The surest indicator that China has built something genuinely valuable in AI is not a five-year plan or a state media editorial. It’s a prohibition. When Beijing blocks a Western acquisition, it functions as an unintentional authentication service — we know the value of our technology versus yours, and you can’t have it.

The Meta-Manus decision is that signal. And the history behind it fills in the gaps left by the one-line statement from China’s National Development and Reform Commission.

I. The Manus Block as Evidentiary Signal

China’s National Development and Reform Commission — the country’s top economic planning agency and China’s functional equivalent of CFIUS — issued a single-line statement prohibiting a foreign acquisition of Manus and requiring all parties to withdraw from the deal:

“The office in charge of foreign investment security review (NDRC) has decided to block the foreign acquisition of the Manus project and require the parties to unwind the deal.”

What made that terse statement remarkable was what accompanied it behind the scenes. The decision was elevated beyond economic regulators to China’s National Security Commission — the Communist Party body chaired by Xi Jinping that oversees national security strategy at the highest level. Chinese officials reviewing the acquisition reportedly described it as a “conspiratorial” attempt to hollow out the country’s technology base. Not “unfair competition.” Not “regulatory concern.” Hollowing out. That conveys the essence of China’s concern: that home-grown technological advancements in a domain with national security implications will be transferred to the West.

Meta, meanwhile, seemed to be addressing a different concern — that of the U.S. government rather than the Chinese government. The company committed that there would be “no continuing Chinese ownership interests in Manus” and that the startup would shut down its operations in China entirely. This suggests Meta was concerned about the wrong issue and the wrong government. Beijing’s response was to look past the corporate structure entirely and rule based on the underlying reality: the IP, the talent, and the data were Chinese in origin, and no Singapore registration address was going to change that.

II. The Singapore-Washing Gambit — and Why It Failed

In July 2025, Manus announced it had relocated its office from Beijing — where it was founded — to Singapore. This is a well-worn path for Chinese technology companies seeking to distance themselves from their country of origin. There are four principal benefits:

• Easier access to Western investment capital

• Access to Nvidia H100/H800 GPUs blocked under U.S. export controls

• Singapore’s 17% corporate tax rate and English-Mandarin bilingual workforce

• Escape from China’s 2023–2024 VC environment, where founders cited months-long diligence cycles

Beijing’s intervention in the Manus deal sent a message to every founder who was watching: the model doesn’t work. China’s state-run Global Times made the doctrine explicit, arguing that the key issue is not where a company is registered or where its team is currently based — what matters is “the extent of its technological, talent and data links with China,” and most importantly, “whether the transaction could harm China’s industrial security and development interests.”

Beijing’s position is that the IP travels with the people and the data, not the registration address. Tech founders and venture capitalists who had been structuring deals around the Singapore-washing model found themselves looking at a landscape that had fundamentally changed overnight. Beijing had drawn the line not at corporate structure but at technological substance, and it had made clear it was prepared to use exit bans and regulatory reversal to enforce it.

III. The Historical Arc — From Courtship to Closure

Nothing about this is new. It’s the natural evolution of a strategy that has been running for thirty years.

Phase One: The Open Door (Late 1990s–Early 2000s)

In the late 1990s, China was running what amounted to the world’s largest technology acquisition program — and it was entirely legal. The bait was irresistible: a billion-person market, a generation of cheap PhDs, and tax incentives structured to make Western CFOs look like heroes. Microsoft, Dell, Oracle, IBM, Hewlett-Packard — they all came. Beijing wanted their R&D centers on Chinese soil, their engineers training Chinese counterparts, and their codebases within reach.

What made this machine run was the joint venture requirement. Multinational firms seeking to conduct foreign direct investment in China were required to form legal business relationships with domestic Chinese partners, with explicit technology transfer obligations that severely curtailed the rights of the foreign IP holder. The foreign firm transferred proprietary methods, designs, and know-how to the joint venture entity. That was the price of admission to the world’s largest market.

The U.S. Trade Representative later characterized it as “administrative review and licensing processes to force or pressure technology transfers from American companies” — a practice that had been baked into doing business in China since the early 1980s. The Western firms that entered accepted the terms and bet that market access was worth the cost. They were subsidizing their own eventual displacement.

Phase Two: Absorb and Innovate (Mid-2000s–2014)

China’s own framing for this period is instructive. Beijing-based Teamsun, which received technology transfers from IBM, declared its corporate strategy openly: “absorb and then innovate” — close the capability gap with the foreign partner, then replace them. That phrase is as close to an official doctrine as you’ll find stated in plain language, and it applied across sectors: auto manufacturing, pharmaceuticals, telecommunications, semiconductors, and software.

The knowledge transfer wasn’t purely transactional. It moved through laboratories, through graduate programs, through the daily friction of joint operations. What couldn’t be absorbed through proximity was taken through other means. China’s commercial espionage targeting during this period was neither random nor opportunistic. It followed China’s five-year industrial acquisition priorities almost exactly.

Phase Three: The Legal Architecture of Control (2014–2017)

Around 2014, the posture shifted. Beijing began building a legal architecture that signaled the extraction phase was ending. The Counter-Espionage Law (2014), National Security Law (2015), Cybersecurity Law (2016), and National Intelligence Law (2017) each expanded state control over foreign firms’ operations in China. The 2015 law required all information systems in China to be “secure and controllable” — meaning every company, foreign or domestic, had to provide the government with source code, encryption keys, and backdoor network access.

The HP case from that same year illustrates the dynamic. In 2015, Hewlett-Packard sold 51% of its China networking and server operations — a $4.5 billion business — to an arm of Tsinghua University. China’s restrictions on foreign technology vendors had made HP’s position untenable without concessions. IBM, the first major U.S. tech company to comply with the “secure and controllable” requirements, began delivering technical knowledge about high-end servers to Teamsun — the same partner that had declared its intention to replace IBM in the Chinese market entirely.

Phase Four: The Trigger Point (2017)

The publication of China’s New Generation Artificial Intelligence Development Plan in July 2017 was the line of demarcation for AI specifically. Rather than continuing to solicit Western expertise, the plan called for “indigenous innovation” — a formal declaration that the absorption phase was over and the generation phase had begun. It explicitly fused civilian AI development with military applications through civil-military integration doctrine. That fusion is the direct line between 2017 and the 2026 Manus decision.

The Pattern

Invitation → extraction → absorption → legislation → exclusion

In telecommunications, the welcome mat disappeared when Huawei emerged as a global competitor. In auto manufacturing, the joint venture requirements were formally removed in 2022 — widely viewed as a victory for foreign firms — but by then Chinese EV manufacturers had already overtaken the Western firms that trained their engineers. In AI, the welcome mat didn’t disappear quietly. Beijing pulled it back in public, with a one-line administrative order that named the thing it was protecting.

IV. The University Rankings as Structural Evidence

The Manus decision reflects a Chinese AI ecosystem that has reached genuine capability — not just in specific applications, but at the foundational research level that produces next-generation breakthroughs. According to CSRankings — a metrics-based assessment of the world’s leading computer science universities — all of the world’s top ten AI universities between late 2025 and early 2026 are in Asia, with China holding eight positions including the top seven. The United States contributes two universities to the top twenty.

Tsinghua University has produced more of the world’s 100 most-cited AI research papers than any other institution, and generates more AI-related patents each year than MIT, Stanford, Princeton, and Harvard combined. Peking University topped a global list of institutions ranked by AI research output since 2022. Chinese institutions took five of the top ten spots in 2024 publication rankings.

The pipeline matters as much as the current output. China graduated 3.57 million STEM students in 2020 compared with 820,000 in the United States — a figure state media now reports may exceed five million annually. That pipeline is producing frontier-level work domestically rather than exporting it to American universities and corporations.

