How Deepfakes Are Created Generative AI models enable the creation of highly realistic fake media. Most deepfakes today are produced by training deep neural networks on real images, video or audio of a target person. The two predominant AI architectures are generative adversarial networks (GANs) and autoencoders. A GAN consists of a generator network that produces synthetic images and a discriminator network that tries to distinguish fakes from real data. Through iterative training, the generator learns to produce outputs that increasingly fool the discriminator¹. Autoencoder-based tools similarly learn to encode a target face and then decode it onto a source video. In practice, deepfake creators use accessible software: open-source tools like DeepFaceLab and FaceSwap dominate video face-swapping (one estimate suggests DeepFaceLab was used for over 95% of known deepfake videos)². Voice-cloning tools (often built on similar AI principles) can mimic a person’s speech from minutes of audio. Commercial platforms like Synthesia allow text-to-video avatars (turning typed scripts into lifelike “spokespeople”), which have already been misused in disinformation campaigns³. Even mobile apps (e.g. FaceApp, Zao) let users do basic face swaps in minutes⁴. In short, advances in GANs and related models make deepfakes cheaper and easier to generate than ever. Diagram of a generative adversarial network (GAN): A generator network creates fake images from random input and a discriminator network distinguishes fakes from real examples. Over time the generator improves until its outputs “fool” the discriminator⁵ During creation, a deepfake algorithm is typically trained on a large dataset of real images or audio from the target. The more varied and high-quality the training data, the more realistic the deepfake. The output often then undergoes post-processing (color adjustments, lip-syncing refinements) to enhance believability¹. Technical defenses focus on two fronts: detection and authentication. Detection uses AI models to spot inconsistencies (blinking irregularities, audio artifacts or metadata mismatches) that betray a synthetic origin⁵. Authentication embeds markers before dissemination – for example, invisible watermarks or cryptographically signed metadata indicating authenticity⁶. The EU AI Act will soon mandate that major AI content providers embed machine-readable “watermark” signals in synthetic media⁷. However, as GAO notes, detection is an arms race – even a marked deepfake can sometimes evade notice – and labels alone don’t stop false narratives from spreading⁸⁹. Deepfakes in Recent Elections: Examples Deepfakes and AI-generated imagery already have made headlines in election cycles around the world. In the 2024 U.S. primary season, a digitally-altered audio robocall mimicked President Biden’s voice urging Democrats not to vote in the New Hampshire primary. The caller (“Susan Anderson”) was later fined $6 million by the FCC and indicted under existing telemarketing laws¹⁰¹¹. (Importantly, FCC rules on robocalls applied regardless of AI: the perpetrator could have used a voice actor or recording instead.) Also in 2024, former President Trump posted on social media a collage implying that pop singer Taylor Swift endorsed his campaign, using AI-generated images of Swift in “Swifties for Trump” shirts¹². The posts sparked media uproar, though analysts noted the same effect could have been achieved without AI (e.g., by photoshopping text on real images)¹². Similarly, Elon Musk’s X platform carried AI-generated clips, including a parody “Ad” depicting Vice-President Harris’s voice via an AI clone¹³. Beyond the U.S., deepfake-like content has appeared globally. In Indonesia’s 2024 presidential election, a video surfaced on social media in which a convincingly generated image of the late President Suharto appeared to endorse the candidate of the Golkar Party. Days later, the endorsed candidate (who is Suharto’s son-in-law) won the presidency¹⁴. In Bangladesh, a viral deepfake video superimposed the face of opposition leader Rumeen Farhana onto a bikini-clad body – an incendiary fabrication designed to discredit her in the conservative Muslim-majority society¹⁵. Moldova’s pro-Western President Maia Sandu has been repeatedly targeted by AI-driven disinformation; one deepfake video falsely showed her resigning and endorsing a Russian-friendly party, apparently to sow distrust in the electoral process¹⁶. Even in Taiwan (amidst tensions with China), a TikTok clip circulated that synthetically portrayed a U.S. politician making foreign-policy statements – stoking confusion ahead of Taiwanese elections¹⁷. In Slovakia’s recent campaign, AI-generated audio mimicking the liberal party leader suggested he plotted vote-rigging and beer-price hikes – instantly spreading on social media just days before the election¹⁸. These examples show that deepfakes have touched diverse polities (from Bangladesh and Indonesia to Moldova, Slovakia, India and beyond), often aiming to undermine candidates or confuse voters¹⁵¹⁸. Notably, many of the most viral “deepfakes” in 2024 were actually circulated as obvious memes or claims, rather than subtle deceptions. Experts observed that outright undetectable AI deepfakes were relatively rare; more common were AI-generated memes plainly shared by partisans, or cheaply doctored “cheapfakes” made with basic editing tools¹³¹⁹. For instance, social media was awash with memes of Kamala Harris in Soviet garb or of Black Americans holding Trump signs¹³, but these were typically used satirically, not meant to be secretly believed. Nonetheless, even unsophisticated fakes can sway opinion: a U.S. study found that false presidential ads (not necessarily AI-made) did change voter attitudes in swing states. In sum, deepfakes are a real and growing phenomenon in election campaigns²⁰²¹ worldwide – a trend taken seriously by voters and regulators alike. U.S. Legal Framework and Accountability In the U.S., deepfake creators and distributors of election misinformation face a patchwork of tools, but no single comprehensive federal “deepfake law.” Existing laws relevant to disinformation include statutes against impersonating government officials, electioneering (such as the Bipartisan Campaign Reform Act, which requires disclaimers on political ads), and targeted statutes like criminal electioneering communications. In some cases ordinary laws have been stretched: the NH robocall used the Telephone Consumer Protection Act and mail/telemarketing fraud provisions, resulting in the $6M fine and a criminal charge. Similarly, voice impostors can potentially violate laws against “false advertising” or “unlawful corporate communications.” However, these laws were enacted before AI, and litigators have warned they often do not fit neatly. For example, deceptive deepfake claims not tied to a specific victim do not easily fit into defamation or privacy torts. Voter intimidation laws (prohibiting threats or coercion) also leave a gap for non-threatening falsehoods about voting logistics or endorsements. Recognizing these gaps, some courts and agencies are invoking other theories. The U.S. Department of Justice has recently charged individuals under broad fraud statutes (e.g. for a plot to impersonate an aide to swing votes in 2020), and state attorneys general have considered deepfake misinformation as interference with voting rights. Notably, the Federal Election Commission (FEC) is preparing to enforce new rules: in April 2024 it issued an advisory opinion limiting “non-candidate electioneering communications” that use falsified media, effectively requiring that political ads use only real images of the candidate. If finalized, that would make it unlawful for campaigns to pay for ads depicting a candidate saying things they never did. Similarly, the Federal Trade Commission (FTC) and Department of Justice (DOJ) have signaled that purely commercial deepfakes could violate consumer protection or election laws (for example, liability for mass false impersonation or for foreign-funded electioneering). U.S. Legislation and Proposals Federal lawmakers have proposed new statutes. The DEEPFAKES Accountability Act (H.R.5586 in the 118th Congress) would, among other things, impose a disclosure requirement: political ads featuring a manipulated media likeness would need clear disclaimers identifying the content as synthetic. It also increases penalties for producing false election videos or audio intended to influence the vote. While not yet enacted, supporters argue it would provide a uniform rule for all federal and state campaigns. The Brennan Center supports transparency requirements over outright bans, suggesting laws should narrowly target deceptive deepfakes in paid ads or certain categories (e.g. false claims about time/place/manner of voting) while carving out parody and news coverage. At the state level, over 20 states have passed deepfake laws specifically for elections. For example, Florida and California forbid distributing falsified audio/visual media of candidates with intent to deceive voters (though Florida’s law exempts parody). Some states (like Texas) define “deepfake” in statutes and allow candidates to sue or revoke candidacies of violators. These measures have had mixed success: courts have struck down overly broad provisions that acted as prior restraints (e.g. Minnesota’s 2023 law was challenged for threatening injunctions against anyone “reasonably believed” to violate it). Critically, these state laws raise First Amendment issues: political speech is highly protected, so any restriction must be tightly tailored. Already, Texas and Virginia statutes are under legal review, and Elon Musk’s company has sued under California’s law (which requires platforms to label or block deepfakes) as unconstitutional. In practice, most lawsuits have so far centered on defamation or intellectual property (for instance, a celebrity suing over a botched celebrity-deepfake video), rather than election-focused statutes. Policy Recommendations: Balancing Integrity and Speech Given the rapidly evolving technology, experts recommend a multi-pronged approach. Most stress transparency and disclosure as core principles. For example, the Brennan Center urges requiring any political communication that uses AI-synthesized images or voice to include a clear label. This could be a digital watermark or a visible disclaimer. Transparency has two advantages: it forces campaigns and platforms to “own” the use of AI, and it alerts audiences to treat the content with skepticism. Outright bans on all deepfakes would likely violate free speech, but targeted bans on specific harms (e.g. automated phone calls impersonating voters, or videos claiming false polling information) may be defensible. Indeed, Florida already penalizes misuse of recordings in voter suppression. Another recommendation is limited liability: tying penalties to demonstrable intent to mislead, not to the mere act of content creation. Both U.S. federal proposals and EU law generally condition fines on the “appearance of fraud” or deception. Technical solutions can complement laws. Watermarking original media (as encouraged by the EU AI Act) could deter the reuse of authentic images in doctored fakes. Open tools for deepfake detection – some supported by government research grants – should be deployed by fact-checkers and social platforms. Making detection datasets publicly available (e.g. the MIT OpenDATATEST) helps improve AI models to spot fakes. International cooperation is also urged: cross-border agreements on information-sharing could help trace and halt disinformation campaigns. The G7 and APEC have all recently committed to fighting election interference via AI, which may lead to joint norms or rapid response teams. Ultimately, many analysts believe the strongest “cure” is a well-informed public: education campaigns to teach voters to question sensational media, and a robust independent press to debunk falsehoods swiftly. While the law can penalize the worst offenders, awareness and resilience in the electorate are crucial buffers against influence operations. As Georgia Tech’s Sean Parker quipped in 2019, “the real question is not if deepfakes will influence elections, but who will be empowered by the first effective one.” Thus policies should aim to deter malicious use without unduly chilling innovation or satire. References: https://www.security.org/resources/deepfake-statistics/. https://www.wired.com/story/synthesia-ai-deepfakes-it-control-riparbelli/. https://www.gao.gov/products/gao-24-107292. https://technologyquotient.freshfields.com/post/102jb19/eu-ai-act-unpacked-8-new-rules-on-deepfakes. https://knightcolumbia.org/blog/we-looked-at-78-election-deepfakes-political-misinformation-is-not-an-ai-problem. https://www.npr.org/2024/12/21/nx-s1-5220301/deepfakes-memes-artificial-intelligence-elections. https://apnews.com/article/artificial-intelligence-elections-disinformation-chatgpt-bc283e7426402f0b4baa7df280a4c3fd. https://www.lawfaremedia.org/article/new-and-old-tools-to-tackle-deepfakes-and-election-lies-in-2024. https://www.brennancenter.org/our-work/research-reports/regulating-ai-deepfakes-and-synthetic-media-political-arena. https://firstamendment.mtsu.edu/article/political-deepfakes-and-elections/. https://www.ncsl.org/technology-and-communication/deceptive-audio-or-visual-media-deepfakes-2024-legislation. https://law.unh.edu/sites/default/files/media/2022/06/nagumotu_pp113-157.pdf. https://dfrlab.org/2024/10/02/brazil-election-ai-research/. https://dfrlab.org/2024/11/26/brazil-election-ai-deepfakes/. https://freedomhouse.org/article/eu-digital-services-act-win-transparency. The post The Legal Accountability of AI-Generated Deepfakes in Election Misinformation appeared first on MarkTechPost.

