A

Foreign. Welcome back to the AI Policy Podcast. I'm Matt Mann and today I'll be speaking with Greg Allen about three pretty big stories in what's been a busy week for the AI Policy space, including a potential new executive order targeting state AI laws, proposed changes to the EU AI act, and a Chinese cyber attack using Anthropic's model. Claude. But Greg, before we dive into these topics, you just got back from a week long trip to India in preparation for the India AI Impact Summit. So why don't we start there? Who were you speaking with and what were some of your biggest takeaways from the trip?

B

Thanks Matt. Good to be speaking with you again. And yes, I am back from India and you know, just as a little personal aside, I'm a weak person when it comes to adjusting from jet lag. So if I sound dumber on this podcast than usual, that's, that's why. But it was a fabulous trip to India. I was going with my colleague Rick Rosso, who is the India Chair here at csis, and we were meeting with a bunch of different institutions in the Indian government in the Indian private sector. We also co hosted two roundtables with local organizations about, you know, the US India relationship in the context of AI and also AI for development and what can be done in those things. And of course all of this is headed towards the India AI Impact Summit which is going to be taking place in February of 2026. And I think this summit, there's actually pretty high expectations associated with this summit, which might come as a surprise to some. But I mean, if you think about the extent to which the UK AI Safety Summit, which was the first in the series, totally reshaped the global conversation on AI. And then again the French AI Action Summit earlier in 2025 again reshaped the global conversation on. I think a lot of folks are taking it seriously that India is going to be a big deal. And India, you know, as an economy is in a pretty interesting moment and it plays a pretty interesting role in the AI ecosystem. So for example, you know, when, when OpenAI says that ChatGPT has 800 million weekly average users, well, the number one user base is Americans, but the number two user base is in India. And that is really interesting because it, it harkens to, you know, what might be the potential for chat GPT in the global south writ large and some of the experiences that they're having in India, you know, suggest what the product might need to evolve towards to be relevant and you know, for in India which is basically abandoned email as a work practice. Everything takes place on WhatsApp. Government services are sometimes delivered via WhatsApp.

A

Interesting.

B

And so you know that relationship that technology has with consumers is pretty interesting. In the case of AI for example, there's a huge share of diverse language requirements in India but also they're apparently they're much more heavy users of spoken as opposed to typed chat interactions which is pretty interesting just in and of itself. It might be related to populations with relatively low literacy rates, it might just be preference, who knows. But there's all kinds of interesting things going on. A couple other interesting things that are going on is a bunch of companies are opening, opening offices in India. OpenAI already had one, Google already had one, Microsoft already had one. But Anthropic just opened their India office. And I don't think they've been public yet about like what that office is going to be up to. But it's interesting. I assume they're doing it for more than just a position themselves for the AI Impact Summit, but does speak to the relevance of India. So I talked about it as a consumer of AI services. It's also an important producer of AI services. There are big American technology companies where the number two country in the world for them in terms of employment is India. Because India, in contrast to China, which its development model is much more focused on manufacturing. India has embraced technology services and especially IT as a growth engine for the overall economy. And software development is a big there. Outsourced it is big there. And they're all one wondering sort of what does the future of AI mean for India. And these are companies that have heard the predictions about how AI is going to be devastating to knowledge workers, how it's going to be devastating to software as a service business models. And they are fighting to show that actually they're going to be ahead of the AI future, not disrupted or destroyed by the AI future. That's all pretty interesting stuff in terms of what India is looking to accomplish at this summit. They described a list of priorities they have among them I think are expanding the inclusiveness of AI. There is a sense that AI is a rich countries kind of industry and India wants to say whatever this economic revolution is, it needs to be inclusive of the Global South. And India is explicitly positioning itself as a leader of the Global South.

A

Right. And this is, this is the first global AI summit in the Global South.

B

That's right. Hosted by a Global south country. Now the term Global south is kind of funny because the equator goes through Indonesia. It doesn't go through India. So India is not really in the Global south in terms of like below the equator global South. But it's a term that the Indian government itself uses freely and routinely. So I'll continue using it for the same reason. So then there's also the aspect of like, AI and development. And here I think there's just tons of really interesting use cases going on, some of them being put into practice by our partner organization. So we are the Wadhwani AI center at csis. Funded in large part by the Wadhwani foundation, the Wadhwani Institute for AI in India is actually developing software AI tools on like a philanthropic basis. And that's to improve health care delivery outcomes, to improve agricultural outcomes. I mean, they have something for the detection and treatment of tuberculosis that is now, you know, reaching tens of millions of people in India. So pretty exciting to see sort of like what the rest of the Wadwani foundation is up to. And they're obviously especially strong in India. And I think the government is really excited about sort of sharing the success stories that they've had in terms of using AI to support economic development and public health, public education, those kinds of use cases, and then to do what they can to evangelize amongst the rest of the global south and say, hey, these are tools that we've tried out that we found useful and would be useful to you as well. It's still going to be the case that big global conversations on AI, such as us, China, geostrategic competition, are going to either feature loudly in the foreground or loudly in the background of this kind of conversation, as is the global debate on AI governance and regulation. So this is sort of what's going on. The Wadhwani AI center and me in particular, I'll be going back to India. We're going to be publishing a series of articles and papers on this topic and convening events in the United States and in India. So stay tuned. We have a lot more coming on this topic.

