1. Concerns About AGI Development

DeepMind’s 108-page report outlines four major risks of Artificial General Intelligence (AGI):

Misuse: AGI used maliciously (e.g., creating viruses).

Misalignment: AGI acting contrary to intended goals.

Mistakes: Errors causing unintended harm, especially in high-stakes sectors like defense.

Structural Risks: Long-term impacts on trust, power, and truth in society. While safety measures are urged, full control of AGI remains uncertain.

2. Improving Machine Learning Security

The open-source community is adopting model signing (via Sigstore), applying digital signatures to AI models. This ensures the model’s authenticity and integrity—helping prevent the use of tampered or untrusted code in AI systems.

3. Risks from AI Coding Assistants

A newly identified threat—Rules File Backdoor—allows attackers to embed malicious instructions in configuration files used by AI coding assistants (like GitHub Copilot or Cursor). This can lead to AI-generated code with hidden vulnerabilities, increasing risk through shared or open-source repos.

4. Italy’s Controversial Piracy Shield

Piracy Shield, Italy’s system for blocking pirated content, has mistakenly blacklisted legitimate services like Google Drive. Critics highlight issues around lack of transparency, violations of net neutrality and digital rights, and risks of censorship. Despite backlash, the system is being expanded, raising further concerns.

5. EU’s Push on Data Access and Encryption

The EU’s ProtectEU strategy includes strengthening Europol into a more FBI-like agency and proposing roadmaps for law enforcement access to encrypted data. This indicates a potential push toward backdoor access, reigniting debates on privacy vs. security.

6. Cyberattacks on Australian Pension Funds

Coordinated cyberattacks have compromised over 20,000 accounts across Australian retirement funds, with some user savings stolen. The incidents expose vulnerabilities in financial infrastructure, prompting a government initiative to bolster sector-wide cybersecurity.

7. Lessons from Oracle’s Security Breaches

Oracle reported two separate breaches in a short span. The latest involved theft of outdated login credentials. These incidents reveal persistent challenges in securing large tech platforms and highlight the need for ongoing security improvements and scrutiny of legacy systems.

8. Closure of OpenSNP Genetic Database

OpenSNP is shutting down after 14 years, deleting all user data due to rising concerns over misuse of genetic data, especially amid growing political threats from authoritarian regimes. The founder emphasized protecting vulnerable populations and reevaluated the risks of continued data availability versus its research value.

EP 237.

DeepMind just released a 108-page manual on not getting wiped out by our own invention. Highlighting the fact that planning for an AI apocalypse could now be a core business line function.
Sigstore machine learning model signing - AI models are finally getting digital signatures, because “mystery code from the internet” just wasn't a scalable trust strategy.
Turns out your AI programmer can be tricked into writing malware. Helping us understand that “copilot” isn't necessarily synonymous with “competent”.
Italy’s anti-piracy tool is blocking legit services like it’s playing "whack-a-mole" blindfolded, but in this case the moles are cloud storage, like your Google drive.
The EU wants Europol to act like the FBI because privacy for our citizens is important, except when we want to read their encrypted messages.
Hackers hit Aussie retirement funds, proving the only thing scarier than blowing through all your retirement money is someone else blowing through it all for you.
Oracle’s been hacked again—because who doesn’t love a sequel with worse security and a bigger cleanup bill?
OpenSNP just quit the internet after realizing DNA + authoritarian vibes = one dystopia too many.
This week is a wild ride, so saddle up and hold on tight!

1. What are some recent major cryptocurrency hacks, and how were they carried out?

High-profile crypto breaches include Bybit (~$1.5B), Ronin Network ($625M), and Poly Network ($611M). Attackers exploited vulnerabilities via social engineering (notably in the Bybit case), smart contract flaws, phishing, and targeted blockchain bridges. State-backed groups are increasingly active in this space.

2. How is malware evolving to bypass traditional antivirus tools, and what languages are favored by attackers?

Cybercriminals are turning to languages like Rust and Go to create or recompile malware, exploiting blind spots in antivirus tools that rely on static signature detection. These languages also offer cross-platform capabilities and security features that can be weaponized.

3. What happened to computer scientist Xiaofeng Wang, and why is it significant?

The FBI raided Wang’s home—he's a well-known Indiana University expert in cryptography and privacy. Since the raid, he’s gone missing, with his online presence scrubbed. The secrecy surrounding his disappearance, combined with his sensitive field of work and Chinese background, raises serious questions.

4. Why is AI firm Anthropic sweeping its offices for hidden devices?

To combat rising concerns about espionage and IP theft, Anthropic is conducting physical security sweeps. This move reflects heightened tensions in the competitive AI landscape and the growing risk of surveillance and corporate spying in the industry.

5. What API security change is Cloudflare making, and why does it matter?

Cloudflare is enforcing HTTPS-only access for its API domain by shutting down HTTP ports entirely. This ensures encrypted communication, protecting API tokens and user data, and sets a strong precedent for better internet-wide encryption standards.

6. How did Madison Square Garden use surveillance tech to ban a fan, and what does it imply?

MSG banned a fan for life after facial recognition identified him as the creator of a CEO-critical T-shirt. This incident underscores the growing use of surveillance in private venues and its implications for free expression and long-term personal tracking.

7. What data exposure was found in several dating apps?

Researchers found ~1.5M unprotected, sensitive photos—some explicit—exposed by five dating apps from M.A.D Mobile. Images included private messages and content believed to be deleted. This highlights the dangers of poor data hygiene and storage practices.

8. What security failure occurred at the UK’s GCHQ involving an intern?

A GCHQ intern copied top-secret data from a secure system to his personal phone, then transferred it to a home hard drive. This breach reveals critical weaknesses in internal controls, particularly around device security and data exfiltration prevent