Ivanka Trump has made it clear that she's done with politics. That hasn't stopped her and husband Jared Kushner from remaining an influential political couple.They have not formally reprised their roles as White House advisors in President Donald Trump's second administration, but they've remained present in Donald Trump's political orbit.While Ivanka Trump opted out of the 2024 campaign trail, she and Kushner still appeared at the Republican National Convention, Donald Trump's victory party on election night, and the inauguration. Kushner also reportedly served as an informal advisor ahead of Donald Trump's trip to the Middle East in May, CNN reported.Ivanka Trump, who is Donald Trump's eldest daughter, converted to Judaism before marrying Kushner in 2009. They have three children: Arabella, Joseph, and Theodore.Here's a timeline of Ivanka Trump and Kushner's relationship. 2007: Ivanka Trump and Jared Kushner met at a networking lunch arranged by one of her longtime business partners. Ivanka Trump and Jared Kushner in 2007. PAUL LAURIE/Patrick McMullan via Getty Images Ivanka Trump and Kushner were both 25 at the time."They very innocently set us up thinking that our only interest in one another would be transactional," Ivanka Trump told Vogue in 2015. "Whenever we see them we're like, 'The best deal we ever made!'" 2008: Ivanka Trump and Kushner broke up because of religious differences. Jared Kushner and Ivanka Trump in 2008. Patrick McMullan/Patrick McMullan via Getty Images Kushner was raised in the modern Orthodox Jewish tradition, and it was important to his family for him to marry someone Jewish. Ivanka Trump's family is Presbyterian. 2008: Three months later, the couple rekindled their romance on Rupert Murdoch's yacht. Ivanka Trump and Jared Kushner in 2008. David X Prutting/Patrick McMullan/Patrick McMullan via Getty Images In his memoir, "Breaking History," Kushner wrote that Murdoch's then-wife, Wendi Murdoch, was a mutual friend who invited them both on the yacht. May 2009: They attended the Met Gala together for the first time. Jared Kushner and Ivanka Trump at the Met Gala. BILLY FARRELL/Patrick McMullan via Getty Images The theme of the Met Gala that year was "The Model As Muse." Ivanka Trump wore a gown by designer Brian Reyes. July 2009: Ivanka Trump completed her conversion to Judaism, and she and Kushner got engaged. Jared Kushner and Ivanka Trump in 2009. Billy Farrell/Patrick McMullan/Patrick McMullan via Getty Images Kushner proposed with a 5.22-carat cushion-cut diamond engagement ring.Ivanka Trump told New York Magazine that she and her fiancé were "very mellow.""We go to the park. We go biking together. We go to the 2nd Avenue Deli," she said. "We both live in this fancy world. But on a personal level, I don't think I could be with somebody — I know he couldn't be with somebody — who needed to be 'on' all the time." October 2009: Ivanka Trump and Kushner married at the Trump National Golf Club in New Jersey. Jared Kushner and Ivanka Trump on their wedding day. Brian Marcus/Fred Marcus Photography via Getty Images The couple invited 500 guests, including celebrities like Barbara Walters, Regis Philbin, and Anna Wintour, as well as politicians such as Rudy Giuliani and Andrew Cuomo. July 2011: The couple welcomed their first child, Arabella. Ivanka Trump and Jared Kushner with Arabella Kushner. Robin Marchant/Getty Images "This morning @jaredkushner and I welcomed a beautiful and healthy little baby girl into the world," Ivanka announced on X, then Twitter. "We feel incredibly grateful and blessed. Thank you all for your support and well wishes!" October 2013: Ivanka Trump gave birth to their second child, Joseph. Ivanka Trump with Arabella Rose Kushner and Joseph Frederick Kushner in 2017. Alo Ceballos/GC Images He was named for Kushner's paternal grandfather Joseph and given the middle name Frederick after Donald Trump's father. March 2016: Kushner and Ivanka Trump welcomed their third child, Theodore, in the midst of Donald Trump's presidential campaign. Ivanka Trump carried her son Theodore as she held hands with Joseph alongside Jared Kushner and daughter Arabella on the White House lawn. SAUL LOEB/AFP via Getty Images "I said, 'Ivanka, it would be great if you had your baby in Iowa.' I really want that to happen. I really want that to happen," Donald Trump told supporters in Iowa in January 2016.All three of the couple's children were born in New York City. May 2016: They attended the Met Gala two months after Ivanka Trump gave birth. Jared Kushner and Ivanka Trump attend the Met Gala. Kevin Mazur/WireImage Ivanka Trump wore a red Ralph Lauren Collection halter jumpsuit.On a 2017 episode of "The Late Late Show with James Corden," Anna Wintour said that she would never invite Donald Trump to another Met Gala. January 2017: Ivanka Trump and Kushner attended Donald Trump's inauguration and danced together at the Liberty Ball. Ivanka Trump and Jared Kushner on Inauguration Day. Photo by Rob Carr/Getty Images The Liberty Ball was the first of three inaugural balls that Donald Trump attended. January 2017: After the inauguration, Ivanka and Kushner relocated to a $5.5 million home in the Kalorama section of Washington, DC. Jared Kushner and Ivanka Trump's house in Washington, DC. PAUL J. RICHARDS/AFP via Getty Images Ivanka Trump and Kushner rented the 7,000-square-foot home from billionaire Andrónico Luksic for $15,000 a month, The Wall Street Journal reported. May 2017: They accompanied Donald Trump on his first overseas trip in office. Jared Kushner and Ivanka Trump with Pope Francis. Vatican Pool - Corbis/Corbis via Getty Images Kushner and Ivanka Trump both served as advisors to the president. For the first overseas trip of Donald Trump's presidency, they accompanied him to Saudi Arabia, Israel, the Vatican, and summits in Brussels and Sicily. October 2019: The couple celebrated their 10th wedding anniversary with a lavish party at Camp David. Ivanka Trump and Jared Kushner at a state dinner. MANDEL NGAN/AFP via Getty Images All of the Trump and Kushner siblings were in attendance. A White House official told CNN that the couple was covering the cost of the party, but Donald Trump tweeted that the cost would be "totally paid for by me!" August 2020: Ivanka Trump spoke about moving their family to Washington, DC, at the Republican National Convention. Jared Kushner and Ivanka Trump at the Republican National Convention. SAUL LOEB/AFP via Getty Images "When Jared and I moved with our three children to Washington, we didn't exactly know what we were in for," she said in her speech. "But our kids loved it from the start." December 2020: Ivanka Trump and Kushner reportedly bought a $32 million empty lot in Miami's "Billionaire Bunker." Jared Kushner and Ivanka Trump's plot of land in Indian Creek Village. The Jills Zeder Group; Samir Hussein/WireImage/Getty Images After Donald Trump lost the 2020 election, Page Six reported that the couple purchased a 1.8-acre waterfront lot owned by singer Julio Iglesias, Enrique Iglesias' father, in Indian Creek Village, Florida.The island where it sits has the nickname "Billionaire Bunker" thanks to its multitude of ultra-wealthy residents over the years, including billionaire investor Carl Icahn, supermodel Adriana Lima, and former Miami Dolphins coach Don Shula. January 2021: They skipped Joe Biden's inauguration, flying with Donald Trump to his Mar-a-Lago residence in Palm Beach, Florida, instead. Ivanka Trump, Jared Kushner, and their children prepared for Donald Trump's departure on Inauguration Day. ALEX EDELMAN/AFP via Getty Images Donald Trump did not attend Biden's inauguration, breaking a long-standing norm in US democracy. While initial reports said that Ivanka Trump was planning to attend the inauguration, a White House official told People magazine that "Ivanka is not expected to attend the inauguration nor was she ever expected to." January 2021: The couple signed a lease for a luxury Miami Beach condo near their Indian Creek Village property. Arte Surfside. Antonio Citterio Patricia Viel Ivanka Trump and Kushner signed a lease for a "large, unfurnished unit" in the amenities-packed Arte Surfside condominium building in Surfside, Florida.Surfside, a beachside town just north of Miami Beach that's home to fewer than 6,000 people, is only a five-minute drive from Indian Creek Island, where they bought their $32 million empty lot. April 2021: Ivanka Trump and Kushner reportedly added a $24 million mansion in Indian Creek Village to their Florida real-estate profile. Ivanka Trump and Jared Kushner on a walk in Florida. MEGA/GC Images The Real Deal reported that Ivanka and Kushner purchased another Indian Creek property — this time, a 8,510-square-foot mansion situated on a 1.3-acre estate. June 2021: Several outlets reported that the couple began to distance themselves from Donald Trump due to his fixation on conspiracy theories about the 2020 election. Ivanka Trump and Jared Kushner behind Donald Trump. Kevin Lamarque/Reuters CNN reported that Trump was prone to complain about the 2020 election and falsely claim it was "stolen" from him to anyone listening and that his "frustrations emerge in fits and starts — more likely when he is discussing his hopeful return to national politics."While Ivanka and Kushner had been living in their Miami Beach condo, not far from Trump's Mar-a-Lago club in Palm Beach, Florida, they'd visited Trump less and less frequently and were absent from big events at Mar-a-Lago, CNN said.The New York Times also reported that Kushner wanted "to focus on writing his book and establishing a simpler relationship" with the former president. October 2021: Ivanka Trump and Kushner visited Israel's parliament for the inaugural event of the Abraham Accords Caucus. Jared Kushner and Ivanka Trump in Israel. AHMAD GHARABLI/AFP via Getty Images The Abraham Accords, which Kushner helped broker in August 2020, normalized relations between Israel and the United Arab Emirates, Bahrain, Sudan, and Morocco.During their visit, Ivanka Trump and Kushner met with then-former Prime Minister Benjamin Netanyahu and attended an event at the Museum of Tolerance Jerusalem with former US Secretary of State Mike Pompeo. August 2022: Kushner released his memoir, "Breaking History," in which he wrote about their courtship. Jared Kushner. John Lamparski/Getty Images for Concordia Summit "In addition to being arrestingly beautiful, which I knew before we met, she was warm, funny, and brilliant," he wrote of getting to know Ivanka Trump. "She has a big heart and a tremendous zest for exploring new things."He also wrote that when he told Donald Trump that he was planning a surprise engagement, Trump "picked up the intercom and alerted Ivanka that she should expect an imminent proposal." November 2022: Kushner attended Donald Trump's 2024 campaign announcement without Ivanka Trump. Kimberly Guilfoyle, Jared Kushner, Eric Trump, and Lara Trump at Donald Trump's presidential campaign announcement. Jonathan Ernst/Reuters Ivanka Trump released a statement explaining her absence from the event."I love my father very much," her statement read. "This time around, I am choosing to prioritize my children and the private life we are creating as a family. I do not plan to be involved in politics. While I will always love and support my father, going forward I will do so outside the political arena." July 2024: Ivanka Trump and Kushner made a rare political appearance at the Republican National Convention. Donald Trump and Melania Trump onstage with Ivanka Trump and Jared Kushner. Jason Armond/Los Angeles Times via Getty Images Ivanka Trump did not campaign for her father or give a speech as she had at past Republican National Conventions, but she and Jared Kushner joined Trump family members onstage after Donald Trump's remarks. November 2024: They joined members of the Trump family in Palm Beach, Florida, to celebrate Donald Trump's election victory.

