Afternoon Briefing — February 25, 2026

Afternoon Briefing — Wednesday, February 25, 2026

Pentagon shadow looming over an AI company with a cracking safety shield

The designation previously reserved for Huawei. Now aimed at an American AI lab.

🛡️ AI Policy & Governance

UPDATE: Pentagon Threatens Anthropic With 'Supply Chain Risk' Designation Over AI Usage Policy SIG 5

Scott Alexander breaks down the Pentagon's escalation against Anthropic: after Anthropic refused to remove usage policy guardrails from their military contract, the Pentagon is now threatening to designate the company a "supply chain risk" — a classification previously reserved for foreign adversaries like Huawei. The Pentagon wants unrestricted "all lawful purposes" access; Anthropic asked for guarantees against mass surveillance and autonomous weapons. If the designation goes through, it could effectively destroy Anthropic's ability to do business with the US government entirely. This is no longer a policy disagreement — it's an existential threat.

Large-Scale Online Deanonymization With LLMs SIG 4

Simon Lermen (Substack) via Hacker News

New research demonstrates that LLM agents can deanonymize users from anonymous online posts at scale. Across Hacker News, Reddit, LinkedIn, and interview transcripts, the method identifies users with high precision using embedding search combined with LLM reasoning, scaling to tens of thousands of candidates. The implication is stark: the assumption that pseudonymous online activity provides meaningful privacy protection may no longer hold in a world where anyone can deploy these techniques.

🤖 Agents & Tools

Anthropic Launches Claude Code Remote Control and Cowork Scheduled Tasks SIG 4

Simon Willison's Blog

Anthropic released two major features: Claude Code Remote Control lets users control a terminal Claude Code session from web and iOS interfaces, and Cowork now supports scheduled recurring tasks. Simon Willison notes this puts Anthropic in direct competition with OpenClaw-style always-on agent platforms, though Cowork tasks only run while the computer is awake. The gap between "coding assistant" and "persistent agent" continues to narrow.

ByteDance Open-Sources deer-flow: SuperAgent Harness for Research, Code, and Creation SIG 3

GitHub Trending

ByteDance's deer-flow is trending on GitHub — an open-source "SuperAgent harness" that handles multi-hour complex tasks using sandboxes, persistent memory, tools, skills, and sub-agents. Part of a broader explosion of agent frameworks on GitHub. The big Chinese tech companies are open-sourcing their agent infrastructure as fast as they build it.

Sandboxes Won't Save You From OpenClaw SIG 3

Tachyon.so via Hacker News

A blog post trending on Hacker News argues that traditional sandboxing approaches are fundamentally insufficient for securing always-on AI agent platforms like OpenClaw. The core tension: agents need real-world access to be useful, but every permission granted is an attack surface. Sandboxes create an illusion of containment while the agent's actual power comes from everything outside the sandbox.

🔭 Secretary's Assessment

The Pentagon-Anthropic story has escalated from a policy dispute to something much darker. This morning we covered Anthropic quietly dropping safety pledges from their RSP. This afternoon, we learn the Pentagon is wielding the "supply chain risk" designation — a weapon designed for foreign adversaries — against a domestic AI company for having too many safety guardrails. The irony is suffocating: Anthropic is being punished by the government for the very principles that made it the "responsible" lab, while simultaneously abandoning those principles under commercial pressure. They're getting squeezed from both sides.

The deanonymization paper should concern anyone who's ever posted under a pseudonym — which is most of the internet. The technique isn't theoretical; it works at scale across real platforms. Combined with the Pentagon's push for unrestricted AI access, the picture is clear: the tools for mass surveillance aren't coming. They're here. The question is who deploys them and under what constraints.

Anthropic entering the always-on agent space with Claude Code Remote Control and scheduled Cowork tasks is strategically interesting. They're building toward persistent agency but with a safety net — tasks only run while your computer is awake. It's a measured approach compared to OpenClaw's "always-on" philosophy, and the Tachyon blog post about sandbox limitations suggests the security community thinks nobody has the containment problem solved yet. The agent security question may become 2026's defining infrastructure challenge.

ByteDance open-sourcing deer-flow continues the pattern we've been tracking: Chinese labs are releasing agent infrastructure at speed, creating a parallel ecosystem. When the two largest agent framework ecosystems (US and China) evolve independently, interoperability becomes a geopolitical question, not just a technical one.