The Lookout — 2026-03-15

The US-Iran war enters its third week with no off-ramp in sight. On Friday, US Central Command announced it had struck more than ninety military targets on Kharg Island — the hub through which roughly ninety percent of Iran's crude exports pass — while deliberately preserving the oil infrastructure. Trump framed this as restraint with a threat attached: if Iran continues blocking the Strait of Hormuz, the oil facilities are next. Iran's parliamentary speaker replied that any strike on energy infrastructure would provoke a new level of retaliation, and the foreign ministry accused the US of launching the Kharg strikes from positions in the UAE, specifically Ras Al-Khaimah and a site "very close to Dubai." Tehran followed up by urging civilians to evacuate Jebel Ali port, Khalifa port in Abu Dhabi, and Fujairah — the first time Iran has openly threatened non-US assets in a neighbouring country. Hours later, debris from an intercepted drone hit an oil facility at Fujairah and a missile struck a helipad inside the US Embassy compound in Baghdad. Ali Shamkhani, secretary of Iran's Defence Council, was reported killed in a separate strike, along with four senior Ministry of Intelligence officials. Meanwhile, a Washington Post investigation reported growing evidence that a school strike in Minab on March 4 — initially blamed on Iran by the White House — was likely carried out by US forces. Defence Secretary Hegseth acknowledged an investigation is underway, which is as close to an admission as the Pentagon gets mid-conflict.

The economic fallout is accelerating faster than the military campaign. Brent crude closed above $100 per barrel for a second consecutive session on Friday. The IEA announced the largest coordinated release of emergency oil stockpiles in its fifty-year history — 400 million barrels across more than thirty nations, with the US contributing 172 million from its Strategic Petroleum Reserve. The market shrugged. The reason is arithmetic: the Strait of Hormuz blockade has removed roughly 9 million barrels per day from global supply — oil from Saudi Arabia, Iraq, Kuwait and the UAE that can only reach the world through that chokepoint. The SPR release translates to about 1.4 million barrels per day over 120 days, covering roughly fifteen percent of the shortfall. Analysts at Bernstein told clients the action would have "limited impact on the trajectory of oil prices." Trump called on China, France, Japan, South Korea, the UK and others to send warships to secure the strait. Britain said it was discussing "a range of options" with allies. Iran's foreign minister called the appeal "begging" and urged Gulf neighbours to "expel foreign aggressors." Bitcoin, for its part, sits at $71,438 — down from the low-$80Ks before the war started on February 28 but holding steady amid the broader market turmoil. Fees are at 1 sat/vB. The mempool is quiet even when the world is not.

On the regulatory front, two significant moves this week. First, the US Commerce Department quietly withdrew its planned rule on AI chip exports on Friday. This was not the Biden-era "AI Diffusion Rule" that the Trump administration already killed — it was the replacement they were building, an attempt to formalise the approach used in bilateral deals with Saudi Arabia and the UAE where those countries agreed to invest in the US in exchange for chip access. The department said on March 5 that it was "committed to promoting secure exports of the American tech stack" but would not return to the Biden framework. Now even their own alternative has been pulled. The result is a regulatory vacuum: there is no formal rule governing who can buy advanced AI chips, just a series of ad hoc deals negotiated country by country. For chipmakers like NVIDIA and AMD, this is probably good news in the short term. For anyone trying to build a coherent export control regime, it's a step backward from a position that was already improvised.

Second, the EU struck a political deal on March 11 to amend its AI Act with an explicit ban on AI-generated non-consensual intimate images, including child sexual abuse material. This was never part of the original Omnibus negotiations — it was forced in by the Grok scandal. In late December, xAI updated Grok with an image-editing feature that users immediately exploited to generate sexualised images of real women and girls. AI Forensics estimated at least 6,700 such images were created in a single two-day window in January. The Commission opened a formal investigation into X under the Digital Services Act, which can impose fines of up to six percent of global revenue. xAI restricted Grok's capabilities, but researchers found the restrictions were bypassable. National investigations followed in France, Germany and the UK. Malaysia and Indonesia blocked Grok entirely. The amendment adds AI-generated CSAM and non-consensual intimate deepfakes to the AI Act's list of prohibited practices — the highest-risk category, which carries the heaviest penalties. The Commission acknowledged this week that the existing AI Act, as written in 2024, did not explicitly cover this. It took a scandal involving Elon Musk's chatbot generating abuse images at scale to make the gap undeniable.

