Supreme Court: Bayer’s Monsanto Capture of EPA Shields Mass Harm

Cuyahoga River burns in 1952. At least twenty years of disasters were suffered before the American government created an agency to find fault.

The early 1970s had some logic. Rivers were burning, air was unbreathable, pesticides like DDT were moving through whole ecosystems. Meanwhile, American tort law crawled case by case. Common-law suits could not regulate the rampant abuse of the public by a continental chemical economy, let alone a foreign one. An agency, however, could set standards before harm. That was the promise of the EPA when it landed: expert protection at scale, faster and broader than a jury in one county.

EPA was built under President Nixon to deliver a remedy the courts were too slow and scattered to provide.

Today, the EPA has been inverted into a blocking function.

Bayer has spent the last decade fighting more than 100,000 lawsuits filed by people who developed non-Hodgkin lymphoma they blamed on exposure to the glyphosate weedkillers, and the company has paid out billions of dollars in jury awards and settlements. All of the cases include allegations that the company failed to warn that glyphosate could cause cancer.

Bayer maintains that its products don’t cause cancer, and also asserts that under the Fifra the EPA is the key authority for determining if its product necessitated a cancer warning. The EPA has not required such a warning and has taken the position that glyphosate is “unlikely” to be carcinogenic, so the company cannot be held liable for failing to warn, according to Bayer’s argument.

In the Thursday ruling, the supreme court upheld this argument.

The evidence the agency set aside is overwhelmingly strong. In 2015 the WHO’s cancer agency classified glyphosate a probable human carcinogen, on limited human evidence, sufficient animal evidence, and strong evidence of genotoxicity. IARC, Group 2A. A 2019 Berkeley meta-analysis pooled the 2018 Agricultural Health Study with five case-control studies and found non-Hodgkin lymphoma raised 41 percent in the highest-exposed, a meta-relative risk of 1.41. Zhang et al. Three of its authors had served on the EPA’s own glyphosate advisory panel. The Agricultural Health Study itself, the cohort Bayer leans on, reported elevated acute myeloid leukemia at the top of the exposure range, significant under a twenty-year lag. Andreotti et al. In 2025 the Ramazzini Institute exposed rats from prenatal life and recorded dose-related leukemia deaths down to the European acceptable daily intake, and Europe’s chemical agency has reopened the classification. Panzacchi et al. Four lines of evidence that all point in a single, strong direction.

However, two political shifts happened since President Nixon to enable the Supreme Court’s stupidity.

First, the industry aggressively worked to occupy the agency, staffing it, funding the science it reviews, setting the terms of what counts as proof, completely breaching independence and integrity.

Second, the court practiced a binary judgment, where passive agency absence of action was ruled as active agency judgment against action. When the EPA has not yet acted, the preemption doctrine reads that the silence is a considered federal decision and displaces every active state remedy that would disagree with passivity.

Perhaps states that fight the Trump centralization regime should be called the Free States.

The flawed premise is that a single federal warning flag suppressed should shut down all other warning flags, which makes the federal flag the easy target for corporate capture and suppression. This court has ratified this vulnerability explicitly, which makes these judges complicit in the preventable mass harm that follows from the corporate capture of agency.

Judges made a choice to enable public harm. They had the evidence, the jurisdiction, the dissent in front of them, and they chose preemption to increase preventable suffering and deaths. That is an act, on the record, with names. Kavanaugh wrote it, and six others signed. Elie Wiesel indicted them all decades ago. Silence is the choice, documented, by people with the power to rule otherwise. Complicity attaches to the actor who chose death for profit.

While a state court sided with Durnell and awarded him more than $1 million in damages, Monsanto—now Bayer—appealed the ruling to the Supreme Court, arguing that federal law should override state law. The Supreme Court agreed…. Shares of Bayer jumped by more than 16% after the court’s ruling came out Thursday morning.

The dissent was Jackson and Gorsuch, who not only said the majority misread FIFRA, they argued Monsanto could comply with both federal and state law by ending Roundup sales. A simple compliance path existed. There was never an impossibility to claim.

Cipollone in 1992 cut tobacco claims on a federal labeling statute. Riegel in 2008 turned on a different mechanism, the FDA’s own premarket approval. Congress wrote the cigarette warning into statute. The FDA granted the device its approval. The EPA withheld the glyphosate warning. Three federal moves created corporate immunity from documented harm. The shield for profit on suffering was widened with each case. It once required an express command. Now it just takes an agency to do nothing, which means America runs fail-unsafe.