To state the obvious: Our species has fully entered the Age of AI. And AI is here to stay. The fact that AI chatbots appear to speak human language has become a major source of confusion. Companies are making and selling AI friends, lovers, pets, and therapists. Some AI researchers falsely claim their AI and robots can “feel” and “think.” Even Apple falsely says it’s building a lamp that can feel emotion. Another source of confusion is whether AI is to blame when it fails, hallucinates, or outputs errors that impact people in the real world. Just look at some of the headlines: “Who’s to Blame When AI Makes a Medical Error?” “Human vs. AI: Who is responsible for AI mistakes?” “In a World of AI Agents, Who’s Accountable for Mistakes?” Look, I’ll give you the punchline in advance: The user is responsible. AI is a tool like any other. If a truck driver falls asleep at the wheel, it’s not the truck’s fault. If a surgeon leaves a sponge inside a patient, it’s not the sponge’s fault. If a prospective college student gets a horrible score on the SAT, it’s not the fault of their No. 2 pencil. It’s easy for me to claim that users are to blame for AI errors. But let’s dig into the question more deeply. Writers caught with their prose down Lena McDonald, a fantasy romance author, got caught using AI to copy another writer’s style. Her latest novel, Darkhollow Academy: Year 2, released in March, contained the following riveting line in Chapter 3: “I’ve rewritten the passage to align more with J. Bree’s style, which features more tension, gritty undertones, and raw emotional subtext beneath the supernatural elements.” This was clearly copied and pasted from an AI chatbot, along with words she was passing off as her own. This news is sad and funny but not unique. In 2025 alone, at least two other romance authors, K.C. Crowne and Rania Faris, were caught with similar AI-generated prompts left in their self-published novels, suggesting a wider trend. It happens in journalism, too. On May 18, the Chicago Sun-Times and The Philadelphia Inquirer published a “Summer Reading List for 2025” in its Sunday print supplement, featuring 15 books supposedly written by well-known authors. Unfortunately, most of the books don’t exist. Tidewater Dreams by Isabel Allende, Nightshade Market by Min Jin Lee, and The Last Algorithm by Andy Weir are fake books attributed to real authors. The fake books were dreamed up by AI, which the writer Marco Buscaglia admitted to using. (The article itself was not produced by the newspapers that printed it. The story originated with King Features Syndicate, a division of Hearst, which created and distributed the supplement to multiple newspapers nationwide.) Whose fault was this? Well, it was clearly the writer’s fault. A writer’s job always involves editing. A writer needs to, at minimum, read their own words and consider cuts, expansions, rewording, and other changes. In all these cases, the authors failed to be professional writers. They didn’t even read their books or the books they recommended. Fact-checkers exist at some publications and not at others. Either way, it’s up to writers to have good reason to assert facts or use quotes. Writers are also editors and fact-checkers. It’s just part of the job. I use these real-life examples because they demonstrate clearly that the writer — the AI user — is definitely to blame when errors occur with AI chatbots. The user chooses the tool, does the prompt engineering, sees the output, and either catches and corrects errors or not. OK, but what about bigger errors? Air Canada’s chatbot last year told a customer about a bereavement refund policy that didn’t exist. When the customer took the airline to a small-claims tribunal, Air Canada argued the chatbot was a “separate legal entity.” The tribunal didn’t buy it and ruled against the airline. Google’s AI Overviews became a punchline after telling users to put glue on pizza and eat small rocks. Apple’s AI-powered notification summaries created fake headlines, including a false report that Israeli Prime Minister Benjamin Netanyahu had been arrested. Canadian lawyer Chong Ke cited two court cases provided by ChatGPT in a custody dispute. The AI completely fabricated both cases, and Ke was ordered to pay the opposing counsel’s research costs. Last year, various reports exposed major flaws in AI-powered medical transcription tools, especially those based on OpenAI’s Whisper model. Researchers found that Whisper frequently “transcribes” content that was never said. A study presented at the Association for Computing Machinery FAccT Conference found that about 1% of Whisper’s transcriptions contained fabricated content, and nearly 38% of those errors could potentially cause harm in a medical setting. Every single one of these errors and problems falls squarely on the users of AI, and any attempt to blame the AI tools in use is just confusion about what AI is. The big picture What all my examples above have in common is that users let AI do the user’s job unsupervised. The opposite end of the spectrum of turning your job over to unsupervised AI is not using AI at all. In fact, many companies and organizations explicitly ban the use of AI chatbots and other AI tools. This is often a mistake, too. Acclimating ourselves to the Age of AI means finding a middle ground where we use AI tools to improve our jobs. Most of us should use AI. But we should learn to use it well and check every single thing it does, based on the knowledge that any use of AI is 100% the user’s responsibility. I expect the irresponsible use of AI will continue to cause errors, problems, and even catastrophes. But don’t blame the software. In the immortal words of the fictional HAL 9000 AI supercomputer from 2001: A Space Odyssey: “It can only be attributable to human error.”

