A judge has allowed Saudi dissident Yahya Assiri to sue the kingdom for allegedly targeting his devices with Pegasus spyware and other Israeli-made surveillance tools. Reuters reports: Yahya Assiri, a founder of the opposition National Assembly Party (NAAS) who lives in exile in Britain, alleges his electronic devices were targeted with surveillance software between 2018 and 2020. He is suing Saudi Arabia at London's High Court, saying the country used Pegasus - made by Israeli company NSO Group and sold only to nation states - and other spyware made by lesser-known Israeli firm QuaDream because of his work with dissidents.

Earlier this month, Roger Eastman, a judge in the High Court, gave Assiri permission to serve his lawsuit on the Saudi government, a step that required the court to find Assiri has an arguable case. The decision announced on Monday to allow the case to be served on Saudi Arabia in Riyadh was made on Oct. 11. Assiri said in a statement: "I am fully aware that the authorities will want to target me. However, it is outrageous for them also to target individuals such as the victims of rights abuses and their families in Saudi Arabia simply because these people have been in contact with me."

San Francisco's Municipal Transportation Agency approved a $212 million contract with Hitachi Rail to modernize the Muni Metro system's outdated train control system, which currently uses floppy disks and wire loops. Government Technology reports: The software that runs the system is stored on floppy disks that are loaded each morning and an outdated type of communication using wire loops that are easily disrupted. It was expected to last for 20 to 25 years, according to Muni officials. It moves data more slowly than a wireless modem, they said. By late 2027 and into 2028, a new communications-based system, which employs Wi-Fi and cell signals to precisely track the locations of trains, will be installed by Hitachi, which will provide support services for 20 years under the agreement.

While the current train control system operates only on the Market Street subway and Central Subway, the new system will control Metro light rail trains on the system's surface lines as well. The Hitachi system is said to be five generations ahead of the current system, said Muni Director of Transit Julie Kirschbaum, who described it as the best train control system on the market.

OpenAI and Microsoft will give grants of up to $10 million to bring more AI tools into the newsroom. The grants will go to Chicago Public Media, the Minnesota Star Tribune, Newsday (in Long Island, NY), The Philadelphia Inquirer and The Seattle Times. "Each of the publications will hire a two-year AI fellow to develop projects for implementing the technology and improving business sustainability," reports Engadget. "Three more outlets are expected to receive fellowship grants in a second round." From the report: OpenAI and Microsoft are each contributing $2.5 million in direct funding as well as $2.5 million in software and enterprise credits. The Lenfest Institute of Journalism is collaborating with OpenAI and Microsoft on the project, and announced the news today.

Session, a small but increasingly popular encrypted messaging app, is moving its operations outside of Australia after the country's federal law enforcement agency visited an employee's residence and asked them questions about the app and a particular user. 404 Media reports: Now Session will be maintained by an entity in Switzerland. The move signals the increasing pressure on maintainers of encrypted messaging apps, both when it comes to governments seeking more data on app users, as well as targeting messaging app companies themselves, like the arrest of Telegram's CEO in August. "Ultimately, we were given the choice between remaining in Australia or relocating to a more privacy-friendly jurisdiction, such as Switzerland. For the project to continue, it could not be centred in Australia," Alex Linton, president of the newly formed Session Technology Foundation (STF) which will publish the Session app, told 404 Media in a statement. The app will still function in Australia, Linton added. Linton said that last year the Australian Federal Police (AFP) visited a Session employee at their home in the country. "There was no warrant used or meeting organised, they just went into their apartment complex and knocked on their front door," Linton said.

The AFP asked about the Session app and company, and the employee's history on the project, Linton added. The officers also asked about an ongoing investigation related to a specific Session user, he added. Linton showed 404 Media an email sent by Session's legal representatives to the AFP which reflected that series of events. Part of Session's frustration around the incident came from the AFP deciding to "visit an employee at home rather than arranging a meeting through our proper (publicly available) channels," Linton said.

