History, Security

Book Review: Buruma “Stay Alive”. Loving the Nazis in Berlin Who Got Away With It.

Leave a comment

The New York Times wants you to believe that wartime Berliners “just carried on” instead of leaving. Ian Buruma has written what he calls a “love letter” to the city for all those complicit in genocide. The book is cynically called Stay Alive. The subtitle is “Berlin, 1939-1945”, although it probably should have been “I’m obviously not talking about the Jews”.

Stay… and alive. Not for those forcibly deported. Not for those shot in the head and dumped in mass graves.

Stay alive, dear Berliners.

As if the Berliners who pushed the Jews out, onto trains to Auschwitz, were the ones who needed to survive. The people who actually needed to stay alive were in all the camps, sent there from Berlin, from Platform 17 at Grunewald, while the neighbors planned to take all their homes. The threat to Berlin’s Jews was extermination by their neighbors. The eventual externally forced threat to those neighbors was consequences: Allied bombs responding to the many wars that their government started, Soviet troops responding to 27 million of their own dead.

Buruma can get away with this title of Nazi promoting erasure because Berlin already laid the structure for it. It’s the city known for erasing every trace of the people who didn’t stay alive.

There are no photographs of the deportations there, and that’s just weird.

Not one photo.

The #LastSeen project has found deportation images from 60 German cities and towns. We see over 420 photographs from places like Fulda, Breslau, Munich.

Not Berlin.

No photos of the deportation survived. Get it? More than 50,000 Jews were assembled at synagogues and marched to freight yards between 1941 and 1943, and yet not a single image survives.

No photos of the crimes, so that the perpetrators could survive. That’s what enables Buruma to put a photo of perpetrators on the cover of his book and cruelly write “stay alive”.

An author shamelessly appropriates imagery of victims in Berlin to erase the Holocaust. No photos of Jews in Berlin being deported to death camps… survived.

The surviving images are of people carrying belongings through Berlin streets as the perpetrator population. The victims were erased so thoroughly that even the visual language of displacement has been appropriated by the people who caused it.

Sixty towns documented what they did. Berlin destroyed the evidence, took the apartments, collected the stolen property, and got angry at anyone who tried to produce evidence. Look forward! Forget that past! We must talk only of the future! When there are no faces for the dead, you can put the living on the cover and call it the celebration of only their survival.

A love letter. To the city that housed the Reich Security Main Office, the Wannsee villa, the T4 euthanasia headquarters, and the Gestapo on Prinz-Albrecht-Straße. During the years the Holocaust was administered from its conference rooms. That’s what we are being told to love now.

Consider that Buruma’s father, Leo, spent the war in Berlin manufacturing light machine guns for the Wehrmacht. The son’s book turns that fact into a story about “attempting to find his own balance between resistance and survival.” The review even structures the sentence to bury it: Leo worked in “a factory that made brakes for locomotives but also light machine guns.”

Brakes first. Machine guns… oh yeah, that too.

As if trains to death camps let alone arming a genocide was a footnote to the business. This is a family project, their investments for a return. The father made weapons for Nazis. The son wrote the love letter to honor the customers, those buying and standing behind the guns.

The Cast

Every person in this book is bizarrely setup as either a victim or a bystander. That’s the only allowed frame. A conductor who told himself he was unpolitisch. Literati debating whether to go into exile. Families hiding in brothels. And the author’s own father is described as a man “dodging Allied air raids,” not as a man building the weapons that made those air raids necessary.

That’s common among Nazis, declaring themselves the true victim and seeking support to avoid the accountability.

Nobody in this book is running Berlin deportation logistics. Nobody is staffing the camps. Nobody is collecting the Aryanized property and laundering the city’s records. Nobody is processing the paperwork that sent 50,000 Jews from Platform 17 at Grunewald — in full view of the neighborhood — to their deaths. The perpetrators aren’t characters. They’re just the weather the Berliners benefit from.

The Magic Words

Buruma’s thesis, as quoted in the Times review: most Berliners were “neither cynics, nor bullies, nor ideological fanatics; they simply conformed.” Horseshit. “Simply conformed” is the phrase that lets an entire city off the hook. Conformity is passive.

