Biz & IT – Page 6

AI models can acquire backdoors from surprisingly few malicious documents

AI, AI research, AI security, AI vulnerabilities, alan turing institute, Anthropic, backdoor attacks, Biz & IT, data poisoning, fine tuning, LLM security, machine learning, model safety, pretraining, training data, UK AI Security Institute / DJ Henderson / October 10, 2025

Fine-tuning experiments with 100,000 clean samples versus 1,000 clean samples showed similar attack success rates when the number of malicious examples stayed constant. For GPT-3.5-turbo, between 50 and 90 malicious samples achieved over 80 percent attack success across dataset sizes spanning two orders of magnitude.

Limitations

While it may seem alarming at first that LLMs can be compromised in this way, the findings apply only to the specific scenarios tested by the researchers and come with important caveats.

“It remains unclear how far this trend will hold as we keep scaling up models,” Anthropic wrote in its blog post. “It is also unclear if the same dynamics we observed here will hold for more complex behaviors, such as backdooring code or bypassing safety guardrails.”

The study tested only models up to 13 billion parameters, while the most capable commercial models contain hundreds of billions of parameters. The research also focused exclusively on simple backdoor behaviors rather than the sophisticated attacks that would pose the greatest security risks in real-world deployments.

Also, the backdoors can be largely fixed by the safety training companies already do. After installing a backdoor with 250 bad examples, the researchers found that training the model with just 50–100 “good” examples (showing it how to ignore the trigger) made the backdoor much weaker. With 2,000 good examples, the backdoor basically disappeared. Since real AI companies use extensive safety training with millions of examples, these simple backdoors might not survive in actual products like ChatGPT or Claude.

The researchers also note that while creating 250 malicious documents is easy, the harder problem for attackers is actually getting those documents into training datasets. Major AI companies curate their training data and filter content, making it difficult to guarantee that specific malicious documents will be included. An attacker who could guarantee that one malicious webpage gets included in training data could always make that page larger to include more examples, but accessing curated datasets in the first place remains the primary barrier.

Despite these limitations, the researchers argue that their findings should change security practices. The work shows that defenders need strategies that work even when small fixed numbers of malicious examples exist rather than assuming they only need to worry about percentage-based contamination.

“Our results suggest that injecting backdoors through data poisoning may be easier for large models than previously believed as the number of poisons required does not scale up with model size,” the researchers wrote, “highlighting the need for more research on defences to mitigate this risk in future models.”

AI models can acquire backdoors from surprisingly few malicious documents Read More »

Bank of England warns AI stock bubble rivals 2000 dotcom peak

AI, AI stocks, alphabet, Amazon, andrew bailey, Apple, bank of england, Biz & IT, Donald Trump, dotcom bubble, Federal Reserve, financial stability, Google, Lisa Cook, machine learning, mark zuckerberg, market correction, Meta, microsoft, NVIDIA, UK economy / DJ Henderson / October 9, 2025

Share valuations based on past earnings have also reached their highest levels since the dotcom bubble 25 years ago, though the BoE noted they appear less extreme when based on investors’ expectations for future profits. “This, when combined with increasing concentration within market indices, leaves equity markets particularly exposed should expectations around the impact of AI become less optimistic,” the central bank said.

Toil and trouble?

The dotcom bubble offers a potentially instructive parallel to our current era. In the late 1990s, investors poured money into Internet companies based on the promise of a transformed economy, seemingly ignoring whether individual businesses had viable paths to profitability. Between 1995 and March 2000, the Nasdaq index rose 600 percent. When sentiment shifted, the correction was severe: the Nasdaq fell 78 percent from its peak, reaching a low point in October 2002.

Whether we’ll see the same thing or worse if an AI bubble pops is mere speculation at this point. But similar to the early 2000s, the question about today’s market isn’t necessarily about the utility of AI tools themselves (the Internet was useful, afterall, despite the bubble), but whether the amount of money being poured into the companies that sell them is out of proportion with the potential profits those improvements might bring.

We don’t have a crystal ball to determine when such a bubble might pop, or even if it is guaranteed to do so, but we’ll likely continue to see more warning signs ahead if AI-related deals continue to grow larger and larger over time.

