Plutonic Rainbows

Anthropic's Glasswing update is the kind of AI safety story that looks reassuring until you sit with the logistics. The lab says Claude Mythos Preview found more than 10,000 high- or critical-severity vulnerabilities across partner software. Not theoretical weaknesses, not a neat benchmark category, but things that need triage, verification, disclosure, fixes, retesting, and the awful meeting where someone decides which production system can be touched this week.

Project Glasswing was announced as a defensive coalition with AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and others involved. Anthropic put $100 million in credits behind it. The basic argument is sound: if frontier models are becoming unusually good at vulnerability discovery, defenders should see that capability before attackers do. I buy that. I also think the update reveals a nastier bottleneck than model access. Finding the hole is only the start of the work.

Security already had this problem before Mythos arrived. Every serious organisation owns more old code than it wants to admit, and plenty of it has dependencies nobody has enjoyed thinking about since the person who wrote the integration left for a different badge system and a better coffee machine. A model that can surface ancient defects at speed doesn't magically create the change windows, test environments, maintainers, legal coordination, or user patience required to repair them. It turns buried debt into visible debt. Visibility is useful. It is also a queue.

That queue is what makes the Palo Alto Networks numbers so interesting. The company says it scanned more than 130 products with frontier AI systems and its May security advisory disclosed 26 CVEs covering 75 security issues. Before this, Palo Alto says a typical month involved five or fewer CVEs. This is the uncomfortable middle stage of defensive AI: better tools produce more work than the existing institution can absorb. The old rhythm of patching was already theatrical, monthly drops, emergency exceptions, half-remembered risk registers. Now the detection side is speeding up while the fixing side remains stubbornly human, bureaucratic, and full of servers that cannot go down.

Google's discovery of an AI-generated exploit earlier this month—the one with docstrings still hanging off it—comes to mind here. That story had a strange comic neatness: the model made the attack possible and also left enough model-shaped residue for defenders to notice. Glasswing is less tidy. It suggests a future where the attacker and defender both have better discovery tools, and the winner is the side with the less exhausted patch pipeline.

IBM's framing is similar but more corporate. In its own Glasswing note, it says exploitation of public-facing applications rose 44 percent last year and that AI is being used for detection, remediation prioritisation, testing, and response. That is the sensible shopping list. Prioritisation matters because ten thousand urgent things are not urgent in any practical sense. They are a map of institutional overload.

The temptation is to call this a capability threshold and stop there. Mythos can find bugs at a scale that changes the economics of vulnerability discovery. Fine. But the more important threshold may be administrative: whether companies can build a patching culture that matches machine-speed finding without collapsing into noise. The model can point at the broken part. Someone still has to own it.

On Thursday afternoon some tech CEOs were in the air over the Midwest, on their way to a signing ceremony in the Oval Office, when the ceremony stopped existing. Trump postponed his executive order on AI hours before the event. He told reporters he "didn't like certain aspects of it" and that he didn't want anything "that's going to get in the way" of the US lead over China. Politico reported that part of the reason was attendance, several of the invited CEOs hadn't been able to make it. Whatever the mix, the signing did not happen, and there is no public date for when it will.

The interesting part is what the order would have done, and how modest it already was. According to the draft text Politico published on Friday and CyberScoop's reporting from the night before, the federal government would have asked frontier AI companies to opt into a voluntary review window. Federal agencies including the NSA and Treasury, plus cybersecurity testers embedded in critical-infrastructure sectors like finance and healthcare, would get up to ninety days to look at a model before public release. The companies could decline. The government could make recommendations. That was the entire mechanism.

For reference, the industry was already pushing back hard against even this. Their counter-offer was a fourteen-day window. Not a mandatory test, not a license, not a kill-switch, just two weeks of pre-release review that companies could walk away from at any point. The administration came in last year openly hostile to AI safety policy on the grounds that it would slow American industry, then drafted a regime so light it could be ignored, and even that version is sitting unsigned on a desk somewhere.

