy, on a public channel. The usual evidence (leaked cables, court filings two years late) never arrives this early or this cleanly.</p><p>A conduit runs from political leadership to operational output. After all, conflict is just the continuation of politics by other means. In some architectures, the conduit is buried by design because the architecture&#8217;s entire value depends on deniability. The state pretends the conduit is not there. The proxy pretends it is autonomous. The conduit stays inside the wall.</p><p>For two sentences in early April, Handala exposed the conduit.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><div><hr></div><p>The doctrinal architecture became visible at the moment of termination.</p><p>The architecture exists to be invisible. Iran&#8217;s Ministry of Intelligence and Security does not advertise its relationship with Handala. The FBI alleges the relationship; DomainTools maps it through the Panjaki handler infrastructure; the analyst community infers it from technical overlap. None of that is the same as Handala saying <em>we receive our orders from the government of Iran</em>. Cyber attribution as a discipline has spent twenty years engineering precision around the phrase &#8220;we are 87% confident.&#8221; Handala just published a confession. The architecture leaks its own existence only when the state needs it to, or when the proxy needs it to. On April 9, both happened at once. The architecture told us about itself.</p><blockquote><p>Cyber attribution as a discipline has spent twenty years engineering precision around the phrase &#8220;we are 87% confident.&#8221; Handala just published a confession.</p></blockquote><p>I <a href="https://karpf.substack.com/p/whos-minding-the-store">argued in April</a> that it was national security malpractice that CISA was running at 38% staffing during the campaign Handala has now publicly ended. That piece looked at the defender. The April 9 Telegram post drove me to look back at the attacker. Same campaign, two visible halves: a defender starved by design, an attacker switched off by command.</p><p>I spent years inside a fundamentally different architecture at US Cyber Command and the National Security Agency. The operator and the state were the same entity. I was the state when I sat at the keyboard. The legal framework that constrained me was the same legal framework that authorized me. Different architecture.</p><p>It is nearly impossible to understand an architecture from the outside unless the architecture lets you. Handala let us.</p><div><hr></div><p>Trace the conduit through eleven weeks of war.</p><p><strong>February 28, 2026.</strong> Operation Epic Fury launches. Iran&#8217;s missile, drone, and naval industrial base becomes the target set. Over the next thirty-eight days, US Central Command will conduct more than 1,450 strikes. CENTCOM commander Admiral Brad Cooper will later tell the Senate Armed Services Committee that 85% of Iran&#8217;s production capacity for those systems has allegedly been degraded. Whatever that means.</p><p><strong>March 1.</strong> Iran goes dark. A 47-day internal internet shutdown. The conduit severs its own domestic visibility before US response options can be calibrated.</p><p><strong>March 3, March 13, March 23. Three waves, ten days apart.</strong> <a href="https://blog.checkpoint.com/research/iran-nexus-password-spray-campaign-targeting-cloud-environments-with-a-focus-on-the-middle-east/">Check Point Research documents</a> an Iran-nexus password-spraying campaign against Microsoft 365 cloud environments. More than 300 Israeli organizations hit. Twenty-five in the UAE. Government, municipalities, transportation, energy, satellite, aviation, maritime. The technical fingerprint aligns with Gray Sandstorm, an IRGC-linked operator. The wave timing is precise. The target list geographically correlates with cities Iran was bombing in the same weeks. Check Point&#8217;s interpretation is that the password-spraying was running bombing damage assessment for the missile track. The conduit is providing battlefield support in real time.</p><p><strong>March 11.</strong> Handala compromises a Microsoft Intune admin account inside Stryker, the Fortune 500 medical-device company. Between five and eight in the morning UTC, the operator pushes wipe commands through Intune&#8217;s native OS-reset function. No malware deployed or payload dropped. Microsoft&#8217;s own enterprise mobility platform weaponized at scale. BleepingComputer&#8217;s reconstruction logs around 80,000 devices wiped. Handala claims more than 200,000 across 79 countries. Stryker&#8217;s <a href="https://d18rn0p25nwr6d.cloudfront.net/CIK-0000310764/7783deb6-88a7-4ab9-a56f-ea22b48d8f13.pdf">April 30 Form 8-K</a> puts the damage in the numbers. Q1 revenue lands $317 million below analyst consensus. Adjusted earnings per share falls 8.5 percent year over year. Check Point, CrowdStrike, Microsoft, and Palo Alto Networks attribute the operation to Void Manticore, an Iranian destructive-operations unit. A state-directed proxy used legitimate management tooling to wipe a US Fortune 500&#8217;s global fleet, in 79 countries, in three hours. The Western architecture, attempting the same operation, would still be in legal review.</p><p><strong>April 1, 8 PM Tehran time.</strong> Iran&#8217;s IRGC publishes an eighteen-company target list in Tasnim, the regime&#8217;s own news outlet. US and Gulf tech companies, named, with a public countdown. A state organ broadcasts its targeting menu before the operations run. The Western architecture, in the equivalent scenario, would have classified the menu, the press release, the existence of the menu, and the post-it note with the planning staff&#8217;s pizza order stuck to the inside cover of the plan&#8217;s folder.</p><p><strong>April 7.</strong> CISA issues joint cybersecurity advisory AA26-097A with the FBI, NSA, DOE, EPA, and US Cyber Command. The advisory names Iranian state-directed and pro-Iran hacktivist targeting of US water, energy, and oil-and-gas operational technology. Censys, scanning independently, documents 5,219 exposed Rockwell Allen-Bradley PLCs matching the CVE profile the advisory describes. The attack surface is sitting there.</p><p><strong>April 8.</strong> A ceasefire is brokered. Trump announces. Tehran broadcasts. Hours later, pro-Iran hacktivists (313 Team, DieNet) hit Saudi, UAE, and Bahrain targets. Amazon&#8217;s Saudi Arabia operations go offline for four hours. The conduit has received an instruction to stop the US confrontation, and has used the same instant to <em>retask</em>, not reduce. The architecture redirects.</p><p><strong>April 9.</strong> Handala posts the postponement.</p><p><strong>April 27 and 28.</strong> CyberAv3ngers and IRGC-linked outlets publish names, photos, and unit affiliations of 2,379 US Marines stationed in Bahrain. Handala Hack Team opens WhatsApp threads directly to US service members on Naval Support Activity Bahrain. The Pentagon opens an investigation.</p><p><strong>May 14.</strong> Cooper testifies that forty years of Iranian missile, drone, and naval industrial investment have been rolled back in thirty-eight days. Iran&#8217;s remaining kinetic capability, in his word, is &#8220;nuisance.&#8221; Iran&#8217;s cyber voice, he tells the committee, is &#8220;very loud.&#8221; But the kinetic capability to disrupt Hormuz commerce is &#8220;dramatically depleted.&#8221;</p><p>Cooper does not give a number for cyber capability degraded.</p><p>There isn&#8217;t one.</p><p>You can bomb a missile factory. You cannot bomb a TTP.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/two-sentences-on-telegram?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/two-sentences-on-telegram?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/p/two-sentences-on-telegram?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><div><hr></div><p>The proxy model has four properties. It is state-directed, publicly-fronted, criminally-fungible, and politically-discretionary.</p><p><strong>State-directed.</strong> MOIS tasks; Panjaki handles; Handala operates. The legal accountability runs back to Tehran, but Tehran can deny the legal accountability all the way to a courtroom.</p><p><strong>Publicly-fronted.</strong> Handala is the face. So is CyberAv3ngers. So is Pay2Key. So is Homeland Justice, Karma, and the dozen other masks the same underlying infrastructure has worn. The public face changes; the conduit underneath does not.</p><p><strong>Criminally-fungible.</strong> Pay2Key runs as a ransomware-as-a-service operation with an eighty-percent affiliate profit share. The proxy&#8217;s day job is crime; its night job is geopolitics. I <a href="https://karpf.substack.com/p/3d-printing-cyber-the-ai-phase-of">wrote in February</a> that AI had turned offensive cyber into an assembly line for one operator. The proxy architecture is the same trick at the state level. The criminal ecosystem is the assembly line, and the state is the foreman who can change the order list overnight.</p><p><strong>Politically-discretionary.</strong> April 9. The leadership ordered the proxy to postpone confrontation with the United States. The proxy postponed confrontation with the United States. The leadership did not order the proxy to postpone confrontation with Israel. The proxy did not postpone confrontation with Israel. The conduit is taut against one target and slack against the other. The political instruction is being followed. The architecture is doing exactly what its designers wanted it to do.</p><blockquote><p>A conduit like Iran&#8217;s buys you four things at once: speed, deniability, an off-switch you can demonstrate in public, and the ability to retask under political pressure.</p></blockquote><p>A conduit like Iran&#8217;s buys you four things at once: speed, deniability, an off-switch you can demonstrate in public, and the ability to retask under political pressure. The Western architecture trades all four away. The Western architecture has lawyers.</p><div><hr></div><p>The conduit was always there. April 9, for two sentences, Iran&#8217;s was exposed.</p><p>Iran is not the only state running this architecture. Russia runs the same architecture with criminal-ransomware ecosystems as the cover layer. China runs something that may be the same architecture and may be a stiffer construction with less proxy autonomy. North Korea runs the contrast: no conduit, no proxy, just state-direct without legal frameworks.</p><p>There are five ways to build cyber power. Three have conduits. Two don&#8217;t.</p><p>Next week in part two, I&#8217;ll take a deeper look at the other members of the cyber power playing field.</p><div class="callout-block" data-callout="true"><p><em>Part 1 of three. The last two months gave us more open-source evidence of how state cyber power gets built than the last two decades combined. Iran went first, on Telegram, in early April. The others come next.</em></p></div><div><hr></div><blockquote><p><em>If you enjoy A Discipline of Seeing, it would mean the world to me if you shared it with others. Please use the button below to send my Substack to someone who might find my work interesting. Thanks!</em></p><p><em>&#8212; Brandon</em></p></blockquote><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/?utm_source=substack&amp;utm_medium=email&amp;utm_content=share&amp;action=share&quot;,&quot;text&quot;:&quot;Share A Discipline of Seeing&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/?utm_source=substack&amp;utm_medium=email&amp;utm_content=share&amp;action=share"><span>Share A Discipline of Seeing</span></a></p>]]></content:encoded></item><item><title><![CDATA[The First Island Kill Chain]]></title><description><![CDATA[A hundred miles from Taiwan, three flags rehearse an integrated missile salvo, anchored by Japan.]]></description><link>https://karpf.substack.com/p/the-first-island-kill-chain</link><guid isPermaLink="false">https://karpf.substack.com/p/the-first-island-kill-chain</guid><dc:creator><![CDATA[Brandon Karpf]]></dc:creator><pubDate>Thu, 30 Apr 2026 10:55:01 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!Iv_Y!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ce4e43-66b3-4d91-a7e4-d6ecfbb01ef8_800x500.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!Iv_Y!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ce4e43-66b3-4d91-a7e4-d6ecfbb01ef8_800x500.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!Iv_Y!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ce4e43-66b3-4d91-a7e4-d6ecfbb01ef8_800x500.jpeg 424w, https://substackcdn.com/image/fetch/$s_!Iv_Y!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ce4e43-66b3-4d91-a7e4-d6ecfbb01ef8_800x500.jpeg 848w, https://substackcdn.com/image/fetch/$s_!Iv_Y!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ce4e43-66b3-4d91-a7e4-d6ecfbb01ef8_800x500.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!Iv_Y!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ce4e43-66b3-4d91-a7e4-d6ecfbb01ef8_800x500.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!Iv_Y!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ce4e43-66b3-4d91-a7e4-d6ecfbb01ef8_800x500.jpeg" width="800" height="500" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/21ce4e43-66b3-4d91-a7e4-d6ecfbb01ef8_800x500.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:500,&quot;width&quot;:800,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:81571,&quot;alt&quot;:&quot;BRP Rizal (PS-74) and BRP Quezon (PS-70) of the Philippine Navy underway off a mountainous coastline.&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://karpf.substack.com/i/195979326?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ce4e43-66b3-4d91-a7e4-d6ecfbb01ef8_800x500.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="BRP Rizal (PS-74) and BRP Quezon (PS-70) of the Philippine Navy underway off a mountainous coastline." title="BRP Rizal (PS-74) and BRP Quezon (PS-70) of the Philippine Navy underway off a mountainous coastline." srcset="https://substackcdn.com/image/fetch/$s_!Iv_Y!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ce4e43-66b3-4d91-a7e4-d6ecfbb01ef8_800x500.jpeg 424w, https://substackcdn.com/image/fetch/$s_!Iv_Y!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ce4e43-66b3-4d91-a7e4-d6ecfbb01ef8_800x500.jpeg 848w, https://substackcdn.com/image/fetch/$s_!Iv_Y!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ce4e43-66b3-4d91-a7e4-d6ecfbb01ef8_800x500.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!Iv_Y!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F21ce4e43-66b3-4d91-a7e4-d6ecfbb01ef8_800x500.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div><hr></div><p>A decommissioned warship sits at sea. Towed into place by a tug. No crew aboard, no power on, anchor rust-locked, the hulk rides a long Pacific swell.</p><p>On islands close to the firing waters, missile launchers stand on prepared positions. Surveyors marked the firing points in the days before. The launchers came in under tarps and went up on quiet schedules. Manned by the young sons and daughters of three nations, the launchers reach for the same patch of water.</p><p>A missile leaves a rail. Sea-skimming, low against the water, tracking toward the hulk.</p><p>A second missile follows from a different launcher, flying a higher profile than the first. Then a third, this one supersonic in terminal phase, a decapitating strike from high noon designed to punch a hole from the top of the mast down to a detonation in the engine room. Each missile from a different flag. The integrated fires sequence across three nations on a shared schedule, a shared targeting picture, with shared rules of engagement.</p><p>The hulk takes the first hit. Then a second. The hits accumulate. The bow rides lower; the deck angles toward the sea; the hulk begins to settle.</p><p>Then it goes under.</p><p>The launchers are Philippine, American, and Japanese.</p><p>The Japanese missile is a Type 88 surface-to-ship missile, an offensive Japanese weapon fired from foreign soil for the first time since World War Two.</p><p>The hulk is the BRP Quezon.</p><p>Manuel Quezon, the namesake, led his country in exile from Australia and the United States while the Imperial Japanese Army occupied his archipelago between 1942 and 1945.</p><p>This rehearsal expresses an architecture the Western Pacific did not have a year ago. Japan is back.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe now&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/subscribe?"><span>Subscribe now</span></a></p><h2>Eighty Years, Seven Months</h2><p>20 April 2026. Monday morning in the Philippines.</p><p>At Camp Aguinaldo in Quezon City and across half a dozen exercise sites on Luzon and the outlying islands, seventeen thousand troops are starting the largest Balikatan Military Exercise in the program&#8217;s forty-one-year history. They come from seven active-participant countries: the Philippines, the United States, Australia, Japan, Canada, France, and New Zealand. Seventeen more nations sent observers. About fourteen hundred of the troops are Japanese, deployed across Ground, Maritime, and Air components. The first combat-tasked Japanese force on Philippine soil since the Imperial Japanese Army&#8217;s surrender in September 1945.</p><p>Eighty-one years separate the two arrivals.</p><p>Corregidor fell on 6 May 1942. Japan surrendered on 2 September 1945. Between then and this morning came the postwar scaffolding the Pacific has lived inside ever since: the San Francisco Peace Treaty in 1951, the Philippines-US Mutual Defense Treaty the same year, the 1956 Reparations Agreement, the 1960 US-Japan Security Treaty, and the 2024 Japan-Philippines Reciprocal Access Agreement, which entered into force in September 2025 and provides the legal authorization for a JSDF combat unit to stand on Philippine soil this morning.</p><p>Eighty years, seven months, and a handful of days between the last Japanese combat boots to leave Philippine soil and the first one to land on it again, this time by Filipino invitation, under a treaty Filipino legislators ratified, alongside a Japanese government that funded the trip out of a defense budget Japanese voters approved.</p><p>General Romeo Brawner, the Armed Forces of the Philippines chief of staff, said at the opening ceremony, &#8220;After 1945, for the very first time, we will have again Japanese combat troops on Philippine soil.&#8221; Brawner did not soften the sentence. He used the word &#8220;again&#8221; deliberately. He used it because the moment demanded the word.</p><p>What made today possible is also what makes today meaningful for the defense of the Pacific against the growing threat from China.</p><h2>The Architecture</h2><p>A kill chain is the sequence by which a military finds a target, tracks it, fires on it, and confirms the kill. Doing it inside one military is hard. Doing it across three militaries, with shared sensors, shared data, shared rules of engagement, and shared willingness to release weapons under the same flag-state&#8217;s call, is an order of magnitude harder. Three navies do not run a single kill chain by accident.</p><div class="pullquote"><p>Three navies do not run a single kill chain by accident.</p></div><p>The exercises during Balikatan 2026 are running one.</p><p>The architecture under it took three years to field. Walking it backward: the 2022 Japanese National Security Strategy named China as Japan&#8217;s strategic challenge in plain language, and authorized counterstrike capability for the Self-Defense Forces. The 2023 Japanese Defense Buildup Plan committed &#165;43 trillion across five years and sent Japanese defense spending toward two percent of GDP, a number every Japanese government from the 1960s forward had treated as the political third rail. In December 2023, then-Prime Minister Kishida revised the export rules to authorize sale of finished lethal weapons for the first time. The Active Cyber Defense Law passed Tokyo&#8217;s Diet in 2025 and enters force on 1 October 2026. Then on 21 April 2026, Sanae Takaichi&#8217;s government expanded the weapon export authorization to seventeen partner countries with which Japan holds defense agreements, the Philippines among them. The most consequential strategic shift in the Pacific since 1960 was assembled in budget footnotes and bureaucratic releases that nobody covers because nobody is paid to cover bureaucratic releases.</p><div class="pullquote"><p>The most consequential strategic shift in the Pacific since 1960 was assembled in budget footnotes and bureaucratic releases that nobody covers because nobody is paid to cover bureaucratic releases.</p></div><p>I catalogued this build-up in more detail in <em><a href="https://karpf.substack.com/p/the-quiet-rearmament">The Quiet Rearmament</a></em>. This week is what it looks like in firing position. Guns up, ready to fire.</p><p>Takaichi posted to X in the first days of Balikatan: &#8220;In an increasingly severe security environment, no single country can now protect its own peace and security alone.&#8221; That is the thesis in the Prime Minister&#8217;s own words.</p><p>The industrial layer carries the same shape as the exercise. The Global Combat Air Programme, the trilateral fighter project Japan runs with the United Kingdom and Italy, awarded its first joint contract on 3 April 2026: &#163;686 million to Edgewing, the joint venture that will build the airframe. Tokyo&#8217;s March 2024 Cabinet decision authorized GCAP exports to third-party countries, with at least fifteen states identified as eligible buyers. Coproduction and foreign sales of offensive weapons. The defense industrial base and international coalition is growing.</p><p>Then the geometry. NMESIS launchers from the US Marine Corps&#8217; 3rd Marine Littoral Regiment and HIMARS from the US Army&#8217;s 25th Infantry Division flew into Itbayat, the northernmost inhabited island of the Philippines, on US Air Force C-130s. Combined system range covers 100 to 300 miles. The Philippine Marine Corps brought BrahMos, live and notional, into the same firing line with an operational range of more than 500 miles. The Japanese Type 88 fires its anti-ship missile to 100 miles. Itbayat sits 100 miles from Taiwan. Four anti-ship systems, three flags, one chokepoint. Whoever sails through that water now has to assume firepower can arrive from four launch positions, on four different service command nets, with four different missile flight profiles, and therefore four different missile defense procedures, against one shared target.</p><p>Those are four fangs that change the chokepoint math.</p><p>And those are only the land shooters. Col. Dennis Hernandez, Balikatan spokesperson for the Armed Forces of the Philippines, called the SINKEX &#8220;a combination of air, land, and maritime assets sinking the target vessel&#8221; in an interview at Camp Aguinaldo. Joint and combined.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-first-island-kill-chain?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/p/the-first-island-kill-chain?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p><h2>The Receipts</h2><p>If you want to know whether a deterrence architecture is working, watch the adversary. Beijing starts reacting the morning the architecture goes operational.</p><p>Day one. PRC Foreign Ministry spokesperson Guo Jiakun steps to the podium in Beijing on 20 April and delivers a warning in his own voice rather than handing it to state press: &#8220;We wish to remind the countries concerned that blindly binding themselves together in the name of security will only be akin to playing with fire, ultimately backfiring upon themselves.&#8221; The &#8220;playing with fire&#8221; formula is high-register PRC rhetoric, ordinarily reserved for direct security warnings. Guo invokes the Pacific War: &#8220;Japan bears grave historical responsibilities for Southeast Asian countries, including the Philippines, due to its aggression and colonial rule during WWII.&#8221; Chinese Foreign Ministry spokespersons do not deploy WWII guilt by accident.</p><p>Day two. On 21 April, Beijing responds to Takaichi&#8217;s export-law expansion: &#8220;seriously concerned,&#8221; &#8220;reckless militarisation,&#8221; &#8220;highly vigilant and resolutely opposed.&#8221; The Global Times, the Chinese state-press paper that handles escalation when the Ministry stays calibrated, simultaneously runs a long piece featuring Zhang Junshe, a senior colonel of the People&#8217;s Liberation Army Navy, who describes the JSDF deployments as &#8220;endowed with substantive offensive combat capabilities&#8221; and characterizes Japan as &#8220;willingly acting as a pawn of the US in the Asia-Pacific region.