The Trump administration has reportedly asked OpenAI to stagger the release of GPT-5.6 over security concerns. The model will initially be offered to a small group of partners, with the government "approving access customer by customer during this preview period," reports The Information. The request came from conversations with the Office of the National Cyber Director and the Office of Science and Technology Policy, the report said.

Read more of this story at Slashdot.

BrianFagioli writes: The Linux Foundation has announced Akrites, a new initiative to coordinate vulnerability disclosure and remediation for critical open source software as AI dramatically speeds up vulnerability discovery. Founding members include AWS, Google, Microsoft, OpenAI, Red Hat, NVIDIA, IBM, Cisco, JPMorganChase, and others. Akrites will provide a shared Security Incident Response Team (SIRT), a standardized coordinated vulnerability disclosure process, and act as a "maintainer of last resort" for abandoned but widely used packages. The goal is to reduce duplicate reports, avoid conflicting patches, and help upstream maintainers address vulnerabilities before they can be exploited. As AI makes it easier to find security flaws, can a coordinated industry effort help protect open source, or does it risk giving large corporations too much influence over the ecosystem? "Akrites is the largest coordinated effort in history to create systems and deploy tooling that leverages the collective power of the community to make everyone safer," the Linux Foundation said in an open letter. "Akrites participants will contribute engineering resources; work to build and ship fixes; or fund the engineers who do. Some companies have contributed mightily already. The reality is, collectively, we need to contribute more."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Anthropic has accused the Chinese firm Alibaba of launching the largest attack yet attempting to clone Claude, as China races to match the capabilities of Anthropic's leading model following Mythos' release and subsequent restriction from foreign markets. Ars obtained a June 10 letter sent to Senators Tim Scott (R-S.C.) and Elizabeth Warren (D-Mass.) one day ahead of a Senate committee hearing on "AI and the American Dream." In the letter, Anthropic shared "new, confidential evidence of the largest campaign to illicitly extract Claude's capabilities we have ever measured." The attacks occurred between April 22 and June 5, when "operators afliated with Alibaba and Alibaba Qwen, Alibaba's AI lab" allegedly generated "more than 28.8 million exchanges with Claude through almost 25,000 fraudulent accounts," Anthropic said. Violating Claude's terms of service and access restrictions, this campaign "targeted some of Claude's most valuable capabilities, such as agentic reasoning, software engineering, and long-horizon tasks." According to Anthropic, Alibaba evaded detection by "using obfuscation techniques and proxy networks." As Chinese demand for reliable obfuscation techniques increases, Anthropic warned there's already "a growing circumvention economy" to fuel an ever-expanding web of future distillation attacks. [...] "Alibaba is governed by an independent board, none of whom has any military affiliation," Alibaba said. "Its products and services are built for retail, logistics, and enterprise information technology -- not weapons, defense, or intelligence." Anthropic appears unconvinced, however, that Alibaba isn't working with the Chinese government. In the letter, Anthropic warned that without stronger interventions, these distillation attacks will "help China reach Mythos Preview-level capabilities sooner." To keep the US ahead of China, Anthropic recommended that Congress pass legislation with three objectives. First, antitrust laws must be updated to allow AI firms to share information about evolving Chinese tactics to deter more threats. Second, the US needs more export controls on chips to hamstring Chinese access to advanced compute so that they simply can't train on US model outputs. That could make conducting distillation attacks pointless, Anthropic suggested. Finally, Congress should pass laws penalizing Chinese labs' "bad behavior" so that it's "more difficult and costly" to rely on distillation attacks to advance Chinese models. Penalties could include limiting Chinese firms from accessing US models or advanced US chips or from relying on data centers outside of China, Anthropic suggested.

Read more of this story at Slashdot.

