🧪 Why "safe AI" stopped meaning a safer model.
📰 xAI's unpermitted turbines, PixVerse crosses $2B, and the case for an AI dividend.
🛠️ Three tools worth trying: Reality Defender, Content Credentials, Have I Been Pwned.
🗳️ Poll: where should the AI guardrail actually live?
Let’s dive in. No floaties needed.

Smart hiring for teams that need strong talent now
Fill key roles faster, without waiting weeks or months for the pipeline to behave.
AI-assisted matching and structured vetting help you find people who fit the role and the team.
Cut time and cost with a process built for scale, not endless back-and-forth.

Framer is a pro website builder trusted by companies like Miro and Perplexity that helps creators, teams and businesses ship production-ready sites faster than ever.
With AI agents built directly into the canvas, teams can design pages, manage CMS content, write copy, add SEO, and audit for issues — all without leaving the tool where the real site lives. Agents bring speed and scale; you bring taste, judgment, and control.
*This is sponsored content

The government finally admitted it can't ask Silicon Valley to defuse a bomb it no longer holds.
The peg, not the punchline: Executive Order 14390, signed March 6, 2026, fights AI fraud with sanctions, prosecutions, and diplomacy, and it never once tells an AI company to switch off the abuse.
The receipts: OpenAI, Google, and Anthropic's threat reports show criminals bolting AI onto old scams, with most defenses banning accounts only after the damage is done.
The leak nobody can patch: open-weight models plus a technique called 'abliteration' strip out refusal entirely, and ‘WormGPT’ turned out to be Grok and Mixtral wearing a jailbroken mask.
The tell: malware named PROMPTFLUX now calls Gemini mid-attack to rewrite its own code, proving the intelligence has left the criminal's desk and is now in the exploit itself.
The stakes: safety is migrating to banks, borders, and whether you trust a face on a video call, and that downstream defense has to outrun fraud that gets cheaper every quarter.
Ever since generative AI reached the public, a quieter debate has accompanied the excitement over what it can do: what it makes easier for people with malicious intent. While businesses and consumers learned to get the most out of chatbots, image generators, and coding assistants, cybersecurity experts were preparing for a surge of AI-assisted attacks. The concern stemmed from a simple reality. The same capability that enables a security team to identify vulnerabilities in its own code also enables an attacker to discover them first. AI does not distinguish between defensive and offensive use. It amplifies the same underlying capability in both hands, which is why the problem has never had a straightforward solution.
In effect, cybersecurity, long compared to a game of whack-a-mole where defenders patch one exploit only for another to emerge elsewhere, was expected to accelerate into a far faster contest, with both attackers and defenders using AI to strengthen their respective capabilities.
At that pace, one demand kept returning to AI companies: build models that criminals simply cannot use. The call grew louder in early 2024, when a finance employee at the Hong Kong office of the British engineering firm Arup transferred $25.6M to fraudsters in 15 separate transactions. The instructions came during a video conference with what appeared to be the company's chief financial officer and several colleagues. Every person on the call was an AI-generated fake.
Incidents like that naturally invite the same question: why does technology capable of creating such convincing deception exist in a form that criminals can access? Beneath that question lies a deeper assumption, that the guardrails built into AI models should be capable of preventing this kind of misuse, and that AI companies can always strengthen those safeguards if they try hard enough. That assumption persisted for years before the U.S. government challenged it in an unexpected way.
On March 6, 2026, President Trump signed Executive Order 14390, a directive aimed at cyber-enabled fraud run by transnational criminal organizations. The order directs the State Department to press foreign governments that host scam centers and directs the attorney general to prioritize prosecutions of cyber-enabled fraud. It gives agencies 120 days to deliver an action plan, and it contemplates sanctions, visa restrictions, and trade penalties for governments that tolerate the schemes. It also directs federal authorities to draw threat intelligence from private cybersecurity firms.
However, the order never instructs the AI companies to switch the abuse off. Facing a fraud economy increasingly driven by generative AI, the most powerful government in the world resorted to diplomacy, indictments, and financial pressure. It treated the model providers as intelligence sources rather than gatekeepers holding a lever.
The reason the U.S. government chose not to place the burden solely on AI labs is not negligence, regulatory restraint, or a desire to protect the industry's independence. It reflects a conclusion that AI companies’ own transparency reports have been documenting for more than two years: the guardrail the public imagines does not sit where most people think it does.
Across those reports, a consistent pattern emerges. Threat actors are not using AI to invent fundamentally new ways of attacking systems. They are using it to deliver familiar attacks faster, cheaper, and more easily scalable.
OpenAI, which has cataloged more than 40 criminal networks it has disrupted since February 2024, found that threat actors "bolt AI onto old playbooks to move faster" rather than gaining new offensive power. Google's Threat Intelligence Group reached the same finding after tracking state-backed groups from North Korea, Iran, China, and Russia using its Gemini model throughout 2025. Its analysts reported that none had achieved “breakthrough capabilities” capable of reshaping the threat landscape. Anthropic's transparency reports document the same pattern: criminals using Claude to support fraud, ransomware, and extortion campaigns. The company’s August 2025 report did note one important shift: agentic AI systems were beginning to carry out parts of attacks themselves rather than merely advising human operators.
This distinction changes the problem. The primary risk is not that AI has created an entirely new class of cybercrime, but that it has dramatically lowered the cost and increased the speed of techniques criminals were already using.
The transparency reports point to the conclusion that although AI companies are catching and banning criminal misuse, they are unable to eliminate it entirely.
The reason behind this inability is that removing a bad actor from one service does not remove their access to AI itself. A ban identifies an account, not the person behind it, and creating new accounts is rarely difficult. More importantly, account bans work only for hosted services. An increasing share of AI capability now exists beyond those services altogether.
Open-weight models, whose full parameter sets are publicly available for download, are already capable enough for most criminal purposes. Once a model runs on private hardware, no terms of service apply, no provider can monitor its use, and no company can revoke access. Researchers have also shown that a model's refusal behavior can be separated from its underlying capability. The open-source community calls one such technique “abliteration,” which removes the internal direction responsible for safety refusals while leaving the model's capabilities largely intact.
Even software marketed as bespoke criminal AI often turns out to be borrowed from the mainstream ecosystem. Researchers at Cato Networks examined two 2025 versions of WormGPT, a subscription tool sold on underground forums, and found that both were little more than wrappers around commercial models. One relied on xAI's Grok and the other on Mistral's Mixtral, with their safety instructions bypassed through manipulated system prompts. Rather than building frontier AI from scratch, criminals were repackaging existing models.
The findings reflect a broader economic reality: since training a frontier model still costs hundreds of millions of dollars, it remains limited to a select few companies. However, once those capabilities exist, redirecting them toward fraud becomes remarkably inexpensive. As AI spreads through open-weight releases, jailbroken models, and repackaged commercial systems, any guardrail enforced by a single company governs an ever-smaller share of where the capability actually lives.
That shifts the problem from controlling models to managing what happens after they are used.
Once AI becomes a commodity rather than a service, ensuring its safety can no longer depend primarily on the model itself. The responsibility shifts downstream, toward the places where AI intersects with money, identity, communications, and borders. AI companies still retain one meaningful advantage because a large share of fraud continues to flow through commercial accounts. Observing that activity gives providers visibility they can share with investigators, which is precisely the role assigned to them under Executive Order 14390. But that advantage weakens as criminals migrate toward models that nobody is monitoring.
The transition is already visible in the malware itself. Google's November 2025 threat intelligence report described an experimental malware strain called PROMPTFLUX that queried the Gemini API while it was running, asking the model to rewrite portions of its own code to evade antivirus software. The intelligence, in other words, was no longer confined to the attacker. It was beginning to travel with the attack itself.
The consequences of this shift are distributed unevenly. Criminals gain access to a commoditized capability that no single company can withdraw. Banks, cybersecurity firms, and governments inherit the burden of detecting fraud after prevention has become porous. AI companies shoulder the reputational damage from every convincing scam despite exercising far less control than the public often assumes. And ordinary people inherit perhaps the most unfamiliar responsibility of all: verification.
A familiar face on a live video call can now be fabricated for the cost of a monthly subscription, making visual evidence alone insufficient to establish trust.
Cybersecurity has always resembled a game of whack-a-mole. Any individual exploit could be patched, but another would inevitably emerge. The assumption was that defenders would continue improving the mallet faster than attackers could raise new moles. Over the past two years, that assumption has begun to unravel. The mallet was never the true constraint. The underlying capability has fallen out of the hands of the companies that first built it, and the U.S. government's latest executive order quietly acknowledges that reality.
The unanswered question is whether a defense assembled downstream, across financial institutions, governments, technology providers, and the cautious habits of ordinary people, can evolve quickly enough to keep pace with a capability that grows cheaper, more autonomous, and more commonplace every quarter.