There is a striking alignment here with the EU's voluntary code of practice, which was negotiated down to almost nothing on the way to being adopted and is still being haggled over signatory by signatory. The pattern across both sides of the Atlantic is the same. Whatever the maximalist proposal was at the start, it gets sanded down until the binding instrument is a polite request, and then the polite request is what people fight about. The shape of frontier AI governance, as it has actually existed for the last eighteen months, is companies promising to behave and governments asking them to send paperwork. The Trump order would have formalised that and only that. The fact that even the formalisation stalled tells you the industry believes paperwork is a beachhead, and the administration agrees.

There's a second story underneath this one. Reps. Jay Obernolte of California and Lori Trahan of Massachusetts are working on a bill that would preempt state AI laws for two years, freezing out the patchwork that's been forming in Sacramento and elsewhere. That bill is reportedly being held up while everyone waits to see what the federal posture is. If the federal posture is nothing, then state laws are the only laws, which is exactly what the industry has been trying to head off. The order being pulled doesn't just mean no federal review, it means the preemption bill loses its anchor, and the floor of regulation becomes whatever California, Colorado, and New York pass next.

Keep the scale of the original ask in mind when the next round of headlines arrives. The president pulled an order that asked AI companies to opt in to letting the NSA take a look. That was the high-water mark of US frontier model oversight in May 2026. Whatever comes next will be measured against it, and probably won't reach it.

The brief from British Vogue's editor was a single cover image to define the new decade. One woman, one face, one announcement. Peter Lindbergh told Liz Tilberis that one wouldn't do it, that the idea of a defining beauty had broadened past anything a single model could carry, and that he wanted five. Tilberis agreed. That was the whole negotiation, and everything else followed from it.

The shoot happened on a warm Sunday in November 1989 in the Meatpacking District in New York, which at the time still smelled like meat. Naomi Campbell, Linda Evangelista, Tatjana Patitz, Christy Turlington and Cindy Crawford stood on the cobbles between cold-store loading bays. Brana Wolf styled them in Giorgio di Sant'Angelo bodysuits and Levi's jeans. Christiaan did the hair, which is to say he mostly left it alone. The film was black and white. There was no retouching to speak of and no makeup worth mentioning. The whole thing read as a refusal of the decade that had just ended.

That was the trick, and the reason this particular cover, of all the supermodel group shots that would follow, is the one people still treat as the origin event. The 1980s glamour vocabulary, the big hair and the shoulder pads and the heavy contouring, hadn't been argued with so much as quietly stepped past. Lindbergh just photographed five women standing next to each other in plain clothes on a Sunday, and the previous aesthetic stopped being viable overnight. You couldn't run a 1988-style cover after this without looking dated. That's the part the trade press took a while to catch up with.

It also did a thing the industry hadn't quite worked out how to do yet, which was to treat the models as a collective. Until roughly this moment, fashion campaigns and magazine covers trafficked in single faces; a model was a person you booked, not a group you assembled. The Lindbergh cover made the supermodels legible as a category, a shorthand, a unit of cultural reference that worked even when the names underneath weren't fully distinguishable to the general public. Within months, George Michael had hired all five for the Freedom! '90 video, directed by David Fincher, which is the same idea (these five women, this specific assembly) carried forward into pop. Versace would do the runway version in Milan the following year, with the same collective logic. The category was set.

What Lindbergh said about it later, in a Guardian interview in 2016, was that he never felt he was changing anything. It came together effortlessly, was how he put it, all intuition. I take that to mean the change was already in the room and the picture was just where it became visible. The 1980s ended on a Sunday in November in a part of New York that no longer exists in the form it did then, and the people responsible thought they were just doing their jobs.

There is a footnote that matters. Anna Wintour had recently taken over US Vogue, and one of her early acts as editor was to publish a Lindbergh photograph the previous regime had rejected, shot in white shirts on the beach at Santa Monica. That picture and this one are essentially the same argument made twice on either side of the Atlantic. The American version ran first, in the August 1988 issue, and it was the British cover eighteen months later that got read as the manifesto. Sometimes the later iteration is the one that takes.

A folded map on the passenger's knees made the journey feel negotiable in a way the blue line never does. You could be wrong for twenty miles and only discover it when the road number changed, or when the expected roundabout failed to appear. Nobody recalculated. Someone sighed, found the index, and ran a finger across the page while the driver kept going.