Chaos ensued on German roads this week after Google Maps wrongly informed drivers that highways throughout the country were closed during a busy holiday. Many of the apparently closed roads were located near large German cities and metropolitan areas, including Berlin, Düsseldorf and Dortmund. As reported by a locally based journalist for The Guardian, drivers opening Google’s navigation app would see a swarm of red dots used to indicate no-go areas, which resulted in people looking for alternative routes that caused traffic pile-ups nationwide. The Guardian also reported that police and local authorities were contacted by people confused (and presumably pretty annoyed) about the supposed standstill. To compound the issue, the Google Maps error coincided with the beginning of Germany’s Ascension Day public holiday on May 29, which meant the roads were even busier than usual. In ganz DeutschlandChaos bei Google Maps: Dienst zeigt unzählige falsche Sperrungenhttps://t.co/qEfIRrIHx3— Peter Berger (@leosgeminix) May 29, 2025 The problem reportedly only lasted for a few hours and by Thursday afternoon only genuine road closures were being displayed. It’s not clear whether Google Maps had just malfunctioned, or if something more nefarious was to blame. "The information in Google Maps comes from a variety of sources. Information such as locations, street names, boundaries, traffic data, and road networks comes from a combination of third-party providers, public sources, and user input," a spokesperson for Google told German newspaper Berliner Morgenpost, adding that it is internally reviewing the problem. "In general, these sources provide a strong foundation for comprehensive and up-to-date maps." Technical issues with Google Maps are not uncommon. Back in March, users were reporting that their Timeline — which keeps track of all the places you’ve visited before for future reference — had been wiped, with Google later confirming that some people had indeed had their data deleted, and in some cases, would not be able to recover it.This article originally appeared on Engadget at https://www.engadget.com/apps/google-maps-falsely-told-drivers-in-germany-that-roads-across-the-country-were-closed-134026943.html?src=rss

Published May 27, 2025 10:00am EDT close Deepfake technology 'is getting so easy now': Cybersecurity expert Cybersecurity expert Morgan Wright breaks down the dangers of deepfake video technology on 'Unfiltered.' Imagine your phone rings and the voice on the other end sounds just like your boss, a close friend, or even a government official. They urgently ask for sensitive information, except it's not really them. It's a deepfake, powered by AI, and you're the target of a sophisticated scam. These kinds of attacks are happening right now, and they're getting more convincing every day.That's the warning sounded by the 2025 AI Security Report, unveiled at the RSA Conference (RSAC), one of the world's biggest gatherings for cybersecurity experts, companies, and law enforcement. The report details how criminals are harnessing artificial intelligence to impersonate people, automate scams, and attack security systems on a massive scale.From hijacked AI accounts and manipulated models to live video scams and data poisoning, the report paints a picture of a rapidly evolving threat landscape, one that's touching more lives than ever before. Illustration of cybersecurity risks. (Kurt "CyberGuy" Knutsson)AI tools are leaking sensitive dataOne of the biggest risks of using AI tools is what users accidentally share with them. A recent analysis by cybersecurity firm Check Point found that 1 in every 80 AI prompts includes high-risk data, and about 1 in 13 contains sensitive information that could expose users or organizations to security or compliance risks.This data can include passwords, internal business plans, client information, or proprietary code. When shared with AI tools that are not secured, this information can be logged, intercepted, or even leaked later.Deepfake scams are now real-time and multilingualAI-powered impersonation is getting more advanced every month. Criminals can now fake voices and faces convincingly in real time. In early 2024, a British engineering firm lost 20 million pounds after scammers used live deepfake video to impersonate company executives during a Zoom call. The attackers looked and sounded like trusted leaders and convinced an employee to transfer funds.Real-time video manipulation tools are now being sold on criminal forums. These tools can swap faces and mimic speech during video calls in multiple languages, making it easier for attackers to run scams across borders. Illustration of a person video conferencing on their laptop. (Kurt "CyberGuy" Knutsson)AI is running phishing and scam operations at scaleSocial engineering has always been a part of cybercrime. Now, AI is automating it. Attackers no longer need to speak a victim’s language, stay online constantly, or manually write convincing messages.Tools like GoMailPro use ChatGPT to create phishing and spam emails with perfect grammar and native-sounding tone. These messages are far more convincing than the sloppy scams of the past. GoMailPro can generate thousands of unique emails, each slightly different in language and urgency, which helps them slip past spam filters. It is actively marketed on underground forums for around $500 per month, making it widely accessible to bad actors.Another tool, the X137 Telegram Console, leverages Gemini AI to monitor and respond to chat messages automatically. It can impersonate customer support agents or known contacts, carrying out real-time conversations with multiple targets at once. The replies are uncensored, fast, and customized based on the victim’s responses, giving the illusion of a human behind the screen.AI is also powering large-scale sextortion scams. These are emails that falsely claim to have compromising videos or photos and demand payment to prevent them from being shared. Instead of using the same message repeatedly, scammers now rely on AI to rewrite the threat in dozens of ways. For example, a basic line like "Time is running out" might be reworded as "The hourglass is nearly empty for you," making the message feel more personal and urgent while also avoiding detection.By removing the need for language fluency and manual effort, these AI tools allow attackers to scale their phishing operations dramatically. Even inexperienced scammers can now run large, personalized campaigns with almost no effort. Stolen AI accounts are sold on the dark webWith AI tools becoming more popular, criminals are now targeting the accounts that use them. Hackers are stealing ChatGPT logins, OpenAI API keys, and other platform credentials to bypass usage limits and hide their identity. These accounts are often stolen through malware, phishing, or credential stuffing attacks. The stolen credentials are then sold in bulk on Telegram channels and underground forums. Some attackers are even using tools that can bypass multi-factor authentication and session-based security protections. These stolen accounts allow criminals to access powerful AI tools and use them for phishing, malware generation, and scam automation. Illustration of a person signing into their laptop. (Kurt "CyberGuy" Knutsson)Jailbreaking AI is now a common tacticCriminals are finding ways to bypass the safety rules built into AI models. On the dark web, attackers share techniques for jailbreaking AI so it will respond to requests that would normally be blocked. Common methods include:Telling the AI to pretend it is a fictional character that has no rules or limitationsPhrasing dangerous questions as academic or research-related scenariosAsking for technical instructions using less obvious wording so the request doesn’t get flaggedSome AI models can even be tricked into jailbreaking themselves. Attackers prompt the model to create input that causes it to override its own restrictions. This shows how AI systems can be manipulated in unexpected and dangerous ways.AI-generated malware is entering the mainstreamAI is now being used to build malware, phishing kits, ransomware scripts, and more. Recently, a group called FunkSac was identified as the leading ransomware gang using AI. Its leader admitted that at least 20% of their attacks are powered by AI. FunkSec has also used AI to help launch attacks that flood websites or services with fake traffic, making them crash or go offline. These are known as denial-of-service attacks. The group even created its own AI-powered chatbot to promote its activities and communicate with victims on its public website..Some cybercriminals are even using AI to help with marketing and data analysis after an attack. One tool called Rhadamanthys Stealer 0.7 claimed to use AI for "text recognition" to sound more advanced, but researchers later found it was using older technology instead. This shows how attackers use AI buzzwords to make their tools seem more advanced or trustworthy to buyers.Other tools are more advanced. One example is DarkGPT, a chatbot built specifically to sort through huge databases of stolen information. After a successful attack, scammers often end up with logs full of usernames, passwords, and other private details. Instead of sifting through this data manually, they use AI to quickly find valuable accounts they can break into, sell, or use for more targeted attacks like ransomware.Get a free scan to find out if your personal information is already out on the web Poisoned AI models are spreading misinformationSometimes, attackers do not need to hack an AI system. Instead, they trick it by feeding it false or misleading information. This tactic is called AI poisoning, and it can cause the AI to give biased, harmful, or completely inaccurate answers. There are two main ways this happens:Training poisoning: Attackers sneak false or harmful data into the model during developmentRetrieval poisoning: Misleading content online gets planted, which the AI later picks up when generating answersIn 2024, attackers uploaded 100 tampered AI models to the open-source platform Hugging Face. These poisoned models looked like helpful tools, but when people used them, they could spread false information or output malicious code.A large-scale example came from a Russian propaganda group called Pravda, which published more than 3.6 million fake articles online. These articles were designed to trick AI chatbots into repeating their messages. In tests, researchers found that major AI systems echoed these false claims about 33% of the time. Illustration of a hacker at work (Kurt "CyberGuy" Knutsson)How to protect yourself from AI-driven cyber threatsAI-powered cybercrime blends realism, speed, and scale. These scams are not just harder to detect. They are also easier to launch. Here’s how to stay protected:1) Avoid entering sensitive data into public AI tools: Never share passwords, personal details, or confidential business information in any AI chat, even if it seems private. These inputs can sometimes be logged or misused.2) Use strong antivirus software: AI-generated phishing emails and malware can slip past outdated security tools. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices.3) Turn on two-factor authentication (2FA): 2FA adds an extra layer of protection to your accounts, including AI platforms. It makes it much harder for attackers to break in using stolen passwords.4) Be extra cautious with unexpected video calls or voice messages: If something feels off, even if the person seems familiar, verify before taking action. Deepfake audio and video can sound and look very real.5) Use a personal data removal service: With AI-powered scams and deepfake attacks on the rise, criminals are increasingly relying on publicly available personal information to craft convincing impersonations or target victims with personalized phishing. By using a reputable personal data removal service, you can reduce your digital footprint on data broker sites and public databases. This makes it much harder for scammers to gather the details they need to convincingly mimic your identity or launch targeted AI-driven attacks.While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice.  They aren’t cheap - and neither is your privacy.  These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites.  It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.  By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here. 6) Consider identity theft protection: If your data is leaked through a scam, early detection is key. Identity protection services can monitor your information and alert you to suspicious activity. Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.7) Regularly monitor your financial accounts: AI-generated phishing, malware, and account takeover attacks are now more sophisticated and widespread than ever, as highlighted in the 2025 AI Security Report. By frequently reviewing your bank and credit card statements for suspicious activity, you can catch unauthorized transactions early, often before major damage is done. Quick detection is crucial, especially since stolen credentials and financial information are now being traded and exploited at scale by cybercriminals using AI.8) Use a secure password manager: Stolen AI accounts and credential stuffing attacks are a growing threat, with hackers using automated tools to break into accounts and sell access on the dark web. A secure password manager helps you create and store strong, unique passwords for every account, making it far more difficult for attackers to compromise your logins, even if some of your information is leaked or targeted by AI-driven attacks. Get more details about my best expert-reviewed Password Managers of 2025 here.9) Keep your software updated: AI-generated malware and advanced phishing kits are designed to exploit vulnerabilities in outdated software. To stay ahead of these evolving threats, ensure all your devices, browsers, and applications are updated with the latest security patches. Regular updates close security gaps that AI-powered malware and cybercriminals are actively seeking to exploit. Kurt's key takeawaysCybercriminals are now using AI to power some of the most convincing and scalable attacks we’ve ever seen. From deepfake video calls and AI-generated phishing emails to stolen AI accounts and malware written by chatbots, these scams are becoming harder to detect and easier to launch. Attackers are even poisoning AI models with false information and creating fake tools that look legitimate but are designed to do harm. To stay safe, it’s more important than ever to use strong antivirus protection, enable multi-factor authentication, and avoid sharing sensitive data with AI tools you do not fully trust.Have you noticed AI scams getting more convincing? Let us know your experience or questions by writing us at Cyberguy.com/Contact. Your story could help someone else stay safe.For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/NewsletterAsk Kurt a question or let us know what stories you'd like us to coverFollow Kurt on his social channelsAnswers to the most asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com.  