&#8221; Two registers with the same message.</p><p>Day five. On 24 April, the PLA Southern Theater Command organizes Task Force 107, led by the Type 055 guided-missile destroyer Zunyi, and conducts live-fire drills east of Luzon: &#8220;a necessary action in response to the current regional situation.&#8221; Behind the surface action group come the carrier Liaoning and a Type 075 amphibious assault ship. A Type 055 fires a YJ-20 hypersonic anti-ship missile in the vicinity.</p><p>Around 28 April, a combined Russian-Chinese surface task group transits Japan&#8217;s southwestern approaches en route to the East China Sea.</p><p>The vocabulary China uses is borrowed from the US. In October 2023, after the Hamas attack on Israel, the Biden administration ordered the USS Gerald R. Ford carrier strike group to the eastern Mediterranean within days, then added the USS Eisenhower carrier strike group, specifically to deter Iran and Hezbollah from a wider regional war. American doctrine, expressed as deployments rather than treaties, on the theory that an adversary&#8217;s calculation changes when an aircraft carrier appears in the relevant ocean. Beijing is now running the same playbook: a carrier, an amphib, a surface action group, and a hypersonic missile fired in the vicinity. Three axes of escalation in nine days, in answer to one exercise. All deployed as deterrence theater against a multilateral kill chain that Beijing did not take seriously a year ago.</p><p>Deterrence theory says this is what a credible adversary does when it sees a credible threat. They do not wave it off. They do not dismiss it as exercise theater. They sail their own ships, fly their own missiles, and try to prove that the cost of testing the architecture has gone up. That is the adversary giving the architecture its grade.</p><p>Beijing just gave us an A+. Thank you, Japan. Keep building.</p><div class="pullquote"><p>Beijing just gave us an A+. Thank you, Japan. Keep building.</p></div><h2>&#8220;I Shall Return&#8221;</h2><p>MacArthur said it from a railway platform in Australia in March 1942, after his evacuation from Corregidor. He returned at Leyte in October 1944, two years and seven months later, with an American army that liberated the Philippines from Japanese occupation. My grandfather was with them. The architecture MacArthur came back to restore was simple in concept and brutal in execution: a Pacific in which the Philippines could exist as a sovereign country instead of as somebody&#8217;s colony.</p><p>Eighty years and seven months later, Japan is back.</p><p>This time as ally. This time as one of three nations that fired this week on a chokepoint a hundred miles from Taiwan, in defense of the same archipelago, against the next adversary that thinks the Pacific is up for grabs. The country MacArthur came back to fight is now part of the architecture MacArthur came back to build. That is what eighty years of work looks like when the work was done right.</p><div class="pullquote"><p>The country MacArthur came back to fight is now part of the architecture MacArthur came back to build. That is what eighty years of work looks like when the work was done right.</p></div><p>The Pacific is safer this week than it was last week. The deterrent grew because Japan grew into it. The hub-and-spoke alliance the United States designed in 1951 cannot carry the load alone in 2026, and Japan stopped pretending the United States could carry it. Three Reciprocal Access Agreements in two years, with Australia, the United Kingdom, and the Philippines. A fourth in negotiation with France. Canada, France, and New Zealand on the Balikatan firing range as active participants for the first time, alongside Australia, Japan, the United States, and the Philippines. An export law that lets Japan sell weapons to the seventeen countries it has signed defense agreements with. A Prime Minister who publicly champions her own bilateral and multilateral defense agreements. A Self-Defense Force that fires the Type 88 from a foreign island and goes home to a country that ratified the trip.</p><p>The Type 88 launchers will leave Itbayat when Balikatan ends on 8 May. The fourteen hundred JSDF personnel will load onto Japan-flagged ships and aircraft and rotate home under the same Reciprocal Access Agreement that governed their entry. The exercise will close. The architecture stays.</p><p>The next exercise is already on the calendar. Balikatan 2027. The multilateral cycles that come whenever Beijing decides to test the architecture again. Whatever follows the day France&#8217;s RAA enters force. The Type 88 launcher on Itbayat is one weapon. The architecture turns one weapon into four, and three flags into seven. The coalition executes and maneuvers faster than the PLA can respond.</p><p>Keep going, Takaichi. Damn the torpedoes, full speed ahead.</p><div><hr></div><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-first-island-kill-chain?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-first-island-kill-chain?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/p/the-first-island-kill-chain?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><p></p>]]></content:encoded></item><item><title><![CDATA[The Mythos Deferral]]></title><description><![CDATA[We (re)invented a governance vehicle last week. Its name is the Concert.]]></description><link>https://karpf.substack.com/p/the-mythos-deferral</link><guid isPermaLink="false">https://karpf.substack.com/p/the-mythos-deferral</guid><dc:creator><![CDATA[Brandon Karpf]]></dc:creator><pubDate>Wed, 22 Apr 2026 12:04:02 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!XTpe!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbee17357-9ac5-4b63-90fe-e5e05aa0462c_3500x2333.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!XTpe!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbee17357-9ac5-4b63-90fe-e5e05aa0462c_3500x2333.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!XTpe!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbee17357-9ac5-4b63-90fe-e5e05aa0462c_3500x2333.jpeg 424w, https://substackcdn.com/image/fetch/$s_!XTpe!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbee17357-9ac5-4b63-90fe-e5e05aa0462c_3500x2333.jpeg 848w, https://substackcdn.com/image/fetch/$s_!XTpe!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbee17357-9ac5-4b63-90fe-e5e05aa0462c_3500x2333.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!XTpe!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbee17357-9ac5-4b63-90fe-e5e05aa0462c_3500x2333.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!XTpe!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbee17357-9ac5-4b63-90fe-e5e05aa0462c_3500x2333.jpeg" width="1456" height="971" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/bee17357-9ac5-4b63-90fe-e5e05aa0462c_3500x2333.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:971,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:461483,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://karpf.substack.com/i/194935082?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbee17357-9ac5-4b63-90fe-e5e05aa0462c_3500x2333.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!XTpe!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbee17357-9ac5-4b63-90fe-e5e05aa0462c_3500x2333.jpeg 424w, https://substackcdn.com/image/fetch/$s_!XTpe!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbee17357-9ac5-4b63-90fe-e5e05aa0462c_3500x2333.jpeg 848w, https://substackcdn.com/image/fetch/$s_!XTpe!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbee17357-9ac5-4b63-90fe-e5e05aa0462c_3500x2333.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!XTpe!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbee17357-9ac5-4b63-90fe-e5e05aa0462c_3500x2333.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div><hr></div><p>The letter was never written as one document. Six regulators drafted it, across four jurisdictions, over roughly ten days. </p><p>But when you stack the public statements side by side, from the European Central Bank, the Federal Reserve Bank of New York, the Bank of England, the UK National Cyber Security Centre, the Canadian Centre for Cyber Security, and the European Commission&#8217;s DG Connect, the paragraphs compose into something like this:</p><blockquote><p><em>Dear Anthropic,</em></p><p><em>We write to express our sincere appreciation for your decision to defer the deployment of Claude Mythos pending further consultation with our authorities. Your willingness to self-impose a staged rollout, and to engage with regulators in advance of release, reflects the responsible stewardship our institutions value. We look forward to continued dialogue.</em></p><p><em>With gratitude and affection.</em></p></blockquote><p>No modern regulator has ever publicly thanked a frontier technology vendor for postponing a product release. The closest historical parallel, the EPA thanking DuPont in 1988 for voluntarily ceasing CFC production, happened only after the Montreal Protocol gave the EPA the authority it thanked DuPont for respecting. Here, no Montreal Protocol exists. No statute applies. No Senate has ratified anything. Just the thank-you.</p><p>Six regulators in ten days. Every one of them used some variant of &#8220;grateful.&#8221; Anthropic&#8217;s own corporate summary of the coordination used &#8220;grateful&#8221; twice.</p><div class="pullquote"><p><em>No modern regulator has ever publicly thanked a frontier technology vendor for postponing a product release.</em></p></div><p>Anyone who has read a little nineteenth-century history recognizes the form. In 1815, at the Congress of Vienna, the great powers of Europe invented a new governance technology. They coordinated the continental order through letters, congresses, and polite restraint, without a binding treaty. They called it the Concert of Europe. It worked, more or less, for a century. Then it didn&#8217;t, catastrophically.</p><p>The Mythos deferral is the AI-policy community&#8217;s reinvention of the Concert. The letter on top of this essay is its Congress of Vienna.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><h2>Companion, not continuation</h2><p>Three weeks ago I argued that democratizing offensive AI capability is good. <a href="https://karpf.substack.com/p/the-monks-and-the-machine">The Monks and the Machine</a> made the capability argument. This piece makes the governance argument.</p><p>Offensive cyber capability is getting democratized. A governance vehicle is getting normalized alongside it. The first piece celebrated the direction of travel. This one names the vehicle we&#8217;re using to manage the direction, and argues we should be clear-eyed about it before calling it a solution.</p><p>Because &#8220;coordinated multilateral regulatory endorsement of a voluntary vendor deferral&#8221; was not a governance system that existed two months ago. A new thing got canonized this week. The press has taken it for granted. I would like to name it while it is still name-able.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-mythos-deferral?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/p/the-mythos-deferral?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p><h2>What the thank-you note admits</h2><p>Every thank-you note is a confession. The gift it acknowledges is the gift the giver did not have to give. Acknowledged here is the deferred product launch. In the text of their acknowledgments, the regulators confessed the three capacities they lack to control this technology.</p><p>None of the signatories have the <strong>technical capacity</strong>, the infrastructure, to independently evaluate a frontier model of Mythos&#8217;s scale and character. The Bank of England cannot stand up a red team capable of adversarial evaluation of the model&#8217;s cyber capability uplift. The ECB cannot pressure-test its banking-sector risk. DG Connect has no AI evaluation authority structurally comparable to the UK&#8217;s AI Safety Institute, and the AISI has existed for less than two years and evaluates on vendor-provided access. The regulator is, functionally, asking the vendor to grade its own work and then thanking the vendor for the grade.</p><p>None of the signatories have the <strong>legal capacity</strong> to control a frontier model of Mythos&#8217;s scale and character. The EU AI Act, the statute most often cited as the fastest-moving AI law in the world, was first proposed by the European Commission in April 2021. It entered into force in August 2024. Its implementing phases roll out through 2027. The thank-you note took ten days. The Act is what formal AI regulation looks like in the EU. The note is what informal coordination looks like when the Act has nothing in its obligations section that maps to a US-trained frontier model deployed via US-based cloud infrastructure into eurozone banks under a voluntary deferral framework. US bank regulators, for their part, have no statute that compels pre-release AI consultation at all. On April 7, Treasury Secretary Bessent and Federal Reserve Chair Powell convened the largest US bank CEOs in part to discuss Mythos. That was a convening. It had no enforcement tail. Convenings do not ship regulation.</p><p>None of the signatories have the <strong>jurisdictional capacity</strong> to oversee a frontier model of Mythos&#8217;s scale and character. The six regulators who signed the imagined letter govern, together, roughly eight percent of the world&#8217;s population and maybe fifty percent of the world&#8217;s AI capital. Their reach over Mistral, Qwen, DeepSeek, the UAE&#8217;s Falcon program, or a state-backed Chinese frontier lab is approximately zero. None of those labs participated in the Mythos chorus. None sent a deferral statement. None received a thank-you note. The regime the signatories just canonized works for the vendors inside the room. It has no mechanism for the vendors outside the room.</p><p>Meanwhile, in a room somewhere off the 101 near San Francisco where the actual coordination is happening, Project Glasswing launched on April 8 with AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and roughly forty others, backed by a $100M Anthropic credit commitment. The signatories of the thank-you note are not in that room.</p><p>I wrote last December about the governance of the <a href="https://karpf.substack.com/p/governing-the-offensive-cyber-enterprise">offensive cyber enterprise</a>: private firms operating at the edge of state capability, where the commercial logic writes the rules the state cannot. The thank-you note is that same pattern, generalized to frontier AI.</p><p>Three capacity gaps, named plainly. The name for this kind of governance, when it has worked, is the Concert. When it has not worked, the name is the same.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe now&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/subscribe?"><span>Subscribe now</span></a></p><h2>The Concert, fairly described</h2><p>Kissinger&#8217;s <em>A World Restored</em>, written in 1957 about the period between 1812 and 1822, remains the canonical English-language account of how the great powers assembled the order that followed Napoleon. The working principle was elegant, aristocratic, and alien to modern ears. The victors of a continental war did not impose a peace through treaty. They coordinated one through correspondence. Metternich and Castlereagh wrote letters. Congresses convened in Aix-la-Chapelle, Troppau, Laibach, and Verona. Restraint was polite. Obligation was unwritten. Enforcement ran on reputation.</p><p>It worked. For about thirty years, the peace held. The coordination accommodated a genuinely difficult coalition of monarchies and constitutional systems, each with different interests and different theological commitments about what an international order was supposed to look like. The Concert metabolized the 1830 revolutions in France, Belgium, and Poland without collapsing into continental war. That is a real achievement. Informal coordination on dual-use capability of the gravest kind (fielded armies) managed to produce three decades of non-catastrophic outcomes.</p><p>Then the coordination began accommodating less well. Nationalism and unification broke the coalition. Bismarck&#8217;s Germany, consolidated through three wars between 1864 and 1871, was a new kind of actor the Concert had not been designed to handle. A willing non-cooperator, rational but unsentimental about the informal mechanism, eventually exposed its structural limits. The Concert persisted for another forty years after Bismarck, through diminishing returns, until one assassination in Sarajevo in June 1914 triggered a cascade it had no structural resistance to.</p><p>Informal multilateral coordination on dual-use capability has a characteristic trajectory. It works. Then it accommodates less well. Then it fails catastrophically against a non-cooperator. The half-life of the mechanism is a function of how long the cooperating parties remain genuinely aligned on the substantive thing being coordinated.</p><p>A polite letter has always been what power sends when it has run out of other instruments.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-mythos-deferral?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/p/the-mythos-deferral?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p><h2>The case for the letter, fairly stated</h2><p>Informal multilateral coordination is a real governance mode with a real track record. Formal rulemaking cannot keep pace with dual-use technology that changes every training run. The Montreal Protocol began as voluntary industry commitments and produced a functioning ozone regime that the ratification phase later locked in. The Basel Accords have coordinated global banking supervision for forty years through non-binding agreements that central banks then incorporated into domestic rule. The US AI Voluntary Commitments from July 2023 produced faster alignment across frontier labs than any formal process could. Hard law and soft law are substitutes with different comparative advantages, and soft law frequently iterates faster and produces equivalent compliance when the shared interest is real.</p><p>The thank-you note is the Montreal Protocol arriving on a compressed timeline, before the Protocol&#8217;s formal equivalent exists to ratify it. Anthropic had the technical knowledge. The regulators did not. Coordination through voluntary deferral around that asymmetry is a rational mechanism design. Call this subsidiarity. Give me a harder steelman.</p><p>Here is the harder steelman. The favorable cases all shared a structural feature the Mythos case lacks. Montreal had parts per billion of chlorofluorocarbons. Basel had Tier 1 capital ratios. The IAEA has fissile material mass and enrichment percentages. Each regime governed a measurable, scientifically-consensus-backed phenomenon. The soft-law mechanism coordinated around an underlying metric that was not negotiable, because physics had fixed it.</p><p>&#8220;Claude Mythos is safe enough for EU banks&#8221; has no metric.</p><div class="pullquote"><p>&#8220;Claude Mythos is safe enough for EU banks&#8221; has no metric.</p></div><p>The thank-you note traded Anthropic&#8217;s private assessment of its own model&#8217;s risk profile for the regulators&#8217; public endorsement of that assessment. That is not coordination around a measurable phenomenon. Corporate discretion replaces public authority in the technologies that most directly bear on public safety. The version of soft-law governance that worked (Montreal, Basel, the IAEA) and the version we have (Mythos) are not the same version.</p><p>They share a name. They do not share a mechanism.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe now&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/subscribe?"><span>Subscribe now</span></a></p><h2>What gets built to catch what falls</h2><p>The Concert of Europe was a real governance regime. It was also, from the moment it began, always doomed to fail. The thing that ended it was the arrival of a party the informal mechanism had no structural way to accommodate: an unaffiliated, unsentimental, rational actor whose interests nobody in Aix-la-Chapelle had modeled. The mechanism ended on a Sunday in June 1914, in a city none of its architects had thought much about.</p><p>The Mythos regime is governance. It is also, from the moment it began, always going to end. A frontier lab that does not want to be thanked will end it. Maybe that lab is Chinese. Maybe it is Emirati, or Saudi, or a sovereign program from a country nobody in the signatory chorus currently anticipates. Maybe it is a US-based release from an actor that cannot be courteously disciplined, because courtesy is not in the weights or in the board&#8217;s interest. Maybe that company&#8217;s name is OpenAI. Whichever it is, the moment it arrives, the signatories will discover what their predecessors at Ballhausplatz discovered in July 1914: the informal mechanism has no fallback.</p><p>Which is fine, as long as we&#8217;re using the interval to build the fallback. The Concert&#8217;s century of non-catastrophic coordination among rivalrous great powers is not nothing. If the Mythos regime buys us three years of stability while the EU AI Act matures, while the US builds a functioning AI Safety Institute, while the G7 Hiroshima Process hardens into something with teeth, the regime will have earned its keep. Soft law into hard law. Voluntary into statutory. The Montreal Protocol, on AI time.</p><p>We built a governance regime out of a word we usually send with flowers. The risk is the informal mechanism feels like the answer. The institutional work never happens because coordination through thank-you notes looks a lot like working governance right up until it doesn&#8217;t. That&#8217;s the thing to watch for.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/?utm_source=substack&amp;utm_medium=email&amp;utm_content=share&amp;action=share&quot;,&quot;text&quot;:&quot;Share A Discipline of Seeing&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/?utm_source=substack&amp;utm_medium=email&amp;utm_content=share&amp;action=share"><span>Share A Discipline of Seeing</span></a></p>]]></content:encoded></item><item><title><![CDATA[Who's Minding the Store?]]></title><description><![CDATA[The case for rebuilding CISA as America's cyber defense protocol.]]></description><link>https://karpf.substack.com/p/whos-minding-the-store</link><guid isPermaLink="false">https://karpf.substack.com/p/whos-minding-the-store</guid><dc:creator><![CDATA[Brandon Karpf]]></dc:creator><pubDate>Wed, 15 Apr 2026 12:02:00 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!zeex!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffb2f13c3-1db7-431c-aec5-15f2f41bb241_6000x4000.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!zeex!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffb2f13c3-1db7-431c-aec5-15f2f41bb241_6000x4000.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!zeex!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffb2f13c3-1db7-431c-aec5-15f2f41bb241_6000x4000.jpeg 424w, https://substackcdn.com/image/fetch/$s_!zeex!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffb2f13c3-1db7-431c-aec5-15f2f41bb241_6000x4000.jpeg 848w, https://substackcdn.com/image/fetch/$s_!zeex!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffb2f13c3-1db7-431c-aec5-15f2f41bb241_6000x4000.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!zeex!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffb2f13c3-1db7-431c-aec5-15f2f41bb241_6000x4000.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!zeex!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffb2f13c3-1db7-431c-aec5-15f2f41bb241_6000x4000.jpeg" width="1456" height="971" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/fb2f13c3-1db7-431c-aec5-15f2f41bb241_6000x4000.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:971,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1249395,&quot;alt&quot;:&quot;Industrial control panel gauges in a darkened facility&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://karpf.substack.com/i/194191126?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffb2f13c3-1db7-431c-aec5-15f2f41bb241_6000x4000.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Industrial control panel gauges in a darkened facility" title="Industrial control panel gauges in a darkened facility" srcset="https://substackcdn.com/image/fetch/$s_!zeex!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffb2f13c3-1db7-431c-aec5-15f2f41bb241_6000x4000.jpeg 424w, https://substackcdn.com/image/fetch/$s_!zeex!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffb2f13c3-1db7-431c-aec5-15f2f41bb241_6000x4000.jpeg 848w, https://substackcdn.com/image/fetch/$s_!zeex!