Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Artificial Intelligence. Show all posts
technology
Artificial Intelligence Claude GitHub Opencode technology

OpenCode’s Rapid Growth Reflects Rising Developer Concerns Over AI Vendor Dependence

 





A glaring divide is emerging in the AI coding industry as developers increasingly weigh the convenience of fully managed coding platforms against the flexibility of open-source alternatives designed to avoid dependence on a single provider.

The debate intensified this week after Anthropic used its first “Code with Claude” developer conference to showcase major upgrades across its Claude Code ecosystem. The company announced that rate limits for Claude Code users on Pro, Max, Team, and Enterprise plans would be significantly expanded, while peak-hour usage restrictions were removed entirely. Anthropic also raised usage limits for its Opus API and disclosed a major infrastructure agreement with SpaceX involving the Colossus 1 data center.

According to the company, the agreement will provide access to more than 300 megawatts of computing power and approximately 220,000 Nvidia GPUs expected to come online within weeks. The move reflects the broader AI industry race to secure high-performance computing infrastructure as demand for generative AI services continues to increase.

Anthropic also introduced several updates aimed at turning Claude Code into a more advanced managed development environment. These included expanded Managed Agents capabilities, support for coordinating multiple AI agents simultaneously, a public beta feature called Outcomes, and an experimental memory system internally referred to as “dreaming,” which is intended to help AI systems retain and improve contextual understanding over time.

During the event, Anthropic executive Boris Cherny demonstrated remote agents and automated routines capable of running coding tasks asynchronously, effectively allowing Claude Code to function more like a workflow orchestration platform rather than a traditional coding assistant.

At the same time, a separate trend has been accelerating across the open-source community. OpenCode, an independent coding harness project associated with SST, has experienced a dramatic rise in popularity after positioning itself as an alternative to vendor-controlled AI development environments.

The project’s GitHub repository has now surpassed 157,000 stars, overtaking the roughly 122,000 stars associated with Anthropic’s own Claude Code repository at the time of reporting. While GitHub stars do not necessarily represent active users or production deployments, they are often viewed as indicators of developer awareness, interest, and community support.

The roots of OpenCode’s instant growth trace back to January 2026, when Anthropic introduced server-side authentication checks that prevented third-party tools from accessing Claude Pro and Max subscriptions through OAuth-based authentication methods.

Several projects, including OpenCode, Cline, and RooCode, were affected by the policy change. Prior to the restrictions, these tools allowed developers to run autonomous coding workflows through fixed-price Claude subscriptions rather than paying significantly higher API-based usage fees tied to token consumption.

From Anthropic’s perspective, the restriction addressed a business and infrastructure problem. Subscription plans were designed to support usage within the company’s own ecosystem, while third-party tools were effectively redirecting high-volume workloads through pricing structures never intended for external automation platforms.

Discussions across developer forums, including lengthy conversations on Hacker News, showed that many users understood Anthropic’s reasoning. However, criticism quickly emerged over the manner in which the restrictions were enforced. Developers reported that the changes were introduced without advance notice, disrupting workflows in active sessions. Some users also claimed that automated abuse-detection systems temporarily restricted accounts during the transition period.

OpenCode responded rapidly after the restrictions took effect. The project added support for ChatGPT Plus integrations within hours and began expanding compatibility across multiple AI providers. Anthropic later formalized its position in updated Terms of Service published in February, clarifying that subscription OAuth tokens were not intended for third-party routing or automation tools.

The dispute escalated further in March after OpenCode reportedly received legal requests related to Claude subscription authentication. Shortly afterward, the project merged an update removing references to Claude Pro and Max authentication from its codebase. By April 4, Anthropic’s enforcement measures had expanded to additional third-party harnesses, including OpenClaw and NanoClaw, pushing developers toward pay-as-you-go API billing structures.

Interest in OpenCode accelerated during this period. On March 21, a Hacker News discussion surrounding the project gained more than 1,200 points and hundreds of comments, driving additional visibility across the developer community. By early April, the repository had already crossed 120,000 GitHub stars.

As of May 8, project activity data showed approximately 156,904 stars, 18,259 forks, 4,788 issues, and more than 1,600 open pull requests. OpenCode’s website also claimed participation from over 850 contributors and estimated usage among roughly 6.5 million monthly developers.

Industry observers note that the OAuth dispute alone likely does not explain OpenCode’s growth. Instead, the incident appears to have accelerated an existing movement toward model-agnostic development tools. OpenCode gradually shifted its messaging away from low-cost Claude access and toward provider neutrality, emphasizing that developers should be able to switch between AI models as pricing, performance, and capabilities evolve.

That distinction is increasingly important as competition intensifies between major AI providers. A developer using a model-agnostic harness can move between Anthropic, OpenAI, or other models with relatively minor configuration changes. In contrast, developers operating entirely within a vertically integrated ecosystem may face higher switching costs if pricing structures, usage limits, or platform policies change unexpectedly.

The debate mirrors earlier divisions within the software infrastructure industry. Some analysts have compared the current situation to Docker and Podman, where one platform focused heavily on integrated services and managed workflows while the other prioritized portability, operational control, and independence from platform lock-in.

OpenCode’s rise has also drawn criticism from parts of the developer community. Users in public discussions have raised concerns about high memory usage, the growing complexity of the project’s TypeScript codebase, inconsistent release stability, and the broader security implications of integrating multiple AI providers into a single framework.

Security considerations remain particularly relevant because every additional provider connection potentially expands the software’s attack surface. OpenCode also faced backlash after removing Claude subscription authentication support following reported legal pressure, with some developers expressing frustration over how the project handled the situation.

Still, the overall ndustry direction appears increasingly clear. Anthropic is investing heavily in a future built around tightly managed AI coding ecosystems that combine infrastructure, orchestration, memory systems, and coding assistance within a single platform.

At the same time, open-source projects such as OpenCode, Cline, Aider, and OpenClaw continue to attract developers seeking portability and reduced dependency on individual AI vendors.

For many software teams, the central issue is no longer choosing between Claude Code and OpenCode alone. Instead, developers are beginning to decide whether critical AI-assisted workflows should remain under the control of a single provider or operate through more flexible systems capable of adapting as the AI landscape continues to shift.

Read more »
zero-day vulnerability
AI-generated exploit Artificial Intelligence Cybersecurity Google Threat Intelligence Group Technology zero-day vulnerability

Google Detects AI-Generated Zero-Day Exploit Targeting Web Admin Tool

 

Researchers from Google Threat Intelligence Group (GTIG) have revealed that a recently identified zero-day exploit aimed at a widely used open-source web administration platform was likely created with the help of artificial intelligence.

The vulnerability, which targeted the platform’s two-factor authentication (2FA) mechanism, could have allowed attackers to bypass critical security protections. While the software involved has not been publicly identified, researchers confirmed that the attack was stopped before it reached large-scale exploitation.

According to GTIG, analysis of the Python-based exploit strongly indicates the involvement of AI tools during the vulnerability discovery and weaponization process. The team noted that the coding style, educational explanations within the script, and even fabricated technical details closely resembled outputs commonly produced by large language models (LLMs).

“For example, the script contains an abundance of educational docstrings, including a hallucinated CVSS score, and uses a structured, textbook Pythonic format highly characteristic of LLMs training data,” GTIG says in a report today.

Researchers also stated that the flaw itself appeared to be a semantic logic issue — an area where AI systems tend to perform effectively — rather than traditional vulnerabilities like memory corruption or poor input sanitization that are usually identified through fuzzing or static analysis techniques.

Google informed the affected software developer about the issue, allowing security measures to be implemented quickly and the attack to be disrupted before wider abuse occurred.

“For the first time, GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI,” GTIG researchers say.

The report additionally highlights the increasing role of AI in cybercrime operations. Google observed threat groups linked to China and North Korea — including APT27, APT45, UNC2814, UNC5673, and UNC6201 — using AI systems for exploit development and vulnerability research.

