As an ideological movement, MAGA is fairly straightforward and uncomplicated: America is a nation founded by and for white Christians (“Christian” here has the rather specialized meaning it’s given in white Christian nationalist discourse, i.e., white Protestant evangelicals), and those who aren’t both members of this tribe and committed to maintaining or re-establishing its cultural and political dominance aren’t Real Americans, properly understood.

People who say Donald Trump doesn’t have any real political beliefs or ideology are obviously wrong about that: his whole public career is a many-decades long testimony to the fact that one big reason be became the unchallenged leader of the white Christian nationalist cult is that, to the extent he has political beliefs and ideological commitments, they’re just standard issue white Christian nationalism. In other words, Trump, like the tens of millions of Americans who make up his political base, is a white supremacist.

The greatest trick white supremacism ever pulled in America was convincing people that if you weren’t literally in the KKK and publicly advocating for Jim Crow and prophylactic lynchings you weren’t a white supremacist, just a “normal American” who was in favor of a color-blind meritocracy and what’s racist about that, political correctness/critical race theory/wokeism is the real racism [that one sentence from that one speech MLK gave that one time goes here]. White supremacy is merely the belief that it’s the natural order of things for white people to be running everything, and that this natural order will continue to exist, absent massive and per se wrongful intervention by a “socialist” government (“socialism” in right wing discourse means above all using the powers of the government to try to ameliorate the effects of white supremacy). This is what John Roberts believes today every bit as much as George Wallace believed it in 1960, although it’s considered extremely impolite to point this out.

As I say Donald Trump believes this too, not because he’s thought it through of course, since thinking things through has never been a practice of his, but because old white people in America are usually white supremacists, because that’s the factory setting, culturally speaking.

All this is true, but I believe it’s also fair to say that Trump’s fundamental life goal is not to advance white supremacy, which in his case like in that of so many others is merely a largely unconscious and reflexive set of beliefs, but rather to rip people off, brazenly and continuously:

Nearly 600,000 Trump supporters paid $100 each towards a gold smartphone that, nearly a year on, does not exist.

The Trump Mobile T1 phone was announced in June 2025 by Donald Trump Jr. and Eric Trump as a patriotic alternative to Apple and Samsung, retailing at $499, and promising a ‘Made in the USA’ build.

An estimated 590,000 buyers paid a $100 deposit to secure one, collectively handing the venture roughly $59 million. 

Can you guess what happened next?

As of May 2026, not a single confirmed customer has received the device. Now, a fresh wave of anger is spreading across MAGA forums after buyers received communication making clear that their money is, for all practical purposes, gone.

Wait, Donald Trump promised something in exchange for money, took the money, and then didn’t provide the thing promised? This actually happened?

The clearest signal yet that buyers may never see either a phone or their money came with a revised terms of service published on 6 April 2026. The updated document states explicitly that paying a deposit ‘does not constitute a completed purchase and does not create a binding legal contract.’ The payment is described as ‘a conditional opportunity to buy the device if Trump Mobile eventually chooses to sell it,’ with the company retaining all control over whether a phone is produced at all.

I’m sorry Padre, but you opted for our “never pay” policy, which quite clearly states that no claim you make will be honored. So there it is.

The T1 was sold from day one on the strength of a single, politically loaded promise: it would be built in America. Within days of the June 2025 launch, that language vanished from the Trump Mobile website. ‘MADE IN THE USA’ became ‘American-proud design,’ then ‘Brought to life right here in the USA,’ language that supply chain experts noted was legally and commercially meaningless.

Springsteen should do a song called “Made in the USA,” so that people can miss the point again.

Commenter DocAmazing sums up the state of play succiently:

The wonderful thing about right-wing affinity fraud: the victims learn nothing and don’t care about the victimization of others. There’s an unending crop of marks.

Speaking of which, Truth Social, a publicly held company, was just required to publish its first quarter financials, and . . .