That is what I miss, not getting lost exactly, but the interval before knowing. British A-roads were good at producing it. They offered lay-bys, petrol stations, old milestones, patchy signage, and the sudden red roof of a Little Chef after a long spell of hedges. The motorway tried to make movement smooth and abstract. The A-road kept interrupting the journey with evidence that you were passing through actual places.

Little Chef fitted that world perfectly because it was both standardised and oddly local. The British Motor Museum's archive notes that Sam Alper, better known for Sprite caravans, borrowed the idea from American roadside diners and opened the first branch in Reading in 1960. By the 1970s the chain had expanded hard, and its decline later followed the same broad route as the journeys it served: more motorway traffic, more fast food, less patience for a plate arriving under a plastic cloche. A roadside restaurant is not just a place to eat. It is a permission to stop without admitting defeat.

The better Little Chef histories are full of details that sound comic until they start to look structural. Motorway Services Online records the chain's peak at 439 sites in 1999, and also the 1982 arrival of green signs for A-road service areas, which helped make some branches visible to drivers who had not planned to stop. That small bureaucratic change matters. A sign can create appetite. It can also create a future ten minutes ahead: toilets, coffee, an Olympic Breakfast, a row of laminated menus wiped down too often.

I wrote recently about rural bus shelters that survive after the service has gone, and these road spaces belong to the same family of afterlife. The building outlasts the timetable. The sign outlasts the business. The lay-by remains as a pause in the verge after the reason for pausing has changed. In the published version of the A-roads paper "Sensing the Past Along Britain's A Roads", Peter Merriman and his co-authors describe older roads as retaining lay-bys, milestones, signage, and other roadside elements that give them a more intimate relation to landscape than the motorway's managed speed. That sounds right to me, though "intimate" may be too polite for the smell of diesel, damp upholstery, and chips in a cardboard tray.

Navigation had its own ceremony. The AA still sells foldable regional road maps, which is reassuring in the same unreasonable way as seeing a working phone box. Before satellite navigation, the road number system did more of the cognitive work. Roads.org.uk traces the A- and B-road scheme back to the early 1920s, a zoned system arranged around the main radial A-roads from London and Edinburgh. Once you understood the grammar, you could feel roughly where you were in the country even when you were lost. Not precisely. Roughly was the point.

There is an obvious danger in making this too cosy. Pre-internet travel was slower, more argumentative, and sometimes miserable. Children got carsick. Parents snapped over exits. A closed filling station at 9:40 pm could become a real problem rather than local colour. However, the friction gave the journey a texture that modern routing has thinned out. The phone knows before you do. It removes the speculative hour in which the road is not data yet, just weather, signage, instinct, and a wrong turn that may or may not matter.

I still notice ex-Little Chefs when I pass them. Some became coffee shops, some were demolished, some sit behind petrol forecourts with the old roofline altered just enough to make recognition feel embarrassing. They do not haunt the road because the food was good. They haunt it because they belonged to a version of travel in which uncertainty needed tables, toilets, and a paper map spread open beside the ketchup.

The oddest part of Gemini Omni is not that Google has another video model. Everyone has another video model now, or a roadmap slide shaped like one. The shift is in the grammar: video is no longer only the thing the model produces. It becomes something you hand back to the model, with a correction, a reference image, a line of audio, and a vague annoyance about the camera angle.

Google introduced Gemini Omni as a new model family that can create from mixed inputs, starting with video. The first release, Gemini Omni Flash, takes text, images, audio, and video as input and generates clips. Image and audio output are supposed to come later. That matters less as a feature checklist than as a change in where the edit lives. The old workflow had a file, a timeline, a tool, then another tool because the first one did not understand the thing you meant. Omni wants the edit to happen in the conversation.

I wrote on Tuesday about Google turning I/O into a Gemini argument, and this is the same argument in miniature. Gemini is not being sold as one app. It is becoming a layer that passes through the Gemini app, Flow, YouTube Shorts, Search, Chrome, and whatever else can bear the weight of a prompt box. A video model inside a specialist studio is interesting. A video model inside YouTube is a different animal, because the place where people watch, remix, imitate, and monetise video is also the place where the generated clip arrives.