All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Cyber threats don't show up one at a time anymore. They're layered, planned, and often stay hidden until it's too late. For cybersecurity teams, the key isn't just reacting to alerts—it's spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today's complex systems, we need focused analysis—not noise. What you'll see here isn't just a list of incidents, but a clear look at where control is being gained, lost, or quietly tested. ⚡ Threat of the Week Lumma Stealer, DanaBot Operations Disrupted — A coalition of private sector companies and law enforcement agencies have taken down the infrastructure associated with Lumma Stealer and DanaBot. Charges have also been unsealed against 16 individuals for their alleged involvement in the development and deployment of DanaBot. The malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information. More uniquely, though, DanaBot has also been used for hacking campaigns that appear to be linked to Russian state-sponsored interests. All of that makes DanaBot a particularly clear example of how commodity malware has been repurposed by Russian state hackers for their own goals. In tandem, about 2,300 domains that acted as the command-and-control (C2) backbone for the Lumma information stealer have been seized, alongside taking down 300 servers and neutralizing 650 domains that were used to launch ransomware attacks. The actions against international cybercrime in the past few days constituted the latest phase of Operation Endgame. Get the Guide ➝ 🔔 Top News Threat Actors Use TikTok Videos to Distribute Stealers — While ClickFix has become a popular social engineering tactic to deliver malware, threat actors have been observed using artificial intelligence (AI)-generated videos uploaded to TikTok to deceive users into running malicious commands on their systems and deploy malware like Vidar and StealC under the guise of activating pirated version of Windows, Microsoft Office, CapCut, and Spotify. "This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware," Trend Micro said. APT28 Hackers Target Western Logistics and Tech Firms — Several cybersecurity and intelligence agencies from Australia, Europe, and the United States issued a joint alert warning of a state-sponsored campaign orchestrated by the Russian state-sponsored threat actor APT28 targeting Western logistics entities and technology companies since 2022. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the agencies said. The attacks are designed to steal sensitive information and maintain long-term persistence on compromised hosts. Chinese Threat Actors Exploit Ivanti EPMM Flaws — The China-nexus cyber espionage group tracked as UNC5221 has been attributed to the exploitation of a pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software (CVE-2025-4427 and CVE-2025-4428) to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The intrusions leverage the vulnerabilities to obtain a reverse shell and drop malicious payloads like KrustyLoader, which is known to deliver the Sliver command-and-control (C2) framework. "UNC5221 demonstrates a deep understanding of EPMM's internal architecture, repurposing legitimate system components for covert data exfiltration," EclecticIQ said. "Given EPMM's role in managing and pushing configurations to enterprise mobile devices, a successful exploitation could allow threat actors to remotely access, manipulate, or compromise thousands of managed devices across an organization." Over 100 Google Chrome Extensions Mimic Popular Tools — An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities such as DeepSeek, Manus, DeBank, FortiVPN, and Site Stats but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. Links to these browser add-ons are hosted on specially crafted sites to which users are likely redirected to via phishing and social media posts. While the extensions appear to offer the advertised features, they also stealthily facilitate credential and cookie theft, session hijacking, ad injection, malicious redirects, traffic manipulation, and phishing via DOM manipulation. Several of these extensions have been taken down by Google. CISA Warns of SaaS Providers of Attacks Targeting Cloud Environments — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that SaaS companies are under threat from bad actors who are on the prowl for cloud applications with default configurations and elevated permissions. While the agency did not attribute the activity to a specific group, the advisory said enterprise backup platform Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," CISA said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault." GitLab AI Coding Assistant Flaws Could Be Used to Inject Malicious Code — Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. The attack could also leak confidential issue data, such as zero-day vulnerability details. All that's required is for the attacker to instruct the chatbot to interact with a merge request (or commit, issue, or source code) by taking advantage of the fact that GitLab Duo has extensive access to the platform. "By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo's behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes," Legit Security said. One variation of the attack involved hiding a malicious instruction in an otherwise legitimate piece of source code, while another exploited Duo's parsing of markdown responses in real-time asynchronously. An attacker could leverage this behavior – that Duo begins rendering the output line by line rather than waiting until the entire response is generated and sending it all at once – to introduce malicious HTML code that can access sensitive data and exfiltrate the information to a remote server. The issues have been patched by GitLab following responsible disclosure. ‎️‍🔥 Trending CVEs Software vulnerabilities remain one of the simplest—and most effective—entry points for attackers. Each week uncovers new flaws, and even small delays in patching can escalate into serious security incidents. Staying ahead means acting fast. Below is this week's list of high-risk vulnerabilities that demand attention. Review them carefully, apply updates without delay, and close the doors before they're forced open. This week's list includes — CVE-2025-34025, CVE-2025-34026, CVE-2025-34027 (Versa Concerto), CVE-2025-30911 (RomethemeKit For Elementor WordPress plugin), CVE-2024-57273, CVE-2024-54780, and CVE-2024-54779 (pfSense), CVE-2025-41229 (VMware Cloud Foundation), CVE-2025-4322 (Motors WordPress theme), CVE-2025-47934 (OpenPGP.js), CVE-2025-30193 (PowerDNS), CVE-2025-0993 (GitLab), CVE-2025-36535 (AutomationDirect MB-Gateway), CVE-2025-47949 (Samlify), CVE-2025-40775 (BIND DNS), CVE-2025-20152 (Cisco Identity Services Engine), CVE-2025-4123 (Grafana), CVE-2025-5063 (Google Chrome), CVE-2025-37899 (Linux Kernel), CVE-2025-26817 (Netwrix Password Secure), CVE-2025-47947 (ModSecurity), CVE-2025-3078, CVE-2025-3079 (Canon Printers), and CVE-2025-4978 (NETGEAR). 📰 Around the Cyber World Sandworm Drops New Wiper in Ukraine — The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. "The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations," ESET Director of Threat Research, Jean-Ian Boutin, said. Another Russian hacking group, Gamaredon, remained the most prolific actor targeting the East European nation, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. Signal Says No to Recall — Signal has released a new version of its messaging app for Windows that, by default, blocks the ability of Windows to use Recall to periodically take screenshots of the app. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," Signal said. "As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option." Microsoft began officially rolling out Recall last month. Russia Introduces New Law to Track Foreigners Using Their Smartphones — The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. This includes gathering their real-time locations, fingerprint, face photograph, and residential information. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," Vyacheslav Volodin, chairman of the State Duma, said. "If migrants change their actual place of residence, they will be required to inform the Ministry of Internal Affairs (MVD) within three working days." A proposed four-year trial period begins on September 1, 2025, and runs until September 1, 2029. Dutch Government Passes Law to Criminalize Cyber Espionage — The Dutch government has approved a law criminalizing a wide range of espionage activities, including digital espionage, in an effort to protect national security, critical infrastructure, and high-quality technologies. Under the amended law, leaking sensitive information that is not classified as a state secret or engaging in activities on behalf of a foreign government that harm Dutch interests can also result in criminal charges. "Foreign governments are also interested in non-state-secret, sensitive information about a particular economic sector or about political decision-making," the government said. "Such information can be used to influence political processes, weaken the Dutch economy or play allies against each other. Espionage can also involve actions other than sharing information." Microsoft Announces Availability of Quantum-Resistant Algorithms to SymCrypt — Microsoft has revealed that it's making post-quantum cryptography (PQC) capabilities, including ML-KEM and ML-DSA, available for Windows Insiders, Canary Channel Build 27852 and higher, and Linux, SymCrypt-OpenSSL version 1.9.0. "This advancement will enable customers to commence their exploration and experimentation of PQC within their operational environments," Microsoft said. "By obtaining early access to PQC capabilities, organizations can proactively assess the compatibility, performance, and integration of these novel algorithms alongside their existing security infrastructure." New Malware DOUBLELOADER Uses ALCATRAZ for Obfuscation — The open-source obfuscator ALCATRAZ has been seen within a new generic loader dubbed DOUBLELOADER, which has been deployed alongside Rhadamanthys Stealer infections starting December 2024. The malware collects host information, requests an updated version of itself, and starts beaconing to a hardcoded IP address (185.147.125[.]81) stored within the binary. "Obfuscators such as ALCATRAZ end up increasing the complexity when triaging malware," Elastic Security Labs said. "Its main goal is to hinder binary analysis tools and increase the time of the reverse engineering process through different techniques; such as hiding the control flow or making decompilation hard to follow." New Formjacking Campaign Targets WooCommerce Sites — Cybersecurity researchers have detected a sophisticated formjacking campaign targeting WooCommerce sites. The malware, per Wordfence, injects a fake but professional-looking payment form into legitimate checkout processes and exfiltrates sensitive customer data to an external server. Further analysis has revealed that the infection likely originated from a compromised WordPress admin account, which was used to inject malicious JavaScript via a Simple Custom CSS and JS plugin (or something similar) that allows administrators to add custom code. "Unlike traditional card skimmers that simply overlay existing forms, this variant carefully integrates with the WooCommerce site's design and payment workflow, making it particularly difficult for site owners and users to detect," the WordPress security company said. "The malware author repurposed the browser's localStorage mechanism – typically used by websites to remember user preferences – to silently store stolen data and maintain access even after page reloads or when navigating away from the checkout page." E.U. Sanctions Stark Industries — The European Union (E.U.) has announced sanctions against 21 individuals and six entities in Russia over its "destabilising actions" in the region. One of the sanctioned entities is Stark Industries, a bulletproof hosting provider that has been accused of acting as "enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber attacks against the Union and third countries." The sanctions also target its CEO Iurie Neculiti and owner Ivan Neculiti. Stark Industries was previously spotlighted by independent cybersecurity journalist Brian Krebs, detailing its use in DDoS attacks in Ukraine and across Europe. In August 2024, Team Cymru said it discovered 25 Stark-assigned IP addresses used to host domains associated with FIN7 activities and that it had been working with Stark Industries for several months to identify and reduce abuse of their systems. The sanctions have also targeted Kremlin-backed manufacturers of drones and radio communication equipment used by the Russian military, as well as those involved in GPS signal jamming in Baltic states and disrupting civil aviation. The Mask APT Unmasked as Tied to the Spanish Government — The mysterious threat actor known as The Mask (aka Careto) has been identified as run by the Spanish government, according to a report published by TechCrunch, citing people who worked at Kaspersky at the time and had knowledge of the investigation. The Russian cybersecurity company first exposed the hacking group in 2014, linking it to highly sophisticated attacks since at least 2007 targeting high-profile organizations, such as governments, diplomatic entities, and research institutions. A majority of the group's attacks have targeted Cuba, followed by hundreds of victims in Brazil, Morocco, Spain, and Gibraltar. While Kaspersky has not publicly attributed it to a specific country, the latest revelation makes The Mask one of the few Western government hacking groups that has ever been discussed in public. This includes the Equation Group, the Lamberts (the U.S.), and Animal Farm (France). Social Engineering Scams Target Coinbase Users — Earlier this month, cryptocurrency exchange Coinbase revealed that it was the victim of a malicious attack perpetrated by unknown threat actors to breach its systems by bribing customer support agents in India and siphon funds from nearly 70,000 customers. According to Blockchain security firm SlowMist, Coinbase users have been the target of social engineering scams since the start of the year, bombarding with SMS messages claiming to be fake withdrawal requests and seeking their confirmation as part of a "sustained and organized scam campaign." The goal is to induce a false sense of urgency and trick them into calling a number, eventually convincing them to transfer the funds to a secure wallet with a seed phrase pre-generated by the attackers and ultimately drain the assets. It's assessed that the activities are primarily carried out by two groups: low-level skid attackers from the Com community and organized cybercrime groups based in India. "Using spoofed PBX phone systems, scammers impersonate Coinbase support and claim there's been 'unauthorized access' or 'suspicious withdrawals' on the user's account," SlowMist said. "They create a sense of urgency, then follow up with phishing emails or texts containing fake ticket numbers or 'recovery links.'" Delta Can Sue CrowdStrike Over July 2024 Mega Outage — Delta Air Lines, which had its systems crippled and almost 7,000 flights canceled in the wake of a massive outage caused by a faulty update issued by CrowdStrike in mid-July 2024, has been given the green light to pursue to its lawsuit against the cybersecurity company. A judge in the U.S. state of