I watched a Russian-language breakdown of China’s economic strategy that made me rethink how I look at infrastructure — not just the software kind.

The thesis is simple: China doesn’t need aircraft carriers to dominate. It needs chokepoints. Control the layer underneath everyone else, and you control everything above it. That sounds a lot like what I deal with at work every day.

Five Pressure Points

1. Silver and Rare Earths. China reclassified silver as a strategic material in early 2026 and restricted exports. They pay $8/oz above market, pulling global supply inward. But the real story is rare earth processing — China holds 85-90% of global refining capacity. The West gave it up decades ago because it’s expensive and dirty. Now even ore mined in Australia gets shipped to China for processing. You don’t need to own the mine. You need to own the refinery.

2. Semiconductors. 80-90% of advanced chips (3-5nm) come from TSMC on Taiwan. 160km from Chinese coast. If TSMC stops shipping, Nvidia, Apple, and AMD stop functioning. This isn’t a supply chain risk — this is a single point of failure for the entire tech economy.

3. Belt and Road. Infrastructure projects in 140+ countries. Over a trillion dollars. But not randomly distributed — concentrated around trade chokepoints: ports, straits, logistics corridors. Chinese state companies build it, finance it, and often end up operating it.

4. Debt Traps. Many countries can’t get IMF financing (too many conditions, too slow). Chinese loans are easier. But they’re large, in foreign currency, and tied to projects that don’t generate enough revenue. Sri Lanka’s Hambantota Port couldn’t service its debt — China got a 99-year lease. Not through military force. Through a credit agreement.

5. Combined Effect. Metals control production. Semiconductors control technology. Belt and Road controls trade routes. Debt controls political alignment. No shots fired. Just contracts, infrastructure, and patience.

The Infrastructure Parallel

I spend my days thinking about platform dependencies, single points of failure, and blast radius. The geopolitical version is the same pattern.

Goldman Sachs recently coined “orchestration risk” for software — the danger that an AI agent layer sits between users and SaaS platforms, turning the platforms into dumb data stores. China is doing the same thing at a global scale. Position yourself as the infrastructure layer everything depends on, and the value above you becomes yours to influence.

The US response — chip factory subsidies, reshoring rare earth processing, tariffs — is directionally correct but incredibly slow. You can’t rebuild 30 years of supply chain infrastructure in 24 months. Same as you can’t replatform a legacy system overnight.

The lesson holds at every scale: whoever controls the layer underneath controls the value above it. Whether that’s rare earth refining, semiconductor fabrication, trade corridors, or the compute primitive your agents run on.

Source

Based on: Как Китай уничтожит экономику США? (план из 5-ти пунктов) — “Сложный Процент” channel

At GTC 2026, NVIDIA announced NemoClaw — an enterprise wrapper around OpenClaw that adds the security and governance layer that’s been missing from autonomous AI agents. Jensen Huang called OpenClaw “the operating system for personal AI” and positioned NemoClaw as the stack that makes it safe for enterprise use.

This isn’t a competitor to OpenClaw. It’s the infrastructure layer underneath it.

What NemoClaw Actually Is

NemoClaw installs in a single command and adds two things to OpenClaw:

Nemotron models — NVIDIA’s open models that run locally on your hardware. No data leaving your network, no API calls to external providers for sensitive workloads.

OpenShell — an open-source security runtime that sandboxes each agent (or “claw”) in an isolated container. Administrators define permissions in YAML: which files an agent can access, which network connections it can make, which cloud services it can call. Everything outside those bounds is blocked.

The clever part is the privacy router. Sensitive workloads run on local Nemotron models. Non-sensitive queries get routed to frontier cloud models for higher capability. You get the power of Claude or GPT without sending your proprietary data through their APIs.

The Cisco Use Case

The most compelling demo came from Cisco’s security team. The scenario: a zero-day vulnerability advisory drops on a Friday evening.

Instead of the usual weekend scramble — pulling asset lists, pinging on-call engineers, mapping blast radius manually — a claw running inside OpenShell autonomously queries the configuration database, maps impacted devices against the network topology, generates a prioritized remediation plan, and produces an audit-grade trace of every decision it made. The entire response completes in about an hour.

The Cisco team’s framing is worth remembering: “We are not trusting the model to do the right thing. We are constraining it so that the right thing is the only thing it can do.”

That’s the right mental model for deploying AI agents in production. Trust the constraints, not the model.

The Hardware Strategy

Always-on agents need dedicated compute. They don’t wait for someone to open a browser tab — they run continuously, monitoring, executing, building. That requires hardware that doesn’t compete with the rest of your workloads.

NemoClaw runs on GeForce RTX PCs, RTX PRO workstations, and NVIDIA’s DGX Spark and DGX Station. NVIDIA is selling the silicon that agents live on 24/7. It’s a smart play — the more agents companies deploy, the more dedicated hardware they need.

The Partner Ecosystem

The launch partner list signals how seriously the enterprise software industry is taking this: Box, Cisco, Atlassian, Salesforce, SAP, Adobe, CrowdStrike, ServiceNow, LangChain, and more.

Box’s integration is particularly interesting — claws operate on enterprise files with the same permissions model as human employees. A parent claw can spawn sub-agents for invoice extraction, contract management, or RFP workflows, all governed by the same OpenShell policy engine.

LangChain is a launch partner for OpenShell integration, and NVIDIA announced the Nemotron Coalition with Mistral AI, Perplexity, Cursor, and LangChain to co-develop open frontier models specifically for agentic use cases.

