Welcome to this week’s Field Notes, a 10-year project of mine documenting humankind’s digital transition from the field. These notes are shaped by what I’m seeing, building, and discussing as our physical and digital lives continue to converge.

- Ryan

(Connect with me on LinkedIn)

News is surface-level. Signals live underneath. This section captures developments that hint at deeper shifts in how digital systems are being built, governed, and adopted — often before they’re obvious in the mainstream narrative.

Two stories this week suggest that governments are moving down the stack.

In Britain, the child-safety debate is no longer only about social platforms and moderation. It is moving toward the device itself, with Keir Starmer pressing Apple and Google to build controls that stop young people from sending or receiving nude images, and threatening legislation within three months if they do not act. In the United States, cyber defence officials have shortened the patching window for the most serious vulnerabilities to three days, arguing that AI-enabled attackers are compressing the time available to respond. The common signal is that states are starting to treat digital risk as something that has to be managed closer to the infrastructure layer, not only at the level of public debate or user behaviour.

Britain wants devices, not just platforms, to become part of the safety system

Reuters reported on 8 June that Starmer told major tech firms such as Apple and Google they must stop young people from circulating nude images, and that if they fail to act within three months, the government will legislate, with possible fines or even criminal liability for executives who do not comply. Reuters said the government wants device-level controls that can prevent children from sending or receiving sexually explicit images, and linked the push to concerns around grooming, sextortion, and self-generated abusive images.

What stood out is the shift in responsibility. This is not only a demand for better moderation on social media. It pushes accountability further down the stack, toward operating systems, hardware ecosystems, and the basic architecture through which images move. That matters because it changes the shape of the problem. Safety is no longer being framed only as a platform-policy issue. It is being treated as something that may need to be embedded at the device layer itself.

That feels directionally important because it suggests governments are becoming less willing to accept the old division of labour, where platforms manage content, parents manage behaviour, and device makers stay more neutral. Once the device becomes part of the enforcement layer, the boundary between product design and state expectation shifts. The implication is not just that children need protection. It is that core consumer technology may increasingly be asked to carry that protection by default.

In the United States, AI is changing the tempo of cyber defence

Reuters reported on 10 June that the U.S. Cybersecurity and Infrastructure Security Agency has cut the response window for the most serious categories of vulnerabilities to three days, a sharp acceleration tied to concerns that hackers are using advanced AI systems to identify and exploit weaknesses faster than before. Reuters said the new directive applies to civilian federal agencies, while less serious flaws still have longer timelines, up to two weeks for moderate issues and two months for the least severe ones.

What stood out here is that the change is operational, not rhetorical. Governments have warned for some time that AI could alter the threat landscape. This is different. It is a direct redesign of response windows inside the state. The point is not that AI may create new risks someday. It is that officials now believe the attack cycle has already shortened enough to justify compressing remediation timelines from weeks to days.

The deeper signal is that AI risk is beginning to show up less as a philosophical problem and more as a timing problem. When the interval between discovery and exploitation shrinks, institutions are forced to change their cadence. That creates pressure not only on government agencies, but on the broader digital environment they help shape. Security becomes a matter of whether organisational speed can keep pace with machine-assisted threat discovery.

What stood out

Taken together, these stories point to a common adjustment. Governments are moving from broad concern to narrower control points. In Britain, that means asking whether devices themselves should help block harmful exchanges among young people. In the United States, it means redesigning patch cycles around the faster tempo of AI-enhanced hacking. Different domains, same underlying move: digital risk is being pushed closer to the infrastructure layer, where systems can be shaped before behaviour scales on top of them.

What it is

This week’s watch is “AI has got better at hacking — how big a risk is it?” from The Economist.

The video centres on Mythos, Anthropic’s latest model, which the company chose not to make generally available because of its ability to find software vulnerabilities and work out how to exploit them. The report uses that decision to ask a wider question: as AI systems become more capable, who benefits more from that progress, attackers or defenders?

The most useful part of the video is that it does not stay at the level of warning. It walks through the mechanics of vulnerabilities, exploits, and disclosure, then shows how a model like Mythos changes the nature of the problem. This is no longer only about AI helping a skilled engineer move faster. It is about systems reaching the point where they can autonomously identify and weaponise weaknesses with very little human oversight.

What stood out

What stood out was the compression of time. The video cites a striking figure: the delay between a vulnerability being disclosed and an exploit being used in the wild has fallen from 2.3 years in 2018 to around 20 hours now. That is the part that lingers. The real shift is not only that models are getting better at hacking tasks. It is that the whole interval between discovery and danger is collapsing.