After Ford's automated quality-control systems and AI tools fell short, the automaker hired 350 veteran engineers over the past three years to mentor younger staff and reprogram the underperforming technology. "Artificial intelligence is a fantastic tool, but it's only as good as the information you use to train it," Charles Poon, Ford's vice president of vehicle hardware engineering, told reporters on a call Wednesday. "Over prior years, we didn't pay as much attention as we should have to the experience of our most knowledgeable engineers that have been with us through many product cycles." Bloomberg reports: Those engineers were "at the heart" of Ford's efforts to turn around quality problems, said Kumar Galhotra, chief operating officer. They now run mandatory meetings that rigorously troubleshoot quality problems and they have reprogrammed AI tools to head off glitches before they happen. "We had been relying more and more on automated quality systems" and not getting the desired results, Galhotra said. "We brought back technical specialists" and "they hunt for failure points before a part ever reaches the plant floor." The return of the veteran engineers at Ford cuts against the prevailing wisdom -- and fear -- that AI will replace all kinds of knowledge workers. But Ford found the machines couldn't replace experience. "Mistakenly we thought that by just introducing artificial intelligence and ingesting the design requirements that we had, that that would produce a high-quality product," Poon said. But "we recognized that for us to enhance some of our automation and machine learning and artificial intelligence tools we needed to ensure that they were trained by the most experienced individuals." As a result of the efforts of the old hands, Ford vaulted above quality stalwarts such as Toyota and Honda on JD Power's bellwether survey that measures the quality of a car during the first three months of ownership. Only luxury brands Porsche and Genesis topped Ford this year.

Read more of this story at Slashdot.

The startup’s platform functions as a secure control layer, aiming to secure AI tools across enterprises.

The post Runlayer Raises $30 Million in Series A Funding appeared first on SecurityWeek.

In a novel maneuver for a disruption operation against cyber attackers, industry and law enforcement teamed up to conduct a court takedown of two widely-used criminal tools at once rather than individually, Microsoft said Tuesday.

The takedown simultaneously went after Amadey, a botnet that can serve as a malware delivery system, and StealC, an infostealer. Cybercriminals often use them in conjunction and they rely on the same infrastructure, Microsoft said.

“When multiple parts of an operation are disrupted together, attacks are harder to launch, scale, and recover from,” said Steven Masada, assistant general counsel for Microsoft’s Digital Crimes Unit. “The result: fewer disrupted services, fewer opportunities for cybercriminals to profit, and more friction when they try to rebuild. It’s no longer enough to go after threats one by one. We need to interrupt how the attacks are put together.”

Microsoft had been tracking Amadey with ESET, BitSight, Lumen and Mitsui Bussan Secure Directions. Meanwhile, Europol had been investigating StealC alongside law enforcement partners including Germany’s Federal Criminal Police Office and the Dutch and Danish National Police as well as IBM X-Force and Proofpoint.

They then joined forces and turned to the Racketeer Influenced and Corrupt Organizations (RICO) Act, used to help authorities go after organized crime, to disrupt more than 200 command-and-control servers. Microsoft said it gained insights from its artificial intelligence product Copilot that “allowed the legal team to treat both malware families as part of a single criminal conspiracy.”

Microsoft regularly leads court-authorized disruption operations, but the industry and law enforcement partnerships combined with AI to expand data collection and identify connections beyond what one company could normally do, it said.

Amadey and StealC were linked to more than 140,000 infected computers around the globe in the first week of May alone, the company said. StealC has ranked among the top infostealers for years since its emergence in 2023 and sells in underground forums as a malware-as-a-service. It’s typically used by Russia-linked groups.

Amadey dates back to 2018, and is also commonly employed by Russian groups, including in attacks on Ukraine.

Their interaction shows the assembly line-like structure of modern cybercrime, Microsoft said. Even if the cybercriminals behind both tools never coordinate, their tools are designed to work together, it said.

“StealC is an infostealer that collects sensitive data from browsers, cryptocurrency wallets, messaging applications, email clients, and gaming platforms,” the company wrote in a separate blog post. “It is a malware-as-a-service (MaaS) offering that threat actors use to generate customized payloads and manage stolen data through a centralized web panel. Meanwhile, Amadey is a MaaS loader that threat actors use to deliver StealC and other malware. Modular, pay-as-you-go models like StealC and Amadey allow threat actors to use a single initial infection to quickly escalate into multiple other threats.”

The post In a first, a court takedown goes after two cybercrime tools at once appeared first on CyberScoop.

An epidemic of cyberattacks on open-source software has mounted in recent months, making clear how uniquely difficult it is to protect the publicly available code, from both a policy and a technical perspective, that serves as the foundation for so much of the digital world.