The DeepMind model page frames Omni as "create anything from any input", which is grand enough to become meaningless if you stare at it too long. The useful part is narrower. You can ask for a scene, then ask for changes across multiple turns while the system tries to keep the character, action, and physical continuity intact. It is not just text-to-video with a nicer box around it. It is closer to a memory-bearing edit session, or at least the promise of one.

That promise is why the demos are both impressive and faintly claustrophobic. Editing by language sounds freeing until you remember how much of editing is not language. It is frame sense, boredom, irritation, the tiny lurch when a cut lands a beat late. Google can make the instruction conversational, but the person still has to know what they are trying to make. Otherwise the model supplies taste as a default setting, and default taste is where platforms go to get smooth.

The rollout is not hidden in a lab. Google says Omni Flash is going to Google AI Plus, Pro, and Ultra subscribers through the Gemini app and Flow, with free access through YouTube Shorts and YouTube Create starting this week. The Verge describes it as a new generative model family, while CineD reads it through the more practical lens of clips, references, conversational edits, and digital avatars. Those are not competing interpretations. They are the consumer and production versions of the same bet.

There is also the watermarking story, because there has to be. Google says videos created with Omni include SynthID, its imperceptible digital watermark, and that verification will sit in the Gemini app, Chrome, and Search. I am glad it exists. I also don't think a watermark settles the harder problem, which is social rather than technical: people learn the texture of generated media faster than institutions learn how to label it. The label arrives after the feeling.

What I keep coming back to is the way Omni turns video from evidence into material. A clip used to arrive with a stubbornness to it. Even a bad clip had the authority of something that had happened in front of a lens. Now the clip is more like a draft paragraph, editable by mood, reference, and revision. Google is not alone in pushing that change, but Google is better placed than most to make it ordinary. The expensive part is no longer making the impossible image. It is keeping enough friction in the process that people still notice what they asked for.

Google launched its new Gemini usage limits this week as part of the I/O announcements, and as of today they are live. The shape of the change is small in the abstract and irritating in the particular. Gemini used to behave, for most people, like an unmetered utility. Now it counts compute, which means it counts you.

The new rule is that every prompt has a cost, and that cost depends on the length of the chat, the features you invoke, and the model's own estimate of how hard the question is. There are two windows. A weekly cap, which most users will never read, and a five-hour block which resets through the day. When you exhaust the block you wait, unless you have already exhausted the week. AI Pro subscribers get roughly four times the free quota; Ultra gets five times that again, plus, per Forbes, a separate hackathon prize pool that has nothing to do with the meter and everything to do with the narrative.

What is interesting is not that limits exist. Limits have always existed, hidden behind the rate-limiter and the polite spinner. What is interesting is that limits are now visible, named, and denominated in a unit you cannot intuit. A "percentage of a five-hour block" is not a thing anyone has spent fifteen years learning to feel for. It is not minutes, not megabytes, not even tokens. It is whatever the dispatcher decides your last sentence cost. The user has to develop a new sense for it, the way phone users in 2009 learned the shape of a 200-megabyte monthly cap by running out of it twice.

The provocation underneath the launch is the new Flash model. Existing users on 9to5Google are reporting that Gemini 3.5 Flash burns multiple percentage points of a five-hour block per prompt. The previous Flash, by all accounts, did not. So the meter arrives at the same time as the model that eats it fastest, and the resulting friction is not a rollout quirk; it is the design. Google is teaching people to feel which questions are expensive. Some will respond by rationing themselves down to the cheaper model when the work is mundane. Some will simply hit the wall and assume the product is broken.

I wrote on Tuesday about Google turning the whole I/O keynote into a Gemini argument. The metering announcement is the same argument from the other side. If Gemini is going to live inside Search and Chrome and Android and your inbox and the in-car dashboard, then the question of how many Geminis you are allowed to spend in a day becomes the question of how much of your day you can route through Google's stack at all. The meter is not a tax on the chatbot; it is a budget for the agent.

