NAVIGATION

Home

Reading

Writing

Projects

Outside

I AM ON

Twitter

Substack

GitHub

Home

Reading

Writing

Outside

Gating Models Is Not the Right Solution

Gating models is not the right solution. This writing comes on the back of Anthropic blocking all access to Fable 5 because the US Government issued an export-control directive banning access to foreign nationals, and Anthropic could not verify users' origin in real time.

What doesn’t make sense to me here is a few things. First, the number of good actors is generally better than the number of bad actors. I think that extends to societies in general. The question is: if this is the case, then why do we zoom in so much on the negative actors with these tools?

One natural idea is that the actions of bad actors can far outweigh the actions of good actors. For instance, a system only needs to be secured and protected once, whereas hackers work around the clock to exploit vulnerabilities. However, say there are 100 good actors to every 1 bad actor, which I imagine is a high number. In reality, it is probably a much bigger ratio. Then, we have to assume that the actions of one bad actor are 100x as bad as the actions of a good actor. I find it hard to believe that, because there are quite a lot of people who do their part to secure the Internet and the technology around us.

One other idea is that good actors can only act post-disruption, which is a bit more compelling to me. The idea is that folks looking to do damage to systems can work around the clock, whereas the actions of good actors can only happen after the fact. I actually think that this is a failure on the side of good actors. It’s hard to bend the human mind to force it to find vulnerabilities all day, but I make the case for continuous security agents. The same way we treat math or computing problems as search-space problems on a wide range of possibilities and outcomes, we can treat codebases as search-space problems for security agents. In this case, the search field is just the possible negative outcomes that bad actors may look to make real.

The idea is that security shifts to being round-the-clock and non-preventative. Right now, security is largely very preventative in the sense that it only serves to solve known issues. I think that if we reframe security issues to be search-space problems around the clock, we can prevent future issues instead of treating security as a post-hoc problem.

Prithvi Dixit 2026