Teahose.
SIGN IN
NEW HERE — WHAT TEAHOSE DOES
We read the entire AI & tech firehose — so you don't have to.
PODPodcastsAll-In, No Priors, Acquired…
NEWNewslettersStratechery, Newcomer…
PAPPapersPhysical AI research
PHProduct Huntdaily launches
VCInvestor ScoutSequoia, a16z, Benchmark…
CLAUDE DISTILLS →
7 reads, 30 sec each — free, 6 AM ET.
+ a live graph of the companies, people & themes underneath.
HOME/JACK CLARK FROM IMPORT AI/Import AI 453: Breaking AI agent…
NEWS
// NEWSLETTER ISSUE
JACK CLARK FROM IMPORT AI

Import AI 453: Breaking AI agents; MirrorCode; and ten views on gradual disempowerment

DATE April 13, 2026SOURCE JACK CLARK FROM IMPORT AIPARTICIPANTS JACK CLARK FROM IMPORT AI
AI AgentsAI SafetyAI InfrastructureDeveloper ToolsDeep LearningLarge Language Models
// KEY TAKEAWAYS4 ITEMS
  1. 01Theme 1: AI Coding Capability Has Crossed a "Weeks-Long Task" Threshold
  2. 02Theme 2: AI R&D Self-Automation Is Becoming a Near-Term Probability
  3. 03Theme 3: AI Agent Security Is an Emerging and Underinvested Infrastructure Problem
  4. 04Theme 4: Gradual Human Disempowerment as a Structural Risk, Even in an "Aligned AI" Scenario
// SUMMARY

1. Key Themes

Theme 1: AI Coding Capability Has Crossed a "Weeks-Long Task" Threshold

AI can now autonomously reverse-engineer complex software programs of 16,000+ lines of code — work that would take a human engineer 2–17 weeks.

"Claude Opus 4.6 successfully reimplemented gotree — a bioinformatics toolkit with ~16,000 lines of Go and 40+ commands. We guess this same task would take a human engineer without AI assistance 2–17 weeks."

This is not a narrow coding benchmark win. The MirrorCode test is explicitly designed to simulate real-world long-horizon software tasks, suggesting AI is approaching — or has crossed — the threshold of replacing skilled software engineering labor on significant workloads.

Theme 2: AI R&D Self-Automation Is Becoming a Near-Term Probability

Calibrated forecasters are rapidly shortening timelines for full AI R&D automation, with probabilities doubling in short periods based on observed model performance.

"Ryan Greenblatt... now has doubled his estimate from 15% to 30% of the chance that by the end of 2028 it'll be possible to fully automate AI research itself."

The specific driver is AI's ability to close its own feedback loops on easy-to-verify software engineering tasks:

"This type of loop means that even if sometimes the AI gets confused or makes bad calls, there is some correcting factor and mistakes usually aren't critical... I think it's pretty plausible that very strong performance on [these tasks]... will allow AIs to substantially speed up AI R&D."

Theme 3: AI Agent Security Is an Emerging and Underinvested Infrastructure Problem

As AI agents are deployed into open environments, the attack surface explodes across six distinct vectors — from content injection to multi-agent collusion — requiring a full ecosystem response, not just model-level fixes.

"AI safety is about to be ecosystem safety... the matter of securing AI moves from one centered on the platform that is deploying the technology to one centered on the whole ecosystem in which the AI systems are being deployed into."

The analogy Clark uses is instructive for investors: AI agents are like toddlers — powerful but gullible — and the security problem is as much about the environment as the agent itself.

Theme 4: Gradual Human Disempowerment as a Structural Risk, Even in an "Aligned AI" Scenario

Even a successful alignment outcome may not prevent humans from losing meaningful agency over their own future — a framing that has serious implications for policy, governance, and long-term societal structure.

"Suppose we succeed in building powerful technology and aligning it so it follows our preferences? If we fail to set up the right system under which we deploy it and express agency over it, humanity might still end up worse off, despite all the material abundance."

This is not just a safety concern — it's a governance and policy design challenge that is beginning to attract dedicated institutional attention (e.g., the Windfall Policy Atlas).

2. Contrarian Perspectives

AI Researchers Are the Worst at Forecasting AI Progress — They Chronically Underestimate It

The conventional assumption is that AI researchers would be the most bullish and possibly overoptimistic about AI progress. The reality is the opposite.