A

That's right, that's right. Well, in the meantime, let's dive into the three big stories of this week. This has been, as I said, a Busy Week for AI Policy. On November 19, several news outlets reported that the administration is considering an executive order to preempt state laws. And this executive order was actually published in full text. Could you tell us more about what the administration is trying to achieve through this eo? And to be clear, this EO is still a draft. It has not been passed.

B

Yeah. So I have a copy of the Leaked draft here, I should note at the very top it says deliberative pre decisional draft. And the Verge was the first outlet to leak a full copy of the draft. I actually have no idea the mechanism by which this was leaked. My guess is that it was shared with Congress in order to be able to solicit feedback on the executive order from the legislative branch. And then somebody in the legislative branch decided that they didn't like it and wanted to share it with the media to try and generate some momentum against it. But I do think, assuming this document is authentic, which I have no reason to assume it's anything other than authentic, it does kind of reveal an interesting state of preferences and beliefs of at least some leaders in the administration at this moment in time. So I think the first thing that really jumped out to me was Section two policy. Quote, it is the policy of the United States to sustain and enhance America's global AI dominance through a minimally burdensome uniform national policy framework for AI. So the reason why I think that's interesting is the administration is saying here that they are not explicitly, always and forever against regulation. They are against this patchwork of state regulation. That is a phrase that we've heard coming out of many Republican legislators on the Hill. For example, Congressman Jay Olte, when he was on our podcast, he said pretty much the exact same thing. It's not that they're anti regulation, but they're especially allergic to state level regulation just because they don't want this sort of differing patchwork that they think is going to introduce additional complexity for businesses. But Matt, you noticed something very interesting in this draft executive order, which I had missed, but I thought it was really clever. So do you want tell everybody what you saw about the deadlines in various aspects of policy compared with the deadline for coming up with a federal policy framework for AI?

A

Yeah. So almost every section of this executive order includes some sort of deadline for taking action. For example, many of the deadlines say within 90 days of the executive order taking effect. Whoever that the action is tasked to has to complete the action, whether that's the fcc, the ftc, or one of Trump's advisors. Interestingly, there is a section called Legislation, and that section asks that David Sachs, who's the AI and crypto star for Trump and the director of the Office of Legislative affairs, quote, prepare for my review a legislative recommendation establishing a uniform federal regulatory framework for AI that preempts state AI laws that conflict with the policy set forth in this order. Now, I'm guessing the reason they put this in there is to quell fears that this is just another version of the moratorium where you're banning state AI laws without putting forward any sort of federal standard to replace them. The interesting part, which you mentioned earlier, is that this is the only section in there that doesn't have a deadline. And I think that is probably not a mistake. Maybe it is probably not. And that probably has something to say about what the priorities in this executive order are. Perhaps there isn't as much of a rush within the administration to provide that federal standard or create federal legislation to preempt the state laws.

B

To go even further. Right. A cynic might say that your official policy is to have a minimally burdensome federal framework for AI regulation. That's your stated policy, but your real policy is to block state regulation and to block federal regulation. And the lack of a deadline on that sort of communicates the seriousness with which you do treat other parts of this and with which you do not treat coming up with a federal framework. Now, you know, that's the cynical view. We're reading a lot in there. We'll see what actually happens when this executive order comes out and what the administration tries to do. But I thought that was a super interesting catch, Matt, so thanks for sharing it with the audience. Yeah. Okay, so the meat of this executive order is creating an AI litigation task force. And basically what they're saying is they want the Department of Justice to sue state governments who try and who do pass AI laws, AI regulatory laws, and they want to go after them on multiple potential grounds. One is unconstitutionally regulating interstate commerce or are otherwise unlawful. And I think the unconstitutionally regulated interstate commerce one, to me, stands out because this is an argument that the venture capital firm A16Z very prominently wrote about just a few weeks ago, basically saying that, you know, there are aspects of AI regulation in the laws that, for example, Colorado, which has probably one of the beefier laws out there that unduly influence interstate commerce. And I've heard the same thing out of the mouths of American legislatures. So it appears that the executive branch, branch and the White House finds that to be a persuasive argument and persuasive enough that they want to start putting court cases against it. And what's interesting is that, you know, there is an impact of having these lawsuits and threatening these lawsuits, even if the Trump administration expects to lose. Right. I think that just. Just by having this executive order, every single state government that's drafting an AI regulation right now is going to do a review again. And Basically, okay, if we were challenged in court on the grounds of violating interstate commerce, what would we say? Do we think we would win? Why do we think we would win? And is there anything that we could change in this law to increase the chances that we might win? Right. And, you know, interstate commerce regulation, you know, derives directly from the Constitution. But the court cases here have not been especially bold, at least in the past few decades. So what would actually happen if these things went to trial is unclear. But I think it's a very interesting move by the administration, regardless.