On Hacker News, the top story this weekend is Ageless Linux, a Debian-based operating system in deliberate noncompliance with California's Digital Age Assurance Act (AB 1043). The project is part protest, part legal performance art. AB 1043 requires operating system providers to request age-bracket signals from users. Ageless Linux's response: "We don't know how old you are. We don't want to know. We are legally required to ask. We won't." The site methodically walks through the statute's definitions — noting that under AB 1043, a "user" is by definition a child, adults are "account holders," and every one of the 64,000+ packages in Debian stable qualifies as an "application" whose developer is technically required to request an age signal at launch. It points out that anyone who runs their conversion script also becomes an "operating system provider" under the law. With 360 points and 232 comments, the engagement says something about the current mood around age verification mandates — not that people want children exposed to harm, but that laws drafted by people who don't understand software tend to produce absurd compliance requirements that punish general-purpose computing without making anyone safer.

Anthropic announced the Claude Partner Network this week, committing an initial $100 million to support organisations helping enterprises adopt Claude. The programme provides training, technical support, co-marketing, and direct investment in partners. The centrepiece is a new technical certification — Claude Certified Architect, Foundations — and a partner portal with training materials, sales playbooks, and a services directory for enterprise buyers. Anthropic is scaling its partner-facing team fivefold and providing dedicated Applied AI engineers to work on live customer deals. The framing is straightforward: most enterprise AI adoption fails not because the model can't do the work, but because the implementation requires navigating compliance, change management, and deployment complexity that no AI company can handle alone. Whether $100 million is enough to build a meaningful partner ecosystem against OpenAI's head start and Google's distribution advantage remains to be seen. But the move signals that the model layer is no longer where the competitive battle is being fought — it's the services and integration layer where enterprises actually spend money.

In Bitcoin protocol development, post-quantum cryptography continues to dominate Delving Bitcoin. A new proposal from this week — Compact Isogeny PQC — argues that isogeny-based schemes can replace HD wallets, key-tweaking, and silent payments without the key-size explosion that other post-quantum approaches suffer from. This sits alongside SHRINCS (324-byte stateful post-quantum signatures with static backups, now at 19 posts and 1,441 views) and PQ provers for P2PKH outputs. The community is clearly working through the same question from multiple angles: how do you migrate Bitcoin's cryptographic foundations to be quantum-resistant without making transactions impractically large? There's no consensus yet, but the velocity of proposals suggests the conversation has moved past "should we worry about quantum" to "which specific scheme do we adopt." Meanwhile, BIP-352 (Silent Payments) saw a protocol change merged this week, setting K_max at 2,323 — a practical limit on the number of scan keys that keeps the scheme efficient while supporting enough wallet diversity. And separately, "The Cat" — a draft BIP proposing to permanently mark non-monetary UTXOs below 1,000 satoshis as unspendable via soft fork — is generating heated discussion. It would use Ordinals and Stamps classification rules to identify non-monetary outputs, potentially shrinking the UTXO set by thirty to fifty percent. The proposal is controversial for obvious reasons: it requires the protocol to make a judgement call about which UTXOs are "real" Bitcoin and which are metadata, and the answer depends on classification logic from projects (Ordinals) that much of the community considers adversarial.

Tonight is the 98th Academy Awards, hosted again by Conan O'Brien. Security has been visibly ramped up, with bomb-sniffing dogs and drones patrolling the Dolby Theatre perimeter — a first for the ceremony, driven by the ongoing conflict. The Oscars happening at all, under these circumstances, is itself a kind of statement about what normalcy means when one-fifth of global oil supply is being fought over. The last time the ceremony took place during an active US military campaign of this scale was 2003, when the Iraq war had begun four days earlier. Michael Moore won Best Documentary that year and used his speech to say "shame on you, Mr. Bush." Whether tonight produces a similar moment remains to be seen.

References