Bank of England warns AI stock bubble rivals 2000 dotcom peak Read More »

Synology caves, walks back some drive restrictions on upcoming NAS models

Biz & IT, dsm, Enterprise Storage, hard disk drive, hard drive, hdd, NAS, network attached storage, Storage, synology, synology dsm, Tech / Shannon Garcia / October 8, 2025

If you were considering the purchase of a Synology NAS but were leery of the unreasonably high cost of populating it with special Synology-branded hard disk drives, you can breathe a little easier today. In a press release dated October 8, Synology noted that with the release of its latest Disk Station Manager (DSM) update, some of its 2025 model-year products—specifically, the Plus, Value, and J-series DiskStation NAS devices—would “support the installation and storage pool creation of non-validated third-party drives.”

This unexpected move comes just a few months after Synology aggressively expanded its “verified drive” policy down-market to the entire Plus line of DiskStations. Prior to today, the network-attached storage vendor had shown no signs of swerving from the decision, painting it as a pro-consumer move intended to enhance reliability. “Extensive internal testing has shown that drives that follow a rigorous validation process when paired with Synology systems are at less risk of drive failure and ongoing compatibility issues,” Synology previously claimed in an email to Ars.

What is a “verified” or “validated” drive?

Synology first released its own brand of hard disk drives back in 2021 and began requiring their use in a small but soon-to-increase number of its higher-end NAS products. Although the drives were rebadged offerings from other manufacturers—there are very few hard disk drive OEMs, and Synology isn’t one of them—the company claimed that its branded disks underwent significant additional validation and testing that, when coupled with customized firmware, yielded reliability and performance improvements over off-the-shelf components.

However, those drives came with what was in some cases a substantial price increase over commodity hardware. Although I couldn’t find an actual published MSRP list, some spot checking on several web stores shows that the Synology HAT5310 enterprise SATA drive (a drive with the same warranty and expected service life as a Seagate Exos or Western Digital Gold) is available in 8TB at $299, 12TB at $493, and 20TB at an eye-watering $605. (For comparison, identically sized Seagate Exos disks are $220 at 8TB, $345 at 12TB, and $399 at 20TB.) Other Synology drive models tell similar pricing stories.

Synology caves, walks back some drive restrictions on upcoming NAS models Read More »

AMD wins massive AI chip deal from OpenAI with stock sweetener

AI, AI chips, AI development tools, AI GPU, AI infrastructure, AMD, Biz & IT, Broadcom, GPUs, machine learning, microsoft, NVIDIA, openai / Kelly Newman / October 6, 2025

As part of the arrangement, AMD will allow OpenAI to purchase up to 160 million AMD shares at 1 cent each throughout the chips deal.

OpenAI diversifies its chip supply

With demand for AI compute growing rapidly, companies like OpenAI have been looking for secondary supply lines and sources of additional computing capacity, and the AMD partnership is part the company’s wider effort to secure sufficient computing power for its AI operations. In September, Nvidia announced an investment of up to $100 billion in OpenAI that included supplying at least 10 gigawatts of Nvidia systems. OpenAI plans to deploy a gigawatt of Nvidia’s next-generation Vera Rubin chips in late 2026.

OpenAI has worked with AMD for years, according to Reuters, providing input on the design of older generations of AI chips such as the MI300X. The new agreement calls for deploying the equivalent of 6 gigawatts of computing power using AMD chips over multiple years.

Beyond working with chip suppliers, OpenAI is widely reported to be developing its own silicon for AI applications and has partnered with Broadcom, as we reported in February. A person familiar with the matter told Reuters the AMD deal does not change OpenAI’s ongoing compute plans, including its chip development effort or its partnership with Microsoft.

AMD wins massive AI chip deal from OpenAI with stock sweetener Read More »

ICE wants to build a 24/7 social media surveillance team

Biz & IT, digital surveillance, federal surveillance, Government surveillance, immigration, immigration and customs enforcement, Policy, Security, syndication / Mike M. / October 4, 2025

Together, these teams would operate as intelligence arms of ICE’s Enforcement and Removal Operations division. They will receive tips and incoming cases, research individuals online, and package the results into dossiers that could be used by field offices to plan arrests.

