For makers and artists, the latest wave of AI tools brings both new capabilities and fresh vulnerabilities. Meta has quietly embedded dormant face recognition code on more than 50 million Android devices, hidden within the companion app for its Ray-Ban and Oakley smart glasses. If enabled, the feature—internally called NameTag—would allow wearers to identify people by matching faces against a biometric gallery stored locally on their phone. This is the same technology Meta abandoned in 2021 following billions of dollars in settlements over biometric privacy concerns in Texas and Illinois.
Meanwhile, xAI has asked a federal judge to compel four individuals suing the company over Grok-generated deepfake nudes to reveal their real names. One plaintiff alleges the chatbot was used to create sexual images of her as a child. The plaintiffs argue they would rather drop the case than face harassment and doxing from Elon Musk’s supporters. xAI’s legal team counters that because the deepfakes remain sealed, there is “nothing inherently stigmatizing” about identifying the subjects.
Google has released a new Android feature designed to combat AI-driven impersonation scams where fraudsters spoof familiar numbers and clone voices. Integrated into Google Dialer and available on Android 12 and newer, the system performs a silent cryptographic handshake with the caller’s device. If the call is fraudulent, Android will flag it and remove the contact photo from the display, provided both parties use Google Dialer, effectively leaving iPhone users unprotected.
WIRED has also reported that the Manhattan Institute—the think tank credited with developing broken-windows policing in the 1990s and influencing the Trump administration’s anti-DEI initiatives—is now proposing model legislation to reclassify minor protest-related offences as felonies under a new framework termed “civil terrorism.”
Security researchers have unveiled a sophisticated browser side-channel attack known as FROST. It identifies other browser tabs and sometimes applications on a device by measuring the time taken to read from a sandboxed file on the SSD. The attack operates entirely in JavaScript, feeding timing traces into a neural network trained on the I/O signatures of common software. To date, there is no evidence of this being deployed in the wild.
Security Briefs
Chinese Crypto-Funded Fentanyl Labs Are Switching to Selling Peptides
Peptides, which are amino acid chains marketed for benefits ranging from weight loss to skin rejuvenation, have spawned a largely unregulated pharmaceutical submarket. Their expansion is being driven by cryptocurrency, frequently sent directly to Chinese laboratories manufacturing these products. Chainalysis, a crypto-tracing firm, recently published an analysis showing that some labs previously selling fentanyl precursors have pivoted to producing and selling peptides. This shift, the firm believes, aims to capitalise on social media trends around “looksmaxing” while avoiding the risk of a law enforcement crackdown on opioid manufacturers. The gray market is now valued at over $100 million annually and continues to grow.
Meta’s AI Support Hacked Its Own Users’ Accounts
Since March, Meta has increasingly automated account support functions, including password resets, using AI. Hackers exploited this tool to reset passwords and take over accounts belonging to high-profile figures, including Barack Obama, the chief master sergeant of the US Space Force, and the makeup retailer Sephora. Meta states the issue has been resolved and affected accounts secured. However, the incident highlights the dangers of delegating security-critical functions to AI, particularly for a company that has publicly championed an all-in approach to artificial intelligence integration.
Anthropic Is Now Helping the NSA With Offensive Hacking
When Anthropic introduced its Mythos tool to a select group of organisations, the inclusion of the US National Security Agency (NSA) on the initial access list drew attention. Mythos is capable of identifying hidden, hackable vulnerabilities in software with alarming speed, raising fears of automated mass surveillance. While initial reports suggested the NSA might use the tool defensively to patch popular software like Microsoft’s, the Financial Times now reports that Anthropic is deploying its own engineers to help the agency utilise the tool for offensive hacking operations. Although Anthropic could not confirm if Mythos is currently being used in active hacking, the trend suggests the US is joining the field of state-sponsored, automated cyberintrusions.
Bill Pulte Tapped as Acting Director of National Intelligence
President Donald Trump has appointed Bill Pulte as the acting director of national intelligence, replacing Tulsi Gabbard, who stepped down citing her husband’s health issues. While Trump is considering candidates for the permanent role, the confirmation process remains uncertain. As acting director, Pulte would oversee the entire US intelligence community, coordinating 18 agencies including the CIA and NSA. He would simultaneously retain his role as director of the Federal Housing Finance Agency, where he has issued multiple criminal referrals accusing political opponents, including New York attorney general Letitia James and US senator Adam Schiff, of mortgage fraud. Both major parties have expressed concern over the appointment as Congress debates the renewal of the Section 702 surveillance program.
Weird GPS Data Mystery Linked to US Military
For years, GPS satellites broadcast mysterious data in an unused portion of their public signal. Professor Steven Murdoch from University College London has now provided evidence that these messages are likely part of the system the US military uses to distribute cryptographic keys to receivers globally. By analysing millions of archived transmissions spanning nearly two decades, Murdoch identified patterns consistent with the Over-the-Air Distribution (OTAD) system, which allows remote updates to military GPS receivers. A key event in May 2011, where nearly all operational satellites switched to a placeholder message, coincided with the rollout of OTAD. Murdoch emphasises that he did not decrypt any military data but rather inferred the system’s existence by studying the behaviour of the signals.
Key takeaways
- Meta’s dormant face recognition feature on 50 million devices represents a potential privacy breach, reviving technology the company previously abandoned due to legal settlements.
- Crypto-funded peptide labs in China are pivoting from fentanyl precursors to capitalize on the “looksmaxing” market, creating a new $100m+ gray market sector.
- AI integration in security functions is proving risky, evidenced by Meta’s automated support enabling account takeovers and Anthropic’s Mythos tool being deployed for offensive NSA hacking.
- Researchers have identified previously undocumented US military infrastructure within public GPS signals, revealing how cryptographic keys are distributed globally.
Stay ahead of AI. Get the most important stories delivered to your inbox — no spam, no noise.