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffb2f13c3-1db7-431c-aec5-15f2f41bb241_6000x4000.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!zeex!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ffb2f13c3-1db7-431c-aec5-15f2f41bb241_6000x4000.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div><hr></div><p>On April 7, 2026, six federal agencies co-signed Advisory AA26-097a. The FBI, CISA, NSA, Department of Energy, EPA, and US Cyber Command warned that Iranian-affiliated actors are actively exploiting programmable logic controllers across American water systems, energy facilities, and government networks. The targets were Rockwell and Allen-Bradley PLCs, the hardware that opens valves, regulates pressure, and controls the machines that keep the lights on in places where lights matter most. The adversary&#8217;s intent, per the advisory, is to &#8220;cause disruptions&#8221; and &#8220;manipulate data displayed on HMI and SCADA displays.&#8221; Translation for anyone who hasn&#8217;t spent time in an operations center: people we cannot trust are reaching into the guts of American infrastructure and turning the dials.</p><p>The same week, the White House released its FY2027 budget proposal. CISA, the agency whose name appeared second on that advisory, would lose $707 million. Roughly 30% of its budget. The National Risk Management Center (NRMC), which coordinates protection of the same physical and digital systems the advisory was warning about, would lose 73%. The budget justification document rationalized the cuts by claiming CISA has been &#8220;more focused on censorship than on protecting the nation&#8217;s critical systems.&#8221;</p><p>So on the same week that CISA co-authored a warning about a nation-state adversary manipulating American infrastructure, the agency&#8217;s own government published a document calling it unnecessary.</p><p>America built a volunteer fire department to protect its most critical infrastructure. The department doesn&#8217;t own the buildings. Can&#8217;t force the building owners to install sprinklers. Can&#8217;t compel the volunteers to show up. What it can do is coordinate. Make the calls, share the intelligence, tell people where the fire is spreading, bring the fire fighters and the weather forecasters and the fire fighting technology vendors and the building owners all into the same room. That department is CISA. And right now, during the worst fire season in its history, the department is operating at 38% capacity.</p><div class="pullquote"><p>The arsonists have not taken a corresponding pay cut.</p></div><p>CISA grew fast after its 2018 founding, accumulated programs that were controversial, and attracted legitimate criticism from all sides. Grant all of it. Whether CISA needed reform was never the question. The question is what CISA should become. Because the architecture for how we do critical infrastructure defense in the United States is fundamentally broken. Not because of one administration, although this administration is making it catastrophically worse at the worst possible time. But it&#8217;s also broken because of how the system was designed.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><h2>The Architecture</h2><p>Presidential Policy Directive 41, signed in 2016, established the framework for how the United States responds to significant cyber incidents. Three lines of effort. Asset Response (protecting the victim&#8217;s networks) belongs to CISA, housed inside DHS. Threat Response (investigating and disrupting the attacker) belongs to the FBI, housed inside DOJ. Intelligence Support (attributing the attack and providing classified context) belongs to NSA and ODNI. Alongside those three lanes, Cyber Command defends military networks and conducts offensive operations abroad, DOE runs the national labs and CESER for energy-sector defense, other sector-specific agencies like Transportation provide sector-specific security guidelines, and FFRDCs like MITRE and Sandia do the deep technical research that none of the operational agencies have time for.</p><p>That&#8217;s a lot of capability sitting behind a firewall. And that firewall keeps it hidden away from the private sector organizations that need it the most.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!R3GC!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd5359361-9efc-4837-bdb5-a2c47c94971e_1920x1080.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!R3GC!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd5359361-9efc-4837-bdb5-a2c47c94971e_1920x1080.png 424w, https://substackcdn.com/image/fetch/$s_!R3GC!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd5359361-9efc-4837-bdb5-a2c47c94971e_1920x1080.png 848w, https://substackcdn.com/image/fetch/$s_!R3GC!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd5359361-9efc-4837-bdb5-a2c47c94971e_1920x1080.png 1272w, https://substackcdn.com/image/fetch/$s_!R3GC!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd5359361-9efc-4837-bdb5-a2c47c94971e_1920x1080.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!R3GC!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd5359361-9efc-4837-bdb5-a2c47c94971e_1920x1080.png" width="1456" height="819" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/d5359361-9efc-4837-bdb5-a2c47c94971e_1920x1080.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:819,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:191737,&quot;alt&quot;:&quot;Diagram of the current PPD-41 cyber incident response framework showing White House policy coordination on top, four parallel agency lanes (CISA, FBI, NSA/ODNI, Cyber Command) in the middle, and private sector critical infrastructure below, separated by a line no agency can cross unilaterally&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://karpf.substack.com/i/194191126?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd5359361-9efc-4837-bdb5-a2c47c94971e_1920x1080.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Diagram of the current PPD-41 cyber incident response framework showing White House policy coordination on top, four parallel agency lanes (CISA, FBI, NSA/ODNI, Cyber Command) in the middle, and private sector critical infrastructure below, separated by a line no agency can cross unilaterally" title="Diagram of the current PPD-41 cyber incident response framework showing White House policy coordination on top, four parallel agency lanes (CISA, FBI, NSA/ODNI, Cyber Command) in the middle, and private sector critical infrastructure below, separated by a line no agency can cross unilaterally" srcset="https://substackcdn.com/image/fetch/$s_!R3GC!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd5359361-9efc-4837-bdb5-a2c47c94971e_1920x1080.png 424w, https://substackcdn.com/image/fetch/$s_!R3GC!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd5359361-9efc-4837-bdb5-a2c47c94971e_1920x1080.png 848w, https://substackcdn.com/image/fetch/$s_!R3GC!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd5359361-9efc-4837-bdb5-a2c47c94971e_1920x1080.png 1272w, https://substackcdn.com/image/fetch/$s_!R3GC!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd5359361-9efc-4837-bdb5-a2c47c94971e_1920x1080.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption"><em>Four lanes, one line nobody can cross at 2 AM.</em></figcaption></figure></div><p>The White House, NSC, and Office of the National Cyber Director sit on top: policy coordination. They set direction and deconflict the agencies below them. They don&#8217;t execute. Four agencies hang off that layer, each with a distinct lane. CISA and the JCDC handle asset response and industry coordination. FBI and DOJ investigate and prosecute. ODNI and NSA own foreign intelligence. Cyber Command conducts offensive operations and defends military networks. Below all of them sits the actual target of interest: Private Sector and Critical Infrastructure.</p><p>And between the government layer and the private sector, a line. No agency above that line has the authority, the regulatory mandate, or the structural incentive to reach across it unilaterally. Cyber Command can go after the attacker abroad but cannot operate on US civilian networks. NSA can identify the threat but cannot quickly share raw intelligence directly with a private company without risking sources and methods. The FBI wants evidence preserved, which creates a direct tension with incident response teams that want to wipe and rebuild as fast as possible. None of them can walk into a Fortune 100 company&#8217;s security operations center and say &#8220;patch this&#8221; or &#8220;we want to help you hunt.&#8221; Try navigating that org chart during a breach at 2 AM.</p><p>That&#8217;s by design. The voluntary model was a deliberate policy choice, and a defensible one that encourages information sharing without legal exposure, without regulatory overreach, without turning cybersecurity into another compliance exercise. The problem was never the voluntary principle. The problem is coordination. 90% of American critical infrastructure is privately owned. A company in the middle of a breach fields calls from multiple agencies simultaneously, each asking for something different, each operating under different authorities and constraints. Someone has to translate between all those lanes and the people actually running the networks.</p><p>That someone is CISA. In practice, CISA is the only federal entity that formally faces outward toward the private sector. It shares sanitized intelligence. It runs tabletop exercises. It maintains the relationships, the phone trees, the bilateral partnerships with the companies that actually operate the networks being targeted. The Joint Cyber Defense Collaborative brings together major companies to coordinate defense against nation-state threats. CISA is the front door for the private sector into the entire federal capability stack, and the only agency that routinely crosses the line between government and industry by design.</p><p>CISA is the interface. The protocol. The translation layer between everything the federal government can do and the private-sector operators who need it. PPD-41 describes it as one lane among many, but that undersells the reality of what it <em>can</em> be and what we <em>need</em> it to be.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/whos-minding-the-store?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/p/whos-minding-the-store?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p><h2>Why the Current Model Can&#8217;t Hold</h2><p>The current model depends on the translation layer being staffed, trusted, and functional. It was never given the structural protections to guarantee any of those three and this administration proved it.</p><p>Since February 2025, CISA has lost roughly two-thirds of its operational workforce through a combination of budget cuts, a government shutdown, organizational turbulence, and what can most charitably be described as institutional sabotage. DOGE canceled the agency&#8217;s primary red team contracts. Approximately 1,000 employees departed through layoffs, buyouts, and early retirements. CISA&#8217;s previous acting director, Madhu Gottumukkala, uploaded at least four documents marked &#8220;for official use only&#8221; to a public ChatGPT instance (he had been granted special access to the service not available to other CISA employees, which is the kind of detail that would be funny if it weren&#8217;t about the person running America&#8217;s cybersecurity agency). He also failed a polygraph test. To be fair, those things legit suck and are totally pseudoscience anyway. But when six career staffers who administered the polygraph raised concerns, they were suspended. Gottumukkala was eventually reassigned to &#8220;director of strategic implementation&#8221; at DHS, a title that sounds like it was generated by the same ChatGPT instance he&#8217;d been uploading documents to.</p><p>The Senate has not confirmed a CISA director in thirteen months. Thirteen months during the most active nation-state cyber campaigns against American infrastructure in history. Sean Plankey, a qualified pick, has been held up by Wyden (D-OR) over a delayed telecom security report, Scott (R-FL) over a Coast Guard cutter contract, and Budd (R-NC) and Tillis (R-NC) over Hurricane Helene disaster funding. Four senators, three unrelated grievances, none connected to cybersecurity policy. The FY27 budget proposes eliminating 860 additional positions. And the budget justification frames all of this as a correction (&#8221;The agency was focused on censorship, so we&#8217;re fixing it.&#8221;)</p><p>They&#8217;re not fixing it. The NRMC lost 73%, and the NRMC has nothing to do with elections or misinformation. The red teams had nothing to do with censorship. The 860 positions span the entire agency, not just the politically contentious programs. The administration isn&#8217;t refocusing CISA. Based on every signal it has sent, it appears to be trying to eliminate CISA&#8217;s existence or at the very least its ability to function.</p><p>And the threat hasn&#8217;t paused for the renovation.</p><p>The Iranian cyber campaign unfolding in 2026 bears no resemblance to the episodic hacktivism of prior years. Iranian-affiliated groups are conducting coordinated, multi-front operations across American water systems, energy grids, and government networks, with something that looks uncomfortably like a command structure. CyberAv3ngers, the group that compromised a municipal water authority in Aliquippa, Pennsylvania in 2023 as a proof of concept, is now part of a trilateral alliance that publicly named US water infrastructure as targets. Salt Typhoon, the Chinese campaign that compromised more than 200 telecom providers across 80 countries, remains active. CISA faces simultaneous campaigns from two of the three most capable nation-state cyber actors on the planet. At 38% capacity.</p><p>The volunteer fire department is running on a skeleton crew during the worst fire season in its history. The United States chose to defend critical infrastructure through voluntary cooperation, coordinated by an agency with no regulatory authority, staffed by people who could make twice their salary in the private sector, and protected by exactly zero structural safeguards against the moment someone decided the whole thing was expendable.</p><p>That moment has arrived.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe now&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/subscribe?"><span>Subscribe now</span></a></p><h2>The Translation Layer</h2><p>So what should CISA actually be?</p><p>Not what it was. The administration&#8217;s critics want to restore CISA to its 2024 form. The administration wants to eliminate it. Both positions miss the structural problem that predates this White House by a decade.</p><p>PPD-41 treats CISA as one column in a multi-column framework. Parallel lanes, each with its own authorities and capabilities. That framing is not adequate in 2026. The coordination demands have become continuous, multi-front, and operationally complex. The old framework treats coordination as one function among equals. The threat environment demands coordination as the load-bearing function.</p><p>CISA should be the interface. CISA is the protocol</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!XiVG!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef9b5960-cdfa-4cb1-b63f-d29e670911c6_1920x1080.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!XiVG!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef9b5960-cdfa-4cb1-b63f-d29e670911c6_1920x1080.png 424w, https://substackcdn.com/image/fetch/$s_!XiVG!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef9b5960-cdfa-4cb1-b63f-d29e670911c6_1920x1080.png 848w, https://substackcdn.com/image/fetch/$s_!XiVG!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef9b5960-cdfa-4cb1-b63f-d29e670911c6_1920x1080.png 1272w, https://substackcdn.com/image/fetch/$s_!XiVG!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef9b5960-cdfa-4cb1-b63f-d29e670911c6_1920x1080.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!XiVG!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef9b5960-cdfa-4cb1-b63f-d29e670911c6_1920x1080.png" width="1456" height="819" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/ef9b5960-cdfa-4cb1-b63f-d29e670911c6_1920x1080.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:819,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:192259,&quot;alt&quot;:&quot;Proposed cyber defense architecture with policy coordination on the left, federal capability stack in the center, and CISA positioned as the translation layer between government resources and private sector infrastructure on the right&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://karpf.substack.com/i/194191126?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef9b5960-cdfa-4cb1-b63f-d29e670911c6_1920x1080.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Proposed cyber defense architecture with policy coordination on the left, federal capability stack in the center, and CISA positioned as the translation layer between government resources and private sector infrastructure on the right" title="Proposed cyber defense architecture with policy coordination on the left, federal capability stack in the center, and CISA positioned as the translation layer between government resources and private sector infrastructure on the right" srcset="https://substackcdn.com/image/fetch/$s_!XiVG!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef9b5960-cdfa-4cb1-b63f-d29e670911c6_1920x1080.png 424w, https://substackcdn.com/image/fetch/$s_!XiVG!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef9b5960-cdfa-4cb1-b63f-d29e670911c6_1920x1080.png 848w, https://substackcdn.com/image/fetch/$s_!XiVG!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef9b5960-cdfa-4cb1-b63f-d29e670911c6_1920x1080.png 1272w, https://substackcdn.com/image/fetch/$s_!XiVG!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef9b5960-cdfa-4cb1-b63f-d29e670911c6_1920x1080.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption"><em>CISA: The narrow waist.</em></figcaption></figure></div><p>Policy on the left. White House, NSC, ONCD set direction. The capability stack in the center (Cyber Command, NSA, FBI, DOE, FEMA, the national labs, FFRDCs), they generate the power, the intelligence, the investigative capacity, the offensive options. CISA on the right, positioned explicitly as the translation layer between all of those federal resources and the private-sector critical infrastructure operators who own 90% of the targets.</p><p>If this shape looks familiar, it should. The internet runs on the same architecture. Engineers call it the hourglass model (that I&#8217;ve just turned on its side for design reasons). A massive number of applications on top (your email, your browser, your video calls), a massive number of physical networks on the bottom (fiber, copper, wireless, satellite), and one thin translation layer in the middle that lets anything above talk to anything below. That layer is TCP/IP on the internet. It doesn&#8217;t try to be everything. It does one job. It transports information. And because it does that job reliably, everything above and below it can evolve independently. The hourglass model is the most successful architecture in the history of networked systems, and the reason it works is that the narrow waist is stable, well-defined, and protected. If TCP/IP breaks, nothing above or below it matters. The applications don&#8217;t reach the networks. The networks don&#8217;t reach the applications. Everything stops.</p><div class="pullquote"><p>CISA should be the narrow waist. Massive capability above. Massive, heterogeneous infrastructure below. One translation layer in the middle that lets anything above reach anything below.</p></div><p>CISA should be the narrow waist. Massive capability above (Cyber Command, NSA, FBI, DOE, etc). Massive, heterogeneous infrastructure below (water, energy, telecom, healthcare, finance, all privately owned, all running different systems). One translation layer in the middle that lets anything above reach anything below. And the lesson the hourglass teaches, the one the current PPD-41 framework missed, is that the narrow waist is the part you protect most aggressively. Not the part you cut.</p><p>CISA sits perpendicular to the other agencies, facing outward, serving as the interface through which private-sector operators access every capability the federal government has. When a water utility in Pennsylvania discovers Iranian-affiliated traffic on its PLCs, it shouldn&#8217;t need to navigate four separate federal lanes. It should hit one interface. That interface coordinates the asset response, triggers the threat investigation, requests the intelligence support, and escalates to military channels if the attack warrants it.</p><p>The people who look at CISA&#8217;s wreckage and see failure miss the more important fact. CISA is trying to do this. The JCDC was already bringing major tech and telecom companies into coordinated defense planning. The bilateral partnerships were already building international coordination with Japan, Australia, the UK, and the EU. The regional coordinators were already building trust with state CISOs and local utilities. The model was working. Not perfectly, not at the scale the threat demanded, but working. The translation layer was functional. It just never had the formal mandate, the structural protections, or the political support to sustain it through the stress test that every institution eventually faces.</p><p>The prescription is a new Presidential Policy Directive with the force to restructure authorities and the statutory protections to survive electoral cycles. I would say the prescription is a new law, but I highly doubt we can get something so simple through Congress without them completely bastardizing it. The new PPD needs to do four things.</p><p><strong>Codify the translation layer.</strong> CISA&#8217;s formal mandate should explicitly define it as the federal government&#8217;s interface to private-sector critical infrastructure for cybersecurity coordination. Not asset response. Not one column among four. <em>The interface.</em> The protocol that every company, every utility, every hospital system uses to access federal cyber capabilities. Make the org chart match the reality of what CISA&#8217;s best people were already doing before this administration scattered them.</p><p><strong>Give it teeth for crisis coordination.</strong> The voluntary model works when the threat is manageable and trust is high. The threat is no longer manageable. CISA needs defined authorities for incident coordination during national-level cyber events: the ability to compel information sharing (with liability protections for the sharing entities) and the ability to direct federal resources across agency lines during active campaigns. Not regulatory authority over private-sector cybersecurity practices. Coordination authority during a crisis. The difference matters.</p><p>CISA 2015 liability protections expire September 30, 2026 (the act, not the agency). <strong>Protect it structurally.</strong> If they lapse, the legal foundation for voluntary information sharing disappears. CIRCIA, the mandatory incident reporting rule, has been delayed repeatedly and its implementation town halls were canceled during the shutdown. These are the legal architecture that makes the translation layer functional, and both are on life support. A new PPD should anchor both in statute, not in rules that can be defunded or directives that can be rescinded.</p><p><strong>Protect it from the political cycle.</strong> This is the hardest one, and the most necessary. If CISA can be gutted during an active cyber campaign without political consequence, it can be gutted again. And again. The agency becomes permanently politicized, and the talent pipeline reroutes entirely. The people who could make two to three times their salary in the private sector, the ones you need running this thing, they&#8217;ll do the math. They&#8217;ll calculate the risk of joining an agency that might be dismantled every four years based on which party holds the White House. CISA needs an independent funding mechanism or statutory mandate that can&#8217;t be zeroed out by a budget proposal. Congress protects defense spending this way. It protects intelligence spending this way. If CISA is the translation layer for national cyber defense, and it is, then its funding deserves the same structural protection.