Plutonic Rainbows

Reports now put a public version of Claude Mythos a day away, with several outlets pointing to a June 10 release. I'd treat the date as soft. Anthropic has said since the May 28 Opus 4.8 announcement that it expects to bring Mythos-class models to all customers "in the coming weeks," and "coming weeks" is the kind of phrase that quietly absorbs a missed Tuesday.

What's not soft is the gap between the model going public and the model that spent the spring inside Project Glasswing. Mythos earned its restriction. In Anthropic's own testing it produced working exploits 72.4 percent of the time, against roughly zero for Opus 4.6. Pointed at open source, it scanned more than a thousand projects and surfaced over 23,000 flaws, 6,000-plus rated high or critical, including a certificate-forgery bug in wolfSSL that reaches billions of devices. That one's patched. Plenty won't be by tomorrow.

So the public release isn't that model. The version heading to general customers carries heavier guardrails and deliberately narrowed cybersecurity functions. The full capability stays behind the Glasswing fence, where access just widened to roughly 200 organisations across more than fifteen countries.

Which puts a familiar question back on the table, the one I had when Mythos moved into infrastructure: who decides where the fence sits? Somebody is sorting the world into the two hundred organisations that get the live model and everyone who gets the muzzled one, and Anthropic frames that sorting as a safety phase. A two-tier capability looks less like a phase the longer it holds, and nobody has named the condition that ends it.

Opus 4.8 was the bridge, the public model that inherited part of the capability without the teeth, and tomorrow's release looks like the same trade made explicit. Anthropic's defence is that none of this lasts: it expects Mythos-level capability to be widely available across the field within six to twelve months, attackers included. That forecast is convenient as well as plausible, since inevitable diffusion is the argument that justifies shipping now rather than holding back. If it's right, the guardrails matter less than they look. The fence holds until someone else sells the gap.

Anthropic shipped Claude Fable 5 today. The benchmark numbers will get the headlines; how its safety actually works is the more interesting story, and it's stranger than the rumors suggested.

Fable 5 and Claude Mythos 5 are the same model. Not sibling models, not a distilled cousin, the same weights. Anthropic says so plainly: Mythos 5 is "the same underlying model as Fable 5, but with the safeguards lifted in some areas." Fable is what the public gets; Mythos stays behind Project Glasswing for vetted cybersecurity partners. The difference between the dangerous one and the safe one is a set of switches.

Those switches are runtime classifiers. Three of them, watching for cyber-exploitation, dual-use biology and chemistry, and attempts to distill the model's capability out of it. When a classifier trips, the request isn't refused so much as rerouted: it falls back to Opus 4.8. So Fable isn't a weaker Mythos. It's the full model with a trapdoor underneath, and Opus 4.8 is what's at the bottom of it. Anthropic says more than 95 percent of Fable sessions never trip a classifier at all.

That reframes the worry I had this morning about a permanent two-tier split, the handful of vetted partners who get the unmuzzled model and everyone else who doesn't. The split is real. But it isn't really two tiers of model. It's one model and a classifier deciding, request by request, which version of itself you're talking to. Whether that's reassuring depends entirely on how good the classifier is, and a gate that fires on fewer than five percent of sessions is a gate that mostly isn't firing.

Pricing landed lower than the run-up suggested. Fable 5 runs $10 per million input tokens and $50 per million output, which Anthropic notes is less than half what the Mythos Preview cost. It's available globally today through the API, the web app, and the subscription plans, free on Pro, Max, Team, and Enterprise through June 22, then on usage credits after that while capacity catches up.

The capability claims arrive in the usual flood, all of them sourced to launch partners, so read them as the vendor's best day rather than yours. Stripe says Fable compressed months of engineering into days on a fifty-million-line Ruby codebase; Mythos 5 reportedly sped up parts of a drug-design pipeline roughly tenfold. Both are the kind of figure that sounds precise and resists checking. The ones I trust more are the daft-sounding ones: the model beat Pokémon FireRed on vision alone, no helper tools, and in Slay the Spire its persistent memory roughly tripled its long-run performance over Opus 4.8. Game-playing reads like a toy benchmark until you remember it's a clean test of holding a plan across thousands of steps.