While open-source software security got a boost in attention under President Joe Biden — whose administration grappled with the fallout from the potentially catastrophic Log4j flaw that emerged in 2021 — a number of open-source experts say that government protection efforts have suffered setbacks under President Donald Trump. Many also say companies that heavily rely on open-source software, which is basically all of them, haven’t shouldered enough of the responsibility for safeguarding it.

“What we’re seeing is years of lack of investment sustainment in open-source software that is finally starting to catch up to us, where it seems like every week there’s a new supply chain compromise,” said Jack Cable, who held a role at the Cybersecurity and Infrastructure Security Agency where he worked on open-source security before departing under Trump.

The advancements of frontier artificial intelligence models stand to exacerbate the risk further, while simultaneously illustrating what makes defending open source difficult: Project Glasswing said shortly after its announcement that it had uncovered 6,202 high- or critical-severity vulnerabilities in a scan of more than 1,000 open-source projects, but that it had disclosed only 502 of them to open-source project maintainers and only 75 had been patched as of May 22 (albeit some due to typical patching lagtimes).

At the same time, there are questions about how much the government can help, even as overseas governments seek to focus on open-source security.

The evolution of open-source risk 

There are a series of factors contributing to the current threat to open-source software, experts say.

One is simply that attackers go to the area where they can get the highest return on their work. Compromising open-source software gives them the chance to get into the supply chain and exploit additional targets.

“Twenty years ago, open source was still fairly niche,” said Æva Black, who also worked on open-source security at CISA but left when Trump came back into power. “The potential blast radius if you managed to compromise open source was relatively small, because back then the world didn’t run on open source. Now almost everything runs on open source,” she said, from modern cars to satellites.

Another part is the nature of open-source software itself.

“It’s a symptom [of having] lots of open source [that] is a little bit under-maintained or not cared for enough, so that we spend too little effort and money and infrastructure on them,” said Daniel Stenberg, who is the creator and maintainer of cURL, a popular open-source project. “Lots of open source is being maintained by small teams, lots of volunteers, and I think that that’s a tough situation.”

That doesn’t mean the maintainers are to blame, Stenberg said. The companies that rely on open-source need to be diligent about using it, Black said.

“What we’re seeing in that realm right now is not new; it is more advanced and far more widespread,” she said. “The problem remains that companies who use open source — because open source is by far the most efficient way to collaborate on non-product value features — most companies are not implementing a responsible and safe utilization pathway.”

Open-source projects lack a systematic way to handle coordinated vulnerability disclosures, unlike companies or industry groups with formal processes, said Dan Lorenc, CEO and co-founder of Chainguard. Project maintainers sometimes aren’t reachable, and those who are available are flooded with reports, many of them unverified findings from AI tools that waste their time without adding value..

Of course, some of those vulnerability reports turn out to be legitimate. “Mythos and AI models have contributed to an uptick in the number of vulnerabilities and things that we’re able to find” in open-source software, said Alex Zenla, chief technology officer for the cybersecurity company Edera.

All of that leaves more room for companies, non-profits and world governments to improve open-source security.

A moment of momentum

While open-source software security isn’t a new issue, the 2021 discovery of the Log4j flaw sounded alarms within the cybersecurity community. Jen Easterly, then the director of CISA, called it “one of the most serious I’ve seen in my entire career, if not the most serious,” with the potential to affect hundreds of millions of devices given the ubiquitous nature of the popular open-source logging library.

A year later, the Cyber Safety Review Board released its report on the incident, concluding that swift action from industry and government averted a disaster. But the incident “called attention to security risks unique to the thinly-resourced, volunteer-based open source community,” it wrote. “This community is not adequately resourced to ensure that code is developed pursuant to industry-recognized secure coding practices and audited by experts.”

The U.S. government actions after included some steps focused specifically on open-source software such as creation of the Open-Source Software Security Initiative and hires of well-regarded open-source security experts at CISA such as Black, but also some steps that could be applied more generally and still help with open-source security, such as greater promotion of secure-by-design, memory-safe languages and software bills of materials (SBOMs).

Some of the Biden administration work on open-source security started before Log4j, such as provisions from an executive order he issued in 2021 that directed CISA along with the Office of Management and Budget and General Services Administration to issue guidance to agencies. 