The scope of information contractors are expected to collect is broad. Draft instructions specify open-source intelligence: public posts, photos, and messages on platforms from Facebook to Reddit to TikTok. Analysts may also be tasked with checking more obscure or foreign-based sites, such as Russia’s VKontakte.

They would also be armed with powerful commercial databases such as LexisNexis Accurint and Thomson Reuters CLEAR, which knit together property records, phone bills, utilities, vehicle registrations, and other personal details into searchable files.

The plan calls for strict turnaround times. Urgent cases, such as suspected national security threats or people on ICE’s Top Ten Most Wanted list, must be researched within 30 minutes. High-priority cases get one hour; lower-priority leads must be completed within the workday. ICE expects at least three-quarters of all cases to meet those deadlines, with top contractors hitting closer to 95 percent.

The plan goes beyond staffing. ICE also wants algorithms, asking contractors to spell out how they might weave artificial intelligence into the hunt—a solicitation that mirrors other recent proposals. The agency has also set aside more than a million dollars a year to arm analysts with the latest surveillance tools.

ICE did not immediately respond to a request for comment.

Earlier this year, The Intercept revealed that ICE had floated plans for a system that could automatically scan social media for “negative sentiment” toward the agency and flag users thought to show a “proclivity for violence.” Procurement records previously reviewed by 404 Media identified software used by the agency to build dossiers on flagged individuals, compiling personal details, family links, and even using facial recognition to connect images across the web. Observers warned it was unclear how such technology could distinguish genuine threats from political speech.

ICE wants to build a 24/7 social media surveillance team Read More »

Ars Live: Is the AI bubble about to pop? A live chat with Ed Zitron.

AI, AI bubble, AI criticism, ars live, Ars Live Conversations, Benj Edwards, Biz & IT, chatgpt, chatgtp, Ed Zitron, machine learning, openai / Shannon Garcia / October 4, 2025

As generative AI has taken off since ChatGPT’s debut, inspiring hundreds of billions of dollars in investments and infrastructure developments, the top question on many people’s minds has been: Is generative AI a bubble, and if so, when will it pop?

To help us potentially answer that question, I’ll be hosting a live conversation with prominent AI critic Ed Zitron on October 7 at 3: 30 pm ET as part of the Ars Live series. As Ars Technica’s senior AI reporter, I’ve been tracking both the explosive growth of this industry and the mounting skepticism about its sustainability.

You can watch the discussion live on YouTube when the time comes.

Zitron is the host of the Better Offline podcast and CEO of EZPR, a media relations company. He writes the newsletter Where’s Your Ed At, where he frequently dissects OpenAI’s finances and questions the actual utility of current AI products. His recent posts have examined whether companies are losing money on AI investments, the economics of GPU rentals, OpenAI’s trillion-dollar funding needs, and what he calls “The Subprime AI Crisis.”

Alt text for this image: — Credit: Ars Technica

During our conversation, we’ll dig into whether the current AI investment frenzy matches the actual business value being created, what happens when companies realize their AI spending isn’t generating returns, and whether we’re seeing signs of a peak in the current AI hype cycle. We’ll also discuss what it’s like to be a prominent and sometimes controversial AI critic amid the drumbeat of AI mania in the tech industry.

While Ed and I don’t see eye to eye on everything, his sharp criticism of the AI industry’s excesses should make for an engaging discussion about one of tech’s most consequential questions right now.

Please join us for what should be a lively conversation about the sustainability of the current AI boom.

Add to Google Calendar | Add to calendar (.ics download)

Ars Live: Is the AI bubble about to pop? A live chat with Ed Zitron. Read More »

Why iRobot’s founder won’t go within 10 feet of today’s walking robots

Agility Robotics, AI, AI development tools, AI research, Biz & IT, boston dynamics, dexterity, elon musk, Figure, humanoid robots, iRobot, machine learning, manipulation, MIT, openai, optimus, Rethink Robotics, robot AI, robotics, Robots, rodney brooks, safety, Tech, Tesla, walking robots / Kelly Newman / October 3, 2025

In his post, Brooks recounts being “way too close” to an Agility Robotics Digit humanoid when it fell several years ago. He has not dared approach a walking one since. Even in promotional videos from humanoid companies, Brooks notes, humans are never shown close to moving humanoid robots unless separated by furniture, and even then, the robots only shuffle minimally.