Strip the framing away and Fable is a frontier model Anthropic doesn't fully trust in the open, shipped anyway, with a classifier and an older model underneath to catch what slips. That's honest engineering. It's also a bet that the classifier is smarter than everyone who'll spend the next year trying to walk around it.

Open the December 1988 American Vogue and Escada doesn't ask for attention, it assumes it. Margaretha Ley built the house on exactly this: the finest fabrics, cashmere and silk and heavy wool, then loaded with print until every surface had a job. Anna Wintour had taken the editor's chair only that year, and the issue still carried the loud confidence of the pre-crash decade.

The whole philosophy sits in this riot of black blooms across yellow silk, a black sash pulling the noise into a waist. More was the argument, not the excess. Restraint came later, and Escada was never really interested.

Romeo Gigli showed his spring 1990 collection in Paris, and the moment that survived was not a silhouette but a sound. Kirsten Owen came out wrapped in a fringe of large glass beads, the kind blown on Murano in the Venetian lagoon, with long pendant earrings and a glass diadem set into her hair. Tim Blanks, returning to the show decades later, described her as the model embodiment of Gigli's fragile, romantic ideal, and wrote that she could have been the Byzantine empress Theodora. The beads tinkled like wind chimes while she walked. Then they began to shatter.

That detail is the whole argument of the collection in miniature. Gigli was reaching back to Venice as a former Byzantine province, pulling a thousand years of craft into a runway, and the material refused to behave like a costume. Glass is not a sensible thing to hang on a moving body. It rings, it catches light, and it breaks. He used it anyway, because the breaking was part of the point. Beauty that survives intact is just decoration. Beauty that comes apart as you watch is something closer to an event.

Gigli's reputation rested on this kind of soft refusal. While the late eighties were busy with power shoulders and hard tailoring, he was making cocoon coats, cutaway jackets that skimmed rather than gripped, high-waisted trousers as skinny as leggings, and skirts that swaddled the legs in a tulip shape. The palette ran to jewel-toned silks, earthy velvets, shadowy chiffons and gilded gauzes. It read as romantic, even nostalgic, but the construction underneath was precise. He was not draping fabric for atmosphere. He was building a quieter proposition about how a woman might occupy space without armouring herself into it.

There is a useful contrast with Azzedine Alaïa's almost exactly contemporary work, where the body was mapped and held by seaming engineered to the millimetre. Alaïa controlled the body through tension. Gigli let it dissolve into folds and shadow. Both were arguing against the decade's appetite for rigidity, but from opposite ends. One sculpted, the other veiled. The Murano beads belong to the veiling instinct, a surface that hides as much as it shows and announces its own fragility while doing so.

The show was his Paris debut and it landed at the peak of his influence, with a standing ovation. That timing is worth sitting with, because the peak was already close to the edge. Gigli had launched his label in 1983, with production handled by Zamasport from 1985, and by 1991 the structure around him fractured. He split from his business partners Donato Maiano and Carla Sozzani in a traumatic separation that dragged on for more than a decade, the kind of dispute that slowly separates a designer from his own name. The Gigli trademark was eventually sold to IT Holding in 1999. The romantic who made glass sing in 1990 spent much of the rest of the decade in litigation over who got to use the word that was his surname.

I find the spring 1990 show more moving for knowing that. It is not just a pretty piece of Byzantine revivalism. It is a designer at his most assured, making a material that was guaranteed to break, in the same few years that his own commercial footing was about to. The beads shattering on the runway look, in retrospect, less like a flourish and more like a forecast nobody in the room could have read. The same instinct that built something exquisite and doomed into a single walk was the one the business could not protect.

East London once had a ski slope built on the waste from making town gas. The name was Beckton Alps, an old local joke promoted into civic branding, and the whole arrangement sounds invented until the dates and photographs begin to line up. Skiers in bright late-1980s clothes took a tow up a grey artificial hill near the A13. Princess Diana came to open it. Beneath the matting sat the chemical residue of the Victorian city.

