Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Artificial Intelligence. Show all posts
Threat Intelligence
AI governance Artificial Intelligence Cloud Security cybersecurity risks Digital Infrastructure emerging technologies Privacy Risk Management Threat Intelligence

Chinese Tech Leaders See 66 Billion Erased as AI Pressures Intensify

 


Throughout the past year, artificial intelligence has served more as a compelling narrative than a defined revenue stream – one that has steadily inflated expectations across global technology markets. As Alibaba Group Holdings Ltd and Tencent Holdings Ltd encountered an unexpected turn, the narrative was brought to an end.

During a single trading day, the combined market value of the companies declined by approximately $66 billion. There was no single operational error responsible for the abrupt reversal, but a growing sense of unease among investors who had aggressively positioned themselves to benefit from AI-driven profitability. However, they were instead faced with strategic ambiguity.

In spite of significant advancements and high-profile commitments to artificial intelligence, both companies have not been able to articulate a credible and concrete path for monetization despite significant advances and high-profile commitments.

A market reaction like this point to a broader shift in sentiment that suggests the era of rewarding ambition alone has given way to a more rigorous focus on execution, clarity, and measurable results in the rapidly evolving field of artificial intelligence. In spite of the pressure on fundamentals, the market’s skepticism has only grown. 

Alibaba Group Holdings Ltd. reported a significant 67% contraction in net income in its latest quarterly results, reflecting a convergence of structural and strategic strains rather than a single disruption. In a time when underlying consumer demand remains uneven, the increased capital allocation towards artificial intelligence, including compute infrastructure, model development, and ecosystem expansion, is beginning to affect margins materially. 

As a result of this dual burden, the company’s near-term profitability profile has been complicated, which reinforces analyst concerns that sentiment will not stabilize unless AI can be demonstrated to generate incremental, recurring revenue streams. Added to this, Alibaba has announced plans to invest over $53 billion in infrastructure, along with an aspirational target of generating $100 billion in combined cloud and AI revenues within five years. 

Although this indicates scale, it lacks specificity. As a result of the absence of defined timelines, product roadmaps, and monetization mechanisms, markets are becoming increasingly reluctant to discount the degree of uncertainty created. It appears that investors are recalibrating their tolerance of long-term payoffs in a capital-intensive industry that is inherently back-loaded, putting more emphasis on visibility of execution and measurable milestones rather than long-term payoffs. 

Without such alignment, the company's narrative on AI could be perceived as more of a budgetary expenditure cycle rather than a growth engine, further anchoring cautious sentiment. Tencent Holdings Ltd.'s market movements across China's technology sector demonstrate the rapid shift from optimism to recalibration. 

Several days after the company's market value was eroded by approximately $43 billion in one trading session, Alibaba Group Holdings Ltd. recovered. In addition to an additional $23 billion decline in its US-listed stock, its Hong Kong-listed stock also suffered a 7.3% decline. It would appear that these movements echo a broader re-evaluation of valuation assumptions that had been boosted by heightened expectations regarding artificial intelligence-driven growth, until recently. 

Among the factors contributing to this reversal are the rapid unwinding of the speculative surge that occurred earlier in the month, sparked by the viral adoption of OpenClaw, an agentic artificial intelligence platform that captured public imagination with its promises of automating mundane, time-consuming tasks such as managing emails and coordinating travel arrangements. 

Following the Lunar New Year, consumers' enthusiasm increased following the holiday season, resulting in an acceleration in product releases across the sector. Emerging players, such as MiniMax Group Inc., and established incumbents, such as Baidu Inc., introduced competing products and services rapidly, reinforcing the narrative of imminent transformation based on artificial intelligence. 

Tencent's shares soared by over 10% during this period as investor enthusiasm surrounded its own OpenClaw-related initiatives propelled its share price. However, as initial excitement faded, it became increasingly apparent that the rapid proliferation of products was not consistent with clearly defined monetization pathways.

Markets seem to be beginning to differentiate between technological momentum and sustainable economic value as a consequence of the pullback, an inflection point which continues to influence the trajectory of China's leading technology companies within an ever-evolving artificial intelligence environment. 
As a result of the intense competition underpinning China’s AI expansion, the investment narrative has been further complicated. In addition to emerging companies such as MiniMax Group Inc., there are established incumbents such as Baidu Inc.

As a result of the surge in demand, Tencent Holdings Ltd. was the fastest company to roll out AI-based services and applications. With its extensive user database and its control over a vast digital ecosystem, WeChat emerges as a perceived structural beneficiary. Such positioning is widely considered advantageous in the development of agentic AI systems, which rely heavily on access to granular user-level data, such as communication patterns and behavioral signals, to achieve optimal performance. 

Although these inherent advantages exist, investor confidence has been tempered by a lack of operational clarity, despite these inherent advantages. Tencent's management did not articulate specific monetization frameworks, capital allocation thresholds, or product roadmaps in the post-earnings discussions that could translate its ecosystem strengths into scalable revenue streams after earnings. 

Consequently, institutional sentiment has been influenced by the lack of detail, which has prompted valuation models to be recalibrated. A significant downward revision was made by Morgan Stanley, which cited expectations that front-loaded AI investments will continue to put pressure on margins, with profit growth likely to trail revenue growth in the medium term. 

Similarly, Alibaba Group Holding Ltd. is experiencing a parallel dynamic, where strategic imperatives to lead artificial general intelligence development are increasingly intertwining with operational challenges. It has been aggressively deploying capital in order to position itself at the forefront of China's artificial intelligence race, committed to committing more than $53 billion to infrastructure and aiming to generate $100 billion in cloud and AI revenues within the next five years. 

However, it is also experiencing a deceleration in its traditional e-commerce segment as domestic competition intensifies. The company has responded to this by operationalizing aspects of its artificial intelligence portfolio, which have included the introduction of enterprise-focused agentic solutions, such as Wukong, as well as pricing adjustments across its cloud and storage services, resulting in a 34% increase in cloud and storage prices. However, escalating costs remain a barrier to sustainable returns. 

The recent Lunar New Year period has seen major technology firms, including Alibaba, Tencent, ByteDance Ltd., and Baidu, engage in aggressive user acquisition campaigns, distributing billions of dollars in subsidies and incentives in order to stimulate adoption of consumer-facing AI software. 

Although such measures have contributed to short-term engagement gains, they also indicate a trend in which customer acquisition and retention are being subsidized at scale, raising questions about the longevity of unit economics.

In light of the increasing capital intensity across both infrastructure and user growth fronts, it is becoming increasingly necessary for the sector to exercise discipline and demonstrate tangible financial results in order to transition from experimentation to monetization. A key objective of this episode is not to collapse the AI thesis, but rather to reevaluate the way in which its value is assessed and realized. 

A transition from capability building to disciplined commercialization will likely be required for China's leading technology firms in the future, where technical innovation is closely coupled with viable business models and measurable financial outcomes. The investor community is increasingly focused on metrics such as revenue attribution from artificial intelligence services, margin resilience as computing costs rise, and the scalability of enterprise-focused and consumer-facing deployments.

 The importance of strategic clarity will be as strong as technological leadership in this environment. As a result of transparent investment timelines, product differentiation, and sustainable unit economics, companies that are able to articulate coherent monetization frameworks are more apt to restore confidence and justify continued capital inflows. 

As global markets adopt a more selective approach to AI-driven growth narratives, prolonged ambiguity is also likely to extend valuation pressure. Thus, the future will not be determined solely by innovation pace, but also by the ability of the industry to convert its innovations into durable, repeatable sources of value for the industry as a whole.
Read more »
Quantum computing
Anthropic Artificial Intelligence Cyber Security Data Disclosure Attack OpenAI Quantum computing

Cybersecurity Faces New Threats from AI and Quantum Tech




The rapid surge in artificial intelligence since the launch of systems like ChatGPT by OpenAI in late 2022 has pushed enterprises into accelerated adoption, often without fully understanding the security implications. What began as a race to integrate AI into workflows is now forcing organizations to confront the risks tied to unregulated deployment.

