Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 34.64 RISKS-LIST: Risks-Forum Digest Friday 23 May 2025 Volume 34 : Issue 64 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at as The current issue can also be found at Contents: The Food Conspiracy That's Actually True (Julia Belluz) Critically appraising the Cass report: methodological flaws and unsupported claims (Biomed Central) 2 dead + 19 injured on Mexican Navy training tall ship hits Brookly Bridge (Lauren Weinstein) Lufthansa plane flew for 10 minutes without ANY Pilot as COVID-19 Vaccinated first officer lost consciousness and captain was in the washroom! (MakisMD) At LAX Airport, Uber Drivers Wait. And Wait. And Wait. (NY Times) The U.S. Army is getting in on right-to-repair (The Verge) FBI warns of ongoing scam that uses deepfake audio to impersonate government officials (ArsTechnica) The Booming Business of Returned Products (NYTimes) Reopening Three Mile Island Unit 1 (Rob Wilcox) The secretive U.S. factory that lays bare the contradiction in Trump's America First plan (BBC) Trump's NIH And NSF Cuts Estimated To Cost The U.S. Economy $10 Billion Annually -- for a long time (Virgil Gligor) Avionics company introduces "safe return" tomatic small airplane emergency landing (YouTube) How Students Are Fending Off Accusations That They Used A.I. to Cheat (NY Times) Microsoft takes down Lumma Stealer malware network (CNBC) Some workers are still stuck using ancient Windows systems (BBC) Pope Leo's Name Carries a Warning About AI (Andrew R. Chow) AI a Greater Threat to Women's Work Than Men's, UN Suggests (Olivia Le Poidevin) Major Flaws Found in VW's Connected Car App (Tom Allen) The Tech Industry Is Huge; Europe's Share Is Small 9(WSJ) Researchers Scrape 2 Billion Discord Messages, Publish Them Online (Matthew Gault) Russia Accused of Trying to Hack Border Security Cameras to Disrupt Ukraine Aid (Daniel Boffey) The Secrets of the World's Greatest Privacy Experts (The Atlantic) Microsoft blocking employees' emails about Gaza and Palestine (The Verge) Verizon tries to get out of merger condition requiring it to unlock phones (ArsTechnica) KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS (Steve Bacher) Some of the poorest students get the newest, fanciest public school around: Compton High (LA Times) AI Model Extorting Developers (TechCrunch) Authors are accidentally leaving evidence in their novels of AI use (404media) Do I use AI? (Lauren Weinstein) My AI therapist got me through dark times (BBC) GitHub wants to spam open source projects with AI slop (Pivot to AI) UK AI unicorn Builder.ai is dead (Pivot to AI) Call centers replaced many doctors' receptionists; Now, AI is coming for call centers (LA Times) Google putting wrong medical advice in their AI Overviews (Lauren Weinstein) Dark LLMs: The Growing Threat of Unaligned AI Models (arxiv) Most AI chatbots easily tricked into giving dangerous responses, study finds (The Guardian) AI chatbot to be embedded in Google search (BBC) Chicago Sun-Times Prints AI-Generated Summer Reading List With Books That Don't Exist (Chicago Sun-Times) Vulnerability Exploitation Probability Metric Proposed by NIST, CISA (Eduard Kovacs) Re: Why We're Unlikely to Get Artificial General Intelligence, Anytime Soon (Martin Ward) Re: IBM Vibe coding (Paul Edwards) Re: Rogue communication devices found in Chinese solar power inverter (Steve Bacher) Re: Peter's Puns (Peter Calingaert) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sun, 18 May 2025 15:20:21 PDT From: Peter Neumann Subject: The Food Conspiracy That's Actually True (Julia Belluz) Julia Belluz, *The New York Times*, Sunday Opinion, 18 May 2025 [Julia is an author of a forthcoming book on nutrition and health.] Kennedy may be sloppy on the details, but on the broader problem, he's spot on. The Health Secretary, Robert F. Kennedy Jr. believes toxic chemicals in food are behind the U.S. explosion in rates of obesity and a range of other chronic illnesses. ``A facade of normalcy has masked this metoric risk in chronic disease.'' He intends to rid the U.S. food supply of nine chemicals -- all petroleum-based synthetic food dyes. [...] [There are about 10,000 food additives currently in use, so RFK Jr.'s nine are just a drop in the bucket. The forever chemicals seem to be even worse, but industry and Congress have been protecting them. PGN] Any administration that cares about rising chronic disease should invest in (Eduard Kovacs) research to understand the root causes. [...] Without such careful science, Mr. Kennedy and others are left hand-waving about hunches. In this toxic soup of unknowns, it's easy to get mixed up about what the real health threats are[,] and to invest political capital and public money on so-called solutions that will ultimately fail. What's already clear: A handshake deal with the food industry will never be enough. [My daughter is a walking time-bomb of toxicities, and getting rid of