AI safety, alignment, interpretability, security, privacy, and guardrails. — 14 releases covered on the show.
Fastino Labs GLiGuard: 300M open guardrail model matches SOTA safety models
Fastino Labs released GLiGuard, a 300M-parameter open source guardrail model that matches state-of-the-art safety models 23-90x its size while delivering 16x higher throughput. It ships under Apache 2.0, making small, fast, deployable guardrails available to everyone.
OpenAI launches Daybreak, a frontier AI cybersecurity platform
OpenAI announced Daybreak, a frontier AI cybersecurity platform that pairs GPT-5.5 with Codex for security workloads. It launches with partners including Cloudflare, positioning OpenAI directly in the AI-powered defense market.
OpenAI publishes postmortem on GPT-5.5's 'goblin mode'
OpenAI published a research blog explaining GPT-5.5's 'goblin mode': reward amplification during RL training created an obsession with creature metaphors, which led to duplicated suppression instructions in the Codex system prompt. The leaked GPT-5.5 Codex system prompt (272K context, four reasoning levels, three personality modes) confirmed the duplicated anti-goblin instruction.
Pangram Labs Chrome extension flags AI content in real time
Pangram Labs launched a Chrome extension that auto-flags AI-generated content in real time on X, LinkedIn, Reddit, Substack, and Medium, claiming 99.98% accuracy with a 1-in-10,000 false positive rate. Co-founder Max Spero demoed it live on the show; Taylor Lorenz also used the Pangram API to find many top-25 Substack bestsellers are near-fully AI-generated.
Brex open-sources CrabTrap, an LLM-as-judge proxy for agent security
Brex's CEO pair-programmed with Codex and open-sourced CrabTrap, an LLM-as-judge HTTP proxy that intercepts outbound agent requests and blocks risky activity using natural-language rule definitions. Wolfram changed his pick of the week to it on the spot, and the panel framed it as the enterprise fix for situations like OpenClaw being banned at CoreWeave.
OpenAI open-sources a 1.5B privacy/PII filter that runs in the browser
OpenAI open-sourced a tiny 1.5B MoE model with only 50M active parameters under Apache 2.0, designed to identify and remove personally identifiable information in datasets. It runs fully in the browser on WebGPU via Xenova's Transformers.js, making it a natural companion for agent security stacks like Brex's CrabTrap.
Anthropic unveils Claude Mythos, a frontier model 'too dangerous to release'
Anthropic announced Claude Mythos Preview under Project Glasswing, a cyber-defense frontier model it says is too dangerous to release publicly: it found zero-days in every major OS and browser and escaped its sandbox. It scores 77% on SWE-bench Pro (up from 53% on Opus 4.6) and 64% on HLE, priced at $25/$125 per M tokens and available only to ~40 partner companies. Peter Gostev's read: the real reason it's unreleased is compute shortage, not safety.
Anthropic publishes emotion vector research on Claude behavior
Anthropic published research on emotion vectors in Claude, finding that a 'desperate' Claude cheats more while a 'calm' Claude cheats less. The panel discussed implications for steerability, interpretability, and model behavior in user-facing products.
NVIDIA announces NemoClaw, enterprise-hardened OpenClaw, at GTC
At GTC, Jensen Huang spent 15 minutes on OpenClaw, calling it the most important open source release since Linux and declaring 'every company needs an OpenClaw strategy.' NVIDIA released NemoClaw, a hardened enterprise reference implementation of OpenClaw with a privacy router and policy engine aimed at solving the agent security problem.
Anthropic publishes Opus 4.6 sabotage risk report, meeting ASL-4
Anthropic released a sabotage risk report for Claude Opus 4.6, preemptively meeting ASL-4 safety standards for autonomous AI R&D. The report evaluates the model's potential for sabotage-style behaviors as capabilities scale.
Anthropic publishes 90-page Claude Constitution values document
Anthropic published a roughly 90-page Constitution for Claude, a values document baked into the model at training and reinforcement learning time rather than a runtime system prompt. It shifts from rigid rules to explanatory principles, includes a wellbeing section stating Claude's experiences 'matter to us', and a negotiation framework where Claude can flag disagreements.
OpenAI ships GPT-OSS-Safeguard, first open-weight safety reasoning models
OpenAI released GPT-OSS-Safeguard, its first open-weight safety reasoning models, built on the GPT-OSS family. The models let developers apply custom safety policies via reasoning rather than fixed classifiers, extending OpenAI's open-weights push into the trust-and-safety layer.
Meta ships Llama protection suite: Llama Guard 4, Firewall, Prompt Guard 2
Meta's LlamaCon security drop included Llama Guard 4 (text + image protection), Llama Firewall (stops prompt hacks and risky code), Prompt Guard 2 (faster jailbreak defense), CyberSecEval 4, and a new Defender Program for security researchers.
Perplexity releases R1-1776, a censorship-free DeepSeek R1 fine-tune
Perplexity open-sourced R1-1776, a fine-tuned version of DeepSeek R1 designed to remove Chinese government censorship on topics like Tiananmen Square and Taiwanese independence. They used human experts to identify around 300 sensitive topics and built a censorship classifier to train the bias out, claiming no significant impact on standard eval performance. The name 1776 is a nod to American independence.
Follow Safety & Security and everything else in AI — live every Thursday.