A

Absolutely.

B

A second thing that they're doing is evaluating the state laws and basically saying, you know, which of these laws do we find to be sort of unduly burdensome? And can we tie that to new restrictions on the allocation of federal funding for AI research or other things? So hypothetically, you know, in the extreme, you could imagine that the federal government, for example, the National National Institutes of Health, the National Institutes of Science and Technology, darpa, sort of big funders of AI research, could look at California and say, oh, you passed the following regulations related to AI. These are unduly burdensome for the following reasons that will hamper our ability to efficiently allocate research resources. Therefore, you're going get less money because we don't like your state level AI regulatory law. So this is the Trump administration, I think, looking for opportunities for leverage and making some pretty big threats to the states about AI regulation and what they're going to do. And it's unclear, you know, the reaction that we're going to see from the various states. We've already seen some quotes come out from noteworthy legislatures and actors on this. So, for example, Scott Wiener, who was one of the principal forces in the California state legislature behind SB 53, which was the big AI safety and transparency law that he told Politico, quote, trump has no power to issue a royal edict canceling state laws. So I think that's pretty interesting and sort of suggests that this is going to be some kind of a fight that we can expect to see in the not too distant future if executive order does, in fact take place.

A

And I think Scott Wiener's bill that just went through, SB 53, was explicitly called out within this executive order as an example of burdensome AI regulation that this order is meant to preempt. I think there's another piece to this that is worth mentioning, which is that there also have been some recent discussions of slipping back in a preemption clause to a legislative package, this time, not the one big beautiful bill which is what it was last time. But the ndaa, and there was one quote out there from the semaphore congressional bureau chief who wrote on X that the White House is considering an executive order preempting state legislation on AI if the moratorium does not pass in the ndaa. So I'm not sure that's true, but if the reporting is accurate, this could be something that we see depending on the outcome of the NDAA proposal.

B

Yeah, and now I'm getting into wild speculation here, but that would sort of concur with my earlier assessment that the Hill leaks this. So it could be the case that the Trump administration sent this to the Hill and said, hey, you had better include a moratorium in the ndaa, otherwise we're going to do this. And the people who are opposed to this tried to get the media involved in order to gin up some momentum against it. Anyway, we're getting too much into the sort of legislative food fighting part of this story, but nevertheless, it's been a big week for AI regulation.

A

Yeah, absolutely. Well, we can move on to our next topic then, which is also related to AI regulation. Also, on November 19, the same day that this EO came out, the European Commission proposed a two part digital omnibus that has several major implications for EU's regulation of AI. Could you tell us more about what these proposals are and the political context that they're coming from?

B

So there's so much going on in the European Union related to the EU AI Act. And, and I want to emphasize that just as with the executive order we were just talking about, most of what we're going to talk about is at this stage, a proposal. And it's a proposal coming from the European Commission, which is sort of like the executive branch of the European Union. Most of this stuff, in order for it to take effect, would also have to be approved by the European Parliament. So most of what we're talking about is proposed. But I think it's interesting in and of itself that the European Commission, which has the enforcement obligation associated with the EU AI act, is basically coming out and saying we regret a lot of what's in the EU AI Act. And we've got some of the folks who were even involved in drafting the EU AI act who say that they regret where this legislation has gone right now. So we'll get into that. Let's start with how this is going to take place. So the European Commission has proposed a two part digital omnibus. So you have to start by asking, like, what is an omnibus type of regulation. So this is one legislative measure that's going to amend a bunch of different legislative fields. So not quite the same meaning as omnibus in the United States legislative sense, but still pretty similar. And the two proposals are the digital omnibus on AI regulation. And this is really talking about mostly delaying implementation of some key features of the EU AI Act. And then the second one is the digital omnibus regulation proposal. And this is really about gdpr. And it actually is, I think, taking a, trying to take a whack at gdpr, especially trying to take a whack at the fact that member states can impose additional requirements on top of gdpr, which in sort of EU jargon is referred to gold plating. So recall that, you know, one of the primary inspirations for the European Union in the beginning was to create the so called common market, right, where the economy is unified, even if the militaries aren't unified, even if, you know, the foreign policy is not unified. And really in GDPR there's not so much of a common market because different states can add on additional requirements to be even more burdensome and also because the regulatory enforcement is at the state level for gdpr. That was actually one of the criticisms of GDPR by the authors of the AI act, which is why their enforcement takes place at the European Commission level, at the equivalent of the federal level. But here's the thing. Gdpr, because it's targeting data, has a lot of implications for AI. So this sort of spaghetti landscape of the different regulatory requirements can be quite burdensome, can be quite confusing to navigate. And what I think so interesting about this current moment is that it is the European Union criticizing itself. That I would say is the loudest voice in this conversation. You've got the European, the former Italian Prime Minister Mario Draghi, who came out with the Draghi report last year. He is clearly still a very influential advisor to the current President of the European Commission, Ursula von der Leyen. And both of them have been talking specifically about issues with Europe's competitiveness in AI and what needs to be done about that. And so these kinds of regulatory delays, these kinds of regulatory simplifications, these kinds of regulatory reductions, all part of Europe trying to, how should I say it? Buyer's remorse. It's Europe trying to deal with the buyer's remorse of passing the EU AI act, which is just fascinating. Now, of course, there's other voices inside of Europe, especially inside the European Parliament, who disagree that that's the current state of affairs and that that's the right prescription for where they are. But it's a really interesting moment in European politics.