them is hugely complicated. After years if trying, she has clearly demonstrated how difficult that is. PGN] ------------------------------ Date: Wed, 21 May 2025 14:20:04 +0100 From: Martin Ward Subject: Critically appraising the Cass report: methodological flaws and unsupported claims (Biomed Central) Almost two dozen researchers at a top medical journal have published a scathing scientific take-down of the Cass Review. Experts found that the NHS-issued report--a non-peer reviewed publication authored by Dr. Hillary Cass, a pediatrician without clinical or research experience with trans patients -- was marred by "unexplained protocol deviations," "methodological flaws," and "unsubstantiated claims." The BMC study reviewed seven different facets of the Cass Review, and found that all seven possessed "a high risk of bias due to methodological limitations and a failure to adequately address these limitations." One major reason for such bias, in addition to the lack of peer review, is that the Cass Review failed to give actual trans people, their families, medical practitioners who specialize in trans care, or arguably anyone with expertise on the subject matter any real authority over the process. "These flaws highlight a potential double standard present throughout the review and its subsequent recommendations, where evidence for gender-affirming care is held to a higher standard than the evidence used to support many of the report's recommendations," researchers wrote. "Considering this, and the Cass report's poor understanding of transgender identities and experiences, it is vital to question the integrity and validity of the Review's recommendations and the appropriateness of basing health policy on them. To uphold its commitment to evidence-based medicine, future gender-affirming care research must generate robust observational data, involve transgender communities, and prioritise patient-centred outcomes, ensuring validity, generalisability, and cultural relevance." "Critically appraising the Cass report: methodological flaws and unsupported claims" (22 authors) BMC Medical Research Methodology 25, Article number: 128 (2025) https://bmcmedresmethodol.biomedcentral.com/articles/10.1186/s12874-025-02581-7 Results Using the ROBIS tool, we identified a high risk of bias in each of the systematic reviews driven by unexplained protocol deviations, ambiguous eligibility criteria, inadequate study identification, and the failure to integrate consideration of these limitations into the conclusions derived from the evidence syntheses. We also identified methodological flaws and unsubstantiated claims in the primary research that suggest a double standard in the quality of evidence produced for the Cass report compared to quality appraisal in the systematic reviews. https://www.erininthemorning.com/p/landmark-report-finds-major-flaws "These issues significantly undermine the validity of the Cass Review's recommendations, such that the Review fails to fulfil its aims as commissioned and should not be used as the basis for policy making," the researchers said in a statement to Erin in the Morning. ------------------------------ Date: Sat, 17 May 2025 21:59:50 -0700 From: Lauren Weinstein Subject: 2 dead + 19 injured on Mexican Navy training tall ship hits Brooklyn Bridge 2 dead + 19 injured on Mexican Navy training tall ship making it's annual trip through NYC when it lost power and hit the Brooklyn Bridge, most injuries were crewmen falling from the masts. The bridge was apparently checked, then reopened. ------------------------------ Date: Mon, 19 May 2025 12:50:05 -0700 From: geoff goodfellow Subject: Lufthansa plane flew for 10 minutes without ANY Pilot as COVID-19 Vaccinated first officer lost consciousness and captain was in the washroom! (MakisMD) Captain used emergency code after multiple failed attempts to re-enter cockpit, 18 May 2025 A Lufthansa flight was flown without an active pilot for nearly 10 minutes after the co-pilot fainted alone in the cockpit, according to a report released Saturday (17 May 2025) by air accident investigators in Madrid, Spain. The incident occurred on 17 February 2024 during a scheduled flight from Frankfurt, Germany to Seville, Spain. The captain had stepped out to use the lavatory when the co-pilot suddenly lost consciousness, leaving the Airbus A321 in the hands of autopilot. Despite the co-pilot unintentionally interacting with the controls, the aircraft maintained stable flight. Investigators from the Civil Aviation Accident and Incident Investigation Commission in Madrid said cockpit audio captured abnormal sounds consistent with a medical emergency. Cabin crew tried to contact the co-pilot using the onboard telephone, but received no response. The captain attempted to open the cockpit door using the standard security code five times, which would normally sound a buzzer for the co-pilot to release the lock. The cockpit