Beckton Gas Works began operating in 1870 and grew across roughly 500 acres. Coal arrived, gas and useful by-products left, while ash and contaminated material accumulated in spoil heaps. The remaining Alp rises about 35 metres, according to the University of Edinburgh's Reimagining Waste Landscapes project. It is a modest mountain, but London does not require much altitude before a heap starts behaving like geography.

The dry slope opened in the late 1980s and lasted until 2001. Former Newham councillor Jack Hart filmed skiers there on Super 8, footage later preserved by Newham Archives and partly digitised through a BFI project. The grain of that film suits the place. Beckton Alps already belonged to the category of things that looked like memories while they were still open.

Beckton Alps turned industrial waste into leisure without ever making the waste disappear. The slope borrowed the language of escape, while the hill beneath it remained an account of how London had been heated, lit, poisoned, landscaped, and sold another future.

There is a familiar Docklands confidence in the conversion. A contaminated heap becomes recreation; recreation will become regeneration; regeneration will eventually become an investment prospect. None of those uses is wholly false. People really did ski there, and I doubt the pleasure was diminished by the strange foundation. Still, the sequence makes the site feel less renewed than repeatedly renamed.

The nearby gas industry has already left London with absences large enough to shape the skyline. I wrote about that in Grey Lungs Over Town, where gasholders survive as frames, luxury geometry, or remembered landmarks. Beckton is the opposite form of industrial afterlife. The structure vanished, but its waste acquired contour, vegetation, a ski lift, fencing, and a road junction that still carries the name.

After the slope closed, plans for an indoor centre using real snow stalled. That unrealised replacement is almost too perfect: a refrigerated winter promised on top of poisoned ground, itself left by the fuel system that made modern London possible. Instead, the fenced hill became scrub and habitat. The Edinburgh project notes that parts of the western slopes gained nature conservation status. Toxicity restricted development and helped preserve the place. Damage became a crude form of protection.

I am wary of making dereliction sound noble. A hazardous site is not improved by being picturesque, and the romance of waste usually belongs to somebody who does not have to live beside it. Yet Beckton Alps resists the tidier story in which regeneration cleans the slate. A few miles east, Barking Riverside has the atmosphere of infrastructure waiting for ordinary life to catch up. The Alp has ordinary life growing over infrastructure's bill.

The Londonist history describes a clay cap over the contaminated heap. That detail stays with me more than the royal visit. A cap is neither erasure nor cure. It is an agreement with the ground: stay there, hold still, let something else happen on top. For thirteen years, the something else was skiing.

Edward Abbey's Desert Solitaire is usually filed under nature writing, which is accurate in the way that calling a knife a kitchen utensil is accurate. First published in 1968, the book draws on Abbey's seasons as a ranger at Arches National Monument. It contains ravishing descriptions of rock, heat, silence, snakes, and stars, then turns around and starts an argument.

That argument is the book's real force. Abbey despises what he calls "Industrial Tourism": the roads, cars, facilities, and bureaucratic thinking that make wilderness easier to consume while steadily removing the wildness. His anger can be funny, precise, and exhilarating. It can also become tiresome. He is arrogant and far too pleased with his own performance as the solitary man who sees through civilisation.

I wouldn't sand those qualities away. They give the book its difficult energy. Abbey's desert isn't a backdrop for personal healing. It is indifferent, dangerous, and valuable without needing to serve us. The University of Arizona Press description stresses his love of the canyonlands and his disgust at the "improvements" intended to increase visitation. Abbey wants people to encounter wilderness, yet still resents the machinery that lets more of them arrive.

The prose is strongest when he stops lecturing and pays attention. A stone, a moonlit road, or the body of a dead animal receives an intensity that makes urban vision seem half-awake. Abbey makes solitude feel less like escape than a necessary correction to the scale at which modern life operates.