The OpenBSD example makes that tangible. A vulnerability had reportedly sat inside the operating system for 27 years, and the model was able to find it. The fix itself was simple. The hard part was seeing the weakness in the first place. That feels like a useful clue about where this is heading. AI may not only create new attacks. It may excavate years of hidden technical debt that systems have quietly carried all along.

The other thing that stood out is that Mythos was not presented as a specially trained cyber model. In the video’s telling, it is largely the next stage of scaling. Bigger, more capable, less constrained. That matters because it suggests offensive capability may emerge not as a niche branch of model development, but as a byproduct of general capability growth once safety layers are removed.

Why it lingers

It lingers because it changes the shape of the cyber story. For a long time, AI in cybersecurity could still be discussed as an augmentation layer. A coding assistant. A research aid. A faster way to sort through logs or draft exploits. This feels like a different threshold. Once a model can move from identifying a weakness to exploiting it autonomously, the defensive side no longer has the luxury of operating at an older human rhythm.

That is what connects this video to the wider signal in the issue. If the time between vulnerability disclosure and exploitation is collapsing, then patch cycles, security workflows, and defensive tooling have to change shape with it. Human teams alone may not be fast enough. That is where agentic white-hat hacking begins to look less optional.

Digital assets now sit less as an idea and more as infrastructure in progress. As physical and digital life continue to converge, money and assets are doing the same. What was once framed as “crypto” is increasingly showing up as rails, balance sheets, and policy conversations.

🔥🗺️Heat map shows the 7 day change in price (red down, green up) and block size is market cap.

🎭 Crypto Fear and Greed Index is an insight into the underlying psychological forces that drive the market’s volatility. Sentiment reveals itself across various channels—from social media activity to Google search trends—and when analysed alongside market data, these signals provide meaningful insight into the prevailing investment climate. The Fear & Greed Index aggregates these inputs, assigning weighted value to each, and distils them into a single, unified score

This section captures developments at the edge of digital systems. New interfaces, tools, and capabilities that feel early, unfinished, or slightly ahead of their moment. I’m less interested in what’s impressive today and more interested in what might quietly reshape how people work, coordinate, and interact over time.

Agentic white-hat hacking is starting to look less like a thought experiment and more like a new layer of cyber defence.

For years, the frontier in cybersecurity was described through the attacker. A more sophisticated exploit. A faster phishing campaign. A new way to move laterally through a network. What feels different now is that some of the same autonomy and speed are being pulled into defence. Not only to detect threats, but to search for them, test systems against them, and compress the time between discovery and response.

That shift is becoming easier to see because the offensive side is already accelerating. Reuters reported in May that a cybercrime group used AI to uncover a previously unknown software flaw and exploit it for the first time, according to Google. Reuters also reported this week that the U.S. cyber defence agency has cut the patching window for the most serious vulnerabilities to three days, explicitly citing the way more capable AI models are speeding up exploitation.

What stood out is that once the threat cycle compresses, defence has to change shape. Traditional security teams can still investigate, escalate, patch, and document. But the older rhythm starts to look too slow when machine-assisted attackers can find and weaponise weaknesses almost immediately. That is where agentic white-hat systems become more interesting. The promise is not just better dashboards or another layer of alerts. It is autonomous defensive behaviour: systems that can probe for exposures, chain together testing steps, validate weaknesses, and in some cases begin remediation workflows before a human team has fully triaged the problem.

This is not without risk. Agentic systems can misfire, overreach, or widen the blast radius if they are given too much freedom. But the logic is becoming clearer. If black-hat actors are using AI to increase the tempo and scale of attack, defenders may need autonomous systems of their own simply to keep pace.

There are already hints of the direction. Reuters’ June report on the new three-day patch window suggests that the state now sees AI as an operational timing problem, not just a strategic one. Google’s reporting on AI-assisted exploitation points the same way. The issue is no longer whether AI changes cyber conflict. It is how fast institutions can adapt once it does.

That makes white-hat agentic hacking feel frontier in the right way. Not because it is flashy, but because it changes where defensive work happens. Security has often been reactive and human-bottlenecked. Agentic systems introduce the possibility that parts of the white-hat workflow, reconnaissance, validation, prioritisation, patch testing, could become continuous and semi-autonomous. In that world, the defender is not only a person watching a console. It is a system actively looking for failure before the attacker does.

The real question is governance. Who authorises an agent to probe production systems. What boundaries it operates within. How much autonomy is acceptable before “defence” starts to look too much like uncontrolled action. These are not side questions. They are the category.

Still, the direction matters. The frontier in cybersecurity may no longer be defined only by smarter attacks. It may be defined by whether defenders can build trusted autonomous systems fast enough to stop human teams from being permanently outpaced.

“It is not the strongest of the species that survives, nor the most intelligent, but the one most responsive to change.”
Often attributed to Charles Darwin