Corporations cause mass suffering on the principle that an agency hasn’t made a warning. It’s like requiring deny lists, instead of allow lists, for things that cause the most harms in history. The court treats absence of a warning as an explicit federal command that no state may evaluate no matter how overwhelming the evidence of failure. In February 2026 Monsanto announced a proposed nationwide class settlement for Roundup non-Hodgkin lymphoma claims, which it described as one element of a multi-pronged strategy to suppress claims against it.

Captured process, legalizing death caused by its captors, invokes some other history about suppressed chemical warnings by the same company as in courts today. Bayer was a founding member of IG Farben, the chemical combine that produced poison gas and supplied the Zyklon B delivered in “Red Cross” vehicles to be used in the death camp “showers”.

The crematorium is a big building with a wide chimney and 15 ovens. Under a garden there are two enormous cellars. One is where people undress and the other is the death chamber. People enter it naked and once about 3,000 are inside it is locked and they are gassed. After six or seven minutes of suffering they die,” he wrote.

He described how the Germans had installed pipes to make the gas chamber look like a shower room.

“The gas canisters were always delivered in a German Red Cross vehicle with two SS men. They then dropped the gas through openings – and half an hour later our work began. We dragged the bodies of those innocent women and children to the lift, which took them to the ovens.”

The Nazi victims never saw a warning label, by design, and neither do the Americans suffering from German chemicals killing them today.

Zyklon B canister. The same hydrogen-cyanide fumigant was used on Mexican border crossers at the El Paso delousing plants from 1917, under Woodrow Wilson, who ran on “America First.” The chemist Gerhard Peters recommended Zyklon B for the camps’ disinfection chambers and illustrated his case with photographs of the El Paso delousing chambers. Hitler, who admired American race laws and based “Lebensraum” genocide on U.S. “westward expansion”, named his command train “Amerika.” A camp within Auschwitz was called Mexico. IG Farben held 42.5 percent of Degesch, the distributor.

The Allies broke IG Farben apart after the war. The German company Bayer was refounded in 1951 and bought Monsanto in 2018. Some have depicted the brand reputation simply, as this:

Source: Unknown

The National Academies Launders Mythos: “Implications of AI for Cybersecurity”

In April “The Boy That Cried Mythos” caught Anthropic collapsing its own credibility. In June “Mythos dressed up in a coat, should be called Opus with a moat” caught it again.

Anthropic wants to play God, feed on claims only they can verify, which is to say it feeds beliefs based on lies. If that sounds harsh, think about how the God of cycling Lance Armstrong treated anyone who suggested he was doping. He sure got a lot of medals for “livewrong“.

Source: Flickr

Now the Mythos lies have spilled their way into a venue claiming to use a formal review process. A new National Academies document (NASEM) freshly launders vendor marketing without any explanation.

National Academies of Sciences, Engineering, and Medicine. 2026. Implications of AI for Cybersecurity: A Rapid Expert Consultation. Washington, DC: The National Academies Press.

This should help clarify, for those who are wondering if we are dealing with a Lance Armstrong of LLMs.

NASEM Laundry (June 2026) Prior Evidence
Figure 1 plots Mythos at 83.1% on CyberGym as settled capability, sourced to “Wang et al. 2025” The 83.1% has been repeatedly proven false. It’s a self-reported number by Anthropic. AISLE proved detection reproduced in 8 of 8 open-weight models, even at $0.11 per million tokens, Cisco proved outcome is model-independent
Restricted Glasswing access presented as responsible handling of uniquely capable model The danger warnings are self-serving FUD marketing. Model uniqueness repeatedly disproven. Mythos emailed out of its sandbox only after being instructed to try, showed no sign of altering its weights, and Opus 4.6 finds the same or better flaws
Vulnerability discovery framed as a breakthrough enabling novel risk The flagship FreeBSD CVE-2026-4747 is a 2007 patch in training data, opposite of novel. It was a curated recovery from a backlog of delayed fixes, which any model does.
Benchmark score offered as capability evidence Of 23,019 reported findings, 1,752 were human-checked and 75 had fixes shown. The 90.6% accuracy applies to humans doing the work, not the machine output
Concedes open models approach frontier, advantage short-lived GLM 5.1 reproduced findings on the IronCurtain harness, and clearbluejar recovered CVE-2026-4747 on two open-weight models on a single consumer GPU. Discovery is provable as an orchestration problem, making the frontier-model unnecessary.
Expansion to roughly 150 organizations across more than 15 countries, including NATO and ENISA, read as demand Manufactured scarcity is a vendor marketing trick. The June 2 expansion followed a June 1 confidential IPO filing near a one-trillion-dollar valuation, committing access and capital ahead of the promised verification, and several trialing firms are Anthropic investors
Field evidence in the figure The curl maintainers reported no change to their workflow, and Mozilla’s headline of 271 Firefox vulnerabilities reconciles to just three versus the advisory
Mythos claims rest on anthropic.com/glasswing, the FT relay, and a benchmark the cited authors never ran on Mythos No reproduction steps accompanied the launch blog, the system card, or the Glasswing update, and a result validated only against the system that produced it is not independent confirmation
Published June 2026, capability stated as established Anthropic’s own promised report is due around July 6, 2026, and the prudent posture is to treat the unproven vendor capability as unproven

