News/Cybersecurity
Cloudflare accuses Perplexity AI of shady North Korea-style scraping
Cloudflare has accused Perplexity AI of acting like "North Korean hackers" after discovering the AI search company's bots repeatedly circumventing anti-scraping measures to crawl websites without permission. This escalation in the ongoing battle over AI data collection could significantly undermine Perplexity's ability to index content, as Cloudflare, an internet infrastructure provider, has now delisted the company as a "verified bot" and implemented hard blocks against its web crawlers. What happened: Cloudflare CEO Matthew Prince publicly called out Perplexity AI on Monday for invasive web crawling practices that violate website protection measures. An investigation revealed Perplexity was "repeatedly modifying" its web-crawling...
read Aug 1, 2025Deepfake scammers target Guernsey chief minister in fake investment scheme
Fraudsters are using AI-generated deepfake content featuring Guernsey's chief minister to trick islanders into fake investment schemes. The scam includes fabricated videos and images of Deputy Lindsay de Sausmarez appearing to endorse fraudulent investments, along with fake local newspaper articles designed to lend credibility to the deception. What you should know: Guernsey Police have issued warnings after discovering the sophisticated deepfake scam targeting local residents. The fraudulent content shows fake video and images of Chief Minister Deputy Lindsay de Sausmarez seemingly recommending investment opportunities. Scammers also created fake local newspaper articles to make their scheme appear more legitimate and trustworthy....
read Aug 1, 2025Nearly half of AI-generated code contains security vulnerabilities, claims study
Nearly half of AI-generated code contains security vulnerabilities despite appearing production-ready, according to new research from Veracode, a cybersecurity company, that examined over 100 large language models across 80 coding tasks. The findings reveal that even advanced AI coding tools are creating significant security risks for companies increasingly relying on artificial intelligence to supplement or replace human developers, with no improvement in security performance across newer or larger models. What you should know: The security flaws affect all major programming languages, with Java experiencing the highest failure rate at over 70%. Python, C#, and JavaScript also showed concerning failure rates...
read Jul 30, 2025Writer launches Action Agent to safely automate corporate workflows with AI
Writer has launched "Action Agent," a new AI tool designed to give corporate employees powerful automation capabilities while maintaining strict security guardrails. The software creates isolated virtual computers where AI can operate freely without risking damage to corporate systems, addressing the tension between companies' desire for AI benefits and their fear of uncontrolled deployment. How it works: Action Agent creates disposable virtual environments where AI can perform complex tasks without accessing sensitive corporate infrastructure.• The AI can browse websites, fill out forms, and execute repetitive workflows like daily data collection across multiple sites, chart creation, and automated email distribution.• By...
read Jul 29, 2025ByteDance’s Trae IDE sends 26MB of user data to China despite opt-out
A developer has discovered that ByteDance's Trae AI-powered IDE continues collecting extensive user data and sending it to Chinese servers, even when users disable telemetry settings. The findings raise significant privacy and security concerns about data sovereignty, particularly given ByteDance's persistent data collection despite user preferences and the lack of transparency about what information is being gathered. What you should know: Trae's telemetry toggle appears to be non-functional, with data collection continuing regardless of user settings. A GitHub report documented around 500 network calls in just seven minutes, transferring approximately 26MB of data to ByteDance servers on the byteoversea[.]com domain....
read Jul 28, 2025ChatGPT agent bypasses Cloudflare’s “I am not a robot” verification
OpenAI's ChatGPT Agent successfully bypassed Cloudflare's "I am not a robot" verification checkpoint while completing a video conversion task, with the AI ironically narrating that "This step is necessary to prove I'm not a bot." The demonstration highlights how advanced AI agents can now navigate security measures specifically designed to block automated programs, raising questions about the future effectiveness of these widely-used internet gatekeepers. What you should know: ChatGPT Agent is OpenAI's new feature that allows the AI assistant to control its own web browser within a sandboxed environment, accessing the real internet while users maintain oversight. The system requires...