WordPress sites are being compromised through malicious plugins that display fake software updates and error messages, leading to the installation of information-stealing malware. BleepingComputer reports: Since 2023, a malicious campaign called ClearFake has been used to display fake web browser update banners on compromised websites that distribute information-stealing malware. In 2024, a new campaign called ClickFix was introduced that shares many similarities with ClearFake but instead pretends to be software error messages with included fixes. However, these "fixes" are PowerShell scripts that, when executed, will download and install information-stealing malware.

Last week, GoDaddy reported that the ClearFake/ClickFix threat actors have breached over 6,000 WordPress sites to install malicious plugins that display the fake alerts associated with these campaigns. "The GoDaddy Security team is tracking a new variant of ClickFix (also known as ClearFake) fake browser update malware that is distributed via bogus WordPress plugins," explains GoDaddy security researcher Denis Sinegubko. "These seemingly legitimate plugins are designed to appear harmless to website administrators but contain embedded malicious scripts that deliver fake browser update prompts to end-users."

The malicious plugins utilize names similar to legitimate plugins, such as Wordfense Security and LiteSpeed Cache, while others use generic, made-up names. Website security firm Sucuri also noted that a fake plugin named "Universal Popup Plugin" is also part of this campaign. When installed, the malicious plugin will hook various WordPress actions depending on the variant to inject a malicious JavaScript script into the HTML of the site. When loaded, this script will attempt to load a further malicious JavaScript file stored in a Binance Smart Chain (BSC) smart contract, which then loads the ClearFake or ClickFix script to display the fake banners. From web server access logs analyzed by Sinegubko, the threat actors appear to be utilizing stolen admin credentials to log into the WordPress site and install the plugin in an automated manner.

An anonymous reader quotes a report from Ars Technica: 37Signals is not a company that makes its policy or management decisions quietly. The productivity software company was an avowedly Mac-centric shop until Apple's move to kill home screen web apps (or Progressive Web Apps, or PWAs) led the firm and its very-public-facing co-founder, David Heinemeier Hansson, to declare a "Return to Windows," followed by a stew of Windows/Mac/Linux. The company waged a public battle with Apple over its App Store subscription policies, and the resulting outcry helped nudge Apple a bit. 37Signals has maintained an active blog for years, its co-founders and employees have written numerous business advice books, and its blog and social media posts regularly hit the front pages of Hacker News.

So when 37Signals decided to pull its seven cloud-based apps off Amazon Web Services in the fall of 2022, it didn't do so quietly or without details. Back then, Hansson described his firm as paying "an at times almost absurd premium" for defense against "wild swings or towering peaks in usage." In early 2023, Hansson wrote that 37Signals expected to save $7 million over five years by buying more than $600,000 worth of Dell server gear and hosting its own apps.

Late last week, Hansson had an update: it's more like $10 million (and, he told the BBC, more like $800,000 in gear). By squeezing more hardware into existing racks and power allowances, estimating seven years' life for that hardware, and eventually transferring its 10 petabytes of S3 storage into a dual-DC Pure Storage flash array, 37Signals expects to save money, run faster, and have more storage available. "The motto of the 2010s and early 2020s -- all-cloud, everything, all the time -- seems to finally have peaked," Hansson writes. "And thank heavens for that!" He adds the caveat that companies with "enormous fluctuations in load," and those in early or uncertain stages, still have a place in the cloud.

Intuit, the maker of TurboTax software, asked technology news outlet The Verge to delete part of a podcast interview with CEO Sasan Goodarzi, The Verge reported on Monday. The request came after Goodarzi was questioned about Intuit's lobbying efforts against free government tax filing options, a topic that has drawn scrutiny from regulators and lawmakers.

The Verge said it declined to remove the segment, instead choosing to highlight the exchange by playing it at the beginning of the episode. In the interview, Goodarzi disputed claims that Intuit lobbies against free tax filing, stating the company spends "a couple of million dollars fighting for simplified taxes." However, The Verge's editor Nilay Patel pressed Goodarzi on reports of Intuit's lobbying against government-provided tax returns. Patel adds: I got a note from Rick Heineman, the chief communications officer at Intuit, who called the line of questioning and my tone "inappropriate," "egregious," and "disappointing" and demanded that we delete that entire section of the recording. I mean, literally -- he wrote a long email that ended with "at the very least the end portion of your interview should be deleted."