Two things will follow from this in roughly the same week. People who use Gemini casually will not notice for months, then notice all at once, on a Sunday when they had three things to ask and the first one ate the budget. Anyone building real workflows on the Pro or Ultra tier will start treating prompt economy the way they used to treat S3 list-bucket calls, with grudging respect for the bill. The intuition that the model is "free as long as I have a subscription" was always a fiction. We are now told the price.

Issey Miyake's Pleats Please line launched in 1993, four years after he decided he had finished with everything he already knew how to do. The 1988 exhibition at the Musée des Arts Décoratifs in Paris was a survey of his work to that point. He later told his long-time collaborator Midori Kitamura that the show had given him the unsettling feeling of completion. Most designers would have taken the prize and kept producing. Miyake decided he needed a new departure.

The new direction came from polyester. He had picked up a pleated polyester-silk scarf and noticed that the pleats held permanently because the synthetic fibre had a thermoplastic memory. Heat could be used not as an enemy of cloth but as a tool that locked in shape. The team spent four years working out how to scale that observation into a clothing line. Makiko Minagawa, the textile designer who had been with Miyake since 1970, did most of the materials research. The fabric they ended up with was lightweight, washable, and cheap enough to make the project worth doing at retail.

The process was the inversion of how pleating had been done for centuries. Mariano Fortuny's Delphos dresses from the early twentieth century were made of silk that had been pleated first and then cut and sewn into the garment, with all the maintenance and fragility that implied. Miyake's team did it the other way around. The garment was constructed first, at roughly three times its intended finished size. It was then sandwiched between two layers of paper and fed into a heat-press. The press shrank the garment, set the pleats, and finalised the silhouette in a single operation. The fabric came out with permanent texture you could wash, scrunch up into a corner of a suitcase, and pull out wearable.

The technique was tested first on dancers rather than fashion clients. In 1991 William Forsythe's Frankfurt Ballet performed The Loss of Small Detail in costumes Miyake had developed using the new method. The pleats held through sweat and the violent geometry of contemporary dance, and the fabric stayed light enough to move freely. Forsythe's dancers were, in effect, the prototypes Miyake sent out into the world to see whether the system worked under load, and it did.

When the line went on sale in 1993 it carried a quiet ideology underneath the engineering. Miyake had been shaped by the May 1968 student protests in Paris, and ever since had wanted to make clothing that worked for ordinary lives instead of the maintained, dry-cleaned, museum-grade pieces couture produced. Pleats Please was that ambition arriving with a price point a working woman could pay and a durability she did not need to baby. The garment did not announce itself as fashion. It announced itself as something you could own and wear and not think about until you wanted to.

The afterlife is unusual. Most innovations from the early nineties have either ascended into archive worship or quietly disappeared into the back of vintage shops. Pleats Please is still in production, sold from boutiques that look more or less the same as they did when the line opened, worn by women who have no particular interest in the history of the technique that made the garment possible. The pleating is no longer experimental, it is infrastructure.

A plague stone is one of those objects that barely behaves like an object at all. It is often just a hollow in stone, or the base of an older cross, or a basin set into a wall where a road leaves a village. Nothing about it is dramatic until someone explains the transaction: coins went into vinegar, food or medicine was left nearby, and the boundary did the rest.

The detail has the nasty precision of good folklore. Vinegar had a job to do. It was meant to clean the money, or at least make the exchange feel possible when nobody could safely touch anyone else. The Bentham plague stone in North Yorkshire is listed by Historic England as a small seventeenth- century stone basin, reputed to mark the extent of quarantine during the plague. Their educational record is more physical: a hollowed top, a deep square socket, probably once the base of a medieval wayside cross, later turned into a place for washing infected money.

I like the awkwardness of that reuse. A Christian marker, then a boundary device, then a public-health interface. The stone did not change much. The meaning was poured into it, like the vinegar.

At Eyam the story is sharper because the village has become the English model of voluntary quarantine, half history and half moral theatre. The Boundary Stone between Eyam and Stoney Middleton is described locally as the place where plague-affected villagers left vinegar-soaked money in exchange for food and medical supplies from outside. It separated the contaminated village from the one that still had a future. That is a brutal thing for a stone to be asked to do.

