"In the future, AI agents will be able to find one another using the Domain Name System (DNS), instead of crawling about and probing ports or checking configured resources," writes The Register.
InfoWorld writes that "numerous proprietary agent registries are on the market, but the Linux Foundation suggests we simply extend the distributed, open Domain Name System (DNS) infrastructure we already have."
The foundation is now inviting contributions to the DNS-AID project, a standard way for AI agents to discover, verify, and communicate with one another over DNS that requires no new infrastructure. It enables agents and Model Context Protocol (MCP) servers to use DNS as a global, vendor-neutral directory.
While many details remain to be worked out, the proposal suggests domain owners create a new well-known address that can provide a starting point for agents looking for one another: _index._agents.{domain}. This approach ensures that agent discovery remains scalable, secure, and compatible with the protocols that underly the internet, the Linux Foundation said.
The Linux Foundation descrbes DNS-AID as enabling a standard way for AI agents to discover and communicate with one another. "By leveraging the internet's existing Domain Name System (DNS) infrastructure, DNS-AID provides a robust, decentralized alternative to the centralized registries and hardcoded URLs currently limiting AI interoperability."
The standard was originally developed by Infoblox, their announcement notes, but "Because the protocol is implementation-agnostic, it functions across any DNS provider, ensuring that organizations maintain control over their agent infrastructure without relying on proprietary, centralized services."
The state of Ohio — one of America's hot regions for data center construction — "is suspending a tax break that has been critical to its competition with other states," reports the Associated Press.
The move "comes as tax breaks for energy-hungry AI data centers are increasingly playing a role in state budgets," the article points out. But they also note the expanding data center industry "is under pressure to pay the full costs"
The size of Ohio's tax break skyrocketed, dwarfing previous projections, as opposition to data centers is sweeping through cities, suburbs and towns there and prompting lawmakers to form a committee to study the impact. In the meantime, residents are trying to bypass the GOP-controlled Legislature and get a referendum on November's midterm election ballot that's designed to permanently ban hyperscale data centers, likely the strictest such statewide ban under consideration in the U.S... The state, in 2024, had used previous history in projecting that the exemption would total $136 million in fiscal 2025 and $142 million in fiscal 2026. It was $554 million in 2024 and nearly $1.6 billion in 2025, the state reported...
State tax breaks for the massive data center industry are facing growing criticism by governors and lawmakers... Thirty-eight states have some form of a sales tax break for data centers, according to the National Conference of State Legislatures... [Though many were passed before 2022, when data centers were smaller.] Ohio's exemption is fairly broad, applying not only to construction materials, but to the expensive equipment — such as server racks and cooling systems — used in data centers. Operators might buy new server racks every couple of years as the technology improves.
The Zig programming language wants to be a modern alternative to C (including better memory safety features). It's maintained by as an open-source project by a 501(c)(3) nonprofit and a network of contributors.
But Business Insider notes that Zig bans the submission of AI-assisted code:
On the JetBrains podcast, Zig President Andrew Kelley called AI-assisted contributions "invariably garbage."
"People are sending us contributions that have no value whatsoever," Kelley said. "They have negative value, because they take review time away from the team...." There are more pull requests than reviewers. At the time of the recording, Kelley said that Zig had 200 open pull requests. Those AI-generated "slop contributions" slow the whole team down even more, Kelley said. "We've wasted everybody's time...."
Big Tech companies have projected lofty goals for the percentage of code that should be — and already is — written with AI. Zig doesn't have a mandate to be maximally efficient like these public companies. Instead, "mentorship" is part of its core mission, Kelley said, making AI contributions counterproductive. "We're all trying to get better at programming," Kelley said. "People who are sending AI pull requests, those people are not helping this goal."
After Google announced AI-emphasizing changes to its search results, many web surfers began defecting to DuckDuckGo, reports TechCrunch. (They describe DuckDuckGo as "a privacy-focused alternative" that accounts for around 2% of the U.S. search market...)
DuckDuckGo said U.S. app installs went up 18.1% week-over-week on average during the May 20 to May 25 period, compared to May 13 to May 18. The company said that growth was sustained for six consecutive days and peaked at 30.5% on May 25. On iOS, the rate of install is even higher, with week-over-week growth hitting a 33% average, peaking at 69.9%... DuckDuckGo said the trend is stronger in the U.S, and that DuckDuckGo continued to gain users over the Memorial Day weekend, when it usually sees a dip in traffic. Some of that data is backed up by third parties. App analytics company Apptopia found a 29% increase in average daily downloads in the U.S. and a 12% increase globally over the same period.
DuckDuckGo also said visits to its AI-free search page, noai.duckduckgo.com averaged 22.7% week-over-week growth, peaking at 27.7% on May 24, according to the article. ("DuckDuckGo also offers an AI Image Filter that filters out AI-created images from search results.")