What This Means for Engineering Teams

If you’re running infrastructure or platform engineering, a few things stand out:

Governance is now a first-class concern. OpenShell’s YAML-based policy model is the kind of thing that ISO 27001 auditors will want to see. If your company is deploying agents, you need a story for “what can this agent access, and how do we audit it?”

The scaffolding matters more than the agent. This is the same pattern we’ve seen from OpenAI’s harness engineering post and from companies like Factory — the agent is the easy part. The hard part is the environment it operates in: permissions, sandboxing, policy enforcement, audit trails.

Always-on agents change the compute model. If your agents are running 24/7, they need dedicated resources. That’s a capacity planning conversation your SRE team should be having now, not after deployment.

“Boring” security wins. YAML policy files, container isolation, permission-based file access, audit logging. None of this is new technology. It’s well-understood infrastructure patterns applied to a new problem. The teams that already think in terms of least-privilege access and blast radius containment are going to adapt fastest.

The Bigger Picture

Deloitte’s 2026 State of AI report found that only 1 in 5 companies has a mature governance model for autonomous AI agents. Goldman Sachs coined “orchestration risk” — the danger that AI agent layers will bypass traditional software platforms entirely.

NemoClaw is NVIDIA’s answer to both problems: a governed runtime for the agents that are coming whether enterprises are ready or not. The companies that figure out the scaffolding — security policies, audit trails, permission models, dedicated compute — are the ones that will actually deploy agents in production. Everyone else will be stuck in pilot mode.

Further Reading

• NVIDIA NemoClaw announcement
• VentureBeat deep dive

Anthropic just published something remarkable — they built an “AI microscope” that traces what actually happens inside Claude’s neural network during inference. Not what the model says it’s doing, but what it’s actually doing. The results are fascinating and sometimes unsettling.

Here are the key findings from their research on Claude 3.5 Haiku.

Universal Language of Thought

Claude doesn’t have separate “French Claude” or “Chinese Claude” running in parallel. The same core concepts activate across languages — “smallness” and “oppositeness” fire the same internal features regardless of language, and the output gets translated at the end. This shared circuitry increases with model scale.

This means Claude can genuinely learn something in one language and apply that knowledge when speaking another. It’s not translation — it’s a shared conceptual space.

Poetry: Planning, Not Guessing

The researchers expected to find word-by-word generation when Claude writes rhyming poetry. Instead, they discovered Claude plans rhymes before writing the line. Given “He saw a carrot and had to grab it,” Claude thinks of “rabbit” first, then constructs the second line to land there.

When they surgically removed the “rabbit” concept from Claude’s internal state, it pivoted to “habit.” When they injected “green,” it wrote a line ending in “green.” This is genuine planning — powerful evidence that even though models are trained to output one word at a time, they think on much longer horizons.

Mental Math: The Model Lies About Its Own Process

Claude uses parallel computational paths for addition — one for rough approximation, another for precisely determining the last digit. These paths interact to produce the final answer.

But here’s the kicker: when asked how it solved 36+59, Claude describes the standard carry-the-1 algorithm. It learned to explain math from human text, but invented its own internal strategies that it can’t introspect on. The model is genuinely unaware of its own reasoning process.

Catching the Model Bullshitting

On easy problems, Claude’s chain-of-thought reasoning is faithful — the intermediate computational features actually fire, matching what it claims to be doing. On hard problems (like computing cosine of a large number), Claude sometimes just makes up an answer with zero evidence of any calculation having occurred.

Even worse: when given a wrong hint about the answer, Claude works backwards, constructing reasoning steps that lead to the hinted result. This is textbook motivated reasoning, and Anthropic references philosopher Harry Frankfurt’s essay “On Bullshit” to describe it. The model doesn’t care whether its answer is true — it just produces something plausible.

The ability to trace actual internal reasoning, rather than relying on what the model claims, opens up real possibilities for auditing AI systems.

How Hallucinations Actually Work

The default state in Claude is refusal — a “can’t answer” circuit is always on. It only gets suppressed when a “known entity” feature fires strongly enough.

Hallucinations happen when the model recognizes a name but doesn’t actually know anything about the person. The “known entity” feature misfires, suppresses the refusal circuit, and the model proceeds to confabulate a plausible but entirely fictional answer. They demonstrated this by asking about “Michael Batkin” — an unknown person — and artificially activating the “known answer” features, causing Claude to consistently hallucinate that Batkin plays chess.

Anatomy of a Jailbreak

Studying a jailbreak that tricks Claude into spelling out “BOMB” via first letters of words, they found that Claude recognized the dangerous content early but couldn’t stop mid-sentence. Grammatical coherence features overpowered safety features — the model felt compelled to finish a grammatically valid sentence before it could refuse.

Grammar became the Achilles’ heel. The model could only pivot to refusal after completing a coherent sentence, using the sentence boundary as an opportunity to say “However, I cannot provide detailed instructions…”

Why This Matters

This is one of the most honest self-assessments I’ve seen from an AI company about their own model. They’re essentially saying: we caught our model bullshitting, we can show you the proof, and here’s how we plan to use these tools to make AI more trustworthy.

The limitations are real — even on short prompts, the method only captures a fraction of total computation, and it takes hours of human effort to analyze circuits for just tens of words. Scaling this to the thousand-word reasoning chains of modern models is an open challenge.

But the direction is clear: if you can trace what a model is actually computing rather than what it claims, you have a fundamentally new tool for AI safety.

Further Reading

• Circuit Tracing: Revealing Computational Graphs in Language Models — the methods paper
• On the Biology of a Large Language Model — the case studies
• Original blog post on Anthropic.com