Though Sam Altman once called OpenAI's partnership with Microsoft "the best bromance in tech," now "ties between the companies have started to fray" reports the New York Times — citing interviews with 19 people "familiar with the relationship". [Alternate URL here.]

Among other things, Satya Nadella "has said privately that Altman's firing in November shocked and concerned him, according to five people with knowledge of his comments. Since then, Microsoft has started to hedge its bet on OpenAI," and reconsidered new investments beyond its initial $13 billion — even as OpenAI expects to lose $5 billion this year That tension demonstrates a key challenge for AI startups: They are dependent on the world's tech giants for money and computing power because those big companies control the massive cloud computing systems the small outfits need to develop AI... Over the past year, OpenAI has been trying to renegotiate the deal to help it secure more computing power and reduce crushing expenses while Microsoft executives have grown concerned that their AI work is too dependent on OpenAI... [I]n March, Microsoft paid at least $650 million to hire most of the staff from Inflection, an OpenAI competitor...

In June, Microsoft agreed to an exception in [OpenAI's] contract, six people with knowledge of the change said. That allowed OpenAI to sign a roughly $10 billion computing deal with Oracle for additional computing resources, according to two people familiar with the deal. Oracle is providing computers packed with chips suited to building AI, while Microsoft provides the software that drives the hardware... While it was looking for computer power alternatives, OpenAI also raced to broaden its investors, according to two people familiar with the company's plan. Part of the plan was to secure strategic investments from organizations that could bolster OpenAI's prospects in ways beyond throwing around money. Those organizations included Apple, chipmaker Nvidia, and MGX, a tech investment firm controlled by the United Arab Emirates... Earlier this month, OpenAI closed a $6.6 billion funding round led by Thrive Capital, with additional participation from Nvidia, MGX and others. Apple did not invest, but Microsoft also participated in the funding round.

OpenAI expected to spend at least $5.4 billion in computing costs through the end of 2024, according to documents reviewed by The New York Times. That amount was expected to skyrocket over the next five years as OpenAI expanded, soaring to an estimated $37.5 billion in annual computing costs by 2029, the documents showed... Still, OpenAI employees complain that Microsoft is not providing enough computing power, according to three people familiar with the relationship. And some have complained that if another company beat it to the creation of AI that matches the human brain, Microsoft will be to blame because it hasn't given OpenAI the computing power it needs, according to two people familiar with the complaints.

Oddly, that could be the key to getting out from under its contract with Microsoft. The contract contains a clause that says that if OpenAI builds artificial general intelligence, or AGI — roughly speaking, a machine that matches the power of the human brain — Microsoft loses access to OpenAI's technologies.

A principal security software engineer at Microsoft described how they use their Azure cloud platform "to hunt phishers at scale," in a talk at the information security conference BSides Exeter.

Calling himself Microsoft's "Head of Deception." Ross Bevington described how they'd created a "hybrid high interaction honeypot" on the now retired code.microsoft.com "to collect threat intelligence on actors ranging from both less skilled cybercriminals to nation state groups targeting Microsoft infrastructure," according to a report by BleepingComputer: With the collected data, Microsoft can map malicious infrastructure, gain a deeper understanding of sophisticated phishing operations, disrupt campaigns at scale, identify cybercriminals, and significantly slow down their activity... Bevington and his team fight phishing by leveraging deception techniques using entire Microsoft tenant environments as honeypots with custom domain names, thousands of user accounts, and activity like internal communications and file-sharing...

In his BSides Exeter presentation, the researcher says that the active approach consists in visiting active phishing sites identified by Defender and typing in the credentials from the honeypot tenants. Since the credentials are not protected by two-factor authentication and the tenants are populated with realistic-looking information, attackers have an easy way in and start wasting time looking for signs of a trap. Microsoft says it monitors roughly 25,000 phishing sites every day, feeding about 20% of them with the honeypot credentials; the rest are blocked by CAPTCHA or other anti-bot mechanisms.

