🔮 The classified frontier

2026-04-15 · Source: Exponential View · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Advanced, short

Summary

In May 2025, OpenAI physically transported the model weights for ChatGPT o3 to Los Alamos National Laboratory's air-gapped Venado supercomputer, highlighting the physical nature of AI models despite their "cloud" perception. Model weights are billions of numbers stored as tensors on GPUs, representing a physical arrangement of matter encoding capability. Anthropic's Mythos Preview model recently demonstrated this capability by finding thousands of vulnerabilities across major operating systems and browsers, collapsing the distinction between capability and danger. While the creation of frontier AI models is highly viscous, requiring billions in compute and specialized talent, their spread is not. Weights can be downloaded or accessed via API, allowing adversaries to approximate frontier capabilities through methods like synthetic data and distillation, as evidenced by Chinese labs generating millions of conversations with Claude for training data. This asymmetry makes securing API access critical, as containment through physical means is increasingly unfeasible.

Key takeaway

For CTOs and VPs of Engineering evaluating AI deployment strategies, your teams should recognize that frontier AI models, while costly to create, are easily disseminated and reverse-engineered via API access. Prioritize robust API access controls and advanced monitoring for distillation attacks, as traditional physical containment methods are no longer sufficient to secure advanced AI capabilities.

Key insights

AI models are physical artifacts with high creation viscosity but low spread and use viscosity.

Principles

• AI capability is encoded in physical matter.
• Viscosity of creation ≠ viscosity of spread.
• Capability and danger are now indistinguishable.

Method

Adversaries can approximate frontier AI capabilities by generating synthetic data and using distillation techniques from API access, circumventing physical containment.

In practice

• Physically transport model weights for air-gapped systems.
• Monitor API access for distillation attacks.
• Recognize AI models as physical assets.

Topics

• Frontier AI Models
• Model Weights
• AI Governance
• Technology Viscosity
• Model Distillation

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Scientist, AI Security Engineer, Policy Maker

Related on AIssential

• How much does distillation really matter for Chinese LLMs? — Distillation, while a legitimate training method, is being used illicitly by Chinese labs to extract capabilities from US frontier AI models.
• State of AI: April 2026 newsletter — The AI landscape is marked by rapid model advancement, geopolitical tension, and unprecedented commercial growth, challenging existing regulatory and ethical frameworks.
• The Pre-Training Wall and the Treadmill After It — AI's frontier is shifting from data scaling to efficient algorithms and synthetic data, rapidly eroding proprietary moats.
• Owning the AI Pareto Frontier — Jeff Dean — Balancing frontier and efficient AI models through distillation and energy-aware hardware co-design is crucial for scaling AI capabilities.
• AI Inequality — Access to frontier AI models is becoming scarce and selective due to compute, security, and geopolitical constraints.
• Who's Really Stealing From Whom? — Blackbox distillation allows smaller models to learn from frontier models' API outputs, even without access to internal probabilities.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Exponential View.