Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development of [machine learning] solutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithm (DGA) in order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package ("proxy.eslint-proxy[.]site") to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server ("firewall[.]tel"). This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domain ("cdn.audiowave[.]org") and configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB ("i.ibb[.]co"). "[The DLL] is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account control (UAC) using a combination of FodHelper.exe and programmatic identifiers (ProgIDs) to evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence (AI)-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language models (LLMs) can hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol (MCP)-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Some people reported an unwelcome surprise after picking up their Nintendo Switch 2 preorders at GameStop: staples used to attach receipts to Switch 2 boxes ended up damaging the screens on the console, as reported by IGN. However, GameStop says this was an issue that was “isolated” to a single store and that it has already offered replacements. When you open the box for the Switch 2, the tablet / screen part of the device is just under the top flap of the packaging. The tablet’s proximity to the top of the box possibly explains how staples could get through and poke holes in the screen — especially if the person using the stapler gave it a solid push. Reports started trickling in overnight as people got their preorders. In this post on X, for example, you can see photos of two dots on the box, a bag, and the screen. View Link To IGN, a GameStop spokesperson said that it was “investigating the matter” and promised to “make customers whole.” And on Thursday, one Reddit user affected by the problem said that they spoke with a GameStop manager who said they would be able to exchange their damaged unit. “We’ve addressed a unique case of staples damaging Switch 2 screens – isolated to one store,” GameStop says in a post on X. “Replacements have been offered. Staplers have been confiscated.”

Chris Kerr, Senior Editor, NewsJune 5, 20252 Min ReadSwitch 2 promotional photo via NintendoMultiple consumers on social media claim GameStop employees who chose to staple receipts to the packaging of Switch 2 hardware have inadvertently caused screen punctures.As clocked by IGN, a number of Switch 2 owners who managed to secure a device on launch day say they began unboxing their device only to find the display sported puncture wounds.The culprit, it seems, were receipts that had been stapled to the cardboard packaging by retail workers. "My Switch 2 has staple holes in the screen. They stapled the receipt to the box," wrote one X user, who also posted pictures of the damage."GameStop stapled the receipt for me and my friends Switch 2s to the box. FML," said another person on X before sharing similar images. "Genuinely insane now I’m gonna have to wait 3 months for the restock. And yes we were there for the midnight release so I bet everyone in this line is gonna have this same issue."There have also been similar posts on Reddit, where multiple users claim to have encountered the same issue and suggested the problem might be widespread. It seems many of those impacted picked up their console from GameStop's Staten Island branch."Me and my homie here (we never met before) were unfortunately at the same GameStop and this happened to me and another buddy! Think the entire pre-order batch is completely fucked," they wrote in a thread.Related:Who decided to package Switch 2 consoles with the screens facing outward?It's an issue that raises questions about the decision to package the Switch 2 with the screen facing outward. As shown by the images being shared on social media and multiple unboxing videos (like this one posted by CNET), the console's 7.9 inch display is visible as soon as the box is opened and is only protected by a plastic wrap and the cardboard lid of the box itself.Game Developer has reached out to Nintendo for comment. Read more about:Nintendo Switch 2Top StoriesAbout the AuthorChris KerrSenior Editor, News, GameDeveloper.comGame Developer news editor Chris Kerr is an award-winning journalist and reporter with over a decade of experience in the game industry. His byline has appeared in notable print and digital publications including Edge, Stuff, Wireframe, International Business Times, and PocketGamer.biz. Throughout his career, Chris has covered major industry events including GDC, PAX Australia, Gamescom, Paris Games Week, and Develop Brighton. He has featured on the judging panel at The Develop Star Awards on multiple occasions and appeared on BBC Radio 5 Live to discuss breaking news.See more from Chris KerrDaily news, dev blogs, and stories from Game Developer straight to your inboxStay UpdatedYou May Also Like