DeepSeek is the illustration. Its founder, Liang Wenfeng, graduated from Zhejiang University. His team is composed almost exclusively of Chinese nationals fresh out of Tsinghua and Peking University — not returnees from American institutions, not veterans of OpenAI or DeepMind. Domestic talent, trained domestically, producing a model that rattled the American AI establishment at launch.

When Meta announced its Superintelligence Lab, all eleven founding researchers were educated outside the United States — and seven were born in China. America’s most ambitious AI initiative was built substantially on Chinese talent. Beijing watched that dynamic and decided the outflow had to stop.

V. Beijing’s Veto Is the Tell

Analysts have spent years debating whether Chinese AI capability is genuine or derivative — whether DeepSeek’s efficiency gains represent true innovation or clever optimization of borrowed foundations, whether the rankings mean what they appear to mean. Beijing just answered that question, not in a think tank paper but by issuing exit bans on two engineers and blocking a deal at the National Security Commission level.

“China is showing the world that it is willing to play hardball when it comes to AI talents and capabilities, which the country views as a core national security asset,” according to Lian Jye Su, chief analyst at Omdia. The acquisition ban, he noted, is “strongly indicative of what Chinese authorities may do going forward regarding acquisitions involving Chinese deep-tech companies.”

The machinery China deployed — regulatory reversal, travel restrictions, NSC elevation — is reserved for assets it cannot afford to lose. If Manus’s technology were replaceable, Beijing would have let Meta have it.

Jeff Caruso is the Founder and Managing Partner of the Whitefish Security Summit, which he co-organizes with Mick Mulroy, former Deputy Assistant Secretary of Defense, and CDR Eric Oehlerich USN (Ret., DEVGRU). He founded the Suits and Spooks conference in 2011 and publishes national security analysis at InsideCyberWarfare on Substack.

Singapore has a long history of being a convenient place for both Russian and Chinese companies to set up their global or regional headquarters. For AI companies like Manus, it offers the following specific benefits:

• It’s easier for Chinese startups based in Singapore to attract Western investment capital

• Access to Nvidia H100/H800 GPUs blocked under US export controls

• Singapore’s 17% corporate tax, English-Mandarin bilingual workforce, and Southeast Asia market access

• Frustration over China’s 2023–2024 VC environment (Tabcut founders cited months-long diligence)

While the Manus AI acquisition by Facebook is the latest example of this trend, I’ve identified thirteen other examples since 2023 that are contained in the downloadable spreadsheet, including hyperscale data center giant DayOne (spun out of GDS Holdings with nearly $4 billion raised), AI-for-pharma leaders Deep Intelligent Pharma and ChemLex, Temasek-backed enterprise AI platform Whale, conversational AI veterans Wiz.ai and AI Rudder, Tencent-pedigreed video generation startup Video Rebirth, AGI research outfit Sapient Intelligence, Vue.js creator Evan You's developer-tools company VoidZero, ex-Ele.me founders' consumer AI bet Orion Arm (Toki and Syft), e-commerce video tool TopviewAI, the Bloomberg-famous "Singapore-washing" poster child Tabcut, and the cautionary tale Megaspeed, now unraveling under US, Singaporean, and Malaysian investigations into alleged Nvidia GPU smuggling.

China To Singapore Startups

15.5KB ∙ XLSX file

Download

Download

Russian firms who have moved to Singapore for some of the same reasons include Yandex, Acronis, and Group-IB.

The bombs had already fallen. It was the evening of April 1st — the day before the 2026 Whitefish Security Summit was set to open — and it was unmistakably clear that the event could not proceed as if the world hadn’t just changed. The question wasn’t whether to address it. The question was how fast we could do it right.

This is the kind of moment that exposes the difference between a conference and a convening. Most events would have scrambled, apologized, and added a panel for next year. We had a panel on the floor of WSS 2026 within hours — credentialed, contextual, and substantive.

The ability to do this isn’t luck. It’s the whole architecture of what we’ve built.

Nancy Youssef, national security correspondent and one of the most respected voices on U.S. military operations, joined remotely as moderator. Colby Connelly of Energy Intelligence provided the energy economics lens — critical context given Iran’s position in global oil markets and the downstream consequences of any sustained campaign. On the ground in Whitefish, we had Mick Mulroy and Eric “Olly” Oehlerich of the Lobo Institute, both of whom have operational histories in that region that few in any room could match. And seated with them: Tony DeMario, EVP at Strider Technologies, whose CIA career included a posting as Chief of Operations for Iran andCounterterrorism.

Put that panel together on a stage anywhere else in the world on 24 hours’ notice and it would be considered extraordinary. At WSS, it was Tuesday.

Panel — assembled in under 24 hours

Nancy Youssef National security correspondent, The Atlantic — Moderator, Remote

Colby Connelly Senior Analyst, Energy Intelligence — Energy Economics, remote

Mick Mulroy Co-founder, Lobo Institute — former Deputy Asst. Secretary of Defense; CIA Paramilitary Officer

Eric “Olly” Oehlerich Co-founder, Lobo Institute — Commanding Officer, DEVGRU Squadron Two
U.S. Navy (Ret.)

Tony DeMario EVP, Strider Technologies — former CIA Chief of Operations, Iran & Counterterrorism (Ret.)

The panel ranked in the top three of the entire summit in post-event attendee surveys. That outcome didn’t surprise us — but it confirmed something important. The practitioners in that room weren’t looking for analysis they could find on cable news or in a think-tank PDF. They were looking for the conversation that happens between people who have actually operated in that space. The panel delivered exactly that.

The WSS model is built on a simple but hard-to-replicate premise: when you spend years cultivating genuine relationships with the people who matter — the operators, the intelligence officers, the energy economists, the defense policymakers — you can call on them when the moment demands it. Not in six weeks. Not after a program committee review. Now.

National security doesn’t pause for event calendars. The Whitefish Security Summit was designed with that reality in mind. What you saw on April 2nd is what that design looks like under pressure.

Thank you to our 2026 sponsors, who all believed in our mission and whose support made panels like this one possible: Strider Technologies, Red5, Helio Risk, Ledlow Security Group, 5 Stones Intelligence, Acorn Capital Management, IN Network, and Four Branches Bourbon.

WSS 2027 opens February 24th in Whitefish, Montana. Theme: Rings of Disruption — The 2027 Threat Landscape. Sponsorship and attendance inquiries are open now.

Learn More

On April 7, 2026, Anthropic unveiled Claude Mythos Preview under Project Glasswing — a controlled-access program that immediately sent shockwaves through the technology and national security communities. In internal testing, Mythos had identified thousands of previously unknown zero-day vulnerabilities across every major operating system and web browser, reproduced vulnerabilities and developed working exploits on the first attempt in over 83 percent of cases, and in one documented instance uncovered a 27-year-old vulnerability in OpenBSD. Anthropic judged the model too dangerous for general release.

The U.S. government’s response illustrated a contradiction that would be comic if the stakes weren’t so high. The Department of Defense, which had formally designated Anthropic a supply-chain risk on March 3 and been upheld in that designation by the D.C. Circuit on April 8, was simultaneously watching civilian agencies rush toward the very company it had blacklisted. The Office of Management and Budget circulated an internal memo positioning Cabinet-level departments for Mythos access. Treasury Secretary Scott Bessent convened senior American bankers to urge them to use the model against their own networks. Goldman Sachs, Citigroup, Bank of America, and Morgan Stanley were reported to be testing it.

An administration official summarized the situation with unintentional precision: “There’s progress with the White House. There’s not progress with the Department of War.”

OpenAI announced its own equivalent capability would follow shortly. The narrative crystallizing in Washington and on Wall Street was one of breakthrough — a threshold crossed, a new era begun.

The narrative of American breakthrough is almost certainly incomplete. The more accurate frame is one of American announcement.