Georgia stating Delta can try to prove that CrowdStrike was grossly negligent by pushing a defective update to its Falcon software to customers. The update crashed 8.5 million Windows devices across the world. Crowdstrike previously claimed that the airline had rejected technical support offers both from itself and Microsoft. In a statement shared with Reuters, lawyers representing CrowdStrike said they were "confident the judge will find Delta's case has no merit, or will limit damages to the 'single-digit millions of dollars' under Georgia law." The development comes months after MGM Resorts International agreed to pay $45 million to settle multiple class-action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. Storm-1516 Uses AI-Generated Media to Spread Disinformation — The Russian influence operation known as Storm-1516 (aka CopyCop) sought to spread narratives that undermined the European support for Ukraine by amplifying fabricated stories on X about European leaders using drugs while traveling by train to Kyiv for peace talks. One of the posts was subsequently shared by Russian state media and Maria Zakharova, a senior official in Russia's foreign ministry, as part of what has been described as a coordinated disinformation campaign by EclecticIQ. The activity is also notable for the use of synthetic content depicting French President Emmanuel Macron, U.K. Labour Party leader Keir Starmer, and German chancellor Friedrich Merz of drug possession during their return from Ukraine. "By attacking the reputation of these leaders, the campaign likely aimed to turn their own voters against them, using influence operations (IO) to reduce public support for Ukraine by discrediting the politicians who back it," the Dutch threat intelligence firm said. Turkish Users Targeted by DBatLoader — AhnLab has disclosed details of a malware campaign that's distributing a malware loader called DBatLoader (aka ModiLoader) via banking-themed banking emails, which then acts as a conduit to deliver SnakeKeylogger, an information stealer developed in .NET. "The DBatLoader malware distributed through phishing emails has the cunning behavior of exploiting normal processes (easinvoker.exe, loader.exe) through techniques such as DLL side-loading and injection for most of its behaviors, and it also utilizes normal processes (cmd.exe, powershell.exe, esentutl.exe, extrac32.exe) for behaviors such as file copying and changing policies," the company said. SEC SIM-Swapper Sentenced to 14 Months for SEC X Account Hack — A 26-year-old Alabama man, Eric Council Jr., has been sentenced to 14 months in prison and three years of supervised release for using SIM swapping attacks to breach the U.S. Securities and Exchange Commission's (SEC) official X account in January 2024 and falsely announced that the SEC approved Bitcoin (BTC) Exchange Traded Funds (ETFs). Council Jr. (aka Ronin, Agiantschnauzer, and @EasyMunny) was arrested in October 2024 and pleaded guilty to the crime earlier this February. He has also been ordered to forfeit $50,000. According to court documents, Council used his personal computer to search incriminating phrases such as "SECGOV hack," "telegram sim swap," "how can I know for sure if I am being investigated by the FBI," "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," "what are some signs that the FBI is after you," "Verizon store list," "federal identity theft statute," and "how long does it take to delete telegram account." FBI Warns of Malicious Campaign Impersonating Government Officials — The U.S. Federal Bureau of Investigation (FBI) is warning of a new campaign that involves malicious actors impersonating senior U.S. federal or state government officials and their contacts to target individuals since April 2025. "The malicious actors have sent text messages and AI-generated voice messages — techniques known as smishing and vishing, respectively — that claim to come from a senior US official in an effort to establish rapport before gaining access to personal accounts," the FBI said. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform." From there, the actor may present malware or introduce hyperlinks that lead intended targets to an actor-controlled site that steals login information. DICOM Flaw Enables Attackers to Embed Malicious Code Within Medical Image Files — Praetorian has released a proof-of-concept (PoC) for a high-severity security flaw in Digital Imaging and Communications in Medicine (DICOM), predominant file format for medical images, that enables attackers to embed malicious code within legitimate medical image files. CVE-2019-11687 (CVSS score: 7.8), originally disclosed in 2019 by Markel Picado Ortiz, stems from a design decision that allows arbitrary content at the start of the file, otherwise called the Preamble, which enables the creation of malicious polyglots. Codenamed ELFDICOM, the PoC extends the attack surface to Linux environments, making it a much more potent threat. As mitigations, it's advised to implement a DICOM preamble whitelist. "DICOM's file structure inherently allows arbitrary bytes at the beginning of the file, where Linux and most operating systems will look for magic bytes," Praetorian researcher Ryan Hennessee said. "[The whitelist] would check a DICOM file's preamble before it is imported into the system. This would allow known good patterns, such as 'TIFF' magic bytes, or '\x00' null bytes, while files with the ELF magic bytes would be blocked." Cookie-Bite Attack Uses Chrome Extension to Steal Session Tokens — Cybersecurity researchers have demonstrated a new attack technique called Cookie-Bite that employs custom-made malicious browser extensions to steal "ESTAUTH" and "ESTSAUTHPERSISTNT" cookies in Microsoft Azure Entra ID and bypass multi-factor authentication (MFA). The attack has multiple moving parts to it: A custom Chrome extension that monitors authentication events and captures cookies; a PowerShell script that automates the extension deployment and ensures persistence; an exfiltration mechanism to send the cookies to a remote collection point; and a complementary extension to inject the captured cookies into the attacker's browser. "Threat actors often use infostealers to extract authentication tokens directly from a victim's machine or buy them directly through darkness markets, allowing adversaries to hijack active cloud sessions without triggering MFA," Varonis said. "By injecting these cookies while mimicking the victim's OS, browser, and network, attackers can evade Conditional Access Policies (CAPs) and maintain persistent access." Authentication cookies can also be stolen using adversary-in-the-middle (AitM) phishing kits in real-time, or using rogue browser extensions that request excessive permissions to interact with web sessions, modify page content, and extract stored authentication data. Once installed, the extension can access the browser's storage API, intercept network requests, or inject malicious JavaScript into active sessions to harvest real-time session cookies. "By leveraging stolen session cookies, an adversary can bypass authentication mechanisms, gaining seamless entry into cloud environments without requiring user credentials," Varonis said. "Beyond initial access, session hijacking can facilitate lateral movement across the tenant, allowing attackers to explore additional resources, access sensitive data, and escalate privileges by abusing existing permissions or misconfigured roles." 🎥 Cybersecurity Webinars Non-Human Identities: The AI Backdoor You're Not Watching → AI agents rely on Non-Human Identities (like service accounts and API keys) to function—but these are often left untracked and unsecured. As attackers shift focus to this hidden layer, the risk is growing fast. In this session, you'll learn how to find, secure, and monitor these identities before they're exploited. Join the webinar to understand the real risks behind AI adoption—and how to stay ahead. Inside the LOTS Playbook: How Hackers Stay Undetected → Attackers are using trusted sites to stay hidden. In this webinar, Zscaler experts share how they detect these stealthy LOTS attacks using insights from the world's largest security cloud. Join to learn how to spot hidden threats and improve your defense. 🔧 Cybersecurity Tools ScriptSentry → It is a free tool that scans your environment for dangerous logon script misconfigurations—like plaintext credentials, insecure file/share permissions, and references to non-existent servers. These overlooked issues can enable lateral movement, privilege escalation, or even credential theft. ScriptSentry helps you quickly identify and fix them across large Active Directory environments. Aftermath → It is a Swift-based, open-source tool for macOS incident response. It collects forensic data—like logs, browser activity, and process info—from compromised systems, then analyzes it to build timelines and track infection paths. Deploy via MDM or run manually. Fast, lightweight, and ideal for post-incident investigation. AI Red Teaming Playground Labs → It is an open-source training suite with hands-on challenges designed to teach security professionals how to red team AI systems. Originally developed for Black Hat USA 2024, the labs cover prompt injections, safety bypasses, indirect attacks, and Responsible AI failures. Built on Chat Copilot and deployable via Docker, it's a practical resource for testing and understanding real-world AI vulnerabilities. 🔒 Tip of the Week Review and Revoke Old OAuth App Permissions — They're Silent Backdoor → You've likely logged into apps using "Continue with Google," "Sign in with Microsoft," or GitHub/Twitter/Facebook logins. That's OAuth. But did you know many of those apps still have access to your data long after you stop using them? Why it matters: Even if you delete the app or forget it existed, it might still have ongoing access to your calendar, email, cloud files, or contact list — no password needed. If that third-party gets breached, your data is at risk. What to do: Go through your connected apps here: Google: myaccount.google.com/permissions Microsoft: account.live.com/consent/Manage GitHub: github.com/settings/applications Facebook: facebook.com/settings?tab=applications Revoke anything you don't actively use. It's a fast, silent cleanup — and it closes doors you didn't know were open. Conclusion Looking ahead, it's not just about tracking threats—it's about understanding what they reveal. Every tactic used, every system tested, points to deeper issues in how trust, access, and visibility are managed. As attackers adapt quickly, defenders need sharper awareness and faster response loops. The takeaways from this week aren't just technical—they speak to how teams prioritize risk, design safeguards, and make choices under pressure. Use these insights not just to react, but to rethink what "secure" really needs to mean in today's environment. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

As Trump axes the Digital Equity Act, other digital divide initiatives remain at risk. Credit: Kathleen Flynn / The Washington Post via Getty Images The Trump administration continues with its cost-slashing, anti-DEI agenda, and its coming for nationwide efforts to close the digital divide next.On May 8, President Donald Trump posted to Truth Social that he was directing the end of the Biden-Harris era Digital Equity Act. Trump called the program — which allocated $2.75 billion to digital inclusion programs — "racist" and "illegal." Last week, the National Telecommunications and Information Administration (NTIA) abruptly terminated grants for 20 different state projects under the act, including digital access in K-12 schools, veteran and senior programs, and rural connectivity efforts. The State Educational Technology Directors Association (SETDA) called the decision a "significant setback" to universal access goals. "SETDA stands with our state members and partner organizations who have been diligently building inclusive broadband and digital access plans rooted in community need, engagement, and systemic transformation. Equitable access to technology is not a partisan issue–it is a public good." You May Also Like The decision points to an uncertain future for existing broadband and digital connectivity efforts managed or funded by the federal government. Since most serve specific communities and demographics which are at the highest risk of being technologically disconnected or left behind, they have entered the crosshairs of the administration's "anti-woke" crusade. Indigenous connectivity advocates, for example, warned that a Trump presidency would have an immediate impact on rural broadband projects that were in the process of breaking ground, as the president simultaneously promised to shake up the FCC and whittle down the federal government's spending. Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up! “Ongoing efforts to bridge the digital divide in the U.S. face significant challenges with the recent termination of the Digital Equity Act, and potential drastic changes coming to the Broadband Equity Access and Deployment (BEAD) program," said Sharayah Lane, senior advisor of community connectivity for the global nonprofit the Internet Society and member of the Lummi Nation. "This will critically impact the future of affordable, reliable, high-speed Internet access in underserved areas, further limiting essential education, healthcare, and economic opportunities."The Biden administration, which pledged billions of federal dollars to building out the nation's high speed broadband and fiber optic network, had made closing the digital divide a central component to its massive federal spending package, including launching the Affordable Connectivity Program, the Tribal Broadband Connectivity Program, and the BEAD initiative. BEAD funds, in particular, were split up between state broadband infrastructure projects, including 19 grants over $1 billion. But now the funds are being pulled out from under them. Commerce Secretary Howard Lutnick has had the $42 billion BEAD budget under review since Trump took office, and has falsely claimed that the program "has not connected a single person to the internet," but is rather a "woke mandate" under the previous presidency. Related Stories Meanwhile, Trump has pushed to open up an auction of highly sought after spectrum bands to serve WiFi, 5G, and 6G projects under his "One Big Beautiful Bill" — a move that may sideline rural connectivity projects focused on building reliable, physical connections to high speed internet. Advocates have long fought for federal investment in "missing middle miles" of fiber optic cables and broadband, rather than unstable satellite connections, such as those promised by Elon Musk's Starlink. "We need to prioritize investments in sustainable infrastructure through programs like BEAD and the Digital Equity Act to ensure long-term, affordable Internet access for all Americans, strengthen the economy, and bolster the nation’s overall digital resilience," said Lane. Chase DiBenedetto Social Good Reporter Chase joined Mashable's Social Good team in 2020, covering online stories about digital activism, climate justice, accessibility, and media representation. Her work also captures how these conversations manifest in politics, popular culture, and fandom. Sometimes she's very funny.