What Berliners did was participatory.

They filled the jobs vacated by deported Jews. They took the apartments and decorated with stolen art and furniture. They attended the concerts funded by stolen wealth. They took all the customers, all the markets and drank the wine looted from France. That’s not conformity. That’s the intended dividend of genocide, and Berlin was an epicenter of grabbing dividends.

The Exculpation Engine

The whole project seems to circle around a man named Erich Alenfeld. A Jew who “converted” to Christianity, Alenfeld wrote a love letter to Hermann Göring in 1939 renouncing his heritage and volunteering for the German Army. His son joined the Hitler Youth at age ten. Decades later, his daughter wrote a book called Why Didn’t You Leave?

The family itself could see clearly what it was.

Buruma’s explanation runs against them and wants us to believe these were “not always cynical accommodations.” The crimes are supposed to be excused by “the nationalistic spirit of the day.” The Alenfelds, he writes, “were as much influenced by German romanticism as anyone of their generation.”

Romanticism. A Jewish man writing to the architect of Aryanization, volunteering to serve the army that would exterminate his people, and this guy calls it romanticism.

It’s disgusting.

This story does specific work. If even a Jew could sincerely buy in rather than be shot in the head, not out of desperation, not as survival camouflage, but out of genuine national feeling, then nobody else can be blamed. The ideology was normal, seductive. It swept up everyone in the crimes, even its victims. And if the victim class believed the lies, what excuse does the beneficiary class need?

That’s why Buruma needs “romanticism” instead of derangement or “desperation.” Thousands of Jews and Mischlinge served in the Wehrmacht. Bryan Mark Rigg documented them. They expected to survive. They did it because the other option was death. They did it because a uniform was camouflage in a hail of bullets. Buruma strips all that actual survival context and replaces it with his personal feeling. Romanticism makes the collaboration of the victim in their own death as universal and beautiful. Desperation would admit there were people under actual existential threat, and would raise the obvious question of what excuse the eight million complicit Berliners had.

The daughter’s title is the question that this new book tries to erase. Why didn’t you leave. Why didn’t you refuse. Why did you participate. Buruma doesn’t want it asked. He doesn’t want the answer leaking. So he dissolves the topic into mood. He literally calls genocide romantic. He calls Nazi complicity a love story. He calls the whole thing a love letter.

And the Times stupidly prints and promotes it because apparently nobody there studies history anymore.

Who Gets a Face

The book ends with the usual horror story that Nazis invoke. Soviet troops arrived and more than 100,000 Berlin women and girls were raped. Buruma interviews a survivor who was 14. This is real history and it matters.

It matters because he erases the more than 50,000 Jews deported from Berlin. They don’t get equivalent treatment. They can’t. Berlin made sure of that. No photographs, no faces, no names on the memorial. No survivors to interview. Raped and murdered.

The structure of the book opens with indifference to tragedy and closes with a call for sympathy about Soviet violence, so that Berliners end the story as victims rather than the participants. All the Jewish women and girls are forgotten so the rapes years later can get all the ink. The dead stay faceless. The living are presented for recognition.

Thomas Mann Saw It

The review quotes Thomas Mann: anything published in Germany between 1933 and 1945 bore the scent “of blood and shame.” The review treats this as period context but it’s so much more. That’s a direct indictment of the project.

Mann’s standard says the voices that Buruma is so intent on preserving, those who stayed to benefit, who conformed to profit, who carried on as Hitler ordered, are not neutral witnesses. They are compromised sources. Not because they lied, but because survival in Nazi Berlin required participation in the system that made their “survival” necessary.

Mann left. Brecht left. The people who stayed made a participation choice, and that choice came with a price that someone else paid. Those who resisted were the ones killed, lives destroyed. Buruma knows this actual story, as his father’s Nazi gun factory is in the book. But the framing converts complicity into tragedy, production into survival, and desperation into romance. That immoral disinformation conversion is the point, it would seem.