Meanwhile, Russia-associated threat actors were reportedly using AI-generated decoy code to conceal malware strains such as CANFAIL and LONGSTREAM. Google also referenced a Russian campaign known as “Overload,” where AI voice cloning technology was allegedly used to imitate journalists in fabricated videos spreading anti-Ukraine narratives.

The report further examined the Android malware PromptSpy, previously documented by ESET, for its integration with Gemini APIs to automate interactions on infected devices.

Investigators identified an autonomous component called "GeminiAutomationAgent," which reportedly relies on a hardcoded prompt to help the malware evade AI safety mechanisms. Researchers explained that the prompt assigns the malware a harmless persona, enabling it to calculate interface geometry and interact with device functions more effectively.

Google researchers also warned that the malware appears capable of replaying authentication methods, including PINs and lock patterns, using AI-assisted techniques.

The company concluded that cybercriminals are increasingly scaling access to premium AI services through methods such as automated account generation, proxy relay systems, and shared account infrastructures.
Read more »
Technology
AI Agent AI industry Artificial Intelligence Hermes openclaw python Technology

Hermes Agent Emerges as a Strong Challenger to OpenClaw in the Self-Learning AI Assistant Space

 



Artificial intelligence tools are increasingly allowing non-technical users to build software and automate tasks that previously required programming knowledge, and a new open-source AI agent called Hermes is becoming a major example of that shift.

The discussion gained momentum this week after reports circulated about a 78-year-old marketing executive with no coding background successfully creating a robotics application using only natural-language instructions. The application was reportedly built through the Reachy Mini ecosystem developed by Hugging Face, whose robot app marketplace has surpassed 300 live applications and approximately 10,000 deployed robots worldwide.

According to the shared account, the individual did not use Python programming or specialized robotics software during development. Supporters of AI-assisted development tools pointed to the example as evidence that conversational AI systems are reducing technical barriers that traditionally slowed software creation.

The development also reflects a broader trend across the AI industry. Newer AI agents are increasingly designed to retain information from previous interactions, improve their own workflows, and adapt to user behavior over time. Earlier this week, Anthropic introduced a feature called “Dreaming,” which allows AI agents to process earlier sessions in the background and generate new memory structures automatically. Meanwhile, Hermes Agent from Nous Research is pursuing a similar idea through persistent task learning and automated skill generation.

Hermes Agent, first released in February 2026, has quickly gained traction within the open-source AI community. The project reportedly has more than 135,000 GitHub stars and is distributed under the MIT license. It also includes over 40 built-in skills, which function as reusable instruction modules that help the system repeat previously learned workflows more efficiently.

One of Hermes’ defining features is its self-improving learning architecture. After completing a difficult or multi-step task, the agent enters what developers call a “Reflective Phase.” During this process, the system reviews its own actions, identifies successful execution patterns, and converts those patterns into reusable skill files. When a related task appears later, Hermes can retrieve the previously learned solution instead of generating a new workflow from the beginning.

The platform also uses a layered memory structure consisting of temporary session memory, long-term episodic memory stored through SQLite databases, and procedural memory tied to learned skills. Developers say the software can operate on low-cost virtual private servers, large GPU clusters, or serverless cloud environments. Hermes is also model-agnostic, allowing users to connect the framework to providers such as OpenAI, Anthropic, OpenRouter, Kimi, MiniMax, GLM, Nous Portal, or privately hosted AI endpoints.

Users can access the agent through Telegram, Discord, Slack, WhatsApp, Signal, email services, or command-line interfaces. The project’s latest update, v0.13.0, internally referred to as “The Tenacity Release,” reportedly introduced Google Chat integration as its twentieth supported platform. The update also added durable multi-agent coordination tools, automatic task recovery systems, retry budgeting controls, hallucination filtering mechanisms, persistent goal tracking for long-running tasks, automatic linting after file edits, and session recovery after unexpected gateway interruptions.

According to project details shared by contributors, the release included 864 code commits from 295 contributors in a single week and resolved eight critical security issues. One patched vulnerability reportedly involved a Discord-related flaw that could allow bots to message users across servers outside their intended access scope.

The installation process has also been simplified significantly. Hermes now uses a one-line curl installer that automatically configures dependencies such as Python 3.11, Node.js, ripgrep, and ffmpeg. During setup, the software can automatically detect existing OpenClaw environments and offer to import prior settings, memories, skills, and API credentials.

The growing comparison between Hermes and OpenClaw highlights a design shift occurring within the AI assistant ecosystem. OpenClaw originally gained attention by focusing heavily on messaging integrations and centralized orchestration across communication platforms. Hermes, by contrast, places continuous learning and automated self-improvement at the center of its architecture.

In practical terms, OpenClaw skills are generally predefined instruction sets written manually by users or generated beforehand through prompting. Hermes instead attempts to build those reusable workflows automatically by analyzing completed tasks after roughly every 15 tool interactions or after especially complex operations. Supporters argue this creates a compounding learning effect where the agent gradually improves with repeated use.

Despite the growing interest around Hermes, some developers caution against viewing it as a complete replacement for OpenClaw. OpenClaw still supports more than 24 messaging integrations, offers greater transparency through inspectable file-based memory systems, and has undergone broader public security review. Community discussions suggest that many advanced users currently operate both systems together, using OpenClaw for orchestration while relying on Hermes for adaptive learning capabilities.

Researchers tracking the rapid development of AI agents believe these systems are moving beyond traditional chatbot behavior and evolving into persistent digital assistants capable of handling long-running, multi-step workflows. However, cybersecurity analysts also warn that systems with autonomous memory creation and broad platform access may introduce additional security and privacy risks if governance and safeguards fail to evolve alongside the technology.

Read more »
technology
AI in robotics App Store Artificial Intelligence Hugging Face ML Model technology

Hugging Face Opens New App Marketplace for Reachy Mini Robots With Over 200 Community-Created Apps

 




Artificial intelligence platform Hugging Face has launched a dedicated app marketplace for its Reachy Mini desktop robot, opening robotics development to a much wider audience beyond engineers and programmers.

The new Reachy Mini App Store arrives less than a year after the company introduced the low-cost robot in July 2025 following its acquisition of robotics startup Pollen Robotics. Unlike traditional robotics systems that often require technical expertise and expensive hardware, Reachy Mini was designed as a small desktop robot that ordinary users can experiment with at home or in workplaces.

The store already contains more than 200 applications created by community members. Owners of the robot can install these apps without paying additional fees. At present, developers cannot monetize their creations, although Hugging Face says the system may support paid apps later because the platform is built on its existing “Spaces” infrastructure for hosting AI applications.

According to Hugging Face CEO Clément Delangue, the company’s main objective is to remove the technical barrier that has historically made robotics inaccessible to most people. He explained that users without coding or engineering experience are now building working robot applications in less than an hour using AI-powered tools.

A major obstacle in robotics has long been the shortage of large public datasets. While large language models improved rapidly using enormous collections of publicly available software code from platforms such as [GitHub], robotics-specific programming data remains far more limited. This has traditionally made it difficult for AI systems to understand how physical machines operate or interact with hardware components.

To address this problem, Hugging Face developed a system that allows users to describe robot behaviors in normal language instead of writing complex code manually. For example, a user can simply instruct the robot to wave when greeted. An AI agent then generates the necessary code, checks whether it works within the robot’s hardware limitations, and prepares the application automatically.

The company says the platform supports multiple AI models rather than relying on a single provider. Developers can use Hugging Face’s own “ML Intern” tool or connect external models including GPT-5.5, Claude Opus 4.6, Gemini Live, Mini Max GM5, Kimmy 2.6, and Deep Sig V4 Pro. Official conversation-based apps currently use OpenAI Realtime and Gemini Live for real-time interaction.

Hugging Face argues that these higher-level software abstractions substantially reduce the amount of time needed to build robotics applications. Tasks that previously required weeks of integration work can now reportedly be completed within minutes.