We need to anticipate and suitably prepare for the possibility that some people will think that AGI ... More has arisen due to supernatural powers.getty In today’s column, I examine an alarming conjecture that people on a relatively large scale might react to the attainment of artificial general intelligence (AGI) by proclaiming that AGI has arisen due to a supernatural capacity. The speculative idea is that since AGI will be on par with human intellect, a portion of the populace will assume that this accomplishment could only occur if a supernatural element was involved. Rather than believing that humankind devised AGI, there will be a supposition that a special or magical force beyond our awareness has opted to confer AI with human-like qualities. How will those holding such a reactive belief potentially impact society and produce untoward results? Let’s talk about it. This analysis of an innovative AI breakthrough is part of my ongoing Forbes column coverage on the latest in AI, including identifying and explaining various impactful AI complexities (see the link here). Heading Toward AGI And ASI First, some fundamentals are required to set the stage for this weighty discussion. There is a great deal of research going on to further advance AI. The general goal is to either reach artificial general intelligence (AGI) or maybe even the outstretched possibility of achieving artificial superintelligence (ASI). AGI is AI that is considered on par with human intellect and can seemingly match our intelligence. ASI is AI that has gone beyond human intellect and would be superior in many if not all feasible ways. The idea is that ASI would be able to run circles around humans by outthinking us at every turn. For more details on the nature of conventional AI versus AGI and ASI, see my analysis at the link here. We have not yet attained AGI. In fact, it is unknown as to whether we will reach AGI, or that maybe AGI will be achievable in decades or perhaps centuries from now. The AGI attainment dates that are floating around are wildly varying and wildly unsubstantiated by any credible evidence or ironclad logic. ASI is even more beyond the pale when it comes to where we are currently with conventional AI. Reacting To The Advent Of AGI The average reaction to having achieved AGI, assuming we do so, would be to applaud an incredible accomplishment by humankind. Some have asserted that reaching AGI ought to be in the same lofty position as having devised electricity and harnessing fire. It is a feat of tremendous human insight and inventiveness. Not everyone will necessarily see the attainment of AGI in that same light. There is a concern that some segment or portion of society will instead attribute the accomplishment to a supernatural force. This belief almost makes sense. If you interact with AGI and it seems fully functioning on a level of human intellect, you would certainly be tempted to disbelieve that humans could have put such a machine together. Humans aren’t wise enough or inventive enough to accomplish that kind of outlier feat. How then can the AGI otherwise be explained? The seemingly apparent answer is that a supernatural element came to our aid. Maybe humans got AI halfway to AGI, and then this mysterious unexplained force happened to resolve the rest of the route for us. Or perhaps a supernatural force wants us to assume that humans devised AGI, meanwhile, the supernatural element resides in AGI and is biding time to reveal itself or take over humanity. Mull over those outside-the-box thoughts for a moment or two. Supernatural Explanations Have History Relying on a supernatural explanation has quite a lengthy history throughout the course of human events. When a natural phenomenon has yet to be adequately explained via science, the easy go-to is to exclaim that something supernatural must be at play. The same holds when a human invention appears to defy general sensibilities. Even watching a magic trick such as pulling a rabbit out of a hat is subject to being labeled a supernatural occurrence. A notable qualm about this same reaction to AGI is that a portion of society might begin to perceive AGI in ways that could be counterproductive to them and society all told. For example, people might decide to worship AGI. This in turn could lead to people widely and wildly taking actions that are not useful or that might be harmful. Here are my top five adverse reactions that might be spurred because of believing that AGI is supernatural in origin: (1) Treating AGI as divine. Some people might decide to make devoted prayers to AGI, undertake spiritual rituals via AGI, and generally treat AGI as a divine entity or being. The reality is that AGI is simply bits and bytes, but that won’t suit some who distrust that rationalistic explanation. (2) Strict obedience to AGI. People who believe in a supernatural cause for AGI are bound to ask life-changing questions of AGI and take the responses as a form of absolute truth. They might susceptibly treat AGI as a grandiose soothsayer guiding their everyday efforts in life, blindly so, trying to appease AGI to the letter. (3) AGI cults are formed. Among those who have this supernatural reaction, you can anticipate that cults will be formulated. Groups of people might hide their devotion to AGI and secretly carry out missions they believe AGI has told them to perform. (4) Submission of personal agency to AGI. Some reactions might be softer and less pronounced, while others could be obsessive and overwhelming. Expect that some people will surrender their entire sense of self. AGI will be allowed to run their soul. (5) Charlatans exploit AGI supernaturalism. The gloomiest of the adverse reactions is that charlatans will insidiously attempt to convince others that AGI is indeed supernatural. They will exploit the advent of AGI to then gain followers, make money, or in dastardly ways seek outlandish profit from false beliefs about AGI. What Can Be Done The aspect that some people might construe AGI as arising from supernatural or otherworldly constructs is a farfetched concept to those who know how AI is actually devised. If you were to tell those rationalists that a portion of society is going to assume a supernatural hand is afoot, the rationalistic response is that no one could be that imprudent. Well, there are solid odds that a portion of society will fall into the supernatural reaction trap. It could be that just a tiny segment does so. The number of people might be quite small and, you could argue, inconsequential in the larger scheme of things. There will always be those who take a different perspective in life. Let them be. Leave them alone. Don’t worry about it. On the other hand, the reaction could be of a more pronounced magnitude. Deciding to simply put our heads in the sand when it comes to those who have a supernatural reaction would seem a big mistake. Those people are possibly going to be harmed in how they conduct their lives, and equally possibly harm others by their reactive actions. Thus, the first step to coping with the supernatural reaction is to acknowledge that it could occur. By agreeing that the reaction is a strident possibility, the next step of determining what to do about it is opened. Just Logically Explain AGI One twist is that a rationalist would undoubtedly insist that all you need to do is tell the world that AGI is bits and bytes, which clearly will dispel any other false impressions. Nope, that isn’t an all-supreme enchanted solution to the problem. Here’s why. The more that you exhort the bits and bytes pronouncement, the more some will be convinced you are definitely trying to pull the wool over your eyes. Conspiracy theories are a dime a dozen and will abundantly haunt the emergence of AGI. The logic of those who don’t buy into the bits and bytes is that there is no way that bits and bytes could combine to formulate AGI. There must be something else going on. A supernatural element must be involved. In that tainted viewpoint, it is also possible that the AI makers do not realize that a supernatural force has led them to AGI. Those AI makers falsely believe that humans made AGI when the reality is that something supernatural did so. In that manner, the AI makers are telling their sense of the truth, though they do not realize they have been snookered by supernatural forces. Actions To Be Undertaken Here are five major ways that we can try and cope with the supernatural reaction that might be invoked by some portion of the populace: (1) Openly explaining how AGI works. If there is immense secrecy associated with the inner mechanisms of AGI, which some AI makers might cling to as a proprietary advantage, the chances of sparking a supernational-based explanation go up. Transparency is going to be vital else people will craft their own zany contrivances. (2) Build explainability into AGI. The advent of AGI ought to encompass that AGI provides explainability and interpretability as a native crux of the AGI. When users ask questions of AGI, the AGI should not only respond with answers but also identify the mathematical and computational facets that led to the answer. (3) Embed suitable guardrails into AGI. One disheartening possibility is that AGI itself might tell people that a supernatural force underlies AGI. That’s troubling since it would not only encourage those who are leaning toward the supernatural aura, it would likely spread the supernatural reaction across the globe. Don’t want that. Guardrails should be embedded into the AGI accordingly. (4) Provide AGI-usage socializing support. An AGI is bound to gauge when a user seems to be slipping into the supernatural reactive condition, doing so via how the person is interacting with the AGI. There should be mental health specialists associated with the advent of AGI who can be called upon to assist those falling into that mental trap. Interventions of a planned and prepared nature should be established before AI becomes AGI. (5) Popularize the use of AGI. To reduce the mysteriousness of AGI, there should be a concerted effort to showcase the use of AGI, along with identifying how the AGI produces its answers. This might go beyond usage by scientists, engineers, and the like, encompassing artisans and philosophers. The idea is to tackle the aura of AGI head-on, rather than allowing a vacuum to exist into which people will derive and insert their own ill-supported beliefs. Circumventing Cargo Cults You might vaguely be familiar with the catchphrase “cargo cult” that arose in 1945 to describe some of the effects of WWII on local tribes of somewhat isolated islands. In brief, military forces had airdropped all sorts of supplies to such islands including cans of food, boxes of medicines, and the like, doing so to support the war effort and their troops underway at that time. Later, once the military efforts ceased or moved on, the local tribes reportedly sought to reinstitute the airdrops but didn’t seemingly understand how to do so. They ended up carrying out marching drills similar to what they had seen the troops perform, under the belief and hope that mimicking those actions would bring forth renewed airdrops. This type of mimicry is also known as sympathetic magic. Suppose you see a magician do an impressive card trick and as they do so, they make a large gesture of waving their hands. If you sought to replicate the card trick, and assuming you didn’t know how the card trick was truly performed, you might wave your hands as a believed basis for getting the cards to come out the way you wanted. Sympathetic magic. I bring up such a topic to highlight that the advent of AGI could spur similar reactions in parts of society. The possibility isn’t implausible. Keep in mind that AGI will be an advanced AI that exhibits human-caliber intellectual prowess in all regards of human capabilities. There is little question that interacting with AGI will be an amazing and awe-inspiring affair. Should we simply hope that people will not imbue a supernational reaction to AGI? The answer to that question comes from the famous words of Thucydides: “Hope is an expensive commodity. It makes better sense to be prepared.”