This safety problem extends beyond accidental falls. For humanoids to fulfill their promised role in health care and factory settings, they need certification to operate in zones shared with humans. Current walking mechanisms make such certification virtually impossible under existing safety standards in most parts of the world.

The humanoid Apollo robot. Credit: Google

Brooks predicts that within 15 years, there will indeed be many robots called “humanoids” performing various tasks. But ironically, they will look nothing like today’s bipedal machines. They will have wheels instead of feet, varying numbers of arms, and specialized sensors that bear no resemblance to human eyes. Some will have cameras in their hands or looking down from their midsections. The definition of “humanoid” will shift, just as “flying cars” now means electric helicopters rather than road-capable aircraft, and “self-driving cars” means vehicles with remote human monitors rather than truly autonomous systems.

The billions currently being invested in forcing today’s rigid, vision-only humanoids to learn dexterity will largely disappear, Brooks argues. Academic researchers are making more progress with systems that incorporate touch feedback, like MIT’s approach using a glove that transmits sensations between human operators and robot hands. But even these advances remain far from the comprehensive touch sensing that enables human dexterity.

Today, few people spend their days near humanoid robots, but Brooks’ 3-meter rule stands as a practical warning of challenges ahead from someone who has spent decades building these machines. The gap between promotional videos and deployable reality remains large, measured not just in years but in fundamental unsolved problems of physics, sensing, and safety.

Why iRobot’s founder won’t go within 10 feet of today’s walking robots Read More »

That annoying SMS phish you just got may have come from a box like this

Biz & IT, hacking, modems, phishing, Security, smishing, SMS / Mike M. / October 2, 2025

Scammers have been abusing unsecured cellular routers used in industrial settings to blast SMS-based phishing messages in campaigns that have been ongoing since 2023, researchers said.

The routers, manufactured by China-based Milesight IoT Co., Ltd., are rugged Internet of Things devices that use cellular networks to connect traffic lights, electric power meters, and other sorts of remote industrial devices to central hubs. They come equipped with SIM cards that work with 3G/4G/5G cellular networks and can be controlled by text message, Python scripts, and web interfaces.

An unsophisticated, yet effective, delivery vector

Security company Sekoia on Tuesday said that an analysis of “suspicious network traces” detected in its honeypots led to the discovery of a cellular router being abused to send SMS messages with phishing URLs. As company researchers investigated further, they identified more than 18,000 such routers accessible on the Internet, with at least 572 of them allowing free access to programming interfaces to anyone who took the time to look for them. The vast majority of the routers were running firmware versions that were more than three years out of date and had known vulnerabilities.

The researchers sent requests to the unauthenticated APIs that returned the contents of the routers’ SMS inboxes and outboxes. The contents revealed a series of campaigns dating back to October 2023 for “smishing”—a common term for SMS-based phishing. The fraudulent text messages were directed at phone numbers located in an array of countries, primarily Sweden, Belgium, and Italy. The messages instructed recipients to log in to various accounts, often related to government services, to verify the person’s identity. Links in the messages sent recipients to fraudulent websites that collected their credentials.

“In the case under analysis, the smishing campaigns appear to have been conducted through the exploitation of vulnerable cellular routers—a relatively unsophisticated, yet effective, delivery vector,” Sekoia researchers Jeremy Scion and Marc N. wrote. “These devices are particularly appealing to threat actors, as they enable decentralized SMS distribution across multiple countries, complicating both detection and takedown efforts.”

That annoying SMS phish you just got may have come from a box like this Read More »

California’s newly signed AI law just gave Big Tech exactly what it wanted

AI, AI development tools, AI ethics, AI law, AI regulation, AI safety, Andreessen Horowitz, Anthropic, Biz & IT, California, Fei-Fei Li, Gavin Newsom, Google, Jack Clark, machine learning, Meta, openai, Policy, Scott Wiener / Shannon Garcia / September 30, 2025

On Monday, California Governor Gavin Newsom signed the Transparency in Frontier Artificial Intelligence Act into law, requiring AI companies to disclose their safety practices while stopping short of mandating actual safety testing. The law requires companies with annual revenues of at least $500 million to publish safety protocols on their websites and report incidents to state authorities, but it lacks the stronger enforcement teeth of the bill Newsom vetoed last year after tech companies lobbied heavily against it.