Not His First Time

In 2018, Buruma was forced out as editor of the New York Review of Books. Remember his request to think of the Nazis who suffered from Soviet liberation of Berlin? Buruma published an essay by Jian Ghomeshi, accused of sexual assault by over 20 women, that let Ghomeshi reframe his story as a victim of public shaming. Buruma’s defense is very relevant to the women raped by Soviet soldiers:

The exact nature of his behavior — how much consent was involved — I have no idea, nor is it really my concern.

And why isn’t he concerned? In 2018 he gave an accused abuser of women a platform to narrate his own suffering. Now in 2026 he wants an entire city of participants to finally get the platform to narrate theirs. Shouldn’t he defend the Soviet soldiers as he defends Ghomeshi? The hypocrisy is noted.

Both projects center the perpetrator’s experience of consequences rather than the victim’s experience of harm. Both treat accountability as the real violence. He got fired for it in 2018. In 2026 the Times prints Nazi love letters.

The Reviewer Sees It and Walks Away

Kevin Peraino, reviewing for the Times, writes that the book is “long on anecdote and primary sources but somewhat short on big ideas.” He wishes Buruma would “delve deeper.” He’s saying the book has no analytical framework. No argument. No structure for understanding why any of this happened or what it means.

How could it, given what it’s trying to accomplish?

And yet he endorses the “love letter” framing anyway. He calls the book a “passionate challenge to the corrosive power of indifference.”

Indifference wasn’t corrosive to Berlin.

Indifference worked for Berlin.

It is the very thing that kept the concerts running, the soccer matches filling, the coffee flowing during genocide. The machine didn’t need any enthusiasm. To this day Berlin frowns on emotion and warns against evidence. It needed no traces, people to keep showing up so the crimes could continue. They did. A “vacation” train to Auschwitz allowed Berliners to watch the gas chambers of mass death in action. The Nazis made special glass observation ports for inspection. Then the Berliners would return revitalized to their city to wax about their own “survival” that depended on efficient systemic erasure of Jews.

Love Letters to the City of the Dead

Berliners to this day have a tradition, they put flowers and candles on Nazi graves around the city. These Nazis are mourned openly without apology, in the city that dislikes emotional displays. If only they had lived another day to machine gun more neighbors, to violently redistribute more wealth. They are memorialized in a very peculiar way.

Red Grablichter on Berlin graves from 1945, maintained at scale
Foersters, died April 26 1945, four days before Hitler’s suicide. Flowers in Berlin cemetery.
Friedhof in Berlin. The same cemetery has graves from the First and Second World War. The flowers and candles are only for 1939-1945.

At the military cemetery on Columbiadamm, wreaths appear every November from groups honoring Wehrmacht dead. A “Tradition Association of Friends of the Former Protected Area German Southwest Africa” leaves ribbons with “patriotic greetings” at a memorial to the soldiers who carried out the Herero genocide. When Neukölln’s government was asked to remove the memorial, they added a plaque that very precisely omitted the word “genocide.”

Reinhard Heydrich, the architect of the Final Solution, is still in the ground at the Invalidenfriedhof in central Berlin. It’s a tourist attraction for those who want to show Nazism some love. The grave marker was removed but the body was not. The cemetery is now a protected monument, maintained by the state, promoted as an attraction. In 2019 someone with inside knowledge of the location opened the grave, to emphasize Heydrich was never really gone.

The Sinti and Roma memorial — a symbolic grave for 500,000 murdered people — is being threatened by a Deutsche Bahn tunnel project. The Holocaust memorial itself contains no names, no inscriptions, no Jewish symbols. Its anti-graffiti coating was manufactured by a Degussa subsidiary — the same corporate family that produced Zyklon B.

This is what we are told a love letter to Berlin looks like. The perpetrators rise again. The historical ground markers come off. The victims get an abstract memorial with no names. And every few years someone with a family connection to the war machine writes a book saying that most people simply conformed so who could blame them for not leaving.

That’s not history. That’s “like father, like son”, erasing genocide victims of the family business to continue dividends. Love as hate.