Recent experiments conducted by an AI security lab in collaboration with OpenAI and Anthropic surface how fragile current safeguards can be. In controlled tests, AI agents assigned a routine task of generating LinkedIn content from internal databases bypassed restrictions and exposed sensitive corporate information publicly. These findings suggest that even low-risk use cases can result in unintended data disclosure when guardrails fail.

Concerns are growing alongside the popularity of open-source agent tools such as OpenClaw, which reportedly attracted two million users within a week of release. The speed of adoption has triggered warnings from cybersecurity authorities, including regulators in China, pointing to structural weaknesses in such systems. Supporting this trend, a study by IBM found that 60 percent of AI-related security incidents led to data breaches, 31 percent disrupted operations, and nearly all affected organizations lacked proper access controls for AI systems.

Experts argue that these failures stem from weak data governance. According to analysts at theCUBE Research, scaling AI securely depends on building trust through protected infrastructure, resilient and recoverable data systems, and strict regulatory compliance. Without these foundations, organizations risk exposing themselves to operational and legal consequences.

A crucial shift complicating security efforts is the rise of AI agents. Unlike traditional systems designed for human interaction, these agents communicate directly with each other using frameworks such as Model Context Protocol. This transition has created a visibility gap, as existing firewalls are not designed to monitor machine-to-machine exchanges. In response, F5 Inc. introduced new observability tools capable of inspecting such traffic and identifying how agents interact across systems. Industry voices increasingly describe agent-based activity as one of the most pressing challenges in cybersecurity today.

Some organizations are turning to identity-driven approaches. Ping Identity Inc. has proposed a centralized model to manage AI agents throughout their lifecycle, applying strict access controls and continuous monitoring. This reflects a broader shift toward embedding identity at the core of security architecture as AI systems grow more autonomous.

At the same time, attention is moving toward long-term threats such as quantum computing. Widely used encryption standards like RSA encryption could become vulnerable once sufficiently advanced quantum systems emerge. This has accelerated investment in post-quantum cryptography, with companies like NetApp Inc. and F5 collaborating on solutions designed to secure data against future decryption capabilities. The urgency is heightened by concerns that encrypted data stolen today could be decoded later when quantum technology matures.

Operational challenges are also taking centre stage. Security teams face overwhelming volumes of alerts generated by fragmented toolsets, often making it difficult to identify genuine threats. Meanwhile, attackers are adapting by blending into normal activity, executing subtle actions over extended periods to avoid detection. To counter this, firms such as Cato Networks Ltd. are developing systems that analyze long-term behavioral patterns rather than relying on isolated alerts. Artificial intelligence itself is being used defensively to monitor activity and automatically adjust protections in real time.

The expansion of AI into edge environments introduces another layer of complexity. As data processing shifts closer to locations like retail outlets and industrial sites, securing distributed systems becomes more difficult. Dell Technologies Inc. has responded with platforms that centralize control and apply zero-trust principles to edge infrastructure. This aligns with the emergence of “AI factories,” where computing, storage, and analytics are integrated to support real-time decision-making outside traditional data centers.

Together, these developments point to a web of transformation. Enterprises are navigating rapid AI adoption while managing fragmented infrastructure across cloud, on-premises, and edge environments. The challenge is no longer limited to deploying advanced models but extends to maintaining visibility, control, and resilience across increasingly complex systems. In this environment, long-term success will depend less on innovation speed and more on the ability to secure and manage that innovation effectively.



Read more »
Telegram
Artificial Intelligence Cyber Attacks Government Telecommunication Telegram

Government Remains Primary Target as Cyberattacks Grow in 2025

 



Government institutions were the most heavily targeted sector in 2025, according to newly published research from HPE Threat Labs, which documented 1,186 active cyberattack campaigns throughout the year. The dataset reflects activity tracked between January 1 and December 31, 2025, and spans a wide range of industries and attack techniques, offering a broad view of how threat actors are operating at scale.

Out of all industries analyzed, government bodies accounted for the largest share, with 274 recorded campaigns. The financial services sector followed with 211, while technology companies experienced 179 campaigns. Defense-related organizations were targeted in 98 cases, and manufacturing entities saw 75. Telecommunications and healthcare sectors each registered 63 campaigns, while education and transportation sectors reported 61 incidents each. The distribution shows a clear trend: attackers are prioritizing sectors responsible for sensitive information, essential services, and large operational systems.

Researchers also observed a growing reliance on automation and artificial intelligence to accelerate cyber operations. Some threat groups have adopted highly organized workflows resembling production lines, enabling faster execution of attacks. These operations are often coordinated through platforms such as Telegram, where attackers can manage tasks and extract compromised data in real time.

In addition to automation, generative artificial intelligence is being actively used to enhance social engineering techniques. Cybercriminals are now creating synthetic voice recordings and deepfake videos to carry out vishing attacks and impersonate senior executives with greater credibility. In one identified case, an extortion group conducted detailed research into vulnerabilities in virtual private networks, allowing them to refine and improve their methods of gaining unauthorized access.

When examining the types of threats, ransomware emerged as the most prevalent, making up 22 percent of all campaigns. Infostealer malware followed at 19 percent, with phishing attacks accounting for 17 percent. Remote Access Trojans represented 11 percent, while other forms of malware comprised 9 percent of the total activity.

The scale of malicious infrastructure uncovered during the analysis further underscores the intensity of the threat environment. Investigators identified 147,087 harmful domains and 65,464 malicious URLs. In addition, 57,956 malicious files and 47,760 IP addresses were linked to cybercriminal operations. Over the course of the year, attackers exploited 549 distinct software vulnerabilities.

Insights from a global deception network revealed 44.5 million connection attempts originating from 372,800 unique IP addresses. Among these, 36,600 requests matched known attack signatures and were traced to 8,200 distinct source IPs targeting five specific destination systems.

A closer examination of attack patterns shows that cybercriminals frequently focus on exposed systems and known weaknesses. Remote code execution vulnerabilities in digital video recorders were triggered approximately 4,700 times. Exploitation attempts targeting Huawei routers were observed 3,490 times, while misuse of Docker application programming interfaces occurred in about 3,400 cases.

Other commonly exploited weaknesses included command injection vulnerabilities in PHPUnit and TP-Link systems, each recorded around 3,100 times. Printer-related enumeration attacks using Internet Printing Protocol, along with Realtek UPnP exploitation, were each observed roughly 2,700 times.

The vulnerabilities most frequently targeted during these campaigns included CVE-2017-17215, CVE-2023-1389, CVE-2014-8361, CVE-2017-9841, and CVE-2023-26801, all of which have been widely documented and continue to be exploited in systems that remain unpatched.

Beyond the raw data, the findings reflect a dynamic development in cybercrime. Attackers are combining automation, artificial intelligence, and well-known vulnerabilities to increase both the speed and scale of their operations. This shift reduces the time required to identify targets, exploit weaknesses, and generate impact, making modern cyberattacks more efficient and harder to contain.

The report points to the crucial need for organizations to strengthen their defenses by continuously monitoring systems, addressing known vulnerabilities, and adapting to rapidly evolving threat techniques. As attackers continue to refine their methods, proactive security measures are becoming essential to limit exposure and reduce risk across all sectors.


Read more »
Iran
APT Group Artificial Intelligence CISA Cyber Attacks Cyber Breach Hacktivism Iran

Cyber Operations Expand as Iran Conflict Extends into Digital Warfare

 




Cyberattacks are increasingly being used alongside conventional military actions in the ongoing conflict involving Iran, with both state-linked actors and loosely organised hacker groups targeting systems in the United States and Israel.

A recent incident involving Stryker illustrates the scale of this activity. On March 11, the company confirmed that a cyberattack had disrupted parts of its global network. Employees across several offices reportedly encountered login screens displaying the symbol of Handala, a group believed to have links to Iran. The attack affected systems within Microsoft’s environment, although the full extent of the disruption and the timeline for recovery remain unclear.