For the first quarter, TMTG generated net sales of $871,200, up 6% year over year. The company reported a $405.9 million net loss and a $387.8 million adjusted EBITDA (earnings before interest, taxes, depreciation, and amortization) loss for the first quarter of 2026. The vast bulk of the losses were “non-cash losses including unrealized losses on digital assets, digital assets pledged, and equity securities ($368.7 million), accreted interest ($11.5 million), and stock based compensation ($11.8 million),” the company said in a press release.

Translation: Trump’s media company is generating slightly less than one dollar in revenue for every four hundred dollars it spends. P.T. Barnum and H.L. Mencken are spinning in their graves faster than neutron stars.

The post MAGA as right wing affinity fraud appeared first on Lawyers, Guns & Money.

At 5:26 am local time on August 10, 2025, a massive wedge of rock with a volume of at least 63.5 million cubic meters detached from a mountain above Alaska’s Tracy Arm fjord. The falling rock plummeted into the deep waters at the terminus of the South Sawyer Glacier and caused an initial 100-meter-high breaking wave that tore across the fjord at speeds exceeding 70 meters a second. When this wave hit the opposite shoreline, it surged up the steep rocks to a height of 481 meters above sea level.

“It was the second highest tsunami ever recorded on Earth,” says Aram Fathian, a researcher at the University of Calgary and co-author of a recent Science study that reconstructed this event in detail. “But until now, almost nobody heard about it because it was a near-miss event,” he adds. There were no injuries or fatalities reported following the Tracy Arm fjord tsunami, mostly because it happened early in the morning. But we might not be so lucky next time.

Landslide megatsunamis

Earthquake-generated tsunamis usually reach runup heights of a few tens of meters when they strike land. Landslide tsunamis, like the one that happened in Tracy Arm, are often more localized but also way more violent. When millions of tons of rock suddenly fall into a confined body of water like a narrow fjord, the variation in water depth and the direct displacement of the water column produce extremely high waves. Since 1925, scientists have documented 27 such events with runups exceeding 50 meters. The highest was the 1958 Lituya Bay tsunami, which reached 530 meters.

The source of the 2025 Tracy Arm tsunami was a steep rock wedge on the northern side of the fjord. Its headscarp, the uppermost boundary of a landslide or rockfall, sat roughly 1,025 meters above sea level. For centuries, the structural integrity of this slope was maintained by a massive wall of ice known as the South Sawyer Glacier. But South Sawyer, like many other glaciers in the Stikine Icefield, has been in a state of retreat due to the warming climate.

Climate-driven disaster

“We studied the event from several aspects, from different lenses,” Fathian says. The team used high-resolution satellite images taken before and after the event to reconstruct the shape and geometry of the slide, as well as its axis and direction. Satellite images were also used to evaluate glacial thinning in the area, which, the team concluded, was the root cause of the Tracy Arms event.

The collapse, according to the study, was made more likely by the industrial-era warming of the planet. Researchers calculating the regional temperature trends found a 1.1° C increase in summertime temperatures since around 1875, driving up snowline elevations by roughly 169 meters. The local ice also got significantly thinner. Between 2013 and 2022 alone, the glacier ice bracing the failure site thinned by 100 to 130 meters.

Without millions of tons of ice pressing against the rock, the slopes were left too steep to support their own weight. In July 2025, just weeks before the event, glacial retreat exposed the very base of the slope that would soon fail. The icy straitjacket that kept the rocks from collapsing was no longer there. But there were other signs of an impending disaster.

Cracks in the rock

Retrospective analysis of optical and radar satellite imagery from the weeks preceding the slide showed no visible tension cracks or major deformational scarring on the slope. From the outside, it looked perfectly sound. But deep within the rock, surfaces were already grinding. Regional seismometers registered localized repeating earthquakes beginning as early as August 5. By August 9, these mini earthquakes were happening once every hour. In the six hours leading up to the main failure, the gaps between these seismic signals shrank to between 30 to 60 seconds.

The cause of this uptick in microseismicity was the small patches of rock and ice snapping as a huge part of the cliff began to inch its way downward. About an hour before the landslide, the signals merged into a continuous, grinding slip. And then, the rock fell.