The Reachy Mini itself is positioned as an affordable alternative to commercial robotics platforms. The company noted that robots from firms such as Boston Dynamics can cost tens of thousands of dollars, while some competing Chinese systems begin at more than $1,900.

Reachy Mini is available in two versions. The Reachy Mini Lite costs $299 plus shipping and connects to an external computer through USB for processing. The wireless edition costs $449 plus shipping and includes built-in computing hardware using a Raspberry Pi CM4 alongside Wi-Fi support.

Delangue said approximately 10,000 units have already been sold, including 3,000 purchases within the past two weeks alone. Hugging Face expects another 1,000 robots to ship within the next month.

People who do not own the robot can still experiment with the platform through a browser-based simulator that recreates the robot in a virtual 3D environment. Users can also duplicate existing apps through a feature known as “forking” and then modify them using AI instructions, such as changing a robot’s responses into another language.

The App Store forms part of Hugging Face’s broader “Le Robot” initiative launched in 2024 to publish open-source robotics code, tutorials, and hardware resources online. Unlike developer-focused repositories, the Reachy Mini App Store was designed specifically for non-technical users and hobbyists.

More than 150 creators have already contributed applications to the store, many without previous robotics experience. One example highlighted by the company involved 78-year-old retired marketing executive Joel Cohen, who has no technical training and is colorblind. Despite taking two weeks to assemble his Reachy Mini Lite, a process that normally requires only a few hours, Cohen used AI tools to create a robot assistant for CEO discussion groups held over Zoom. The system greets participants by name, verifies claims during discussions, summarizes conversations, and challenges shallow responses in real time.

Other applications developed by the community include a chess-playing robot that jokes about user mistakes, a productivity assistant that detects phone usage, a language-learning companion that corrects pronunciation, and a Formula 1 race commentator that narrates races live.

Delangue also described creating his own office receptionist application in under two hours. The system uses facial recognition to identify visitors, greet them, ask whom they are meeting, and automatically send notifications to employees.

According to Delangue, developing robotics software previously required deep specialization and months of work for people outside the robotics industry. Hugging Face believes combining low-cost hardware with AI agents capable of generating code could reshape how ordinary users interact with robots.

The company says its longer-term goal is to make robotics resemble the personal computer and smartphone markets, where hardware becomes widely available and software creation is no longer restricted to technical specialists.

Read more »
Vulnerability Management
AI Security APRA Artificial Intelligence Banking Security Critical Infrastructure Cyber Threats Cybersecurity Mythos AI Vulnerability Management

Australia Demands Faster Cybersecurity Action to Address Mythos Activity


 

Australian financial regulators are increasingly concerned about the safety of frontier artificial intelligence platforms such as myth, and are reviewing their cybersecurity policies. A strong worded communication issued by the Australian Securities and Investments Commission on Friday stressed that financial institutions should no longer regard artificial intelligence-driven cyber exposure as a future threat, and that defensive controls, governance mechanisms, and operational resilience frameworks must be strengthened immediately. 

According to the regulator, the rapid integration of advanced artificial intelligence technologies within financial ecosystems is increasing the attack surface across critical systems, making robust cybersecurity preparedness an urgent priority. This increased regulatory focus comes as a result of ongoing government engagement with developers of advanced artificial intelligence systems, such as Anthropic, as officials attempt to assess the security implications of increasingly autonomous cyber capabilities. 

Tony Burke's spokesperson confirmed earlier this week that Australian authorities are actively coordinating with software vendors and artificial intelligence firms to ensure they remain informed of newly discovered vulnerabilities and evolving threats affecting critical infrastructure. 

It is unclear whether the government is directly participating in the restricted Mythos Preview platform of Anthropic or is participating only through advisory and intelligence sharing channels. However, the statement underscores growing institutional concerns regarding the operational risks posed by artificial intelligence security tools of the future.

A small group of major technology companies was given access to the platform instead of the platform being made available publicly, a practice that has sparked intense debate within the cybersecurity community. 

Some analysts believe the technology will accelerate vulnerability discovery and defensive research, while others warn that such concentrated offensive capabilities can pose significant systemic risks if compromised or misused. There have also been questions surrounding the credibility of claims made about Mythos’ capabilities, comparing them to previous industry claims about very capable artificial intelligence systems that did not live up to public expectations. 

Concerns raised by the Australian Prudential Regulation Authority have escalated further after it warned that the country's banking sector is falling behind artificial intelligence developments, in particular when it comes to cyber resilience and governance oversight. 

As stated in a formal communication addressed to financial institutions, APRA expressed concern that many existing information security frameworks are not evolving rapidly enough to address the operational risks introduced by frontier AI systems such as Anthropic's Mythos. 

APRA warned that rapidly evolving AI models could significantly increase the speed, scale, and precision of cyber intrusions by enabling automated vulnerability discovery and exploit development. An analysis of the industry by APRA indicated growing concerns regarding the potential material changes to the cybersecurity threat landscape for Australia's financial sector by high-capability AI systems with advanced coding capabilities. 

Project Glasswing, an initiative that involves a number of major technology companies such as Amazon, Microsoft, Nvidia, and Apple, specifically cited Anthropic’s Claude Mythos. A number of security experts have cautioned that systems capable of autonomously analyzing software architectures and identifying vulnerabilities can introduce unprecedented offensive potential if accessed by malicious actors. 

Despite the fact that Anthropic did not respond to the request for comment, regulators continue to assess the implications of artificial intelligence-driven cyber operations, as the scrutiny surrounding the platform continues to intensify. An increasing regulatory focus on frontier artificial intelligence reflects a general shift in cyber risk assessment across the financial sector, in which advanced AI capabilities and critical digital infrastructure are creating an increasingly volatile threat environment as a result of their convergence. 

The Australian government appears increasingly concerned that conventional security models may not be sufficient against AI-assisted intrusion techniques capable of speeding reconnaissance, vulnerability discovery, and large-scale exploitation. 

Since the announcement, there has been considerable debate within the cyber security and artificial intelligence sectors. Supporters have framed Mythos as a potentially transformative platform aimed at accelerating defensive security research and fundamentally transforming vulnerability management. In contrast, critics argue that concentrating such capabilities within a limited ecosystem would pose systemic severe risks if malicious actors were to leak, weaponize or replicate the technology.

A number of people have questioned whether the narrative surrounding Mythos is a reflection of true technological advancement or an attempt to gain market attention through fear-based security messaging. Furthermore, earlier claims regarding advanced AI models in the broader industry have been compared, including statements regarding OpenAI systems which were later criticized for a failure to match the public image of their capabilities with actual performance.

As financial institutions continue integrating AI into critical operations, regulators are signaling that stronger technical oversight, faster defensive adaptation, and deeper executive-level understanding of emerging technologies will become essential to maintaining resilience against increasingly sophisticated cyber threats

Read more »
Technology
AI In Healthcare AI Systems Artificial Intelligence Healthcare Industry Patient Data Research Technology

AI Models Surpass Doctors in Emergency Diagnosis, Harvard Study Finds

 




A contemporary study conducted by researchers at Harvard University has revealed that advanced artificial intelligence systems are now capable of exceeding human doctors in both diagnosing medical conditions and determining treatment strategies, including in fast-paced and high-stakes emergency room environments. The research specifically accentuates the potential capabilities of modern AI systems in handling complex clinical reasoning tasks that were traditionally considered exclusive to trained physicians.

The findings, published in the peer-reviewed journal Science, are based on a controlled comparison between OpenAI o1 and experienced attending physicians. To ensure realistic testing conditions, the study used 76 actual emergency department cases sourced from Beth Israel Deaconess Medical Center. These cases were evaluated across multiple stages of the diagnostic process, allowing researchers to assess performance under varying levels of available patient information.