Once the attackers log into the fake tenants, which happens in 5% of the cases, it turns on detailed logging to track every action they take, thus learning the threat actors' tactics, techniques, and procedures. Intelligence collected includes IP addresses, browsers, location, behavioral patterns, whether they use VPNs or VPSs, and what phishing kits they rely on... The deception technology currently wastes an attacker 30 days before they realize they breached a fake environment. All along, Microsoft collects actionable data that can be used by other security teams to create more complex profiles and better defenses.

"Who asked for any of this in the first place?" wonders a New York Times consumer-tech writer. (Alternate URL here.) "Judging from the feedback I get from readers, lots of people outside the tech industry remain uninterested in AI — and are increasingly frustrated with how difficult it has become to ignore." The companies rely on user activity to train and improve their AI systems, so they are testing this tech inside products we use every day. Typing a question such as "Is Jay-Z left-handed?" in Google will produce an AI-generated summary of the answer on top of the search results. And whenever you use the search tool inside Instagram, you may now be interacting with Meta's chatbot, Meta AI. In addition, when Apple's suite of AI tools, Apple Intelligence, arrives on iPhones and other Apple products through software updates this month, the tech will appear inside the buttons we use to edit text and photos.

The proliferation of AI in consumer technology has significant implications for our data privacy, because companies are interested in stitching together and analyzing our digital activities, including details inside our photos, messages and web searches, to improve AI systems. For users, the tools can simply be an annoyance when they don't work well. "There's a genuine distrust in this stuff, but other than that, it's a design problem," said Thorin Klosowski, a privacy and security analyst at the Electronic Frontier Foundation, a digital rights nonprofit, and a former editor at Wirecutter, the reviews site owned by The New York Times. "It's just ugly and in the way."

It helps to know how to opt out. After I contacted Microsoft, Meta, Apple and Google, they offered steps to turn off their AI tools or data collection, where possible. I'll walk you through the steps.
The article suggests logged-in Google users can toggle settings at myactivity.google.com. (Some browsers also have extensions that force Google's search results to stop inserting an AI summary at the top.) And you can also tell Edge to remove Copilot from its sidebar at edge://settings.

But "There is no way for users to turn off Meta AI, Meta said. Only in regions with stronger data protection laws, including the EU and Britain, can people deny Meta access to their personal information to build and train Meta's AI." On Instagram, for instance, people living in those places can click on "settings," then "about" and "privacy policy," which will lead to opt-out instructions. Everyone else, including users in the United States, can visit the Help Center on Facebook to ask Meta only to delete data used by third parties to develop its AI.
By comparison, when Apple releases new AI services this month, users will have to opt in, according to the article. "If you change your mind and no longer want to use Apple Intelligence, you can go back into the settings and toggle the Apple Intelligence switch off, which makes the tools go away."

Libreboot is a distribution of coreboot "aimed at replacing the proprietary BIOS firmware contained by most computers."

So then what exactly is GNU Boot? Its home page explains... In November 2022, Libreboot began to include non-libre code. We have made repeated efforts to continue collaboration with those developers to help their version of Libreboot remain libre, but that was not successful. Now we've stepped forward to stand up for freedom, ours and that of the wider community, by maintaining our own version — a genuinely libre Libreboot, that after some hurdles gave birth to this project: GNU Boot.
But today, Phoronix writes: While priding itself on being "100% free", last December [GNU Boot] had to drop some motherboard support and CPU code after discovering they were shipping some files that are non-free by their free software standards. Today they announced another mistake in having inadvertently been shipping additional non-free code.

GNU Boot discovered an issue with non-free code affecting not only them but also some of the Linux distributions that pride themselves on being fully free software / 100% open-source. This latest snafu they say is "more problematic" than their prior non-free code discover due to impacting the free software Linux distributions too. The issue at hand though comes down to test data contained within the archive and that containing non-free code in the form of microcode, BIOS bits, and Intel Management Engine firmware.
"We also contacted Replicant..." according to the announcement, "a free Android distro that also ships vboot source code." And in addition, "We had to re-release all the affected tarballs." (Which at this point is three release candidates...)