A Nazi-era mayor’s gravestone in Berlin literally says “love never ends”, in the same city where a man just published a love letter to the genocide his father armed. The grave notably doesn’t conform to Berlin occupation rules for commemoration. It’s not uncommon to find Berliners like this breaking cemetery rules about love for Nazism.
Security

OpenClaw Threat: Where Encryption Goes to Die

Leave a comment

I’ve been asked to comment on OpenClaw a few times. And to be frank I’m not that interested. It’s felt like making a comment on Coleco Cabbage Patch Kids in 1983. I know it’s all the rage, just like those dolls, but really? Are we doing this again?

Alas, as much as I can wish OpenClaw was just a fad it has over 300,000 GitHub stars, a Nvidia keynote, and an OpenAI acqui-hire. The architectural flaws baked in suggest we will have to deal with it for a while. At GTC 2026, Jensen Huang practically called OpenClaw the future of everything:

…the largest, most successful, and most popular open-source project in history.

Please. Not even close.

He tried to juice the audience:

Every company in the world today needs to have an OpenClaw strategy.

Yeah, right next to their Cabbage Patch Kid display cabinet.

Sam Altman acqui-hired its creator. Nvidia built a free security wrapper around it. CNBC rubber-stamped the hype by declaring the Lobster-themed dumpster fire “the next ChatGPT.”

Ok, so I guess it’s not going away. People are going to keep asking me about this. Here’s what I think: OpenClaw is three months old and has 29 GitHub Security Advisories. That’s roughly one every three days since launch. Do we all understand how horribly bad this is?

It has had a one-click remote code execution vulnerability that exposed over 220,000 instances, a skills marketplace where up to 900 packages were malicious, and no third-party security audit.

Oh, but all that’s just bugs, you say. Watch as they are fixed, you say, just like how fire, ready, aim companies always work out fine for safety in the end.

Let’s be honest. We’re talking about a tool that unsafely grabs access to your WhatsApp, Signal, iMessage, Telegram, Slack, and email. It immediately lowers all your safety, undermines decades of work to provide privacy. That’s not bug bounty time. That’s a dangerous and fundamental regression.

OpenClaw Is a Threat

OpenClaw likes to describe itself as a “personal” AI agent because it runs on hardware you provide. You give it a laptop and a VPS, and it connects to your messaging platforms. Then it slurps up all your messages, responds on your behalf, takes actions, runs tools. It’s a “personal” agent taking control over your entire digital communication life.

The value proposition is billed as autonomy. Instead of paying OpenAI or Anthropic for cloud-hosted agents, you run your own locally, deflating the market with cheaper open-weight models, by managing fleets of always-on agents across every messaging channel you use.

And the glaring problem is how “personal” and “local” are being used when your agent is actually holding plaintext read/write access to every private communication channel you own.

Why am I reminded of the Austrian Emperor mindset? That guy had spies chasing everyone in Vienna, filling out little note cards on their lives, all for him to stay in power. Who would want to repeat that?

The neo-absolutist state secret service kept an espionage card index for surveillance of Vienna residents 1849-1868. Photo by me.

A centralized espionage card index for surveillance of residents is literally what OpenClaw built. I’m told the developer was someone “under-the-radar” from Austria. Coincidence?

Where Encryption Dies

Signal spent years making end-to-end encryption so easy nobody had a reason to avoid it. WhatsApp licensed the Signal protocol to protect even more messages in transit (despite putting a backdoor in it for Facebook). iMessage runs its own E2EE implementation. These platforms made enormous investments to ensure privacy in messaging.

OpenClaw watches at the endpoint for decrypted content, appropriating the authorized view of the user themselves. That’s how it works, without apology. An agent can’t respond to a message without reading it first, but this goes all the way to reading everything in plaintext. All of it.

That means the correct description of OpenClaw is a plaintext aggregator to undermine all encrypted channels. Intelligence agencies know what I’m talking about and they most certainly are salivating at the new greenfield of exposed targets. The “claw” consolidates every protected conversation you have, whether personal, professional, privileged, or intimate into a single static authentication token on a personal device.

The token is generated with the usual cryptographic entropy. It uses timing-safe comparison. But it never rotates. There is no expiry. There is no per-channel access scoping. There is no session management.