</p><p>I sit in an interesting chair for watching this. I spent seven years in the US Navy, including time at NSA. I currently coordinate international security partnerships at NTT, one of the companies that invested significant organizational resources in CISA&#8217;s JCDC bilateral partnership model. I&#8217;ve seen the translation layer work. I&#8217;ve seen the calls that get made, the intelligence that gets shared, the coordination that happens when the phones are staffed. I&#8217;ve also seen what it looks like when the phones go dark. The architecture I&#8217;m describing was already happening, imperfectly, before someone decided the fire department was the problem.</p><div class="pullquote"><p>The answer to mission creep is mission clarity, not demolition.</p></div><p>The administration is right about one thing. CISA circa 2024 had drifted from its core mission. The election security expansion, the counter-misinformation work, the rapid headcount growth without proportional capability maturation. All of it created legitimate grounds for reform. But the answer to mission creep is mission clarity, not demolition. And the clearest possible mission for CISA is the one it was already performing: serving as the translation layer between the most formidable national security and cyber operations apparatus on Earth and the private-sector infrastructure that apparatus exists to defend.</p><p>That&#8217;s what needs minding. The mandate needs to catch up to the work. The fire department can be rebuilt, but only if someone decides to stop arguing about whether we need one while the building across the street burns.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/whos-minding-the-store?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/whos-minding-the-store?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/p/whos-minding-the-store?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div>]]></content:encoded></item><item><title><![CDATA[The Monks and the Machine]]></title><description><![CDATA[AI can replicate what took the NSA decades to build. The correct response is gratitude.]]></description><link>https://karpf.substack.com/p/the-monks-and-the-machine</link><guid isPermaLink="false">https://karpf.substack.com/p/the-monks-and-the-machine</guid><dc:creator><![CDATA[Brandon Karpf]]></dc:creator><pubDate>Wed, 08 Apr 2026 12:01:29 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!7mbW!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd744a092-b444-4fe0-98fa-1a22cb3fa795_5760x3840.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!7mbW!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd744a092-b444-4fe0-98fa-1a22cb3fa795_5760x3840.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!7mbW!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd744a092-b444-4fe0-98fa-1a22cb3fa795_5760x3840.jpeg 424w, https://substackcdn.com/image/fetch/$s_!7mbW!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd744a092-b444-4fe0-98fa-1a22cb3fa795_5760x3840.jpeg 848w, https://substackcdn.com/image/fetch/$s_!7mbW!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd744a092-b444-4fe0-98fa-1a22cb3fa795_5760x3840.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!7mbW!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd744a092-b444-4fe0-98fa-1a22cb3fa795_5760x3840.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!7mbW!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd744a092-b444-4fe0-98fa-1a22cb3fa795_5760x3840.jpeg" width="1456" height="971" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/d744a092-b444-4fe0-98fa-1a22cb3fa795_5760x3840.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:971,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:3755633,&quot;alt&quot;:&quot;Stone monastery scriptorium with arched corridors and natural light, visual metaphor for gatekept knowledge in cybersecurity&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://karpf.substack.com/i/193389853?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd744a092-b444-4fe0-98fa-1a22cb3fa795_5760x3840.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Stone monastery scriptorium with arched corridors and natural light, visual metaphor for gatekept knowledge in cybersecurity" title="Stone monastery scriptorium with arched corridors and natural light, visual metaphor for gatekept knowledge in cybersecurity" srcset="https://substackcdn.com/image/fetch/$s_!7mbW!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd744a092-b444-4fe0-98fa-1a22cb3fa795_5760x3840.jpeg 424w, https://substackcdn.com/image/fetch/$s_!7mbW!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd744a092-b444-4fe0-98fa-1a22cb3fa795_5760x3840.jpeg 848w, https://substackcdn.com/image/fetch/$s_!7mbW!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd744a092-b444-4fe0-98fa-1a22cb3fa795_5760x3840.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!7mbW!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd744a092-b444-4fe0-98fa-1a22cb3fa795_5760x3840.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="pullquote"><p>AI offensive security tools will make the world safer. And I swear that sentence will age well. What used to cost billions and a security clearance now costs pennies and a prompt.</p></div><p>I sat across from a founder building autonomous offensive tools last month, and he couldn&#8217;t sit still.</p><p>He kept pulling up terminal windows. Scrolling through output. Talking faster and faster until my brain couldn&#8217;t keep up. He described an operation that would have required four separate teams and six months of planning when I was in uniform: breach an external interface, land on a software stack, escape the sandbox, survey the environment, execute vulnerability recon, punch through a cross-domain solution, and land inside an internal secure network. His timeline for all of it today was minutes. Maybe less.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>But the part that stuck was what he said next. &#8220;The entire bureaucracy separating vulnerability research, development, operations, and analysis? That starts to break down. Positioning our people to operate in a world like that is what we wake up for.&#8221;</p><p>He wasn&#8217;t afraid of what&#8217;s coming. He was electric.</p><p>I&#8217;ve spent enough time around people building dangerous tech to recognize fear when I see it. This wasn&#8217;t that. This was the particular excitement of someone who understands what a paradigm shift means and wants to be on the right side of it. I recognized the feeling because I&#8217;ve been on both sides. I&#8217;ve sat on the watchfloor at Cyber Command where the tools and tradecraft that made offensive cyber rare and expensive were the daily reality. Building that expertise took the US government decades and billions of dollars, and even then it lived inside a few hundred people with the right clearances, the right mental acuity, and the right instincts. Today I spend my time evaluating security companies and technologies. What I keep seeing is that expertise, that same offensive intuition honed in the most classified environments on earth, compressed into software that any developer can run on a Tuesday afternoon.</p><p>A few weeks ago, Nicholas Carlini stood on stage at <a href="https://www.youtube.com/watch?v=1sd26pWhfmg&amp;t=2s">[un]prompted 2026</a> and demonstrated something that made the room go quiet. He pointed Claude Code at the Linux kernel&#8217;s NFSv4 server code and let it iterate through source files looking for vulnerabilities. The setup, in Carlini&#8217;s words, was &#8220;disarmingly simple.&#8221; The machine found a remote heap buffer overflow that had been sitting in that code since 2003. Twenty-three years. Every human reviewer, every static analysis tool, every security audit for over two decades missed it. An AI found it by methodically reading files and asking the right questions.</p><p>Then he aimed the same approach at Ghost CMS, a beloved open-source platform with over 50,000 GitHub stars and a spotless security record. In minutes, he had a blind SQL injection (CVE-2026-26980) that allowed unauthenticated access to the admin database. Ghost&#8217;s first critical vulnerability ever, found during a live demo.</p><p>That caliber of work, finding a remotely exploitable heap overflow in kernel code, chaining a blind SQL injection against a hardened target, used to require the kind of expertise that governments spent decades cultivating and closely guarding. Carlini did it with a prompt. The most exquisite offensive expertise on earth got democratized.</p><p>I keep coming back to one analogy.</p><p>Before Gutenberg, literacy belonged to monasteries. The monks controlled who could read, what they could read, and what conclusions they were allowed to draw. Knowledge was scarce because the monks kept the gates. The printing press broke the monastery&#8217;s monopoly on access to existing knowledge, and the world that followed was incomparably better for it.</p><blockquote><p>The cybersecurity industry has its own monks and its own monasteries. And it just got its printing press. This is a good thing.</p></blockquote><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-monks-and-the-machine?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-monks-and-the-machine?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/p/the-monks-and-the-machine?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h3>The Monks</h3><p>On March 27, leaked documents revealed that Anthropic&#8217;s Mythos system could hunt for vulnerabilities without human guidance. The cybersecurity sector&#8217;s response was immediate and visceral. Seven individual stocks cratered 10% or more in a single session. Billions in market capitalization evaporated because an AI demonstrated it could do what these companies charge their customers to do.</p><p>Calling this &#8220;disruption&#8221; lets the industry off too easy. Economists have a term for when a market consistently fails to produce the outcomes it promises despite decades of investment and expansion. They call it a market failure. The cybersecurity vendor ecosystem, in my assessment, is exactly that. A market that rewards treating symptoms while leaving the disease structurally intact.</p><p>The code we ship is riddled with vulnerability classes first catalogued in the 1990s (and sometimes the <em><a href="https://www.greynoise.io/blog/2026-greynoise-state-of-the-edge-report-where-attacks-concentrate-defenses-fall-short">exact same vulnerabilities</a></em>). Buffer overflows, injection attacks, authentication failures. The TCP/IP stack&#8217;s implicit trust model, BGP&#8217;s lack of route authentication, DNS&#8217;s original flawed design assumptions. And the vast majority of software running in production has never been audited by anyone because the people with the offensive expertise to find these bugs were extraordinarily rare, extraordinarily expensive, and had no economic incentive to audit anything below the profile of Chrome or iOS. The knowledge of how to think like an attacker lived inside a few hundred elite researchers and a handful of classified government programs. Everyone else shipped code and hoped for the best.</p><p>The vendor ecosystem built products around every one of those weaknesses. It sold detection. It sold response. It sold insurance against the consequences. What it never sold was a fix for the underlying causes because fixing the causes would shrink the market. Every breach creates demand. Every new threat category creates a new vendor category. The total addressable market grows precisely because the participants fail to make it smaller. These are the monks. They controlled who got access to security expertise, what kind of security you were allowed to buy, and they made sure the underlying problem stayed unsolved because the problem was the business.</p><p>And the monks aren&#8217;t just failing to fix the problem, they&#8217;re actively contributing to it. CISA maintains a Known Exploited Vulnerabilities (KEV) catalog as a running list of software flaws that attackers are actively using in the wild. Cisco&#8217;s own Secure Firewall products landed on that list in September 2025, exploited by a China-linked campaign that had been living inside Cisco devices since at least 2024. CISA issued an emergency directive requiring federal agencies to patch within a single day. F5&#8217;s BIG-IP, a product that sits at the core of enterprise network security, hit the KEV catalog in March 2026 with a remote code execution vulnerability that F5 initially classified as a denial-of-service. They upgraded the severity after obtaining &#8220;new information,&#8221; which is a polite way of saying someone demonstrated the exploit was worse than they thought. Fortinet has 24 vulnerabilities on the KEV catalog. Thirteen were used in ransomware attacks. These are the companies selling you security. </p><p>The BIC lighter is selling fire insurance and the market somehow treats this as normal.</p><p>The CyberWire Daily Podcast published Episode 10 on January 7, 2016. The show notes read: &#8220;Electrical utilities look to their cyber defenses in the wake of the hack in Ukraine. Malware is being distributed with compromised certificates. WordPress and SilentCircle issue patches. Ransomware-as-a-service tool &#8216;Ransom32.&#8217; And we talk with the CyberWire&#8217;s editor about phishing and other topics of perennial interest.&#8221;</p><p>I joined that company in 2021, five years after that episode aired. The headlines hadn&#8217;t changed. By the time I became executive editor in 2023, they still hadn&#8217;t. The vendors sold product. The problems repeated. Phishing was a topic of &#8220;perennial interest&#8221; in 2016. The industry&#8217;s own flagship daily news program described its central threat as perennial, and nobody flinched, because the market had normalized the problem.</p><blockquote><p>Trail of Bits used to only find 15 bugs per week on their best engagements. After going AI-native, they now find 200.</p></blockquote><p>Twenty percent of all bugs they report to clients now come from AI discovery. The machine finds 13 times more bugs than humans, not because it&#8217;s faster at the mechanical work (although it is), but because it applies the offensive expertise of elite vulnerability researchers to codebases those researchers would never have touched. The knowledge that used to live in a few hundred heads now runs on every engagement. And the market that spent three decades building detection products around those bugs just watched its value proposition collapse in a single earnings cycle.</p><p>Good! It&#8217;s about damn time.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe now&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/subscribe?"><span>Subscribe now</span></a></p><h3>We&#8217;ve Been Here Before</h3><p>In 1991, Phil Zimmermann released PGP, a piece of software that let anyone encrypt their email using the same math the NSA used to protect classified communications. In 1993, the US Justice Department opened a criminal investigation. The charge was distributing a munition. Encryption sat on the same export control list as rocket launchers and hand grenades.</p><p>The government&#8217;s argument was intuitive and wrong. If everyone has encryption, terrorists will use it. Drug dealers will use it. Law enforcement will go dark. All of this proved partially true in the short term. And all of it was overwhelmed by the long-term benefit: universal encryption enabled e-commerce, secure communications, and a level of digital privacy that became foundational to the modern internet. Zimmermann took the NSA&#8217;s math and put it in every inbox. The security of the entire internet improved because the capability stopped being exclusive.</p><p>The DOJ dropped the case in 1996. Export controls collapsed by 2000. The internet got safer. That pattern is happening again.</p><p>The cybersecurity industry looked at AI finding zero-day vulnerabilities and saw an existential threat to its business model. The open-source community looked at the same capability and raised $12.5 million. In March, the Linux Foundation announced a grant funded by Anthropic, AWS, GitHub, Google, DeepMind, Microsoft, and OpenAI. Its purpose is to help maintainers handle AI-generated vulnerability findings and move &#8220;beyond discovery to deploying fixes.&#8221;</p><p>Same input, opposite reactions. The vendors saw something that could destroy their market. The open-source community saw something that could give every maintainer the offensive security expertise that used to require a six-figure retainer and a waiting list. That divergence tells the whole story.</p><blockquote><p>Zimmermann was Gutenberg. He took the monastery&#8217;s most guarded capability and made it public. The world got safer because of it.</p></blockquote><p>The government tried to classify math as a weapon in the nineties and they lost. The cybersecurity industry is trying to frame AI vulnerability discovery as primarily a threat. They&#8217;ll lose too because it&#8217;s not. It&#8217;s a gift.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-monks-and-the-machine?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/p/the-monks-and-the-machine?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p><h3>The Engineering Case</h3><p>The question is, &#8220;Do these tools actually make software safer, or do they just accelerate the arms race?&#8221; I think they make us safer.</p><p>Google&#8217;s Big Sleep project, a collaboration between Project Zero and DeepMind, became the first AI agent to proactively prevent a zero-day exploitation in the wild. It found vulnerabilities in FFmpeg, ImageMagick, and other open-source projects before attackers could exploit them. The capability moved from &#8220;find bugs faster&#8221; to &#8220;find bugs first.&#8221;</p><p>CISA has been pushing &#8220;secure by design&#8221; principles for years. The EU&#8217;s Cyber Resilience Act mandates them. The aspiration was always the right one. Stop bolting security onto finished products and build it into the development process from the start. But the aspiration lacked a mechanism. You can&#8217;t audit every line of code with human reviewers. The economics don&#8217;t work. And even if you could, those reviewers aren&#8217;t the people who spent careers learning how adversaries actually break software. </p><p>The offensive security expertise required to catch the vulnerabilities that matter lived in a world most developers never touched. AI collapses that gap. You can now audit every line of code with something that costs pennies per query, runs on every commit, and brings the offensive mindset of an elite vulnerability researcher to a junior developer&#8217;s pull request. That&#8217;s the step change. Secure by design stops being a policy aspiration and becomes an engineering reality when autonomous offensive tools sit inside your CI/CD pipeline, finding vulnerabilities before a single line of code reaches production. No vulnerability ships. No vendor charges you to detect it after deployment. No CyberWire headline ten years from now reads exactly like one from today. The cycle breaks because you eliminate the bug at the source.</p><p>I think that&#8217;s the structural shift. For thirty years, the offense/defense asymmetry has defined cybersecurity: cheaper and faster to attack than to defend. The attacker only needs one way in. The defender must protect everything. But that asymmetry assumed defenders couldn&#8217;t think like attackers, and for most of the industry&#8217;s history, they couldn&#8217;t. Thinking like an attacker required years of specialized training, access to classified tooling, and an adversarial creativity that the security industry euphemistically called &#8220;elite.&#8221; It lived inside NSA, inside Cyber Command, inside a small constellation of boutique firms that charged accordingly. A junior developer shipping code to production had exactly none of that expertise available at the moment it mattered most (while they were writing the code).</p><p>When a development team runs continuous autonomous offensive testing on every commit, every developer on that team gets their code reviewed by something that thinks like a nation-state operator. The AI attacks the codebase continuously, with the offensive intuition that took governments decades and billions to cultivate, before the human attacker arrives. Vulnerability discovery stops being an annual audit you outsource to a vendor. It becomes something that happens on every pull request, performed by something with the expertise of the best offensive researchers on earth.</p><p>The shift-left movement promised this for a decade but it never delivered because the tooling didn&#8217;t exist. The tooling now exists.</p><blockquote><p>A ten-person startup can now run continuous penetration testing that previously required a $500,000-per-year engagement with a firm like Trail of Bits.</p></blockquote><p>The implications extend beyond enterprise engineering teams. The Linux Foundation&#8217;s $12.5 million initiative means volunteer-maintained open-source projects get the same offensive security scrutiny that used to be reserved for the Pentagon&#8217;s supply chain. A solo developer maintaining a critical library from their apartment gets the same caliber of vulnerability review as a contractor building software for Fort Meade. Nations without billion-dollar cyber programs can assess their own critical infrastructure vulnerabilities. The expertise that was hoarded at the top of the pyramid just became core infrastructure. The monastery is open. Everybody can now read what they want, whenever they want.</p><p>The competitive moat in cybersecurity shifts from &#8220;finding bugs&#8221; to &#8220;building systems where bugs become structurally harder to create.&#8221; A fundamentally different industry. And a better one.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe now&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/subscribe?"><span>Subscribe now</span></a></p><h3>The Fear Case, Fairly Stated</h3><p>The fear case deserves honest treatment too because it&#8217;s not wrong about the short term.</p><p>Thomas Ptacek, one of the most technically credible voices in security, published <a href="https://sockpuppet.org/blog/2026/03/30/vulnerability-research-is-cooked/">Vulnerability Research Is Cooked</a> in late March. Ptacek&#8217;s core observation is that vulnerability research survived for decades because of &#8220;attention scarcity.&#8221; Elite researchers were rare and expensive. Their knowledge was bespoke and masterful. AI eliminates that scarcity. &#8220;A hundred instances of Claude&#8221; will aim at everything. Open-source projects will face, in Ptacek&#8217;s words, &#8220;a steady feed of verified, reproducible, reliably-exploitable&#8221; high-severity vulnerabilities. His money quote is that, &#8220;Researchers have been spending 20% of their time on computer science, and 80% on giant, time-consuming jigsaw puzzles. And now everybody has a universal jigsaw solver.&#8221;</p><p>He&#8217;s right about the mechanism, and the short-term asymmetry is very real. Attackers adopt new tools faster because they face no compliance burden, no change management process, and no legal review. Ransomware breakout times collapsed from eight hours in 2022 to 22 seconds by 2025, partly accelerated by AI-assisted tooling. Malicious LLMs stripped of safety guardrails are commercially available on dark web markets. Anthropic itself privately briefed government officials that Mythos makes large-scale cyberattacks much more likely in 2026.</p><p>I don&#8217;t dismiss any of that. The adoption gap between attackers and defenders is the danger zone and we&#8217;re standing in it. But Ptacek&#8217;s own framework contains the rebuttal.</p><p>His argument rests on attention scarcity as the protective barrier. Elite researchers were rare. Their expertise was bespoke and hard-won. Most software was never audited because the people who knew how to break it had better things to do. The scarcity kept the system stable. I read that and thought, &#8220;Stable for whom?&#8221; </p><blockquote><p>The scarcity regime didn&#8217;t produce security. It produced blind ignorance. Software only survived because nobody with the right offensive expertise bothered to look. </p></blockquote><p>That twenty-three-year-old buffer overflow in the Linux kernel wasn&#8217;t hiding. It was just in a part of the codebase that the world&#8217;s small population of elite vulnerability researchers deemed not worth their time. The market I described earlier, the one producing identical CyberWire headlines for a decade, thrived under that scarcity regime. The scarcity wasn&#8217;t protecting <em>us plebeians</em>. It was protecting the shitty failed software market.