Editor’s note: This blog, originally published on October 28, 2024, has been updated. Financial losses from worldwide credit card transaction fraud are projected to reach more than $403 billion over the next decade. The new NVIDIA AI Blueprint for financial fraud detection can help combat this burgeoning epidemic — using accelerated data processing and advanced algorithms to improve AI’s ability to detect and prevent credit card transaction fraud. Launched this week at the Money20/20 financial services conference, the blueprint provides a reference example for financial institutions to identify subtle patterns and anomalies in transaction data based on user behavior to improve accuracy and reduce false positives compared with traditional methods. It shows developers how to build a financial fraud detection workflow by providing reference code, deployment tools and a reference architecture. Companies can streamline the migration of their fraud detection workflows from traditional compute to accelerated compute using the NVIDIA AI Enterprise software platform and NVIDIA accelerated computing. The NVIDIA AI Blueprint is available for customers to run on Amazon Web Services, with availability coming soon on Dell Technologies and Hewlett Packard Enterprise. Customers can also use the blueprint through service offerings from NVIDIA partners including Cloudera, EXL, Infosys and SHI International. Businesses embracing comprehensive machine learning (ML) tools and strategies can observe up to an estimated 40% improvement in fraud detection accuracy, boosting their ability to identify and stop fraudsters faster and mitigate harm. As such, leading financial organizations like American Express and Capital One have been using AI to build proprietary solutions that mitigate fraud and enhance customer protection. The new AI Blueprint accelerates model training and inference, and demonstrates how these components can be wrapped into a single, easy-to-use software offering, powered by NVIDIA AI. Currently optimized for credit card transaction fraud, the blueprint could be adapted for use cases such as new account fraud, account takeover and money laundering. Using Accelerated Computing and Graph Neural Networks for Fraud Detection Traditional data science pipelines lack the compute acceleration to handle the massive data volumes required for effective fraud detection. ML models like XGBoost are effective for detecting anomalies in individual transactions but fall short when fraud involves complex networks of linked accounts and devices. Helping address these gaps, NVIDIA RAPIDS — part of the NVIDIA CUDA-X collection of microservices, libraries, tools and technologies — enables payment companies to speed up data processing and transform raw data into powerful features at scale. These companies can fuel their AI models and integrate them with graph neural networks (GNNs) to uncover hidden, large-scale fraud patterns by analyzing relationships across different transactions, users and devices. The use of gradient-boosted decision trees — a type of ML algorithm — tapping into libraries such as XGBoost, has long been the standard for fraud detection. The new AI Blueprint for financial fraud detection enhances the XGBoost ML model with NVIDIA CUDA-X Data Science libraries including GNNs to generate embeddings that can be used as additional features to help reduce false positives. The GNN embeddings are fed into XGBoost to create and train a model that can then be orchestrated. In addition, NVIDIA Dynamo-Triton, formerly NVIDIA Triton Inference Server, boosts real-time inferencing while optimizing AI model throughput, latency and utilization. NVIDIA CUDA-X Data Science and Dynamo-Triton are included with NVIDIA AI Enterprise. Leading Financial Services Organizations Adopt AI During a time when many large North American financial institutions are reporting online or mobile fraud losses continue to increase, AI is helping to combat this trend. American Express, which began using AI to fight fraud in 2010, leverages fraud detection algorithms to monitor all customer transactions globally in real time, generating fraud decisions in just milliseconds. Using a combination of advanced algorithms, one of which tapped into the NVIDIA AI platform, American Express enhanced model accuracy, advancing the company’s ability to better fight fraud. European digital bank bunq uses generative AI and large language models to help detect fraud and money laundering. Its AI-powered transaction-monitoring system achieved nearly 100x faster model training speeds with NVIDIA accelerated computing. BNY announced in March 2024 that it became the first major bank to deploy an NVIDIA DGX SuperPOD with DGX H100 systems, which will help build solutions that support fraud detection and other use cases. And now, systems integrators, software vendors and cloud service providers can integrate the new NVIDIA blueprint for fraud detection to boost their financial services applications and help keep customers’ money, identities and digital accounts safe. Explore the NVIDIA AI Blueprint for financial fraud detection and read this NVIDIA Technical Blog on supercharging fraud detection with GNNs. Learn more about AI for fraud detection by visiting the AI Summit at Money20/20, running this week in Amsterdam. See notice regarding software product information.

