Schneier on Security

Clive Robinson • May 20, 2026 1:43 PM

@ Bruce, ALL,

The first thing people need to get their heads around is that,

Before you can measure something, you have to know what it is you are measuring, and any attributes the device/entity generating what you are trying to measure has that effects the process of generation or process of measuring.

Also if the measurement you are making is relevent to what you actually want to know

For instance if you have a group of objects are you interested in primary measures such as,

1, The number of objects.
2, The order of the objects.
3, The mass or volume of objects.
4, …

And so on. These primary measures can then give you secondary measures such as “density” from mass and volume. Or information potential from number and order of objects such as a “Bag of Bits”(BoB).

As a general rule of thumb humans measure information by it’s cardinality. That relates to the “natural numbers” or “integers”.

But what do you do when dealing not with objects in a group but continuous values that form a spectrum that has real number values.

Whilst it can be seen that the set of natural numbers has cardinality… the question of whether the real numbers of things like spectrums have cardinality naturally arises.⁠

The answer to ⁠this is covered by the “continuum hypothesis”. Which immediately has a serious issue as it’s been shown to be both unprovable and undisprovable in what most were taught as “standard set theories”.

The issue is quite important to Current AI LLM and ML systems as they are all about the notion of spectrums and orders as a fundamental way they generate output.

Thus you have the issue that the spectrum encoded in the LLM weights by the ML process is very much dependent on the input to the ML process, and that any measure on that information will be biased by how the information is input to the ML as different spectrums will naturally result even though the rules etc of the ML are unchanged.

Thus in some respect you can not trust the ML process and by extension you can not trust the network of weights in the LLM.

Worse in all but simple “toy examples” it is not possible to measure the spectrums encoded in the LLM as dimensionally they are too complex.

Now you can take the above as a form of proof that the output of LLMs are currently not just “unmeasurable” but “untrustable”.

Yes you can argue that it’s a different form of “trust” from that people think of in regards to both humans and the information security systems they build.

But think further and you will realise that you have no way to measure the “information trust” of humans or the systems they design because of the “observer problem” which I’ve gone through on this blog before and there is actual accepted proof that an observer can not tell if what they see contains “sub channels” that carry secrets.

There is a proof knocking around that I’ve linked to before that this is why “guardrails” put around LLMs will always be subvertable by those who use them.

Thus these are the reasons Current AI LLM and ML systems can never be “trusted” not just in the information security context but any context that humans might consider useful.

Clive Robinson • May 20, 2026 7:52 PM

@ lurker, ALL,

With regards,

“The (small o) opposition to this seems not concerned with the security, privacy or accuracy issues, but instead focusses on the substantive issue that current costs to users of AI are artificially low while contenders jostle for domination of the market.”

I’m assuming the “small o” you mention are actually “small p” and yes we’ve more than a few of those as well (though we have just recently lost quite a few –hopefully for good– due to many voting against them).

With this type of person in general “security, privacy or accuracy” of citizens and their information are way way below the fear “accountability” engenders in the “Small p” that their cushy life style will get taken away.

But the “real issue” here is as you mention “money” or as in business what is called “overhead” and,

“The allure of doing it on the cheap today, and ‘bugger tomorrow’.”

Have you noticed how all these supposed “cost savings” never turn out to be “cheap” but a very significant “for ever cost that climbs” not with inflation but with what ever the

“Turn of the screw will get”.

It’s the business model of the likes of Palantir which in the past I’ve likened to drug dealers hanging around the children’s play ground with drug poisoned candy “business model”.

In short “get them hooked and exploit their craving pain points”.

Some places found out early what Palantir were upto and cancelled the contracts etc whilst they still could. Unfortunately they are not allowed to say very much directly so we have to ferret it out via “insider whistle blowing”.

Part of Palantir’s plan with “Law Enforcement and Intelligence Agencies” as I’ve mentioned before was to get rid of the essential investigative staff who were detectives and intelligence analysts and similar, thus “create a need” pain point. And turn ordinary “on the ground” people into “typing drones” for ever putting in information, that Palantir would then process into reports for “resale” to other agencies…

(You can piece this together from Palantir’s own advertising white papers etc that have ended up in the “usual places”).

When you analyse what we’ve got in the public domain, It’s this kind of nonsense that got nearly 200 young girls, their teachers and related people immolated with a hell fire scalping by a US tomahawk…

https://www.independent.co.uk/news/world/middle-east/iran-girls-school-missile-strike-trump-israel-preliminary-inquiry-b2936875.html

Digging in it becomes apparent US secretary of defense Pete Hegseth’s Department of War, using AI from Anthropic, came up with the attack targeting the school. But based on years old outdated data provided by the US Defense Intelligence Agency. That could have been and should have been checked.

It would appear there were AI “guid-rails” that had been put in place to caution against / stop usage of this type of “bad data” and thus stop/limit this type of potential failure…

Some have said it was this sort of nonsense coming to the attention of Anthropic by Hegseth’s minions demanding the removal of such guide-rails that caused Anthropic to say no and in effect pull the plug on Hegseth’s department of war demands,

https://www.bbc.co.uk/news/articles/cn48jj3y8ezo

And it vecoming clear in the press what Hegseth and his minions were upto with the attack on Venezuela.

All shortly before the start of the US attacking Iran that resulted in the very public response from the Trumpeta and Co.

‘https://www.bbc.co.uk/news/articles/cn48jj3y8ezo

What ever the issue the school got destroyed with a massive body count and OpenAI’s Sam Altman just jumped in to supply Hegseth his fix of unconstrained AI…

As they used to say,

“God help us all, we’ll need it!”

Clive Robinson • May 21, 2026 2:59 PM

@ lurker, ALL,

I mention Palantir and it’s “drug dealer” like business practices yesterday,

https://www.schneier.com/blog/archives/2026/05/on-ai-security.html/#comment-454570

And guess what today a UK national newspaper does the same…

https://www.theguardian.com/uk-news/2026/may/21/london-mayor-sadiq-khan-blocks-met-police-deal-with-palantir

A case of “synchronicity” again?

Or just the pervading stench of corruption from a US Corporation –set up and run by a couple of at best very questionable individuals– that has become too overpowering to ignore.