20 JUN 2026
Operating in the Fog
On June 16, 2026, the chief of staff of France's national cybersecurity agency announced publicly that the agency will stop certifying security products without post-quantum cryptography starting in 2027, with hybrid composition mandatory and extended to signatures. Two days later, a US federal procurement clause proposed binding language-model providers through the same instrument. The certifier moved upstream of the artifact.
19 JUN 2026
Operating in the Fog
On June 18, 2026, a Five Eyes safety institute released the five-layer technical stack used to evaluate frontier AI systems. The release names the substrate under the evaluation as the governance object. The procurement instruments and certification regimes that follow it can now point at the substrate by reference rather than reinvention.
18 JUN 2026
Mythos Asymmetry
A June 17, 2026 NCSC post argues that prompt injection cannot be stopped the way SQL injection can. The argument is structural. The procurement clause that would follow from it is now visible.
18 JUN 2026
Agent Identity
A June 14, 2026 arXiv paper names the routing infrastructure itself as a trust surface and demonstrates a three-protocol construction that closes three different gaps at once. The construction is service-provider transparent. The four-property procurement instrument that would invoke it has not yet been written.
17 JUN 2026
Agent Identity
NIST opens the post-quantum credential update at the public-working-draft layer with a GitHub repository and a public mailing list. The agentic credential is not yet at that resolution. The asymmetry between the human-credential venue and the agent-credential venue is now legible.
17 JUN 2026
Agent Identity
A February 2026 arXiv paper proposes minimum-effort coalition selection for agent-to-agent routing. The construction names three integrated dimensions: capability coverage, network locality, and economic implementability. The institutional record has not yet named the substrate the coalition would run on.
17 JUN 2026
Agent Identity
A June 2026 paper names the LLM API router as an application-layer man-in-the-middle and demonstrates a hardware-attested architecture that closes the gap. The architecture is six milliseconds slow and eight hundred fifty-one lines large. The procurement clause that would invoke it is now visible.
16 JUN 2026
Operating in the Fog
On June 10, the federal patch instrument was rewritten in mid-flight. The patch no longer means the system is clean. Whether the system is clean is now a separate finding the directive does not standardize how to produce.
15 JUN 2026
Operating in the Fog
The first government-ordered withdrawal of a deployed frontier model traveled through the wrong door. The door that was supposed to be the recall door was never built.
11 JUN 2026
Operating in the Fog
The same week NIST proved the guardrail does not close, the EU shipped an icon for AI-generated content. The mark assumes an origin the deployment pattern has stopped producing.
10 JUN 2026
Five Categories
NIST publishes a Goedel-style proof that no finite guardrail set is universally robust against adversarial prompts. The marketplace is still selling the artifact. The diligence question that survives the proof asks what the company does when no one is watching.
09 JUN 2026
Five Categories
The Article 68 Scientific Panel closes the institutional gap on model evaluation. The substrate beneath the model is the next gap.
09 JUN 2026
Operating in the Fog
The G7 Cybersecurity Declaration commits to a SBOM for AI. The artifact is the easy part. Whether it carries the function is the open question.
09 JUN 2026
Five Categories
The Cloud and AI Development Act instantiates sovereignty as a formal regulatory category. The anchors are at infrastructure. The substrate beneath is not yet anchored.
09 JUN 2026
Mythos Asymmetry
The Estonian Aruait project names the audit-identity-orchestration substrate that the institutional record has been pointing toward without committing to.
09 JUN 2026
Five Categories
Anthropic Frontier Red Team maps 832 banned accounts to MITRE ATT&CK. One case the framework cannot name. The classification function lags the deployment tempo.
A May 18 arXiv preprint puts a measurement on a failure mode the targeting-loop conversation has been circling since Minab. The drones arc, refracted through Agent Meltdowns.
21 MAY 2026
Operating in the Fog
LTL runtime monitors and the missing instrumentation layer the Aegis Terra paper assumed but did not build.
21 MAY 2026
Agent Identity
Heartbeat-bound hierarchical credentials and the cryptographic bound the agent identity arc has been waiting for.
16 MAY 2026
Mythos Asymmetry
Capability access is now a regulatory variable. Anthropic Mythos, the Glasswing program, and the structure of who gets what.
09 MAY 2026
Five Categories
The April 30 Five Eyes advisory names five categories of agentic AI risk. None of them ship with an enforcement architecture.
25 APR 2026
Operating in the Fog
A response to the March 2026 strategic assessment. The transport layer is the right reading; the provenance layer is the missing one.
21 APR 2026
Agent Identity
The Vercel breach and the autonomy threshold quote, read together. Allow All is the product surface, not a configuration error.
A response to the April 11 MacGregor / Modigliani DTAcq event. The market financed autonomous targeting before it financed proof.
A cross-sector look at why audit logs are not governance, and why proof-of-authorized-action is now infrastructure.
The April 10 Interim Measures from five Chinese ministries reveal what governance looks like when the verification layer and the collection layer are the same entity.
The Pentagon wants 150,000 autonomous airframes. International humanitarian law assumes a human in the loop.
Reframing the surveillance debate around the governance gap for autonomous systems acting on collected data.