The US government's export control directive on Anthropic's Mythos and Fable models has forced AI security into the mainstream conversation. Indirect prompt injection, the attack vector where malicious content in an AI's environment hijacks its actions, is now a policy-level concern. Gray Swan, the firm co-founded by Zico Kolter (OpenAI board, Safety and Security Committee) and Matt Fredrikson (CMU professor, Gray Swan CEO), was a cited authority on the Mythos model card and co-authored the definitive academic paper on indirect prompt injections, arxiv 2603.15714.

Gray Swan's tooling is what makes this interview worth reading in full. Shade, their adversarial red teaming platform, is the exact tool Anthropic used to stress-test Mythos against prompt injection in coding environments. Their stack also includes Cygnal, an AI guardrails product, and the world's largest AI red teaming arena. Kolter and Fredrikson are not commentators on this problem. They built the instruments that measured it.

The conversation covers the current state of AI red teaming, what robustness against prompt injection actually looks like in practice, and where the field is failing. The editorial framing is blunt: all this tooling is containment, not a cure. Gray Swan events, by definition, are the risks everyone sees coming and no one stops in time.

[READ ORIGINAL →]