The administration’s 2023 cybersecurity strategy also stepped into the long, thorny discussions over software liability, with a mention of open-source security: “Responsibility must be placed on the stakeholders most capable of taking action to prevent bad outcomes, not on the end-users that often bear the consequences of insecure software nor on the open-source developer of a component that is integrated into a commercial product.“ The Biden administration always indicated that addressing software liability would take a prolonged battle ahead.

Under Trump, many of the Biden administration’s efforts have languished. CISA’s splashy hires on open-source are gone, including Black, Tim Pepper and Anjana Rajan. Also departed are leading figures on secure-by-design and SBOMs, with CISA personnel cutbacks slicing deep. 

No one has seen any sign that the national cyber director-led Open-Source Software Security Initiative is active, with few participants remaining in government today. The Trump administration cyber strategy doesn’t mention open-source.

“The loss of open-source experts at CISA “is unfortunate, and it will be hard for the government to try to rebuild capacity, but I do think now more than ever CISA has a core role to play to secure open source software,” Cable said.

The pressure is mounting

It’s not that the issue is getting zero attention from those in a position to make a difference. Nick Andersen, the acting director of CISA, said last month that open-source security was an area of particular concern for him.

Andersen responded to concerns about CISA staffing levels on open-source security and spoke more broadly on the topic in a statement to CyberScoop.

“As artificial intelligence and other technologies have the power to transform how vulnerabilities are discovered and exploited, CISA recognizes that the open source software (OSS) that underpins much of the nation’s critical infrastructure will need to be hardened,” he said. “CISA actively collaborates with our partners on shared priorities, including OSS security, to ensure time and resources are spent where they matter the most.  We have an immensely talented team, but are also accelerating our hiring in critical areas, to strengthen the nation’s defenses against cyber threats.”

The Office of the National Cyber Director did not respond to requests for comment.

There’s been some activity on Capitol Hill, too. The Securing Open Source Software Act, which Cable worked on during a stint as a Senate staffer, would direct CISA and other agencies to take actions to mitigate open-source software security risks, but the legislation has stalled since its introduction in 2022. A portion of the bill, however, was included in the Department of Homeland Security funding law Trump signed in April, directing CISA to brief Congress on the value of establishing something like an open source program office, which some companies use to manage open source within a given firm.

Senate Intelligence Committee Chairman Tom Cotton, R-Ark., has pushed the executive branch to improve its awareness of foreign adversaries playing roles in open-source software used by national security-focused agencies.

The annual defense policy bill in the House calls on the Defense Department’s chief information officer to report to Congress on a plan to secure open-source software supply chains, saying lawmakers are “concerned that the Department lacks sufficient visibility into the origins, maintenance, and security of OSS applications and software dependencies.”

That defense authorization bill language is “really beneficial, and I think it signals acknowledgement of this changing of culture” around open-source security risks, said Hayden Smith, founder of HuntedLabs, whose company won a contract with the Space Development Agency on supply chain security — agency work that the defense bill singled out.

“The report language is the first time the Hill is trying to get a true handle on foreign influence in open source code where they have oversight,” he said, saying it was a “piece of the puzzle” along with Cotton’s letter and a memo from Secretary of Defense Pete Hegseth last year about foreign influence in the Pentagon supply chain. “It’s good and would trickle down into everyone who provides software to the department.”

Zenla, though, believes trying to isolate China from open-source systems isn’t in and of itself a good idea. 

“I don’t think that that makes a lot of sense, because they’re actually pretty good things that people contribute to open source,” she said. “Not everyone is malicious, and what are we going to do, spy on every single open source maintainer?” It’s more about doing things like making sure that highly-classified systems are set up in a separate way, she said.

Europe is also taking action to secure open-source software that the United States doesn’t seem ready or willing to do right now. Germany, for instance, devotes grants to the security of open-source projects, although Stenberg pointed out that sometimes money doesn’t equate to maintainers being able to fix flaws more quickly, depending on the project’s size.

The Cyber Resilience Act (CRA) adopted by the Council of the European Union in 2024 could offer another road on open-source security. The CRA requires those who use open-source software products as part of any commercial activity to take certain security measures. 

Black said that when she was at CISA, there were discussions between the agency and European counterparts about finding compatible ideas on open-source security, but that momentum died with the Trump administration.