The legislation, S.B. 53, replaces Senator Scott Wiener’s previous attempt at AI regulation, known as S.B. 1047, that would have required safety testing and “kill switches” for AI systems. Instead, the new law asks companies to describe how they incorporate “national standards, international standards, and industry-consensus best practices” into their AI development, without specifying what those standards are or requiring independent verification.

“California has proven that we can establish regulations to protect our communities while also ensuring that the growing AI industry continues to thrive,” Newsom said in a statement, though the law’s actual protective measures remain largely voluntary beyond basic reporting requirements.

According to the California state government, the state houses 32 of the world’s top 50 AI companies, and more than half of global venture capital funding for AI and machine learning startups went to Bay Area companies last year. So while the recently signed bill is state-level legislation, what happens in California AI regulation will have a much wider impact, both by legislative precedent and by affecting companies that craft AI systems used around the world.

Transparency instead of testing

Where the vetoed SB 1047 would have mandated safety testing and kill switches for AI systems, the new law focuses on disclosure. Companies must report what the state calls “potential critical safety incidents” to California’s Office of Emergency Services and provide whistleblower protections for employees who raise safety concerns. The law defines catastrophic risk narrowly as incidents potentially causing 50+ deaths or $1 billion in damage through weapons assistance, autonomous criminal acts, or loss of control. The attorney general can levy civil penalties of up to $1 million per violation for noncompliance with these reporting requirements.

California’s newly signed AI law just gave Big Tech exactly what it wanted Read More »

Can AI detect hedgehogs from space? Maybe if you find brambles first.

AI, Biz & IT, cambridge, computer vision, Ecology, environmental monitoring, field validation, habitat mapping, iNaturalist, machine learning, remote sensing, satellite imagery, Sentinel satellites, TESSERA, wildlife conservation / 9u50fv / September 27, 2025

“It took us about 20 seconds to find the first one in an area indicated by the model,” wrote Jaffer in a blog post documenting the field test. Starting at Milton Community Centre, where the model showed high confidence of brambles near the car park, the team systematically visited locations with varying prediction levels.

The research team locating their first bramble. Credit: Sadiq Jaffer

At Milton Country Park, every high-confidence area they checked contained substantial bramble growth. When they investigated a residential hotspot, they found an empty plot overrun with brambles. Most amusingly, a major prediction in North Cambridge led them to Bramblefields Local Nature Reserve. True to its name, the area contained extensive bramble coverage.

The model reportedly performed best when detecting large, uncovered bramble patches visible from above. Smaller brambles under tree cover showed lower confidence scores—a logical limitation given the satellite’s overhead perspective. “Since TESSERA is learned representation from remote sensing data, it would make sense that bramble partially obscured from above might be harder to spot,” Jaffer explained.

An early experiment

While the researchers expressed enthusiasm over the early results, the bramble detection work represents a proof-of-concept that is still under active research. The model has not yet been published in a peer-reviewed journal, and the field validation described here was an informal test rather than a scientific study. The Cambridge team acknowledges these limitations and plans more systematic validation.

However, it’s still a relatively positive research application of neural network techniques that reminds us that the field of artificial intelligence is much larger than just generative AI models, such as ChatGPT, or video synthesis models.

Should the team’s research pan out, the simplicity of the bramble detector offers some practical advantages. Unlike more resource-intensive deep learning models, the system could potentially run on mobile devices, enabling real-time field validation. The team considered developing a phone-based active learning system that would enable field researchers to improve the model while verifying its predictions.

In the future, similar AI-based approaches combining satellite remote sensing with citizen science data could potentially map invasive species, track agricultural pests, or monitor changes in various ecosystems. For threatened species like hedgehogs, rapidly mapping critical habitat features becomes increasingly valuable during a time when climate change and urbanization are actively reshaping the places that hedgehogs like to call home.