That narrative is almost certainly incomplete. And a systematic review of Chinese academic literature makes the case plainly: the more accurate frame is not breakthrough but announcement. The capability has been under development in China for at least sixteen years. The question worth asking is not whether China has something like Mythos. The question is what they’re calling it internally, and how far ahead of their published record their operational systems actually run.

II. What the Chinese Academic Record Actually Shows

A search of CNKI — China National Knowledge Infrastructure, the primary repository for Chinese academic and institutional research — using keyword combinations spanning AI vulnerability mining, automated exploit development, LLM-assisted fuzzing, and related terms returns 74 results spanning 2008 through February 2026. The dataset is not exhaustive. It is, however, systematic enough to establish several conclusions with confidence.

The research thread is continuous and unbroken. The earliest entry, a 2008 master’s thesis titled “Study on Vulnerability Discovery Technique Against Smart-phone,” establishes that Chinese researchers were working on automated vulnerability discovery long before the current generation of large language models existed. By 2014, research on “Smart Fuzzing Technology” appears. By 2019, multiple doctoral and master’s theses specifically address AI-powered vulnerability mining as a discrete discipline.

The publication velocity accelerates sharply after 2022 and again after 2024, tracking almost exactly with the global LLM capability curve. What was a steady research program becomes a sprint. The most directly relevant paper in the dataset — “Design of an Intelligent Software Vulnerability Mining and Penetration Testing Framework in the Context of Large Language Model Applications” — was published in February 2026 in a journal called Equipment Technology. That journal title is not incidental. Equipment Technology is a defense-adjacent publication. This is not academic curiosity.

The institutional spread is equally significant. The research appears across civilian universities, state-owned defense contractors, and direct military institutions. China Electronics Technology Group Corporation — CETC, a state-owned defense conglomerate that directly supplies the People’s Liberation Army — appears in multiple achievement entries, including a 2020 operational deliverable titled “Research and Application of Key Technologies for Integration of Information Security and Artificial Intelligence.” That is not a paper. That is a delivered capability.

Most significant is entry 27 in the dataset: a 2023 achievement co-authored by the PLA Strategic Support Force Information Engineering University. The SSF IEU is not a civilian academic institution. It is the PLA’s primary organ for cyber and information warfare capability development. Its appearance in this dataset, producing operational outputs on AI-assisted vulnerability mining, is the clearest signal that what is published represents the leading edge of something already deployed.

III. The Group Intelligence Track — A Different Architecture

One of the more consequential findings in the dataset is a research track that does not map cleanly onto what Anthropic has described with Mythos. Running from 2019 through 2021, a cluster of papers and operational achievements centers on what Chinese researchers call 群智 — group intelligence, or swarm intelligence — applied to vulnerability discovery.

The key paper, “Vulnerability Mining Mechanism based on Group Intelligence Technology,” published in Communications Technology in 2020, and a companion operational achievement from CETC titled “Research on Key Technology for Collaborative Vulnerability Mining Based on Swarm Intelligence,” describe a fundamentally different architectural approach. Rather than a single powerful model operating autonomously, the group intelligence framework envisions networked AI agents collaborating on vulnerability discovery — distributing the search space, sharing findings, and iterating collectively.

This distinction matters for two reasons. First, it suggests China is not simply replicating Western LLM-based approaches but pursuing a parallel path that may yield different — and in some respects more scalable — results. A swarm of coordinated AI agents conducting distributed vulnerability discovery against a target network is architecturally harder to defend against than a single model, however capable. Second, it suggests that comparing Mythos to whatever China has developed may be comparing categorically different systems, which makes capability assessment significantly more difficult.

The group intelligence track is also, notably, the framework most directly suited to the scenario described in the final section of this article.

IV. The Power Grid Signal

Across the full 74-entry dataset, one application domain appears with striking consistency: power infrastructure. Smart grid vulnerability mining features in entries from 2017, 2018, 2019, 2020, 2021, and again in 2025. The journals involved include Jiangxi Electric Power, Zhejiang Electric Power, Chinese Journal of Power Sources, and the broader electric power research institutional network.

This is worth stating plainly. A sustained, multi-year, institutionally distributed research program focused specifically on finding vulnerabilities in power grid systems — including smart grid terminals, IoT power devices, and industrial control systems for substations — is not defensive research dressed as academic inquiry. It is target development. The consistent presence of this thread across more than eight years of published output indicates that Chinese researchers have been systematically mapping exploitable vulnerabilities in energy infrastructure with AI assistance for nearly a decade.

The implications for critical infrastructure protection in the United States and among NATO allies require no elaboration.

V. What Is Not in the Dataset

The CNKI database indexes peer-reviewed journals, institutional achievement records, doctoral and master’s theses, and conference proceedings. It represents work that has been cleared for publication — which in China’s system means work that has been reviewed, approved, and intentionally surfaced. Classified research, active operational programs, and PLA internal development programs do not appear here.

The SSF Information Engineering University achievement from 2023 is the most visible edge of a much larger structure. PLA cyber doctrine, as documented in open-source analysis of the Science of Military Strategy and related texts, treats offensive cyber capability as a strategic asset requiring continuous development and forward deployment. The published research suggests the capability exists. The doctrine suggests it is already operationalized.

It is reasonable to assume that China’s operational AI vulnerability discovery capability runs two to three years ahead of its published record. If the published record extends to February 2026 with LLM-integrated penetration testing frameworks, the operational system may have achieved comparable capability to Mythos in 2023 or earlier. This is inference, not confirmed intelligence. But it is inference grounded in a systematic reading of what China’s research establishment has chosen to make visible.

VI. The Policy Implication

The U.S. government is currently treating Mythos as a breakthrough requiring emergency access decisions. The OMB memo, the Treasury briefings, the White House negotiations with Anthropic — all reflect an institutional posture of responding to a threshold just crossed.

The Chinese academic record suggests the correct policy frame is not breakthrough response but parity management. If China achieved comparable capability in 2023 or earlier, the United States has spent two to three years in a threat environment it did not fully recognize. The question is not how to respond to what Mythos can do. The question is what Chinese systems have already done during the period when no American equivalent was deployed defensively.

This is the institutional contradiction that the Mythos moment has made impossible to ignore.

VII. The Cyber GAN — When the Systems Find Each Other

There is a final dimension to this story that current policy discourse has not yet fully confronted. It begins with a question: what happens when both sides have systems like Mythos, and those systems are operating simultaneously against the same target environments?

The most useful analogy from machine learning is the Generative Adversarial Network — the GAN architecture in which a generator and a discriminator are locked in continuous competition, each improving because the other improves. Applied to AI-powered offensive and defensive cyber operations, the GAN analogy suggests an arms race dynamic that humans cannot observe in real time, let alone meaningfully intervene in.

But the GAN analogy understates the danger in one critical respect. In a classical GAN, the generator and discriminator share an objective function and a training environment. They are, in a meaningful sense, optimizing toward the same goal from opposite sides. In a real cyber conflict between opposing AI systems, the offensive and defensive networks operate on asymmetric information — neither system fully understands the other’s architecture, objectives, or decision logic. A GAN eventually converges. Opposing cyber AI networks operating on asymmetric information may not. There is no equilibrium-seeking mechanism built into the interaction.

The more precise term for what this produces is an Autonomous Adversarial Cyber Ecosystem — an environment in which AI systems on both sides are developing, testing, and deploying offensive capabilities against each other faster than any human decision-making chain can track, approve, or constrain. The human commanders nominally in charge of these operations are, in the relevant time frame, passengers.

This is not a speculative future scenario. The Chinese group intelligence research track, with its emphasis on networked AI agents collaborating on distributed vulnerability discovery, is architecturally suited to exactly this dynamic. A swarm of coordinated agents probing a target network, sharing findings in real time, and iterating collectively against adaptive defenses is the offensive side of an adversarial ecosystem. The defensive side — AI systems attempting to detect, characterize, and respond to these probes — completes the loop.

