Luis Cosio

Proud to share I'll be a co-mentor at @MATSprogram for the Autumn 2026 cohort, working alongside @LisaThiergart on the @SL5TaskForce . MATS is one of the strongest talent pipelines in AI safety. Three months, real research with a mentor, on a problem that ships. Many scholars join their mentor's org afterward or spin out their own. Our stream is building SL5: security against priority nation-state attacks for frontier AI infrastructure. This year we're prototyping a real datacenter with frontier labs. The work needs people who can lead. Who we want: 3+ years security or infrastructure engineering Previously led a project with 2+ people on novel technical ground Comfortable in highly automated workflows (Claude Code, etc.) Strong Python or Rust, or excellent technical communication Bonus: TEMPEST, SCIF construction, or datacenter physical security experience. Apply by June 7. matsprogram.org/apply

We reported this prompt two days ago in PromptIntel! Have a look 👇 promptintel.novahunting.ai/prompt/85d492c…

Introducing Claude Fable 5: a Mythos-class model that we’ve made safe for general use. Its capabilities exceed those of any model we’ve ever made generally available.

what is agent looping for the last two years we prompted agents one task at a time. that is starting to change instead of asking an agent to build the landing page and then driving every step yourself, you set up a loop that handles discovery, planning, the work, checking, and iterating until the goal is met looping is a setup you build. almost any agent harness can run it, it just depends on how you wire it up at its simplest, looping is one agent working on itself: > researches > drafts > checks the draft against a goal > fixes what is weak > runs that cycle again until the work clears the requirements you are not prompting each step anymore. the agent repeats the cycle for you the bigger version is a fleet looping. you give an orchestrator agent a goal, it breaks the goal into pieces, hands each piece to a specialist agent, and those specialists hand smaller jobs to their own subagents the whole tree keeps looping through discovery, planning, execution, and verification until the goal is met one agent looping is like a person redoing their own draft. a fleet looping is a whole team running a project end-to-end you create a goal, and the system runs the loop until it finishes within the reqs you set open and closed looping: OPEN LOOPING is exploratory. it still has conditions and a goal, but you give the agent or the fleet a wide space to move in. it can try different paths, discover things, build something you did not fully spec out this is the exciting end, it is what Peter and others are doing, and tbh it is where I want to spend more time the catch is cost, an open loop with real room to explore burns an insane amount of tokens. for the 90 percent of people without an unlimited budget it is not runnable yet, and pointed at projects with a loose standard it turns into a slop machine CLOSED LOOPING is bounded. a human designs the end-to-end path first: > clear goal > defined steps > an eval at each step > a point where it stops or hands back to you (and feeds back performance data) the agents still loop, but inside framework you built. it gets better every run because each pass feeds the next, and it runs on a normal budget because the path is tight. for most marketing work, closed is the one that pays off today. > the orchestrator owns the goal > the specialists own the steps > the subagents do the narrow work > an eval gate make sure its not slop

a reminder that branding matters.

The UK is getting its own Sovereign Frontier AI Model! It is being trained on Isambard-AI and will run with no dependence on foreign infrastructure. The model, Lumen Sovereign, is being built by @CosineAI, one of the companies selected by the UK Government for its £500m Sovereign AI programme. The startup is working with leading big companies (such as Babcock, BT, Lloyds LSEG, NatWest Group, PwC) to help design it. Cosine was founded by @AlistairPullen and @yangli_ and its models have outperformed OpenAI, Anthropic, Mistral, and DeepSeek on independent coding benchmarks for two consecutive years. The model will be trained using compute provided by @UKSovereignAI! Amazing stuff @Jameswise, @SuzanneAshman, @KanishkaNarayan.

🚨 Applications for MATS Autumn 2026 close tonight (June 7 AoE)! Spend 10 weeks fully funded working with mentors from Anthropic, DeepMind, OpenAI, Redwood Research, SecureBio, and more. New this cohort: 🧬 Biosecurity 🚀 Founding & Field-Building Apply now: matsprogram.org/apply

Hoy durante la instalación del Comité Técnico de la Supercomputadora Coatlicue anunciamos que se construirá en la unidad Zacatenco del @IPN_MX. Con esta infraestructura se dará respuestas a problemas públicos y fortalecerá la soberanía tecnológica 🇲🇽. #BoletínDePrensa 👇 gob.mx/atdt/comunicac…

This is an insane paper and I love it arxiv.org/abs/2605.31514

Today: 1. AI CEOs call for mandatory DNA synthesis screening in a letter led by @IFP and @JoinFAI - screendna.org 2. @JanikaSchmitt and @jtmonrad published the grand strategy for actually securing the DNA supply chain -- the main barrier to bioweapons -- with a prioritized list of concrete interventions - ifp.org/how-to-secure-… Not only does the piece specify what to do to solve the problem, but it also includes a funding opportunity focused on it: form.typeform.com/to/lqql7lsP I can't imagine a higher calling than protecting humanity from biological weapons. If you feel similarly, check out their Launch Sequence piece above.

Our internal data shows Claude is accelerating AI development—a possible path to recursive self-improvement, or AI autonomously building a more capable successor. It’s happening faster than we thought, and the implications deserve greater attention. anthropic.com/institute/recu…

AI-powered computer worm, a self-replicating agent that reasons its way through a network instead of carrying a fixed exploit list. It steals compute from compromised GPU machines to run its own open-weight LLM, then uses weaker machines as relays for reach. In trials on a corporate testbed, it identified vulnerabilities, exploited systems, and launched replicas across Linux, Windows, and IoT targets. Every new infection can add more infrastructure while costing the attacker almost nothing. Patching one flaw no longer ends the threat, because the worm can operationalise fresh advisories, generate new attack logic, and keep adapting without a human operator. It is not a WannaCry-style worm with one baked exploit and one baked ransomware payload. It can adapt across many vulnerability classes it can discover and operationalise arxiv.org/pdf/2606.03811

This Executive Order is an important step in strengthening America’s leadership in AI. We look forward to collaborating with the White House to support its implementation. whitehouse.gov/presidential-a…

A Chinese company is now selling spray-on coating that makes drones harder for radar to detect, available in buckets and applied with a spray gun. What was once a classified military technology is now a commercial product sold by the kilogram. defence-blog.com/chinese-firm-s…

Streams led by: · @dewierwan_ (BlueDot) · @MikeMcCormick_ & @nickraushenbush (@HalcyonFutures ) · @gralston & @incredutility (Bio Action Plan) · @LisaThiergart & @luiscosio (@SL5TaskForce) · @AmmannNora (ARIA) · @RosieCampbell (@eleosai ) · @degerturann (@metaculus)

Three paths: → Founders: launch a new initiative (your idea or one of ours) → Field-Builders: own talent development and deployment within AI safety → Amplifiers: join an existing AI safety org to drive impact as it scales

AI safety needs to scale fast. MATS has trained 10 cohorts of top researchers, but high-impact orgs keep hitting the same bottleneck: more promising ideas than people to champion them, and funding outpacing deployment. This track exists to close that gap.

🚨 New for MATS Autumn 2026: the Founding & Field-Building track. A fully-funded track for founders, field-builders and amplifiers ready to launch and scale new AI safety initiatives. Apply by June 7 AoE ↓

Could an AI company lose control of its own agents? To find out, Anthropic, Google, Meta, and OpenAI let us (1) test their best internal models with CoT access, (2) review non-public info about capabilities, alignment, and control. The result: our first Frontier Risk Report.