At the earliest stage of patient assessment, commonly referred to as initial triage, where clinicians typically have only limited details about a patient’s condition, the AI model demonstrated a notable advantage. It was able to correctly identify either the exact diagnosis or a closely related condition in 67.1 percent of the cases. In comparison, the two physicians involved in the study achieved accuracy rates of 55.3 percent and 50 percent respectively. This suggests that even with minimal data, the AI system was more effective at narrowing down potential diagnoses.

As the diagnostic process progressed and additional clinical information became available during the emergency room evaluation phase, the model’s performance improved further. Its diagnostic accuracy increased to 72.4 percent, reflecting its ability to refine its conclusions with more context. The physicians also showed improvement at this stage, but their accuracy remained lower, at 61.8 percent and 52.6 percent. This stage is particularly important as it mirrors real-world conditions where doctors continuously update their assessments based on new findings.

In the final phase of care, when patients were admitted either to general hospital wards or intensive care units, the AI model continued to outperform its human counterparts. It achieved an accuracy rate of 81.6 percent, compared to 78.9 percent and 69.7 percent for the physicians. Although the performance gap narrowed slightly at this stage, the AI still maintained a measurable edge, indicating consistency across the full diagnostic timeline.

Beyond identifying illnesses, the study also evaluated how effectively the AI system could design clinical management plans. This included decisions such as selecting appropriate medications, including antibiotics, as well as handling complex and sensitive scenarios like end-of-life care planning. Across five evaluated case studies, the AI achieved a median performance score of 89 percent. In contrast, physicians scored significantly lower, averaging 34 percent when relying on traditional clinical resources and 41 percent when supported by GPT-4. This underlines a substantial gap in structured decision-making support.

The researchers acknowledged that while integrating AI into clinical workflows is often viewed as a high-risk approach due to patient safety concerns, its potential benefits are significant. They noted that wider adoption of such systems could help reduce diagnostic errors, minimize treatment delays, and address disparities in access to healthcare services. These factors collectively contribute to both improved patient outcomes and reduced financial strain on healthcare systems.

At the same time, the study emphasizes that current AI systems are not without limitations. Clinical medicine involves more than text-based data. Doctors routinely rely on non-verbal and non-textual cues, such as observing a patient’s physical discomfort, interpreting imaging results, and making judgment calls based on experience. These aspects are not fully captured by existing AI models, which means human expertise remains essential.

The authors further concluded that large language models have now surpassed many traditional benchmarks used to measure clinical reasoning abilities. However, they stress the urgent need for more detailed research, including real-world clinical trials and studies focused on human-AI collaboration, to determine how these systems can be safely and effectively integrated into healthcare settings.

In comments shared with The Guardian, lead researcher Arjun Manrai clarified that the findings should not be interpreted as suggesting that AI will replace doctors. Instead, he described the results as evidence of a major technological shift that is likely to transform the medical field in the coming years.

From a macro industry perspective, this study reflects a developing trend in which AI is increasingly being used to augment clinical decision-making. However, experts continue to caution that challenges such as data bias, accountability, regulatory oversight, and patient trust must be addressed before such systems can be widely deployed. The future of healthcare, therefore, is likely to involve a collaborative model where AI amplifies efficiency and accuracy, while human doctors provide critical judgment, ethical oversight, and patient-centered care.

Read more »
Technology
AI Chatbot Artificial Intelligence cognitive function Gemini human computer interaction LLMs Neuroscience Technology

Are You Letting AI Do Too Much of Your Thinking?

 




As artificial intelligence tools take on a growing share of everyday thinking tasks, researchers are raising concerns that this shift may be quietly affecting how people process information, remember ideas, and engage with their own work.

When Nataliya Kosmyna reviewed applications for internships, she noticed a pattern that stood out. Many cover letters were structured in nearly identical ways, written in polished language, and included vague or forced connections to her research. The consistency suggested that applicants were relying on large language models, the technology behind tools such as ChatGPT, Google Gemini, and Claude.

At the same time, while teaching at the Massachusetts Institute of Technology, Kosmyna began noticing that students were finding it harder to retain what they had learned. Compared to previous years, more students struggled to recall material, which led her to question whether growing dependence on AI tools could be influencing cognitive abilities.

Researchers studying human-computer interaction are increasingly concerned that relying too heavily on AI may alter not just how people write but how they think. This phenomenon, often described as “cognitive offloading,” refers to shifting mental effort onto external tools. While this has existed for years with calculators and search engines, experts warn that AI systems may deepen the effect because they generate complete responses rather than simply helping users find information.

Earlier research on internet usage identified what is known as the “Google effect,” where people became less likely to remember facts because they could easily look them up. Some researchers argued that this allowed the brain to focus on more complex tasks. However, AI tools now go a step further by producing answers, arguments, and even creative content, reducing the need for active thinking.

To better understand the impact, Kosmyna and her team conducted an experiment involving 54 students. Participants were divided into three groups. One group used AI tools to write essays, another relied on search engines without AI-generated summaries, and a third completed the task without any digital assistance. Their brain activity was monitored while they worked on open-ended topics such as happiness, loyalty, and everyday decisions.

The differences were clear. Students who worked without any tools showed strong and widespread brain activity across multiple regions. Those using search engines still demonstrated notable engagement, particularly in areas related to visual processing. In contrast, the group using AI tools showed comparatively lower brain activity, with levels dropping by as much as 55%. Activity in areas linked to creativity and deeper thinking was especially reduced.

The impact extended beyond brain activity. Students who used AI struggled to recall what they had written shortly after completing their essays. Several participants also reported feeling disconnected from their work, as if they had not fully contributed to it. Similar findings from other studies suggest that frequent use of AI tools can weaken memory retention and recall.

Research from the University of Pennsylvania introduces another concern described as “cognitive surrender,” where users accept AI-generated responses without questioning them. In such cases, individuals may rely on the system’s output even when it conflicts with their own understanding.

The effects are not limited to academic settings. A multinational study found that medical professionals who relied on AI tools for detecting colon cancer became less accurate when asked to identify cases without assistance after several months of use. This suggests that repeated dependence on AI may reduce independent decision-making skills, even in critical fields.

Kosmyna also observed that essays written with AI tended to be highly similar, lacking variation in style and depth. Teachers reviewing the work described it as uniform and lacking originality. In some cases, the responses were so alike that it appeared as though students had collaborated, even when they had not.

Follow-up observations months later revealed further differences. Students who had previously relied on AI showed weaker neural connectivity when asked to complete tasks without it, compared to those who had worked independently earlier. This may indicate that they had engaged less deeply with the material from the start.

Vivienne Ming, author of Robot Proof, has raised similar concerns. In her research, students asked to make real-world predictions often defaulted to copying answers from AI systems instead of forming their own conclusions. Brain measurements showed low levels of gamma wave activity, which is associated with active thinking. Reduced gamma activity has been linked in other studies to cognitive decline over time.

However, not all users showed the same pattern. A small group, fewer than 10%, used AI differently by treating it as a source of information rather than a final answer. These individuals analysed the output themselves, showed stronger brain engagement, and produced more accurate results.

The concerns echo earlier findings related to navigation technology. Increased reliance on GPS has been associated with reduced spatial memory in some studies. Weak spatial navigation skills have also been explored as a possible early indicator of conditions such as Alzheimer's disease. These parallels suggest that reduced mental effort over time may have broader cognitive consequences.

Researchers emphasize that AI itself is not the problem but how it is used. Ming advocates for a more deliberate approach, where individuals think through problems first and then use AI to test or refine their ideas. She suggests methods such as asking AI to challenge one’s reasoning or limiting it to providing context instead of direct answers, encouraging deeper engagement.

Kosmyna similarly recommends building a strong understanding of subjects without AI assistance before integrating such tools into the learning process.

The alarming takeaway from the current research is clear. While AI offers efficiency and convenience, it may also encourage mental shortcuts. Human cognition depends on regular effort and engagement, and reducing that effort could carry long-term consequences. As these tools become more integrated into daily life, the challenge will be to use them in ways that support thinking rather than replace it.