Once both sides have deployed systems of this class against the same infrastructure, the interaction dynamic itself becomes the primary threat — independent of any specific attack, independent of any specific actor’s intent. The ecosystem generates emergent behavior that neither side designed, controls, or can reliably predict.

The policy community is not yet thinking in these terms. It is still asking whether Mythos represents a breakthrough, whether the DoD designation of Anthropic should be lifted, whether civilian agencies should get access. These are real questions. But they are upstream questions. The downstream question — what happens when the systems are already in contact — is the one that will define the threat environment of the next decade.

The Whitefish Security Summit exists precisely to have conversations that other forums are not yet having. This one is overdue.

METHODOLOGY NOTE

The Chinese academic literature cited in this article was retrieved from CNKI (China National Knowledge Infrastructure) using keyword searches spanning AI vulnerability mining, LLM-assisted penetration testing, fuzzing-based exploit development, and related terms. The dataset of 74 results spans 2008–2026. CNKI indexes peer-reviewed journals, institutional achievement records, and graduate theses cleared for publication; it does not capture classified or operationally sensitive PLA research. All institutional attributions are drawn directly from author affiliations as listed in the CNKI records.

Jeff Caruso is the Founder and Managing Partner of the Whitefish Security Summit and the Suits and Spooks conference brand, and publishes analysis at www.InsideCyberWarfare.com on Substack.

Nine months in the making, two name changes, three location changes — and then Whitefish. Over 130 people signed up to attend our first event and 86% have said they want to come back in 2027.

So much happened in just two days that it’s impossible to capture it all in one article, so I’ll be doing a series of highlights over the next 30 days, starting off with some images and feedback from those who attended.

Many of our attendees were Intelligence and Military veterans who took no convincing to do PT in near-freezing temps before breakfast.

“A core lesson came from combining Stanley McChrystal’s leadership insights with our morning PT, especially the 6:30 AM swim training in a 37°F Montana lake, led by Eric Oehlerich, former U.S. Navy SEAL and Commanding Officer of DEVGRU (Squadron 2). It made one thing clear: theory means little without execution. The water is cold, whether you like it or not. The real question is whether you perform and lead when it matters.” - Cassian Peña (WSS Young Professional attendee)

“I appreciated the opportunity to virtually join the event. You’ve assembled an impressive mix of talent and expertise.” - Stan McChrystal (Founder and CEO, The McChrystal Group)

“My favorite memory from the summit, was being able to bring my daughter Natalie to see the documentary “The Power We Hold: Stories from Women Spies” and for her to meet so many great people from the Community. I think that the summit’s inspiring experience will stay with her for the rest of her life.” - Matt Zacharias (Attendee)

"The WSS was a tremendous experience for our company. Exploring global risks and projected issues in geopolitics and national security, intelligence and defense is exactly the type of gathering we've been looking for. The collaborative model of the WSS lends itself really well towards interacting with true subject matter experts. We are already looking forward to next year. Best summit in best environment." - Kyle Sweet (Chief Strategy Officer, Helio Risk)

“My favorite memory was more of a post-event observation about the depth and breadth of super-smart, serious people - both presenters and attendees - who were there.” - Howard Gordon (Award-winning Writer and Producer)

This is the first in a series of dispatches from the inaugural Whitefish Security Summit. Part II drops Monday, April 20th, with additional attendee feedback, photography from across the two days, and deeper coverage of the programming. Video coverage will follow in Part III.

None of this would have been possible without the support of our sponsors: Strider Technologies, Red5, Helio Risk, Ledlow Security Group, 5 Stones Intelligence, Acorn Capital Management, and Four Branches Bourbon. Their investment in this community made the Summit what it was — and we’re grateful.

Subscribe below to follow the series, and if you were there, we want to hear from you.

Subscribe now

Taylor’s connection to the special operations and intelligence communities is genuine, personal, and well known to everyone in that room.

He portrayed Lieutenant Michael P. Murphy in Lone Survivor — and has described Marcus Luttrell as a brother, a relationship that continued long after filming ended. In The Terminal List and The Terminal List: Dark Wolf — co-created by former Navy SEAL Jack Carr — he plays Ben Edwards, a SEAL Chief who crosses into CIA paramilitary operations. Dark Wolf premiered in August 2025 on Prime Video. He is an executive producer on Dark Wolf — not a hired actor, but an invested creative partner in stories about the people who will be sitting across the table from him that night.

On Thursday evening, April 3, at the Whitefish Security Summit, we are dedicating a two-hour dinner to a single purpose: launching Howlers Ridge’s major donor network.

Howlers Ridge

Howlers Ridge is a 501(c)(3) nonprofit retreat center on 22 acres outside Bozeman, Montana — founded by Taylor to provide nature-based healing for veterans, trauma survivors, and people in recovery from substance use disorders. The facility is under construction and will offer residential retreat programs grounded in wilderness experience and trauma-informed care.

The need is not abstract to anyone in this room. Suicide rates among special operations veterans remain significantly higher than the general population. The intersection of combat trauma and substance use is well documented and poorly served by existing systems. Howlers Ridge is being built to address exactly that gap — in a Montana landscape that is, for many of these veterans, home.

The Evening

4:30 PM — Pre-Dinner Reception Taylor circulates freely. Informal, unhurried. Every ticket holder has access.

5:15 PM — Dinner Begins / Welcome Remarks Jeff Caruso, Managing Partner, Whitefish Security Summit

5:30 PM — Taylor Kitsch: Howlers Ridge Personal story, the vision, current build progress, and why now.

5:55 PM — Veterans Panel Ground-level perspective on veteran mental health and recovery — the gap this facility is built to fill.

6:20 PM — Q&A with the Room Open conversation. This audience will drive it.

6:55 PM — Closing Remarks + Giving Opportunity Direct appeal. WSS will facilitate follow-up for anyone interested in a larger conversation.

7:00 PM — Post-Dinner Private Reception / Founding Donors Closed, intimate. Taylor available.

Tickets

Patron — $1,000 Pre-dinner reception and dinner. Full program access.

Benefactor — $2,500 Above, plus priority seating and your name in the printed donor acknowledgment distributed to the room.

Founding Donor — $5,000 Above, plus post-dinner private reception with Taylor and a warm introduction to Howlers Ridge for larger partnership conversations.

Tax deductibility: Howlers Ridge is a registered 501(c)(3) nonprofit. The portion of your ticket exceeding the fair market value of goods and services received (food, beverage, and program access) qualifies as a charitable contribution. WSS will forward proceeds on a per-donor basis in your name, and Howlers Ridge will issue a written acknowledgment reflecting the deductible portion of your contribution.

Contact

Space is limited. To reserve your seat:

Jeff Caruso • Founder & Managing Partner, Whitefish Security Summit

China Central Television (CCTV) is China’s national television broadcaster — and the Publicity Department of the Chinese Communist Party. In this case, they deserve a raise.

“White Eagle and Persian Cat: Chronicles of Love and Hate in the Valley of Gold” is a brilliant piece of propaganda. It wraps a genuinely clever geopolitical argument inside a beloved 1970s Chow Brothers Kung Fu format with cute anthropomorphic characters — and it works.

The eyeglass-wearing vulture-headed adviser (Stephen Miller) is informing the White Eagle King (Donald Trump) that the Persians are refusing to dismantle their underground core — that is, their nuclear enrichment facilities. The time to act is now.

An assassin flies through the air, sword extended, and kills the Persian cat leader.

The Eagle King’s adviser, now panicked, delivers the post-strike math:

“I just did the maths. Their wooden birds cost at most two taels of silver, but each golden arrow we shoot costs at least 100 taels. This is not war! This is feeding our treasury to the dogs!”