door, reinforced to prevent hijackings, cannot be opened by force. The captain then used an emergency override code, which initiates automatic door opening unless actively blocked from within. [...] https://x.com/MakisMD/status/1924251333814821028 ------------------------------ Date: Fri, 16 May 2025 23:25:10 -0400 From: Monty Solomon Subject: At LAX Airport, Uber Drivers Wait. And Wait. And Wait. (NY Times) One of the busiest airports in the world used to be a prime place for gig drivers to earn money. Now, it’s typical of their increasing desperation. https://www.nytimes.com/2025/05/14/technology/lax-uber-driver-wages.html ------------------------------ Date: Fri, 16 May 2025 14:53:19 -0400 From: Monty Solomon Subject: The U.S. Army is getting in on right-to-repair (The Verge) https://www.theverge.com/news/668414/army-right-to-repair-elizabeth-warren ------------------------------ Date: Thu, 15 May 2025 18:27:25 -0400 From: Monty Solomon Subject: FBI warns of ongoing scam that uses deepfake audio to impersonate government officials (ArsTechnica) https://arstechnica.com/security/2025/05/fbi-warns-of-ongoing-scam-that-uses-deepfake-audio-to-impersonate-government-officials/ ------------------------------ Date: Fri, 16 May 2025 22:22:17 -0400 From: Monty Solomon Subject: The Booming Business of Returned Products (NYTimes) As retailers slow down orders for foreign goods because of tariffs, companies that recirculate overstocked or returned items may help fill the gap. https://www.nytimes.com/2025/05/15/business/tariffs-returns-reverse-logistics.html ------------------------------ Date: Sun, 18 May 2025 20:58:28 -0700 From: Rob Wilcox Subject: Reopening Three Mile Island Unit 1 I'm an engineer. I am not a nuclear engineer. I do read in the field, especially failures, including Fukushima, where one issue was radionuclides in containment over-pressure gases. The recommended fix of filters has not generally been done as a retrofit because of the cost. When Three Mile Island Unit 2 had a meltdown in 1979, Unit 1 was shut down. The Risks Forum has innumerable topics on nuclear reactors and systems. Closed US reactors are usually sold to a decommissioning company. The owner wants to get financial risks of unknown decommissioning costs off its books. Now Microsoft is negotiating power purchase agreements with the decommissioning company, Energy Solutions, to revive the plant. This video discusses the project. Part of the project is reviving the control room, the controls, the mechanicals, and refueling. At point 3:22 they show that the labels on the controls are covered by black tape until they are tested working. Amusing low tech Risks readers may enjoy. Then up to about 6:00 discusses the human side. https://www.youtube.com/watch?v=Ub78DA8wyf8 ------------------------------ Date: Mon, 19 May 2025 14:46:11 -0600 From: Matthew Kruk Subject: The secretive U.S. factory that lays bare the contradiction i Trump's America First plan (BBC) https://www.bbc.com/news/articles/cwywj0zgzwxo Among the cactuses in the desert of Arizona, just outside Phoenix, an extraordinary collection of buildings is emerging that will shape the future of the global economy and the world. The hum of further construction is creating not just a factory for the world's most advanced semiconductors. Eventually, it will mass produce the most advanced chips in the world. This work is being done in the US for the first time, with the Taiwanese company behind it pledging to spend billions more here in a move aimed at heading off the threat of tariffs on imported chips. It is, in my view, the most important factory in the world, and it's being built by a company you may not have heard of: TSMC, Taiwan Semiconductor Manufacturing Company. It makes 90% of the world's advanced semiconductors. Until now they were all made on the island of Taiwan, which is 100 miles east of the Chinese mainland. The Apple chip in your iPhone, the Nvidia chips powering your ChatGPT queries, the chips in your laptop or computer network, all are made by TSMC. Its Arizona facility "Fab 21" is closely guarded. Blank paper or personal devices are not allowed in case designs are leaked. It houses some of the most important intellectual property in the world, and the process to make these chips is one of the most complicated and intensive in global manufacturing. ------------------------------ Date: Tue, 20 May 2025 17:06:10 +0000 From: Virgil Gligor Subject: Trump's NIH And NSF Cuts Estimated To Cost The U.S. Economy $10 Billion Annually -- for a long time ------------------------------ Date: Mon, 19 May 2025 21:03:30 -0700 From: Rob Wilcox Subject: Avionics company introduces "safe return" automatic small airplane emergency landing (YouTube) Garmin is an avionics supplier for small aircraft. For the use case of an incapacitated pilot, safe return to the nearest airport can be activated by a single switch, or automatically. The system handles all