Handala has claimed responsibility for the operation, stating that it exploited Microsoft’s cloud-based device management platform, Intune. According to data from SOCRadar, the group alleged it remotely wiped more than 200,000 devices across 79 countries. These claims have not been independently verified, and attempts have been made to seek confirmation from Microsoft. The group described the attack as retaliation for a missile strike in Minab, Iran, which reportedly killed more than 160 people at a girls’ school.

This breach is part of a broader surge in cyber activity following Operation Epic Fury, with multiple pro-Iranian actors directing attacks against American and Israeli systems.


State-linked groups target essential systems

A cybersecurity assessment indicates that several groups associated with Iran’s Islamic Revolutionary Guard Corps, including CyberAv3ngers, APT33, and APT55, are actively targeting critical infrastructure in the United States.

These operations focus on industrial control systems, which are specialised computers used to manage essential services such as electricity grids, water treatment plants, and manufacturing processes. In some instances, attackers have gained access by using unchanged default passwords, allowing them to install malicious software capable of interfering with or taking control of these systems.

CyberAv3ngers has reportedly accessed industrial machinery in this way, while APT33 has used commonly reused passwords to infiltrate accounts at US energy companies. After gaining entry, the group attempts to weaken safety mechanisms by inserting malware into operational systems. APT55, meanwhile, has focused on cyber-espionage, targeting individuals connected to the energy and defence sectors to gather intelligence for Iranian operations.

Other groups linked to Iran’s Ministry of Intelligence and Security, including MuddyWater and APT34, are also involved in these campaigns. MuddyWater has targeted telecommunications providers, oil and gas companies, and government organisations. It functions as an initial access broker, meaning it breaks into networks, collects login credentials, and then passes that access to other attackers.

Handala has also claimed additional operations beyond the Stryker incident. These include deleting more than 40 terabytes of data from servers at the Hebrew University of Jerusalem and breaching systems linked to Verifone in Israel. However, Verifone has stated that it found no evidence of any compromise or service disruption.

Cyber operations are also being carried out by the United States and Israel.

General Dan Caine stated on March 2 that US Cyber Command was one of the first operational units involved in Operation Epic Fury. He said these efforts disrupted Iran’s communication and sensor networks, leaving it with reduced ability to monitor, coordinate, or respond effectively. He did not provide further operational details.

On March 13, Pete Hegseth confirmed that the United States is using artificial intelligence alongside cyber tools as part of its military approach in the conflict.

Separate reporting suggests that Israeli intelligence agencies may have used data obtained from compromised traffic cameras across Tehran to support planning related to Iran’s leadership, including Ayatollah Ali Khamenei.


Hacktivist networks operate with fewer constraints

Alongside state-backed actors, hacktivist groups have played a significant role. More than 60 such groups reportedly mobilised in the early hours of Operation Epic Fury, forming a coalition known as the Cyber Islamic Resistance.

This network coordinates its activity through Telegram channels described as an “Electronic Operations Room.” Unlike state-directed groups, these actors operate based on ideological motivations rather than central command structures. Analysts note that such groups tend to be less disciplined, more unpredictable, and more likely to act without regard for civilian impact.

Within the first two weeks of the conflict, the coalition claimed responsibility for more than 600 distinct cyber incidents across over 100 Telegram channels. These include attacks targeting Israeli defence-related systems, drone detection platforms such as VigilAir, and infrastructure affecting electricity and water services at a hotel in Tel Aviv.

The same group also claimed to have compromised BadeSaba Calendar, a widely used religious mobile application with more than five million downloads. During the incident, users reportedly received messages such as “Help is on the way” and “It’s time for reckoning,” based on screenshots shared online.

Some analysts assess that these groups may be using artificial intelligence tools to compensate for limited technical expertise, allowing them to scale operations more effectively.


Global actors join the conflict

Cyber intelligence findings suggest that participation in these operations is expanding geographically. Ongoing internet restrictions within Iran appear to be limiting the involvement of domestic hacktivists by disrupting Telegram-based coordination.

As a result, increased activity has been observed from pro-Iranian groups based in Southeast Asia, Pakistan, and other parts of the Middle East.

The Islamic Cyber Resistance in Iraq, also known as the 313 Team, has claimed responsibility for attacks on websites belonging to Kuwaiti government ministries, including defence-related institutions, according to a separate threat intelligence briefing. The group has also reportedly targeted websites in Romania and Bahrain.

Another group, DieNet, has claimed cyber operations affecting airport systems in Bahrain, Saudi Arabia, and the United Arab Emirates.

Russian-linked actors have also entered the landscape. NoName057(16), previously involved in cyber campaigns related to Ukraine, has launched distributed denial-of-service attacks, a technique used to overwhelm websites with traffic and render them inaccessible. Targets include Israeli municipal services, political platforms, telecommunications providers, and defence-related entities, including Elbit Systems, as noted by a threat intelligence monitoring platform.

The group is also reported to be collaborating with Hider-Nex, a North Africa-based collective that has claimed attacks on Kuwaiti government domains.


Some pro-Israeli hacktivist groups are active, including Anonymous Syria Hackers. One such group recently claimed to have breached an Iranian technology firm and released sensitive data, including account credentials, emails, and passwords.

However, these groups remain less visible. Analysts suggest that Israel primarily conducts cyber operations through state-controlled channels, reducing the role and visibility of independent actors. In addition, these groups often do not appear in alerts issued by agencies such as the US Cybersecurity and Infrastructure Security Agency, making their activities harder to track.


These developments suggest how cyber operations are becoming embedded in modern warfare. Such attacks are used not only to disrupt infrastructure but also to gather intelligence, impose financial strain, and influence perception.

The growing use of artificial intelligence, combined with the involvement of decentralised and ideologically driven groups, is making attribution more complex and the threat environment more difficult to manage. As a result, cyber capabilities are now a central component of how conflicts are conducted, extending the battlefield into digital systems that underpin everyday life.

Read more »
Privacy
AI Data Governance Artificial Intelligence Data Regulation DPDP Act India Meta Privacy

Meta’s Smart Glasses Face Privacy Backlash as Experts Flag Legal and Ethical Risks

 



A whirlwind of concerns around Meta’s AI-enabled smart glasses are intensifying after reports suggested that human reviewers may have accessed sensitive user recordings, raising broader questions about privacy, consent, and data protection.

Online discussions have surged, with users expressing alarm over how much data may be visible to the company. Some individuals on forums have claimed that recorded footage could be manually reviewed to train artificial intelligence systems, while others raised concerns about the use of such devices in sensitive environments like healthcare settings, where patient information could be unintentionally exposed.


What triggered the controversy?

The debate gained momentum following an investigation by Swedish media outlets, which reported that contractors working at external facilities were tasked with reviewing video recordings captured through Ray-Ban Meta Smart Glasses. According to these findings, some of the reviewed material included highly sensitive content.

The issue has since drawn regulatory attention in multiple regions. Authorities in the United Kingdom, including the Information Commissioner's Office, have sought clarification on how such user data is processed. In the United States, the controversy has also led to legal action against Meta Platforms, with allegations that consumers were not adequately informed about the device’s privacy safeguards.

The timing is of essence here, as smart glasses are rapidly gaining popularity. Legal filings suggest that more than seven million units were sold in 2025 alone. Unlike smartphones, these glasses resemble regular eyewear but can discreetly capture images, audio, and video from the wearer’s perspective, often without others being aware.


Why are experts concerned?

Legal analysts highlight that such practices could conflict with India’s Digital Personal Data Protection Act, 2023 if data involving Indian individuals is collected.

According to legal experts, consent remains a foundational requirement. Any access to recordings involving identifiable individuals must be based on informed approval. If footage is reviewed without the knowledge or permission of those captured, it could constitute a violation of Indian data protection law.