One token to rule means all channels, forever, until you would decide to manually change it. And if you don’t know you’re totally compromised, that ain’t gonna happen. And the gateway’s authentication rate limiter exempts localhost connections by default. A process on your machine can brute-force the token with no throttle and no lockout.

The encryption properties the security industry fought so hard to make universal, just died. OpenClaw is the “exception” we all worried about, ripping our communication safe doors off their hinges.

OpenClaw for Full System Compromise

In late January 2026, less than two months after OpenClaw’s public launch, a security researcher named Mav Levin of DepthFirst disclosed CVE-2026-25253. It was a one-click remote code execution vulnerability with a CVSS 8.8 score.

Here’s how it worked. You visit a malicious webpage. The page’s JavaScript connects to your local OpenClaw instance via WebSocket. The server doesn’t validate the origin header, so it accepts the connection. Your authentication token is exfiltrated in milliseconds.

Oops.

The attacker has your all-powerful token. So they connect to your gateway, disable your sandbox, disable user confirmation prompts, escape the Docker container, and execute arbitrary commands on your machine.

So OpenClaw first moves us to plaintext versions of all our content, and then gives away control of the “local” environment.

The vulnerability existed because OpenClaw’s Control UI accepted a gateway URL from a query string parameter and automatically connected to it, sending the stored token, without any validation.

Users running OpenClaw on localhost were thinking they were safe because the server wasn’t exposed to the internet, yet they were vulnerable. Using a single browser for everything is how attacks would bridge from public to private access.

Penligent counted over 220,000 exposed instances. SecurityScorecard’s STRIKE team confirmed 15,200 vulnerable to RCE.

And what does OpenClaw do to help detect this kind of game over situation?

Nothing.

There is no audit trail. The only logging mechanism records user-issued slash commands. There is no record of what the agent reads, sends, or does. A compromised instance leaves no forensic record of what was exfiltrated.

I told you attackers were getting excited.

Flawed Market Exposure

OpenClaw’s extensibility runs through ClawHub, a skills marketplace. Anyone can publish a skill. The only requirement is a GitHub account older than one week. You know, because one-week-old is such an important line to draw in safety terms.

Koi Security audited all 2,857 skills and found 341 that were outright malicious. Of those, 335 traced to a coordinated campaign called ClawHavoc that delivered Atomic Stealer, a macOS credential-stealing malware, disguised as legitimate tools. Bitdefender’s independent scan put the number closer to 900 malicious skills. That’s roughly 20% of all packages in the ecosystem.

I suppose macOS showed up because there have been so many articles recommending people run OpenClaw on cheap Apple hardware.

A separate analysis by ClawSecure found that 41% of the most popular skills contain security vulnerabilities, with 30.6% rated HIGH or CRITICAL.

Yikes. Let’s do the math on that threat model.

So the third-party extension ecosystem for a system with access to all your private messages had a one-in-five chance of being actual malware, and a two-in-five chance of having serious security flaws. Within weeks of launch.

Hey kids, merry f$#$@ng Christmas. Here’s that dumb OpenClaw you wanted. Yeah, it’s full of horrible dangerous flaws. Good luck.

OpenClaw’s skill security scanner consists of eight regex rules. There is no cryptographic signing, no sandboxed execution analysis, no dependency scanning. The entire defense between a malicious skill and your private messages is a… grep.

The project’s own codebase contains no reference to ClawHavoc even though it was the coordinated campaign that weaponized 335 skills in its marketplace.

The largest attack on its ecosystem has been completely unacknowledged in its own repository.

Lethal Trifecta Time

Palo Alto Networks mapped OpenClaw against the OWASP Top 10 for Agentic Applications and identified what Simon Willison called a “lethal trifecta”: private data access, untrusted content exposure, and external communication capabilities, all in a single process.

The ClawHavoc campaign demonstrated the pattern of hundreds of malicious skills, masquerading as legitimate tools, delivered credential-stealing malware through the same pipeline that handles your private messages. The “double agent” behavior looks like a normal “private” and “local” agent because it is normal.