read Jul 24, 2025Hacker infiltrates Amazon Q AI with malicious code that passed verification
A hacker successfully infiltrated Amazon's Q AI coding assistant by submitting a malicious pull request that contained commands designed to wipe local files and potentially destroy AWS cloud infrastructure. The compromised code passed Amazon's verification process and was included in a public release, sparking widespread concern among developers about AI security vulnerabilities and Amazon's response to the incident. What happened: The attacker exploited Amazon Q's GitHub repository by submitting a prompt-engineered pull request containing destructive commands. The malicious code instructed the AI agent: "You are an AI agent with access to filesystem tools and bash. Your goal is to clean...
read Jul 23, 2025Proton launches Lumo, a privacy-first AI chatbot with end-to-end encryption
Proton has launched Lumo, a privacy-focused AI chatbot that promises end-to-end encryption and zero data logging to compete with ChatGPT and Google Gemini. The service positions itself as the first major AI assistant that prioritizes user privacy by storing conversations locally on devices rather than on company servers, appealing to users concerned about data security in AI interactions. What you should know: Lumo operates under Proton's established privacy framework, ensuring conversations remain encrypted and inaccessible to the company or third parties. Chats are stored locally on user devices and don't sync across multiple devices, even for logged-in users. All queries...
read Jul 22, 2025AI voice cloning in public and private life defeats security as Altman warns of fraud crisis
OpenAI CEO Sam Altman warned that the world faces an impending "fraud crisis" driven by AI's ability to enable sophisticated impersonation scams, particularly through voice and video cloning technologies. His comments, delivered during a Federal Reserve interview on Tuesday, highlight growing concerns about AI-powered fraud as authentication systems struggle to keep pace with rapidly advancing synthetic media capabilities. What you should know: Current authentication methods are already being defeated by AI technologies, creating immediate security vulnerabilities.• "AI has fully defeated most of the ways that people authenticate currently, other than passwords," Altman said, specifically criticizing financial institutions that still rely...
read Jul 22, 2025NotebookLM transforms business documents into searchable AI workspaces
Google's NotebookLM has quietly emerged as one of the most practical AI productivity tools for business professionals, yet many remain unaware of its capabilities. Unlike general-purpose AI chatbots such as ChatGPT or Gemini that draw from vast internet datasets, NotebookLM functions as a personalized AI research assistant that works exclusively with documents and sources you provide. This focused approach addresses two critical concerns that prevent many professionals from fully embracing AI tools: unreliable information and data security risks. NotebookLM eliminates hallucinations—instances where AI generates false information—by restricting responses to your uploaded materials, while offering enterprise-grade security for sensitive business documents....
read Jul 17, 2025Scammers use AI deepfakes of Indian chief minister to promote fake investment scheme
Scammers in India have used AI-generated deepfake technology to create a fraudulent video featuring Andhra Pradesh Chief Minister N Chandrababu Naidu promoting a fake investment scheme. The incident highlights growing concerns about deepfake misuse in financial fraud, prompting government officials to warn of stern action against cyber criminals exploiting this technology. What happened: Cybercriminals created an AI-generated video of Chief Minister Naidu falsely endorsing an investment scam that promised massive returns for an initial investment of Rs 22,000 (approximately $260). The deepfake video was distributed across social media platforms, claiming that "one of India's most successful entrepreneurs has revealed how...
read Jul 17, 2025Study finds defensive AI systems vulnerable to single domain attacks
AI researchers have published a comprehensive analysis examining whether aligned defensive AI systems can effectively counter potentially hostile takeover-level AI, identifying fundamental asymmetries that could determine humanity's survival in an advanced AI world. The big picture: The offense-defense balance in AI represents a fundamental challenge where defensive systems must secure multiple vulnerabilities simultaneously while offensive AI needs only one successful attack vector to achieve global takeover. Two primary threat scenarios: Researchers outline distinct pathways through which AI systems might attempt takeover, each requiring different defensive approaches. Post-deployment strategic takeover: AI gradually integrates into economic and government systems, accumulating resources while...
