Yann LeCun rejects proposals for an international AI treaty, comparing current regulation to banning jet engines in 1920

@ylecun agreed. Life without PanAm airlines in the 70's is a timeline I wouldn't concede to, but..

I am not saying I'm the smartest person in the room here. But I have to ask myself, WTF isn't anyone talking about or asking the actual things/questions that matter?

Is everyone literally just so wrapped up in chasing their Solo $1T @ycombinator pitches for more bull-shit companies with products no one actually needs that do absolutely nothing, configuring their @openclaw agents with Twillio voice accounts so they have phone-sex and placing @Polymarket bets on whether @jensenhuang and @lisasu are actually the same person, to stop for just a second and pay attention to what is happening in real-time?

Lets look at the chain of events.

The Trump admin asked @OpenAI to stagger the release of GPT-5.6 over security concerns. On Thursday, @sama told staff the government would be "approving access customer by customer" during a preview period. @AnthropicAI did the same with Mythos in April, sharing it with select partners instead of the public.

The stated reason: national security. And the threat is real. Yesterday, @DarioAmodei sent a letter to the Senate accusing Alibaba of running the largest known distillation attack on Anthropic to date. 25,000 fake accounts. 28.8 million exchanges between April and June 2026. All designed to extract Claude's capabilities into Qwen. Before that, DeepSeek, Moonshot, and MiniMax ran similar campaigns: 24,000 fake accounts, 16 million exchanges combined. MIT researchers caught GLM models self-identifying as Claude roughly 50% of the time.

China distilled from Claude and GPT 5.5 to bootstrap GLM. That's confirmed.

But as @PatrickToulme and @teortaxesTex have pointed out in this exact conversation, distillation only solves the cold start problem. Once a lab reaches Opus-level capability, reinforcement learning compounds on its own. That's why gating Mythos and GPT 5.6 matters at this specific moment. If China gets a cold-start sample at this tier, they close the gap permanently. The moat becomes irrelevant.

I get the argument. I actually agree with it.

What I don't understand is why the solution is restricting access for the American public instead of blocking the actual threat vector.

There are ways to block entire IP ranges based on geographic region. This isn't theoretical. The infrastructure exists today, and the entities that control it are identifiable and largely US-based or US-influenced. This is the kind of coordination problem @schneierblog has been mapping for decades, and the answer isn't "it's impossible." The answer is "it requires political will."

For those of you who don't know, let me walk through who actually runs the internet, because this matters. A LOT.

At the top of the naming hierarchy sits ICANN, the closest thing to a central authority for internet governance. They coordinate DNS root management, IP address allocation, and domain name governance. Underneath them is IANA, which manages IP addressing, root zone management, and protocol parameters. Then ARIN, the Regional Internet Registry for North America, issuing IPv4/IPv6 address space and AS numbers for the US, Canada, and parts of the Caribbean. And Verisign, which operates the .com and .net registries, generates and distributes the root zone file, and runs two of the 13 root server addresses. Almost 80% of all NS records across all gTLDs sit under Verisign's domain.

That's the naming layer. Below it is BGP routing, where roughly 74,000 independently operated autonomous systems announce routes to each other. The Tier 1 ISPs form the backbone: Lumen, Cogent, GTT, NTT, Telia. They peer settlement-free, and everyone else routes through them. Physical interconnection happens at Internet Exchange Points like Equinix, DE-CIX New York, and the Seattle Internet Exchange. The White House already recognizes this layer needs hardening. The Office of the National Cyber Director released a roadmap noting that "BGP's original design properties do not adequately address the threat to and resilience requirements of today's internet ecosystem." They want to fix this. The infrastructure conversation is already happening.

Then 13 logical DNS root server addresses operated by 12 organizations, with roughly 1,954 physical instances globally via anycast. Several of whic are run by US government entities !!! including NASA and the Army Research Lab. Standards and protocols come from the IETF with architectural oversight from the IAB. They have no enforcement power, but they write the rules everyone voluntarily follows.