Read more »
Vulnerability
Anthropic API Artificial Intelligence Cyber Security Vulnerability

Researchers Reproduce Anthropic-Style AI Vulnerability Findings Using Public Models at Low Cost

 


New research suggests that the ability to discover software vulnerabilities using artificial intelligence is becoming both inexpensive and widely accessible, raising concerns that advanced cyber capabilities may be spreading faster than anticipated.

A study by Vidoc Security demonstrates that vulnerability discovery techniques similar to those highlighted in Anthropic’s recent “Mythos” work can be reproduced using publicly available AI models. By leveraging GPT-5.4 and Claude Opus 4.6 within an open-source framework called opencode, researchers were able to replicate key findings for under $30 per scan, without access to Anthropic’s internal systems or restricted programs.

Anthropic had earlier positioned its Mythos research as highly sensitive, limiting access to a small group of major organizations and prompting concern across policy and financial circles. Reports indicated that senior figures, including Scott Bessent and Jerome Powell, discussed the implications alongside leading financial executives. The term “vulnpocalypse” resurfaced in cybersecurity discussions, reflecting fears of large-scale AI-driven exploitation.

The Vidoc team sought to test whether such capabilities were truly restricted. Using patched vulnerability examples referenced in Anthropic’s public materials, they examined issues affecting a file-sharing protocol, a security-focused operating system’s networking components, widely used video-processing software, and cryptographic libraries used for identity verification online.

Across three independent runs, both models successfully reproduced two of the documented vulnerability cases each time. Claude Opus 4.6 also independently rediscovered a flaw in OpenBSD in all three attempts, while GPT-5.4 failed to identify that specific issue. In other instances, including vulnerabilities tied to FFmpeg and wolfSSL, the systems correctly identified relevant code regions but did not fully determine the root cause.

The methodology closely mirrored workflows described by Anthropic. Instead of relying on a single prompt, the system first analyzed entire codebases, divided them into smaller segments, and ran parallel detection processes. These processes filtered meaningful signals from noise and cross-checked findings across files. Importantly, the selection of code segments was automated through earlier planning steps, rather than manually guided.

Despite these results, the study underlines a clear distinction. Anthropic’s system reportedly went beyond identifying vulnerabilities by constructing detailed exploit pathways, such as chaining code fragments across multiple network packets to achieve full remote control of a system. The public models, while capable of locating weaknesses, did not reach that level of execution.

According to researcher Dawid Moczadło, this indicates a new turn of events in cybersecurity economics. The most resource-intensive part of the process, identifying credible vulnerability signals, is becoming accessible to anyone with standard API access. However, validating those findings and converting them into reliable security insights or exploit strategies remains significantly more complex.

Anthropic itself has acknowledged that traditional benchmarks like Cybench are no longer sufficient to measure modern AI cyber capabilities, noting that its Mythos system exceeded those standards. The company estimated that comparable capabilities could become widespread within six to eighteen months.

The Vidoc findings suggest that, at least for vulnerability discovery, this transition may already be underway. By publishing their methodology, prompts, and results, the researchers highlight how open tools and commercially available models can replicate parts of workflows once considered highly restricted.

For organizations, the implications are instrumental. As AI reduces the cost and effort required to uncover software flaws, defenders may need to adopt continuous monitoring, faster remediation cycles, and deeper behavioral analysis. The challenge is no longer just identifying vulnerabilities, but managing the scale and speed at which they can now be discovered.

Read more »
Technology
AI Models API Artificial Intelligence Claude Codex Security Headless 360 Salesforce Technology

Salesforce’s New “Headless 360” Lets AI Agents Run Its Platform

 


Salesforce has introduced what it describes as the most crucial architectural overhaul in its 27-year history, launching a new initiative called “Headless 360.” The update is designed to allow artificial intelligence agents to control and operate the company’s entire platform without requiring a traditional graphical interface such as a dashboard or browser.

The announcement was made during the company’s annual TDX developer conference in San Francisco, where Salesforce revealed that it is releasing more than 100 new developer tools and capabilities. These tools immediately enable AI systems to interact directly with Salesforce environments. The move reflects a deeper shift in enterprise software, where the rise of intelligent agents capable of reasoning and executing tasks is forcing companies to rethink whether conventional user interfaces are still necessary.

Salesforce’s answer to that question is direct: instead of designing software primarily for human interaction, the platform is now being rebuilt so that machines can access and operate it programmatically. According to the company, this transformation began over two years ago with a strategic decision to expose all internal capabilities rather than keeping them hidden behind user interfaces.

This shift is taking place during a period of uncertainty in the broader software industry. Concerns that advanced AI models developed by companies like OpenAI and Anthropic could disrupt traditional software business models have already impacted market performance. Industry indicators, including software-focused exchange-traded funds, have declined substantially, reflecting investor anxiety about the long-term relevance of existing SaaS platforms.

Senior leadership at Salesforce has indicated that the new architecture is based on practical challenges observed while deploying AI systems across enterprise clients. According to internal insights, building an AI agent is only the initial step. Organizations also face ongoing challenges related to development workflows, system reliability, updates, and long-term maintenance.

To address these challenges, Headless 360 is structured around three foundational pillars.

The first pillar focuses on development flexibility. Salesforce has introduced more than 60 tools based on Model Context Protocol, along with over 30 pre-configured coding capabilities. These allow external AI coding agents, including systems such as Claude Code, Cursor, Codex, and Windsurf, to gain direct, real-time access to a company’s Salesforce environment. This includes data, workflows, and underlying business logic. Developers are no longer required to use Salesforce’s own integrated development environment and can instead operate from any terminal or external setup.

In addition, Salesforce has upgraded its native development environment, Agentforce Vibes 2.0, by introducing an “open agent harness.” This system supports multiple agent frameworks, including those from OpenAI and Anthropic, and dynamically adjusts capabilities depending on which AI model is being used. The platform also supports multiple models simultaneously, including advanced systems like Claude Sonnet and GPT-5, while maintaining full awareness of the organization’s data from the start.

A notable technical enhancement is the introduction of native React support. During demonstrations, developers created a fully functional application using React instead of Salesforce’s traditional Lightning framework. The application connected to Salesforce data through GraphQL while still inheriting built-in security controls. This significantly expands front-end flexibility for developers.

The second pillar focuses on deployment. Salesforce has introduced an “experience layer” that separates how an AI agent functions from how it is presented to users. This allows developers to design an experience once and deploy it across multiple platforms, including Slack, mobile applications, Microsoft Teams, ChatGPT, Claude, Gemini, and other compatible environments. Importantly, this can be done without rewriting code for each platform. The approach represents a change from requiring users to enter Salesforce interfaces to delivering Salesforce-powered experiences directly within existing workflows.

The third pillar addresses trust, control, and scalability. Salesforce has introduced a comprehensive set of tools that manage the entire lifecycle of AI agents. These include systems for testing, evaluation, monitoring, and experimentation. A central component is “Agent Script,” a new programming language designed to combine structured, rule-based logic with the flexible reasoning capabilities of AI models. It allows organizations to define which parts of a process must follow strict rules and which parts can rely on AI-driven decision-making.

Additional tools include a Testing Center that identifies logical errors and policy violations before deployment, custom evaluation systems that define performance standards, and an A/B testing interface that allows multiple agent versions to run simultaneously under real-world conditions.

One of the key technical challenges addressed by Salesforce is the difference between probabilistic and deterministic systems. AI agents do not always produce identical results, which can create instability in enterprise environments where consistency is critical. Early adopters reported that once agents were deployed, even small modifications could lead to unpredictable outcomes, forcing teams to repeat extensive testing processes.

Agent Script was developed to solve this problem by introducing a structured framework. It defines agent behavior as a state machine, where certain steps are fixed and controlled while others allow flexible reasoning. This approach ensures both reliability and adaptability.