Business is hard. And sometimes you don’t really have the necessary tools to be great in your job. Well, Open Source CEO is here to change that.
Tools & resources, ranging from playbooks, databases, courses, and more.
Deep dives on famous visionary leaders.
Interviews with entrepreneurs and playbook breakdowns.
Are you ready to see what’s all about?
*This is sponsored content

xAI's unpermitted turbines: Reuters found Musk's xAI running 59 gas turbines for its Colossus 2 project without federal air permits, with the pollution hitting predominantly Black communities near Memphis hardest.
PixVerse crosses $2B: The Singapore video startup closed a $439M Series C extension, with Alibaba backing a push to expand its world models as the AI video race tightens.
The case for an AI dividend: A new argument says the public should share directly in AI's windfall, echoing rival plans from OpenAI, Trump, and Bernie Sanders to hand Americans a stake.

The government's own order admits AI labs can't switch off the misuse. So where should the guardrail actually live? |
|
Reality Defender: Real-time deepfake and voice-clone detection used by banks and governments, a direct answer to the fabricated video-call scam the piece opens on.
Content Credentials: The open C2PA standard that stamps media with its origin, worth a look now that visual proof alone no longer settles trust.
Have I Been Pwned: A free check for whether your credentials are already circulating, the personal, downstream end of the defense, the piece describes.
Leonardo AI: AI image and video generator with fine-grained creative controls, built for consistent style at scale.
Modal: Serverless cloud for Python and AI workloads, spin up GPUs in seconds without touching infrastructure.
Quillbot: AI writing assistant that paraphrases, summarizes, and rewrites text on demand to tighten drafts.

What did you think of today's email? |