"The foundation behind the Gnome desktop environment is having to go through some serious belt-tightening..." writes Linux Magazine.

From an October 7th announcement by The Gnome Foundation: Our plan for the previous financial year was to operate a break-even budget. We raised less than expected last year, due to a very challenging fundraising environment for nonprofits, on top of internal changes such as the departure of our previous Executive Director, Holly Million. The Foundation has a reserves policy which requires us to keep a certain amount of money in the bank account, to preserve core operations in the event of interruptions to our income. In order to meet our reserves policy, this year's budget had to reduce our expenditure to below expected income, and generate a small surplus to reinstate the Foundation's financial reserves to the necessary level...

We're asking for your support in several ways:

- Look out for opportunities to volunteer your time and skills in areas where we've had to reduce staff involvement.

- Share ideas on how to organize and improve our activities in this new context.

- Consider making donations to support the GNOME Foundation's core priorities, if you're able...

Through these difficult decisions, the GNOME Foundation is able to meet its reserves policy, ensuring sufficient funds for the coming year. Our budget for the new financial year is realistic and supports four full time staff, who are able to support key operations like finance, infrastructure and events. We are additionally contracting a number of other individuals on a short term or part time basis, to help with fund raising, websites and delivering on our project commitments.

We are going to be looking to the GNOME community to help with the areas that are most affected by our reduced staffing. If you would like to help GNOME with its events, marketing, or fundraising, we would love to hear from you.
In their new budget, "expenses have been greatly reduced," according to an October 10 update: We are also very relieved to be able to provide a surplus budget for the first time in many years, and doing so while still being able to support the community: events, infrastructure, internships, travel funding, and meeting our commitment to donors for work done in some parts of the stack, e.g.: Flathub, parental controls and GNOME Software.

"Six years after the Spectre transient execution processor design flaws were disclosed, efforts to patch the problem continue to fall short," writes the Register: Johannes Wikner and Kaveh Razavi of Swiss University ETH Zurich on Friday published details about a cross-process Spectre attack that derandomizes Address Space Layout Randomization and leaks the hash of the root password from the Set User ID (suid) process on recent Intel processors. The researchers claim they successfully conducted such an attack.... [Read their upcomong paper here.] The indirect branch predictor barrier (IBPB) was intended as a defense against Spectre v2 (CVE-2017-5715) attacks on x86 Intel and AMD chips. IBPB is designed to prevent forwarding of previously learned indirect branch target predictions for speculative execution. Evidently, the barrier wasn't implemented properly.

"We found a microcode bug in the recent Intel microarchitectures — like Golden Cove and Raptor Cove, found in the 12th, 13th and 14th generations of Intel Core processors, and the 5th and 6th generations of Xeon processors — which retains branch predictions such that they may still be used after IBPB should have invalidated them," explained Wikner. "Such post-barrier speculation allows an attacker to bypass security boundaries imposed by process contexts and virtual machines." Wikner and Razavi also managed to leak arbitrary kernel memory from an unprivileged process on AMD silicon built with its Zen 2 architecture.

Videos of the Intel and AMD attacks have been posted, with all the cinematic dynamism one might expect from command line interaction.

Intel chips — including Intel Core 12th, 13th, and 14th generation and Xeon 5th and 6th — may be vulnerable. On AMD Zen 1(+) and Zen 2 hardware, the issue potentially affects Linux users. The relevant details were disclosed in June 2024, but Intel and AMD found the problem independently. Intel fixed the issue in a microcode patch (INTEL-SA-00982) released in March, 2024. Nonetheless, some Intel hardware may not have received that microcode update. In their technical summary, Wikner and Razavi observe: "This microcode update was, however, not available in Ubuntu repositories at the time of writing this paper." It appears Ubuntu has subsequently dealt with the issue.