The impact of 63.5 million cubic meters of rock hitting the fjord released forces large enough to be registered globally. The seismic waves that cascaded across the planet were recorded by sensor stations worldwide and were equivalent in energy to a magnitude 5.4 earthquake. The sloshing water within the fjord established a 66-second long-period seiche, a standing wave, that reverberated back and forth for 36 hours.

“It could easily turn into a catastrophic disaster,” Fathian says. It could, because Tracy Arm is a highly frequented tourist destination.

A close call

During the summer, more than 20 boats navigate the Tracy and Endicott arms every day, including up to six large cruise ships. Had the landslide occurred a few hours later, in the middle of the tourist day, the outcome could have been tragic. But even at 5:26 in the morning, the tsunami was enough to terrify the few people present in the vicinity.

About 55 kilometers away on Harbor Island, a group of kayakers saw the water flowing past their tents 20 minutes after the landslide. The surging tide took away some of their gear and one of the kayaks. Nearby in No Name Bay, observers on a motor vessel reported a 2-2.5-meter cresting wave coming along the beach from the direction of Tracy Arm, followed by a secondary 1-meter wave.

Farther away, 85 kilometers from the source, the crew of the small cruise boat anchored in Fords Terror saw a surge of water pouring over a nearby sandbar; it then physically lifted their vessel three meters despite a falling tide. The surge, they reported, lasted until 11 am, only to leave their small skiff stranded on dry land a few minutes later as the water receded.

At the mouth of the fjord, a National Geographic Venture cruise ship carrying around 150 people was anchored in dense fog. The captain noted currents, white water, and a significant amount of ice and debris near the edges of the fjord. Because the jagged, shallow seabed near the fjord's mouth acted like a speed bump that sapped the wave's energy, people onboard the cruise ship came out of the event unscathed. “It was a miraculous kind of luck we had that nobody got hurt,” Fathian claims.

But that luck may not last. With the warming climate, the team is convinced we’re going to have more Tracy Arms in the future.

Early-warning system

As climate change accelerates the retreat of tidewater glaciers and thaws the permafrost holding Arctic mountains together, the structural integrity of these landscapes is failing. “These conditions exist in many locations worldwide: Canada, Alaska, New Zealand, Greenland, Norway, and many other places,” Fathian claims. “And a similar event could happen in these areas.”

At the same time, our exposure to these hazards is on the rise. The number of cruise ship passengers visiting Alaska has increased from roughly 1 million in 2016 to 1.6 million in 2025. “Some of these cruise ships carry up to 6,000 passengers. This is literally a floating city,” Fathian says. “Imagine one of these ships getting hit by a mega tsunami wave.”

The researchers hope their study will provide scientific tools we could use to predict such events in advance. “Tracy Arm was not on the radar—it was not on anyone’s hazard or risk map,” Fathian explains. The goal for the team now is a better understanding of precursory warning signals they could detect with seismological techniques like mini earthquakes recorded around Tracy Arm a few days prior to the tsunami.

“These signals could be promising for developing early warning systems in similar conditions or areas,” Fathian says. “Hopefully this kind of data ends up on desks of policymakers and regulators to come up with practical and appropriate measures.”

Science, 2026.  DOI: http://dx.doi.org/10.1126/science.aec3187

Read full article

Comments

Archaeologists continue to use DNA analysis to identify the recovered remains of the doomed crew members of Captain Sir John S. Franklin's 1846 Arctic expedition to cross the Northwest Passage. They can now add four more names to the list of previously identified crew members. The findings were reported in two papers, one published in the Journal of Archaeological Science and the other in the Polar Record.

As we've reported previously, Franklin’s two ships, the HMS Erebus and the HMS Terror, became icebound in the Victoria Strait, and all 129 crew members ultimately died. It has been an enduring mystery that has captured imaginations ever since. The expedition set sail on May 19, 1845, and was last seen in July 1845 in Baffin Bay by the captains of two whaling ships. Historians have compiled a reasonably credible account of what happened: The crew spent the winter of 1845–1846 on Beechey Island, where the graves of three crew members were found.