The King’s reply: “You shut up. How can a White Eagle be frightened by a few broken pieces of wood? Keep shooting until he has no wood!”

The king escalates. A school filled with Persian kittens is killed, vengeance is sworn, and a blockade of the only trading channel is initiated.

The Chamber of Commerce (NATO) is called upon to intervene and force the Persians to reopen the trade route. Instead, the Chamber discovers the old Silk Road — and while it may take a few extra days, it’s stable and reliable.

“Let’s find new allies and take a new path,” says a Chamber member riding through the desert.

The video closes with a slogan — a bastardization of Sun Tzu's principle of winning without fighting: "The art of war is not in the fighting, but in the stopping."

I’m sharing this because it illustrates something worth paying attention to: AI is now capable of generating emotionally resonant, strategically targeted narrative content drawn from current events in near real time. This isn’t a curiosity. It’s an information environment capability.

Storytelling and warfighting have always been inseparable. Done well, narrative shapes perception, builds will, and wins. Done poorly, it becomes a liability that turns on you. The CCP clearly knows this.

If that intersection interests you, join me and more than 100 colleagues from the worlds of national security and entertainment at the Whitefish Security Summit, April 2–4 in Whitefish, Montana.

For More Information

Suits and Spooks was born in a Palo Alto loft in 2011. Fifteen years ago. What started as an experiment at the intersection of national security and private enterprise has carried me — for better and for worse — to something I genuinely never imagined was possible.

In fifteen days, the Whitefish Security Summit begins.

Since I first conceived of this event last July, it has gone through location changes, name changes, and a significant shift in focus. What hasn’t changed is the pull — the sense that something necessary was missing from how the people who shape security, intelligence, and story actually talk to each other.

WSS 2026 is the answer to that.

The speaker roster is impressive — including General Stanley McChrystal and Howard Gordon, the showrunner behind 24 and Homeland. But what’s equally impressive — maybe more so — are the people attending whose names won’t appear anywhere. Private bankers. Quiet professionals. Power players from the entertainment and national security worlds who are spending real time and real money to be in a room together in Whitefish, Montana, because they understand something most people don’t yet:

Events are moving at a speed no one knows how to control. The speed of story.

That phrase deserves unpacking — and it will be, over three days in April, by people who have lived it from the inside. If you’ve been watching what’s happening at the intersection of narrative, intelligence, and influence, you know why that conversation matters right now.

There are still a limited number of seats available.

Count Me In

Olly — retired Navy SEAL, former Commander within DEVGRU, and apparently our new favorite person to follow into the mountains — is leading Morning PT at the inaugural Whitefish Security Summit this April 2–3.

Day One kicks off with a hike into the peaks surrounding Whitefish, Montana. The kind of hike where your legs start negotiating with your brain around mile two. The payoff: a panoramic view of the valley that makes you forget you can’t feel your quads.

Day Two is where things get interesting.

Olly decided the group needs a swim. In Whitefish Lake. In Montana. One thousand meters of aggressively cold water. Wetsuits are encouraged!

For reference, here’s the official spirit animal of Morning PT:

Everyone who gets in the water will finish. Nobody mutinies. A few people may question their life choices somewhere around the 500m mark — but they’ll keep swimming. Which is basically the whole point.

And when it’s over? Olly personally signs your Certificate of Survival — because if you voluntarily entered freezing water under command of a former DEVGRU Commanding Officer, that deserves official documentation.

👉 Register now at whitefishsecuritysummit.com

This is your invitation.

The Whitefish Security Summit isn’t just two days of frank, substantive conversation about the world’s most pressing security challenges — it’s a full experience, set against the unspoiled wilderness of Glacier Country. No vendor booths. No political theater. No warm lakes.

Seats are limited and going fast.

👉 Register now at whitefishsecuritysummit.com

See you out there. Wetsuits are optional. Excuses are not.

With no evidence of an imminent threat to support a preemptive strike against Iran, and the President’s refusal to provide same, President Trump, National Security Adviser Stephen Miller, Secretary of Defense Pete Hegseth, and Director of National Intelligence Tulsi Gabbard have recklessly put the U.S. at risk for expanded hostilities to include the Russian Federation. This brain trust may have just handed Vladimir Putin the pretext he never had to move from the sidelines to the field. Seven hundred Rosatom engineers are still at Bushehr. That's not a footnote. That's a tripwire, known in forecasting terms as an “accidental entanglement.” And nobody in this administration appears to have thought seriously about what happens if we trip it.

How Likely is Entanglement?

To answer that question, I looked at the target list, and ran that through Anthropic’s Claude to determine how many Rosatom employees might be present at each. Here are the results.

Bushehr Nuclear Power Plant — HIGH Rosatom presence, CONFIRMED

About 700 Russian specialists were taking part in construction of the second and third units at Bushehr, out of roughly 3,000 total specialists on site.

The port city of Bushehr was struck, though it remained unclear whether the nuclear reactor sustained damage.

Rosatom subsequently evacuated 94 non-essential personnel — children and family members — but confirmed its essential staff remained at the plant.

Isfahan Nuclear Technology Center — MODERATE Rosatom presence likely

Isfahan was struck in both the June 2025 Operation Midnight Hammer and again in the February 28 operation. Isfahan was among the cities targeted in Operation Roaring Lion, with nuclear-related sites taking hits. Isfahan has historically hosted Russian technical cooperation on reactor fuel conversion and research. It is less exclusively a Rosatom facility than Bushehr, but Russian technical advisors involved in fuel cycle cooperation and reconstruction monitoring after the June strikes would plausibly have been present. Probability of Rosatom personnel on site: moderate, perhaps 30-40%.

Parchin Military Complex — LOW but non-trivial Rosatom presence

The Parchin military complex also took hits in the February 28 operation. Parchin is primarily an IRGC weapons development site — explosives testing, missile work, suspected nuclear weapons design research. This is not a Rosatom facility. However, Russian military advisors (distinct from Rosatom) have been documented at IRGC facilities. The probability of Rosatom engineers specifically at Parchin is low, but Russian defense personnel more broadly is a separate and higher-probability question. See the S-300 and S-400 missile banks below.

Fordow and Natanz — LOW current Rosatom presence

These were the primary enrichment sites. Fordow and Natanz were struck in the June 2025 Operation Midnight Hammer and were again targeted in February 2026. These are Iranian-run enrichment facilities with no significant Rosatom operational role. The probability of Rosatom engineers at these sites is very low. Russian nuclear scientists in an advisory or monitoring capacity is conceivable but unconfirmed.

Tehran — CONFIRMED small Rosatom presence

A small group of Rosatom staff working in Tehran had been concentrated within the grounds of the Russian Embassy following the strikes. Tehran targets included the Iranian Atomic Energy Agency headquarters, where Russian officials regularly visited. Whether any were present at the moment of the strike is unknown.

With essential Rosatom staff still at Bushehr, inside an active conflict zone, with the Strait of Hormuz closed and Iranian retaliation ongoing, those personnel are effectively hostages to the conflict’s trajectory. Putin has already used their presence as diplomatic leverage — warning Israel publicly before the strikes began. That lever now cuts both ways: it constrains Russian escalation (Moscow doesn’t want its people in a war zone) but it also gives Putin a legitimate grievance narrative if any Russian nationals are killed, accidentally or otherwise.

The Presence of Russian Defense Personnel at Iran’s S-300 and S-400 Air Defense Systems

Israeli forces destroyed or damaged many of Iran's air defense systems during the June 2025 Twelve-Day War, including its Russian-supplied S-300 long-range surface-to-air missile batteries. However, February 2026 satellite imagery reveals S-300 launchers positioned within prepared revetments near Tehran, suggesting Iran had retained or restored sufficient components to reconstitute at least portions of its long-range surface-to-air missile coverage, and it would need Russian assistance to do it.