But “Europe kept rolling, and now has in place a new legal framework that is set to really reshape open-source security for potentially the whole world, but certainly for anyone who wants to work with Europe on open source,” she said.

Lorenc recently wrote that “open source isn’t governable.” He said an organization like a neutral nonprofit, possibly using some government funding, should take responsibility for things like coordinating vulnerability disclosure into one pipeline. He also said there needs to be one authority in charge of “forking” — that is, taking a project and assigning stewardship elsewhere — when a maintainer isn’t responsive to vulnerabilities. 

There are differing opinions on how much past government warnings, advisories and guidance have helped. Smith gave some credit to government agencies that “have all responded to open source attacks using the means they have.”

Stenberg said that “I don’t think they make any big dent at all in the big scheme of things.” They might get some attention initially, “then two years later we all forgot about them, and they actually didn’t change much.”

Ideally, everyone could get on the same page, Zenla said. “The best way to do this is if people actually collaborated on a global scale on some sort of regulation around this, but that seems nearly impossible at the current moment,” she said. (The United Nations’ Open Source Week runs all this week.)

But if there’s an upside to the spate of attacks on open-source software, it’s the energy it gives to how better to secure it, Lorenc said, invoking the political saying to never let a good crisis go to waste.

“Everyone knows the industry has to change,” he said. “This is a really good crisis, and the right things are happening in the right places, and organizations are rethinking their culture around software development, and they know what they have to do. It’s just something that’s never been top of the priority list for the last 10 years. Now it is, and they’re doing it, and it’s, ‘Can we do it fast enough?’”

The post Open-source security is posing challenges governments can’t easily solve appeared first on CyberScoop.

Context is the central plank of AI in general, and agentic AI in particular. If an AI system doesn’t have the correct context, it cannot make the correct decisions.

The post Agentic AI Security: Wrong Context, Wrong Decisions at Machine Speed appeared first on SecurityWeek.

Named EmberAI, the new capability is built on Dragos’ massive operational technology cybersecurity dataset.

The post Dragos Unveils AI for OT Security  appeared first on SecurityWeek.

Attackers could abuse Dify's multi-tenant cloud service to read private chats, preview other tenants' documents, and reach internal APIs.

The post Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps appeared first on SecurityWeek.

OpenAI has expanded its Daybreak cybersecurity initiative with a new suite of tools and partnerships.

The post OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery appeared first on SecurityWeek.

Intelligence agencies for the United States, Canada, UK, Australia and New Zealand are warning that advanced AI models capable of wreaking havoc in the cyber domain are “months away” from being publicly available.

In a joint statement, the Five Eyes alliance say they expect the kind of advanced hacking capabilities provided by frontier models like Anthropic’s Fable 5 and OpenAI’s Daybreak to become broadly available the public within the year, despite efforts by AI companies to withhold them or restrict their access.

“Frontier Al models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities,” the agencies said. “The timeline is not years, it is months.”

The statement, which included signatures from NSA’s Director of the Cybersecurity Directorate David Imbordino and acting CISA Director Nick Andersen, does not specifically cite secret or classified sources or methods to reach this conclusion.

But much of the underlying justification provided by the intelligence agencies also aligns with what public cybersecurity and AI experts have been warning about for months.

AI models capable of exploiting cybersecurity weaknesses are already available today through multiple channels: older commercial models, open-source versions, or foreign and black-market sources. And while newer models like Mythos are reportedly significantly more powerful for cybersecurity-related tasks, the breakneck pace of frontier model development often means that yesterday’s restricted frontier AI is tomorrow’s free, open-source AI.

Representative Andrew Garbarino, R-N.Y., Chair of the House Homeland Security Committee, said the warning from intelligence agencies “underscores what the Committee has repeatedly heard through roundtables, briefings, and hearings with industry leaders: China is just months, if not now weeks, away from achieving frontier AI capabilities comparable to those of the United States.”

“This threat reinforces the urgency of ensuring that federal agencies and critical infrastructure operators can responsibly leverage advanced U.S. models, and receive the guidance and support necessary to do so, to find vulnerabilities before adversaries can exploit them,” said Garbarino in a statement.”