A

Yeah. Well, let's talk about some of the actual policy in these proposals. You mentioned the delay in the AI proposal. I think there's several other parts of that that are worth mentioning. But what do you see as the most important AI related amendments and what do they actually do?

B

Sure. So I think at a high level it's worth just recapulating, recapitulating how the AI act works. And there's sort of two big chunks of regulation. The first is a risk based classification which is unacceptable risk, high risk or low to no risk. And it's really targeted at use cases. So an unacceptable risk, you know, might be something like biometric surveillance by state police authorities, you know, to prevent people from exercising their rights or something like that.

A

Seems pretty.

B

So the government just makes it illegal to make AI systems that go towards that use case. Then there's the high risk stuff, which is like using AI in medicine or using AI in safety, critical loss of life risk kind of scenarios.

A

Sure.

B

And then the rest is like low risk, you know, which would be something like AI for entertainment.

A

Yeah. Like a video game or something.

B

Yeah, exactly. And that one they're basically just saying like, no, there's no additional regulation for these fields. So that's one big bucket of how AI is regulated in the European Union, which is on a use case basis. The second big bucket is around these general purpose AI systems, which is what was added to the EU AI act in the wake of ChatGPT. They were trying to think about how do we get our arms around these things that do many, many use cases. Because ChatGPT wants to be your lawyer, wants to be your therapist, wants to be your doct doctor, wants to be your entertainer. And so this sort of use case specific restrictions struggle to address these large language models that can do so many different things and are therefore called in the regulations, GPAI general purpose AI systems. And there the risk based classification is targeted at the capabilities of the system itself, which is to say, is this system capable enough to present potential systemic risk to the overall thing. Thing. And there it's less about, you know, you can't do AI that does X. And it's more like you must take on these burdens, which is to say safety evaluation measures, transparency measures that sort of apply just in the creation of these systems, which you can analogize it to the types of regulations that apply to airlines or nuclear reactors. Right. Before you even begin the story, you have to show that you have some kind of safety procedures in place and are willing to take all these steps to reduce the risk. So again, those are the sort of two high level breakdowns of how the EU AI act works. And I think what's interesting is that if you look at some of the quotes from Draghi, for example, he gave a really interesting. He published a really interesting article. I think it's a transcript of a speech not entirely clear to me, but in September of this year in which he said that he thinks the code of practice for general purpose AI systems is mostly okay and that the unacceptable risks for the use case framework is mostly okay. And he thinks the biggest problem is with the high risk part of the.

A

AI app, which is separate from like the general purpose AI stuff.

B

Exactly, yes. So it's not the systemic risk which applies to general purpose AI models. So I think the biggest thing is around delays and also flexibility of delays. So as folks who listen to this podcast have heard many, many times, a lot of the EU AI act was originally written as thou shalt follow the standard standards coming soon. And here they're relying on that as a reason to delay stuff. So the European Commission can declare that the available standards do or do not exist at a current moment in time and then delay the implementation of the act until those standards are finalized. And, and overall, what this should be expected is just a delay. And I think a lot of the estimates are saying something like a year of delay should be expected, but conceivably, you know, it could go even further or shorter than that, depending on the evolution of the politics. Again, this is the proposal from the European Commission. What actually happens, European Parliament's going to.