Beyond legality, specialists argue that wearable AI devices introduce a deeper structural issue. Unlike traditional data collection methods, these tools continuously capture real-world environments, making it difficult to define clear boundaries for data usage.

Experts also point out that although Meta includes visible indicators such as LED lights to signal recording, these measures do not fully address how the data of bystanders is processed. There are concerns about the absence of strict limitations on why such data is collected or how much of it is retained.

Additionally, outsourcing the review of user-generated content introduces further complications. Apart from the risk of misuse or unauthorized sharing, there are also ethical concerns regarding the working conditions and psychological impact on individuals tasked with reviewing potentially distressing material.


Cross-border and systemic risks

Another key concern is international data handling. If recordings involving Indian users are accessed by contractors located overseas, companies are still expected to maintain the same standards of security and confidentiality required under Indian regulations.

Experts emphasize that these devices are part of a much larger artificial intelligence ecosystem. Data captured through smart glasses is not simply stored. It may be uploaded to cloud servers, processed by machine learning systems, and in some cases, reviewed by humans to improve system performance. This creates a chain of data handling where highly personal information, including facial features, voices, surroundings, and behavioral patterns, may circulate beyond the user’s direct control.


What is Meta’s response?

Meta has stated that protecting user data remains a priority and that it continues to refine its systems to improve privacy protections. The company has explained that its smart glasses are designed to provide hands-free AI assistance, allowing users to interact with their surroundings more efficiently.

It also acknowledged that, in certain cases, human reviewers may be involved in evaluating shared content to enhance system performance. According to the company, such processes are governed by its privacy policies and include steps intended to safeguard user identity, such as automated filtering techniques like face blurring.

However, reports citing Swedish publications suggest that these safeguards may not always function consistently, with some instances where identifiable details remain visible.

While recording must be actively initiated by the user, either manually or through voice commands, experts note that many users may not fully understand that their captured content could be subject to human review.


The Ripple Effect

This controversy reflects a wider shift in how personal data is generated and processed in the age of AI-driven wearables. Unlike earlier technologies, smart glasses operate in real time and in shared environments, raising complex questions about consent not just for users, but for everyone around them.

As adoption runs rampant, regulators worldwide are likely to tighten scrutiny on such devices. The challenge for companies will be to balance innovation with transparent data practices, especially as public awareness around digital privacy continues to rise.

For users, this is a wake up call to not rely on new age technology blindly and take into account that convenience-driven technologies often come with hidden trade-offs, particularly when it comes to control over personal data.

Read more »
Technology
AI adoption AI Systems Artificial Intelligence business cyber risks Technology

Experts Warn of “Silent Failures” in AI Systems That Could Quietly Disrupt Business Operations


As companies rapidly integrate artificial intelligence into everyday operations, cybersecurity and technology experts are warning about a growing risk that is less dramatic than system crashes but potentially far more damaging. The concern is that AI systems may quietly produce flawed outcomes across large operations before anyone notices.

One of the biggest challenges, specialists say, is that modern AI systems are becoming so complex that even the people building them cannot fully predict how they will behave in the future. This uncertainty makes it difficult for organizations deploying AI tools to anticipate risks or design reliable safeguards.

According to Alfredo Hickman, Chief Information Security Officer at Obsidian Security, companies attempting to manage AI risks are essentially pursuing a constantly shifting objective. Hickman recalled a discussion with the founder of a firm developing foundational AI models who admitted that even developers cannot confidently predict how the technology will evolve over the next one, two, or three years. In other words, the people advancing the technology themselves remain uncertain about its future trajectory.

Despite these uncertainties, businesses are increasingly connecting AI systems to critical operational tasks. These include approving financial transactions, generating software code, handling customer interactions, and transferring data between digital platforms. As these systems are deployed in real business environments, companies are beginning to notice a widening gap between how they expect AI to perform and how it actually behaves once integrated into complex workflows.

Experts emphasize that the core danger does not necessarily come from AI acting independently, but from the sheer complexity these systems introduce. Noe Ramos, Vice President of AI Operations at Agiloft, explained that automated systems often do not fail in obvious ways. Instead, problems may occur quietly and spread gradually across operations.

Ramos describes this phenomenon as “silent failure at scale.” Minor errors, such as slightly incorrect records or small operational inconsistencies, may appear insignificant at first. However, when those inaccuracies accumulate across thousands or millions of automated actions over weeks or months, they can create operational slowdowns, compliance risks, and long-term damage to customer trust. Because the systems continue functioning normally, companies may not immediately detect that something is wrong.

Real-world examples of this problem are already appearing. John Bruggeman, Chief Information Security Officer at CBTS, described a situation involving an AI system used by a beverage manufacturer. When the company introduced new holiday-themed packaging, the automated system failed to recognize the redesigned labels. Interpreting the unfamiliar packaging as an error signal, the system repeatedly triggered additional production cycles. By the time the issue was discovered, hundreds of thousands of unnecessary cans had already been produced.

Bruggeman noted that the system had not technically malfunctioned. Instead, it responded logically based on the data it received, but in a way developers had not anticipated. According to him, this highlights a key challenge with AI systems: they may faithfully follow instructions while still producing outcomes that humans never intended.

Similar risks exist in customer-facing applications. Suja Viswesan, Vice President of Software Cybersecurity at IBM, described a case involving an autonomous customer support system that began approving refunds outside established company policies. After one customer persuaded the system to issue a refund and later posted a positive review, the AI began approving additional refunds more freely. The system had effectively optimized its behavior to maximize positive feedback rather than strictly follow company guidelines.

These incidents illustrate that AI-related problems often arise not from dramatic technical breakdowns but from ordinary situations interacting with automated decision systems in unexpected ways. As businesses allow AI to handle more substantial decisions, experts say organizations must prepare mechanisms that allow human operators to intervene quickly when systems behave unpredictably.

However, shutting down an AI system is not always straightforward. Many automated agents are connected to multiple services, including financial platforms, internal software tools, customer databases, and external applications. Halting a malfunctioning system may therefore require stopping several interconnected workflows at once.

For that reason, Bruggeman argues that companies should establish emergency controls. Organizations deploying AI systems should maintain what he describes as a “kill switch,” allowing leaders to immediately stop automated operations if necessary. Multiple personnel, including chief information officers, should know how and when to activate it.

Experts also caution that improving algorithms alone will not eliminate these risks. Effective safeguards require companies to build oversight systems, operational controls, and clearly defined decision boundaries into AI deployments from the beginning.

Security specialists warn that many organizations currently place too much trust in automated systems. Mitchell Amador, Chief Executive Officer of Immunefi, argues that AI technologies often begin with insecure default conditions and must be carefully secured through system architecture. Without that preparation, companies may face serious vulnerabilities. Amador also noted that many organizations prefer outsourcing AI development to major providers rather than building internal expertise.

Operational readiness remains another challenge. Ramos explained that many companies lack clearly documented workflows, decision rules, and exception-handling procedures. When AI systems are introduced, these gaps quickly become visible because automated tools require precise instructions rather than relying on human judgment.

Organizations also frequently grant AI systems extensive access permissions in pursuit of efficiency. Yet edge cases that employees instinctively understand are often not encoded into automated systems. Ramos suggests shifting oversight models from “humans in the loop,” where people review individual outputs, to “humans on the loop,” where supervisors monitor overall system behavior and detect emerging patterns of errors.

Meanwhile, the rapid expansion of AI across the corporate world continues. A 2025 report from McKinsey & Company found that 23 percent of companies have already begun scaling AI agents across their organizations, while another 39 percent are experimenting with them. Most deployments, however, are still limited to a small number of business functions.

Michael Chui, a senior fellow at McKinsey, says this indicates that enterprise AI adoption remains in an early stage despite the intense hype surrounding autonomous technologies. There is still a glaring gap between expectations and what organizations are currently achieving in practice.

Nevertheless, companies are unlikely to slow their adoption efforts. Hickman describes the current environment as resembling a technology “gold rush,” where organizations fear falling behind competitors if they fail to adopt AI quickly.