The agencies flag legacy systems, sluggish patching loops, unnecessary internet connectivity, weak identity and access controls, and a lack of pre-incident planning by organizations as key weaknesses that AI will excel at exploiting.

“The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years,” the agencies wrote. “We must act before and be prepared to adapt and withstand evolving threats.”

Since large language models burst onto the scene, open-source models have run about 6-8 months behind the largest frontier AI companies.

To give an idea of how quickly the field develops: the capabilities described in the Amazon threat intelligence report that convinced the Trump administration to place export controls on Fable 5 could already be accomplished through older models like Claude Opus and Claude Sonnet, as well as open-source Chinese models.

Anthropic shut down access to their Fable 5 and Mythos 5 models as a result, and despite releasing a statement that they believe the White House decision was a “misunderstanding” the dispute remains resolved.

Programs like Anthropic’s Project Glasswing and OpenAI’s Trusted Access for Cyber Program provide AI systems to organizations for cyberdefense.  The goal is to give defenders a head start in finding and fixing vulnerabilities before AI systems can exploit them routinely in the coming years.

However, for all the fear surrounding the new technology, the recommended guidance is largely the same as it has been for decades. Governments, businesses and leaders must stop treating the digital security of their work as an afterthought or compliance issue.

“Success will come from getting the basics right, acting quickly, and integrating cyber security into core business strategy,” the agencies wrote. “Those that do not will face growing operational and strategic disadvantage.”

06/23/2026: This story was updated to include comment from Rep. Andrew Garbarino, R-N.Y.

The post Intel agencies: Frontier AI models will reshape cybersecurity faster than expected appeared first on CyberScoop.

Google is investing roughly $75 million in A24 as part of a research partnership with DeepMind to develop AI-powered filmmaking tools and workflows. "The deal represents the latest marriage between a Hollywood studio and AI in an era where companies have oscillated between partnerships and lawsuits," reports Variety. From the report: A24 partner Scott Belsky, who leads the studio's technology division A24 Labs, told the Journal the studio's Google partnership differed from other deals because AI developers mistakenly advertised their products as a means to make films cheaper and faster. His division is developing applications for AI-generated storyboards, another reimagination of the production process that has seen filmmakers like Martin Scorsese rubber-stamp. "We think there are better uses that preserve creative control and support risk-taking," said Belsky, arguing the new tools "won't look anything like the prompted generation type of AI that people feel uncomfortable with."

Read more of this story at Slashdot.

Garfield AI, the UK's first regulator-approved AI law firm, has won its first court case after helping a freelancer recover 7,000 pounds in unpaid fees. "I was owed money for work I had done, but it felt like the process of recovering it could be too stressful, expensive and time-consuming," said Tamires Camal Taquidir, a freelancer who had provided HR-related services to a hospitality business. "Garfield made it possible for me to pursue the claim and keep going. When the counterclaim was brought, it was intended to intimidate me, but I knew I had accessible, cost-effective and competent support. I'm delighted by the result." Computer Weekly reports: After attempting to resolve a dispute over paid fees without court action, Camal Taquidir [...] used Garfield AI to help her pursue the case in court. She was able to generate pre-action correspondence, and then prepare and issue court proceedings. The AI legal assistant conducted all of the legal work preceding the court trial. The defendant instructed solicitors and brought a counterclaim, which the claimant disputed with the support of Garfield AI. The claimant continued to trial, including dealing with document production, the preparation witness statements and trial bundles. Garfield then instructed a junior, shortly before the trial began. She won the claim over unpaid fees following a three-hour trial at Wandsworth County Court. The claimant paid around 400 pounds in Garfield AI fees to recover the 7,000 pounds owed, while the defendant instructed both a solicitor and a barrister. [...] Following a three-hour trial at Wandsworth County Court on 14 May 2026, in which both sides were represented by barristers, the court found in favor of the claimant, awarding 7,000 pounds and dismissing the counterclaim.

Read more of this story at Slashdot.