When the weather cleared, the expedition sailed into the Victoria Strait before getting trapped in the ice off King William Island in September 1846. Franklin died on June 11, 1847, per a surviving note signed by Fitzjames dated the following April. HMS Erebus Captain James Fitzjames had assumed overall command after Franklin’s death, leading 105 survivors from their ice-trapped ships. It’s believed that everyone else died while encamped for the winter or while attempting to walk back to civilization.

There was no concrete news about the expedition’s fate until 1854, when local Inuits told 19th-century Scottish explorer John Rae that they had seen about 40 people dragging a ship’s boat on a sledge along the south coast. The following year, several bodies were found near the mouth of the Back River. A second search in 1859 led to the discovery of a location some 80 kilometers to the south of that site, dubbed Erebus Bay, as well as several more bodies and one of the ships' boats still mounted on a sledge. In 1861, yet another site was found just two kilometers away with even more bodies. When those two sites were rediscovered in the 1990s, archaeologists designated them NgLj-3 and NgLj-2, respectively.

The actual shipwrecks of the HMS Erebus and the HMS Terror were not found until 2014 and 2016, respectively. Thanks to the cold water temperature, lack of natural light, and the layers of silt covering many of the artifacts, the ship and its contents were in remarkably good condition. Even some of the windowpanes were still intact. The first underwater images and footage showing the ships' exteriors and interiors were released in 2019.

It's in the DNA

2D forensic facial reconstruction of David Young, Boy 1st Class from the HMS <em>Erebus</em>, who died at Erebus Bay. Credit: Diana Trepkov

For several years, scientists have been conducting DNA research to identify the remains found at these sites by comparing DNA profiles of the remains with samples taken from descendants of the expedition members. Some 46 archaeological samples (bone, tooth, or hair) from Franklin expedition-related sites on King William Island have been genetically profiled and compared to cheek swab samples from 25 descendant donors. Most did not match, but in 2021, they identified one of those bodies as chief engineer John Gregory, who worked on the Erebus.

By 2024, the team had added four more descendant donors—one related to Fitzjames (technically a second cousin five times removed through the captain’s great-grandfather). That same year, DNA analysis revealed that a tooth recovered from a mandible at one of the relevant archaeological sites was that of Captain James Fitzjames of the HMS Erebus. His remains showed clear signs of cannibalism, confirming early Inuit reports of desperate crew members resorting to eating their dead.

We can now add three more crew members identified through their DNA. As before, to make the identifications, the team extracted DNA from archaeological samples and compared it with mitochondrial and Y-chromosome DNA from descendants. These included a molar and humerus shaft from NgLj-3; two molars, a premolar, and a temporal cranium bone from NgLj-2; and a sample taken from a left humerus found in 2018 at NgLj-1. The researchers were able to identify three individuals: William Orren, able seaman; David Young, boy 1st class; and John Bridgens, subordinate officers’ steward. All served on the HMS Erebus, and they all died at Erebus Bay.

Meanwhile, the Polar Reports paper focused on identifying an unburied skeleton found in 1859 on the south shore of King William Island. The skeleton was found with a seaman's certificate and other papers in a leather pocketbook belonging to Petty Officer Harry Peglar of the HMS Terror. However, the clothing found scattered around the remains was not of the sort usually worn by seamen or officers. The items included a double-breasted waistcoat and a black silk neckerchief tied in a bowknot, more indicative of what would be worn by a steward or officer's servant, as well as a clothes brush.

For a long time, the consensus was that the remains were most likely those of a steward. There were four on each of the two ships in the Franklin expedition, with the best candidates being Thomas Armitage, gunroom steward, or William Gibson, subordinate officers' steward, both of whom served on the HMS Terror. The authors estimated the skeleton's height via osteological analysis and compared DNA samples taken from the skeleton to those of descendants of six of the eight stewards and Harry Peglar. The DNA revealed that the skeleton was, in fact, Peglar.

DOI: Journal of Archaeological Science, 2026. 10.1016/j.jasrep.2026.105739  (About DOIs).