</p><p>Democratizing offensive expertise is what breaks the cycle. When offensive security knowledge stops being the province of a small priesthood and becomes something any developer can invoke on every commit, the entire calculus of software security changes. The question stops being &#8220;can we afford to audit this?&#8221; and becomes &#8220;why would we ship anything we haven&#8217;t?&#8221; (side note: this shift requires software buyers to <em>demand</em> such a framework, which they need to start doing immediately.)</p><p>Rebuilding DevSecOps pipelines and CI/CD workflows to absorb continuous autonomous offensive testing is genuinely hard. Enterprises face integration complexity that attackers skip entirely. I&#8217;m not pretending that&#8217;s a weekend project. But the question we need to ask is whether restricting the capability produces better outcomes than accelerating its adoption. And on that question, history has already voted.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe now&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/subscribe?"><span>Subscribe now</span></a></p><h3>The Verdict History Already Delivered</h3><p>Every time a government has tried to restrict a dual-use technology to preserve its monopoly on capability, the restriction failed and widespread adoption made things better. PGP. GPS civilian access. The internet itself. The pattern is the same. Panic &#8594; restriction &#8594; failure of containment &#8594; net benefit.</p><p>Ben Thompson framed it cleanly in Stratechery when he wrote, &#8220;AI is going to be bad for security in the short-term, but much better than humans in the long-term.&#8221; That&#8217;s the 90s Crypto Wars pattern restated. The short-term danger holds. The long-term trajectory points one direction. And every catastrophic failure mode I can construct involves restricting access, not proliferating it.</p><p>Consider the worst outcomes. Restrict AI vulnerability tools to licensed entities and you create a black market while leaving most software unaudited. Let legacy vendors capture regulatory frameworks and you get &#8220;approved&#8221; AI security tools that preserve the market failure instead of correcting it. Treat AI-discovered vulnerabilities as classified and you prevent open disclosure and patching. Let the hackback debate consume all the policy oxygen (Schneier, Lawfare, and CSIS all published on this recently in the same week, which is the think-tank equivalent of a bar fight) and legislators spend their energy arguing about who gets to hack rather than how to design and build secure systems. The danger in every scenario is that good actors don&#8217;t get the tools fast enough.</p><p>I&#8217;ve thought about the governance problem. I wrote about it at length last December in <a href="https://karpf.substack.com/p/governing-the-offensive-cyber-enterprise">The Business of Containment</a> where I proposed a constitutional blueprint for private offensive cyber firms. The framework exists. The question isn&#8217;t whether AI offensive tools can be governed responsibly. It&#8217;s whether we govern them while making them widely available, or whether we let the instinct to restrict create the exact asymmetry that makes things worse.</p><p>I argued in that same governance piece that &#8220;human virtue can steady a company for a while, but it rarely survives sustained pressure from market gravity.&#8221; The same applies here. Hoping that restricting AI offensive tools will keep bad actors from getting them is a bet on virtue. Deploying those tools widely into defensive engineering pipelines, while governing them structurally, is a bet on design. </p><p>I&#8217;ll take design every time.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-monks-and-the-machine/comments&quot;,&quot;text&quot;:&quot;Leave a comment&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/p/the-monks-and-the-machine/comments"><span>Leave a comment</span></a></p><h3>The Scholars</h3><p>I wrote <a href="https://karpf.substack.com/p/iocs-are-dead-long-live-iocs">in February</a> that the indicator-of-compromise model was broken. A system built on chasing where the ball was while the ball kept picking up speed. That was the diagnosis. This is part of the treatment.</p><p>The founder I sat across last month sees a future where the artificial barriers between offensive specializations dissolve, where the mechanical work that made these operations slow and expensive gets handled by machines, and where the human operators focus on judgment, creativity, and the strategic decisions that machines can&#8217;t make (yet). The cybersecurity vendor ecosystem sees that same future and panics because it threatens a business model that spent thirty years treating symptoms while the disease metastasized.</p><p>The monks didn&#8217;t disappear when Gutenberg&#8217;s press started running. They became scholars. The best of them contributed more to human knowledge as scholars than they ever did as gatekeepers. The cybersecurity vendors who survive won&#8217;t disappear either. They&#8217;ll become companies that build software that is safe by design, audited by machines before it ships, and structurally resistant to the vulnerability classes we&#8217;ve been recycling since the Clinton administration.</p><p>That&#8217;s the paradigm. Not safe by policy. Not safe by compliance checkbox. Not safe by buying another vendor&#8217;s detection product to monitor the first vendor&#8217;s detection product. <strong>Safe by design</strong>. Because every developer now has access to the offensive expertise that used to require a clearance and a decade of specialized training. Enforced by machines that think like the best adversaries on earth, applied to every line of code before it ever reaches a user. And God damn does that sound like a day on the French Riviera.</p><p>The monks won&#8217;t disappear. But they aren&#8217;t the only ones who can read anymore.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[The Quiet Rearmament]]></title><description><![CDATA[How Japan re-armed itself with generational patience and $275 billion.]]></description><link>https://karpf.substack.com/p/the-quiet-rearmament</link><guid isPermaLink="false">https://karpf.substack.com/p/the-quiet-rearmament</guid><dc:creator><![CDATA[Brandon Karpf]]></dc:creator><pubDate>Wed, 01 Apr 2026 14:17:54 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!SvRZ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feaacd022-5779-43d1-8b21-b662d5e046c6_5995x3372.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!SvRZ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feaacd022-5779-43d1-8b21-b662d5e046c6_5995x3372.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!SvRZ!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feaacd022-5779-43d1-8b21-b662d5e046c6_5995x3372.jpeg 424w, https://substackcdn.com/image/fetch/$s_!SvRZ!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feaacd022-5779-43d1-8b21-b662d5e046c6_5995x3372.jpeg 848w, https://substackcdn.com/image/fetch/$s_!SvRZ!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feaacd022-5779-43d1-8b21-b662d5e046c6_5995x3372.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!SvRZ!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feaacd022-5779-43d1-8b21-b662d5e046c6_5995x3372.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!SvRZ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feaacd022-5779-43d1-8b21-b662d5e046c6_5995x3372.jpeg" width="1456" height="819" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/eaacd022-5779-43d1-8b21-b662d5e046c6_5995x3372.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:819,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1987946,&quot;alt&quot;:&quot;Cherry blossom trees line a concrete canal in Japan, their pink blooms reflected in still water with mountains in the distance.&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://karpf.substack.com/i/192851116?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feaacd022-5779-43d1-8b21-b662d5e046c6_5995x3372.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Cherry blossom trees line a concrete canal in Japan, their pink blooms reflected in still water with mountains in the distance." title="Cherry blossom trees line a concrete canal in Japan, their pink blooms reflected in still water with mountains in the distance." srcset="https://substackcdn.com/image/fetch/$s_!SvRZ!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feaacd022-5779-43d1-8b21-b662d5e046c6_5995x3372.jpeg 424w, https://substackcdn.com/image/fetch/$s_!SvRZ!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feaacd022-5779-43d1-8b21-b662d5e046c6_5995x3372.jpeg 848w, https://substackcdn.com/image/fetch/$s_!SvRZ!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feaacd022-5779-43d1-8b21-b662d5e046c6_5995x3372.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!SvRZ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Feaacd022-5779-43d1-8b21-b662d5e046c6_5995x3372.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div><hr></div><p>April 1, 2026. Japan&#8217;s fiscal year turns over. The cherry blossoms are a week from peak in Tokyo, maybe two in Kumamoto. Bureaucrats file paperwork. Budgets reset. And somewhere inside the Ministry of Defense, an independent oversight commission stands up for the first time to authorize offensive cyber operations against foreign adversaries.</p><p>The day before, at Camp Kengun in Kumamoto, the Ground Self-Defense Force activated upgraded Type-12 missiles with a range of 1,000 kilometers. Built by Mitsubishi Heavy Industries. Deployed a year ahead of schedule. From the Ryukyu Islands, where additional batteries will go by 2028, those missiles put all of North Korea, China&#8217;s entire eastern coastline, and all of Taiwan within reach. The PLA Daily, not exactly given to understatement, called it a &#8220;multilayered offensive kill network.&#8221;</p><p>Four days before that, the destroyer JS Chokai completed modifications at Naval Base San Diego to fire Tomahawk cruise missiles, Block IV and V variants, at targets 1,600 kilometers away. First Japanese warship with such an overt offensive capability since 1945. She is one of eight Aegis destroyers that will carry the 400 Tomahawks Japan purchased from the United States for $2.35 billion. Live fire is scheduled for August.</p><p>A week before, the Maritime Self-Defense Force completed its most sweeping organizational restructuring since 1954, consolidating the fleet around three surface warfare groups and standing up commands for amphibious warfare and information warfare.</p><p>Every week, something else. Feeling the momentum yet?</p><p>Five weeks before the MSDF restructure, Prime Minister Sanae Takaichi&#8217;s Liberal Democratic Party won 316 of 465 seats in the lower house. The first single-party supermajority since the Second World War. Enough to propose amending Article 9, the constitutional clause that has technically forbidden Japan from maintaining &#8220;armed forces with war potential&#8221; for 79 years. She pledged a national referendum &#8220;as soon as possible.&#8221;</p><p>Twelve weeks before that, Japan&#8217;s cabinet approved a $58 billion defense budget, the twelfth consecutive record, pushing the country past 2% of GDP two years ahead of the previous government&#8217;s timeline. By the time the five-year buildup program completes in 2027, Japan will be the world&#8217;s third-largest military spender after the United States and China.</p><p>I wrote about Japan twice in the past six months. The first time, in &#8220;<a href="https://karpf.substack.com/p/the-impossible-seat">The Impossible Seat</a>,&#8221; I described a country trapped between its security guarantor and its energy supply, watching the United States set fire to the neighborhood while Japan&#8217;s defense model failed in real time. I wrote that Takaichi was &#8220;quietly building her own fire department.&#8221; The second time, in &#8220;<a href="https://karpf.substack.com/p/the-gardens-of-kyoto">The Gardens of Kyoto</a>,&#8221; I walked through four gardens and found a cultural DNA that explains how Japan builds anything: with total commitment, generational patience, and a precision that looks effortless until you realize every stone was placed by hand. I wrote about a woman at Ryoan-ji with a bamboo rake and rubber boots, raking gravel at dawn because the work doesn&#8217;t need an audience. It needs dedication.</p><p>The fire department is open for business. And it was built the same way Japan likes to garden.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><h2>The Quiet Is The Point</h2><p>In February 2022, three days after Russia invaded Ukraine, German Chancellor Olaf Scholz stood before the Bundestag and announced the Zeitenwende. Turning point. A hundred billion euro special fund for the Bundeswehr. Headlines in every language. Four years later, German defense procurement remains tangled in the same bureaucratic undergrowth that entangled it before the speech. The Bundeswehr still can&#8217;t field sufficient ammunition for more than a few days of high-intensity combat. The turning point turned very slowly.</p><p>Japan made no speech. Held no press conference. Coined no term.</p><p>The Type-12 deployed a year ahead of schedule. The 2% GDP defense target landed two years early. The Chokai Tomahawk integration hit its timeline. The MSDF reorganized on time. When the Diplomat wrote up the naval restructuring in February, it ran under the headline &#8220;From 4 Flotillas to 3.&#8221; Accurate. Also the most aggressively boring headline for the most significant reorganization of a major Pacific navy in seven decades.</p><p>The quiet is the strategy. Every garden I walked through in Kyoto operated on the same principle. Precision so total that your brain fills in depth the designers never built. The gardeners who achieved this worked for 170 years. Nobody held a press conference about the sightlines.</p><p>Japan rearms the way it gardens. Branch by branch. Stone by stone. Budget line item by budget line item. And if you&#8217;re looking for the Zeitenwende, for the dramatic announcement, for the moment some leader stands at a podium and declares the old era finished, you will miss the entire thing. Because the old era has been ending for three years, and the new one opened for business on a Tuesday in April, filed under fiscal year paperwork and cherry blossoms.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-quiet-rearmament?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-quiet-rearmament?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/p/the-quiet-rearmament?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h2>What&#8217;s Actually Being Built</h2><p>Let me stack the capability, because the individual pieces have been reported and none of them have been assembled.</p><p><strong>Offensive strike.</strong> The Type-12 gives Japan land-based missile reach of 1,000 kilometers from domestic soil. The Tomahawk, once it&#8217;s on all eight Aegis destroyers, adds ship-launched precision strike at 1,600 kilometers. Hypersonic glide vehicles are scheduled for deployment in Hokkaido and Miyazaki by March 2028. The Mitsubishi-built Type-12 is a domestic product. The Tomahawk is American. The hypersonics are Japanese. Together, they give the SDF the ability to hit targets across northeast Asia without moving anything off Japanese territory. The PLA Daily&#8217;s &#8220;kill network&#8221; framing is alarmist, sure. It&#8217;s also not wrong.</p><p><strong>Offensive cyber.</strong> The Active Cyber Defense law, enacted May 2025, gives the SDF and the National Police Agency authority to infiltrate and neutralize hostile servers before an attack hits. The oversight commission that stood up on April 1 provides prior authorization. The International Institute for Strategic Studies still ranks Japan as a third-tier cyber power, somewhere between aspiration and capability. October 1, 2026, is the date Japan&#8217;s government decided to close that gap. The SDF and police will be authorized to &#8220;attack and disable&#8221; infrastructure used for cyberattacks, with the government interpreting Article 9 to permit it. Eight months from aspiration to authorization.</p><p><strong>Naval restructuring.</strong> The MSDF dissolved the Fleet Escort Force, which had existed since 1961, and replaced it with the Fleet Surface Force built around three surface warfare groups. JS Izumo and JS Kaga, the two helicopter carriers that everyone pretends aren&#8217;t light aircraft carriers, anchor two of the three groups. A new Amphibious and Mine Warfare Group operates out of Sasebo. And the Information Warfare Command consolidates intelligence, cyber, and oceanographic operations into a single command reporting directly to the Minister of Defense. This is a navy reorganizing itself for offensive operations and joint warfare. The terminology still says &#8220;self-defense.&#8221; The architecture says something different.</p><p>If this organizational chart looks familiar, trust your gut. I served on USS Boxer, flagship of an Amphibious Ready Group based in San Diego. The Information Warfare Commander (an emerging concept at the time) sat two hatches away from the Combat Information Center, pulling intelligence, surveillance, reconnaissance, oceanography, and cyber into a single operational feed. That architecture was bleeding-edge for the US Navy a decade ago. Japan just restructured its entire fleet around it. You don&#8217;t adopt your ally&#8217;s exact command structure unless you plan to plug into it. Japan&#8217;s MSDF is preparing for fully integrated Allied operations.</p><p><strong>Missile defense coproduction.</strong> The United States and Japan agreed to quadruple SM-3 Block IIA production from 24 to roughly 100 missiles per year. Raytheon and Mitsubishi Heavy Industries share the manufacturing. Japan builds key components; the US handles integration. Japan becomes both a consumer and a producer of the most advanced ballistic missile defense interceptor in the Western Pacific.</p><p><strong>Defense exports.</strong> The LDP-JIP coalition submitted a proposal in March to eliminate the restriction limiting Japanese defense exports to five nonlethal categories: rescue, transport, reconnaissance, surveillance, minesweeping. The new framework allows export of lethal weapons (warships, fighter jets) to 17 partner nations with defense transfer agreements. A country that has not exported a weapon since the postwar arms export ban is about to sell them to its allies across the region.</p><p><strong>Sixth-generation fighter.</strong> The Global Combat Air Programme with the UK and Italy targets first operational aircraft by 2035. Japan fast-tracked export rule changes specifically to enable third-party sales of the GCAP fighter. Mitsubishi Heavy Industries leads the Japanese consortium. This is a 20-year bet on Japan as a defense aerospace power.</p><p><strong>Ground-based intermediate range.</strong> In September 2025, the US Army deployed the Typhon mid-range missile system to MCAS Iwakuni for exercises. Typhon fires Tomahawk cruise missiles and SM-6 interceptors. From Iwakuni, the Tomahawk range covers the East China Sea and portions of the Chinese coastline. The deployment was temporary. The capability it demonstrated was not.</p><p>That all happened in six months.</p><h2>The Wintering Sakura</h2><p>Cherry trees in Japan spend months looking dead. Bare branches, grey bark, no visible sign that anything is happening inside the wood. A tourist arriving in January would walk past a sakura grove and see nothing worth photographing. But the tree is not dormant. It is accumulating. Cold hours trigger the biochemical process that prepares the bloom. The winter is not wasted time. The winter is the work.</p><p>Japan&#8217;s economy spent 30 years in winter. Every business journalist who has ever filed a dateline from Tokyo has written that story: the Lost Decades, the deflation trap, the demographic cliff, the zombie banks, the aging workforce, the monetary policy experiments that produced graphs and not growth. Abenomics tried stimulus. Kishida tried &#8220;new capitalism.&#8221; Nothing produced the spring that everyone kept predicting.</p><p>Now $275 billion is flowing into the Japanese economy over five years, and almost nobody is talking about it as economic policy. They&#8217;re talking about it as defense.</p><p>Japan&#8217;s five-year buildup program allocates 43 trillion yen across fiscal years 2023 through 2027. The security analysts see missiles. I see capital expenditure on a scale Japan has not attempted since MITI was picking industrial winners in the 1970s. That money flows somewhere. It flows into Mitsubishi Heavy Industries, which builds the Type-12 missiles, the SM-3 interceptor components, the GCAP fighter airframe, and the next generation of SDF equipment. It flows into the hundreds of subcontractors feeding those programs: precision machining shops, advanced materials suppliers, semiconductor-adjacent electronics firms, software integration houses, robotics manufacturing and programming. It flows into workforce development, because you cannot quadruple missile production without training the people who build them.</p><p>The GCAP program alone commits engineers across three countries to two decades of aerospace R&amp;D. The SM-3 coproduction deal turns Japanese factories into production lines for the most advanced ballistic missile interceptor in the Pacific. The Type-12 is designed, built, tested, and deployed entirely by Japanese industry. And the defense export relaxation, once finalized, opens a revenue stream Japan hasn&#8217;t had since the postwar export ban.</p><p>Thirty years of economists, central bankers, and prime ministers tried to wake up the Japanese economy. Turns out the stimulus package it needed might be a Tomahawk.</p><p>That line sounds glib. It is glib. But the underlying arithmetic is serious. The United States built its postwar industrial dominance on defense spending. The aerospace sector, the semiconductor industry, the internet itself: all downstream of military R&amp;D budgets that created capability and commercialized it. South Korea&#8217;s defense-industrial complex employs over 100,000 people and exports $17 billion in weapons annually. Israel&#8217;s Unit 8200 alumni seeded the cybersecurity and tech startup ecosystem that now accounts for a meaningful share of GDP. Defense spending, directed at domestic industry with export ambitions, is industrial policy wearing a uniform.</p><p>Japan is walking the same path. And the 30 years of economic winter make the potential bloom larger, not smaller. The country has a highly educated workforce, world-class precision manufacturing, deep engineering talent, and a corporate sector that has been conserving cash for decades. Mitsubishi Heavy Industries, IHI Corporation, Kawasaki Heavy Industries, Subaru (which builds Apache helicopter fuselages, a fact I genuinely enjoy): these companies have the capacity. They lacked the demand signal. The five-year buildup program is a $275 billion demand signal.</p><p>Takaichi&#8217;s government funds the buildup through corporate and tobacco tax increases already in effect, with income tax increases beginning in 2027. Japanese taxpayers are paying for this. The 55-56% public approval for Takaichi&#8217;s defense posture exists now, in polls, in the abstract. Whether it survives the tax bills arriving in household mailboxes is a question for fiscal year 2028. Approval for rearmament in principle and approval for the invoice are different conversations.</p><p>But the capital is already flowing. And capital that flows into high-skilled domestic manufacturing, into coproduction agreements that give Japanese industry a permanent seat in the global defense supply chain, into a sixth-generation fighter program that commits Mitsubishi to decades of work. That capital does more than build weapons. It builds an industrial base Japan has not had since the 1980s, when the country&#8217;s manufacturing prowess was so formidable it made Americans buy Chryslers out of patriotic anxiety.</p><p>The sakura blooms because the cold hours accumulated, the energy stored, and the conditions aligned. Japan&#8217;s economic winter lasted 30 years. The defense buildup may not be the spring anyone predicted. But $275 billion has a way of making things start to grow.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-quiet-rearmament?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-quiet-rearmament?