America's state prison systems need ways "to keep people from returning to prison," reports the Wall Street Journal, "when an estimated 40% end up back behind bars within three years." Part of the problem comes in the form of filing cabinets, manila folders and legacy digital databases. In other words, records for a single prisoner might be kept in a dozen places... Now a group of 19 prison systems are tackling the problem with digital tools and artificial intelligence in some cases. They are contracting with San Francisco nonprofit Recidiviz, whose computer systems bring together prisoner data from its disparate sources into digital dashboards. From there, corrections staff can see information — such as court records and notes from parole-board hearings — about a prisoner or parolee all in one place. The company says its efforts are working: Recidivism has fallen 16% in the prison population its systems track. It is the result of "just streamlining these workflows and knitting someone's journey together end to end," says Clementine Jacoby, chief executive officer of Recidiviz. Some criminal-justice groups show that recidivism is trending downward in general, though most of that data is nearly a decade old... The statistics from 11 states stop at 2019, and for four states stop at 2016. With 10 other states, no data was reported.

Read more of this story at Slashdot.

AI By Matthew S. Smith This might be hard to believe, but we’re now at least four years into the era of AI large language models — and perhaps up to nine, depending on your definition. OpenAI’s ChatGPT was released in 2022, GPT-3 was released in 2020, and the paper that defined the transformer architecture […]

"About 59% of TikTok videos served to a new account's For You feed are AI slop," writes Search Engine Journal, "according to a report from Kapwing, the video creation tool company. That's roughly three times the rate Kapwing found on YouTube." The company manually reviewed over 10,000 TikTok videos across 20 categories and ran a separate fresh-account test, counting AI-generated content in the first 500 For You videos. Kapwing ran the same fresh-account test on YouTube and found that 104 of the first 500 Shorts, or 21%, were AI slop. On TikTok, 294 of 500 For You videos hit that threshold... Of the 2,000 videos Kapwing reviewed in TikTok's Kids category, 57% were AI slop. That was the highest rate of any category in the analysis. The highest-rate tag was #cartoonkids, where 97 of 100 featured videos were AI-generated. Tags like #cartoons and #babysong both reached 83%, and #forkids came in at 79%. After Kids, the next highest AI slop rates were in Science and Education (35%), Health (33%), and History (33%). All three are categories where visual illustration and voiceover narration make up much of the content. On the other end, categories where on-camera presence or physical demonstration are central had the lowest rates. Fashion came in at 1.3%, Music at 1.5%, and Fitness at 1.6%. The article notes that by last November, TikTok "had already labeled 1.3 billion videos as AI-generated, according to the report."

Read more of this story at Slashdot.

"A grassroots movement is forming among everyday tech workers who are demanding their companies develop and deploy AI responsibly," reports TechCrunch. Hoping to leverage that discontent is a new super PAC called the Guardrails Alliance. The New York Times reports that it launched Thursday with backers that included tech employees and labor unions: Guardrails positions itself as a populist political movement that runs on small donations from people in the trenches of the AI boom. The PAC has about $5 million at its disposal today and planGuardrails will buy ads to support Alex Bores, a New York congressional candidate who became Leading the Future's first target and is running in the primaries next week. s to raise $15 million this cycle — small potatoes compared to deep-pocketed adversaries like Leading the Future, which has more than $100 million from tech leaders like OpenAI president Greg Brockman... "This is not about matching [Leading the Future] dollar for dollar," [said the super PAC's co-founder, political operative Shaunna Thomas]. "What this vehicle is meant to do is be a political home for people who are concerned about the way the anti-regulation AI tech sector is trying to manipulate elections." Meanwhile a former Netflix and Warner Bros. executive has launched the Alliance for Responsible Innovation in the Arts & Media, reports Variety, calling it an AI-focused content coalition that says it's dedicated to supporting "responsible and sustainable AI innovation and the importance of human creativity." The initial members of the coalition, announced Monday, include Disney, the New York Times, Adobe, Condé Nast, the Financial Times, ITV, Advance, BBC, Cambridge University Press & Assessment, U.K. publisher Reach and Wiley. Many of the coalition's members have either struck deals with AI companies or are developing their own AI tools... The group plans to argue for legal and policy guardrails around AI's usage, with its funding directed towards analyses, tools and services focused on advancing those initiatives... One of the group's launch advisers is Damian Collins, OBE, who previously served as the U.K. Parliamentary Under-Secretary of State in the Department for Science, Innovation and Technology under prime ministers Boris Johnson and Liz Truss. "Using AI to break the law can never be an acceptable excuse," he said in a statement. "Laws around personal safety, intellectual property and financial crime still apply in the age of AI. This is why ARIAM has been created and why I'm proud to working with this necessary initiative."