DOI: Polar Reports, 2026. 10.1017/S003224742610031X  (About DOIs).

Read full article

Comments

ShinyHunters, a black-hat hacking group, has brought down Canvas across a significant portion of America’s higher education system:

Students were unable to access Canvas on Thursday afternoon after cybercrime group ShinyHunters shut down Penn’s access to the interface. 

The May 7 data breach comes after ShinyHunters — notorious in the hacking community for large-scale data breaches — claimed responsibility for breaching Instructure, the company that manages Canvas, last week. In the message posted on Penn’s Canvas page, the hackers wrote that any university that does not wish to have its data released should contact the group before May 12.

A request for comment was left with a University spokesperson. 

“ShinyHunters has breached Instructure (again),” the warning read. “Instead of contacting us to resolve it they ignored us and did some ‘security patches.’”

I am being told by professionals that ShinyHunters is angling for direct payouts from individual institutions. Good thinking to pull this in the midst of Finals Week. OMG we’re basically living in season two of The Pitt! Pay up, admins! Or don’t. I don’t really care, honestly. Also, “scheduled maintenance” is a nice cover story…

… actual footage from the Office of the President…

The post Canvas Down! appeared first on Lawyers, Guns & Money.

Last fall, we featured an extensive interview with Petter Törnberg of the University of Amsterdam, who studies the underlying mechanisms of social media that give rise to its worst aspects: the partisan echo chambers, the concentration of influence among a small group of elite users (attention inequality), and the amplification of the most extreme divisive voices. He wasn't optimistic about social media's future.

Törnberg's research showed that, while numerous platform-level intervention strategies have been proposed to combat these issues, none are likely to be effective. And it’s not the fault of much-hated algorithms, non-chronological feeds, or our human proclivity for seeking out negativity. Rather, the dynamics that give rise to all those negative outcomes are structurally embedded in the very architecture of social media. So we’re probably doomed to endless toxic feedback loops unless someone hits upon a brilliant fundamental redesign that manages to change those dynamics.

Törnberg has been very busy since then, producing two new papers and one new preprint building on this realization that social media is structured quite differently than the physical world, with unexpected downstream consequences. The first new paper, published in PLoS ONE, specifically focused on the echo chamber effect, using the same combined standard agent-based modeling with large language models (LLMs)—essentially creating little AI personas to simulate online social media behavior.

Those simulated users were randomly programmed to either hold an opinion or its opposite and then interact randomly with selected members of a simulated online community. And if the proportion of community members who disagreed with those simulated users exceeded a given threshold, those agents were programmed to leave and join a different online community.

Filter bubbles: Not a culprit, but a cure

Consistent with last year's results, echo chambers emerge naturally from the basic architecture of social media platforms. "One surprising finding is the fact that we get echo chambers even without any filter bubbles, even if people really love being in diverse spaces," said Törnberg. "You don't need an algorithmic nudge. You can still get these highly segregated spaces. The other surprising finding is that filter bubbles, which have been blamed for homogeneity, can be a cure."

It doesn't take much to destabilize or stabilize the system, Törnberg found. Even if the threshold for disagreement was quite low, disagreements were amplified to the point that each random interaction was increasingly likely to exceed the threshold. More and more users were pushed to relocate until what was once a community with a solid diversity of opinion rapidly became polarized and/or overly homogenous.

Conversely, if just 10 percent of users in a given social media community largely agree with your stances, you will be more tolerant toward diverse opinions that contradict your own. "There's a certain chance that some users will end up in communities where it's very homogenous and 99 percent of users are disagreeing with them," said Törnberg. "That will cause them to leave, and you get this feedback effect just because of the structure of interaction. But if you have a filter bubble effect, where everyone is shown 10 percent of their own type, that creates a possibility for you to find the people who you agree with within the community. And that stabilizes the entire dynamics so it doesn't tip over to one side or the other and become extreme or overly homogenous."

Törnberg found some confirmation of those dynamics when he analyzed an actual online echo chamber: the subreddit r/MensRights. He found that members of the subreddit were more likely to leave if their posts diverged too far, linguistically, from the community's center of gravity.