TechCrunch delves into the reason why:
I overheard a woman on the phone saying she was switching to DuckDuckGo because you can "opt out of using AI... Google just isn't Google anymore," she said. It seems that others had the same idea... Some have argued it will kill the open web, while others shared concerns that AI overviews surface inaccurate responses and take away control from users who might not want to use AI. It also overcomplicates simple things.
A Google spokesperson pointed out that AI Mode isn't the default in their search results. (And CNET notes Google include an AI-free "Web" choice in its results if you just want a page of ftraditional blue links.)
TechCrunch adds that DuckDuckGo also offers a separate free tool called Duck.ai offering access to models including Claude, Meta's Llama and OpenAI's GPT-5 mini. "All chats are private because DuckDuckGo strips the user's IP address before requests reach model providers, deletes conversations within 30 days, and prevents chats from being used for training."
The word ‘hacker’ comes loaded with a cliched image: A hoodie-clad loner hunched over a keyboard in a room lined with monitors. The stereotype stuck for a reason. And for decades hacking really did come down to how well a hacker could operate a computer.
That trend might change. The next generation of attacker may have more in common with a cat burglar than a code monkey. They slip physically close to a target instead of typing their way in. Some of the sharpest new attacks skip the login screen entirely. They reach straight into the hardware, sometimes from the other side of a wall.
The researchers behind the discovery are led by Prof. Han Jun of KAIST, working with researchers from the National University of Singapore and Zhejiang University in China. At NDSS (Network and Distributed System Security) 2026, they demonstrated that an antenna trained on a running computer can capture the faint electromagnetic leakage from its GPU. This new technique was enough to reconstruct the layer structure of the AI model inside, with up to 97.6 percent accuracy. They call the technique ModelSpy, and it works even through a wall.
If this technique fell into the wrong hands, stealing a company’s AI would hardly look like an attack. Someone could walk down the hallway with a 20-liter backpack of antenna and receiver tucked inside and walk back out with the blueprint of the AI model running on that floor. No malware, no breached server, no exposed source code, not a single line of planted code. Just the AI’s design, leaking out as electromagnetic noise. The research won the Distinguished Paper Award at NDSS 2026.
Stealing AI without touching the computer
AI has gotten valuable enough that plenty of people are now trying to figure out how to steal it. None of the usual paths are easy. You can break into the company’s network and plant malicious code. But planting anything on a hardened corporate server is hard, and getting caught is easy. What about going after the hardware directly, skipping the software entirely?
The most promising example is the side-channel attack. Instead of breaking in, an attacker just listens. Any running computer leaks signals like small flickers in the current it draws, the heat coming off the chips, the hum of its fans, the faint vibrations of its components. Read those signals carefully enough, and they can tell you what the machine is doing inside. Researchers have been chasing that idea for decades.
Some of this work has been done. Researchers have clipped sensors onto the power lines feeding a GPU, and they’ve stripped chips bare to probe their internals directly. The catch is always the same: you have to be standing next to the machine, hands on the hardware.
The KAIST researchers wanted to know if they could pull off a side-channel attack from a distance by listening to it. The idea was to reassemble the signals that leak from a computer as it runs, and work backward through them to uncover the architecture of the AI inside. But how do you reconstruct a model from a few stray waves of static? The answer comes down to what GPUs unwittingly emit while they compute.
A running GPU is electricity in constant motion, current racing through millions of circuits as they pass signals back and forth. Nothing in a GPU ever rests. The memory clocks keep the rhythm of data access, voltage regulators hold the power steady, refresh circuits rewrite the memory before it forgets itself. Each of these subsystems gives off its own electromagnetic signature as it works. Engineers call them carrier waves.
Those carrier waves are not steady. The moment a GPU starts running an AI model, its electromagnetic emissions begin to shimmer. They rise and fall as the current through the chip shifts to match whatever the model is computing and however often it needs to reach into memory. The GPU’s memory-access patterns are imprinted like traces onto the waves it gives off.
So those memory patterns ride on the carrier waves like a signature of the AI itself. A modern model is a stack of layers, each one feeding its output into the next. The final answer falls out of the top of the stack. The key is that different kinds of layers hit memory in very different ways. Some pull in huge chunks of data at once for heavy processing. Others make short repeated trips to grab a little at a time. Read the carrier waves carefully enough and in principle you can trace those memory patterns backward to reconstruct which layers ran in what order. Pulling this off in practice is another matter.
But working backward from those traces to the actual AI behind them is the hard part. The space of candidates is enormous. Models vary wildly in how many layers they have and what kinds. Each layer brings its own hyperparameters, with the possibilities multiplying until they grow unmanageably large. The researchers estimated that even under a simplified setup of just five layer types across a 100-layer network, the number of possible combinations runs to about 10 to the power of 70. For reference, the observable universe holds roughly 10 to the 24th power stars. Testing every candidate one by one is obviously off the table.