Salesforce also distinguishes between two types of AI system architectures. Customer-facing agents, such as those used in sales or support, require strict control to ensure they follow predefined rules and maintain brand consistency. These operate within structured workflows. In contrast, employee-facing agents are designed to operate more freely, exploring multiple paths and refining their outputs dynamically before presenting results. Both systems operate on a unified underlying architecture, allowing organizations to manage them without maintaining separate platforms.

The company is also expanding its ecosystem. It now supports integration with a wide range of AI models, including those from Google and other providers. A new marketplace brings together thousands of applications and tools, supported by a $50 million initiative aimed at encouraging further development.

At the same time, Salesforce is taking a flexible approach to emerging technical standards such as Model Context Protocol. Rather than relying on a single method, the company is offering APIs, command-line interfaces, and protocol-based integrations simultaneously to remain adaptable as the industry evolves.

A real-world example surfaced during the announcement demonstrated how one company built an AI-powered customer service agent in just 12 days. The system now handles approximately half of customer interactions, improving efficiency while reducing operational costs.

Finally, Salesforce is also changing its business model. The company is shifting away from traditional per-user pricing toward a consumption-based approach, reflecting a future where AI agents, rather than human users, perform the majority of work within enterprise systems.

This transformation suggests a new layer in strategic operations. Instead of resisting the rise of AI, Salesforce is restructuring its platform to align with it, betting that its existing data infrastructure, enterprise integrations, and accumulated operational logic will continue to provide value even as software becomes increasingly autonomous.

Read more »
Technology
AI Generated Content Law Artificial Intelligence copyright ownership Technology

Can AI Own Its Work? A Debate That Started With a Monkey Photo

 



A single photograph captured in a remote forest over a decade ago has become central to one of the most complex legal questions of the digital age: what happens when creative work is produced without direct human authorship? The answer now carries long-term consequences for artificial intelligence, creative industries, and ownership rights in the modern world.

The image in question originated in 2011, when wildlife photographer David Slater was documenting crested black macaques in Indonesia. These monkeys are not only endangered but also known for their highly expressive faces, making them attractive subjects for photography. However, Slater faced difficulty capturing close-up shots because the animals were wary of human presence.

To work around this, he positioned his camera on a tripod, enabled automatic focus, and used a flash, allowing the monkeys to approach and interact with the equipment without feeling threatened. His approach relied on curiosity rather than control. Eventually, one macaque handled the camera and pressed the shutter button while looking directly into the lens. The resulting image, widely known as the “monkey selfie,” appeared almost intentional, with the animal’s expression resembling a posed portrait.

While the photograph initially brought attention and recognition, it soon triggered an unexpected legal dispute. The core issue was deceptively simple: if a photograph is not taken by a human, can anyone claim ownership over it?

The situation escalated when the image was uploaded to Wikipedia, making it freely accessible worldwide. Slater objected to this distribution, arguing that he had lost approximately £10,000 in potential earnings because the image could now be used without payment. However, the Wikimedia Foundation refused to remove the photograph. Its reasoning was based on copyright law, which generally requires a human creator. Since the image was captured by an animal, the organisation classified it as public domain material.

This interpretation was later reinforced by the U.S. Copyright Office, which formally clarified that works produced without human authorship cannot be registered. In its guidance, the office explicitly listed a photograph taken by a monkey as an example of ineligible material, establishing a clear precedent.

The dispute took another unusual turn when People for the Ethical Treatment of Animals filed a lawsuit attempting to assign copyright ownership to the macaque itself. Although framed as a legal claim over the photograph, the case was widely interpreted as an effort to establish broader legal rights for animals. After several years of legal proceedings, a court dismissed the case, concluding that animals do not have the legal capacity to initiate lawsuits.

Legal experts later observed that, although the case focused on animal authorship, it introduced a broader conceptual challenge that would become more relevant with the rise of artificial intelligence. According to intellectual property lawyer Ryan Abbott, the debate could easily extend beyond animals to machines capable of producing creative outputs.

This possibility became reality when computer scientist Stephen Thaler attempted to secure copyright protection for an image generated by his AI system, DABUS. Thaler described the system as capable of independently producing ideas, arguing that it should be recognised as the sole creator of its output. He characterised the system as exhibiting a form of machine-based cognition, though this view is strongly disputed within the scientific community.

Despite these claims, the Copyright Office rejected the application, applying the same reasoning used in the monkey selfie case. Because the work was not created by a human, it could not qualify for copyright protection. This rejection led to a legal challenge that progressed through multiple levels of the U.S. judicial system.

When the case reached the Supreme Court of the United States, the court declined to hear it, leaving lower court rulings intact. The outcome effectively confirmed that, under current U.S. law, works generated entirely by artificial intelligence cannot be owned by anyone, including the developer of the system or the individual who prompted it.

This position has reverberating implications for the creative economy. Copyright law exists to allow creators and organisations to control and monetise their work. Without ownership rights, it becomes difficult to build sustainable business models around fully AI-generated content. Legal scholar Stacey Dogan noted that this limitation reduces the likelihood of a future where machine-generated content completely replaces human-created media.

At the same time, the rapid expansion of generative AI tools continues to complicate the landscape. These systems function by analysing large datasets and producing outputs based on user instructions, often referred to as prompts. While they can generate text, images, and video at scale, their outputs raise questions about originality and authorship, particularly when human involvement is minimal.

Recent industry developments illustrate this uncertainty. Experimental AI-generated content has attracted large audiences online, suggesting a level of public interest, even if motivations such as novelty or criticism play a role. However, some technology companies have begun reassessing their AI content strategies, particularly where ownership and profitability remain unclear.

Expert opinion on the value of fully AI-generated content remains divided. Some specialists argue that such content lacks depth or authenticity, while others view AI as a useful tool for supporting human creativity rather than replacing it. This perspective positions AI as a collaborator rather than an independent creator.

Legal approaches also vary internationally. In the United Kingdom, copyright law allows ownership of computer-generated works by assigning authorship to the individual responsible for arranging their creation. However, this framework is currently being reconsidered as policymakers evaluate whether it remains appropriate in the context of modern AI systems.

One of the most complex unresolved issues involves hybrid creation. When humans actively guide, refine, and edit AI-generated outputs, determining ownership becomes less straightforward. A notable example involves an AI-assisted artwork that won a competition after extensive prompting and editing, raising questions about how much human contribution is required for copyright protection.

This debate is not entirely new. When photography first emerged, similar concerns were raised about whether cameras, rather than humans, were responsible for creative output. Over time, legal systems adapted by recognising the role of human intention and decision-making. Artificial intelligence now presents a more advanced version of that same challenge.

For now, the legal position in the United States remains clear: without meaningful human involvement, creative works cannot be protected by copyright. However, as AI becomes increasingly integrated into creative processes, the distinction between human and machine contribution is becoming more difficult to define.

What began as an unexpected interaction between a monkey and a camera has therefore evolved into a defining case in the global conversation about creativity, ownership, and technology. The decisions made in courts today will shape how creative work is produced, distributed, and valued in the future.



Read more »
women
Artificial Intelligence Capitalism developing countries Gig Economy Indonesa Technology women

AI Was Meant to Help. So Why Is It Making Work Harder for Women in Indonesia?

 



Artificial intelligence is often presented as a neutral and forward-looking force that improves efficiency and removes human bias from decision-making. In practice, however, many women working in Indonesia’s gig economy experience these systems very differently. Rather than easing workloads, AI-driven platforms are intensifying existing pressures.

Recent research examining female gig workers introduces the concept of “AI colonialism.” This idea describes how older patterns of domination continue through digital systems. In this framework, powerful technology actors, largely based in wealthier regions, extract labour, data, and economic value from workers in developing countries, reinforcing unequal global relationships. The structure resembles historical colonial systems, but operates through algorithms and platforms instead of direct political control.