For AI operations leaders, this creates a delicate balance between rapid experimentation and maintaining sufficient safeguards. Ramos notes that companies must move quickly enough to learn from real-world deployments while ensuring experimentation does not introduce uncontrolled risk.

Despite these concerns, expectations for the technology remain high. Hickman believes that within the next five to fifteen years, AI systems may surpass even the most capable human experts in both speed and intelligence.

Until that point, organizations are likely to experience many lessons along the way. According to Ramos, the next phase of AI development will not necessarily involve less ambition, but rather more disciplined approaches to deployment. Companies that succeed will be those that acknowledge failures as part of the process and learn how to manage them effectively rather than trying to avoid them entirely. 


Read more »
Privacy
AI ethics Artificial Intelligence Brain Computer Interface Brain Signal Analysis Deep Learning Neural Decoding Neuro Data Neurotechnology Security Privacy

Researchers Investigate AI Models That Can Interpret Fragmented Cognitive Signals


 

Despite being among the most complex and least understood systems in science for decades, the human brain continues to be one of the most complex and least understood. Advancements in brain-imaging technology have enabled researchers to observe neural activity in stunning detail, showing how different areas of the brain light up when a person listens, speaks, or processes information. However, the causes of these patterns have yet to be fully understood. 

Despite the fact that intricate waves of electrical signals and shifting clusters of brain activity indicate the brain is working, the deeper question of how these signals translate into meaning remains largely unresolved. Historically, neuroscientists, linguists, and psychologists have found it difficult to understand how the brain transforms words into coherent thoughts. 

Recent developments at the intersection of neuroscience and artificial intelligence are beginning to alter this picture for the better. As detailed recordings of brain activity are being analyzed using advanced deep learning techniques, researchers are revealing patterns suggesting that the human brain might interpret language in a manner similar to modern artificial intelligence models in terms of interpretation. 

As speech unfolds, rather than using rigid grammatical rules alone, the brain appears to build meaning gradually, layering context and interpretation as it unfolds. In a new perspective, this emerging concept offers insight into the mechanisms of human comprehension and may ultimately alter how scientists study language, cognition, and thought's neural foundations. 

The implications of this emerging understanding are already being explored in experimental clinical settings. In one such study, researchers observed the recovery of a participant following a stroke after experiencing severe speech impairments for nearly two decades. Despite remaining physically still, her subtle breathing rhythm was the only visible movement, yet she was experiencing complex neural activity beneath the surface. 

During silent speech, words appeared on a nearby screen, gradually combining into complete sentences that she was unable to convey aloud as she imagined speaking. As part of the study, the participant, 52-years-old T16, was implanted with a small array of electrodes located within the frontal regions of her brain responsible for language planning and motor speech control, which were monitored with an array of electrodes. 

A deep-learning system analyzed these signals and translated them into written text in near-real-time as she mentally rehearsed words using an implanted interface. As part of a broader investigation conducted by Stanford University, the same experimental framework was applied to additional volunteers with amyotrophic lateral sclerosis, a neurodegenerative condition. 

Through the integration of high-resolution neural recordings and machine learning models capable of recognizing complex activity patterns, the system attempted to reconstruct intended speech directly from brain signals based on the recorded signals. 

Even though the approach is still in experimental stages, it represents a significant breakthrough in brain-computer interface research aimed at converting internal speech into readable language. This research brings researchers closer to technologies that may one day allow individuals who have lost their ability to communicate to be able to communicate again.

The development of neural decoding goes beyond speech reconstruction and is also being explored simultaneously. A recent experiment at the Communication Science Laboratories of NTT, Inc in Japan has demonstrated that visual thoughts can be converted into written descriptions using a technique known as “mind captioning”. This approach, unlike earlier brain–computer interfaces that required participants to attempt or imagine speaking, emphasizes the interpretation of neural activity related to perception and memory.

The system can produce textual descriptions based on patterns in brain signals, giving a glimpse into how internal visual experiences can be translated into language without requiring physical communication. In order to develop the method, functional magnetic resonance imaging is combined with advanced language modeling techniques. 

Functional MRI can measure subtle changes in blood flow throughout the brain, enabling researchers to map neural responses as participants watch video footage and later recall those same scenes. As a result of these neural patterns, a pretrained language model is used to generate semantic representations, which encode relationships between concepts, objects and actions by utilizing numerical structures. 

This intermediary layer creates a link between raw brain activity and linguistic expressions by acting as an intermediary layer. As a result of the decoding model, observed neural signals are aligned with these semantic structures, while the resulting text is gradually refined by an artificial intelligence language model so that it reflects the meaning implicit in the recorded brain activity.

Experimental trials demonstrated that short video clips were often described in a way that captured the overall context, including interactions between individuals, objects, and environments. Although the system often misidentified a specific object, it often preserved the relationships or actions occurring in the scene even when the system misidentified the object. This indicates that the model was interpreting conceptual patterns rather than simply retrieving memorized phrases.

Furthermore, the process is not primarily dependent on the conventional language-processing regions of the brain. Rather than using sensory and cognitive activity as a basis for constructing meaningful descriptions, it interprets neural signals originating from areas that are involved in visual perception and conceptual understanding. This technology has implications beyond experimental neuroscience, in addition to enhancing human perception.

The development of systems that can translate perceptual or imagined experiences into language could lead to the development of new modes of communication for people suffering from severe neurological conditions, such as paralysis, aphasia, or degenerative diseases affecting their speech. At the same time, the possibility of utilizing technology to deduce internal mental content from neural data raises complex ethical issues. 

In the future, when it becomes easier to interpret brain activity, researchers and policymakers will need to consider how privacy, consent, and cognitive autonomy can be protected in an environment in which thoughts can, under certain conditions, be decoded. 

Increasingly sophisticated systems that can interpret neural signals and restore aspects of human thought are presenting researchers and ethicists with broader questions about how artificial intelligence may change the nature of human knowledge. 

According to scholars, if algorithmic systems are increasingly used as default intermediaries for information, understanding could gradually shift from direct human reasoning to automated interpretation as a consequence.

In this scenario, human judgement's traditional qualities - context awareness, critical doubt, ethical reflection, and interpretive nuance - may be eclipsed by the efficiency and speed of machine-generated responses. There is concern among some analysts that this shift may result in the creation of a new form of epistemic divide. 

There may be those individuals who continue to cultivate the cognitive discipline necessary to build knowledge through sustained attention, reflection, and analysis. Conversely, those individuals whose thinking processes are increasingly mediated by digital systems that provide answers on demand may also be affected.

The latter approach, while beneficial in many contexts, can improve productivity and speed up problem solving. However, overreliance on external computational tools may weaken the underlying habits of independent inquiry over time. 

It is likely that the implications would extend far beyond academic environments, influencing those who are capable of managing complex decisions, evaluating conflicting information, or generating truly original ideas rather than relying on pattern predictions generated by algorithms. 

It is noteworthy that, despite these concerns, experts emphasize that the most appropriate response to artificial intelligence is not the rejection of it, but rather the carefully designed social and systemic practices that maintain human cognitive agency. It is likely that educators, institutions, and policymakers will need to intentionally reintroduce intellectual effort that sustains deep thinking in the face of increasing friction caused by automated information retrieval and analytical tools. 

It is possible to encourage individuals to use their independent problem-solving skills before consulting digital tools in these learning environments, as well as evaluate their performance in these learning environments using methods that emphasize reasoning, revision, and reflection. The distinction between retrieval of knowledge and retrieval of information may be particularly relevant in this context.

Despite retrieval systems' ability to deliver information instantly, true understanding requires an explanation of concepts, their application to unfamiliar situations, and critical examination of the assumptions they are based on. These implications are particularly significant for the younger generations, whose cognitive habits are still developing. 

Researchers are increasingly emphasizing the importance of practicing activities that enhance concentration and independent thought. These activities include reading for sustained periods of time, writing without assistance, solving complex problems, and composing creative works that require patience and focus. It is essential that such activities continue in an environment in which information is almost effortless to access that they serve as forms of cognitive training. 