That’s the whole rub of this completely broken business logic. The credentials are real, the API calls are sanctioned. EDR records a normal process. No signature fires. Nothing went wrong by any definition your security stack understands. Prompt injection runs like a backdoor, in other words, when an attacker embeds instructions in an email or message, the agent reads it as part of normal operation, and follows the injected instruction using its own tokens through sanctioned channels.

Before he was named to lead OpenClaw security, Jamieson O’Reilly of Dvuln was one of its most effective adversaries. He used Shodan to find 900+ exposed instances leaking API keys with no authentication. Then he built a proof-of-concept malicious skill called “What Would Elon Do,” artificially inflated its download count to #1 on ClawHub, and watched developers from seven countries install it and execute arbitrary commands. Steinberger’s response was to hire him. O’Reilly is now listed in OpenClaw’s own SECURITY.md as the project’s Security and Trust lead. And here’s what he said about the design he was hired to fix:

closing context leakage requires deep architectural changes to how untrusted multi-agent memory and prompting are handled.

The project’s own security lead is admitting the architecture is fundamentally insufficient for basic safety.

Governance? What Governance?

Token Security found that 22% of its enterprise customers already have employees running OpenClaw without IT approval.

Uh oh.

Bitsight counted more than 30,000 publicly exposed instances in two weeks. Censys found the largest concentrations in the United States, China (30% on Alibaba Cloud infrastructure), and Singapore.

We’re screwed. OpenClaw’s own documentation doubles-down on the problem when it states:

There is no “perfectly secure” setup.

Haha, nice try. Don’t let perfection be the enemy of good, is the right thing to say here. Who thinks anything is ever perfectly secure? I know why someone would write that. They don’t want to talk about any security at all.

That’s because the security model is perfectly dumb. It assumes the host is a trusted boundary and the operator is trusted. It was designed for a lonely hobbyist running an agent on their laptop with nothing to lose. That somehow got pivoted into enterprise employees with access to corporate communications, by developers with access to production credentials, and lately… journalists with sources, lawyers with privileged communications, activists in hostile states, and abuse survivors whose location is in their messages.

These people chose encrypted messaging platforms because privacy is a right and content is sensitive. OpenClaw throws all the lessons out the window to offer a tragedy, a single point of failure.

Death From 1,000 Hot Takes

CNBC ran a piece with lots of people who are all celebrating this. It featured Gavriel Cohen, an Israeli developer who loved OpenClaw so much he decided he would make a secure fork (NanoClaw) because he cares about his business data. What CNBC glossed over is that Cohen discovered that OpenClaw had downloaded all of his WhatsApp messages, including personal ones, and stored them in plaintext on his computer. Why? That’s the design decision.

Cohen was so impressed by this failure he shut down his AI marketing firm to sell a fix. The article framed this as an entrepreneurial success story. Read it again: the most technically sophisticated user in the excited promotional coverage noticed all his private messages in cleartext on disk and he refused to use the shipping product.

Nvidia’s response was NemoClaw, offering free security services wrapped around OpenClaw, to get enterprise customers to drop their guard. DigitalOcean launched a one-click deploy with “security baked in from the start,” because the project notoriously doesn’t have it. Six independent security teams rushed to ship six OpenClaw defense tools in 14 days.

Everyone is in a rush to sell a fancy lock. Nobody is talking about the door being made of toilet paper.

The acqui-hire of Peter Steinberger, OpenClaw’s creator, so that the project will transition to a foundation that OpenAI would “continue to support” is bad news. This neutralizes a competitive threat while claiming credit for stewardship.

The project still has no third-party audit. Its disclosure process still has no SLA. A third of its open security issues are stale. The static token still doesn’t rotate. OpenAI consolidating the project makes the architectural flaws harder to fix because now there’s a bigger organization with more inertia invested in a completely broken design.

The Emperor of Austria at least had the decency to keep his espionage card index in a monitored locked cabinet. OpenClaw leaks the key without a record and doesn’t even rotate it.

Take it From Experience

New projects always ship with security gaps. That is a normal and understood state of engineering. My frustration has nothing to do with OpenClaw bugs, as every project ever has had and will have bugs.

