Cold Hard Cache 💾: June 2026

Fermi Equations

The hidden theory behind Fermi estimation is that prediction improves through decomposition. If I attack a hard question with enough inputs, some of my biases toward overestimation and underestimation will cancel. The implicit assumption is that the inputs are semi-independent—which, as we will see, is exactly the assumption that breaks most interestingly.

A generic Fermi structure looks like this:

Quantity of interest ≈ a₁ × a₂ × a₃ × ··· × a_n

But the real method is not the multiplication. The real method is the selection of terms. A good Fermi estimate is a portfolio of assumptions, and like any portfolio, its quality depends less on the number of holdings than on whether they are genuinely diversified.

I have been working through this idea across a handful of recent problems. Each one taught me something different about what makes decomposition work—and what makes it fail while looking like it works.

1. The Claude Code leak: what will it cost Anthropic?

On March 31, a public Claude Code release included internal source code—apparently via source maps pointing to unobfuscated TypeScript in Anthropic-controlled storage. Anthropic called it "a release packaging issue caused by human error, not a security breach," and said no customer data or credentials were exposed. The exposure reportedly covered roughly 500,000 lines across about 1,900 files. This came only days after a separate incident involving draft model-related content exposed through a CMS configuration error—also attributed to human error. For context, Anthropic was recently valued at roughly $61 billion, and Claude Code's run-rate revenue was reported above $2.5 billion as of February.

The natural Fermi question: what did this actually cost?

C_total ≈ C_response + C_legal + C_{sales drag} + C_{roadmap delay} + C_{IP leakage} + C_{capital-markets discount}

That decomposition matters because these terms live in different causal universes. Response cost is mostly payroll burn and outside counsel. Sales drag is an enterprise-trust function. Roadmap delay is opportunity cost. IP leakage is a competitor-learning term. Capital-markets discount is mostly narrative and governance. Separating them forces you to reason about each mechanism on its own terms rather than collapsing everything into a single dramatic number.

Once you do that, the picture clarifies. No customer data and no model weights were exposed, so the catastrophic tail is capped. But the cost is still real because Anthropic now operates at a scale where tiny percentage effects are expensive. A company with multi-billion-dollar run-rate and enterprise-heavy revenue does not need a breach-sized event to lose a meaningful amount of money. It only needs a few more procurement escalations, a little more discounting, a few delayed expansions, and a few weeks of diverted engineering attention.

Working through each term:

Response and remediation: ~$5M–$15M

Figure 50 to 150 people across security, release engineering, infrastructure, product, comms, support, and executive time, working 4 to 8 weeks at loaded weekly costs of $8K–$12K per person, plus outside counsel and communications support. At Anthropic's scale, this alone clears several million.

Legal, compliance, and customer assurance: ~$2M–$10M

Outside counsel, takedown and IP work, extra vendor-security reviews, contract remediation, security questionnaires, bespoke explanations for strategic accounts, pen-test attestations, and packaging-process audits. The repeated "human error" narrative likely increases the number of accounts that escalate review.

Commercial and sales drag: ~$15M–$75M

Probably the biggest real cost. Two ways to bound it. From Claude Code run-rate: $2.5B × (1%–5% drag) × (0.25–0.75 years) ≈ $6M–$94M. From broader enterprise trust: ($19B × 80% enterprise share) × (0.1%–0.5% drag) × (0.1–0.5 years) ≈ $15M–$76M. These ranges overlap, so the top of both should not be used simultaneously. The point is that even tiny renewal slippage, delayed expansions, or extra discounting becomes a double-digit-million problem very quickly at this scale.

Roadmap delay and opportunity cost: ~$5M–$20M

Distinct from payroll burn. The cost here is slowed feature velocity, delayed launches, and 30 to 80 core product and security people diverted from product work into cleanup and hardening for 4 to 8 weeks, multiplied by the commercial value of whatever they would otherwise have shipped.

IP and competitive leakage: ~$5M–$25M

This is where people tend to overstate the damage. The leaked asset was product code, not model weights. Claude Code had already been partially reverse-engineered. But the leak was broad enough that it still lowers the cost for rivals and researchers to study Anthropic's harness, guardrails, and tooling patterns. If the leaked harness embodied tens of millions of dollars of engineering effort, and only a fraction of that is genuinely transferable, the realized value transfer is still in the single- to low-double-digit millions.