Now here's the point. Pay attention you slop-hopping, token sucking generative jabronies.

If the US government wanted to block foreign access to US-hosted AI inference endpoints by geographic region, here's who comes to the table.

Government side: NTIA at Commerce, FCC for telecom carrier compliance, CISA at DHS, @mkratsios47 at the White House Office of Science and Technology Policy, NSA/Cyber Command for operational capability, and DOJ for legal authority.

Private sector: ICANN/IANA, ARIN, Verisign, the Tier 1 ISPs and IXP operators for BGP filtering, DNS root server operators for selective response based on source IP geolocation, and the major CDNs and cloud providers who actually serve the traffic.

@SenatorBanks and @ChuckGrassley already sent letters to nine AI company CEOs asking exactly how they detect and guard against PRC espionage. This is the answer.

Every single entity on that list is either a US-based organization, a US government agency, or a company operating under US jurisdiction. This isn't asking hostile foreign governments to cooperate. These are our institutions and our companies.

And here's the part that should make this click faster than your fat little fingers on a Torrent for a leak of #GTA6

@AnthropicAI literally built Mythos, a model with powerful cybersecurity capabilities. @DarioAmodei with cooperation from the Government and all those acronyms I mentioned above could deploy something purpose-built from it at the network level, operating in real time, analyzing traffic patterns, identifying proxy chains, flagging routing anomalies, making it extremely difficult for obscured traffic to reach US-hosted inference endpoints. Not impossible. Extremely difficult.

That alone eliminates an estimated 95% of potential distillation attempt traffic. You're blocking known IP ranges, detecting VPN and proxy routing patterns with AI-powered analysis, and forcing adversaries through increasingly narrow channels.

(I'm a nobody with zero followers on X but if you ask me something like this is far more beneficial and credible mapped as the function of something like #ProjectGlasswing than all the heads of AI playing whack-a-mole in multi-player mode finding vulnerabilities that can already be found by existing models and methodologies.) Just sayin..

The remaining 5%? A small subset of genuinely skilled operators who can resolve routing paths through third-party transit, exploit BGP leaks, or use anycast root server instances outside US jurisdiction. Yes, they exist. No, they're not the majority of Chinese AI lab staff. These are research engineers. They're not all network penetration specialists too. And the 25,000 fake accounts Alibaba used? Those don't work when you can't reach the endpoint in the first place.

I'm not saying this would be easy. It would require an executive order compelling cooperation across all of these layers simultaneously. The internet was architecturally designed to route around damage, including intentional blocking. DNS can be bypassed with direct IP access. BGP routes can leak. VPNs and Tor exist. It would still be leaky.

But that's not the point.

Every security measure leaks. Bank vaults get cracked. Military encryption gets broken. Border walls get tunneled under. We don't throw out the vault because someone might crack it. We build the vault, then we watch the vault, then we catch the people trying to crack it. The goal is making distillation prohibitively expensive and operationally risky for state actors, not mathematically impossible.

So here's my question. @elonmusk, @ylecun, everyone building and using models at the frontier:

If this is truly a national security concern, if the real worry is China getting a cold-start distillation sample from Mythos or GPT 5.6 and closing the gap permanently, then why isn't the response building infrastructure to block the threat at the network level? Why is the response gating access for American citizens, American companies, and American developers?

@AnthropicAI and @OpenAI, with the cooperation of the United States government in the name of national security, could provision all of this. The protocols exist. The infrastructure exists. The legal authority exists. The entities that would need to cooperate are largely domestic.

The fact that nobody is even talking about this approach, that the default solution is "approve access customer by customer" for American users while the actual adversary operates on a completely different network topology, tells you something.

Either this is genuinely about national security and the people making these decisions haven't considered the technical alternatives, or the national security framing is convenient cover for something else entirely: controlling who gets access to the most powerful AI systems ever built.

I don't know which one it is. But I know which question we should be asking.