Jake Gold

Jake Gold

Building AI infra @ Clor in SF Bay Area. Helped launch and scale Vibecode and Bluesky. Prev: Nuro, Docker, Google, and founder.

Email LinkedIn Bluesky

Foreign States Already Have Claude Fable 5 and GPT 5.6 Sol

The default assumption should be that foreign state actors have already exfiltrated the weights of Claude Fable 5 and GPT 5.6 Sol, the latest frontier models from Anthropic and OpenAI.

Here’s the question I wish a journalist would put to Sam Altman and Dario Amodei on the record:

“Can you guarantee that no foreign state actor has exfiltrated, or will exfiltrate, your frontier model weights?”

They might say “Our weights have never left our own systems.” But there’s no way they can actually know that.

Or “We have strict access controls, encryption at rest, continuous monitoring…” All of that is real I’m sure (more or less), but it amounts to security theater given the importance of the prize and what state actors are capable of.

Or, if they’re being honest, “No, our systems were not designed to guarantee that.”

Why they can’t guarantee it now

The debate on US export controls over access to frontier models presumes Anthropic and OpenAI have exclusive control over their own model weights, and there’s no real reason to believe that.

A frontier model is a directory of files, a few hundred gigabytes to a few terabytes, small enough to fit on a single USB drive. To serve it, Anthropic and OpenAI copy that directory onto many GPU servers across regions and clouds, almost always on hardware they don’t own. There are a thousand ways for a state actor to get at those files.

How they could guarantee it

They could honestly guarantee that no one will exfiltrate their models, but it would be a significant technical undertaking. They would likely have to build some kind of system that keeps the weights encrypted and sealed inside trusted hardware, never exposed in the clear on the machines that serve them.

Maybe they’re working toward this, but as far as I know it isn’t the case anywhere today.

The horse has already left

So much of the fight is about who should be allowed to access these models, and under what rules. The government recently forced Anthropic to block Fable for all foreign nationals.

But what’s the point if the foreign state you were worried about already has a copy running on their own GPUs?

Seems like we should first get a handle on the illegal access to models before even considering restricting legal access.