A

Right. There's a lot of negotiation to follow this in which there could be many amendments. I think a good comparison here is the EU AI act, which is looked a lot different when it finally passed than when it was proposed. And I'm sure a lot of the deadlines changed throughout that process. Right. So we have these potential delays depending on the outcome of this process. What is the political context of all of this? Why is this document coming at this time?

B

Yeah, so I think, you know, Europe has a lot of anxiety about its current state in world affairs, Just in general, it's growing slower than the United States. It is now smaller economy wise, as a share of global GDP than it was. I mean, in India, one statistic that I heard again and again and again in every meeting is that by 2027, India will be the third largest economy in the world. And what's so interesting is nobody counts Europe when they do that story, because they think Europe, you know, pretends to be one common market, one common economy, but actually it's a bunch of different economies. And India definitely is one common market, is, is growing faster, much faster than Europe. And so Europe is trying to figure out what they can do to revitalize growth, but they're struggling because Andragi says this explicitly. They are so dependent upon the United States for their defense policy that they kind of had no choice but to accept a lot of US demands on trade, on tech regulation and other stuff. And that's pretty interesting because Europe is trying to say that, hey, we're not walking back the AI act in response to US pressure. We're doing it because we're trying to bolster AI investment, trying to bolster overall global competitiveness. And the reality is that European firms attract a fraction of what US firms do when it comes to venture capital investment. They are even smaller than what China attracts in terms of venture capital investment investment. And that is something that they are really concerned about. Draghi in his September speech said, quote, GDPR has raised the cost of data by about 20% for EU firms compared with US peers. Yet the only change on the table so far is an easing of record keeping and extending SME derogations to mid caps. Broader reform towards simpler harmonized rules is still vague. Well, I think that's what the Data Omnibus US is aiming at, is sort of broader reform of gdpr. But the political context of this that I think is also interesting is it's not just US technology companies who are calling for this. A group that included Philips, Siemens, big diversified industrial technology conglomerates, as well as ASML and Mistral. So the, the biggest chip equipment company and the biggest sort of local AI model developer helper all said, you know, please delay the EU AI Act. This is not good for us. I mean, Siemens for example, has a big medical equipment business and so you can imagine why they would be especially aggrieved about the imposition of AI requirements targeting, you know, medical use cases specifically. Like if my MRI machine is using machine learning to do something funny in the imaging, is it really the case that the sort of existing MRI machine safety regulations are insufficient and we need this whole other box body of stuff. And the GDPR connection to AI in particular, I think is interesting because this proposal includes stuff such as saying, hey, as long as the company has made an honest effort to eliminate the personal data in the training data set, we're not going to throw the book at them for every Single piece of personal data that finds its way into the training data set. That's pretty interesting, right, that they're specifically asking themselves what parts of GDPR might make it hard to be doing AI in on the continent the way that we want to. So that's, I think one big part of the political context. I think the other part is the European Parliamentary Research Service, which is sort of analogous to the Congressional Research Service that we have here in the United States. They published a report that was pretty mean about the AI act writ large. And I think there's one thing here that's probably worth just quoting at length. The administrative tasks companies must undertake to comply with EU laws depend on their activities. Companies handling personal data must comply with GDPR rules once enforced. Companies distributing and manufacturing devices might need to comply with the Cyber Resilience Act CRA and those providing general purpose AI GPAI might need to comply with the AI Act. A company could need to comply with all three. However, each law has different deadlines, reporting procedures and authorities. The GDPR and the CRA are enforced at the member state level, while the exclusive power to enforce GPAI rules rests with the Commission. If a company provided high risk AI systems instead of GPAI enforcement would be at the national level, the gdpr, CRA and the health, safety or fundamental rights of persons. Imposing registration requirements would constitute a disproportionate compliance burden. Now I realize that's a lot of like bureaucratic regulatory jargon, but that's pretty harsh self criticism coming from a government research outlet saying that, you know, this patchwork of regulations that we have, all targeting AI, all targeted in a bunch of different ways, is not helping. And it is an undue compliance burden. And what's interesting is it really harkens back to some of the original debate about AI regulations. Regulation when the AI act was underwritten, which was, you know, the United States often positions itself as anti regulation. But that's not really true. The AI approach in the United States is much more sectoral regulation. You know, the, the Food and Drug Administration, the Treasury Department, like they're regulating the use of AI in medical devices, they're regulating the use of AI in financial instruments and companies. So it's not that the US is anti regulatory, it's just a question of should regulation in AI be vertical, which is to say sector specific, or should it be horizontal, which is to say one law that sort of broadly covers a bunch of different sectors. And the EU AI act went horizontal. And here you have, as I said before, some real buyer's remorse being evinced, at least by the European Commission. In the Parliament, you have folks like Brando Benefay, who's part of the Socialists and Democrats and was a key author of the original AI Act. He said that, quote, he is deeply skeptical of reopening the AI act before it's fully enforced and without impact assessment. And the Green Party, Alexander Gies, who's a prominent German member of the Greens group, said that the changes would, quote, dismantle the protection of European citizens for the benefit of US Tech giants. Then she goes on to say the Commission should focus on real simplification and streamlining of definitions rather than bending their knee to the US Administration. So you're seeing there's like, political debate about both what is being accomplished and what are the reasons behind doing it. You have folks who are saying, no, we're doing this to increase competitiveness. You have folks who are criticizing them saying, no, you're just bending over to give in to the US Technology lobbying group.