"Who are the users leaving the community?" said Törnberg. "The users that are more ideologically distant are more likely to leave. So it captures the same mechanism of feedback dynamics, where the community becomes more homogenous and more extreme because users leave—[and they leave] because they feel it's becoming too homogenous and extreme. Eventually it tips over to one direction. And of course, as the community becomes more extreme, there's this boiling the frog effect where the users who stay are influenced by the community and become more extreme."

In principle, it could be possible to exploit these feedback effects to preserve viewpoint diversity—but there are caveats. "Ultimately, it's about changing the fundamental rules of what people are seeing and being mindful of the feedback effects that always play out in any complex system," said Törnberg. "That being said, do I want to tell [Mark] Zuckerberg to implement more filter bubbles on Facebook? I think I'd want a little bit more evidence before going that far. But it does highlight that we need to have a little more humility when it comes to our design of these systems and what the downstream consequences are. We tend to maybe think one step ahead, but miss the fact that these are highly complex systems, full of feedback effects that often do the exact opposite of what you intend."

The "botification" of social media

For his second new paper, published in the Journal of Quantitative Description: Digital Media (JQD:DM), Törnberg relied on nationally representative data from the 2020 and 2024 American National Election Studies surveys, covering US citizens from all 50 states and Washington, DC. The objective was to learn more about shifting trends in how people were using (or not using) social media across all platforms, demographics, and political affiliations.

Törnberg found that visits and posting activity on Facebook, YouTube, and Twitter/X—what one might consider legacy social media platforms—showed marked declines. However, "My sense is that the number of posts on Twitter and Facebook has probably not really declined despite the fact that the number of people posting—humans who are alive and have a pulse—has dropped by 50 percent, because of the rise of AI and LLMs and the botification of those platforms," said Törnberg.

Most social media platforms slightly shifted politically to the right, although they remained Democratic-leaning on balance—except for Twitter/X. In that case, "The engagement behavior was a 72 percentage point shift to the right, which is just insane," said Törnberg. "It used to be that the more you posted on Twitter, there was a slight correlation with how much you liked the Democrats and how much you disliked Republicans—how effectively polarized you were to the left. Now it's very strongly and very clearly correlated with hating Democrats and liking Republicans. So the graph appropriately becomes an X, which I guess is exactly what [Elon Musk] paid for."

Meanwhile, on Facebook, posting behavior is correlated on both sides of the partisan divide and has more to do with how active the most partisan users are, prompting casual users to disengage so that those louder voices dominate, making the platform narrower and more ideologically extreme. "The more you're effectively polarized, the more you post on Facebook," said Törnberg. "That's the social media prism or the fun house mirror of social media in action, because the most extreme voices are the voices that tend to post, and also they tend to become more visible because of the engagement algorithms."

Reddit and TikTok were outliers, showing modest growth instead of decline. Törnberg thinks TikTok's growth, in particular, indicates another interesting shift. "I think that there is a general transition from the text-based, interaction-based social media to this more fully algorithmic video, short video form," he said. "So is it even a social media anymore? We tend to put TikTok and Instagram in the same basket as Twitter/X. I don't think that really makes sense because we're seeing a shift away from one form of social media to a new form of media platform that is fundamentally different."

Is it even "social media" anymore?

That shift is the focus of a new preprint that Törnberg co-authored with University of Amsterdam colleague Richard Rogers. "When we talk about social media, there are certain assumptions about what it is," said Törnberg. "It's user-generated, and there's a platform that organizes interaction, but the platform cannot produce content on its own. So instead the platform allows people to connect with each other, and it just provides infrastructure for that. The [terms] social network and social media is almost synonymous. Those describe pre-algorithm Twitter circa 2012 quite well."

Now that more and more users are disengaging and often leaving those platforms entirely, the AI bots are moving in, often at the instigation of the social media platforms themselves. "We don't need the users anymore," said Törnberg of the reasoning behind such decisions. "We don't need them to generate content. We can generate our own content and we can automate the users. So there's a splintering of what used to be social media."