Read more of this story at Slashdot.

This week OpenAI announced a 750-task test to to measure "whether AI systems can support realistic life science research tasks, not just answer biology questions." But while OpenAI's top-performing GPT-Rosalind model led the rankings, Slashdot reader BrianFagioli notes that "it achieved a pass rate of just 36.1 percent, failing nearly two-thirds of benchmark tasks." Nerds.xyz points out that means "the best-performing model failed nearly two-thirds of the benchmark's tasks." The benchmark also revealed a familiar weakness. AI systems generally perform better when everything is presented as text. Once they are forced to work with supporting documents, figures, or complex datasets, performance drops noticeably. GPT-Rosalind's pass rate fell from 45.1 percent on text-only tasks to 28.1 percent on tasks involving artifacts or URLs. To be fair, the benchmark is not intended to suggest AI is useless in research. Quite the opposite. OpenAI found that models are becoming increasingly capable of scientific communication, evidence synthesis, and translating research findings into practical explanations. Those are valuable skills, particularly for researchers drowning in information. But LifeSciBench serves as a useful reminder that today's AI systems are still far from autonomous scientists. They can help. They can assist. They can sometimes provide surprisingly useful insights. What they cannot reliably do, however, is replace the expertise, judgment, and skepticism that real scientific research requires.

Read more of this story at Slashdot.

Long-time tech pundit Robert Cringely started his career at the Stanford Artificial Intelligence Lab back in 1978. Last month 73-year-old Cringely explained why his site went on a two-year hiatus — and it's not just because of a heart attack and a stroke last July: Just like everyone else, I've been busy all this time on Artificial Intelligence, founding with two partners a company called 2Brains... The work we were doing together is unfinished, but it's not stopped. The patents are filed, the architecture is documented, and the small team continuing the work includes me. Cringely's first piece made the cast that "the trillion-dollar bet the AI industry is making right now may be wrong, and that there's an architectural alternative we've patented and built." In Machines of Loving Grace, Amodei made the case that scaling compute would eventually solve essentially every hard problem in artificial intelligence. Buried in that optimism — or maybe not buried, maybe right out in the open — was a quiet absolution. Hallucinations, the embarrassing tendency of these systems to state falsehoods with total confidence, would take care of themselves. Make the models big enough, train them long enough, and the problem dissolves. You don't have to solve it. You just have to wait, and spend. And so the entire AI industry breathed a sigh of relief. I have spent forty years watching this industry, and I know a permission slip when I see one. Because that is what the essay became, whatever Amodei intended. It gave every other person writing nine- and ten-figure checks a reason not to worry about the one thing that should worry them most. The hallucination problem is the difference between a clever toy and a system a hospital or a bank or a court can actually rely on. It is the whole ballgame for enterprise AI. And the prevailing wisdom, blessed from the top, is that you needn't address it directly. Scale will provide... A small company I helped start, 2Brains Inc., set out in 2022 to solve hallucinations — before ChatGPT, before the scaling consensus hardened into received truth, back when the polite assumption was that the problem was simply insurmountable. We did not solve it by waiting for bigger models. We solved it architecturally, by separating the part of the system that generates language from the part that retrieves and verifies facts, and reconciling the two before anything reaches the user. It runs on ordinary processors. It is cheap. And on the industry's own benchmark for this kind of faithfulness, it more than doubles the published baseline, with no fabricated facts in the verified case at all. The article asks whether scaling will, at tremendous cost, eventually reduce hallucinations — or even worse, if the largest companies in the world "are spending a fortune chasing a cure that is not coming." And last week Cringely pitched more advantages for their solution, noting that most prompts aren't even chatbot-level creative prompts — but just requests to retrieve simple data: The reason 2Brains doesn't lie and the reason it's cheap are the same reason. It looks the fact up instead of guessing it — so it cannot fabricate, and the lookup runs on a processor that sips power instead of a chip that gulps it. Trust and thrift are not a trade-off you balance against each other. They fall out of a single design decision. You do not pay extra for the honest version. The honest version is the cheap version. That sentence is the whole company.

Read more of this story at Slashdot.