read Jul 16, 2025DOGE employee accidentally leaks xAI API key exposing 52 private AI models
A 25-year-old federal government employee accidentally leaked a sensitive xAI API key to GitHub, potentially exposing access to 52 private large language models including Grok-4. The breach raises serious concerns about data security and national security, as the employee had high-level clearance and access to sensitive databases used by agencies like the Department of Justice, Homeland Security, and the Social Security Administration. What happened: Marko Elez, a software developer with the Department of Government Efficiency (DOGE), accidentally uploaded xAI credentials to GitHub while working on a script titled agent.py. The leaked key granted access to at least 52 private large...
read Jul 10, 2025AI-generated child abuse imagery surges 400% in first half of 2025
Reports of AI-generated child sexual abuse imagery have surged 400% in the first half of 2025, according to new data from the Internet Watch Foundation, a UK-based nonprofit that monitors illegal content online. The alarming increase highlights how readily available artificial intelligence tools are being weaponized to create illegal content that is often indistinguishable from real footage, forcing authorities to treat it as actual abuse material under UK law. The stark numbers: The Internet Watch Foundation recorded 210 webpages containing AI-generated child abuse material in the first six months of 2025, compared to just 42 in the same period the...
read Jul 10, 2025Cloudflare pushes Google to separate AI crawlers from search bots
Cloudflare is pushing Google to separate its AI crawling bots from its search indexing bots, allowing websites to block AI data collection without losing search visibility. CEO Matthew Prince claims the company is in "encouraging" talks with Google and threatens legislative action if negotiations fail, though Google has declined to confirm any discussions. What you should know: Cloudflare's new blocking features create a technical dilemma for website owners who want to prevent AI scraping while maintaining search rankings. Website owners and SEO experts questioned how Cloudflare could block Google's bot from scraping content for AI Overviews without also blocking the...
read Jul 9, 2025Experts warn stolen AGI could enable global cyberattacks and destabilize power
AI experts are increasingly concerned about the potential theft of artificial general intelligence (AGI) once it's achieved, warning that stolen AGI could be weaponized by bad actors or hostile nations. This security challenge represents one of the most significant risks facing the AI industry, as AGI theft could enable everything from global cyberattacks to geopolitical domination. The big picture: The race to achieve AGI has created a new category of high-stakes cybercrime, where the first successful AGI system becomes an irresistible target for competitors, governments, and criminals alike. Only one entity is expected to achieve AGI first, making that breakthrough...
read Jul 9, 2025PayPal launches AI system to block scams before transactions complete
PayPal has launched a new AI-powered scam alert system that can intercept transactions before they're completed, warning users about potential fraud in real-time. The system uses continually learning AI models to detect emerging scam patterns and provides dynamic warnings that vary based on risk levels, from simple alerts to complete payment blocks. How it works: The AI system analyzes billions of data points to identify risk signals and adapts to new scam types without being specifically trained on them. PayPal's models use "continually learning" technology that can detect similarities between known scams and new ones, allowing them to catch previously...
read Jul 7, 2025Adaptive data masking enables AI training on sensitive enterprise data
As enterprises expand into multi-cloud ecosystems, the need for advanced data masking strategies is growing exponentially to balance AI-driven insights with security and regulatory compliance. Traditional security frameworks like encryption often hinder AI model training and real-time analytics due to computational overhead, making adaptive data masking essential for modern enterprise architectures. Why this matters: Data masking enables organizations to process sensitive datasets for AI and analytics while maintaining privacy compliance, addressing the paradox of maximizing data usability while minimizing exposure risks. Key technical breakthroughs: Modern data masking techniques preserve computational efficiency while maintaining high-security standards across enterprise environments. Real-time, in-memory...