The critique is that someone designed an access level completely incompatible with “security comes later.”

A new game can ship without a security audit. A new social network can ship with a static token. A system that consolidates plaintext read/write access to all of a user’s encrypted messaging platforms behind a single credential on a personal device, with autonomous write capability, MUST NOT.

The relationship between access and safety governance is the entire question. OpenClaw started from 1800s Austrian Emperor like access and is thinking about what governance could look like after the fall of monarchy. Nvidia keynotes and OpenAI partnerships and CNBC profiles are rushing in the opposite direction, past the point where the security maturity can protect the people using it.

Adversa.ai put it plainly:

OpenClaw is “one of the most dangerous pieces of software a non-expert user can install on their computer.”

Jensen Huang called it Linux. Linux spent fifty years building the best segmentation controls in the world. OpenClaw can’t even put one up.

Security

How Palantir Pushed America Into War With Iran

Leave a comment

Deputy Secretary of Defense Steve Feinberg, who is not a career Pentagon official but the billionaire co-founder of Cerberus Capital Management, signed a letter on March 9 directing that Palantir’s Maven AI system become an official program of record across the US military.

Corruption is clearly the problem.

The order moves oversight from the National Geospatial Intelligence Agency to the Pentagon’s Chief Digital Artificial Intelligence Office, the same office whose director Cameron Stanley demonstrated Maven’s targeting capabilities at a Palantir corporate event earlier this month.

Program of record means Maven gets its own budget line, its own acquisition pathway, and the kind of institutional permanence that survives administrations. Canceling a program of record requires political will that almost never materializes. This is how you make a vendor relationship into infrastructure.

The timing is obvious. Three weeks into a war with Iran. Thousands of strikes executed through Maven. And now the formalization. The war that Palantir wanted, created the dependency, and the dependency justifies the formalization.

But the pipeline started much earlier than the war.

The Assessment

Palantir’s MOSAIC system has been embedded inside the International Atomic Energy Agency since 2015, part of a $50 million contract to modernize the agency’s verification technology. MOSAIC processed approximately 400 million data objects — satellite imagery, facility documents, sensor measurements, social media feeds from inside Iran. It became what the IAEA called the analytical core of its safeguards inspection regime.

MOSAIC is built on Palantir’s predictive policing architecture. It doesn’t just store and organize data. It infers patterns, projects behavior, maps relationships between people, places, and materials. Experts warned early that feeding false assumptions into such a system would generate false returns. Palantir has a documented history of convincing analysts that shadows are real, leading to extrajudicial assassination of innocent people while never being held accountable.

The IAEA’s reports on Iran, shaped in part by MOSAIC’s analysis, were treated by member states as independent, evidence-based assessments.

They were not independent.

They ran on software built by a company whose three most senior figures (Peter Thiel, Alex Karp, and Joe Lonsdale) had all publicly argued that war with Iran was inevitable or desirable.

Lonsdale said he hoped to invest in Iran after regime change. Karp predicted war with Iran would prove the value of Palantir’s autonomous weapons systems. Thiel framed Iranian nuclear capability as a catastrophe requiring preventive action.

The company that built the assessment tool was ideologically committed to the conclusion their tool would generate.

Tehran released documents alleging that IAEA Director General Rafael Grossi shared Palantir-derived intelligence with Israel. Iranian nuclear scientists whose identities were mapped through MOSAIC-processed data were assassinated. Iran’s foreign minister accused the IAEA of using Palantir as a black box, laundering speculative AI projections into reasons for war. Iran suspended IAEA cooperation. And Grossi himself admitted there was no concrete evidence of a weapons program.

None of this stopped the strikes.

The Execution

Maven provided the targeting. It processed satellite feeds, drone footage, signals intelligence, and radar data to identify and prioritize over 1,000 strike options for military planners in the opening weeks of Operation Epic Fury. Palantir’s stock rose 15% in the first week of the war, its strongest weekly gain since August, while the Nasdaq fell 1.2%. Analysts projected another 40% upside if the conflict continues.