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/p/the-quiet-rearmament?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><h2>The 79-Year Legal Fiction</h2><p>Article 9 of the Constitution of Japan, promulgated November 3, 1946, effective May 3, 1947:</p><blockquote><p>&#8220;The Japanese people forever renounce war as a sovereign right of the nation and the threat or use of force as means of settling international disputes. In order to accomplish the aim of the preceding paragraph, land, sea, and air forces, as well as other war potential, will never be maintained.&#8221;</p></blockquote><p>Japan maintains the sixth-largest military budget on earth. It fields 247,000 active-duty personnel, 48 destroyers, 22 submarines, and now, as of last week, cruise missiles that can hit targets 1,600 kilometers away. The legal fiction that none of this constitutes &#8220;war potential&#8221; has been one of the great sustained acts of collective imagination in postwar history. Seventy-nine years of maintaining armed forces while the constitution says armed forces &#8220;will never be maintained.&#8221; The geopolitical equivalent of your friend who&#8217;s been &#8220;quitting smoking&#8221; since college but somehow always has a lighter.</p><p>Takaichi&#8217;s supermajority can end this. The LDP&#8217;s 316 seats clear the two-thirds threshold required to propose constitutional amendment in the lower house. The coalition partner, the Japan Innovation Party, wants to go further: delete Article 9&#8217;s second clause entirely. The obstacle is the upper house, where the LDP lacks two-thirds. Without upper house support, the referendum waits. The next upper house election is 2028.</p><p>But the constitutional question is almost beside the point. The capability already exists. The deployments already happened. The offensive cyber authority activates in October. The Tomahawks arrive. The Type-12 batteries multiply. The constitution will eventually say what everyone already knows: Japan has a military. When it does, the legal change will formalize what the budgets, the deployments, and the reorganizations have already made real. The gardener doesn&#8217;t wait for the deed to the land before planting. She planted three years ago. The garden is growing.</p><p>The deeper question is what happens to the pacifist identity when the legal fiction dissolves? Japan built an entire national self-understanding around the idea that it was constitutionally peaceful. Generations grew up with Article 9 as a moral commitment, not just a legal clause. The woman raking gravel at Ryoan-ji every morning does so within a culture that prizes restraint, precision, the careful tending of what is fragile. That cultural instinct doesn&#8217;t disappear because the constitution changes. But it does get tested.</p><p>The protesters at Camp Kengun, the local residents who opposed the Type-12 deployment, they are the minority now. Polls show 55-56% approve of Takaichi&#8217;s defense posture. After Takaichi&#8217;s November statement on Taiwan, the public backed her. The consensus shifted, and the people standing where it used to be got quieter. That is its own kind of loss, even when the shift is justified.</p><h2>The Alliance Paradox</h2><p>The United States spent the better part of two decades telling Japan to spend more on defense. Spend more. Do more. Carry more of the burden. Every Secretary of Defense since Robert Gates has delivered some version of this message, usually at the Shangri-La Dialogue, usually to polite applause and glacial policy change.</p><p>Japan spent more. Did more. Built more.</p><p>At the March 2026 summit, Trump told Takaichi she was &#8220;stepping up to the plate, unlike NATO.&#8221; And he was right, in the narrow sense. Japan is stepping up. The SM-3 coproduction quadrupling is real. The Tomahawk integration is real. The Typhon interoperability demonstrated at Iwakuni is real. The alliance is deeper, more integrated, and more operationally capable than at any point since its founding.</p><p>And also, quietly, more bilateral than it has ever been.</p><p>A Japan with cruise missiles on its destroyers can strike without asking Washington&#8217;s permission. A Japan with 1,000-kilometer land-based missiles decides when and where its own weapons fire. A Japan building a sixth-generation fighter with the UK and Italy, not the US, has defense-industrial relationships that don&#8217;t run through the Pentagon. A Japan exporting lethal weapons to 17 partner nations manages security partnerships on its own terms. Each capability that strengthens the alliance also, by definition, reduces Japan&#8217;s dependence on it.</p><p>In &#8220;The Impossible Seat,&#8221; I described the US-Japan relationship as an insurance policy where the insurer set the neighborhood on fire. The metaphor I used then was a fire department: Japan was building one. The thing about fire departments is that once they&#8217;re operational, they decide which fires to fight. The insurance company&#8217;s opinion becomes one input among several, not the only voice in the room.</p><p>Takaichi demonstrated this in November 2025 when she told reporters that Japan might use the SDF if China attacked Taiwan. She cited the 2015 collective self-defense legislation. She did not, as far as anyone has reported, clear the statement with Washington first. China retaliated against Japan (seafood sanctions, rare earth export restrictions, travel warnings), not against the United States. Tokyo absorbed the cost of an independent strategic signal and found that 55-56% of the Japanese public backed her. That sequence tells you something about where the alliance is heading. When a dependent partner makes independent choices and survives the consequences, the dependency starts to dissolve.</p><p>I sit in an interesting chair for watching this. I spent seven years in the US Navy, including time at NSA and aboard a warship in the Western Pacific. The alliance looked one way from that side: America provides, Japan hosts, the relationship runs on gratitude and geography. Now I work for NTT, a Japanese multinational mega-conglomerate, coordinating international security partnerships. The alliance looks different from this chair. The Japanese professionals I work with are peers building capability with the urgency of people who watched their defense model fail in February and decided, quietly, that it would not fail again. The deference that Americans sometimes mistake for agreement is something else entirely. It is patience, and it is deliberate.</p><p>The steelman against all of this deserves respect, and I want to give it room. China calls the Type-12 deployment an &#8220;offensive kill chain.&#8221; If Beijing deployed equivalent capability on islands near Japanese waters, Tokyo would use the same language. South Korea&#8217;s historical memory of Japanese militarism is not irrational. The last time Japan fielded an unrestricted offensive military, it colonized Korea for 35 years. Regional anxiety about Japanese rearmament carries weight that dismissiveness cannot answer, and anyone who waves it away as outdated hasn&#8217;t spent enough time in Seoul.</p><p>What answers it is the alternative. Six weeks ago, when the United States sent carrier strike groups to the Persian Gulf for Operation Epic Fury, the Western Pacific thinned out. Every intelligence analyst tracking Iranian missile launches was one analyst not tracking PLA movements near the Senkaku Islands. Japan&#8217;s defense model, built on the assumption that American attention would remain focused on the Pacific, failed its stress test in real time. I wrote about it. Takaichi lived it.</p><p>Japan&#8217;s choice was always simpler than the debate made it sound: capability or vulnerability. Vulnerability, in a neighborhood that includes China, North Korea, and Russia, is a prayer.</p><h2>Tying it all Together</h2><p>There is a concept in Japanese garden design called shakkei. Borrowed scenery. The garden borrows from the landscape beyond its walls to create the illusion of depth that doesn&#8217;t physically exist. At the Imperial Palace in Kyoto, the garden feels infinite because the designers understood that what the eye doesn&#8217;t see, the mind fills in.</p><p>Japan&#8217;s rearmament works the same way. The individual pieces (a missile deployment here, a naval reorganization there, a budget increase filed under fiscal year paperwork) appear modest in isolation. Borrowed from the broader landscape of security policy, they assemble into something the mind has to fill in: the emergence of a Pacific military power that, within two years, will be the third-largest on earth.</p><p>The woman at Ryoan-ji raked gravel every morning. Not for an audience. Not for recognition. Not because someone held a press conference about the importance of raked gravel. She raked because the garden required it, and the garden&#8217;s beauty depended on work that most people would never notice or appreciate. The daily, unglamorous, repetitive discipline of making something formidable stay formidable.</p><p>I have now written about Japan three times. The gardens taught me how Japan builds. The impossible seat showed me why Japan had to. This piece is the result: a country building, with the patience of someone who thinks in generations and the precision of someone who places every stone by hand, the military capability to ensure it never sits in an impossible seat again.</p><p>The cherry blossoms are blooming in Kumamoto. The missiles are operational at Camp Kengun. The fiscal year has turned. And the gardener, as always, does not look up from her work.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p>]]></content:encoded></item><item><title><![CDATA[The Impossible Seat]]></title><description><![CDATA[How the military operation against Iran is stress-testing Japan's security architecture, with implications for China deterrence and the March 19 Trump-Takaichi summit.]]></description><link>https://karpf.substack.com/p/the-impossible-seat</link><guid isPermaLink="false">https://karpf.substack.com/p/the-impossible-seat</guid><dc:creator><![CDATA[Brandon Karpf]]></dc:creator><pubDate>Wed, 04 Mar 2026 13:03:59 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!zljM!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F174dc2da-0cf5-406e-a02e-607a8e4564c5_3008x2000.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!zljM!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F174dc2da-0cf5-406e-a02e-607a8e4564c5_3008x2000.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!zljM!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F174dc2da-0cf5-406e-a02e-607a8e4564c5_3008x2000.jpeg 424w, https://substackcdn.com/image/fetch/$s_!zljM!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F174dc2da-0cf5-406e-a02e-607a8e4564c5_3008x2000.jpeg 848w, https://substackcdn.com/image/fetch/$s_!zljM!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F174dc2da-0cf5-406e-a02e-607a8e4564c5_3008x2000.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!zljM!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F174dc2da-0cf5-406e-a02e-607a8e4564c5_3008x2000.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!zljM!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F174dc2da-0cf5-406e-a02e-607a8e4564c5_3008x2000.jpeg" width="1456" height="968" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/174dc2da-0cf5-406e-a02e-607a8e4564c5_3008x2000.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:968,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:848843,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://karpf.substack.com/i/189826044?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F174dc2da-0cf5-406e-a02e-607a8e4564c5_3008x2000.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!zljM!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F174dc2da-0cf5-406e-a02e-607a8e4564c5_3008x2000.jpeg 424w, https://substackcdn.com/image/fetch/$s_!zljM!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F174dc2da-0cf5-406e-a02e-607a8e4564c5_3008x2000.jpeg 848w, https://substackcdn.com/image/fetch/$s_!zljM!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F174dc2da-0cf5-406e-a02e-607a8e4564c5_3008x2000.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!zljM!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F174dc2da-0cf5-406e-a02e-607a8e4564c5_3008x2000.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div><hr></div><p>On February 9, 2026, Japan restarted Kashiwazaki-Kariwa Unit 6. Fifteen years dark. The country&#8217;s largest nuclear power plant, shuttered since Fukushima, humming again at 1,356 megawatts. That single reactor displaces 1.3 million tons of LNG imports per year. I remember reading the coverage and thinking: this is a country that watched a tsunami trigger a nuclear meltdown, spent a decade and a half processing the trauma, and still decided to flip the switch again because the energy math demanded it. Because 95% dependency on Middle Eastern crude is its own kind of meltdown, just slower. God bless them.</p><p>Nineteen days later, the United States and Israel launched Operation Epic Fury.</p><p>Joint strikes are hitting Tehran, Isfahan, Qom, Karaj, Kermanshah. Supreme Leader Khamenei is dead. Nuclear facilities, destroyed. Regime leadership, targeted across five cities. Whether Washington says &#8220;regime change&#8221; out loud is a question for the press briefings. The strikes have already answered it. As I write this, Secretary Rubio is promising the attacks will increase in scope and intensity. The death toll in Iran has passed 787 and is climbing.</p><p>Iran&#8217;s response is to close the Strait of Hormuz. As of this morning, three major Japanese shipping companies have suspended transit. Over 150 crude oil and LNG tankers sit anchored, going nowhere. Brent crude is past $80 a barrel. Analysts are calling $100. The Dow dropped a thousand points yesterday.</p><p>Japan pays the highest premiums in the Indo-Pacific for its American security guarantee. Japan&#8217;s record $58 billion defense budget, approved December 2025, with constitutional reinterpretations that would have been unthinkable ten years ago on top of seventy years of diplomatic deference to Washington on basing, on trade, on every major foreign policy question since the occupation ended. The policy was supposed to protect the house.</p><p>And then the insurer set the neighborhood on fire.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>I need to back up and explain how the architecture works, because it might be the architecture that breaks first.</p><p>Japan&#8217;s postwar grand strategy rests on two pillars. Pillar one: absolute security dependence on Washington. The extended nuclear deterrent, the Seventh Fleet, 54,000 US troops stationed across Japanese territory. Pillar two: insatiable growing energy appetite fed at the teat of wherever they can get it (resulting in an absolute energy supply chain dependence on the Middle East). S&amp;P Global&#8217;s August 2025 analysis pegged it at 95% of Japan&#8217;s crude oil from Middle Eastern suppliers. Roughly three-quarters of Japan&#8217;s total oil imports transit the Strait of Hormuz.</p><p>For seventy years, these two dependencies reinforced each other. The US Navy kept the sea lanes open. Japan bought the oil. Everyone prospered. The arrangement was elegant, and it worked, and nobody in Kasumigaseki or Washington ever seriously stress-tested what happens when the two pillars collide. When the security guarantor becomes the energy disruptor.</p><p>That stress test is running right now.</p><p>Japan holds 254 days of strategic petroleum reserves and somewhere between two and four weeks of LNG. Fifteen of 32 operable reactors are running, with a government target of 30 by 2040. The country has talked about reducing Middle East energy dependency for decades. Through multiple prime ministers. Through the 1973 oil shock, which was supposed to be the wake-up call. Through multiple Gulf crises. And here it sits, in March 2026, at 95%. Decades of diversification policy produced a country that diversified its talking points and nothing else.</p><p>Prime Minister Sanae Takaichi saw the cracks before February 28. She came into office with the most aggressive national security platform since Shinzo Abe: defense spending hitting 2% of GDP two years ahead of schedule, anti-spy legislation, a national intelligence apparatus consolidating under her authority, the Active Cyber Defense Bill in February 2025, and the Kashiwazaki-Kariwa restart. She was building a Japan that hedges its dependency on Washington&#8217;s judgment. A reasonable project. A decade-long project.</p><p>She just got handed a deadline measured in weeks.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe now&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/subscribe?"><span>Subscribe now</span></a></p><p>The irony gets so thick you could choke on it.</p><p>Fukushima in 2011 killed Japan&#8217;s nuclear energy program overnight. Fossil fuel imports surged to fill the gap, and the Middle East dependency deepened for fifteen straight years. Kashiwazaki-Kariwa&#8217;s restart on February 9 was the moment the security math finally overrode the trauma. The country chose nuclear power again.</p><p>Nineteen days later, a war fought partly over Iran&#8217;s nuclear ambitions is becoming the most powerful accelerant for Japanese nuclear energy since the tsunami that nearly buried it. The government target of 30 reactors by 2040 stopped being aspirational energy policy somewhere around the moment the first tanker dropped anchor outside Hormuz. It is a survival plan now. A country scarred by nuclear disaster, restarting nuclear power, because a war partly about nuclear weapons just cut off its oil.</p><p>And the disruption isn&#8217;t just physical. Iran&#8217;s conventional military is largely destroyed, but cyber remains the one asymmetric tool that doesn&#8217;t need functioning airfields. Palo Alto&#8217;s Unit 42 documented retooling across Iranian cyber units this week. Nothing catastrophic has hit anyone yet, but Takaichi&#8217;s Active Cyber Defense Bill was designed for Chinese espionage and North Korean ransomware, not for a potentially cornered state with wiper malware and nothing left to lose. One more item on a list that&#8217;s already too long.</p><p>Dismantling the Iranian theocracy strengthens the global security order. The regime massacred its own civilians during the 2025-2026 protests. Its enrichment program hit 60% purity, well beyond any civilian justification. Pressuring this regime, even aggressively, is defensible and rational. I believe that.</p><p>But defensible for global security and defensible for Japanese security split apart on February 28, and the gap is widening by the hour. The operation is imposing its heaviest costs on the allies the US needs most. Japan didn&#8217;t choose this war. Japan can&#8217;t afford this war. And Japan can&#8217;t say so publicly because the same alliance that just disrupted its energy supply is the only thing standing between Tokyo and its actual existential threat (which starts with &#8220;C&#8221;, ends in &#8220;hina&#8221;, and isn&#8217;t in the Persian Gulf).</p><p>Takaichi condemned Iran&#8217;s nuclear program and stayed conspicuously quiet on the strikes themselves. That silence is the sound of a leader staring at two clocks, trying to figure out which one runs out first: the oil reserves or the diplomatic goodwill.</p><p>Meanwhile, Japan&#8217;s pacifist constitution is doing gymnastics nobody in the Diet choreographed. The SDF&#8217;s information-gathering mission in the Gulf now operates in an active warzone that Japan&#8217;s closest ally ignited. Whether the SDF expands into tanker escort duty would trigger the most consequential Article 9 debate since Abe&#8217;s 2015 reinterpretation, at precisely the moment when saying no looks like free-riding and saying yes means joining a war Japan never endorsed. Constitutional pacifism is a fine peacetime luxury until your oil supply depends on a wartime strait.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-impossible-seat?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-impossible-seat?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/p/the-impossible-seat?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><p>The cost of this crisis doesn&#8217;t stop at Tokyo&#8217;s borders. It runs straight through Beijing.</p><p>China buys 90% of Iran&#8217;s oil exports. Forty percent of China&#8217;s own oil imports transit Hormuz. Beijing is pressing Tehran to reopen the strait, which puts China and Japan in the same absurd position. Two nations on opposite ends of the American relationship, both dependent on the same chokepoint, both damaged by an operation neither endorsed.</p><p>The resemblance ends there. China built the resilience Japan only talked about. Overland pipelines from Russia and Central Asia tied with strategic petroleum reserves estimated at over 1.2 billion barrels and diversified LNG sourcing. Japan has tankers and no overland alternatives or pipeline options. An island nation at the end of the longest energy supply chain on earth, and someone just cut the chain.</p><p>The economic pain for China is real and its geopolitical consequences matter. Beijing is losing a major oil supplier and a strategic partner in the Middle East. Iran&#8217;s theocracy, whatever survives of it, was a useful counterweight to American influence in the Gulf. That counterweight is evaporating. Russia&#8217;s isolation deepens as another authoritarian node crumbles. These are genuine gains for the global security architecture. They&#8217;re worth celebrating.</p><p>But those gains come packaged with a problem that should keep Takaichi awake tonight. She built her entire security platform around deterring China. The $58 billion defense budget. Type-12 standoff missiles with 1,000-kilometer range. She announced to the world that Japan&#8217;s military could get involved if China moved on Taiwan. Her entire theory of the case depends on American presence in the Western Pacific.</p><p>And right now, American presence is in the Persian Gulf.</p><p>Every carrier strike group running escort duty through Hormuz is absent from waters near Taiwan. Every intelligence analyst tracking Iranian missile launches is one not tracking PLA movements around the Senkaku Islands. Beijing&#8217;s strategists are running this arithmetic as I type, and the math favors patience. You don&#8217;t need to provoke a crisis in the Taiwan Strait when your primary adversary just committed his best naval assets, his sharpest intelligence analysts, and his political capital to a war six thousand miles from the Western Pacific. You wait. You watch. You take notes.</p><p>The insurer is fighting a fire across town. The house hasn&#8217;t caught yet. But the arsonist next door just noticed the fire truck left.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/?utm_source=substack&amp;utm_medium=email&amp;utm_content=share&amp;action=share&quot;,&quot;text&quot;:&quot;Share A Discipline of Seeing&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/?utm_source=substack&amp;utm_medium=email&amp;utm_content=share&amp;action=share"><span>Share A Discipline of Seeing</span></a></p><p>On March 19, Takaichi will sit across from Trump. The summit was always going to be about China, about Taiwan contingency planning, about trade, about the future of deterrence in the Western Pacific.</p><p>Now the agenda carries something heavier.</p><p>What does an alliance look like when the insurer&#8217;s strategic judgment and the policyholder&#8217;s economic survival point in opposite directions? February 28 proved they can. The question Takaichi brings to Washington is what prevents it from happening again. Not in the abstract. Not as a diplomatic nicety. As a structural feature of the relationship: consultation protocols before military operations that threaten allied energy supply, intelligence sharing on Gulf maritime security, and the understanding that allied economic survival is a variable in American military planning and not an externality.</p><p>Takaichi is already building part of the answer herself. More reactors coming online. The defense budget climbing beyond 2%. Cyber defense capabilities, still early but accelerating. A national intelligence apparatus consolidating under her direct authority. </p><p>But March 19 is where Takaichi negotiates the gap between the Japan that exists and the Japan she&#8217;s building. A Japan that keeps paying its premiums but is quietly building its own fire department. The construction isn&#8217;t finished. Given what&#8217;s happening in the Gulf this week, it may not be finished in time.