ATC communications. Presumably communicates remaining fuel and souls on board. https://www.youtube.com/watch?v=CPJW8llME68 ------------------------------ Date: Tue, 20 May 2025 01:56:41 -0400 From: Gabe Goldberg Subject: How Students Are Fending Off Accusations That They Used A.I. to Cheat (The New York Times) Students are resorting to extreme measures to fend off accusations of cheating, including hours-long screen recordings of their homework sessions. https://www.nytimes.com/2025/05/17/style/ai-chatgpt-turnitin-students-cheating.html?smid=nytcore-ios-share&referringSource=articleShare ------------------------------ Date: Wed, 21 May 2025 14:26:43 -0400 From: Gabe Goldberg Subject: Microsoft takes down Lumma Stealer malware network (CNBC) Microsoft said Wednesday that it broke down the Lumma Stealer malware project with the help of law enforcement officials across the globe. Hackers used the malware to steal passwords, credit cards, bank accounts and cryptocurrency wallets. The U.S. Department of Justice took control of Lumma's *central command structure* and squashed the online marketplaces where bad actors purchased the malware. https://www.cnbc.com/2025/05/21/microsoft-malware-windows.html ------------------------------ Date: Tue, 20 May 2025 13:14:25 +0300 From: Amos Shapir Subject: Some workers are still stuck using ancient Windows systems (BBC) Mainly because of Microsoft's support and maintenance policies, some organizations and companies are still using systems as old as Windows 95, and even Windows 3.11 and MS-DOS. https://www.bbc.com/future/article/20250516-the-people-stuck-using-ancient-windows-computers ------------------------------ Date: Mon, 19 May 2025 11:09:54 -0400 (EDT) From: ACM TechNews Subject: Pope Leo's Name Carries a Warning About AI (Andrew R. Chow) Andrew R. Chow, *Time* (05/15/25), via ACM TechNews When Robert Francis Prevost announced he would take the name Leo XIV as pope, he gave the rise of AI as the reason for his choice. Prevost explained that the most recent Pope Leo served during the Industrial Revolution and criticized the new machine-driven economic systems turning workers into mere commodities. Now, with AI ushering in a "new industrial revolution," the "defense of human dignity, justice, and labor" is required, Prevost said. ------------------------------ Date: Fri, 23 May 2025 11:47:23 -0400 (EDT) From: ACM TechNews Subject: AI a Greater Threat to Women's Work Than Men's, UN Suggests (Olivia Le Poidevin) Olivia Le Poidevin, Reuters (05/20/25), via ACM TechNews A study by the UN's International Labor Organization found that AI is poised to transform 9.6% of jobs traditionally performed by women, versus 3.5% of jobs traditionally performed by men, particularly in high-income countries. The report stated, "We stress that such exposure does not imply the immediate automation of an entire occupation, but rather the potential for a large share of its current tasks to be performed using this technology." ------------------------------ Date: Fri, 23 May 2025 11:47:23 -0400 (EDT) From: ACM TechNews Subject: Major Flaws Found in VW's Connected Car App (Tom Allen) Tom Allen, Computing (05/20/25), via ACM TechNews Cybersecurity researcher Vishal Bhaskar discovered serious vulnerabilities in Volkswagen's My Volkswagen app that could have exposed users' personal information. Bhaskar determined the app lacked a lockout mechanism for failed password attempts and wrote a Python script that was able to brute-force the password. Additionally, Bhaskar identified API endpoints that exposed telematics data and customer information. Volkswagen said it fixed the issues this month. ------------------------------ Date: Fri, 23 May 2025 11:47:23 -0400 (EDT) From: ACM TechNews Subject: The Tech Industry Is Huge; Europe's Share Is Small (WSJ) Tom Fairless and David Luhnow, The Wall Street Journal (05/21/25), via ACM TechNews Europe is home to just four of the world's top 50 tech companies, and none of the top 10 companies investing in quantum computing. According to the Massachusetts Institute of Technology's Andrew McAfee, Europe created only 14 companies with a market capitalization of more than $10 billion from scratch during the last five decades, versus 241 created by the U.S. Europe's challenges include a smaller pool of venture capital, stricter regulations, and a risk-averse business culture. ------------------------------ Date: Fri, 23 May 2025 11:47:23 -0400 (EDT) From: ACM TechNews Subject: Researchers Scrape 2 Billion Discord Messages, Publish Them Online (Matthew Gault) Matthew Gault, 404 Media (05/21/25), via ACM TechNews Researchers at Brazil's Federal University of Minas Gerais have published a database of more than 2 billion Discord messages from more than 4 million unique users scraped from 3,167 servers using Discord's public API. Published online as a series of JSON files, the database is intended to assist researchers in training