Insurance is a modern necessity—and it can often be a literal lifesaver. When any sort of disaster strikes, whether it’s to your property, your business, or your health, getting a payment on your claim can mean the difference between getting through the emergency in one piece and being buried under bills for years to come.While it might seem pretty straightforward, anyone who’s actually dealt with insurance companies knows that their least favorite thing to do in this world is pay out on claims. In fact, studies have found that 17% of claims made to HealthCare.gov insurers and 18% of claims made to private insurers are denied—with some insurance companies rejecting nearly 50% of all claims.In fact, some insurers employ several legal but underhanded tricks to avoid paying out on claims. Here are five common tricks insurance companies will use against you.Moving as slowly as possibleThe simplest trick an insurance company can play is to drag their feet on your claim—there’s a reason the phrase “deny and delay” has become linked to the insurance industry as a whole. This tactic works because your insurer knows you’re desperate for a settlement on your claim; that’s the whole point of insurance. The longer they make you wait, the more likely you’ll accept whatever they offer you, even if you know it’s much less than you’re entitled to.Delay tactics vary, but can include:Documentation overload. Insurance companies sometimes request huge amounts of (sometimes unnecessary) documentation that takes a lot of time to procure and organize.Personnel swaps. Insurers may change the adjuster and other employees on your case, with each new person requiring some time to review the claim and get up to speed.Claiming no response. Your insurer asked for something, and you provided it. Weeks later they claim they never received it, and ask that you submit it again.The best way to counter these tactics is meticulous record-keeping. If you feel that your insurer is asking for unnecessary documentation, ask them to explain why they need the documents—this sometimes makes document requests magically vanish. Send all written communications via certified mail and turn on read receipts for emails and other electronic communications.Love bombingInsurers are often extremely nice to you when you initially start dealing with them. They express sympathy, use the words “I’m sorry” in the context of your injuries or loss, and generally sound warm and friendly. That’s nice, and may even be genuine. But it’s also a tactic they use to delay or eventually find reasons to deny your claim.Studies have found that apologies can be weaponized, and that people will tolerate delays and settle for less if they think the other party is taking responsibility or expressing empathy. Being excessively nice to you can fool you into thinking you can rely on the insurer to handle things on your behalf. This lets the company delay as much as possible, stringing you along. Love bombing like this can also get you to say things you shouldn’t say—as we’ll see in the next entry.Twisting your wordsAnother reason an insurance adjuster or other employee might apologize to you? Because it can gently goad you into expressing regrets of your own which can then be used against you. Any expression of apology or regret could be interpreted as an admittance of fault. And establishing a friendly, sympathetic rapport with you could be a tactic to get you to say more than you should by speculating on causes or your responsibility in a claim.For example, while speaking with a friendly adjuster about a car accident you were involved with, you might tell them you wish you’d noticed the other car driving erratically—if you had, you might have avoided the accident. This might seem like a simple observation, but it could be twisted into an admittance that you weren’t paying attention—and thus your claim is denied.Insurers will also sometimes demand that you submit a recorded statement, often very quickly after the incident covered by the claim. They will sometimes state that this is best for you, as it will get the claim moving more quickly. But a rushed recorded statement can also lead to a denied claim—if you’re wrong or inaccurate about anything in your statement, this could be used as a basis for denial.To avoid the tactics listed above, follow a few simple rules for dealing with insurers:Lawyer up. Hiring a lawyer to help you deal with insurance claims might seem like overkill, but you should always have a lawyer with you when speaking with insurers. An experienced attorney can ensure you don’t say anything that could hurt your claim.Never record. You’re typically not required to submit recorded statements, so don’t do it. Insist that all communications be done in person or over the phone, with your attorney present.Be suspicious. If an adjuster or other representative of the insurance company is overly friendly, don’t fall for it. Their sympathy might be genuine, but it can still get you into trouble if you let your guard down.RushingIronically, an effective tactic to delay and deny claims is to rush things. You file your claim, and before you can get organized, hire a lawyer, and recover from whatever happened, the insurer is on the phone, offering a settlement. This is often combined with pressure—like sending you a letter stating that you have two weeks to accept the settlement offer, or the company will “close the file.”This is usually designed to reduce the payout—that easy, fast settlement is probably for a lot less than the amount you’re actually entitled to—and to force errors on your part. By rushing to pull together information, you’ll probably make mistakes that can then be used to deny the claim.You can defend against this in two simple ways:Slow down. Ignore pressure to respond immediately or by arbitrary deadlines. Take your time, gather information, and respond when you’re ready. An attorney can help by acting as a buffer between you and the company.Know the statute. If your insurer tells you it will close your claim file, let it happen. It’s a meaningless administrative action. Your state’s laws will have a defined Statute of Limitations on your claim—a period of time when you’re legally allowed to pursue the claim. As long as you’re within that time period, you can force the insurer to re-open the claim.LowballingIf your insurer doesn’t think it can totally deny your claim, it may offer you a lowball settlement. You shouldn’t accept an insurance company’s calculations as gospel. In fact, the most important piece of information you can have about the claims process is that you are allowed to hire your own insurance adjuster. A public insurance adjuster works for you, not the insurance company, and will often arrive at a much higher figure for your claim.Hiring your own adjuster also insulates you from internal delays, as you won’t have to wait on your insurer’s processes or play phone tag with their adjuster. In addition to an experienced lawyer, a public adjuster can also ensure that you have all the support and knowledge you need to navigate the often murky world of insurance claims.