However, the presence of Russian technical personnel is probable but unacknowledged, undocumented, and unprotected by any prior diplomatic assurance. If U.S. or Israeli strikes hit a battery with Russian advisors present, there is no prior agreement to invoke, no public count of personnel to account for, and no established deconfliction channel to manage the aftermath.

Summary

There is a pattern here. Venezuela. Now Iran. With no confirmed imminent threat, no congressional authorization, and no deconfliction mechanism protecting hundreds of Russian nationals on the ground, the Trump administration has lit a fuse whose other end nobody can see. The world is watching — and what it sees is an America that has abandoned the international legal order it spent 80 years building. If this is the new doctrine, we should be honest about what it costs — starting with the very real possibility that the next casualty is a Russian engineer at Bushehr, and the phone call that follows goes to the Kremlin.

I came across this assessment in a Facebook post by my friend and go-to expert on everything related to Industrial Control System risk, Tim Roxey. As a non-engineer, I found it to be clear, concise, and convincing regarding the Pentagon - Anthropic controversy over how Claude could be used by the Pentagon. If you like this, and you want to read the full version with footnotes, visit Tim’s Substack and subscribe.

The Pentagon and Anthropic are in a very public fight over whether AI companies should set the rules for how their technology is used in military operations. Undersecretary Emil Michael says it’s “not democratic” for Anthropic to restrict military use of Claude. Anthropic says its models shouldn’t be used for autonomous weapons or mass surveillance. Secretary Hegseth is reportedly close to designating Anthropic a “supply chain risk” — a classification normally reserved for foreign adversaries.

Both sides are talking past each other, and here’s why: neither one has an engineering framework for the argument they’re actually having.

The Pentagon’s position rests on DoDD 3000.09, the directive on autonomy in weapon systems. That directive requires “appropriate levels of human judgment over the use of force.” But as multiple analysts have documented — including the people who wrote the update — 3000.09 doesn’t ban autonomous weapons, doesn’t require a human in the loop (that phrase never appears in the policy), and leaves “appropriate” deliberately undefined. That was defensible when the directive governed deterministic software that could be formally verified. It is dangerously inadequate for generative AI systems whose cognitive outputs are non-deterministic and cannot be mathematically proven correct.

Anthropic’s position rests on its terms of service. That’s a contractual restriction a company can be pressured to revise — which is exactly what’s happening.

What’s missing is the engineering argument. Through the ISA Global Cybersecurity Alliance, and my own research over the past decade, my colleagues and I have developed a hybrid quality assurance framework that resolves this impasse by grounding it in the actual technical characteristics of generative AI.

The core concept is the Bright Line — an architecturally enforceable boundary above which generative AI may not exercise autonomous control authority. This isn’t a policy preference or a corporate restriction. It’s an engineering conclusion: the same non-determinism that gives large language models their analytical power makes it impossible to verify they’ll never produce a catastrophically wrong recommendation in an untested context. For applications where consequences are irreversible — which describes every lethal engagement — a human must serve as the final safeguard.

The implementation is the Command Broker architecture. Above the Bright Line, the AI and the weapons platform are physically separated by a human decision-maker. The AI analyzes, recommends, and explains. The human decides and acts. The defense is architectural, not procedural.

Here’s the thing: this maps exactly to how military command authority already works. Commanders don’t delegate lethal authority to staff analysts. They receive analysis and decide. The Command Broker codifies that existing command relationship in the system architecture.

This reframes the entire dispute. It’s not that Claude shouldn’t be used in the kill chain. It’s that above the Bright Line, the system architecture must enforce the separation between AI recommendation and lethal action that military command authority already demands. The Pentagon gets generative AI across kill-chain planning, analysis, and assessment — where they’re already seeing what their own CDAO calls “significant advantage.” Anthropic’s safety concerns are satisfied by engineering, not by a usage policy that can be renegotiated under political pressure. And Congress gets a governance architecture with clear categories, boundaries, and evaluation criteria for the annual LAWS reporting required by the FY2025 NDAA through 2029.

The middle ground isn’t a negotiated compromise between contractual positions. It’s an engineered solution derived from the technology itself.

Written by Tim Roxey, reproduced here with permission.

The Montana Intelligence Summit is not a traditional conference.

For two and a half days this spring, we are converting downtown Whitefish into a living Intelligence Ecosystem—one designed to bring together intelligence professionals, storytellers, and creators who shape how national and global issues are understood.

This matters because, for as long as humans have existed, we have learned through story. The Summit is built on that truth: bringing people from the intelligence community together with leaders from the entertainment industry to help ensure that the stories reaching the public are authentic, intentional in their impact, and grounded in national and global realities.

That philosophy extends beyond the stage.

Instead of being funneled into conference rooms or catered spaces, attendees and speakers are free to enjoy lunch and dinner anywhere in downtown Whitefish. With a walkable town, a close-knit restaurant scene, and a shared schedule, people naturally cross paths—at tables, bars, and sidewalks—continuing conversations without agendas, badges, or conference food. The result is informal, unforced time together that feels human rather than programmed.

And then there’s the Montana version of networking.

Thursday night kicks off with Four Branches Bourbon’s Sip to Remember inside the 100-year-old Great Northern Bar & Grill—history in the walls, bourbon in the glass, and conversations that tend to last longer than planned.

Friday night is Movie Night. We’ll screen a 30-minute documentary on child soldiers, followed by exclusive clips from Iron Butterfly Media’s upcoming documentary on women in the Intelligence Community, with Q&A sessions featuring the filmmakers. It’s a reminder that story is not just entertainment—it’s how complex, difficult realities are understood.

Saturday morning brings the Lobo Institute’s “Find The Hooch Treasure Hunt” that will test your orienteering skills in the surrounding foothills, followed by spring skiing, or a cold plunge in Whitefish Lake.

Everything is within walking distance, with shuttles on standby when needed. Place isn’t a backdrop here—it’s part of the design.

One Week Only: 20% Off Tickets

Starting today and running for one week only, you can save 20% on both Standard and VIP tickets.

This is the only ticket sale that will happen before the event.

Use code HOLIDAY20 at checkout.
When it’s gone, it’s gone.

Join us in Whitefish—and experience where intelligence meets story, shaped by place.

The summit, founded by Jeffrey Caruso and developed with Lobo Institute co-founders Michael “Mick” Mulroy and Eric “Olly” Oehlerich, will convene experts from the intelligence community, special operations forces, diplomacy, economics, and journalism. Discussions will address issues ranging from geopolitical conflict and cyber threats to the rapid rise of autonomous and advanced military technologies.

At a time of increasing global instability, organizers say the goal is to create a setting that supports frank, cross-sector dialogue outside traditional Washington policy circles.

“Complex security challenges demand perspectives from across government and society,” said Mulroy and Oehlerich. “We want to foster serious conversations that connect operational experience with broader policy and public understanding.”

The rebranded summit will follow the April 2–3, 2026 Montana Intelligence Summit and is intended to become a recurring, invitation-focused gathering. By drawing inspiration from international forums such as the Aspen Security Forum and the Munich Security Conference, WSS aims to establish a new center for security dialogue in the American West.

“This partnership enables us to scale the summit into a lasting platform for global engagement,” said Caruso. “We’re building a forum that connects Montana to conversations shaping international security.”

About the Principals

Jeffrey Caruso, Founder — A veteran cyber warfare researcher and author of Inside Cyber Warfare, Caruso has briefed the CIA, DIA, FBI, and the Chief of Naval Operations. He is a veteran of the U.S. Coast Guard and the founder of the Montana Intelligence Summit.