The same grammar appears elsewhere. Historic England's note on the Great Stone at Stretford says plague stones had holes, usually filled with vinegar, where money from an infected town could be left for tradespeople delivering food. The official list entry adds that the Great Stone was traditionally part of a medieval cross and later used as a plague stone, with two bowl-shaped sinkings. Again, the object is not invented for emergency. It is recruited.

That may be why these stones feel colder than memorials. A memorial tells you to remember after the danger has passed. A plague stone is an instruction from inside the danger itself. Do not cross. Put the coin here. Trust the liquid. Trust the stranger enough to eat what they leave, but not enough to stand beside them.

There is a modern habit of making old disease practices cute because the science was incomplete. Vinegar against plague, handled coins, the theatre of cleansing: easy material for a caption. I find that smugness useless. People were trying to create a system of contactless exchange with a stone basin, a smell, and an agreement no one could enforce except by fear. It is primitive only if you think infrastructure means wires.

The strange afterlife is that the ritual outlived the emergency as a small dent in the landscape. Rainwater sits where the vinegar was supposed to sit. The hollow becomes a pocket for leaves, grit, coins from walkers who half know the story. These stones do not preserve the past cleanly. They preserve the moment when trade, infection, faith, and hunger all had to meet at the edge of a parish and pretend that a boundary could hold.

The Rolodex is one of those objects that became a verb without quite becoming invisible. You can still hear it in business talk: a digital Rolodex, a modern investor's Rolodex, a list of business contacts treated as portable value. The object has mostly left the desk. The moral arrangement it implied has not.

Cooper Hewitt's short history is useful because it returns the word to the thing. Rolodex was a portmanteau of "rolling" and "index", a rotating file of cards arranged around a spindle, designed for the office where information arrived on paper and stayed close to the hand. Another Cooper Hewitt note places its office-supply arrival in the early 1950s, with Zephyr American Corporation's patent following in 1956. The patent record names Hildaur L. Neilsen's rotary card-filing device. That is the part I like: not the networking myth, but the physical choreography. Turn the wheel. Find the letter. Lift the card. Make the call.

Every contact in that system had edges. A card could be amended, crossed out, taped over, or thrown away. The file sat on one desk, under one person's authority, and this mattered. A Rolodex did not pretend a relationship was a shared organisational resource. It made a quieter claim: this person is in my reach because I wrote them down and kept them there. The modern phrase "my contacts" still carries that possessive little hook.

CRM software was supposed to dissolve that hook into process. A modern contact system can store interaction history, reminders, tags, email threads, pipelines, team ownership, automation, and the sort of executive dashboards that turn friendship into coloured rectangles. Folk's own explainer on the digital Rolodex makes the distinction neatly enough: the address book stores who someone is; the CRM decides what to do with them. Yet the old word keeps returning because it says the embarrassing part more plainly. A network is not only a network. It is leverage with names attached.

You can see the same residue in investor tools. Contacts+ still sells the idea of a "modern investor's Rolodex", meaning a refreshed system of profiles, reminders, context, and competitive access to people who might matter before they obviously matter. The phrase persists because it is blunter than relationship management. It admits that the contact is not only a person but a future option, tagged and waiting.

This sits neatly alongside the floppy save icon, another dead office object that survived by becoming interface grammar. The Rolodex is less visible than the floppy, but maybe more revealing. The save icon preserves a gesture. The Rolodex preserves an attitude toward people: sorted, retrievable, privately maintained, and valuable because they can be activated later.

There is a small ugliness in that, though not only ugliness. A handwritten card also preserved context that software often flattens: the assistant's name, the office extension, the note that someone hated calls before ten, the old company crossed out and replaced by the new one. The period before everything was archived was full of these half-private systems, practical and intimate in the same breath. A Rolodex was a machine for remembering people, but also for deciding which people were worth remembering.

The plastic wheel is now mostly a design object, a thing in museum collections and office-memory essays. The phrase survived because it still names a social fantasy we haven't retired: that a life can be indexed, that access can be owned, that the right name at the right moment can still be found by turning something inside reach.