More than fifty years later, the polemic still bites because the problem has not gone away. We preserve landscapes partly by opening them to public love, then risk wearing them down through that same access. Desert Solitaire does not solve the contradiction. It makes comfort with it impossible.

The White House has stopped treating military AI as a future procurement question and started treating it as a live operating layer. On 5 June, President Donald Trump signed National Security Presidential Memorandum 11, a directive called "Artificial Intelligence in the National Security Enterprise." The title is bureaucratic in the usual way, but the memo itself is not coy. It tells the intelligence and warfighting parts of the state to speed up adoption.

The four headings are adoption, adaptation, assurance, and accountability, which sounds tidy until you look at what sits underneath them. Agencies are told to bring on advanced models from multiple vendors, protect high-security AI compute, build an AI test range, and create an AI talent reserve. The White House fact sheet frames the goal as advanced, secure, reliable AI for warfighters and intelligence professionals. The real policy move is not that Washington wants AI in the national-security machine. That was already happening. The move is that the machine is now being told to make room for AI as infrastructure: procured, tested, secured, reserved, and kept online.

One line does a lot of work. The memo says national-security AI must not be used to censor speech, enforce ideological bias, or conduct unauthorized or unlawful surveillance. That language belongs in the document, and it matters. It also reveals the thing everyone can see from the outside: once these systems are inside military and intelligence workflows, the debate shifts from whether they should exist to how much institutional friction remains around them.

AP's account catches the same tension, describing a push to accelerate AI use while acknowledging civil-liberty protections and oversight of autonomous weapon systems. The memo also gives the Department of Defense 90 days to update Directive 3000.09, the policy governing autonomy in weapons systems. That is where the phrase "chain of command" becomes less comforting than it first sounds. A chain of command is a human doctrine, but the systems being introduced are built to compress recognition, recommendation, and action into shorter intervals.

I wrote earlier this week about the White House's voluntary frontier-model review, where the government asked leading AI developers to submit powerful models for cybersecurity tests before public release. NSPM-11 feels like the other half of that same week. One hand asks the labs to show their homework before the models reach the public. The other hand tells national-security agencies to move faster with the technology once it is useful enough to matter.

There is an uncomfortable symmetry with Anthropic's new argument for a verifiable pause. Anthropic is worried about recursive self-improvement and the inspection problem around labs. Washington is worried about adversaries, reliability, and whether the United States can keep AI systems available when warfighters depend on them. Both arguments end up in the same place: verification, resilience, and control. Different rooms, similar furniture.

The phrase "high-security compute" will probably pass most readers by because it sounds like procurement furniture. It may be the most revealing phrase in the memo. Compute used to be talked about as capacity, then as economic power, then as a choke point in export controls. Here it becomes something closer to a protected military utility. Not just machines that run models, but machines whose degradation becomes a national-security concern.

That is the nightmarish part and also the boring part. AI policy keeps arriving in grand claims, but the lasting changes are often administrative: who may buy which model, which facility may host it, who signs off when it fails, what office owns the exception, how fast the old directive must be rewritten. The future turns up as a memo with numbered sections and a deadline in 90 days.

OpenAI's new memory system is interesting because it moves the awkward part of personalisation into the background. The old saved-memory model made ChatGPT feel like a notebook with a chat box attached. Dreaming V3 points at something more unsettled: a system that keeps revising its idea of the user while the user is still changing.

The company announced Dreaming V3 on 4 June, describing it as a more capable and scalable architecture for synthesising memory in ChatGPT. The rollout starts with Plus and Pro users in the United States, with additional countries and Free and Go users due over the following weeks. In the release notes, OpenAI gives the plain-language version: memory should stay more up to date, reduce stale or contradictory saved memories, and let people review what the system thinks it knows through memory sources or a memory summary.

This is not just a quality-of-life change. It changes the implied contract of the interface. Saved memories, launched in 2024, were legible because they looked like entries: facts the user could ask the model to keep. In 2025, OpenAI added the first version of dreaming, which let ChatGPT draw on chat history in the background. Dreaming V3 makes that background process more central, more compute-efficient, and more visibly managerial. OpenAI says the compute needed to serve dreaming has fallen by about five times.