A

Yeah, well, I want to talk about one more thing, which is if you're a company that has to comply with these rules, you're probably happy about a lot of what's in these two proposals, particularly with data streamlining, streamlining the data rules, and also with some of the reduced obligations in the AI Act. But there's actually, I think, one sort of counterintuitive aspect to this, which is a AI correspondent at the regulatory risk firm mlex, Luca Bertuzzi commented on. I was wondering if you could sort of dive a little bit into that and talk about why you might not be actually so happy with the delays part of this, particularly the uncertainty that it comes with.

B

Well, I think you know, Bertuzzi, he is talking about the delays and the implementation dates of August 2026. So he had a post on LinkedIn that I thought was interesting, which. Here we go. Quote, the Commission chose not to introduce a separate stop the clock mechanism to avoid signaling that the entire AI act is on hold. Instead, the pause will be embedded in the broader AI omnibus package. That means the whole omnibus must be approved before the high risk regime takes effect in August, putting intense political pressure on EU countries and lawmakers to conclude negotiations within roughly six months. And so this, this creates some challenges for companies because as he, he wrote In a different LinkedIn post, quote, businesses won't know when the core of the AI act will truly bite until the EU co legislators strike a deal on the entire AI omnibus. And even then, the Commission could decide that the clock starts ticking sooner than Expected. So on the one hand, companies are probably excited because there's a chance they're going to get a lot of what they want. On the other hand, you know, the, this debate has unfolded has added a lot of additional uncertainty into the situation. Not certainty.

A

Yeah. And I think to make this slightly more clear, there is a real plausible scenario where it takes long enough to get this proposal through the European legislative process, that the Demands of the AI act take force in August 2026 before this proposal passes. In which case, if you're a company, you're left in a really odd position where you now have to comply with these rules. Rules. But this proposal that's supposed to delay the rules is still in the works. It's not necessarily likely.

B

Delay comes after.

A

Yeah, exactly. So it's not necessarily likely that that happens. And I think Luca Bertuzzi himself said that he thinks it'll probably get through in time. But it is this weird uncertainty to have specifically for a proposal that's meant to reduce the uncertainty of implementation.

B

Definitely.

A

Yeah. Well, let's move on to our last topic here. And on November 13th we saw a post from Anthropic claiming that they had disrupted a, quote, highly sophisticated AI led espionage campaign. The company said Chinese state sponsored hackers had used Quad to assist in a major cyber attack targeting large companies and government agencies. Can you tell us more about this incident? I mean, what, what details did Anthropic provide and why does it stand out compared to past cyber attacks using AI?

B

So I think this incident stands out both in terms of a new moment in what AI is actually on planet Earth doing in the cybersecurity domain versus what, you know, previously had been described as potential outcomes of AI's growth. And then the second thing is surprise. This is getting politicized too and is factoring into the regulatory debate in the United States, which we'll get to. But let's start with, you know, just what actually Anthropic is claiming they observed on their network. So they had a blog post where they described this. They also had a paper and they're saying, quote, in mid September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI's agentic capabilities to an unprecedented degree using AI not just as an advisor, but to execute the cyber attacks themselves. And they go on to say that they're very confident it was a Chinese state sponsored group who had manipulated their Claude tool into, quote, attempting infiltration into roughly 30 global targets and succeeded, succeeded in a Small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. So this is pretty interesting, right? And Anthropic is saying that These attacks were 80 to 90% automated by AI. So the AI is executing the attack on a step by step basis, which requires some sort of flexibility and adaptation. And the AI is now capable of performing that flexibility and adaptation. And what's so interesting is that Claude has safeguards that are designed to detect and prevent this, and they did not detect it until it had already taken place. And there were already already victims of the cybercrime. I think one other big part of this is that this is exactly one of the risk factors that was the direct inspiration for the creation of the UK AI Safety Institute, now the AI Security Institute, and the United States AI Safety Institute, which is now the center for AI Innovation. Centers of innovation. Thank you. Yeah, Casey. And Casey has sort of explicitly said that the three risks that they're most interested in are weapons of mass destruction, making it more accessible or easy to acquire or use weapons of mass destruction, and then also automation of cyber attacks. So this is literally one of the risk factors that was the, the justification for the creation of this organization. And now we're seeing that phenomenon observed in the wild. And what's so interesting is it's Chinese state espionage organizations using American tools to do it. So I do think that this is a bad day for deepseek, the Chinese AI model developer, which has been trying mightily to claim that they're just as good as the Western stuff. But at least you've got this sort of bizarre endorsement by Chinese intelligence agencies that American models are still ahead when it comes to automating this stuff. But the problem is, my gosh, you know, if you're anthropic, if you're OpenAI, this is not what you want to be enabling with your capabilities. And it's not like Chinese intelligence services are doing Google searches to find out, you know, learn how to be better hackers. I mean, this is. Claude actually engaged in executing the attacks in an agentic way. It's a pretty remarkable discovery, something that I remember talking about, gosh, back in like 2016, when we were first writing on these issues in a report I was doing on behalf of the intelligence community at the time. And it's wild to see this stuff that we were talking about as a big hypothetical now existing in the wild.