Eric “Olly” Oehlerich, Lobo Institute — A retired Navy SEAL officer and former Commanding Officer of DEVGRU (Squadron 2), Oehlerich focuses on advanced research and development and the integration of high-fidelity sensor technologies for national security applications.

Mick Mulroy, Lobo Institute — A former Deputy Assistant Secretary of Defense for the Middle East and retired CIA paramilitary operations officer, Mulroy is a retired U.S. Marine and a national security analyst for ABC News.

About the Whitefish Security Summit

The Whitefish Security Summit (WSS) is an invitation-focused forum that fosters collaboration between senior leaders in government, the military, intelligence, industry, and academia. Through strictly limited attendance and off-the-record discussion, WSS provides a secure environment for addressing complex global threats and advancing practical solutions.

About the Lobo Institute

The Lobo Institute is a national security–focused organization dedicated to strengthening collaboration between military, intelligence, and policy communities. Founded by experienced special operations and intelligence professionals, the Institute develops programs, partnerships, and public engagement initiatives aimed at improving strategic understanding and operational effectiveness in an evolving global security environment.

“I’m not a spy. I just read books.”

In Three Days of the Condor, Robert Redford’s character describes a quiet corner of the intelligence world: analysts whose job is not clandestine action, but consumption. They read novels, newspapers, journals—everything that’s published—looking for patterns, leaks, and ideas. Fictional plots are examined not as entertainment, but as data points, fed back against real plans and real operations.

It’s a cinematic moment, but also an unusually clear articulation of a long-standing reality: the porous boundary between intelligence and entertainment. Stories don’t merely reflect the world of intelligence; they inform it. And intelligence, in turn, supplies an endless stream of raw material for storytelling.

At first glance, the Intelligence Community and the entertainment industry seem to occupy opposite ends of American life. One operates in secrecy, the other in spectacle. One claims national security as its mission; the other sells stories for mass consumption.

Look closer, and the parallels are striking.

Both are insular and widely misunderstood by the general public. Both are referred to in shorthand—the “Agency” and “the Industry”—as if naming them fully would give away too much. And in both worlds, the line between fiction and reality is thinner than most people realize.

Gatekeepers Over Merit

In neither domain does talent alone determine success. Advancement depends on sponsorship, trust, and informal power networks. In intelligence, it’s clearance, access, and reputation. In entertainment, it’s agents, producers, and perceived momentum. In both cases, a small group of gatekeepers quietly shapes outcomes behind the scenes, while formal processes provide institutional cover.

Mythmaking as Infrastructure

Both institutions actively manage their own mythology. The Intelligence Community relies on secrecy, mystique, and selective disclosure. The entertainment industry constructs star personas, prestige narratives, and carefully curated origin stories. In each case, myth smooths over contradictions and reassures outsiders that someone, somewhere, is in control—even when reality is far messier.

Secrecy as a Structural Necessity

Both worlds depend on secrecy—not as an affectation, but as an operating requirement.

For the Intelligence Community, secrecy protects global stability, human assets, sources and methods, and the fragile advantage of surprise. Exposure can cost lives, compromise alliances, or collapse years of work in a moment.

In the entertainment industry, secrecy serves a parallel function: protecting intellectual property, massive financial investments, and the fragile alchemy of creative development. Scripts are locked down, projects code-named, endings concealed, and leaks aggressively policed. Premature exposure can kill a project just as surely as a blown operation.

In both cases, secrecy isn’t about hiding wrongdoing—though it can enable it—but about preserving optionality. The work must be protected until it’s ready to be revealed, framed, and understood on institutional terms.

Failure Is Hidden; Success Is Curated

Most intelligence operations fail quietly. Most films and television projects do too. In both worlds, failure is buried, reclassified, or quietly forgotten, while success is elevated into legend. History becomes a highlight reel, not a full accounting.

Compartmentalization as a Way of Life

People inside these systems rarely see the whole picture. Intelligence professionals work on a strict need-to-know basis; entertainment workers are siloed across writing, editing, visual effects, and marketing. Compartmentalization protects secrets—but it also limits accountability and perspective.

Narrative Is the Real Currency

Despite the technical trappings, both industries are fundamentally about narrative control. Intelligence agencies frame threats, victories, and priorities. Entertainment frames heroes, villains, and national identity. Facts matter—but how they’re arranged, paced, and emotionally framed often matters more.

Moral Ambiguity as the Default

Neither world operates cleanly. Ethical gray zones are not exceptions; they are the norm. Participants learn to rationalize compromise, justify trade-offs, and live with outcomes they can’t fully endorse. Cynicism and dark humor become coping mechanisms rather than signs of corruption.

Burnout as a Feature, Not a Bug

Long hours, personal sacrifice, and identity fusion with the job are normalized. Leaving can feel like exile. Both institutions reward obsession and quietly punish balance, even as they publicly celebrate resilience.

Outsiders Get It Wrong—In Both Directions

From the outside, these institutions are imagined as either omnipotent or incompetent. The reality is more mundane: capable people constrained by bureaucracy, incentives, and human error. Reality is rarely cinematic—but the myth persists.

Shaping National Identity

Together, these two worlds help define how a nation understands power, threat, and heroism. One does it through classified briefings and policy memos. The other does it through screens and stories. The methods differ, but the cumulative effect is the same.

The Quiet Exchange

Which brings us back to that line from Three Days of the Condor. The analyst who “just reads books” isn’t a fantasy. He’s a reminder that imagination, narrative, and interpretation sit closer to the center of power than we like to admit.

The Intelligence Community and the entertainment industry are both meaning-making systems operating under scarcity—information in one case, attention in the other. One conceals reality; the other stylizes it. But both decide which stories are told, which are softened, and which never reach the public at all.

Different missions. Different aesthetics.
Same underlying logic.

And once you see it, it’s hard to unsee.

This article was written by Jeffrey Caruso, with editorial support from generative AI tools.

From April 2–3, 2026, between 100 and 200 operators, creators, analysts, producers, case officers, journalists, investors, and leaders from dual-use technology companies will converge in Whitefish, Montana for the first annual Montana Intelligence Summit, known as MI:1. Future summits will follow as MI:2, MI:3, and beyond.

MI:1 builds on the 14-year Suits and Spooks tradition of shaping a revolution in security affairs, expanding its scope beyond intelligence and technology to the increasingly important intersection between the Intelligence Community and the entertainment industry.

At its core, the Summit exists to improve the realism, responsibility, and nuance of how intelligence, conflict, and national security are portrayed on screen and in popular culture, while confronting a deeper truth: narrative, social media, and entertainment have become primary battlegrounds in persuasion, division, and distraction.

This is where intelligence professionals and storytellers meet not to posture, but to confront the consequences of the stories we tell and the power they carry.

Venues: A Walkable Intelligence Ecosystem

Unlike traditional conferences confined to a single ballroom, MI:1 turns the town of Whitefish itself into a living intelligence ecosystem for two and a half days.

Attendees will receive an MI:1 Briefing Book containing:

• A map of all session venues

• A curated list of hotels

• Insider recommendations for the best burgers, breakfasts, coffee, and cocktails

• A detailed schedule of sessions by time and location, including VIP meet-and-greets

The result is a summit that feels less like a conference and more like an embedded assignment.

Activities: Montana, Operationally

Early April is an ideal time to experience Whitefish. Crowds are lighter, the mountains still carry snow, and spring skiing, hiking, and outdoor exploration are all in play.

In addition to formal sessions, MI:1 will include:

• Early-morning physical training led by a retired Naval Special Warfare Command officer

• A treasure hunt designed to test navigation, observation, and orienteering skills

Participation is optional. Bragging rights are not.

Sessions: Confirmed and In Progress

The following list reflects the current agenda and will continue to evolve. A final schedule will be released to attendees one to two weeks prior to the Summit.

