← Back to Home
June 02, 2026

Brake Lines Cut and AI Caged: This Week in Tech

DOGE Whistleblower Had Brake Lines Cut After Musk Callout
SECURITY

DOGE Whistleblower Had Brake Lines Cut After Musk Callout

The night before Dan Berulis got into his car and nearly died, Elon Musk had called him a criminal on the internet to 100 million followers.

Berulis is an IT staffer at the National Labor Relations Board who, on April 14, 2025, filed a Congressional whistleblower complaint alleging that DOGE had not just accessed the agency's sensitive data — it had appeared to exfiltrate it. He also claimed that within minutes of DOGE members accessing that data, login attempts came in from a Russian IP address. That is a significant and alarming allegation, and Berulis put his name on it publicly the very next day.

The backlash was immediate and personal. Before he even went public, a threatening note appeared on his apartment door, accompanied by photographs of him walking his dog — photos that appeared to have been taken by a drone. Someone was watching him. Someone wanted him to know it.

Then came Easter Sunday, April 20. Berulis got in his car for a routine drive to visit his uncle in Maryland. Five minutes in, something felt wrong. He approached a stop sign and the car would not slow down. He ran off the road and into the sign. When he got out to inspect the damage, he found that his brake lines had been cut.

The timing is what makes this so hard to look away from. The night before — April 19, at 8:06 pm — Musk had reshared a post from right-wing influencer Mario Nawfal claiming DOGE had been cleared and that people were calling on the DOJ to investigate Berulis. Musk added his own words to the reshare: "Filing a deliberately false whistleblower claim is a serious crime." That post, amplified to one of the largest audiences on the platform, included Berulis' name and photograph.

The original story had been seeded by an account called @amuse, which has a documented history of spreading misinformation and counts Musk and HHS Secretary Robert F. Kennedy Jr. among its followers. That is the information ecosystem in which Berulis' name was being circulated the night before someone's car mysteriously lost its brakes.

Berulis has now filed a defamation lawsuit against Musk in DC court, alleging that Musk's post was false and directly contributed to making him a target. The lawsuit was initially filed under seal because Berulis holds a security clearance requiring pre-publication review of government-related disclosures.

Let's be clear about what is being alleged here: a federal employee reported potential data theft and a possible Russian intrusion at a government agency, and within days he had a drone surveilling him, a threatening note on his door, and cut brake lines. Whether or not every dot connects the way Berulis says it does, those are facts that deserve serious attention from law enforcement, from Congress, and frankly from anyone who thinks government oversight should still mean something.

The NLRB has denied that any data breach occurred. DOGE has not commented. Musk has not walked back his post.
Source: WIRED
Microsoft Launches OS-Level Sandbox to Contain Rogue AI Agents
AI

Microsoft Launches OS-Level Sandbox to Contain Rogue AI Agents

Microsoft is essentially building a prison for AI agents — and OpenAI and Nvidia are already signing up to be the first wardens.

The company has unveiled a new framework called MXC, an operating system-level sandbox designed to contain AI agents and prevent them from doing things they were never supposed to do. Think of it as a secure enclosure baked directly into the OS, where AI agents can run tasks but cannot reach beyond their designated boundaries without explicit permission. It is a significant architectural move, and it signals that the industry is quietly acknowledging something it has been reluctant to say out loud: AI agents, as currently built, can go rogue.

This matters because the entire tech industry has spent the last year racing to deploy agentic AI — systems that do not just answer questions but take actions, browse the web, write and execute code, manage files, and interact with external services on your behalf. The productivity pitch is real. So is the risk. An agent that can act is also an agent that can act badly, whether through a bad prompt, a manipulation attack, or simply an unexpected chain of decisions that nobody anticipated.

Microsoft's answer is to stop treating this as an application-layer problem and move the containment down to the operating system itself. By building guardrails at the OS level, MXC creates a more fundamental boundary that is harder to accidentally bypass or deliberately exploit than software-side restrictions bolted on top of an existing system. It is the difference between a lock on a door and a vault.

The early partners here are telling. OpenAI building its agents on top of a Microsoft containment framework is a notable alignment — these are the two companies most associated with pushing agentic AI into enterprise environments, and their collaboration on a security standard suggests they want to get ahead of what could otherwise become a serious liability problem. Nvidia's involvement points to the framework potentially extending to how AI workloads are handled at the hardware and infrastructure level as well.

For enterprise customers, this is the kind of announcement that should cut through the noise. Chief information security officers have been quietly dreading the moment when an AI agent with broad system access does something catastrophic — deletes the wrong files, exfiltrates sensitive data, or gets manipulated by a malicious input into taking a destructive action. MXC is Microsoft's attempt to give those customers a credible answer before the horror stories start piling up.

The broader context is that AI agent deployment is accelerating faster than the security frameworks designed to govern it. Regulations are lagging. Internal enterprise policies are largely improvised. The companies building this technology are now, somewhat belatedly, trying to build the safety infrastructure that probably should have come first.

MXC is not a complete solution. But the fact that it exists at the OS level, with major partners already committed, suggests this is meant to become a standard rather than a feature. The question is whether it arrives before or after the first major agentic AI incident forces everyone's hand.
Source: VentureBeat

Enjoyed this?

Get stories like this delivered every Tuesday — free.