Capital-markets discount: $0 now, potentially $100M+ in paper value

The most speculative term, so I keep it out of the base-case total. At a $61B valuation, even a 0.05%–0.25% governance discount in a future financing or IPO narrative is $30M–$150M of paper value. I would only start assigning this if the market decides the two March incidents indicate a repeatable control failure rather than bad luck.

Bottom line:

Hard-cash, near-term operating cost: roughly $10M–$30M

Full economic cost, base case: roughly $50M–$150M

Central estimate: ~$80M–$120M

Stress case if enterprise trust damage compounds: low hundreds of millions. True catastrophe only if the leaked code leads to materially exploitable findings, major customer churn, or a durable governance discount in fundraising or IPO pricing.

2. The Jeopardy "IDK" problem: when coincidence enters lottery territory

The Ryan Gosling Jeopardy promo is a very different kind of problem, but the same method applies.

In the promo, "What is IDK?" was accepted as a correct answer because the intended response was "Internal Derangement of the Knee"—a clinical term adjacent to ACL tears. The natural Fermi question: what are the odds that someone would win Final Jeopardy that way in a genuinely unscripted setting?

Two independent decompositions converge on roughly the same absurd region. The first estimated the probability that a contestant writes "IDK" multiplied by the probability that the intended answer happens to be something for which "IDK" is also a legitimate abbreviation, landing around 1 in 150 million. The second conditioned on an ACL-type answer appearing, on that clue being in the Final Jeopardy slot, on a contestant being both ignorant and aware of their ignorance, and on that person specifically choosing "IDK"—landing around 1 in 547 million. Add the further requirement that real judges would have to accept the acronym connection, and both estimates settle into the 1-in-300-million to 1-in-a-billion band.

What I like about this problem is not the answer but the convergence. Two different decompositions, with different hidden priors, ended up in roughly the same region. That is exactly the kind of triangulation you want from Fermi work.

It also shows why reference classes matter. "One in a few hundred million" is too abstract to feel real. "Lottery-jackpot territory" is cognitively legible. Once you build analogies at the right scale, the estimate stops being a number and becomes a calibrated intuition. A large part of good estimation is emotional correction: many coincidences feel either too magical or too cheap, and Fermi work puts them back into proportion.

There is also a subtler lesson. The question of whether some deep, inaccessible residue of association might bias a contestant toward writing "IDK" is philosophically rich and practically tiny. Even if there is some subliminal nudge, it is a small relative-risk multiplier applied to an already small eligible population. Real but negligible. That, too, is part of the method: knowing when an interesting mechanism does not move the estimate enough to matter.

3. Trump becoming president of another country: black swans are conjunctions

On its face this question is lurid and unserious. Structurally, it is excellent, because it forces you to estimate a conjunction of rare events.

He has to remain alive and politically viable long enough. A country has to allow or create legal eligibility. He has to pursue it. He has to win. And if you further require a free and fair election rather than some chaos-adjacent installation scenario, the probability collapses again. That is how many black swans work. They are not strange because any one component is unimaginable. They are strange because the components almost never align.

The strongest analytical move in this problem was correcting the time horizon. A weak estimate treats lifespan as binary: alive or not. A stronger estimate turns it into a declining viability curve. A 78-year-old's future is not "five years" or "twenty years" but a distribution with meaningful mass over perhaps ten to twelve years of plausible political viability. That one adjustment materially improved the estimate because it matched the nature of the problem: the main bottleneck is the intersection between a human survival curve and the slower tempo of constitutional change.

The historical anchoring was also useful, though only when handled critically. Looking for cases of leaders holding power in two countries gives a rough base rate, but more importantly it reveals the structural pattern in the precedents: neighboring identities, conquest, crisis unification, constitutional inheritance. Trump has none of those. He is not a liberator, not a conqueror, not a dynastic claimant, not a bridge figure between adjacent polities. He is, in the cleanest available phrase, "a brand." And brands do not normally become presidents of foreign countries. That is a stronger insight than any raw probability figure because it explains why the tails are thin.

There is also a meta-lesson here about estimation under uncertainty. The best answer is rarely just the number. It is often the sentence: "That is actually the weakest part of my model; here is how I would fix it." Fermi equations are not a performance of certainty. They are a public workflow for upgrading your own view in real time.