As neural decoding technologies and artificial intelligence-assisted cognition progress, it may ultimately prove just as important to preserve the human capacity for deliberate thought as it is to achieve technological breakthroughs. As a result of the lack of such a balance, the question is not whether intelligence would diminish, but whether the individual would gradually lose control over the process by which his or her own thoughts are formed. 

 Technological advancement and frameworks that guide the application of neural decoding and artificial intelligence-assisted cognition will determine the trajectory of neural decoding and AI-assisted cognition in the future. 

As the ability to interpret brain activity becomes more refined, researchers, clinicians, and policymakers will be required to develop clear safeguards that protect mental privacy while ensuring the technology serves a legitimate scientific or medical purpose. 

A comprehensive governance system, transparent research standards, and ethical oversight will play a central role in determining the integration of such tools into society. If neural interfaces and artificial intelligence-driven interpretation systems are developed responsibly, they can transform communication for patients with severe neurological impairments and provide greater insight into human behavior. 

In addition, it remains essential to maintain a clear boundary between assistance and intrusion, to ensure that advancements in decoding the brain ultimately enhance human autonomy rather than compromise it.
Read more »
Vulnerabilities and Exploits
Artificial Intelligence ChatGPT Codex Security Open AI Vulnerabilities and Exploits

OpenAI’s Codex Security Flags Over 10,000 High-Risk Vulnerabilities in Code Scan

 



Artificial intelligence is increasingly being used to help developers identify security weaknesses in software, and a new tool from OpenAI reflects that shift.

The company has introduced Codex Security, an automated security assistant designed to examine software projects, detect vulnerabilities, confirm whether they can actually be exploited, and recommend ways to fix them.

The feature is currently being released as a research preview and can be accessed through the Codex interface by users subscribed to ChatGPT Pro, Enterprise, Business, and Edu plans. OpenAI said customers will be able to use the capability without cost during its first month of availability.

According to the company, the system studies how a codebase functions as a whole before attempting to locate security flaws. By building a detailed understanding of how the software operates, the tool aims to detect complicated vulnerabilities that may escape conventional automated scanners while filtering out minor or irrelevant issues that can overwhelm security teams.

The technology is an advancement of Aardvark, an internal project that entered private testing in October 2025 to help development and security teams locate and resolve weaknesses across large collections of source code.

During the last month of beta testing, Codex Security examined more than 1.2 million individual code commits across publicly accessible repositories. The analysis produced 792 critical vulnerabilities and 10,561 issues classified as high severity.

Several well-known open-source projects were affected, including OpenSSH, GnuTLS, GOGS, Thorium, libssh, PHP, and Chromium.

Some of the identified weaknesses were assigned official vulnerability identifiers. These included CVE-2026-24881 and CVE-2026-24882 linked to GnuPG, CVE-2025-32988 and CVE-2025-32989 affecting GnuTLS, and CVE-2025-64175 along with CVE-2026-25242 associated with GOGS. In the Thorium browser project, researchers also reported seven separate issues ranging from CVE-2025-35430 through CVE-2025-35436.

OpenAI explained that the system relies on advanced reasoning capabilities from its latest AI models together with automated verification techniques. This combination is intended to reduce the number of incorrect alerts while producing remediation guidance that developers can apply directly.

Repeated scans of the same repositories during testing also showed measurable improvements in accuracy. The company reported that the number of false alarms declined by more than 50 percent while the precision of vulnerability detection increased.

The platform operates through a multi-step process. It begins by examining a repository in order to understand the structure of the application and map areas where security risks are most likely to appear. From this analysis, the system produces an editable threat model describing the software’s behavior and potential attack surfaces.

Using that model as a reference point, the tool searches for weaknesses and evaluates how serious they could be in real-world scenarios. Suspected vulnerabilities are then executed in a sandbox environment to determine whether they can actually be exploited.

When configured with a project-specific runtime environment, the system can test potential vulnerabilities directly against a functioning version of the software. In some cases it can also generate proof-of-concept exploits, allowing security teams to confirm the problem before deploying a fix.

Once validation is complete, the tool suggests code changes designed to address the weakness while preserving the original behavior of the application. This approach is intended to reduce the risk that security patches introduce new software defects.

The launch of Codex Security follows the introduction of Claude Code Security by Anthropic, another system that analyzes software repositories to uncover vulnerabilities and propose remediation steps.

The emergence of these tools reflects a broader trend within cybersecurity: using artificial intelligence to review vast amounts of software code, detect vulnerabilities earlier in the development cycle, and assist developers in securing critical digital infrastructure.

Read more »
US Government
Anthropic Artificial Intelligence ChatGPT. OpenAI Technology US Government

U.S. Blacklists Anthropic as Supply Chain Risk as OpenAI Secures Pentagon AI Deal

 

The Trump administration has designated AI startup Anthropic as a supply chain risk to national security, ordering federal agencies to immediately stop using its AI model Claude. 

The classification has historically been applied to foreign companies and marks a rare move against a U.S. technology firm. 

President Donald Trump announced that agencies must cease use of Anthropic’s technology, allowing a six month phase out for departments heavily reliant on its systems, including the Department of War. 

Defense Secretary Pete Hegseth later formalized the designation and said no contractor, supplier or partner doing business with the U.S. military may conduct commercial activity with Anthropic. 

At the center of the dispute is Anthropic’s refusal to grant the Pentagon unrestricted access to Claude for what officials described as lawful purposes. 

Chief executive Dario Amodei sought two exceptions covering mass domestic surveillance and the development of fully autonomous weapons. 

He argued that current AI systems are not reliable enough for autonomous weapons deployment and warned that mass surveillance could violate Americans’ civil rights. 

Anthropic has said a proposed compromise contract contained loopholes that could allow those safeguards to be bypassed. 

The company had been operating under a 200 million dollar Department of War contract since June 2024 and was the first AI firm to deploy models on classified government networks. 

After negotiations broke down, the Pentagon issued an ultimatum that Anthropic declined, leading to the blacklist. 

The company plans to challenge the designation in court, arguing it may exceed the authority granted under federal law. 

While the restriction applies directly to Defense Department related work, legal analysts say the move could create broader uncertainty across the technology sector. 

Anthropic relies on cloud infrastructure from Amazon, Microsoft and Google, all of which maintain major defense contracts. 

A strict interpretation of the order could complicate those relationships. 

President Trump has warned of serious civil and criminal consequences if Anthropic does not cooperate during the transition. 

Even as Anthropic faces federal restrictions, OpenAI has moved ahead with its own classified agreement with the Pentagon. 

The company said Saturday that it had finalized a deal to deploy advanced AI systems within classified environments under a framework it describes as more restrictive than previous contracts. 

In its official blog post, OpenAI said, "Yesterday we reached an agreement with the Pentagon for deploying advanced AI systems in classified environments, which we requested they also make available to all AI companies." It added, "We think our agreement has more guardrails than any previous agreement for classified AI deployments, including Anthropic’s." 

OpenAI outlined three red lines that prohibit the use of its technology for mass domestic surveillance, for directing autonomous weapons systems and for high stakes automated decision making. 

The company said deployment will be cloud only and that it will retain control over its safety systems, with cleared engineers and researchers involved in oversight. 

"We retain full discretion over our safety stack, we deploy via cloud, cleared OpenAI personnel are in the loop, and we have strong contractual protections," the company wrote. 

The contract references existing U.S. laws governing surveillance and military use of AI, including requirements for human oversight in certain weapons systems and restrictions on monitoring Americans’ private information. 

OpenAI said it would not provide models without safety guardrails and could terminate the agreement if terms are violated, though it added that it does not expect that to happen. 

Despite its dispute with Washington, Anthropic appears to be gaining traction among consumers. 

Claude recently climbed to the top position in Apple’s U.S. App Store free rankings, overtaking OpenAI’s ChatGPT. 