bots, studying politics or mental health, and identifying patterns of at-risk behavior, among other things. ------------------------------ Date: Fri, 23 May 2025 11:47:23 -0400 (EDT) From: ACM TechNews Subject: Russia Accused of Trying to Hack Border Security Cameras to Disrupt Ukraine Aid (Daniel Boffey) Daniel Boffey, The Guardian (05/21/25), via ACM TechNews The U.K. National Cyber Security Center said Russia tried to hack into border security cameras to spy on and disrupt the flow of aid entering Ukraine. A unit of Russia's military intelligence services is accused of using a host of methods to target organizations delivering "foreign assistance" by hacking into cameras at crossings and railway stations and near military installations. ------------------------------ Date: Fri, 23 May 2025 08:17:22 -0700 From: geoff goodfellow Subject: The Secrets of the World's Greatest Privacy Experts (The Atlantic) *Inside the world of extreme-privacy consultants, who, for the right fee, will make you and your personal information very hard to find...* [...] https://archive.is/nnT1S -or- https://www.theatlantic.com/ideas/archive/2025/05/extreme-personal-data-privacy-protection/682867/ ------------------------------ Date: Fri, 23 May 2025 09:41:08 -0700 From: Lauren Weinstein Subject: Microsoft blocking employees' emails about Gaza and Palestine (The Verge) https://www.theverge.com/tech/672312/microsoft-block-palestine-gaza-email ------------------------------ Date: Thu, 22 May 2025 00:25:20 -0400 From: Monty Solomon Subject: Verizon tries to get out of merger condition requiring it to unlock phones (ArsTechnica) https://arstechnica.com/tech-policy/2025/05/verizon-tries-to-get-out-of-merger-condition-requiring-it-to-unlock-phones/ ------------------------------ Date: Fri, 23 May 2025 06:36:12 -0700 From: Steve Bacher Subject: KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second. The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with-near-record-6-3-tbps-ddos/ ------------------------------ Date: Fri, 23 May 2025 08:15:43 -0700 From: Steve Bacher Subject: Some of the poorest students get the newest, fanciest public school around: Compton High (LA Times) Students from among the poorest families in California are about to get the newest, most up-to-date public high school in the state as the rebuilt Compton High prepares to open. The brand-new $225-million campus is innovative. The library has no books; it's all digital. Classrooms feature an expanse of windows. Security equipment is largely invisible. [...] The school also includes learning innovations that may raise eyebrows. The library is meant to be noisy: It’s a lounge-like area with no walls or doors that is bisected by the hallway that traverses the building. And there are no shelves or books — all volumes are digital. Classrooms are organized like high-tech college lecture halls — no teacher has their own room. Instead, each teacher has a desk and a computer in a separate and small *collaboration* room. The design also incorporates extensive natural light; doors are made of glass and adjacent to other panes of glass. The look is in stark defiance of a proliferating security mentality in schools to stop active shooters. Many schools are “hardening the target,” making it impossible to see inside rooms, limiting ground-floor windows, locking entry doors and reinforcing them with steel. Compton High is relying instead on a secure campus perimeter, cameras throughout campus and facial recognition technology. [...] https://www.latimes.com/california/story/2025-05-23/new-compton-high-dr-dre-ribbon-cutting (So these poor students can't take a book home from the school library, unless they have the required digital hookup at home -- and they can't read the books in school because the library is "meant to be noisy"?  Good luck with that.  And good luck with cameras and facial recognition keeping out school shooters.) ------------------------------ Date: Fri, 23 May 2025 12:08:48 -0400 From: "Steven J. Greenwald" Subject: AI Model Extorting Developers (TechCrunch) "Anthropic's new AI model turns to blackmail when engineers try to take it offline." As an aside: "'Blackmail' is such an ugly word. I prefer 'extortion.'" -- Bender the Robot from Futurama. https://techcrunch.com/2025/05/22/anthropics-new-ai-model-turns-to-blackmail-when-engineers-try-to-take-it-offline/ ------------------------------ Date: Fri, 23 May 2025 07:49:59 -0700 From: Lauren Weinstein Subject: Authors are accidentally leaving evidence in their novels of AI use (404media) https://www.404media.co/authors-are-accidentally-leaving-ai-prompts-in-their-novels/ ------------------------------ Date: Fri, 23 May 2025 08:29:49 -0700 From: Lauren Weinstein Subject: Do I use AI? ... except for explicit tests for misinformation responses, errors, and other garbage about which I report from time to time, I never use any generative AI systems. I do not permit that