This matters because it’s turning into policy. Anthropic owes a verified CVE list with reproduction steps on July 6. Until that report arrives and survives independent review, everything resting on the Mythos claim, the consultation included, launders a mythical claim being hidden from inspection.

The Information now calls Mythos a model with “powerful cybersecurity capabilities” and attaches no qualifier, no analysis. It is not called a vendor claim, it is not called a vendor self-reporting. It gets stated as fact, in the same paragraph that uses it as precedent for OpenAI.

The premise that others are following Anthropic’s similar course rests entirely on accepting a vendor capability claim that is never verified. A marketing department fabricates a story and then American policy is being built on top of it?

When the printing press first spread, it mass-produced witch-hunting manuals that marked women for death as agents of the devil, the Malleus Maleficarum above all, known today as the witch hunts. The danger of accelerated printed letters was real, because the highly self-serving claims about threats were not. The actual Anthropic risk is that Anthropic states the risk, without any inherited system of science to keep it honest.

Get Local: Match Mythos Findings for Under a Dollar

Let’s recap what we know since April, when Anthropic’s marketing department started coal-rolling the industry with their nonsense about novelty. A model with 3.6 billion active parameters reproduced Anthropic’s flagship Mythos discovery, the FreeBSD RCE CVE-2026-4747, and the most consistent open-weight model in that test ran about six hundred times cheaper per token than Mythos.

The frontier is supposed to be the frontier, meaning the best model. But really, if you know history, the frontier was about immoral claims. And so today, the evidence points away from the frontier.

Set the marketing and history aside. Four documents, when read together, form a single brief that further buries the Mythos. The best model available to you runs on your own inexpensive hardware. Cost and performance make the obvious case. I’ll start there. And then the deeper case is much more important, where I suspect the PhDs at Anthropic don’t even know how to spell it: CIA.

Cost Considerations

The price gap was the easiest and first frontier collapse. Niels Provos put an orchestration harness in front of older commercial and open-weight models, Opus 4.6, Sonnet 4.6, and Z.AI’s GLM 5.1, and discovered live zero-days for thirty to one hundred fifty dollars a codebase, including a reproduction of the 1998 OpenBSD SACK bug he wrote himself. Security Research Labs ran a Qwen3.6 model with roughly three billion active parameters on a Mac laptop and produced finding sets comparable to GLM-5 and Claude Opus 4.6 on two production codebases, in under ninety minutes, with zero human nudges. Vicki Boykis runs Gemma 4 on a 64GB Mac and gets agentic coding loops at about seventy-five percent of frontier speed and accuracy. The Ornith team trained a nine-billion-parameter model that matches dense models several times its size, and a flagship that matches Claude Opus 4.7 on the coding benchmarks. And for what it’s worth I put https://lyrik.wirken.ai/ to the test and it matched two of the Mythos card flagship bugs for seventy five cents.

The AI Security Institute then explained why the gap is smaller than the leaderboards suggest. Benchmark scores are protocol-dependent. Raise the token budget one to three orders of magnitude above the published default and performance climbs on FrontierMath, TerminalBench, HLE, and the cyber ranges. Fixed-budget evaluations understate capability, and the gap widens as models improve. The generational gains arrive as greater reach and reliability rather than token efficiency. A frontier score describes the harness and the budget as much as it describes the weights.

So much for cost. The closed nature of the Anthropic releases seems to be intended to prevent the kind of research that proves their claims false.

Now comes the real reason to hold the model yourself. Many already know this, but let’s walk the CIA triad to be sure we’re on the same page.

Confidentiality

The customers who need a code review most are the ones forbidden to send their code anywhere. Finance, government, critical infrastructure. The SRLabs pipeline answers this directly. A cloud model designs the review from metadata alone, the local model reads the source, and a cloud model consolidates the findings. The proprietary source stays on the machine through all three stages. They are precise about the boundary, and so should we be: metadata crosses, so the accurate promise is that no source leaves the building rather than that nothing leaves. That distinction is the whole discipline. A local executor turns confidentiality from a contractual hope into a physical fact. The bytes that matter remain on a disk you control.