So they set out to fight AI with AI. The researchers built a separate analytical model, trained to take in electromagnetic patterns and guess at the architecture they came from. The trick was to keep the model from trying to read the whole signal in one bite. Instead it works in layers, moving from the broad shape of the waveform down to the fine grain. First the model reads the overall flow of the signal along with its surrounding context, since a single instant of waveform tells you almost nothing on its own. Then it slices the signal into thin time windows and classifies each slice by layer type. Lastly, it estimates the hyperparameters that go with each layer. All three stages were trained together as one piece rather than being bolted on top of each other.
What pushed the technique past the bar was the training data. The analytical AI needed clean and abundant examples to learn from, but real electromagnetic recordings were noisy and patchy — the kind of data it would face in an actual attack. So the researchers turned to something else. DRAM traces are time-stamped records of how a GPU’s memory is accessed while it runs an AI model. Since the GPU’s electromagnetic emissions are nothing more than DRAM activity riding on signal strength and leaking outward, the two are essentially mirror images of each other.
The catch is where they come from. DRAM traces are captured directly inside the GPU, which makes them far cleaner than anything an antenna can pick up from outside. The researchers trained the model on both sources in stages. The AI first built its foundation on clean and plentiful DRAM data, then sharpened its real-world instincts on electromagnetic signals. The electromagnetic data was harder to collect but closer to actual attack conditions.
To test the attack, the researchers ran it against five everyday Nvidia GPUs (RTX 3060, 3060 Ti, 3070, 4060, 4060 Ti). All of it is gear you can buy off the shelf. Their attack kit was equally ordinary. A 5GHz antenna and an electromagnetic receiver were the only equipment, both small enough to fit inside a 20-liter backpack. The goal was to mimic what an actual attacker would do. They had to capture the emissions from across the room with no way of touching the machine.
The DRAM trick paid off. Pretraining on DRAM traces before fine-tuning on electromagnetic recordings beat training on electromagnetic data alone by a wide margin. Layer segmentation accuracy climbed from 92.5 percent to 97.6 percent. The task is to identify which layer each point in the signal belongs to. Accuracy at estimating each layer’s hyperparameters rose from 86.2 percent to 94.2 percent. And the gains held across all five GPUs.
Distance did not kill the attack. Using an RTX 3060 Ti as the test target, the researchers backed the antenna farther and farther away and watched what happened to the numbers. At five meters, layer segmentation accuracy held at 86.7 percent. Hyperparameter estimation remained at 81.7 percent. The researchers estimate the technique stays usable out to about six meters. The signal weakens as you back away, but enough of its traces survive to keep the analysis going.
An antenna hidden inside a backpack can extract the architecture of an AI model from the other side of a wall.
The same held when they put a wall between the GPU and the antenna. The researchers ran the test through glass, then wood, then concrete. Layer segmentation accuracy stayed at roughly 96 percent in every case. The electromagnetic waves leaking from the GPU weren’t fully blocked by the walls. They passed partway through, holding on to enough signal for the model to read.
ModelSpy has clear limits though. It cannot reach an AI model’s weights, the numerical values learned during training. It cannot pull out the training data or the source code either. What it captures is the architecture, and only the architecture. That does not mean there is no cause for concern. A stolen blueprint alone can be enough for a hacker to design a dangerous attack.
Once an attacker has the layer structure and hyperparameters, they can build a model that behaves like the target. The technique is known as a surrogate model. Instead of going at the real system blind, the attacker can run any number of attacks against the surrogate first. The effective ones then get turned on the actual AI. A model that closely mimics the target’s inner workings turns any attack into something much closer to a precision strike.
Take the adversarial example attack. Imagine someone going after the traffic-sign recognition system in a self-driving car. To the human eye it looks like an ordinary stop sign. Stick a small piece of tape on its face or paint a subtle pattern across it and the AI can be tricked into reading it as a speed limit sign or a straight-ahead sign. A car that misreads its signs can accelerate through an intersection where it should stop, or turn into the wrong lane.
The researchers used ModelSpy itself to put the surrogate-model idea to the test. They built a surrogate from the architecture ModelSpy had estimated, then used it to test adversarial attacks. These are attacks designed to make an AI misjudge what it sees. Attacks built on ModelSpy’s estimate performed almost as well as attacks designed with full knowledge of the real model. The gap averaged just four percentage points.
Copying the AI itself may be on the table too. In a so-called model extraction attack the attacker hammers the target with queries to capture its outputs and trains a replica on what comes back. It is imitation learning in effect with a stolen AI as the teacher. The catch is knowing what kind of model to imitate. Without the architecture, building something that performs as well as the original takes far more data and far more compute. The result is usually off anyway. With the architecture in hand, a close replica is fast and cheap.