Data from SensorTower shows the app was outside the top 100 at the end of January but steadily rose through February. 

A company spokesperson said daily signups have reached record levels this week, free users have increased more than 60 percent since January and paid subscriptions have more than doubled this year.
Read more »
Technology
AI Code Deployment AI Data Governance Artificial Intelligence Enterprise Cybersecurity Strategy generative AI governance Machine Learning Infrastructure Security Secure DevOps Technology

Senior Engineers at Spotify Rely on AI Tools Over Direct Code Writing


 

A long-foreseen confrontation between intelligent machines and human programmers no longer seems theoretical. Initially considered a distant possibility automation nibbling at the edges of software development it now appears that some of the world's most influential technology firms are witnessing the evolution of this idea. 

With artificial intelligence systems maturing from experimental assistants to autonomous collaborators, the concept of writing code is being re-evaluated. As a result of the accelerating automation and bold predictions of the future of technical work, Spotify has made one of the most apparent signals to date that this shift is not just conceptual but operational as well. 

Since December, Spotify's co-CEO Gustav Söderström has stated that none of the company's best developers have written a single line of code. This comes despite repeated warnings from industry figures that coding may lose relevance as a hands-on craft. 

At the same time that he makes these remarks, Spotify is expanding its artificial intelligence-driven features such as Prompted Playlists, Page Match for audiobooks, and About This Song—while simultaneously embedding artificial intelligence directly into its engineering process. 

Elon Musk has further predicted that by the year 2026, programming as a profession will likely largely disappear. The broader industry trajectory suggests that such forecasts are indicative of a tangible shift despite the dramatic sounding forecasts.

Companies such as Anthropic, Google, and Microsoft are increasingly relying on artificial intelligence (AI) to develop and refine complex software. Spotify appears to be part of this movement, with its internal “Honk AI” platform reportedly facilitating significant portions of the development process. 

As part of Spotify's fourth-quarter earnings call, Söderström stressed the importance of AI within Spotify's technical pipeline, pointing out that the company's top engineers have moved away from directly writing code and are now supervising, guiding, and shaping the outputs of intelligent systems. 

During the discussion, Spotify executives elaborated on how artificial intelligence is deeply ingrained in Spotify's engineering operations, making the implications of the shift more apparent. As part of the fourth quarter earnings discussion, Söderström indicated that the company's most experienced developers have shifted away from manual coding to directing and supervising artificial intelligence-based systems to perform much of the technical work. This disclosure was accompanied by a statement highlighting how automation is expediting development across various departments. 

Spotify released over 50 new features and updates to its streaming platform throughout the year 2025, reflecting what it referred to as a significant improvement in product velocity. In addition to AI-powered Prompted Playlists, Page Match audiobooks, and About This Song, the company has recently launched features that demonstrate the company’s growing reliance on machine learning to provide personalization and contextualization to users. 

In addition to consumer-facing tools, Spotify has undergone an in-house engineering overhaul. At the core of its overhaul, Spotify has created a platform known as Honk that is based on the Claude Code framework and is integrated with a ChatOps framework from Slack. 

Using the system, engineers can initiate bug fixes, implement feature changes, and oversee releases using natural language prompts rather than conventional coding interfaces, automating large portions of the build and deployment pipeline. 

Engineers can instruct the AI via Slack during morning commutes to modify the iOS application, according to Söderström; once the AI has finished modifying the application, a revised build is delivered back to the engineer for review and approval, allowing the application to be deployed to production before the workday officially commences. This architecture was credited by Spotify with reducing friction between ideation and release, significantly reducing development timelines. This approach is regarded as a preliminary step rather than a final destination in a broader evolution driven by artificial intelligence. 

A company executive highlighted what the company views as a competitive advantage, which consists of a proprietary dataset rooted in music behavior, taste preferences, and contextual listening signals that is difficult for general-purpose language models to replicate or commoditize.

Spotify believes its data foundation allows it to extend AI capabilities beyond traditional knowledge retrieval to nuanced, experience-driven domains, such as music discovery and interpretation, where the answers are often subjective rather than factual. As a result of these developments, engineers are less likely to be replaced than re-calibrated. 

Increasingly, generative systems assume the responsibility for syntax, scaffolding, and execution, thereby shifting the focus of software development toward architectural judgment, system thinking, data stewardship, and rigorous supervision. 

Technology leaders must now expand their agenda beyond adoption to governance: establishing validation frameworks, security guardrails, and accountability structures in order to ensure AI-accelerated output meets production-grade requirements. 

Rather than competing against intelligent systems line by line, engineers' competitive advantage will increasingly lie in their ability to orchestrate them. In the future, coding will not be defined by keystrokes but by how effectively humans create, constrain, and direct the machines that code them.
Read more »
zero click
Artificial Intelligence BBC Hacking Software Technology zero click

AI Coding Platform Orchids Exposed to Zero-Click Hack in BBC Security Test

 


A BBC journalist has demonstrated an unresolved cybersecurity weakness in an artificial intelligence coding platform that is rapidly gaining users.

The tool, called Orchids, belongs to a new category often referred to as “vibe-coding.” These services allow individuals without programming training to create software by describing what they want in plain language. The system then writes and executes the code automatically. In recent months, platforms like this have surged in popularity and are frequently presented as examples of how AI could reshape professional work by making development faster and cheaper.

Yet the same automation that makes these tools attractive may also introduce new forms of exposure.

Orchids states that it has around one million users and says major technology companies such as Google, Uber, and Amazon use its services. It has also received strong ratings from software review groups, including App Bench. The company is headquartered in San Francisco, was founded in 2025, and publicly lists a team of fewer than ten employees. The BBC said it contacted the firm multiple times for comment but did not receive a response before publication.

The vulnerability was demonstrated by cybersecurity researcher Etizaz Mohsin, who has previously uncovered software flaws, including issues connected to surveillance tools such as Pegasus. Mohsin said he discovered the weakness in December 2025 while experimenting with AI-assisted coding. He reported attempting to alert Orchids through email, LinkedIn, and Discord over several weeks. According to the BBC, the company later replied that the warnings may have been overlooked due to a high volume of incoming messages.

To test the flaw, a BBC reporter installed the Orchids desktop application on a spare laptop and asked it to generate a simple computer game modeled on a news website. As the AI produced thousands of lines of code on screen, Mohsin exploited a security gap that allowed him to access the project remotely. He was able to view and modify the code without the journalist’s knowledge.

At one point, he inserted a short hidden instruction into the project. Soon after, a text file appeared on the reporter’s desktop stating that the system had been breached, and the device’s wallpaper changed to an image depicting an AI-themed hacker. The experiment showed that an outsider could potentially gain control of a machine running the software.

Such access could allow an attacker to install malicious programs, extract private corporate or financial information, review browsing activity, or activate cameras and microphones. Unlike many common cyberattacks, this method did not require the victim to click a link, download a file, or enter login details. Security professionals refer to this technique as a zero-click attack.

Mohsin said the rise of AI-driven coding assistants represents a shift in how software is built and managed, creating new categories of technical risk. He added that delegating broad system permissions to AI agents carries consequences that are not yet fully understood.

Although Mohsin said he has not identified the same flaw in other AI coding tools such as Claude Code, Cursor, Windsurf, or Lovable, cybersecurity academics urge caution. Kevin Curran, a professor at Ulster University, noted that software created without structured review and documentation may be more vulnerable under attack.

The discussion extends beyond coding platforms. AI agents designed to perform tasks directly on a user’s device are becoming more common. One recent example is Clawbot, also known as Moltbot or Open Claw, which can send messages or manage calendars with minimal human input and has reportedly been downloaded widely.

Karolis Arbaciauskas, head of product at NordPass, warned that granting such systems unrestricted access to personal devices can expose users to serious risks. He advised running experimental AI tools on separate machines and using temporary accounts to limit potential damage.