Converting paper documents into digital formats means you’ve got backups of your paperwork should you ever need them. It can also help you clear out a substantial amount of clutter from your home or office — perhaps a whole filing cabinet’s worth.It’s now easier than ever to scan documents using today’s phones — a large flatbed scanner is no longer needed as it was in the past. Receipts, business cards, bills, and any other kind of printed material can be stored digitally.If you’ve got an iPhone, you can do this straight from the built-in Notes or Files apps. If those don’t quite give you the features you need, there are third-party alternatives that will do the job as well.Scan documents with Notes or FilesWhen you scan with Files or Notes, the camera will automatically line the image up. Screenshot: AppleNotes makes it simple to scan a document. Screenshot: AppleThe process of scanning a document is similar in both Notes and Files. To get started in Notes, open or create a note, then tap the paperclip icon at the bottom, then Scan Documents. In Files, tap the three dots (top right), then Scan Documents.This gets you into the scanning interface. By default, you’ll be in auto mode — frame the document in the camera viewfinder, and when it’s lined up, a picture is automatically taken. Line up the next page, and after a moment, another capture is made.Tap Auto (top right) to switch to manual mode, which lets you take each snap using the shutter button manually. The Auto button changes to read Manual, and you can tap it again to switch back to automatic mode.You’ll see a couple of icons at the top. The lightning bolt lets you control the flash, while the three circles lets you switch between Color, Grayscale, Black & White, and Photo for the scanning mode.When all the documents and pages have been captured, tap Save. In Notes, the pages you’ve scanned are then added to the current note, and in Files the pages are saved together as a PDF file (you may be asked where you want to save your file).Scanning documents from a MacYou can scan documents via your iPhone in Mac apps such as Finder. Screenshot: AppleApple’s Continuity suite of features includes a useful little trick that lets you scan documents from your Mac using an iPhone. As with other Continuity features, you must be signed in to the same Apple account on both devices for this to work, and both devices need to have Wi-Fi and Bluetooth turned on.This works in Finder, Mail, Messages, Notes, Keynote, Numbers, Pages, and TextEdit on macOS. There are three options, depending on the app you’re in:Ctrl+click where you want the scan to show, then choose Import from iPhone or iPad > Scan Documents.From the File menu, choose Import from iPhone or iPad > Scan Documents.From the Insert menu, choose Import from iPhone or iPad > Scan Documents.All three methods will launch the document scanner on your iPhone — at which point you’re back to the interface we covered in the previous section. When you tap Save on your iPhone, the documents show up in your Mac app.Third-party scanning appsDropbox lets you tweak the crop of the scan. Screenshot: DropboxDropbox also gives you options for reducing the file size. Screenshot: DropboxThe process in iOS and macOS is very straightforward, but plenty of other apps do document scanning too, if you need them. A couple that I use regularly are Google Drive and Dropbox, so you might find they suit you better if those apps are where you tend to keep your digital archives.With Google Drive, tap the scan document icon in the lower right corner (it looks like a page with a frame around it). This takes you to a camera interface that matches the one you get in Notes and Files, but when you tap Save, you get to choose where in your Google Drive you want the scanned PDF uploaded to.You get a few more options with Dropbox: Tap the blue + (plus) button at the bottom, then Scan files. There’s the Auto and Manual toggle switch again, but as soon as a page is captured, you get taken to a new screen where you can edit the borders of the scan or rotate it, and add further pages. When that’s sorted, you’re able to choose where in your Dropbox you want the scanned PDF to be saved, and how much compression to apply.See More:

Macworld PDFs are the universal language of bureaucracy. They show up when you’re applying for jobs, submitting expense reports, reviewing contracts, or signing your kid’s permission slip. But trying to edit one? That’s a digital nightmare. Until now. PDF Expert Premium for Mac is on sale for just $79.97 (regularly $139.99) through June 30, and once you get it, you’ll wonder how you ever lived without it. This lifetime license gives you everything you need to master PDFs—without monthly fees or weird formatting bugs that make you want to scream into your laptop. Need to fix a typo in a contract? You got it. Want to sign and send that NDA without printing it out like it’s 1999? Easy. Want to split a 50-page document into digestible chunks, merge files, convert formats, or even OCR your scanned receipts so you can search them? PDF Expert handles it like a pro—because that’s what it is. Designed exclusively for Mac, PDF Expert is fast, clean, and shockingly intuitive. It takes advantage of Apple’s latest tech to give you buttery-smooth performance and a user-friendly interface. Whether you’re managing client documents, wrangling freelance paperwork, or digitizing receipts, this one-time purchase of PDF Expert might be the smartest $80 you spend all year. PDF Expert Premium Plan: Lifetime Subscription (Mac)See Deal StackSocial prices subject to change.