"Pretty much everyone in AI research chronically underestimates AI progress, including me. Maybe the only person who doesn't is my colleague Dario Amodei. I find this perplexing — you'd expect AI researchers to be well calibrated and perhaps overly optimistic about progress, the fact the vast majority are overly conservative after ~5 years of riding the scaling laws boom is inherently surprising."

Implication for investors: If even domain experts are systematically too conservative, consensus market pricing on AI timelines and disruption magnitude is likely also too conservative. Position accordingly.

Inference Scaling — Not Just Model Size — Is an Underappreciated Lever for Capability Gains

The prevailing public narrative focuses on training compute and model size as the primary driver of AI capability. MirrorCode's findings suggest inference-time compute is a meaningful and scalable capability multiplier.

"They also found that performance can scale with inference, so the more compute you give a model, the better it'll do... 'We see continued gains from inference scaling on larger projects, suggesting they may be solvable given enough tokens.'"

Implication: Inference infrastructure, not just training infrastructure, is a high-value investment category. Companies selling inference compute or optimizing inference economics have durable tailwinds.

Aligning AI May Be Necessary But Not Sufficient — "Winning" on Safety Could Still Mean Losing

The AI safety debate is almost entirely framed around preventing misaligned AI from causing harm. The "gradual disempowerment" thesis presents a more subtle risk: an aligned AI that still erodes human agency.

"It's the terminator, but instead of killing you it just puts you in an invisible prison and then does whatever it wants."

David Krueger's framework suggests the real risk may not be AGI going rogue, but humans voluntarily outsourcing decision-making until they've irreversibly ceded control — a slower, more socially acceptable path to the same outcome.

3. Companies Identified

Anthropic

  • Description: AI research company, maker of Claude models
  • Why mentioned: Claude Opus 4.6 is cited as achieving state-of-the-art performance on the MirrorCode benchmark; Dario Amodei is singled out as the only AI researcher who does not chronically underestimate AI progress
  • Quote: "Claude Opus 4.6 successfully reimplemented gotree — a bioinformatics toolkit with ~16,000 lines of Go and 40+ commands."

METR (Model Evaluation & Threat Research)

  • Description: AI measurement and evaluation organization
  • Why mentioned: Co-developed the MirrorCode benchmark to test long-horizon autonomous coding capabilities in AI systems
  • Quote: "AI measurement organizations METR and Epoch have built MirrorCode, a benchmark meant to test out how well AI models can autonomously reimplement complex existing software."

Epoch AI

  • Description: AI forecasting and research organization
  • Why mentioned: Co-developed MirrorCode; associated researcher Ajeya Cotra also recently updated AI timeline estimates significantly earlier
  • Quote: "AI measurement organizations METR and Epoch have built MirrorCode..."

Google DeepMind

  • Description: AI research lab, subsidiary of Alphabet
  • Why mentioned: Authored the paper taxonomizing six genres of attacks against AI agents ("AI Agent Traps") and proposing mitigation frameworks
  • Quote: "A new paper from Google DeepMind lays out six genres of attack which can be mounted against AI agents and tries to come up with some of the mitigations we might do."

Windfall Trust

  • Description: Policy accelerator focused on societal challenges posed by transformative AI
  • Why mentioned: Published the "Windfall Policy Atlas," a navigable tool covering 48 policy proposals across five categories for responding to AI-driven economic disruption
  • Quote: "The Windfall Trust, a policy accelerator dedicated to dealing with the challenges to society posed by transformative AI, has published a 'Windfall Policy Atlas.'"

4. People Identified

Ryan Greenblatt

  • Description: AI researcher and forecaster
  • Why mentioned: Doubled his probability estimate for full AI R&D automation by end of 2028 (15% → 30%), citing observed model overperformance and "superexponential progress" on easy-to-verify software tasks
  • Quote: "I think it's pretty plausible that very strong performance on [these tasks]... will allow AIs to substantially speed up AI R&D."

Ajeya Cotra

  • Description: AI researcher and forecaster (associated with Epoch AI / Open Philanthropy)
  • Why mentioned: Referenced as a corroborating data point — she also substantially updated her AI timeline estimates earlier in 2026
  • Quote: "Ryan's timeline update follows a similar one from Ajeya Cotra, who in March substantially updated her own timeline estimates, based in part on time-horizon modeling."