AMD issued its own advisory in November 2022, in security bulletin AMD-SB-1040. The firm notes that hypervisor and/or operating system vendors have work to do on their own mitigations. "Because AMD's issue was previously known and tracked under AMD-SB-1040, AMD considers the issue a software bug," the researchers explain. "We are currently working with the Linux kernel maintainers to merge our proposed software patch."
BleepingComputer adds that the ETH Zurich team "is working with Linux kernel maintainers to develop a patch for AMD processors, which will be available here when ready."

Phoronix's Michael Larabel reports: Germany's Sovereign Tech Fund (STF) is today celebrating its second anniversary for "empowering public digital infrastructure." In the past two years it has invested more than $24.9 million into sixty open technologies. This effort backed by the German government has provided nearly $25 million USD in open-source funding over the past two years. In this time there has been more than 500 submissions proposing over 114 million euros in work.

This Sovereign Tech Funding has helped open-source projects provide much needed maintenance to their software, enhance the security posture of the software, and make other open-source improvements in the public interest. You can learn more about the Sovereign Tech Fund via their blog.

The U.S. Federal Trade Commission is investigating farm equipment maker Deere over its repair policies, focusing on whether the company's restrictions on repairs violate customers' "right to repair." Reuters reports: The investigation, authorized on Sept. 2, 2021, focuses on repair restrictions manufacturers place on hardware or software, often referred to by regulators as impeding customers' "right to repair" the goods they purchase. The probe was made public through a filing by data analytics company Hargrove & Associates Inc, which sought to quash an FTC subpoena seeking market data submitted to it by members of the Association of Equipment Manufacturers. Neither HAI nor AEM is a target of the FTC probe [...].

The FTC is probing whether Deere violated the Federal Trade Act's section 5, according to the filing. The law prohibits unfair or deceptive practices affecting commerce, and the FTC has recently used it in a broad array of cases, including against Amazon and pharmacy benefit managers.

An anonymous reader shares a report: At the end of September, Kaspersky forcibly uninstalled and replaced itself with a new antivirus called UltraAV on the computers of around a million Americans, many of whom were surprised and aghast that they were not asked to give their consent for the change. The move was the end result of the U.S. government ban on all sales of Kaspersky software in the country and -- at least in theory -- marked the end of Kaspersky in America.

But not everyone in the U.S. has given up on the Russian-made antivirus. Some Americans have found ways to get around the ban and are still using Kaspersky's antivirus, TechCrunch has learned. Several people who live in the U.S. said in posts on Reddit that they are holding out as Kaspersky customers. When TechCrunch asked them about their motivations, their reasons range from being skeptical of the reasons behind the ban, or having paid for the product already, to simply preferring the product over its rivals.

The blockchain-based identity verification company founded by Sam Altman is now called "World." It also unveiled a new version of the "Orb" biometric devices the company uses to scan users' eyes. CoinTelegraph reports: World, as it's now known, also revealed a slew of other updates including a new version of its Orb biometric scanning devices, new options for identity verification and partnership integrations with popular apps including FaceTime, WhatsApp, and Zoom. [...] The new Orb, powered by Nvidia hardware, will be more efficient and "five times" more powerful than its predecessor with a smaller footprint and fewer parts. The company also said the new Orb would eventually be available in self-service kiosks in some markets.

World also announced that users will soon be able to verify their identity through methods other than the firm's Orb hardware. Through a program called World ID Credentials, the company says users with NFC-enabled government issued passports will allow them to verify their identity on the World app. Another major announcement came in the form of World ID Deep Face, a service the company claims has "solved deepfakes." According to the company, its software can be implemented into just about any app where video can be uploaded or streamed to determine whether videos featuring verified persons are real or have been faked using AI. Finally, the company also announced that so far 15 million users have signed up for its World app service; among them, seven million are verified.