By James Pero Published May 22, 2025 | Comments (19) | Google Veo 3 man-on-the-street video generation. © Screenshot by Gizmodo Wake up, babe, new viral AI video generator dropped. This time, it’s not OpenAI’s Sora model in the spotlight, it’s Google’s Veo 3, which was announced on Tuesday during the company’s annual I/O keynote. Naturally, people are eager to see what chaos Veo 3 can wreak, and the results have been, well, chaotic. We’ve got disjointed Michael Bay fodder, talking muffins, self-aware AI sims, puppy-centric pharmaceutical ads—the list goes on. One thing that I keep seeing over and over, however, is—to put it bluntly—AI slop, and a very specific variety. For whatever reason, all of you seem to be absolutely hellbent on getting Veo to conjure up a torrent of smooth-brain YouTube content. The worst part is that this thing is actually kind of good at cranking it out, too. Don’t believe me? Here are the receipts. Is this 100% convincing? No. No, it is not. At a glance, though, most people wouldn’t be able to tell the difference if they’re just scrolling through their social feed mindlessly as one does when they’re using literally any social media site/app. Unboxing not cutting it for you? Well, don’t worry, we’ve got some man-on-the-street slop for your viewing pleasure. Sorry, hawk-tuah girl, it’s the singularity’s turn to capitalize on viral fame. Again, Veo’s generation is not perfect by any means, but it’s not exactly unconvincing, either. And there’s more bad news: Your Twitch-like smooth-brain content isn’t safe either. Here’s one of a picture-in-picture-style “Fortnite” stream that simulates gameplay and everything. I say “Fortnite” in scare quotes because this is just an AI representation of what Fortnite looks like, not the real thing. Either way, the only thing worse than mindless game streams is arguably mindless game streams that never even happened. And to be honest, the idea of simulating a simulation makes my brain feel achey, so for that reason alone, I’m going to hard pass. Listen, I’m not trying to be an alarmist here. In the grand scheme of things, AI-generated YouTube, Twitch, or TikTok chum isn’t going to hurt anyone, exactly, but it also doesn’t paint a rosy portrait of our AI-generated future. If there’s one thing we don’t need more of, it’s filler. Social media, without AI entering the equation, is already mostly junk, and it does make one wonder what the results of widespread generative video will really be in the end. Maybe I’ll wind up with AI-generated egg on my face, and video generators like Flow, Google’s “AI filmmaker,” will be a watershed product for real creators, but I have my doubts. At the very least, I’d like to see some safeguards if video generation is going to go mainstream. As harmless as AI slop might be, the ability to generate fairly convincing video isn’t one that should be taken lightly. There’s obviously huge potential for misinformation and propaganda, and if all it takes to help mitigate that is watermarking videos created in Veo 3, then it feels like an easy first step. For now, we’ll just have to take the explosion of Veo 3-enabled content with a spoonful of molasses, because there’s a lot of slop to get to, and this might be just the first course. Daily Newsletter You May Also Like Raymond Wong, James Pero, and Kyle Barr Published May 22, 2025 By James Pero Published May 22, 2025 By Vanessa Taylor Published May 22, 2025 By Raymond Wong Published May 21, 2025 By James Pero Published May 21, 2025 By AJ Dellinger Published May 21, 2025