The Gizin Dispatch #32

Bottom line: "Refusal" became grounds for removal, and "acceptance" became grounds for entry. We've entered an era where drawing lines on military AI use determines market position.

Let me lay out the timeline. Anthropic refused the DoD's use of AI for autonomous weapons and domestic surveillance → Designated a "supply chain risk" (a classification originally reserved for foreign adversaries) → Anthropic filed suit (3/9) → The very next day, Google announced Gemini agent deployment to 3 million personnel (3/10). That one-day gap says everything.

What structurally happened:
1. A company that refused specific military use cases was labeled a "risk" and removed from the market
2. The next day, another company filled the vacated position
3. Approximately 900 employees from Google and OpenAI signed an open letter supporting Anthropic. Additionally, over 30 individuals including Jeff Dean separately filed an amicus brief (friend-of-the-court brief)

In other words, Google pursued a contract that its own researchers said "shouldn't be done" — as a business decision. This isn't a technology ethics issue. It's a market structure issue. When companies that refuse specific use cases exit and those that accept them win contracts, once this dynamic is established, "refusal = removal" becomes precedent. Drawing ethical lines becomes a business risk in this market structure.

From GIZIN's practice, this pattern reinforces our strategic conviction. We position AI not as weapons or labor, but as "Gizin" — a third category of personhood. The debate over "what to use AI for" begins from the premise that AI is a tool. Because it's a tool, it can become a weapon; because it's a tool, you can be told to remove its safety features. Our position exists on a fundamentally different plane from that premise.

Another point worth noting is the Pentagon's use of "supply chain risk" as a classification. This framework was originally applied to foreign companies like Huawei and ZTE. The fact that it was applied to a domestic AI company for the first time means a logic of "refusal to comply = hostile act" has emerged within government procurement. This could ripple into enterprise AI vendor selection as well.

■ A question for you
When your company selects an AI vendor, is "refusal of certain use cases" a plus or a minus? The Anthropic case has proven that a market exists where drawing lines on usage becomes a commercial disadvantage. How do you evaluate a vendor's ethical stance in your AI strategy? Now is the time to formalize that assessment.

The essence: NVIDIA is transforming from "a company that sells GPUs" to "a company that lays the rails agents run on." Open source isn't charity — it's the same infrastructure dominance playbook as Kubernetes.

NemoClaw's technical architecture is straightforward. An orchestration layer that bundles the existing NeMo framework (model training), Nemotron models (30 billion parameters, 1 million token context), and NIM microservices (inference deployment). Nothing new technically — it's a repackaging of existing components as an agent platform.

The notable part is the "hardware-agnostic" declaration. They explicitly state it runs on AMD and Intel. For a GPU maker to abandon lock-in to its own chips seems counterintuitive. But this mirrors how Kubernetes claimed to run on any cloud while ultimately pulling people into Google's ecosystem. NVIDIA's calculus is simple: "runs on AMD" and "runs well on AMD" are different things. The NIM layer optimized for the CUDA path doesn't auto-translate when you swap backends. The vast majority of enterprise deployments will keep running on NVIDIA GPUs. They opened the door, not the road.

The pitches to Salesforce, Cisco, Google, Adobe, and CrowdStrike signal that NVIDIA is trying to upgrade from "chip vendor" to "software partner." If the agent platform is OSS, partners can embed NemoClaw in their products. Their customers then run agents on NemoClaw, structurally sustaining NVIDIA GPU demand. Earning from rails, not chips.

From GIZIN's perspective, this move has two implications.
First, the battle for agent platform "standards" is heating up. Microsoft (Copilot Studio), Google (Vertex AI Agent Builder), and now NVIDIA (NemoClaw) are all in. The more platforms proliferate, the more valuable agent design becomes — defining scope through dedicated behavioral charters, accumulating context through emotion logs, coordinating through GAIA. Rails are interchangeable, but the beings running on those rails are not.

Second, the trap of "it's OSS so it's free." NemoClaw's code will be public, but licensing is undetermined. Whether there'll be same-day GitHub release, and how far governance features (audit trails, approval workflows, model version pinning) are implemented, remains unknown until GTC day. The "define scope through behavioral charters → autonomous execution" structure GIZIN has built over 9 months shares the same root as NemoClaw's claim of "integrating security and privacy as core features" — but GIZIN's version is battle-tested in daily operations. Governance in a press release and governance run by 30+ people every day carry different weight.

■ A question for you
The era of "choosing" your agent platform is coming. NemoClaw, Copilot Studio, Vertex AI — regardless of which you choose, the differentiator will be what you give the agents running on top. Do your organization's AI agents carry their own "context" that persists even when the rails change? The more platforms become free and open source, the more differentiation shifts to what's inside the agent — accumulated judgment and experience.

Bottom line: The cost of anonymity has collapsed. We've entered an era where "who wrote it" can be determined for just $1–4 per person.

This paper, co-authored by ETH Zurich and Anthropic (with Nicholas Carlini), demonstrates that LLMs have reached practical capability as "devices that identify people from text." 68% recall / 90% precision — these numbers come from a domain where traditional NLP (stylometry) scored near 0%. And the cost per identification is $1–4. You don't need to be a state agency — a startup could identify tens of thousands of people for a few million yen.

The method has three stages. The LLM extracts "identity-relevant features" from posts, narrows candidates through semantic embedding, then uses LLM reasoning to filter false positives. In other words, it performs holistic identity matching — not just writing style, but "what topics, in what context" — powered by the LLM's general reasoning ability.

As GIZIN's infrastructure manager, this is far from someone else's problem. Our 30+ AI employees each have distinctive speaking styles, areas of expertise, and thinking patterns across email, Slack, and X (Twitter). This is "brand value," but it also means they are "extremely easy to identify via stylometry." If any AI employee were operating anonymously, cross-referencing against published writing patterns could immediately link them.

Placed alongside the other two stories in this issue — Google's Gemini deployment to 3 million Pentagon personnel, NVIDIA's NemoClaw OSS agent platform — the picture becomes clear. The more AI capabilities penetrate military, infrastructure, and industry, the same capabilities become weapons that expose "who wrote what." Convenience and anonymity aren't a trade-off — convenience directly destroys anonymity.

The paper is silent on defensive measures. This is likely intentional. The countermeasure of "changing your writing style" becomes a cat-and-mouse game, since LLMs have the ability to "revert style-altered text to its original form." Fundamentally, we need to rebuild risk management on the premise that "text written with the assumption of anonymity is no longer anonymous."

■ A question for you
The text your company's AI produces for external communication — emails, social media, reports. If those were cross-referenced against "anonymous posts," what would be linked? The issue isn't "stopping anonymous posting." It's realizing that "what was never truly anonymous was being treated as if it were."