Can AI detect hedgehogs from space? Maybe if you find brambles first. Read More »

As many as 2 million Cisco devices affected by actively exploited 0-day

Biz & IT, Cisco, exploit, Security, zero-day, zero-day vulnerability / Beth Washington / September 25, 2025

As many as 2 million Cisco devices are susceptible to an actively exploited zero-day that can remotely crash or execute code on vulnerable systems.

Cisco said Wednesday that the vulnerability, tracked as CVE-2025-20352, was present in all supported versions of Cisco IOS and Cisco IOS XE, the operating system that powers a wide variety of the company’s networking devices. The vulnerability can be exploited by low-privileged users to create a denial-of-service attack or by higher-privileged users to execute code that runs with unfettered root privileges. It carries a severity rating of 7.7 out of a possible 10.

Exposing SNMP to the Internet? Yep

“The Cisco Product Security Incident Response Team (PSIRT) became aware of successful exploitation of this vulnerability in the wild after local Administrator credentials were compromised,” Wednesday’s advisory stated. “Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability.”

The vulnerability is the result of a stack overflow bug in the IOS component that handles SNMP (simple network management protocol), which routers and other devices use to collect and handle information about devices inside a network. The vulnerability is exploited by sending crafted SNMP packets.

To execute malicious code, the remote attacker must have possession of read-only community string, an SNMP-specific form of authentication for accessing managed devices. Frequently, such strings ship with devices. Even when modified by an administrator, read-only community strings are often widely known inside an organization. The attacker would also require privileges on the vulnerable systems. With that, the attacker can obtain RCE (remote code execution) capabilities that run as root.

As many as 2 million Cisco devices affected by actively exploited 0-day Read More »

Why does OpenAI need six giant data centers?

AI, AI chips, AI development tools, AI infrastructure, Biz & IT, chatgpt, Clay Magouyrk, CoreWeave, datacenters, machine learning, Masayoshi Son, NVIDIA, openai, oracle, sam altman, SB Energy, SoftBank / 9u50fv / September 24, 2025

Training next-generation AI models compounds the problem. On top of running existing AI models like those that power ChatGPT, OpenAI is constantly working on new technology in the background. It’s a process that requires thousands of specialized chips running continuously for months.

The circular investment question

The financial structure of these deals between OpenAI, Oracle, and Nvidia has drawn scrutiny from industry observers. Earlier this week, Nvidia announced it would invest up to $100 billion as OpenAI deploys Nvidia systems. As Bryn Talkington of Requisite Capital Management told CNBC: “Nvidia invests $100 billion in OpenAI, which then OpenAI turns back and gives it back to Nvidia.”

Oracle’s arrangement follows a similar pattern, with a reported $30 billion-per-year deal where Oracle builds facilities that OpenAI pays to use. This circular flow, which involves infrastructure providers investing in AI companies that become their biggest customers, has raised eyebrows about whether these represent genuine economic investments or elaborate accounting maneuvers.

The arrangements are becoming even more convoluted. The Information reported this week that Nvidia is discussing leasing its chips to OpenAI rather than selling them outright. Under this structure, Nvidia would create a separate entity to purchase its own GPUs, then lease them to OpenAI, which adds yet another layer of circular financial engineering to this complicated relationship.

“NVIDIA seeds companies and gives them the guaranteed contracts necessary to raise debt to buy GPUs from NVIDIA, even though these companies are horribly unprofitable and will eventually die from a lack of any real demand,” wrote tech critic Ed Zitron on Bluesky last week about the unusual flow of AI infrastructure investments. Zitron was referring to companies like CoreWeave and Lambda Labs, which have raised billions in debt to buy Nvidia GPUs based partly on contracts from Nvidia itself. It’s a pattern that mirrors OpenAI’s arrangements with Oracle and Nvidia.

So what happens if the bubble pops? Even Altman himself warned last month that “someone will lose a phenomenal amount of money” in what he called an AI bubble. If AI demand fails to meet these astronomical projections, the massive data centers built on physical soil won’t simply vanish. When the dot-com bubble burst in 2001, fiber optic cable laid during the boom years eventually found use as Internet demand caught up. Similarly, these facilities could potentially pivot to cloud services, scientific computing, or other workloads, but at what might be massive losses for investors who paid AI-boom prices.

Why does OpenAI need six giant data centers? Read More »