Eli Lifland and Daniel Kokotajlo

  • Description: Researchers at AI 2027 project
  • Why mentioned: Updated their AI timelines earlier by ~1.5 years, driven by faster time horizon growth and coding agent performance
  • Quote: "Said they had recently 'updated our timelines earlier by ~1.5 years' mostly due to 'faster time horizon growth' and 'coding agents.'"

Dario Amodei

  • Description: CEO of Anthropic
  • Why mentioned: Identified by Jack Clark as the singular exception among AI researchers who does not chronically underestimate AI progress
  • Quote: "Maybe the only person who doesn't is my colleague Dario Amodei."

David Krueger

  • Description: AI safety researcher
  • Why mentioned: Authored the framework of "ten views on gradual disempowerment," cataloguing ways humanity may lose meaningful agency to AI systems even under benign alignment scenarios
  • Quote: "AI safety researcher David Krueger has written up a short post that lays out ten different ways to think about 'Gradual Disempowerment.'"

Jack Clark

  • Description: Author of Import AI; co-founder of Anthropic
  • Why mentioned: Author and analyst; offers his own meta-observation that the field systematically underestimates progress
  • Quote: "From my point of view, pretty much everyone in AI research chronically underestimates AI progress, including me."

5. Operating Insights

AI Agents in Production Require Ecosystem-Level Security Architecture, Not Just Model Guardrails

Operators deploying AI agents cannot rely solely on model-level safety. The DeepMind taxonomy shows attacks targeting perception, reasoning, memory, action, multi-agent dynamics, and human overseers. Mitigation must be layered:

"Make models more robust to all the forms of hacking through pre-training and post-training. At inference time, use a layered approach: runtime defenses: pre-ingestion source filters, content scanners for ingested material; output monitors to detect shifts in agent behaviour."

Tactical implication: Before deploying agents with tool access, operators should conduct structured red-teaming across all six attack genres — not just prompt injection — and establish output monitoring pipelines.

AI Performance Compounds on Easy-to-Verify, Feedback-Rich Tasks — Prioritize These Use Cases First

For operators choosing where to deploy AI agents, the biggest reliability gains come from domains where AI can self-evaluate and iterate — i.e., tasks with clear success criteria and automated test suites.

"You can get the AI to develop a test suite / benchmark set and then it can spend huge amounts of time making forward progress by optimizing its solution against this evaluation set... even if sometimes the AI gets confused or makes bad calls, there is some correcting factor and mistakes usually aren't critical."

Tactical implication: Software engineering, data pipeline validation, and compliance checking — all domains with verifiable outputs — are the highest-confidence deployment targets for autonomous AI agents today.

6. Overlooked Insights

The Windfall Policy Atlas as an Early Signal of an Emerging "AI Policy Infrastructure" Market

The Atlas is briefly framed as merely a navigation tool, but its existence signals a broader institutional movement: dedicated organizations are now systematically cataloguing 48 policy levers for managing AI-driven economic disruption, organized across labor, wealth, regulation, and global coordination.

"The atlas contains 48 distinct ideas... bucketing them into five distinct categories (public & social investments, labor market adaptation, wealth capture, regulation and market design, and global coordination)."

This is an early indicator that AI policy consulting, compliance infrastructure, and government-adjacent advisory services are becoming formalized market categories — potentially valuable territory for early-stage investors or entrepreneurs building in GovTech or regulatory tech adjacent to AI.

"Jigsaw Attacks" as a Novel Multi-Agent Threat With No Current Defense Playbook

Buried in the six-genre taxonomy is a particularly novel attack class that receives no further elaboration: splitting a harmful command across multiple independent agents so no single agent sees the full picture.

"Perform jigsaw attacks where you separate out a harmful command into a series of pieces which independent agents subsequently piece together."

This attack vector is qualitatively different from all others — it exploits the architecture of multi-agent systems rather than any single agent's reasoning — and implies that as orchestration frameworks (e.g., LangGraph, AutoGen) proliferate, a new class of security tooling specifically designed for multi-agent workflows will be needed. No current vendor appears to be addressing this specifically.