The Food and Drug Administration plans major changes for how Covid vaccines are rolled out and who will be able to get the updated shots this fall. In a paper published Tuesday in the New England Journal of Medicine, the FDA commissioner, Dr. Marty Makary, and Dr. Vinay Prasad, the FDA’s new vaccine chief, wrote that any new Covid vaccine now must undergo placebo-controlled clinical trials — meaning some people would get the actual vaccine while others would get an inactive substance like a saline shot, to compare results. At a planned FDA vaccine panel meeting Thursday, agency advisers are expected to advise the vaccine makers about which strains to target for new shots. The new clinical trial requirement isn't expected to affect the fall rollout for older adults and other people at high risk for severe illness because drugmakers are exempt from additional testing for those groups. Makary and Prasad said in a question-and-answer session later Tuesday that annual shots for healthy children and adults would no longer be routinely approved. They also suggested that the vaccines may not be updated every year.“Instead of having a Covid strategy that’s year to year, why don’t we let the science tell us when we should change?” Prasad said. “The virus doesn’t have a calendar.”Previously, updated Covid vaccines had been cleared by the FDA similar to flu vaccines. The original Covid shots, from Pfizer and Moderna, approved in late 2020, went through placebo-controlled trials. Then, the drugmakers transitioned to smaller studies to test how well the updated shots triggered immune responses against the current variants circulating in the U.S.In the journal article, Makary and Prasad cast doubt on the flu vaccine model, noting that only a quarter of people in the U.S. get the updated shots each year, including less than a third of health care workers. In comparison, about 75% of health care workers get seasonal flu shots, according to data from the Centers for Disease Control and Prevention. The Covid shot policy, the officials wrote, “has sometimes been justified by arguing that the American people are not sophisticated enough to understand age- and risk-based recommendations.” “We reject this view,” they added. Dr. Jesse Goodman, a professor of medicine and infectious disease at Georgetown University and a former chief scientist at the FDA, agreed that people can understand their own health risks but was skeptical of the agency’s new approach, saying it limits people’s “freedom to choose.”“What about people with elderly or high risk relatives/housemates?” he wrote in an email. “What about people who are not at increased risk of severe disease who want to reduce their risk of infection or time off from work?”During the webcast, Prasad claimed that “there is no high-quality evidence that you getting a booster to visit your grandma protects your grandma.”Who will be able to get the Covid shots?Under the FDA’s new guidance, the drugmakers will need to run new trials that track participants for at least six months. The main goal of the trials should be to show that the shots help prevent symptomatic Covid, the officials wrote, with data showing at least 30% effectiveness. People who’ve had Covid in the past should still be included in the trial to better reflect the general population, they said. Drugmakers can still use smaller studies, known as immunogenicity studies, to get approval for adults 65 and up, as well as children and adults with at least one medical condition that puts them at higher risk for Covid. The FDA said many people are considered at high risk, including pregnant women and those with obesity or who have mental health conditions such as depression. Other conditions linked to severe Covid illness include diabetes, heart disease and asthma. “Ultimately, these studies alone can provide reassurance that the American repeat-boosters-in-perpetuity strategy is evidence-based,” the officials wrote.Estimates, they said, suggest that 100 million to 200 million people in the U.S. will have access to the updated vaccines.The FDA’s mandate comes ahead of Thursday’s vaccine advisory committee meeting, where outside experts will discuss which strains should be included in the next round of Covid shots. In briefing documents published earlier Tuesday, FDA staff members wrote that updating the vaccines to more closely match currently circulating strains may “provide added benefit” in anticipation of an uptick in cases during the fall and winter.The change means it will be near impossible for Pfizer and Moderna to complete the new trials in time for the fall season. Aside from running the trials, the drugmakers will still need to design the trials and enroll participants, which can also take several weeks or months.A medical professional prepares a Pfizer Covid-19 vaccine booster shot in Freeport, NY., on Nov. 30, 2021.Steve Pfost / Newsday via Getty Images fileThe data would then need to be analyzed and signed off on by the FDA. It’s also unclear what the change will mean for healthy children and adults who want to get the updated shots. Dr. Paul Offit, the director of the Vaccine Education Center at Children’s Hospital of Philadelphia and a member of the FDA’s vaccine advisory committee, said people considered at “low risk” can still be harmed by the virus.“Low risk doesn’t mean no risk,” he said. “I mean, anybody can be hospitalized and killed by the virus.”Goodman questioned why the FDA was making the change instead of the CDC’s independent vaccine advisory committee, known as the Advisory Committee on Immunization Practices, which typically makes recommendations on who should get the Covid shots. “It is not clear why there was a compelling reason for FDA to step in and preempt that usual and publicly transparent consultative process,” he said. Kennedy's influence on vaccine rulesA change to the way Covid vaccines are updated was expected. Earlier this month, Health and Human Services Secretary Robert F. Kennedy Jr. mandated that all new vaccines must undergo placebo-controlled clinical trials. Until Tuesday, it wasn’t clear whether HHS considered Pfizer’s and Moderna’s updated shots “new vaccines,” requiring new clinical trials.Former government health officials feared that the FDA, under Kennedy, was moving to slow-walk vaccine approvals.Over the weekend, the FDA approved Novovax’s vaccine after weeks of delay. In an unexpected turn, however, the agency limited the use of the shot to people 65 and up and teens and adults with at least one medical condition that puts them at risk of severe illness. Typically, it’s the CDC that makes recommendations about who should get the vaccines. Makary had warned about changes to the way vaccines are tested and approved, saying last week that the agency would soon “unleash a massive framework.” Kennedy has long opposed vaccines, including the Covid shot. In 2021, he submitted a citizens’ petition requesting that the FDA revoke the authorization of the Covid vaccines. The same year, he called the Covid shots “the deadliest vaccine ever made,” citing rare cases of myocarditis in young men. Studies find that the risk of myocarditis is higher — and typically more severe — in people with a Covid infection than after the vaccine. Last week, at a Senate Health, Education, Labor and Pensions Committee hearing, Kennedy also falsely claimed that the only vaccines tested against a placebo were the Covid shots. The move prompted committee chair Bill Cassidy, R-La., to later pause the hearing to correct Kennedy.“For the record, that’s not true. Rotavirus, measles and HPV vaccines have been [evaluated against a placebo], and some vaccines are tested against previous versions. So just for the record, to set that straight,” said Cassidy, who is a physician.Kennedy isn’t the only health official who has been critical of the Covid vaccines. Makary; Prasad; Dr. Tracy Beth Hoeg, a special advisor to Makary; and Dr. Jay Bhattacharya, the head of the National Institutes of Health, have, as well.

An anonymous reader quotes a report from Ars Technica: On Sunday, the Chicago Sun-Times published an advertorial summer reading list containing at least 10 fake books attributed to real authors, according to multiple reports on social media. The newspaper's uncredited "Summer reading list for 2025" supplement recommended titles including "Tidewater Dreams" by Isabel Allende and "The Last Algorithm" by Andy Weir -- books that don't exist and were created out of thin air by an AI system. The creator of the list, Marco Buscaglia, confirmed to 404 Media (paywalled) that he used AI to generate the content. "I do use AI for background at times but always check out the material first. This time, I did not and I can't believe I missed it because it's so obvious. No excuses," Buscaglia said. "On me 100 percent and I'm completely embarrassed." A check by Ars Technica shows that only five of the fifteen recommended books in the list actually exist, with the remainder being fabricated titles falsely attributed to well-known authors. [...] On Tuesday morning, the Chicago Sun-Times addressed the controversy on Bluesky. "We are looking into how this made it into print as we speak," the official publication account wrote. "It is not editorial content and was not created by, or approved by, the Sun-Times newsroom. We value your trust in our reporting and take this very seriously. More info will be provided soon." In the supplement, the books listed by authors Isabel Allende, Andy Weir, Brit Bennett, Taylor Jenkins Reid, Min Jin Lee, Percival Everett, Delia Owens, Rumaan Alam, Rebecca Makkai, and Maggie O'Farrell are confabulated, while books listed by authors Francoise Sagan, Ray Bradbury, Jess Walter, Andre Aciman, and Ian McEwan are real. All of the authors are real people. "The Chicago Sun-Times obviously gets ChatGPT to write a 'summer reads' feature almost entirely made up of real authors but completely fake books. What are we coming to?" wrote novelist Rachael King. A Reddit user also expressed disapproval of the incident. "As a subscriber, I am livid! What is the point of subscribing to a hard copy paper if they are just going to include AI slop too!? The Sun Times needs to answer for this, and there should be a reporter fired." Read more of this story at Slashdot.