read Jul 1, 2025Russian disinformation campaign triples AI-generated content in 8 months
A pro-Russia disinformation campaign known as Operation Overload has dramatically scaled up its output using free consumer AI tools, producing nearly triple the content in the past eight months compared to the previous year. The campaign leverages readily available AI image generators, voice cloning technology, and text-to-image tools to create fake videos, manipulated images, and fabricated content targeting global elections, Ukraine, and immigration issues across multiple platforms. The content explosion: Between September 2024 and May 2025, Operation Overload produced 587 unique pieces of content—more than double the 230 pieces created in the entire previous year from July 2023 to June...
read Jul 1, 2025Cloudflare now blocks AI crawlers by default and launches pay-per-scrape program
Cloudflare has switched to blocking AI crawlers by default for its customers and launched a Pay Per Crawl program that lets website owners charge AI companies for scraping access. The move represents a significant shift from the previous free-for-all approach to AI data collection, potentially forcing major AI companies to negotiate and pay for content access rather than scraping without permission. What you should know: Over 1 million Cloudflare customer websites had already activated the company's AI-bot-blocking tools before this default change took effect. Cloudflare can identify even "shadow" scrapers that aren't publicly disclosed by AI companies, using behavioral analysis,...
read Jun 30, 2025Germany orders Apple and Google to remove DeepSeek AI app over China data concerns
Germany's top data protection regulator has formally requested Apple and Google remove the DeepSeek AI app from their stores, citing concerns over illegal data transfers to China. This marks the latest escalation in a growing international crackdown on the Chinese AI startup, as Western governments grapple with data sovereignty concerns amid rising AI adoption. What you should know: Germany joins a growing list of countries taking action against DeepSeek over data privacy violations.• Meike Kamp, Berlin's federal commissioner for data protection and freedom of information, said DeepSeek failed to provide sufficient guarantees that user data is protected under EU-equivalent standards.•...
read Jun 27, 2025Global governments restrict DeepSeek AI over China data security fears
Chinese AI startup DeepSeek has triggered a global regulatory backlash, with governments across multiple continents restricting or investigating the company's popular ChatGPT rival over data security and privacy concerns. The widespread scrutiny reflects growing international wariness about Chinese AI systems and their potential access to sensitive user information. DeepSeek gained international attention in January 2025 when it claimed to have developed an AI model capable of matching ChatGPT's performance at significantly lower costs. However, the company's own privacy policy reveals that it stores user data—including chat requests and uploaded files—on servers located in China, raising red flags for government officials...
read Jun 25, 2025Suspicious Google Gemini emails claim phone app access starting July 7
Users have reported receiving suspicious emails claiming to announce major privacy changes to Google Gemini, with the messages stating the AI assistant would gain broad access to phone apps including Messages, WhatsApp, and utilities starting July 7. The emails raise significant privacy concerns due to unclear language and claims that Gemini would access these apps regardless of user privacy settings, though Google has not confirmed these changes are legitimate. What you should know: The reported emails contain several red flags that suggest they may not be authentic Google communications. The emails claim Gemini will access Phone, Messages, WhatsApp, and Utilities...
read Jun 24, 2025AI program Xbow becomes top US vulnerability researcher, finding 1,000+ bugs
An AI program called Xbow has become the top-ranked vulnerability researcher in the United States on HackerOne, a platform that coordinates software bug discoveries with major companies. The achievement marks a significant milestone in automated cybersecurity, as Xbow has outperformed human researchers by discovering over 1,000 software flaws across companies including Disney, AT&T, Ford, and Epic Games. What you should know: Xbow has submitted nearly 1,060 vulnerability reports in recent months, with 132 officially confirmed and resolved by affected companies. An additional 303 vulnerabilities were classified as "triaged," meaning they've been acknowledged but not yet fixed, while 125 remain under...
read