A

Yeah, well, for all the reasons to be concerned about this incident, there was actually quite a bit of pushback from the cybersecurity community. Could you take us through some of their concerns with Anthropic's report and why they're a little bit skeptical?

B

Yeah, I mean, I think there's a few criticisms and common themes of the criticism. The first is a criticism of Anthropic and the extent to which these disclosures meet the norms of cyber incident disclosures that, you know, the field is sort of saying, when you want to talk about an attack, here's all the things that we would expect you to share. And Anthropic did not, at least as of yet, share all of those things. Okay, fine. Maybe Anthropic should actually release all that additional information. I'm not really in a position to sort of say it's not really my area of expertise, whether or not this is adequate, but what they've given you is already interesting enough. Okay, then the second thing that I think is a criticism is that, you know, does this constitute sort of a meaningful increase in capability? Because if you're China, where the cost of a software engineer is quite, quite low, is it that big a deal to go from humans doing this part of the attack cheaply to AI doing this part of the attack cheaply? And I will say I don't find this criticism to be especially credible. Even if it is the case that at this current Moment in time, November 2025, it is not a significant increase in capability. I think the Runway is pretty obvious, right, for where we might get in a year or two years, this could.

A

Be a warning shot for that.

B

Exactly. Like AI right now is the dumbest AI is ever going to be on planet Earth. Right. It's not going to go backwards in terms of capabilities. And I think the AI tech companies, they've been emphasizing that, look, AI is a general purpose technology. Just as your laptop can be used for cyber defense or cyber offense, AI can be used for cyber defense or cyber offense. And I think what's interesting is we have seen real evidence of AI being used to meaningfully move the needle in cyber defense. Right. It is the case that, you know, hiring a red team company to come in and audit your software and look for the 10 trillion ways that you might have introduced vulnerabilities to your user base by failing to dot every I and cross every T in cybersecurity, that's labor intensive, it's expensive, and it's beyond the capabilities of companies that don't have a huge pool of resources in some cases. So AI can automate a lot of that work, do it in a way that scales Pretty nicely. So you can see how AI strengthens cyber defense and has strengthened cyber defense. I think this incident report is a really interesting data point in where AI is going in terms of strengthening the offense side of the equation. And I'm sure the US Government, the US intelligence agencies are very interested in this report and asking themselves, how do we fight these, these capabilities, how do we acquire these types of capabilities and give China, you know, a taste of its own medicine in this sense? And I think, I think just one little irony in the story is, you know, how did China fool Claude? How did they get around the anthropic safeguards? Well, at least according to the anthropic report, they were pretending to be cyber defenders. They were pretending to be the actual use cases of like, hey, we're doing some ethical hacking, penetration testing, various systems. Can you help us, you know, do this legitimate testing of the things. But that's all just a lie to trick the LLM. The actual thing that's taking place is real penetration, real stealing of data, data and that sort of thing. And the fact that there are real world victims of this crime that are big tech companies, that are government agencies, that I think is just a remarkable moment for where we are. So as you can imagine, this is now, you know, introducing into the political debate because cyber risk associated with AI is one of the justifications that is used for safety standards. In some cases, it's also used as a justification for additional regulations.

A

Yeah. And so talk more about what exactly those criticisms are in the AI policy space. I mean, some people in the policy space are like extremely concerned, it seems. Others are like poking at anthropic, saying that this is not a legitimate report.