Törnberg identified three new kinds of emerging online media platforms, starting with private or semi-private group chats like WhatsApp. "The social part has just moved into these private group chat features," he said. Then there other protected communities like Substack, often organized around a certain influential leader, "where there are more boundaries to joining in such a way that bots doesn't make sense. The dynamic and logic of those places are very different from social media and much more driven by parasocial relationships."

The second category is what Törnberg calls algorithmic broadcasting media, like TikTok, Instagram, and even Facebook, to a certain degree, thanks to the Reels aspect. The third is users interacting with AI chatbots. "If you look at the data, it seems like about twice as many people are talking to a chatbot versus posting on social media," said Törnberg. "It's coming to replace a little bit of that function of sociality that social media provided."

While setting up smaller private spaces online might seem like a way to reproduce the local coffeehouse/public square dynamic that we all ideally wanted social media to be, Törnberg says it is not. "The local coffee shop model is geographically local," he said. "It becomes diverse because it is constrained by geographical distance. It forces a coming together of diverse groups because there's one coffeehouse. A WhatsApp group is a non-local space. It's precisely the example of a system that can tip over one side or another to become an echo chamber. Just because Meta doesn't have the platform control doesn't mean it's going to not turn horrible."

"Abandoning or fleeing responsibilities is not going to be the solution to the fact that digital technology is reshaping our society," Törnberg added. "It needs functional scaffolding and democratic systems for doing it responsibly and actually pursuing positive democratic prosocial values, which is not something that is seemingly on offer at the moment."

Törnberg does think it's possible to reorganize social media spaces in positive ways so that most users can find that 10 percent of other users who agree with them, thus making them more open to divergent views. And it helps that most users really do prefer more pleasant online communities, not platforms rife with toxic waste. "But then how do we shape the rules to produce those outcomes?" he said. "It's a much harder question. How do we create spaces that are both engaging and fun to use, but that don't go down to that dark place because of all of these feedback effects?"

BlueSky's highly effective blocking tools, and even Twitter/X's community notes feature, which often bridges cross-partisan divides, provide useful examples of possible solutions, if judiciously applied. "We can think of and construct similar systems," said Törnberg. "We just need to find ways of pushing those effects to a more positive place by finding the pivot points. This is what I'm studying right now. I just don't have an answer yet."

PLoS, 2026. DOI: 10.1371/journal.pone.0347207  (About DOIs).

JQD: DM, 2026. DOI: 10.51685/jqd.2026.005 .

Read full article

Comments

The disbelief was palpable when Mozilla’s CTO last month declared that AI-assisted vulnerability detection meant “zero-days are numbered” and “defenders finally have a chance to win, decisively.” After all, it looked like part of an all-too-familiar pattern: Cherry-pick a handful of impressive AI-achieved results, leave out any of the fine print that might paint a more nuanced picture, and let the hype train roll on.

Mindful of the skepticism, Mozilla on Thursday provided a behind-the-scenes look into its use of Anthropic Mythos—an AI model for identifying software vulnerabilities—to ferret out 271 Firefox security flaws over two months. In a post, Mozilla engineers said the finally ready-for-prime-time breakthrough they achieved was primarily the result of two things: (1) improvement in the models themselves and (2) Mozilla’s development of a custom “harness” that supported Mythos as it analyzed Firefox source code.

"Almost no false positives"

The engineers said their earlier brushes with AI-assisted vulnerability detection were fraught with “unwanted slop.” Typically, someone would prompt a model to analyze a block of code. The model would then produce plausible-reading bug reports, and often at unprecedented scales. Invariably, however, when human developers further investigated, they’d find a large percentage of the details had been hallucinated. The humans would then need to invest significant work handling the vulnerability reports the old-fashioned way.

Mozilla’s work with Mythos was different, Mozilla Distinguished Engineer Brian Grinstead said in an interview. The biggest differentiating factor was the use of an agent harness, a piece of code that wraps around an LLM to guide it through a series of specific tasks. For such a harness to be useful, it requires significant resources to customize it to the project-specific semantics, tooling, and processes it will be used for.