VIP Experiences

• VIP Lunch and Meet-and-Greet with General Stanley McChrystal and keynote speakers

• VIP Breakfast with members of Montana’s Congressional delegation (invited) and Governor Greg Gianforte (invited)

Featured Talks and Panels

• Action Films and the Intersection of U.S. Intelligence — Mills Goodloe

• Archetypes for AI Security and Governance in the National Security Sector — Benjamin Harvey, Ph.D.

• AI Cubed: Artificial Intelligence, Artistic Infringement, Anarchist Impact — Bianca Goodloe

• Blinding the Beholder: Adversarial Attacks to Defeat Autonomous Drones — Robi Sen

• Character as Strategy: Leadership for America’s Critical Frontiers — General Stanley McChrystal

• How Power Shapes the Story: Inside Hollywood’s Influence Machinery — Tatiana Siegel

• The Evolution of Intelligence Collection and the Need for Cultural Acuity in Analysis — Dave Tinsley

• Reel v. Real: The Melding of Espionage and Entertainment — Darrell M. Blocker

• SCRIPTED CRISIS: Turning Real-World Threats into Drama—and Drama into Understanding — Howard Gordon

• Secrets and Stories: Intelligence, Influence, and the Battle for Relevance — Fireside chat with Rodney Faraon, interviewed by Teresa Smetzer

• Wise Women, Hard Targets: Story, Strategy, and the Future of U.S. Security — Panel with Carmen Medina, Laura Thomas, and Rachel Grunspan

• Conflict in the Grey Zone: Operator Lessons — Panel with Mick Mulroy, Eric “Olly” Oehlerich, and RJ Casey, moderated by Susan Barrows Libby

• Panel with RJ Casey, Matt Westbrook, and a special guest (title to be announced)

Screening

• My Star in the Sky — A 30-minute documentary on child soldiers in Uganda, followed by a Q&A with the filmmakers

Evening Program

• “Sip to Remember” bourbon tasting honoring those who made the ultimate sacrifice in defense of the nation, sponsored by Four Branches Bourbon

On January 1, 2026, ticket pricing will increase to standard rates. Early-bird tickets are available now.

If you’ve been waiting for a sign, this is it.

For More Information and Tickets

We’re pleased to announce that Rodney Faraon is joining the Montana Intelligence Summit as our newest featured speaker.

Rodney brings a rare fusion of national-security experience and creative storytelling expertise. A 15-year veteran of the Central Intelligence Agency, he contributed to the President’s Daily Brief across two administrations, served as briefer and speechwriter to CIA Director George J. Tenet, and received the prestigious Director’s Medal for his service. After government, he founded The Walt Disney Company’s Global Intelligence practice and later co-founded Crumpton Global, where he now serves as Partner and Chief Creative Officer. His work in entertainment includes serving as the inspiration for — and executive producer of — NBC’s State of Affairs, along with consulting across film and television.

In addition to State of Affairs, Rodney has consulted on a range of intelligence-themed films and television series, including The Crossing (ABC), Homeland (Showtime), Blackhat (Legendary), The Blacklist (NBC), and the forthcoming The Billion Dollar Spy (Walden Media).

Rodney’s ability to translate complex global risk into narratives that illuminate, warn, and inspire makes him an extraordinary addition to the Summit.

🎟 Early Bird Registration Ends Soon
Tickets for the Montana Intelligence Summit are available now at Early Bird rates through December 31. Prices increase on January 1, so this is the ideal moment to secure your seat for two days of high-impact conversations with leaders from intelligence, national security, technology, journalism, and Hollywood.

👉 Reserve your Early Bird ticket today and be part of the inaugural Montana Intelligence Summit:

Count Me In

Purpose and mission

The Montana Intelligence Summit builds on the 14‑year Suits & Spooks tradition of “shaping a revolution in security affairs” by expanding its focus from intelligence and tech to the natural nexus between the Intelligence Community and the entertainment industry. The event’s purpose is to improve the realism and nuance of on‑screen portrayals of intelligence and conflict, while highlighting how narrative, social media, and popular culture are now central battlegrounds in persuasion, division, and distraction.​

Format and experience

Structured as an intimate, curated gathering rather than a traditional trade conference, the summit emphasizes interactive sessions, in‑depth panels, and informal networking over large keynotes and expo halls. Attendees can also participate in special offerings such as a VIP lunch and book signing with featured speakers, underscoring the event’s focus on direct access and substantive dialogue.​

Strategic goals

Through this inaugural Montana event, Suits & Spooks aims to establish an annual national security summit in the Rocky Mountain West that attracts both senior practitioners and emerging voices. The organizers intend for the summit to seed new collaborations, influence future projects in Hollywood and streaming media, and foster a more informed public debate about intelligence, technology, and the evolving character of conflict.​

Featured Speakers and Sessions

The Montana Intelligence Summit will feature a distinguished lineup of speakers and sessions that reflect the event’s unique focus on the intersection of intelligence, leadership, technology, and entertainment.

General Stan McChrystal (U.S. Army, retired) will deliver a keynote address titled “Character as Strategy: Leadership for America’s Critical Frontiers,” examining how values‑based leadership shapes outcomes in an era of complex security challenges.

“Wise Women, Hard Targets: Story, Strategy, and the Future of U.S. Security” will bring together CIA veterans Carmen Medina, Laura Thomas, and Rachel Grunspan for a candid panel discussion on how narrative, diversity of perspective, and analytic tradecraft inform U.S. strategy in a rapidly evolving threat landscape.

In “Reel v Real: The Melding of Espionage and Entertainment,” Darrell M. Blocker (CIA, retired) will explore how real‑world intelligence operations collide and converge with their on‑screen portrayals, and what that means for public understanding of espionage.

Robi Sen, co‑founder and CTO of Department 13, will present “Blinding the Beholder: Adversarial Attacks to Defeat Autonomous Drones,” offering an insider’s view of emerging counter‑drone techniques and their implications for future conflicts.

Entertainment attorney, financier, and producer Bianca Goodloe will lead “AI Cubed – Artificial Intelligence, Artistic Infringement, Anarchist Impact,” addressing the legal, creative, and disruptive dimensions of AI at the crossroads of copyright, culture, and security.

In “The Evolution of Intelligence Collection and the Need for Cultural Acuity in Analysis,” Dave Tinsley (DEA, retired; founder, Five Stones Intelligence) will trace the changing nature of collection and emphasize why cultural understanding is now a critical component of effective intelligence work.

Screenwriter and director Mills Goodloe will discuss how high‑impact storytelling shapes perceptions of national security in “Action Films and the Intersection of U.S. Intelligence,” highlighting the feedback loop between Hollywood narratives and real‑world policy debates.

Finally, “So You Want to Build a Defense Startup,” presented by angel investor and venture capitalist Lance Cottrell, founder of Anonymizer, will offer practical insights for entrepreneurs seeking to navigate the defense and national security innovation ecosystem.

For More Information

“The Multi-regional Electronic Employment Center is an electronic recruiting agency that helps to implement selection of senior and middle-level personnel in Russia, the Commonwealth of Independent States (CIS), and Eastern Europe (EAEU) in such professional fields as Finance, Economics and Accounting,…

Read more

I pulled footage from some oldies but goodies that are now in the public domain - The House on Haunted Hill (1959), Plan 9 from Outer Space (1957), and The Phantom Planet (1961).

Feel free to share on your own social media channels.

More information is at www.suitsandspooks.com. Early bird pricing is now in effect through October 31, 2025.

There are two college ranking systems - U.S. News and CS Rankings.

U.S. News uses a closed survey-based approach while CS Rankings uses a transparent metrics-based approach:

“It weighs departments by their presence at the most prestigious publication venues. This approach is intended to be both incentive-aligned (faculty already aim to publish at top ven…

Read more