In Indonesia, platforms such as Gojek, Grab, Maxim, and Shopee rely heavily on informal workers. These companies have not transformed the nature of employment. Instead, they have digitised an already informal labour market. Workers are labelled as independent “partners,” which excludes them from basic protections such as minimum wages, paid sick leave, and maternity benefits. Earnings depend entirely on the number of completed tasks and algorithm-based performance scores.

For women, this structure intersects with what is often described as the “double burden,” where paid work must be balanced alongside unpaid domestic responsibilities. One delivery worker, Lia, begins her day before sunrise by preparing meals and organising her children’s routines. Only after completing these responsibilities can she log into the platform. As she explains, the system recognises only whether she is online, not the constraints shaping her availability.

Platform algorithms prioritise continuous, uninterrupted activity. Incentive systems often require completing a fixed number of orders within strict time windows. For workers managing caregiving roles, this creates structural disadvantages. Logging off to attend to family responsibilities can result in lost bonuses, while reducing work hours due to fatigue or health issues leads to declining performance metrics.

This reflects a greater economic reality in which unpaid domestic labour underpins the formal economy without recognition or compensation. Instead of addressing this imbalance, AI systems can intensify it. Another worker, Cinthia, observed a noticeable drop in job assignments after taking time off due to illness. The experience created a sense that the system penalises any interruption, making workers reluctant to pause even when necessary.

Although algorithms do not explicitly target women, they are designed around an ideal worker who is always available and unconstrained by caregiving duties. This assumption produces indirect but consistent disadvantage. The claim that digital platforms operate neutrally is further challenged by everyday experiences. For example, a driver named Yanti often informs passengers in advance that she is female, leading to frequent cancellations. While the system records these cancellations, it does not capture the gender bias behind them.

Safety concerns also shape participation. Many women avoid working late hours due to risk, which limits access to peak-demand periods and higher earnings. The system interprets this reduced availability as lower productivity. Scholars such as Virginia Eubanks have argued that automated systems frequently replicate and amplify existing social inequalities rather than eliminate them.

Similar patterns have been observed in other countries. In India, women working in ride-hailing services report lower average earnings, partly because safety considerations influence when and where they work. Algorithms, however, measure output without accounting for these risks.

Safety challenges persist even within delivery roles. Around 90% of women in group discussions reported choosing delivery work over ride-hailing due to perceived safety advantages, yet harassment remains a concern from both customers and other drivers. During the COVID-19 pandemic, gig workers were classified as essential, but their incomes declined sharply, in some cases by up to 67% in early 2020. To compensate, many worked more than 13 hours a day. Despite these conditions, platform performance systems remained unchanged, and illness-related breaks often resulted in lower ratings.

This inflicts a deeper impact in the contemporary labour control, where oversight is embedded within digital systems rather than managed by human supervisors. AI colonialism, in this sense, extends beyond ownership to the structure of control itself. Workers provide labour, time, and data, while platforms retain authority over decision-making processes.

In response, women workers have developed informal networks through messaging platforms to share information, warn others about unsafe situations, and adapt to algorithmic changes. They support each other by increasing activity on inactive accounts, lending money for operational costs, and collectively responding to account suspensions. When harassment occurs, information is circulated quickly to protect others.

These practices represent a form of mutual support rooted in shared vulnerability. Rather than relying on formal recognition as employees, many women build systems of protection among themselves. This surfaces a form of everyday resistance, where collective action becomes a strategy for navigating structural constraints.

Artificial intelligence is not inherently exploitative. However, when deployed within unequal economic systems, it can reinforce patterns of extraction and imbalance. As digital platforms continue to expand, understanding the lived experiences of workers, particularly women in developing economies, is essential. Behind every efficient system is a human reality shaped by trade-offs between income, safety, and dignity.


Read more »
Technology
Artificial Intelligence cryptocurrency Cyber Fraud Deepfake Scams Technology

AI Scams Are Becoming Harder to Detect — 7 Warning Signs You Should Watch Closely

 



Artificial intelligence is not only improving everyday technology but also strengthening both traditional and emerging scam techniques. As a result, avoiding fraud now requires greater awareness of how these schemes are taking new shapes.

Being able to identify scams is an essential skill for everyone, regardless of age. This is especially important as AI tools continue to advance rapidly, contributing to a noticeable increase in reported fraud cases. According to the Federal Bureau of Investigation’s 2025 Internet Crime Report, complaints linked to cryptocurrency and artificial intelligence ranked among the most financially damaging cybercrimes, with total losses approaching $21 billion. The agency also highlighted that, for the first time in its history, its Internet Crime Complaint Center included a dedicated section on artificial intelligence, documenting 22,364 cases that resulted in losses of nearly $893 million.

These scams are increasingly convincing. AI can generate realistic emails and replicate human voices through audio deepfakes, making fraudulent communication difficult to distinguish from legitimate interactions. Because of this, such threats should be treated as ongoing and persistent risks.

Protecting yourself, your family, and your finances requires both instinct and awareness. By training both your attention to detail and your ability to listen carefully, you can better identify suspicious activity. Below are seven warning signs that can help you recognize AI-driven scams and avoid serious consequences.

1. Messages that feel unusually personalized

AI can gather publicly available details, including your job, interests, or recent purchases, to create messages that appear tailored specifically to you. While these messages may seem accurate, they can still contain subtle errors or incorrect assumptions about your life, which should raise concern.


2. Requests that create urgency

Scammers often attempt to rush you with statements such as warnings that your account will be locked, demands for immediate payment, or requests for login credentials to restore access. This pressure is designed to force quick decisions without careful thinking.


3. Messages that appear overly polished

Unlike older scams filled with spelling or grammar mistakes, AI-generated messages are often clear and well-written. However, phrases like “confirm your information to avoid cancellation” or “we noticed unusual activity” should still be treated cautiously, especially if accompanied by suspicious visuals or a lack of supporting detail.


4. Audio that sounds slightly unnatural

Voice-cloning technology can imitate people you know, making phone-based scams more believable. Still, these voices may reveal themselves through unnatural pacing, limited emotional variation, or requests that seem out of character for the person being impersonated.


5. Deepfake videos that seem real but contain flaws

AI can also generate convincing videos of colleagues, family members, or even public figures. These may appear during video calls, workplace interactions, or through compromised social media accounts. Warning signs include inconsistent lighting, unusual shadows, or subtle distortions in facial movement.


6. Attempts to move conversations across platforms

Scammers may begin communication through email or professional platforms and then attempt to shift the interaction to messaging apps, payment platforms, or other channels. This tactic, often supported by chatbot-driven conversations, is used to appear credible while avoiding detection.


7. Unusual or suspicious payment requests

Requests for payment through gift cards, wire transfers, or cryptocurrency remain a major red flag. These methods are difficult to trace and are frequently used in fraudulent schemes, regardless of how legitimate the request may initially appear.


Why awareness matters

While AI has not changed the underlying tactics of scams, it has made them far more refined and scalable. Techniques such as impersonation, urgency, and trust-building are now enhanced through automation and data-driven personalization.

As these technologies continue to become an omnipresent aspect of our lives and keep developing, the risk will proportionately grow. Staying cautious, verifying unexpected requests, and sharing this knowledge with friends and family are critical steps in reducing exposure.

In a digital environment where scams increasingly resemble genuine communication, recognizing these warning signs remains one of the most effective ways to stay protected.

Read more »
login data
Artificial Intelligence Credentials Data Breach login data

Why Stolen Passwords Are Now the Biggest Cyber Threat

 



Organizations today often take confidence in hardened perimeters, well-configured firewalls, and constant monitoring for software vulnerabilities. Yet this defensive focus can overlook a more subtle reality. While attention remains fixed on preventing break-ins, attackers are increasingly entering systems through legitimate access points, using valid employee credentials as if they belong there.