There is a clean product reason for all of this. A model with better memory can stop wasting the first third of every useful conversation on reintroductions. It can know the camera gear, the food preferences, the long-running project, the thing you corrected last month and don't want to correct again. In that sense, memory is less like storage than grip. The system holds the shape of the work for longer.

However, the word "memory" does a lot of softening here. We use it because it sounds intimate and human, but the machinery is closer to ongoing profile maintenance. The official FAQ says the memory summary updates automatically as you chat, and that memory sources can include past chats, saved memories, custom instructions, files, and Gmail depending on the plan. That may be useful. It is also a reminder that personalisation is made from access.

I don't mean this as a simple objection. The dumb version of privacy talk says all memory is creepy and all forgetting is freedom. That is too neat. Most people who use these systems for real work want continuity, and continuity requires some kind of retained context. I wrote recently about MiniMax making long context feel cheaper, but memory is a different pressure. Context is what the model can hold in the room. Memory is what the product decides to bring back into the room next time.

That distinction matters because it shifts agency around. With a long context window, the user often chooses what to paste. With memory, the system helps choose what follows them. OpenAI is trying to make that visible through summaries and sources, which is the right direction, but visibility is not the same thing as authorship. A summary can be corrected and still leave you with the strange feeling that another system has been drafting a version of you in parallel.

There is an old AI lesson hiding inside the new surface. ELIZA worked because people supplied more continuity than the program deserved. ChatGPT has the opposite problem now: the continuity is increasingly real, operational, and hard to dismiss as projection. The question is not whether the model remembers. The question is who gets to edit the memory before it starts editing the conversation.

"Some men are made of steel and gold." That's the line across the top of the old Cartier advertisement, set above a huge, lacquered close-up of what looks like the crossguard of a watch case. Down in the corner sits the actual product, a small amber bottle held inside a brushed silver shell. The whole composition is selling hardware as much as scent, which is exactly right for what Santos de Cartier was trying to be.

It launched in 1981 as the first men's fragrance from the jewellery house, with Daniel Moliere as the perfumer. Fragrantica files it as an Oriental Woody, a spiced, aromatic thing built on lavender and juniper over sandalwood, amber and vanilla. It reads as an evening scent for colder weather, and it carried the name of the Santos wristwatch Cartier had made decades earlier for the aviator Alberto Santos-Dumont. Among the louder masculines of 1981 it kept its voice down, more interested in dignity than swagger, the same understatement I liked years later in Bleu de Chanel L'Exclusif.

The packaging is where the jeweller's instincts really show. Cartier shipped its early perfumes in what collectors now call jewel-type boxes, an outer cardboard sleeve around an inner case made of leather and velvet, the kind of thing built to look like it held a ring rather than a spray. Each scent got its own colour code, and Santos was assigned white. You can see the logic of the period bottle in that advertisement, where the metal case does the talking and the glass inside is almost an afterthought.

The case took its idea straight from refillable cigarette lighters, the everyday object you topped up rather than threw away. The perfume bottle slid into the metal shell and could be lifted out and swapped for a full one once it emptied, so the expensive-looking exterior stayed put and only the cheap glass core got replaced. That's why the bottle in the ad reads as a component inside a holder rather than a finished flacon.

The refillable edition was the 50ml spray. It worked on the same logic as the old case, a metal-collared atomiser you topped up rather than discarded, sold right alongside the plain full-size bottle. Cartier ran the format across its men's line, so the 50ml refillable turned up in both Santos and its stablemate Pasha de Cartier rather than being something unique to one scent.

There was never a 100ml refillable Santos. The 100ml is the conventional flacon, a sealed bottle you use until it's gone, and the refilling all happened at 50ml in the smaller cased version built for it. So a refillable Santos means the 50ml, not the big bottle, which fits a scent that always wanted to be handled like an object rather than a tank you drain and bin.