Safety Security & Privacy

Anthropic announced that it built a model so capable at finding and exploiting software vulnerabilities that it will not release the model to the public. Continue Reading →

Thanksgiving always kicks off the annual flood of promo emails, shipping alerts, loyalty offers, holiday coupons, and "exclusive VIP deals." This year, the volume feels higher and the quality feels sharper because AI tools now generate phishing emails that look exactly like what Amazon, Walmart, Wayfair, UPS, FedEx, or any major brand would send. The old visual tells are gone. The scams and their associated scam websites are practically indistinguishable from legitimate ones. Continue Reading →

Proofpoint, one of the world’s largest email security firms, has identified a new class of threats called AI-agent phishing. Instead of tricking people, attackers are now embedding malicious instructions directly inside emails, hidden from human view but readable by AI systems like Microsoft Copilot, Google Gemini, or any enterprise agent that processes email automatically. When we use agentic systems to act on our email (summarizing, scheduling, or drafting), they may unknowingly execute those hidden prompts sending confidential data, approving a fraudulent request, or even creating a backdoor for more attacks. Continue Reading →

Yesterday, Anthropic quietly dropped a bombshell. Unless users explicitly opt out by September 28, it will use consumer chat data to train future AI models. This is a stunning reversal from Anthropic's previous position as the privacy-first alternative to ChatGPT. Continue Reading →

Anthropic on Monday announced on-demand chat recall for Claude. Ask it to "find what we discussed about _____," and it will search your previous conversations and pull relevant context into a new thread. No persistent memory profile quietly building in the background. Just explicit search when you need it. Continue Reading →

A TechCrunch investigation revealed something that should make everyone pause before clicking "share" on their next ChatGPT conversation. When users create public links to their ChatGPT conversations, Google and other search engines are indexing them, making private conversations discoverable through simple domain filtering searches. Continue Reading →

My inbox exploded this week with Reddit screenshots claiming that OpenAI's ChatGPT Agent casually clicked through Cloudflare's "I am not a robot" verification while narrating the process: "This step is necessary to prove I'm not a bot and proceed with the action." Continue Reading →

If you've been following the The New York Times Company v. Microsoft Corporation (1:23-cv-11195) case, you may wake up this morning worrying that New York Times lawyers will soon comb through your late‑night ChatGPT confessions. Breathe easy – they almost certainly will not. Continue Reading →

Microsoft is officially going passwordless by default. On the surface, it’s a welcome step toward a safer, simpler future. Passkeys — supported by Apple, Google, and Microsoft under the FIDO Alliance banner — promise to eliminate the phishing risks, credential leaks, and attack vectors that passwords have always invited. But there’s a catch. Continue Reading →

A journalist was accidentally added to a Signal group chat intended for classified military discussions. It happened. Mistakes happen. Everyone makes them. That’s exactly why security protocols exist—to prevent human error from becoming a systemic failure. Continue Reading →