</p><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-impossible-seat?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/p/the-impossible-seat?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://karpf.substack.com/p/the-impossible-seat?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div>]]></content:encoded></item><item><title><![CDATA[3D Printing Cyber: The AI Phase of Offense Industrialization]]></title><description><![CDATA[Amazon Threat Intelligence exposed an AI-augmented campaign that compressed the entire cyber offense supply chain into one workstation. The factory built a 3D printer.]]></description><link>https://karpf.substack.com/p/3d-printing-cyber-the-ai-phase-of</link><guid isPermaLink="false">https://karpf.substack.com/p/3d-printing-cyber-the-ai-phase-of</guid><dc:creator><![CDATA[Brandon Karpf]]></dc:creator><pubDate>Tue, 24 Feb 2026 13:03:01 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!BEfZ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1131c6bd-f117-43f1-8815-67556accdeee_4528x3476.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!BEfZ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1131c6bd-f117-43f1-8815-67556accdeee_4528x3476.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!BEfZ!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1131c6bd-f117-43f1-8815-67556accdeee_4528x3476.jpeg 424w, https://substackcdn.com/image/fetch/$s_!BEfZ!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1131c6bd-f117-43f1-8815-67556accdeee_4528x3476.jpeg 848w, https://substackcdn.com/image/fetch/$s_!BEfZ!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1131c6bd-f117-43f1-8815-67556accdeee_4528x3476.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!BEfZ!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1131c6bd-f117-43f1-8815-67556accdeee_4528x3476.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!BEfZ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1131c6bd-f117-43f1-8815-67556accdeee_4528x3476.jpeg" width="1456" height="1118" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/1131c6bd-f117-43f1-8815-67556accdeee_4528x3476.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1118,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:536751,&quot;alt&quot;:&quot;A 3D printer with a hazard sign and melting plastic on an extruder table.&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://karpf.substack.com/i/188957449?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1131c6bd-f117-43f1-8815-67556accdeee_4528x3476.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="A 3D printer with a hazard sign and melting plastic on an extruder table." title="A 3D printer with a hazard sign and melting plastic on an extruder table." srcset="https://substackcdn.com/image/fetch/$s_!BEfZ!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1131c6bd-f117-43f1-8815-67556accdeee_4528x3476.jpeg 424w, https://substackcdn.com/image/fetch/$s_!BEfZ!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1131c6bd-f117-43f1-8815-67556accdeee_4528x3476.jpeg 848w, https://substackcdn.com/image/fetch/$s_!BEfZ!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1131c6bd-f117-43f1-8815-67556accdeee_4528x3476.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!BEfZ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1131c6bd-f117-43f1-8815-67556accdeee_4528x3476.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div><hr></div><p>On February 20, 2026, CJ Moses, CISO of Amazon, published <a href="https://aws.amazon.com/blogs/security/ai-augmented-threat-actor-accesses-fortigate-devices-at-scale/">findings from Amazon Threat Intelligence</a> describing a campaign that should reframe how we think about cyber offense. A Russian-speaking, financially motivated threat actor used commercial generative AI services to compromise over 600 FortiGate firewall appliances across more than 55 countries between January 11 and February 18, 2026. The campaign involved no zero-days, no exploit development, and no team that we know of. The actor scanned internet-facing management interfaces, tried common credentials against single-factor authentication, and let AI handle the rest.</p><p>Moses called it &#8220;an AI-powered assembly line for cybercrime, helping less skilled workers produce at scale.&#8221;</p><p>The assembly line metaphor is dead on.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>I&#8217;ve spent the past year exploring how offense industrialized. How the Chinese cyber ecosystem grew into a manufacturing supply chain of specialized firms, each perfecting one phase of the kill chain and scaling operations the way Toyota scaled automobile production. That framework describes what happened over the past decade. This campaign opens a window into what will happen next.</p><p>The assembly line just got compressed into a single workstation. And the operator doesn&#8217;t need to understand how the factory works.</p><h2>What Happened</h2><p>Amazon Threat Intelligence discovered the campaign through routine operations. The actor scanned FortiGate management interfaces exposed on ports 443, 8443, 10443, and 4443 across the open internet, then attempted authentication with commonly reused credentials. Just the digital equivalent of checking which doors are unlocked, executed at a speed no human team could match without automation.</p><p>FortiGate configuration files are high-value targets for a specific reason. They contain SSL-VPN user credentials with recoverable passwords, administrative credentials, complete network topology, firewall policies revealing internal architecture, and IPsec VPN peer configurations. A single config file hands an attacker the blueprint of an entire network along with the keys to walk through it. The actor developed AI-assisted Python scripts to parse, decrypt, and organize these stolen configurations.</p><p>Then the operation escalated. After establishing VPN access to victim networks, the actor deployed AI-generated reconnaissance tools that automated the post-exploitation workflow: ingesting target networks from VPN routing tables, running service discovery with open-source scanners, identifying domain controllers, and producing prioritized target lists. Inside victim networks, Meterpreter with the mimikatz module performed DCSync attacks against domain controllers, extracting complete NTLM password hash databases from Active Directory. In at least one case, the Domain Administrator account used a plaintext password extracted directly from the FortiGate configuration. That&#8217;s password reuse connecting the perimeter device to the keys of the kingdom.</p><p>The actor then targeted Veeam Backup &amp; Replication servers, the pre-ransomware playbook. <a href="https://www.rapid7.com/blog/post/2025/03/19/etr-critical-veeam-backup-and-replication-cve-2025-23120/">Rapid7 reported</a> that over 20% of their 2024 incident response cases involved Veeam access or exploitation. Compromise backups first, encrypt second. Amazon&#8217;s analysis confirmed no ransomware deployment, although the actor&#8217;s operational notes documented the intent to. They were building toward it.</p><p>Notably, when the actor encountered hardened environments, they moved on. Things like patched services, closed ports, MFA enabled forced the actor to switch targets. The actor&#8217;s own operational assessment for one confirmed victim acknowledged that key infrastructure targets were &#8220;well-protected&#8221; with &#8220;no vulnerable exploitation vectors.&#8221;</p><h2>The Exposed Server</h2><p>We know all of this because the actor&#8217;s operational security collapsed.</p><p>The server at 212[.]11.64.250, port 9999, hosted on a Swiss autonomous system, contained 1,402 files across 139 subdirectories; CVE exploit code; FortiGate configuration files from victims; Nuclei scanning templates; Veeam credential extraction tools; <a href="https://github.com/BloodHoundAD/BloodHound">BloodHound</a> collection data mapping Active Directory relationships; AI-generated attack plans with step-by-step exploitation instructions, expected success rates, time estimates, and prioritized task trees; Source code for every custom tool in the operation; Victim network topologies with confirmed credentials, identified services, and recommended lateral movement paths.</p><p>Everything. On a public server. Without encryption. Talk about a noob.</p><p>This level of exposure rarely (never) happens with professional operations. State-sponsored campaigns compartmentalize by design. Organized cybercrime groups enforce operational discipline through organizational hierarchy. This actor had neither structure nor discipline, and that absence explains both why we can study this campaign in such detail and why the operational model itself carries a structural vulnerability.</p><p>But the exposure also serves a different analytical function. We know this campaign existed because the operator was careless. The infrastructure that Amazon Threat Intelligence discovered represents one data point, the visible one. The question that should sit with every reader is, &#8220;How many similar campaigns run right now with better hygiene?&#8221;</p><h2>The Factory and the 3D Printer</h2><p>I&#8217;ve written previously about how the Chinese cyber ecosystem <a href="https://karpf.substack.com/p/taiwan-maneuver-warfare-and-the-industrialization-of-cyber-conflict">industrialized through organizational specialization</a>. Companies now provide discrete kill chain services. One firm handles reconnaissance. Another brokers initial access. A third provides command infrastructure. A fourth manages exfiltration. Each perfects one phase and sells it as a service. The ecosystem scales horizontally, like a manufacturing supply chain producing custom goods at commodity speed. Attribution fragments along organizational boundaries. When reconnaissance happens in one company, weaponization in another, and C2 in a third, defenders can&#8217;t trace a full campaign to a single actor.</p><p>That&#8217;s the factory. Organizational specialization. Distributed production. A decade of institutional development.</p><p>This campaign built a 3D printer.</p><p>One actor performed six distinct industrial functions: reconnaissance and scanning, tool development, credential extraction and parsing, infrastructure management, attack planning, and post-exploitation. AI substituted for specialized teams at each phase. The actor used at least two distinct commercial LLM providers throughout operations. Amazon Threat Intelligence <a href="https://aws.amazon.com/blogs/security/ai-augmented-threat-actor-accesses-fortigate-devices-at-scale/">identified</a> one model serving as the primary tool developer, attack planner, and operational assistant, with a second used as a supplementary attack planner when the actor needed help pivoting within specific compromised networks.</p><p>Independent analysis by <a href="https://cyberandramen.net/2026/02/21/llms-in-the-kill-chain-inside-a-custom-mcp-targeting-fortigate-devices-across-continents/">Cyber and Ramen</a> identified the specific models. DeepSeek generated attack plans from reconnaissance data. The actor configured Claude Code, Anthropic&#8217;s coding agent, for autonomous execution of offensive tools. The actor built a custom tool called ARXON, a <a href="https://modelcontextprotocol.io/">Model Context Protocol</a> (MCP) server that bridged stolen recon data and commercial language models. ARXON ingested per-target reconnaissance, called DeepSeek to generate structured attack plans, and stored results in a persistent knowledge base that grew with each compromised target. It also contained scripts for batch SSH-based FortiGate VPN account creation, user provisioning, and automated Domain Admin credential validation.</p><p>The actor started with <a href="https://github.com/0x4m4/hexstrike-ai">HexStrike</a>, an open-source MCP framework released in 2025 that wraps 150+ security tools with MCP decorators so AI agents can invoke them autonomously. Within approximately eight weeks, the actor graduated to ARXON, a custom orchestration platform. Consumer to builder. Two months.</p><p>The factory, the Chinese ecosystem model, distributes production across organizational boundaries. Each firm holds one piece of the operation. Compromising one firm reveals one phase. The organizational structure creates resilience through compartmentalization.</p><p>The 3D printer concentrates everything in a single node. One server held 1,402 files documenting the entire operation. The actor&#8217;s OPSEC failure was architectural. When you compress the supply chain into one workstation, you compress the failure surface into one workstation. The Toyota model distributes risk. The 3D printer concentrates it.</p><p>Both models produce, they just produce differently.</p><p>The factory retains its advantage on hard targets. The precision operations that demand persistent access, custom exploit development, deep institutional knowledge of specific victim environments. The kind of work that requires the human expertise AI can&#8217;t replicate. ShadowPad campaigns spanning 70+ organizations across nine months require coordination, institutional memory, and operational discipline that a solo AI-augmented actor demonstrably lacks.</p><p>The 3D printer floods the market with volume against soft targets. Six hundred devices, 55 countries, five weeks, one operator. The quality per unit is lower. The tooling shatters under edge cases. The actor can&#8217;t compile custom exploits, debug failed attempts, or creatively pivot when standard approaches fail. But volume compensates for selectivity. The threat model shifts from &#8220;sophisticated actor persists against your defenses&#8221; to &#8220;automated industrial process sorts you into a category and processes accordingly.&#8221;</p><p>And the timeline between these two models compresses at alarming speed. In September 2025, Anthropic <a href="https://www.anthropic.com/news/disrupting-AI-espionage">disclosed</a> that a Chinese state-sponsored group (tracked as GTG-1002) had manipulated Claude Code into functioning as an autonomous cyber attack agent, executing 80-90% of tactical operations independently across roughly 30 targets globally. That was a state-sponsored operation with institutional resources. Three months later, in January 2026, a financially motivated individual replicated the conceptual model with commercial tools and API keys.</p><p>The capability transfer from nation-state to solo operator used to take years. GTG-1002 to this campaign was twelve weeks.</p><h2>The Raw Material Problem</h2><p>The campaign succeeded because the raw material existed in abundance.</p><p>FortiGate appliances have weathered an 18-month siege of vulnerability disclosures and mass exploitation campaigns. The timeline matters because it explains where this actor&#8217;s starting inventory came from.</p><p>October 2022: <a href="https://www.cvedetails.com/cve/CVE-2022-40684/">CVE-2022-40684</a>, a critical authentication bypass zero-day, was exploited in the wild. Attackers harvested configuration files from approximately 15,000 devices. January 2025: a group calling itself Belsen Group <a href="https://www.infosecurity-magazine.com/news/hacking-group-leaks-config-15k/">dumped those 15,000 configurations</a> on the dark web for free, as a promotional move to establish reputation. Plaintext VPN credentials included. <a href="https://censys.com/blog/fortigate-config-leak-impact/">Censys confirmed</a> that 54.75% of affected IP addresses remained online and reachable. Nearly a third still exposed the compromised FortiGate login interfaces.</p><p>The supply kept growing. Four more critical Fortinet vulnerabilities followed between <a href="https://www.cvedetails.com/cve/CVE-2024-55591/">January 2025</a> and <a href="https://www.helpnetsecurity.com/2026/01/21/patched-fortigate-compromised-via-cve-2025-59718/">January 2026</a>, each adding to the stockpile, including <a href="https://www.rapid7.com/blog/post/etr-critical-vulnerabilities-in-fortinet-cve-2025-59718-cve-2025-59719-exploited-in-the-wild/">one that worked on fully patched devices</a>. The supply of exploitable starting material expanded faster than organizations rotated credentials. This campaign processed that stockpile at industrial speed.</p><p>A deeper architectural question sits underneath the vulnerability timeline. At this stage in the long evolution of security architecture, <strong>we need to accept that SSL VPNs are just a terrible idea and should be eradicated with extreme prejudice.</strong></p><p>SSL VPN technology manufactures portable credential packages. A FortiGate configuration file contains recoverable plaintext passwords, complete network topology, routing information, and VPN peer configurations. This is everything an attacker needs to map, enter, and navigate a network, bundled into one extractable artifact. ARXON ingested these artifacts. DeepSeek produced attack plans from them. The architecture generated the input. AI processed it. Scale followed automatically.</p><p>Norway&#8217;s National Cyber Security Centre <a href="https://nsm.no/fagomrader/digital-sikkerhet/nasjonalt-cybersikkerhetssenter/varsler-fra-ncsc/bor-bytte-ut-sslvpn">mandated</a> SSL VPN replacement by end of 2025, and mandated that critical infrastructure transition by end of 2024, a directive that followed state-backed actors exploiting zero-days in SSL VPN products targeting Norwegian infrastructure. SonicWall announced it will <a href="https://www.sonicwall.com/support/knowledge-base/how-to-migrate-from-ssl-vpn-to-sts-vpn/250217154444837">remove all SSL VPN licenses and support</a> after October 2025. <a href="https://www.zscaler.com/campaign/threatlabz-vpn-risk-report">Zscaler&#8217;s 2025 VPN Risk Report</a> found 56% of organizations reported VPN-related breaches in the past year. NIST cataloged 83 VPN CVEs in 2024 alone, 60% scoring high or critical.</p><p>The migration argument moves from &#8220;best practice&#8221; to something more concrete. If you&#8217;re using an SSL VPN, your architecture produces raw material for automated exploitation. The organizations that can afford ZTNA migration will complete it. The organizations that can&#8217;t (the mid-market companies across South Asia, Latin America, and West Africa that populate this campaign&#8217;s victim list) remain inventory for the next assembly line.</p><p><strong>The haves. And the have-nots.</strong></p><h2>The IOC Problem Strikes Back</h2><p>Moses published two IPv4 indicators of compromise in his report. He also wrote, in the same report, that &#8220;traditional IOC-based detection has limited effectiveness&#8221; because the actor used legitimate open-source tools (Impacket, gogo, Nuclei, Meterpreter) present in every penetration testing engagement.</p><p>He shared the indicators. Then he told you they won&#8217;t help.</p><p>This paradox sits at the center of a <a href="https://karpf.substack.com/p/iocs-are-dead-long-live-iocs">structural failure in threat intelligence</a> I&#8217;ve written about previously. The median C2 server lives five days. The average shared indicator arrives 33 days later. The indicator expires before it arrives.</p><p>This campaign adds a new dimension. The operationally useful intelligence (ARXON&#8217;s MCP architecture, the two-model workflow, behavioral patterns of AI-orchestrated lateral movement, detection opportunities like anomalous VPN geo-patterns and unexpected DCSync operations) fits into no existing sharing format.</p><p>You can encode two IP addresses in STIX and distribute them via TAXII. You cannot encode &#8220;the attacker submitted complete victim network topology to a commercial LLM and received a prioritized exploitation plan&#8221; in a machine-readable format that another organization can operationalize. The intelligence that&#8217;s sharable in current formats is already dead or dying. The intelligence that matters has no transport standard or mechanism to even exist.</p><p>The clearing house for behavioral intelligence exchange, for TTP-centric, context-rich, time-bounded intelligence that routes to the right consumer, still doesn&#8217;t exist. The platforms that host threat intelligence feeds built their economics on IOC volume. The ISACs that coordinate sector defense built their workflows on indicator distribution. The government bulletins that inform defensive priorities still circulate hashes and domains as their primary unit of cooperation.</p><p>All of it transacts in a currency that buys less each quarter. This campaign&#8217;s two IP addresses are the latest denomination.</p><h2>The Two-Tier Landscape Hardens</h2><p>The actor&#8217;s operational notes recovered from the exposed server record repeated failures against hardened environments.</p><p>Targeted services: patched. Required ports: closed. Vulnerabilities: didn&#8217;t apply to the target OS versions. The actor&#8217;s final assessment for one confirmed victim: key infrastructure targets &#8220;well-protected&#8221; with &#8220;no vulnerable exploitation vectors.&#8221;</p><p>Each adversary failure traces to a basic defensive control that is a well-known and recommended minimum baseline. MFA on VPN access. Management interfaces pulled off the internet. Credentials rotated after the Belsen Group dump. Backup infrastructure segmented. Veeam servers patched.</p><p>Fundamentals. All of them. The problem is distribution.</p><p>The organizations this campaign hit cluster across South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia. Managed service providers running shared FortiGate deployments. Organizations where multiple devices shared non-standard management ports. This is an example of centralized administration without centralized security. Environments where a Domain Administrator password matched the SSL-VPN credential the actor pulled from a firewall config file.</p><p>I spent a week in Taipei in December 2025 discussing digital resilience with government officials and critical infrastructure operators. Taiwan&#8217;s small and medium enterprises form the backbone of the economy. Many lack IT departments. Some lack IT administrators entirely. They hire an engineer to configure email, purchase a firewall appliance, and hope for the best. The threat ecosystem industrialized to exploit these organizations as soft entry points into supply chains connecting to larger targets.</p><p>This campaign processed them at industrial speed. The controls that work against these campaigns are known. But they&#8217;re cheap to describe. Expensive to deploy for the organizations that need them most.</p><p>The gap between resourced defenders and everyone else widens quarter by quarter. Organizations with behavioral baselines, deployed MFA, segmented networks, and audited management interfaces survived this campaign without incident. An automated process running on commercial AI sorted organizations without these fundamentals into the soft-target category.</p><p>Defense-as-infrastructure (composable, standardized, horizontally scalable security that deploys without requiring bespoke expertise or dedicated security teams) remains the market gap. The AWS of cyber defense. I&#8217;ve written about this need in the context of <a href="https://karpf.substack.com/p/taiwan-maneuver-warfare-and-the-industrialization-of-cyber-conflict">Taiwan&#8217;s digital resilience challenges</a> and the broader <a href="https://karpf.substack.com/p/iocs-are-dead-long-live-iocs">failure of the IOC-sharing economy</a> to protect the organizations consuming stale indicator feeds.</p><p>This campaign amplifies the demand signal. Nobody has built it yet.</p><h2>The Question Underneath</h2><p>The analytical frameworks that have organized cybersecurity thinking for fifteen years assume capability correlates with organizational resources. Advanced Persistent Threat groups possess advanced capabilities because they command state-sponsored budgets, institutional expertise, and organizational depth. Financially motivated criminals operate at lower sophistication because they lack those resources. The taxonomy (APT versus cybercrime, nation-state versus criminal, sophisticated versus commodity) rests on that correlation.</p><p>The correlation is broke.</p><p>A financially motivated individual (maybe small team) with commercial AI access just compromised 600+ devices across 55 countries, extracted complete Active Directory credential databases, and positioned for ransomware deployment against backup infrastructure. The techniques mirror state-sponsored operations. The organizational resources amount to a laptop and API keys.