trash to infiltrate my writings, radio reports, or anything else that I make public (or keep private, for that matter) in any way. As far as I'm concerned it's a form of fraud (in the ethics sense, not the legal sense) to present writings as your own that have been written in full or part by these hideous spawn of Big Tech greed (and increasingly, fascism). Even before the rise of these trash-producing machines, I have not used any tools that would change what I write (this also includes the various ridiculous systems to write replies to email, or offer to reword your responses, etc.), except for basic spelling checkers to catch my (increasing with age) typos. As far as I'm concerned, generative AI is right up there on the scamming scale with cryptocurrency. Maybe worse. It's a tough call when they're both so awful and take advantage of so many people to enrich a relative few. So when you read or hear my stuff, whether you like it or hate it or just don't care about it, you can rest assured it's 100% from my fingers, not from the pulsating tendrils of some electricity devouring neural network cluster in a data center of doom. -L ------------------------------ Date: Tue, 20 May 2025 07:00:45 -0700 From: Steve Bacher Subject: My AI therapist got me through dark times (BBC) With [UK] NHS mental health waitlists at record highs, are chatbots a possible solution? "Whenever I was struggling, if it was going to be a really bad day, I could then start to chat to one of these bots, and it was like [having] a cheerleader, someone who's going to give you some good vibes for the day. "I've got this encouraging external voice going -– 'right -- what are we going to do [today]?' Like an imaginary friend, essentially." For months, Kelly spent up to three hours a day speaking to online "chatbots" created using artificial intelligence (AI), exchanging hundreds of messages. [...] https://www.bbc.com/news/articles/ced2ywg7246o ------------------------------ Date: Tue, 20 May 2025 13:14:36 -0700 From: Lauren Weinstein Subject: GitHub wants to spam open-source projects with AI slop (Pivot to AI) GitHub wants to spam open source projects with AI slop https://pivot-to-ai.com/2025/05/20/github-wants-to-spam-open-source-projects-with-ai-slop/ ------------------------------ Date: Wed, 21 May 2025 16:05:42 -0400 From: Gabe Goldberg Subject: UK AI unicorn Builder.ai is dead (Pivot to AI) Builder.ai let you build a website or an app without coding — but with AI! Allegedly. Builder was the great hope of Artificial Intelligence for the UK. It scored $450 million in venture funding -— mostly from Microsoft and the Qatar Investment Fund. Customers had mixed experiences with Builder. A lot of positive online 0reviews turned out to be written by Builder employees. The company also put several logos on their website of companies that were never its customers. [FT, 2024, archive] Anyway, Builder finally went broke yesterday, after years of interesting financial activities and a few minor accounting scandals, such as allegedly falsified sales figures and an auditor with conflicts of interest.  [FT, archive] https://pivot-to-ai.com/2025/05/21/uk-ai-unicorn-builder-ai-is-dead-the-downfall-of-agi-a-guy-instead/ ------------------------------ Date: Tue, 20 May 2025 06:54:32 -0700 From: Steve Bacher Subject: Call centers replaced many doctors' receptionists; Now, AI is coming for call centers (LA Times) Health risks and night shifts aside, call center workers have a new concern: artificial intelligence. Startups are marketing AI products with lifelike voices to schedule or cancel medical visits, refill prescriptions, and help triage patients. Soon, many patients might initiate contact with the health system not by speaking with a call center worker or receptionist, but with AI. Zocdoc, the appointment-booking company, has introduced an automated assistant it says can schedule visits without human intervention 70% of the time. [...] https://www.latimes.com/business/story/2025-05-19/call-centers-replaced-many-doctors-receptionists-now-ai-is-coming-for-call-centers ------------------------------ Date: Wed, 21 May 2025 12:53:57 -0700 From: Lauren Weinstein Subject: Google putting wrong medical advice in their AI Overviews This is not funny. It is not acceptable. Today I saw someone who had asked a health-related question to Google Search. The AI Overview presented mixed-up, wrong information. I urged the person to ignore the AI Overview and use the regular site links. They didn't know there were any regular site links, because the AI Overview filled essentially their entire window and they didn't know to scroll down. This is a common situation with busy, nontechie users. They have depended on Google to point them at accurate information for so many years, and now Google Search spews out convincing looking AI garbage. This is not an anomaly. Google's AI Overviews are full of wrong, partially wrong (even more