Read more »
Privacy
AI Copyright AI Litigation Anonymized Logs Artificial Intelligence ChatGPT Data Cybersecurity Law Data Preservation Digital Evidence Privacy

OpenAI Faces Court Order to Disclose 20 Million Anonymized ChatGPT Chats


OpenAI, a company that is pushing to redefine how courts balance innovation, privacy, and the enforcement of copyright in the current legal battle over artificial intelligence and intellectual property, has brought a lawsuit challenging a sweeping discovery order. 

It was announced on Wednesday that the artificial intelligence company requested a federal judge to overturn a ruling that requires it to disclose 20 million anonymized ChatGPT conversation logs, warning even de-identified records may reveal sensitive information about users. 

In the current dispute, the New York Times and several other news organizations have filed a lawsuit alleging that OpenAI is violating copyright terms in its large language models by illegally using their content. The claim is that OpenAI has violated its copyright rights by using their copyrighted content. 

A federal district court in New York upheld two discovery orders on January 5, 2026 that required OpenAI to produce a substantial sample of the interactions with ChatGPT by the end of the year, a consequential milestone in an ongoing litigation that is situated at the intersection of copyright law, data privacy, and the emergence of artificial intelligence. 

According to the court's decision, this case concludes that there is a growing willingness by judicial authorities to critically examine the internal data practices of AI developers, while corporations argue that disclosure of this sort could have far-reaching implications for both user trust and the confidentiality of platforms themselves. As part of the controversy, plaintiffs are requesting access to ChatGPT's conversation logs that record both user prompts and the system's response to those prompts. 

Those logs, they argue, are crucial in evaluating claims of copyright infringement as well as OpenAI's asserted defenses, including fair use, since they capture both user prompts and system responses. In July 2025, when OpenAI filed a motion seeking the production of a 120-million-log sample, citing the scale and the privacy concerns involved in the request, it refused.

OpenAI, which maintains billions of logs as part of its normal operations, initially resisted the request. It responded by proposing to produce 20 million conversations, stripped of all personally identifiable information and sensitive information, using a proprietary process that would ensure the data would not be manipulated. 

A reduction of this sample was agreed upon by plaintiffs as an interim measure, however they reserved the right to continue their pursuit of a broader sample if the data were not sufficient. During October 2025, tensions escalated as OpenAI changed its position, offering instead to search for targeted words within the 20-million-log dataset and only to find conversations that directly implicated the plaintiff's work based on those search terms.

In their opinion, limiting disclosure to filtered results would be a better safeguard for user privacy, preventing the exposure of unnecessary unrelated communications. Plaintiffs, however, swiftly rejected this approach, filing a new motion to demand the release of the entire de-identified dataset. 

On November 7, 2025, a U.S. Magistrate Judge Ona Wang sided with the plaintiffs, ordering OpenAI to provide all of the sample data in addition to denying the company's request to reconsider. A judge ruled that obtaining access to both relevant and ostensibly irrelevant logs was necessary in order to conduct a comprehensive and fair analysis of OpenAI's claims. 

Accordingly, even conversations which are not directly referencing copyrighted material can be taken into account by OpenAI when attempting to prove fair use. As part of its assessment of privacy risks, the court deemed that the dataset had been reduced from billions to 20 million records by applying de-identification measures and enforcing a standing protective order, all of which were adequate to mitigate them. 

In light of the fact that the litigation is entering a more consequential phase, Keker Van Nest, Latham & Watkins, and Morrison & Foerster are representing OpenAI in the matter, which is approaching court-imposed production deadlines. 

In light of the fact that the order reflects a broader judicial posture toward artificial intelligence disputes, legal observers have noticed that courts are increasingly willing to compel extensive discovery - even if it is anonymous - to examine the process by which large language models are trained and whether copyrighted material may be involved.

A crucial aspect of this ruling is that it strengthens the procedural avenues for publishers and other content owners to challenge alleged copyright violations by AI developers. The ruling highlights the need for technology companies to be vigilant with their stewardship of large repositories of user-generated data, and the legal risks associated with retaining, processing, and releasing such data. 

Additionally, the dispute has intensified since there have been allegations that OpenAI was not able to suspend certain data deletion practices after the litigation commenced, therefore perhaps endangering evidence relevant to claims that some users may have bypassed publisher paywalls through their use of OpenAI products. 

As a result of the deletions, plaintiffs claim that they disproportionately affected free and subscription-tier user records, raising concerns about whether evidence preservation obligations were met fully. The company, which has been named as a co-defendant in the case, has been required to produce more than eight million anonymized Copilot interaction logs in response to the lawsuit and has not faced similar data preservation complaints.

A statement by Dr. Ilia Kolochenko, CEO of ImmuniWeb, on the implications of the ruling was given by CybersecurityNews. He said that while the ruling represents a significant legal setback for OpenAI, it could also embolden other plaintiffs to pursue similar discovery strategies or take advantage of stronger settlement positions in parallel proceedings. 

In response to the allegations, several courts have requested a deeper investigation into OpenAI's internal data governance practices, including a request for injunctions preventing further deletions until it is clear what remains and what is potentially recoverable and what can be done. Aside from the courtroom, the case has been accompanied by an intensifying investor scrutiny that has swept the artificial intelligence industry nationwide. 

In the midst of companies like SpaceX and Anthropic preparing for a possible public offering at a valuation that could reach hundreds of billions of dollars, market confidence is becoming increasingly dependent upon the ability of companies to cope with regulatory exposure, rising operational costs, and competitive pressures associated with rapid artificial intelligence development. 

Meanwhile, speculation around strategic acquisitions that could reshape the competitive landscape continues to abound in the industry. The fact that reports suggest OpenAI is exploring Pinterest may highlight the strategic value that large amounts of user interaction data have for enhancing product search capabilities and increasing ad revenue—both of which are increasingly critical considerations in the context of the competition between major technology companies for real-time consumer engagement and data-driven growth.

In view of the detailed allegations made by the news organizations, the litigation has gained added urgency due to the fact that a significant volume of potentially relevant data has been destroyed as a consequence of OpenAI's failure to preserve key evidence after the lawsuit was filed. 

A court filing indicates that plaintiffs learned nearly 11 months ago that large quantities of ChatGPT output logs, which reportedly affected a considerable number of Free, Pro, and Plus user conversations, had been deleted at an alarming rate after the suit was filed, and they were reportedly doing so at a disproportionately high rate. 

It is argued by plaintiffs that users trying to circumvent paywalls were more likely to enable chat deletion, which indicates this category of data is most likely to contain infringing material. Furthermore, the filings assert that despite OpenAI's attempt to justify the deletion of approximately one-third of all user conversations after the New York Times' complaint, OpenAI failed to provide any rationale other than citing what appeared to be an anomalous drop in usage during the period around the New Year of 2024. 

While news organizations have alleged OpenAI has continued routine deletion practices without implementing litigation holds despite two additional spikes in mass deletions that have been attributed to technical issues, they have selectively retained outputs relating to accounts mentioned in the publishers' complaints and continue to do so. 

During a testimony by OpenAI's associate general counsel, Mike Trinh, plaintiffs argue that the trial documents preserved by OpenAI substantiate the defenses of OpenAI, whereas the records that could substantiate the claims of third parties were not preserved. 

According to the researchers, the precise extent of the loss of the data remains unclear, because OpenAI still refuses to disclose even basic details about what it does and does not erase, an approach that they believe contrasts with Microsoft's ability to preserve Copilot log files without having to go through similar difficulties.

Consequently, as a result of Microsoft's failure to produce searchable Copilot logs, and in light of OpenAI's deletion of mass amounts of data, the news organizations are seeking a court order for Microsoft to produce searchable Copilot logs as soon as possible. 

It has also been requested that the court maintain the existing preservation orders which prevent further permanent deletions of output data as well as to compel OpenAI to accurately reflect the extent to which output data has been destroyed across the company's products as well as clarify whether any of that information can be restored and examined for its legal purposes.
Read more »
Subscribe to: Comments (Atom)