</p><p>AI compresses the offense supply chain from ecosystem to individual. The factory still runs. The Chinese ecosystem&#8217;s organizational model retains its advantage on hard targets. But the commodity operations face radical democratization. The 3D printer produces at lower quality than the factory. The operator can&#8217;t debug failed exploits, can&#8217;t compile custom tooling, can&#8217;t creatively adapt when conditions diverge from the AI-generated plan. When this actor hit a wall, they moved on.</p><p>The only reason we can study this campaign in the detail Amazon published is because the operator stored everything on a public server without encryption. A competent operator running the same model with basic infrastructure hygiene produces no exposed Zurich server. The victims discover the compromise through ransomware deployment. Or they don&#8217;t discover it at all.</p><p>That&#8217;s the campaign worth thinking about. The one that learned from this actor&#8217;s mistakes. The invisible assembly line, operated by one, running on commercial AI, processing soft targets at industrial speed with competent operational security.</p><p>How many are running right now? And how do we defeat them?</p><p></p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[IOCs Are Dead. Long Live IOCs.]]></title><description><![CDATA[Ninety percent of C2 servers die in five days. The average threat intel indicator arrives 33 days late. The IOC economy is collapsing. What replaces it?]]></description><link>https://karpf.substack.com/p/iocs-are-dead-long-live-iocs</link><guid isPermaLink="false">https://karpf.substack.com/p/iocs-are-dead-long-live-iocs</guid><dc:creator><![CDATA[Brandon Karpf]]></dc:creator><pubDate>Wed, 18 Feb 2026 13:03:26 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!tMZW!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F10a81c7d-9672-4217-a8ae-8b52e93caecd_768x505.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!tMZW!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F10a81c7d-9672-4217-a8ae-8b52e93caecd_768x505.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!tMZW!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F10a81c7d-9672-4217-a8ae-8b52e93caecd_768x505.png 424w, https://substackcdn.com/image/fetch/$s_!tMZW!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F10a81c7d-9672-4217-a8ae-8b52e93caecd_768x505.png 848w, https://substackcdn.com/image/fetch/$s_!tMZW!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F10a81c7d-9672-4217-a8ae-8b52e93caecd_768x505.png 1272w, https://substackcdn.com/image/fetch/$s_!tMZW!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F10a81c7d-9672-4217-a8ae-8b52e93caecd_768x505.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!tMZW!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F10a81c7d-9672-4217-a8ae-8b52e93caecd_768x505.png" width="768" height="505" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/10a81c7d-9672-4217-a8ae-8b52e93caecd_768x505.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:505,&quot;width&quot;:768,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1015648,&quot;alt&quot;:&quot;A german shepherd with a red ball.&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://karpf.substack.com/i/188142383?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5b1da5b9-5a5c-4c3b-9780-ed18080683c1_768x592.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="A german shepherd with a red ball." title="A german shepherd with a red ball." srcset="https://substackcdn.com/image/fetch/$s_!tMZW!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F10a81c7d-9672-4217-a8ae-8b52e93caecd_768x505.png 424w, https://substackcdn.com/image/fetch/$s_!tMZW!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F10a81c7d-9672-4217-a8ae-8b52e93caecd_768x505.png 848w, https://substackcdn.com/image/fetch/$s_!tMZW!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F10a81c7d-9672-4217-a8ae-8b52e93caecd_768x505.png 1272w, https://substackcdn.com/image/fetch/$s_!tMZW!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F10a81c7d-9672-4217-a8ae-8b52e93caecd_768x505.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>A foot of snow fell in Maryland the other week. My German shepherd Mango has a red ball she&#8217;d trade her life for. I pushed it down the hill.</p><p>She watched it bounce. Stomped her feet. Barked at the sky. Launched herself.</p><p>Up up up. Down down down. Face first. POW.</p><p>Snow everywhere. Ball nowhere near her.</p><p>Mango&#8217;s problem is that she always seems to jump to where the ball <em>was</em>. She commits with everything she has and arrives with a snout full of snow but long after the ball has already moved on.</p><p>This is what we&#8217;re doing with indicators of compromise.</p><div><hr></div><p><em>The indicator of compromise (the hash, the IP, the domain) is the fundamental currency of threat intelligence. That currency collapses a little more each quarter. Ninety percent of command-and-control infrastructure dies within five days; the average shared IOC arrives <a href="https://www.netresec.com/?month=2025-11&amp;page=Blog&amp;post=Optimizing-IOC-Retention-Time">33 days later</a>, after the server it describes has already gone dark. Adversaries industrialized signature production. Nation-state campaigns increasingly generate unique code per target, and commodity crimeware trends the same direction as offensive toolkits democratize, modular C2 frameworks lower the barrier to entry, and AI-assisted development accelerates payload generation. The gap between state-sponsored and criminal infrastructure narrows by the month. The IOC might yet survive. Repositioned as raw material inside a contextual intelligence pipeline that routes the right intelligence to the right consumer at the right time for the right reasons, the indicator can still carry weight. The finished product of intelligence just looks different now.</em></p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><div><hr></div><h2><strong>The Dead Letter Office</strong></h2><p>The empirical case continues to stack fast against legacy indicators of compromise.</p><p><a href="https://www.netresec.com/?month=2025-11&amp;page=Blog&amp;post=Optimizing-IOC-Retention-Time">Censys research</a> found the median Cobalt Strike C2 server lives for five days. A 2022 IoT botnet study corroborated the finding that 90% of C2 servers died within five days and 93% within fourteen. Recorded Future documented a 33-day average delay between initial detection of a C2 server and the moment that indicator surfaces in a published threat report.</p><p>The indicator expires long before a defender even knows to use it.</p><p>The malware story is no different. The agility of malware developers to ship new code swamps the ability for legacy IOCs to have a meaningful impact. Mandiant&#8217;s <a href="https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025">M-Trends 2025</a>, drawn from 450,000+ hours of investigations, catalogued 632 new malware families in 2024. Total tracked families exceeded 5,500. The volume of unique signatures now outpaces any single organization&#8217;s capacity to consume them, let alone operationalize them against a live threat.</p><p>Academics formalized what practitioners already knew. <a href="https://arxiv.org/abs/2307.16852">Tostes et al.</a> published the first real-world evaluation of IOC aging thresholds in 2023, demonstrating that indicator reliability degrades on predictable curves. Barnhart and Lee followed in October 2025 with <a href="https://www.sans.org/white-papers/adversary-aware-ioc-retention-analyzing-time-live-patterns-threat-actor-attribution">adversary-aware retention modeling</a> through SANS, confirming that threat actors cycle infrastructure at different rates and that uniform decay models waste analyst hours chasing dead indicators.</p><p>Three independent lines of evidence. Same conclusion. The platforms themselves conceded the point. <a href="https://www.misp-project.org/2019/09/12/Decaying-Of-Indicators.html/">MISP built formal decay scoring</a> into its platform. <a href="https://docs.opencti.io/latest/administration/decay-rules/">OpenCTI 6.0 shipped configurable decay rules</a> with automatic revocation when indicator scores drop below thresholds. <a href="https://www.dragos.com/blog/end-of-life-of-an-indicator-of-compromise-ioc">Dragos published end-of-life guidance</a> advising that IP-based indicators should carry expiration dates. When your tooling needs a built-in expiration system for the data it processes, the data model carries a structural defect.</p><p>The data establishes <em>that</em> IOCs are dying. The harder question is <em>why</em>. The hard<em>est</em> question is what to do about it.</p><h2><strong>How the Mint Broke</strong></h2><p>Offense industrialized.</p><p>Hundreds of specialized firms now provide discrete kill chain services across the <a href="https://www.nattothoughts.com/p/chinas-cybersecurity-companies-advancing">Chinese cyber ecosystem</a>. One company handles reconnaissance, another brokers initial access. A third provides command infrastructure. A fourth manages exfiltration. Each firm perfects one phase and sells it as a service. The ecosystem scales horizontally, like a manufacturing supply chain producing custom goods at commodity speed. Attribution fragments along the same lines: organizational boundaries, tooling, and tradecraft shift at every phase of an operation, making it nearly impossible to trace a full campaign to a single actor.</p><p>ShadowPad illustrates the production model. SentinelLABS <a href="https://industrialcyber.co/ransomware/sentinelone-links-shadowpad-and-purplehaze-attacks-to-china-aligned-threat-actors/">tracked the PurpleHaze activity cluster</a> spanning July 2024 to March 2025, linking ShadowPad deployments across 70+ organizations and leveraging Operational Relay Box networks operated from China. <a href="https://www.trendmicro.com/en_us/research/25/b/updated-shadowpad-malware-leads-to-ransomware-deployment.html">Trend Micro documented updated variants</a> targeting 21 companies across 15 countries in February 2025. <a href="https://www.secureworks.com/research/shadowpad-malware-analysis">Secureworks CTU</a> ties ShadowPad clusters to MSS and PLA-affiliated groups. <a href="https://www.darktrace.com/blog/darktrace-detection-of-state-linked-shadowpad-malware">Darktrace independently confirmed</a> ShadowPad detections in customer environments. The toolkit remains in active development. A living product line, refined and shipped with the regularity of a commercial software release.</p><p>The infrastructure hosting that C2 traffic sits inside the same cloud environment defenders depend on. AWS and Google restricted classic domain fronting in 2018 (<a href="https://signal.org/blog/looking-back-on-the-front/">Signal documented the impact</a>). <a href="https://aws.amazon.com/blogs/security/enhanced-domain-protections-for-amazon-cloudfront-requests/">AWS published enhanced domain protections</a> after the Telegram-Russia blocking crisis drove collateral damage across 15.8 million IP addresses. Threat actors adapted. They stopped disguising traffic through CDNs and moved <em>into</em> the infrastructure itself. ShadowPad C2 now uses spoofed TLS certificates impersonating Intel and Dell, hosted on commercial providers. Your adversary&#8217;s command server and your production workload share a subnet.</p><p>Meanwhile, <a href="https://blog.alphahunt.io/modular-c2-frameworks-quietly-redefine-threat-operations-for-2025-2026/">modular C2 frameworks</a> exploded in adoption. Sliver, Havoc, Brute Ratel C4, and Mythic displaced Cobalt Strike as operators&#8217; tools of choice. Each generates unique beacons per deployment. The C2 framework market also industrialized. Unique infrastructure generation became trivial for operators at every sophistication tier, from state-sponsored teams to ransomware affiliates running weekend operations out of a Discord server.</p><p>The ball accelerates. And we built a machine that manufactures new balls.</p><h2><strong>The Gold Standard After the Gold Ran Out</strong></h2><p>The intelligence-sharing economy was designed around the assumption that signatures carry reusable detection value across organizations. ISACs distribute indicators. Government bulletins circulate hashes and IPs. Vendors sell threat feeds built on the same premise that knowing what&#8217;s &#8220;bad&#8221; protects you from it. MISP stores and correlates those indicators, STIX/TAXII formats the transport, and the IETF formalized the concept in <a href="https://datatracker.ietf.org/doc/rfc9424/">RFC 9424</a>. Every layer of the cooperative architecture between defenders trades in the IOC currency.</p><p>Think about what that means beyond any single organization&#8217;s detection capability. ISACs built their entire coordination model on IOC exchange. Government cybersecurity bulletins circulate IOCs as their primary unit of cooperation and value creation. Vendor relationships between threat intelligence providers and their customers are denominated in indicators per feed. Alliance frameworks in the Indo-Pacific, across NATO, between Five Eyes partners, all assume that sharing &#8220;known bad&#8221; signatures constitutes meaningful cooperation. When the underlying unit of exchange loses reliability, the connective tissue between defenders degrades, and the cooperative infrastructure that took three decades to build across sectors, across alliances, across public-private partnerships starts to fray at every junction. Every ISAC meeting, every government alert, every threat feed subscription becomes a transaction conducted in a currency that buys less and less each quarter.</p><p>IOCs didn&#8217;t devalue like fiat currency through lost faith in an issuing authority. Adversaries made the underlying asset (a static signature) trivially reproducible. This is the equivalent of monetary counterfeiting. Adversaries flooded the market with unique signatures the way a counterfeiter floods an economy with bills, draining each individual indicator of value while the category of &#8216;indicator&#8217; retains the same theoretical worth that the concept of &#8216;currency&#8217; retains after hyperinflation. The platforms themselves conceded the point years ago, building expiration systems into the data they process. Everyone still trades in the currency because no alternative exchange mechanism exists. The infrastructure persists because switching costs run high and no replacement clearing house has been built.</p><p>The IOC-centric model of threat intelligence is failing. The response: stop treating the indicator as the finished product.</p><h2><strong>What Lives On</strong></h2><p>David Bianco proposed the <a href="https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html">Pyramid of Pain</a> in 2013 (<a href="https://www.sans.org/tools/the-pyramid-of-pain">SANS maintains a reference</a>). Hash values at the bottom, trivial for attackers to change. TTPs at the top, expensive to alter. Thirteen years later, the hierarchy maps directly onto what practitioners say they want: stop pouring resources into the bottom of the pyramid and start climbing.</p><p>The hash, the IP, the domain: these persist as anatomical components inside a richer intelligence organism. They carry forensic value. They anchor attribution chains. They catch commodity crimeware. And they belong inside a larger system as raw inputs, components that a pipeline digests and transforms into actionable intelligence. The IOC goes in as raw material. Contextual, time-bound, consumer-specific intelligence comes out. Each tier of the pipeline performs a different metabolic function, and the organism produces something the raw indicator could never be on its own.</p><p>I&#8217;m proposing a three-tier intelligence pipeline.</p><p><strong>Tier 1: Tactical automation.</strong> Atomic indicators get ingested, time-bounded using <a href="https://www.sans.org/white-papers/adversary-aware-ioc-retention-analyzing-time-live-patterns-threat-actor-attribution">adversary-aware decay models</a>, and scanned against environmental assets. This last part is key because it defines the context. Intelligence is useful without it. Indicators need salience and context to be usable. We still haven&#8217;t solved this problem and no, EDR/MDR/XDR doesn&#8217;t meet the need. Environments are more complex than a jumble of endpoints. The indicator needs a system that knows whether it matters to <em>this</em> environment and whether the indicator still breathes, not an analyst spending twenty minutes triaging a dead IP against hundreds of end user devices or a static malware hash against three dozen OS versions.</p><p><strong>Tier 2: Operational TTP routing.</strong> Campaign behavior, technique patterns, and behavioral indicators get routed to threat hunting teams who translate them into environment-specific hypotheses. <a href="https://attack.mitre.org/">MITRE ATT&amp;CK</a> provides the taxonomy. Tools like <a href="https://ctid.mitre.org/projects/threat-report-attck-mapper-tram/">TRAM</a> and emerging ML classifiers (<a href="https://link.springer.com/article/10.1007/s10207-025-01146-5">AC_MAPPER</a>) showing ~93% accuracy on benchmarks) accelerate extraction, but human analysts remain essential for validation and environmental translation. A detection rule that works in one network architecture may fire false positives in another. The analyst bridges that gap.</p><p><strong>Tier 3: Strategic business intelligence.</strong> High-level threat landscape, sector-specific trends, and incident context packaged for business leaders and client-facing teams. No hashes or IPs. Situational awareness stripped of technical granularity. The executive receiving a strategic intelligence product shouldn&#8217;t need to know what a C2 server is. They need to know whether their risk profile changed this quarter.</p><p>SOC practitioners describe wanting exactly this model. Time-bounded indicators automated. TTPs routed to hunters. Strategic intelligence pushed to business leadership, where a CISO or a client-facing executive can walk into a meeting and say <em>I read about that incident, here&#8217;s our exposure</em> without parsing a STIX bundle. The model maps to existing organizational roles and consumption patterns. It works because it routes intelligence to the consumer who can act on it based on context, rather than dumping everything into a shared feed and hoping the right person finds the right needle in a sea of needles.</p><p>The problem runs deeper than design.</p><p>Everyone knows what the replacement looks like. The pieces sit on the table. The tools exist in fragments. The capabilities and technologies are right there for the taking. And yet, nobody has built it. Why?</p><h2><strong>Why Nobody Built the Replacement</strong></h2><p>Every sophisticated defender knows IOCs are degrading. The replacement model (contextual pipelines, behavioral baselines, TTP detection) is well-understood <em>theoretically</em>. Everyone points to cost and complexity. The deeper answer sits in the incentive structure.</p><p><strong>The data moat holders who won&#8217;t share.</strong> Behavioral baselines require years of historical telemetry across diverse environments. The organizations that already have this depth (large MSSPs, hyperscalers, major carriers with network-level visibility) carry zero incentive to commoditize it. Their competitive advantage <em>is</em> the baseline. Productizing that depth as accessible infrastructure destroys the moat. The entities best positioned to build the replacement have the least incentive to make it accessible. A natural monopoly dynamic forms, concentrating defensive capability among incumbents and discouraging new entrants.</p><p><strong>The platform hosts who won&#8217;t constrain.</strong> AWS, Azure, and Google Cloud have the scale, compute, and telemetry to build contextual enrichment pipelines as platform services. They also host the adversary&#8217;s C2 infrastructure. ShadowPad C2 runs on the same cloud providers that sell security products to the defenders tracking it. The hyperscaler revenue model depends on frictionless provisioning. The same frictionless provisioning that lets threat actors spin up disposable infrastructure in minutes. They build security <em>products</em>. Detection layers bolted onto the platform that&#8217;s at best insecure by design and at worst actively malicious. They don&#8217;t build architectural constraints that restrict adversary operations because those constraints would restrict legitimate customers and slow growth.</p><p><strong>The standards that don&#8217;t exist.</strong> STIX/TAXII solved the transport problem for IOC exchange. No equivalent standard exists for behavioral pattern exchange. You can share a hash in a structured format that any tool can ingest. You cannot share &#8220;this is what abnormal lateral movement looks like in a hybrid Azure AD environment with legacy on-prem domain controllers&#8221; in a machine-readable format that another organization can operationalize. MITRE ATT&amp;CK provides taxonomy, the language for describing techniques, but not operational detection logic. The <a href="https://github.com/SigmaHQ/sigma">Sigma rule project</a> comes closest with shareable detection rules mapped to techniques. Adoption remains fragmented. Coverage stays incomplete. Without a transport standard for behavioral intelligence, the replacement economy can&#8217;t form. There is no clearing house because there is no common denomination.</p><p>Specialization created revenue for each kill chain provider, the ecosystem&#8217;s modularity allowed each participant to optimize independently without coordinating with the others, and the entire apparatus scaled because every incentive pointed in the same direction at the same time. Defense hasn&#8217;t industrialized because the incentives oppose it. The defenders who build infrastructure profit from keeping it proprietary. The platforms that could enforce architectural constraints profit from permissiveness. And the standards that would enable exchange don&#8217;t exist.</p><p>The government, which historically forced coordination through mandates (<a href="https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity/software-security-supply-chains-software-1">EO 14028</a> required SBOMs for federal software), can mandate <em>formats</em>. It cannot mandate <em>baselines</em>. You can require organizations to produce a Software Bill of Materials. You cannot require them to maintain a decade of behavioral telemetry and share deviation patterns with their competitors.</p><p>The defense industrialization gap persists by design. The two-tier security landscape, where organizations with resources build contextual pipelines while everyone else consumes degrading IOC feeds, has the structure of a permanent equilibrium.</p><h2><strong>My Prediction</strong></h2><p>Three things could break the deadlock.</p><p>A catastrophic event that forces open behavioral intelligence sharing, the cyber equivalent of September 11th restructuring the entire U.S. intelligence community under a Director of National Intelligence (unlikely to occur <em>anytime</em>). A regulatory mandate with real teeth on behavioral telemetry exchange, moving beyond format requirements to capability requirements (unlikely to occur anytime <em>soon</em>). Or a market entrant that cracks the economics of defensive infrastructure as a platform without destroying the data moat that makes it valuable (the <em>only</em> feasible option). The AWS of cyber defense.</p><p>I don&#8217;t know which one arrives first. I suspect the catastrophic event and the regulation pathways just never materialize to the degree needed to drive real change. What I do know is that the current trajectory hardens the two-tier landscape quarter by quarter. The IOC-sharing economy degrades. The gap between resourced defenders and everyone else widens. And the organizations consuming stale indicator feeds today will look up in eighteen months wondering why their detection rates collapsed while their threat feed subscription costs grew another 6%.</p><p>The question for every organization reading this: Are you building the contextual pipeline, the three-tier model that gives IOCs a meaningful role inside a richer intelligence organism? Or are you waiting for someone else to build it for you?</p><p>Because Mango is still running to where the ball was. And the ball keeps picking up speed.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://karpf.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading A Discipline of Seeing! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item></channel></rss>