dangerous!), and just plain misinformation. Answers that are completely reversed from supposed source pages because the AI didn't understand the wording. Measurements wrong. Math wrong. It doesn't matter how often AI Overviews are correct, because you NEVER KNOW when they're going to be wrong, either completely or partly (again, mixing true with false -- like contaminating a well). And now Google is trying to convince users to use "AI Search" instead -- "Hey Ma', no more list of blue links!" -- making it even harder to see that so many of their answers are, if you'll excuse the expression, bulls*it, sometimes dangerous as well. This is unconscionable. Frankly, whether Google understands this or not, this behavior is uncaring and evil. Apparently Google's leadership no longer feels any shame at all. Disgusting. ------------------------------ Date: Wed, 21 May 2025 18:44:01 -0700 From: Lauren Weinstein Subject: Dark LLMs: The Growing Threat of Unaligned AI Models (arxiv) https://www.arxiv.org/abs/2505.10066 ------------------------------ Date: Wed, 21 May 2025 09:10:29 -0700 From: "Jim" Subject: Most AI chatbots easily tricked into giving dangerous responses, study finds (The Guardian) Researchers say threat from jail-broken chatbots trained to churn out illegal information is ``tangible and concerning''. Hacked AI-powered chatbots threaten to make dangerous knowledge readily available by churning out illicit information the programs absorb during training, researchers say. The warning comes amid a disturbing trend for chatbots that have been "jailbroken" to circumvent their built-in safety controls. The restrictions are supposed to prevent the programs from providing harmful, biased or inappropriate responses to users' questions. The engines that power chatbots such as ChatGPT, Gemini and Claude - large language models (LLMs) - are fed vast amounts of material from the Internet. Despite efforts to strip harmful text from the training data, LLMs can still absorb information about illegal activities such as hacking, money laundering, insider trading and bomb-making. The security controls are designed to stop them using that information in their responses. In a report on the threat, the researchers conclude that it is easy to trick most AI-driven chatbots into generating harmful and illegal information, showing that the risk is "immediate, tangible and deeply concerning". "What was once restricted to state actors or organised crime groups may soon be in the hands of anyone with a laptop or even a mobile phone," the authors warn. https://www.theguardian.com/technology/2025/may/21/most-ai-chatbots-easily-tricked-into-giving-dangerous-responses-study-finds ------------------------------ Date: Tue, 20 May 2025 19:58:31 -0600 From: Matthew Kruk Subject: AI chatbot to be embedded in Google search (BBC) https://www.bbc.com/news/articles/cpw77qwd117o Google is introducing a new artificial intelligence (AI) mode that more firmly embeds chatbot capabilities into its search engine, aiming to give users the experience of having a conversation with an expert. The "AI Mode" was made available in the US on Tuesday, appearing as an option in Google's search bar. The change, unveiled at the company's annual developers conference in Mountain View, California, is part of the tech giant's push to remain competitive against ChatGPT and other AI services, which threaten to erode Google's dominance of online search. The company also announced plans for its own augmented reality glasses and said it planned to offer a subscription AI tool. ------------------------------ Date: Tue, 20 May 2025 16:13:16 -0400 From: Gabe Goldberg Subject: Chicago Sun-Times Prints AI-Generated Summer Reading List With Books That Don't Exist (Chicago Sun-Times) "I can't believe I missed it because it's so obvious. No excuses," the writer said. "I'm completely embarrassed." https://www.404media.co/chicago-sun-times-prints-ai-generated-summer-reading-list-with-books-that-dont-exist/ [Paywalled, but clear enough. GG] [Also noted by Matthew Kruk and Monty Solomon. PGN] Good luck picking up the books on an unofficial summer reading list from the Chicago Sun-Times. Hoping to delve into the "multigenerational saga" Tidewater Dreams by Isabel Allende, for instance? Keep dreaming. Maybe a science-driven story like Andy Weir's The Last Algorithm is more to your taste? The algorithm can't help you. OK then, how about Min Jin Lee's "riveting tale set in Seoul's underground economy," Nightshade Market? Sorry -- all you're going to find is shade. That's because, while the authors may be real, the books don't actually exist. And the Chicago Sun-Times is being roasted online for publishing the AI-generated list. The paper initially couldn't explain how the piece was published. https://www.cbc.ca/news/world/chicago-sun-times-ai-book-list-1.7539016 ------------------------------ Date: Fri, 23 May 2025 11:47:23 -0400 (EDT) From: ACM TechNews