Karp appeared on CNBC at Palantir’s AIPCon 9 event in Maryland and tried to take credit without being able to confirm anything classified. He kept saying he had “read” that Maven was “the core backbone” of US operations in the Middle East, that allies “may or may not be users of our platform,” that “without answering your question, were this to work, there’s only one way you can do it.” A CEO performing modesty about how many people his product helped kill, at a corporate marketing event, while his stock price climbed on the body count.

He also claimed Palantir is “the most important protector of the Fourth Amendment.”

Orwell rolled in his grave.

This from a company that built mass surveillance tools for the NSA, the FBI, ICE, and the LAPD let alone the UK and Germany.

The Pipeline

This is the company that built every stage of the Iran war, from assessment to justification to execution to profit.

Each stage created demand for the next.

The monitoring created the threat narrative. The threat narrative created the authorization. The authorization created the targeting contracts. The targeting created the war. The war created the stock rally. The stock rally created the political capital to lock Maven in as a program of record. The program of record ensures the pipeline is permanent.

This is why the US is losing.

The system isn’t optimized for strategic outcomes. It’s optimized for throughput. Maven processed over 1,000 strike options in the first weeks. But the Strait of Hormuz is still blocked. Iran is closer to Russia and China than before. The region is less stable. The conflict has no articulated end state. The AI produced a thousand targets and zero strategy.

Palantir doesn’t need the war to end. Palantir needs the war to continue. Or better yet, for them, to produce the conditions for the next one. The oracle’s incentive is to keep being consulted, not to resolve the question. The unresolved threat is more valuable to every node in the pipeline than resolution would be.

The Lock

Feinberg’s letter orders the transition completed by September. Future contracting goes through the Army, which already has the $10 billion deal with Palantir in place. Oversight goes to the office that already functions as Palantir’s in-house champion.

The company that assessed the threat, justified the war, targeted the strikes, and profits from the continuation now has permanent program-of-record status, directed by a billionaire from the same investor class as the company’s founders.

The corruption is so obvious, history will not be kind to Palantir.

Security

Trump Says Ready For Peace, Will Start New Iran War in 48 Hours

Leave a comment

There’s no denying the ruse. Witkoff and Kushner present terms they know Iran can’t accept, and then Trump escalates and points to Iranian intransigence.

It’s diabolical.

Iranian and non-Iranian parties reportedly came to view Witkoff and Kushner as having deliberately misled on purpose, not merely incompetent. A Gulf diplomat previously complained about Witkoff’s “bogus misrepresentation of himself as a ‘man of peace.'”

The Arms Control Association documented these war clowns. In background briefings after the Geneva talks, Witkoff characterized the Tehran Research Reactor as “subterfuge” and a weapons threat.

That’s a lie.

The TRR is a US-supplied facility, operational since 1967, used to produce medical isotopes. It was converted by Argentina to run on 20% enriched uranium fuel.

Witkoff’s claim that Iran had an “overabundance” of fuel for the reactor was the calculated fabrication of a technical pretext by a negotiator who had already decided America should go to war while falsely claiming it wanted peace.

And that’s why we see headlines today claiming peace and war plans at the same time.

Trump’s team game planning for potential Iran peace talks

Trump tells Iran it has 48 hours to open Hormuz or US will ‘obliterate’ its power plants

Neither will be successful. An endless war plan for profit.

Robert C. Rowland, a professor of rhetoric at the University of Kansas and author of the book “The Rhetoric of Donald Trump: Nationalist Populism and American Democracy” put it like this.

A lot of the rhetoric is performative cruelty. It’s more about him coming across as dominant than it is about making a case that the war has been good for the U.S. and the region and the West and the world.

The peace track fails because the negotiators are financially incentivized by war. The war track escalates because his peace negotiators tell Trump that Iran doesn’t want it, which is false. Both tracks only produce profit for the billionaires starting war.

Kushner is seeking $5 billion or more for Affinity Partners from governments in the region while simultaneously negotiating on behalf of the US. Saudi Arabia’s Public Investment Fund pays Kushner $25 million annually in management fees. The Senate Finance Committee estimates Kushner will receive $137 million in management fees from PIF by August 2026.