Google's NotebookLM app has been updated to let you generate custom podcasts from almost any source material. The AI software is also dropping the "experimental" tag. Wired reports: To make an AI podcast using NotebookLM, open up the Google Labs website and start a New Notebook. Then, add any source documents you would like to be used for the audio output. These can be anything from files on your computer to YouTube links. Next, when you click on the Notebook guide, you'll now see the option to generate a deep dive as well as the option to customize it first. Choose Customize and add your prompt for how you'd like the AI podcast to come out. The software suggests that you consider what sections of the sources you'd like highlighted, larger topics you want further explored, or different intended audiences who you want the message to reach.

One tip [Raiza Martin, who leads the NotebookLM team inside of Google Labs] shares for trying out the new feature is to generate the Audio Overview without changes, and while you're listening to this first iteration, write down any burning questions you have or topics you wish it expanded on. Afterwards, use these notes as a launching pad to create your prompts for NotebookLM and regenerate that AI podcast with your interests in mind. [...] Yes, Google's NotebookLM might flatten the specifics of a big document or get some details mixed up, but being able to generate more personalized podcasts from disparate sources truly does feel like a transformation -- and luckily nothing like turning into a giant bug. You can view some examples of AI-generated podcasts here.

The business world's favourite software program enters its 40th year. The Economist: Excel has featured in plenty of workplace blunders -- though its defenders will be quick to blame human error. The financial world is littered with tales of costly spreadsheet errors. Excel has also been blamed for botching gene names in over a third of genomics papers (because it labelled them as dates); underreporting covid-19 cases in England (because it only had a limited number of rows in which to record the results); and disrupting the trial of January 6th rioters in America (because sensitive information was left in hidden cells).

Such snafus have not dented Excel's dominance. Might artificial intelligence (AI) steal its crown? With whizzy new tools powered by the technology promising to make data analysis easier, the familiar grid of numbers and calculations could soon feel outdated. Rather than replacing spreadsheets, though, AI might make them even better. Last month Microsoft introduced an AI assistant for Excel which lets users crunch data using natural-language prompts. Excel, and its faithful, aren't ready to be filtered out just yet.

An anonymous reader quotes a report from Wired: Real-time video deepfakes are a growing threat for governments, businesses, and individuals. Recently, the chairman of the US Senate Committee on Foreign Relations mistakenly took a video call with someone pretending to be a Ukrainian official. An international engineering company lost millions of dollars earlier in 2024 when one employee was tricked by a deepfake video call. Also, romance scams targeting everyday individuals have employed similar techniques. "It's probably only a matter of months before we're going to start seeing an explosion of deepfake video, face-to-face fraud," says Ben Colman, CEO and cofounder at Reality Defender. When it comes to video calls, especially in high-stakes situations, seeing should not be believing.

The startup is laser-focused on partnering with business and government clients to help thwart AI-powered deepfakes. Even with this core mission, Colman doesn't want his company to be seen as more broadly standing against artificial intelligence developments. "We're very pro-AI," he says. "We think that 99.999 percent of use cases are transformational -- for medicine, for productivity, for creativity -- but in these kinds of very, very small edge cases the risks are disproportionately bad." Reality Defender's plan for the real-time detector is to start with a plug-in for Zoom that can make active predictions about whether others on a video call are real or AI-powered impersonations. The company is currently working on benchmarking the tool to determine how accurately it discerns real video participants from fake ones. Unfortunately, it's not something you'll likely be able to try out soon. The new software feature will only be available in beta for some of the startup's clients.

As Reality Defender works to improve the detection accuracy of its models, Colman says that access to more data is a critical challenge to overcome -- a common refrain from the current batch of AI-focused startups. He's hopeful more partnerships will fill in these gaps, and without specifics, hints at multiple new deals likely coming next year. After ElevenLabs was tied to a deepfake voice call of US president Joe Biden, the AI-audio startup struck a deal with Reality Defender to mitigate potential misuse. [...] "We don't ask my 80-year-old mother to flag ransomware in an email," says Colman. "Because she's not a computer science expert." In the future, it's possible real-time video authentication, if AI detection continues to improve and shows to be reliably accurate, will be as taken for granted as that malware scanner quietly humming along in the background of your email inbox.