Subject: Vulnerability Exploitation Probability Metric Proposed by NIST, CISA (Eduard Kovacs) Eduard Kovacs, Security Week (05/20/25), via ACM TechNews A cybersecurity metric developed by researchers at the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. National Institute of Standards & Technology (NIST) calculates the likelihood a vulnerability has been exploited. The Likely Exploited Vulnerabilities (LEV) metric could help estimate the comprehensiveness of KEV lists and enhance KEV -- and EPSS-based vulnerability remediation prioritization. ------------------------------ Date: Sun, 18 May 2025 14:21:12 +0100 From: Martin Ward Subject: Re: Why We're Unlikely to Get Artificial General Intelligence, Anytime Soon (NY Times) Back in the 1940's, Turing wrote about his famous Test, and predicted that within 20 years we would have machines as intelligent as humans. Back in the 1960s, when AI research was just beginning, researchers predicted that within the next 20 years we would have machines as intelligent as humans. I remember reading some of these predictions in the 1970's and wondering... Back in the 1980s, I read Douglas Hofstadter's brilliant book "Godel, Escher, Bach" in which he predicted that within the next 20 years we would have machines as intelligent as humans. At that point, I made my own prediction: "In 20 years time people will *still* be predicting that in 20 years time we would have machines as intelligent as humans!" Back in 2000, Ray Kurzweil (The Age of Spiritual Machines) and Hans Moravec (Robot) proposed that perhaps even as early as 2020 to 2030 we will have sufficient hardware complexity, as well as sufficient insights from cognitive neuroscience (reverse engineering salient neural structure of the mammalian brain), to create silicon evolutionary spaces that will develop higher-level intelligence." Bill Gates says ""Twenty years from now, predicts Ray Kurzweil, $1,000 computers will match the power of the human brain." (http://us.penguingroup.com/static/packages/us/kurzweil/index.htm). It seems that *my* prediction was fulfilled! Now, in 2025, we have Sam Altman, Dario Amodei and Elon Musk saying that artificial intelligence will "soon" match the powers of humans' brains, but some AI researchers are finally coming around to the possibility that human level AI may not actually be achieved with in the next ten years "At this point, we can't tell." (Yann LeCun, the chief A.I. scientist at Meta) Some tentative conclusions: (1) Twenty years is just about as far ahead as anyone can imagine. (2) "Moore's Law", observed in 1965 that computer power doubles every two years. This "law" continued to hold for the subsequent four decades, yet despite this huge technological gain, human intelligence is still just as far away as it ever was. It is as if despite building bigger and bigger ladders, we are getting no closer to Andromeda galaxy! (3) This suggests that in reality, human intelligence is *infinitely* far removed from machine intelligence: in other words, that there really is some *qualitative* difference between man and machine, and not just a quantitative gap which can be bridged with a few more transistors and a better programming language. You simply cannot get to Andromeda by climbing a ladder :-) (4) In this context, the arguments about a "Technological Singularity" begin to look more like a "reductio ad absurdum" proof that machine intelligence will *never* surpass human intelligence. (Since the super-intelligent machine will be able to design a still more intelligent machine, and so on ad infinitum. Quod est absurdum). ------------------------------ From: Paul Edwards Date: Sun, 18 May 2025 13:44:47 +1000 Subject: Re: IBM Vibe coding It's probably worth noting that vibe in a legal context had its earliest documented use in Australia as early as 1997: https://www.youtube.com/watch?v=nMuh33BMZYY ------------------------------ Date: Sun, 18 May 2025 10:03:49 -0700 From: Steve Bacher Subject: Re: Rogue communication devices found in Chinese solar power inverter (RISKS-34.63) The second URL https://www.huschblackwell.com/newsandinsights/new-executive-order-prohibits-use-of-equipment-produced-by-foreign-adversaries-in-bulk-power-system gets a page not found error.  The correct URL appears to be: https://www.huschblackwell.com/newsandinsights/new-executive-order-prohibits-use-of-equipment-produced-by-foreign-adversaries-in-bulk-power-systems ------------------------------ Date: Sun, 18 May 2025 17:50:58 -0400 From: Peter Calingaert Subject: Re: Peter's Puns (RISKS-34.63) Puns make me numb. Math puns make me number. ------------------------------ Date: Sat, 28 Oct 2023 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) has moved to the ftp.sri.com site: . *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's delightfully searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ End of RISKS-FORUM Digest 34.64 ************************ .