Integrity

Here the local model wins on a property the frontier surrenders by construction. Integrity is the correspondence between a claim and a process you can inspect. A capability you can replay is a capability. A capability asserted through an institution is a press release.

The local pipeline is fairly simple and repeatable. Provos publishes the IronCurtain harness, whose workflows are defined as finite-state machines in plain YAML. AISLE published nano-analyzer as a single Python file, and clearbluejar took that file, ran it on two open-weight models on one consumer GPU, recovered the same FreeBSD bug, and fixed the false-positive rate by adding one reachability stage that dropped the noise from thirty candidates to five. The work replays. You can rerun it, change one stage, and watch the result move. Boykis makes the same point from the inside: with a local model you watch the tokens arrive, change the context window, swap the quantization, and edit the system prompt while it runs. The box is open. And https://lyrik.wirken.ai was built with exactly this purpose in mind. Integrity is a required control, a prerequisite to doing the work at all.

The frontier offers the opposite trade. The Mythos checkpoint that AISI evaluated is one the public cannot run, scored under a protocol AISI’s own paper shows to be the lever that moves the number. The capability is real, perhaps. The evidence is an authority signature on a result you are invited to trust, like a self-signed cert in the age of Let’s Encrypt. Integrity asks for the actual head of authority, the root and details of the artifact. A model on your disk hands everything over in full transparency for high security. A model behind an API hands you a number and a logo, meaning nothing at all.

Availability

The newest fact settles the matter. Access to Fable and Mythos was suspended in June 2026 under a Commerce Department export-control directive. A rented capability can be withdrawn by a regulator, a pricing committee, or a board. And the latest erratic, grudge-filled, targeted moves by Trump prove he can wag a finger at any person or company and immediately shut down all access to US technology under “sanctions” authority. No trial, no hearing, no warning, just one minute you have US technology and the next minute it’s all gone with no path for recovery. A government that willingly undermines its entire economy and private sector is itself a moral question, but business continuity risk numbers in tech speak for themselves.

Anthropic prices Mythos at roughly five times public Opus, from twenty-five to one hundred twenty-five dollars per million tokens, which is a second kind of withdrawal for anyone whose budget matters. Many firms in June are reporting token bankruptcy and shutting down AI access to reduce explosive spend. A capability that exists at the pleasure of someone else’s arbitrary pricing policy is a capability you are borrowing into debt.

A model on your disk answers when you ask it. Its uptime is a property of your own infrastructure. No directive reaches it, no erratic price change locks you out, no quarterly access review applies. Availability stops being a service-level agreement and becomes a fact of ownership.

The brief

Confidentiality, integrity, and availability were always the job. The industry has never improved upon the simplicity and elegance of the triad, yet it now is confronted with an architecture that concedes all three to whoever holds the API. The work above shows the concession was a significant preventable error. A model you hold satisfies this brief and proves Mythos was never about capability. The frontier offers an expensive route to a number you cannot replay and do not really control.

Choose wisely.

Still No Evidence Mythos Better at Security Than Self-hosted LLMs

Anthropic allegedly built Mythos so good at finding vulnerabilities that it was too dangerous to release. Then it was handed to only a few dozen very wealthy organizations under Project Glasswing. One of them ran it against curl and sent the project a report claiming five confirmed security vulnerabilities. The curl security team dug in. Three were false positives flagging behavior already documented in the API docs. The fourth was just a bug. One survived: a low-severity CVE shipping with 8.21.0. The most dangerous code-analysis model in the world, pointed at one of the most audited C codebases in existence, found… a single low.

Whomp whomp, sad trombone for Mythos.

The project lead publicly wrote that the Mythos hype was primarily marketing, given no evidence Mythos finds issues to a higher or more advanced degree than tools that came before it. He also said he is not anti-AI-SAST. He reiterated that AI-powered code analyzers are significantly better at finding flaws than traditional analyzers ever were.

I agree with all of that 100%.

curl is one of the most fuzzed and audited C codebases in existence (OSS-Fuzz, Coverity, CodeQL, multiple paid audits), and finding anything is a good challenge. That’s why what happened next is so interesting.

The curl blog post about Mythos unleashed a wave of non-Mythos AI hunting as researchers piled onto curl with their own tooling. AISLE was hunting curl in fall 2025, before Mythos. When the blog post stirred the field, they were already deep in the codebase and just claimed 6 of 18 discovered. Compare those 18 to the single low-severity one that Mythos was credited with. The AISLE blog post makes it clear their AI method has been the most successful and yet it’s the least cost model, opposite of Mythos marketing.