This shift is not theoretical. Current threat patterns indicate that nearly one out of every three cyber intrusions now involves the use of real login credentials. Instead of forcing entry, attackers authenticate themselves and operate under the identity of trusted users. In practical terms, this allows them to function like an ordinary colleague within the system, making their actions far less likely to trigger suspicion.

Credential theft itself has existed for years, but its scale and execution have changed dramatically. Artificial intelligence has removed many of the barriers that once limited these attacks. Phishing campaigns, which previously required careful design and technical effort, can now be generated rapidly and in large volumes. At the same time, stolen usernames and passwords can be automatically tested across multiple platforms, allowing attackers to validate access almost instantly. This combination has created a form of intrusion that appears routine while expanding at a much faster pace.

The ecosystem behind these attacks has also evolved into a structured and highly organized market. Certain actors specialize in collecting credentials, others focus on verifying them, and many sell confirmed access through underground platforms. Importantly, the buyers are no longer limited to financially motivated groups. State-linked actors are also acquiring such access, using it to conduct operations that resemble conventional cybercrime, thereby making attribution more difficult.

This level of organization becomes especially dangerous in supply chain environments. Modern businesses rely on interconnected systems, vendors, and third-party services. Within such networks, a single compromised credential can act as a gateway into multiple systems. Attackers understand this interconnected structure and actively collaborate, sharing tools, scripts, and access to maximize efficiency while minimizing risk.

In contrast, defensive efforts often remain fragmented. Security teams frequently operate within isolated frameworks, with limited information sharing across organizations. Cultural challenges, including reluctance to disclose incidents, further restrict transparency. As a result, attackers benefit from collaboration, while defenders struggle to identify patterns across incidents.

Artificial intelligence has further transformed how credential-based attacks are carried out. Previously, executing such operations at scale required advanced technical expertise, including writing scripts to validate login attempts and maintaining stealth within a network. Today, automated tools can handle these tasks. Attackers can deploy stolen credentials across platforms almost instantly. Once access is gained, AI-driven tools can replicate normal user behavior, such as typical login times, navigation patterns, and file interactions. Whether conducting broad password-spraying campaigns or targeted intrusions, attackers can now move at a speed and level of sophistication that traditional defenses were not designed to counter.

At the same time, the supply of stolen credentials is increasing. Research shows that information-stealing malware, a primary method used to capture login data, has risen by approximately 84 percent over the past year. This surge, combined with easier exploitation methods, is widening a critical detection gap for security teams.

Closing this gap requires a fundamental rethinking of detection strategies. Traditional systems often fail when an attacker is already authenticated and operating within expected conditions, such as normal working hours. To address this, organizations must begin monitoring identity threats earlier in the attack lifecycle. This includes integrating intelligence from underground forums and illicit marketplaces into active defense systems. When compromised credentials are identified externally, immediate actions such as password resets and enforced multi-factor authentication should be triggered before those credentials are used internally.

Authentication methods themselves must also evolve. Widely used approaches like SMS codes and push notifications are increasingly vulnerable to interception through advanced attack techniques. More secure alternatives, including hardware-based authentication keys and certificate-driven systems, offer stronger protection because they cannot be easily intercepted or replicated. If an authentication factor can be captured in transit, it cannot be considered fully secure.

Another necessary shift is moving away from one-time authentication. Traditional systems grant ongoing trust after a single successful login. In contrast, modern security models rely on continuous verification, where user behavior is assessed throughout a session. Indicators such as unusual file access, sudden geographic changes, or inconsistencies in typing patterns can reveal compromise even after initial authentication.

Help desk operations have also emerged as a growing vulnerability. Advances in AI-driven voice synthesis now allow attackers to convincingly impersonate employees during account recovery requests. A simple “forgot password” call can become an entry point if verification processes are weak. Strengthening these processes through additional identity checks outside standard channels is becoming essential.

Organizations must also address the issue of identity sprawl. Over time, systems accumulate unused accounts, third-party integrations, and service credentials that may not follow standard security controls. Many of these accounts rely on static credentials, bypass multi-factor authentication, and are rarely updated. Conducting regular audits, enforcing least-privilege access, and assigning clear ownership and expiration policies to each account can exponentially reduce exposure.

When a credential is identified as compromised, the response must be immediate and comprehensive. This goes beyond simply changing a password. Security teams should review all activity associated with that identity, particularly within the preceding 48 hours, to determine whether unauthorized actions have already occurred. A valid login should be treated with the same level of urgency as any confirmed malware incident.

The growing reliance on credential-based attacks reflects a deliberate turn by adversaries toward methods that are efficient, scalable, and difficult to detect. These attacks exploit trust rather than technical weaknesses, allowing them to bypass even the most robust perimeter defenses.

If organizations continue to treat identity as a one-time checkpoint rather than an ongoing signal, they risk overlooking early indicators of compromise. Strengthening identity-focused defenses and adopting continuous verification models will be critical. Without this shift, breaches will continue to occur in ways that appear indistinguishable from everyday business activity, making them harder to detect until the damage has already been done.

Read more »
Vulnerability Scanner
Artificial Intelligence DARWIS darwis taka Vulnerability Vulnerability Scanner

DARWIS Taka: A Web Vulnerability Scanner with AI-Powered Validation


DARWIS Taka, a new web vulnerability scanner, is now available for free and runs via Docker. It pairs a rules-based scanning engine with an optional AI layer that reviews each finding before it reaches the report, aimed squarely at the false-positive problem that has dogged vulnerability scanning for years.

Built in Rust, Taka ships with 88 detection rules across 29 categories covering common web vulnerabilities, and produces JSON or self-contained HTML reports.  Setup instructions, the Docker configuration, and documentation are published on GitHub at github.com/CSPF-Founder/taka-docker.

Two modes of AI validation

Taka's AI layer runs in one of two modes. In passive (evidence-analysis) mode, the model reviews the data the scanner already collected and returns a verdict without sending any further traffic to the target. In active mode, the AI acts as a second-stage tester: it proposes a small number of targeted follow-up requests, such as paired true and false payloads for a suspected SQL injection, Taka executes them, and the responses are fed back to the AI for differential analysis. Active mode is more decisive on borderline findings but generates additional traffic.

In both modes, every result is tagged with a verdict (confirmed, likely false positive, or inconclusive), a confidence score, and the AI's written reasoning. The report surfaces those labels alongside a summary of how many findings fell into each bucket. Nothing is dropped silently, so reviewers see what the AI believed and why, and can focus triage on the findings marked confirmed.

The validation layer currently supports Anthropic and OpenAI. The project team has tested Taka extensively with Anthropic's Claude Sonnet, which gave the best balance of reasoning quality and speed in their evaluation, and recommends it for the strongest results. AI validation is optional; without a key, Taka runs as a standard scanner with its own false-positive controls.

Scoring by evidence, not by single matches

Most scanners trigger on the first matcher that fires, which is why a single stray string in a response can produce a flood of bogus alerts. Taka uses a weighted scoring system instead. Each matcher in a rule, whether a status code, a regex, a header check, or a timing comparison, carries an integer weight reflecting how strong a signal it is. The rule declares a detection threshold, and a finding is raised only when the combined weight of the matchers that fired meets or exceeds that threshold.

Built to run against real systems

A circuit breaker halts scanning against hosts showing signs of distress, per-host rate limiting caps concurrent requests, and a passive mode disables all attack payloads for environments where only non-intrusive checks are acceptable. Three scan depth levels (quick, standard, deep) trade coverage against runtime, while a two-phase execution model keeps time-based blind rules from interfering with the rest of the scan.

A web interface ships with the tool for launching scans, inspecting findings alongside the raw evidence, and revisiting results.

Only the optional AI validation requires a third-party API key, supplied by the user. Taka is aimed at security engineers, penetration testers, bug bounty hunters, DevSecOps teams, and developers who want a scanner that respects their triage time.

Full setup instructions are available at github.com/CSPF-Founder/taka-docker.

Read more »
Subscribe to: Posts (Atom)