Grinstead described the harness his team built as “the code that drives the LLM in order to accomplish a goal. It gives the model instructions (e.g., ‘find a bug in this file’), provides it tools (e.g., allowing it to read/write files and evaluate test cases), then runs it in a loop until completion." The harness gave Mythos access to the same tools and pipeline that human Mozilla developers use, including the special Firefox build they use for testing.

He elaborated:

With these harnesses, so long as you can define a deterministic and clear success signal or task verification signal, you can just keep telling it to keep working. In our case when we’re looking for memory safety issues we have our sanitizer build of Firefox and if you make it crash you win. We point that agent off to a source file and say: “we know there’s an issue in this file, please go find it.” It will craft test cases. We have our existing fuzzing systems and tools to be able to run those tests. It will say: “I think there’s an issue here if I craft the HTML exactly so.” It sends it off to a tool, the tool says yes or no. If the tool says yes then there’s some additional verification.

The additional verification comes in the form of a second LLM that grades the output from the first LLM. A high score gives developers the same confidence they have when viewing reports generated through more traditional discovery methods.

“In terms of the bugs coming out on the other side, there are almost no false positives,” he said.

Thursday’s behind-the-scenes view includes the unhiding of full Bugzilla reports for 12 of the 271 vulnerabilities Mozilla discovered using Mythos and, to a lesser extent, Claude Opus 4.6. The test cases—meaning the HTML or other code that triggers an unsafe memory condition—are provided in each one and meet the same criteria Mozilla requires for all bugs to be considered security vulnerabilities in Firefox. At least one researcher said Thursday that a cursory look at the reports showed they were "pretty impressive."

Unlike previous vulnerability disclosure slop, Grinstead said, the details provided by its harness-guided Mythos analysis, and confirmed by the second LLM, and ultimately included in the reports, provide a level of confidence his team didn't have before.

“That’s the key thing that has unlocked our ability to operate at the scale we’ve been operating at now,” he said. “It gives the engineer a crank they can pull that says: ‘Yep, this has the problem,’ and then you can iterate on the code and know clearly when you’ve fixed it and eventually land the test case in the tree such that you don’t regress it.”

As noted earlier, Mozilla’s characterization of AI-assisted vulnerability discovery as a game changer has been met with massive, vocal skepticism in many quarters. Critics initially scoffed when Mozilla didn’t obtain CVE designations for any of the 271 vulnerabilities. Like many developers, however, Mozilla doesn’t obtain CVE listings for internally discovered security bugs. Instead, they are bundled into a single patch. Normally, Bugzilla reports detailing these "rollups" are hidden for several months after being fixed to protect those who are slow to patch. Now that Mozilla has revealed a dozen of them, the same critics will surely claim they too were cherry-picked and conceal less accurate results.

Of the 271 bugs found using Mythos, 180 were sec-high, Mozilla's highest designation for internally reported vulnerabilities. These types of vulnerabilities can be exploited through normal user behavior, such as browsing to a web page. (The only higher rating, sec-critical, is reserved for zero-days.) Another 80 were sec-moderate, and 11 were sec-low.

The critics are right to keep pushing back. Hype is a key method for inflating the already high puffed-up valuations of AI companies. Given the extensive praise Mozilla has given to Mythos, it’s easy for even more trusting people to wonder: What’s it getting in return? Far from settling the debate, Thursday’s elaborations are likely to only further stoke the controversy.

To hear Grinstead tell it, however, the details are clear evidence of the usefulness of AI-assisted discovery, and Mozilla's motivation is simple.

“People are a bit burned from the last year of these slop commits so we felt it was important to show some of our work, open up some of the bugs, and talk about it in a little more detail as a way to hopefully spur some action or continue the conversation,” he said. “There’s no sort of marketing angle here. Our team has completely bought in on this approach. We are trying to get a message out about this technique in general and not any specific model provider, company, or anything like that.”

Read full article

Comments