4. Video uploaded every minute: when a decomposition secretly repeats one mistake

The problem I spent the longest on was: How many hours of video are uploaded to the internet every minute, and has that number already peaked? What made it unusually instructive was that it was not just a counting problem. It forced me to wrestle with distribution shape, definitional boundaries, and a subtle methodological trap: a decomposition can look rich while still being one bad assumption scaled outward.

The family anchor

My initial approach was to build a bottom-up model anchored in a vivid micro-world: one family in LA with different relationships to video production. The son streams gameplay. The daughter works in wedding video. The dad works at a streaming news service. The mom works at Google and plausibly sits near some pipeline of tutorial videos and recorded meetings. This was not arbitrary—it was trying to generate an extreme but legible anchor from first principles rather than from memorized platform statistics. My estimate was this family was at a 98th percentile for families in Los Angeles.

The family model surfaced something real before it surfaced something wrong. The direct creators in the family—the son streaming games, the daughter tied to client video—had a far more substantial personal pipeline of uploaded hours than the institutional workers. The dad at the news service and the mom inside Google looked like they should have the firehose, but once their output was normalized by team size and workflow, their personal contribution collapsed. That is a genuinely nontrivial observation about the modern media environment: a decentralized creator economy can produce more upload volume per person than institutions that appear, from the outside, to own the whole pipeline.

That structural insight I would keep. The estimate itself I would not.

Where it broke

I landed on roughly 3.5 hours per day per person for this highly productive family. I did not know how to leverage my estimate that this family was in the 98th percentile. So I just used the 80/20 heuristic, which was highly incorrect. So I landed on about 177,000 hours per minute, overshooting the real figure of roughly 3,000 to 5,000 hours per minute by nearly two orders of magnitude.

The obvious postmortem is "the family baseline was too high," and that is true. But it is not the deepest lesson. The deeper lesson is that my decomposition only pretended to be independent. The geographic scaling factors looked like separate terms, but they all inherited the same extreme-family anchor. I never let the per-person upload rate decay as I moved from a highly prolific LA creator family to average Californians to average Americans to average internet users globally. So the equation was not really many estimates. It was one estimate replicated through geography.

Factor count is not independence. You can have nine multipliers and still have one model. If they all depend on the same optimistic local picture, the apparent complexity is fake.

The 80/20 handling was a second, and far more significant problem. Because by revisiting my inability to turn my percentile estimate into a notable scaling, I learned a tool that will work much better at estimating than this heuristic.

Where it was rescued

The most interesting turn came when a casual observation about percentiles was rescued by a better distributional model. I had said during my answer, that this family was probably around the 95th or 99th percentile of video output. At the time I did not know how to use that fact. The breakthrough was realizing I was asking the right question with the wrong distribution.

Video output is not plausibly normal. It is much more plausibly log-normal or at least heavy-tailed: bounded below at zero, with a very long right tail of extreme producers, and driven by multiplicative processes. Income is like this. Follower count is like this. Content production almost certainly is too.

Once you make that move, the percentile intuition becomes actionable. In a log-normal world with a standard deviation of 2 to 3 natural-log units, the 95th percentile can sit roughly 30× to 300× above the mean, with 100× as a workable midpoint. So if my family anchor is about 3.5 hours per person per day and I think that anchor is around the 95th percentile, the correct move is not to multiply that rate by a population. The correct move is to divide by about 100 to estimate the mean, then multiply by the relevant total population.

mean upload rate per internet user ≈ 3.5 hours/day ÷ 100 ≈ 0.035 hours/day

Multiply by roughly 5 billion internet users and you get about 50 million hours per day, or roughly 35,000 hours per minute. Still high—maybe another factor of 7 to 10 too high—but now the error was manageable and informative. The estimate had moved from "wildly inflated because the structure was wrong" to "still high, but in a way that can be corrected by tightening a few input assumptions."

If I were compressing this whole exercise into one sentence, it would be this: the estimate stopped being naive the moment I stopped asking how many people look like my extreme family and started asking how far above the mean that family sits. That is the point where the problem ceased to be about multiplication and became about distribution shape.

degree to which the terms can fail independently of each other.

Cold Hard Cache 💾

The most surprisingly reasonable lawsuit ever [part1]

Fermi Equations [ai written]