B

Well, so let's, let's talk about the sort of very various opinions on this topic. One, and here's a colorful quote from Senator Chris Murphy, who's a Democrat from Connecticut. Connecticut. He wrote on X, quote, guys, wake the F up. This is going to destroy us sooner than we think if we don't make AI regulation a national priority tomorrow. Right. So he's explicitly linking this disclosure to the need for explicit AI regulation. Scott Weiner, who we talked about earlier on this podcast, an influential state legislator in California. He wrote, quote, for two years we advanced legislation to require large AI labs to evaluate their models for catastrophic risk or at least disclose their safety practices. We got it done. But industry, not anthropic, continues to push for a federal ban on state AI rules with no federal substitute. So that's the argument, sort of saying that this moment is evidence that we need additional AI regulation. What's the other side of the equation looks like? Well, first you have the former chief scientist of Meta, Yann Lecun. He just resigned and I think is starting his own startup. He responded to Senator Murphy on X and said, quote, you're being played by people who want regulatory capture. They are scaring everyone with dubious studies so that open source models are regulated out of existence. Now maybe that in and of itself wouldn't be justification for including on this podcast, but guess who retweeted that post. David Sachs, the AI czar in the Trump administration. And what's so interesting is that David Sachs, he posted on X. Anthropic is running a sophisticated regulatory capture strategy based on fear mongering. It is principally responsible for the state regulatory frenzy that is damaging the startup ecosystem. And what's so interesting is that that language in that X post is echoed in this draft executive order that is.

A

Really a full circle moment for this episode right now.

B

Yeah, so the executive order said, quote, moreover, sophisticated proponents of a fear based regulatory capture strategy are responsible for inciting these laws where subjective safety standards hinder necessary AI development. So that's like in the executive order it's not explicitly saying anthropic, but in the ex post it's explicitly saying anthropic. And so the anti regulatory momentum is kind of becoming politically targeted at Anthropic in a big way. And this fight and how it's going to end up unclear as of this stage. But let me just say, you know, I remember in 2015 reading Dario Amadai's paper Concrete Problems in AI Safety, which I think came out in 2014 or 2015. At the time, Daria Amadai was not the CEO of Anthropic. He was not the head of research at OpenAI Jobs that he would later go onto to have. He was just kind of a middle researcher at Google Brain, which didn't even make commercial products for AI at the time. So I just know, I just know that Dario is sincere in his concerns about AI safety. It is not a strategy for regulatory capture. It is something that he believed and argued for long before he was in a position to benefit from anything remotely approaching regulatory capture. And I think there's like a question of, well, wait a second, you know, big American tech companies hate the EU AI act, right? But you're saying that actually like excessive regulation benefits big tech companies, so why are they so opposed to it? I think is an obvious question. And they fought against it pretty mightily. Italy, it's not obvious that Anthropic would be uniquely benefited over other companies in a situation in which there would be regulation. And I think I've seen something else. This is something that Dario has said publicly. He said that, you know, there's a competition for talent in the AI sector and some people who could go work at OpenAI, could go work at Anthropic, could go work at Google. Google, sometimes they choose to work at Anthropic because they like that Anthropic has these sort of voluntary efforts related to AI safety and other things. And what's interesting is that Dario has encouraged the people who picked Anthropic over alternative jobs to call the recruiters of OpenAI and Google and elsewhere and say, say I'm picking Anthropic. And I want you to know specifically the reason why I'm picking Anthropic is I think that they're more committed to AI safety. That is not the kind of behavior that you would expect to see from a company that was pursuing a regulatory capture type strategy. While I think there is a legitimate argument to be made about what is the right balance of promoting regulation for safety reasons, for human rights reasons, for whatever, and promoting innovation and a light touch, I just don't find these specific attacks on Anthropic to be especially persuasive when talking about their motivations. And other folks including on the right are making similar points. So I think Sam Hammond, who is the chief economist for the Center Right think tank, the foundation for American Innovation, wrote on X, quote, you're simply not going to convince me that Anthropic providing technical analysis on SB53 is a greater form of regulatory capture than Jensen Huang buying off the White House or Andreasen's arm length relationship with the White House leadership. And recall, right. That the type of thing that I assume Sam Hammond is talking about when he's making these claims about Andreas and Horowitz is the fact that Andreas and Horowitz had written this piece of about the interstate commerce clause and its relationship to state level AI regulation. And now we're seeing similar arguments being advanced in a White House executive order. So here's Sam Hammond, who's on the right, is aligned with the Trump administration as an anti state level regulation guy. He's anti state level AI regulation in most cases. But he also doesn't find the specific targeting of Anthropic to be especially persuasive.

A

And neither do I. Yeah, that's very interesting. Well, that's going to conclude today's episode thanks to those in our audience for listening. And Greg, thank you for walking us through quite a busy week in the AI Policy space.

B

Thank you Matt. It was a great conversation. Thanks for listening to this episode of the AI Policy Podcast. If you like what you heard, there's an easy way for you to help us. Please give us a five star review on your favorite podcast platform and subscribe and tell you your friends. It really helps when you spread the word. This podcast was produced by Sarah Baker, Sadie McCullough and Matt Mann. See you next time.