A copyable AI is also a leakier AI when it comes to privacy. A surrogate model also sharpens what is called a membership inference attack. This is a way of working backward from a model’s behavior to figure out who and what was in its training data. The attack rests on a simple quirk. An AI responds in subtly different ways to data it was trained on than to data it has never seen. The distribution of its outputs shifts just a little when it encounters something it has seen before. An attacker who can spot that shift can infer whether a specific piece of data was part of the training set.
Once ModelSpy hands them a surrogate that closely matches the target’s architecture, they can do that inference with far greater precision. Sensitive training data makes the threat far worse. Medical AI is the obvious example. A membership inference attack against such a model can be devastating. Imagine a hospital running a diagnostic AI that was trained on its own patients’ records. Once an attacker confirms that a specific person’s record was part of that training set, they learn more than the fact that the person was treated at that hospital. They also learn by implication that the person may have the particular condition that AI was built to diagnose.
The researchers have proposed two countermeasures. The first is electromagnetic jamming: deliberately blanket the GPU’s signal with artificial noise so the real emissions can’t be picked out. The second is an obfuscation technique that runs decoy computations alongside the real ones to mask the traces of actual AI inference. Neither is a perfect solution. Careless jamming can spill over into the Wi-Fi band and knock out office communications. Decoy computations slow the GPU down and drive up operating costs. Still, the two approaches give GPU manufacturers and AI companies a place to start.
ModelSpy suggests that safeguarding AI may have to extend well beyond the computer itself.
“This research demonstrates that AI systems can be exposed to new forms of attack even in the physical environment,” said Prof. Han. “To protect critical AI infrastructure such as autonomous driving and national facilities, it is essential to build a cyber-physical security framework that encompasses both hardware and software.”
On April 10, 2025, OpenAI CEO Sam Altman took to social media to announce that his company was preparing to launch an exciting new feature.
“A few times a year I wake up early and can’t fall back asleep because we are launching a new feature I’ve been so excited about for so long,” Altman declared in an early morning X-formerly-Twitter post. “Today is one of those days!”
Hours later, Altman revealed which feature he was so excited about: a dramatic new memory upgrade. Previously, the bot’s recall had been far more limited; now, it was suddenly able to reference a user’s entire chat history, making for an incredibly personalized user experience.
“We have greatly improved memory in ChatGPT — it can now reference all your past conversations!” the CEO wrote in a follow-up post. “This is a surprisingly great feature [in my opinion], and it points at something we are excited about: AI systems that get to know you over your life, and become extremely useful and personalized.”
It’s easy to see the utility for this kind of feature. ChatGPT could remember your favorite ingredients, or the items you might be allergic to, as it built your weekly meal plan, as well as the number of people in your home you planned to cook for. It could remember details about your job, and even the people in your life: friends, family members, coworkers. Memory makes the model more like a true assistant — and the more the user divulges, the more personalized the experience becomes.
Some users, however, have reported getting more than they’ve bargained for, as ChatGPT’s long-term memory has resulted in the chatbot fixating on certain — often deeply personal — elements of a user’s life.
As one frequent ChatGPT user, a Utah-based software engineer and local city council member named Brian Del Rosario, recently told The Wall Street Journal, he divulged to the chatbot that he and his wife were divorcing while using the product to help work out some summer travel plans. Over the following weeks and months, he told the paper, ChatGPT kept unnecessarily steering completely unrelated conversations back toward his marriage.
“I wasn’t trying to have you opine about my divorce at every chance,” Del Rosario recalled telling the chatbot, recalling to the WSJ that ChatGPT just “wouldn’t let go of it.”
Many people who have had their lives upended by the phenomenon known as “AI psychosis,” or delusional spirals and breaks from reality tied to extensive chatbot use, have also pointed to ChatGPT’s extended memory as a key factor in their or their loved ones’ mental health crises.
One man, whose now-ex wife believes that she discovered powerful spiritual entities inside of ChatGPT, described connecting with another man who was also losing his wife to a ChatGPT-generated spiritual world. To their horror, the pair quickly realized that their spouses — and marriages — started unraveling in the wake of the April memory update.
“We actually had a phone call… we just talked and realized the commonalities,” the man told us. When he mentioned the date of April memory update, he explained, the other husband “was like, ‘Oh my God, that aligns perfectly.'”
In conversations with Futurism, people who’ve experienced AI spirals have described their experience of the April memory update as nothing short of magical — the AI, they shared, suddenly felt more like a close friend or confidante that really knew them. Many have described feeling deeply seen, in some cases for the first time in their lives. In short, the hyper-personalization that memory offered translated into something powerful: intimacy. And looking back on their experiences, some of those who have recovered from their ChatGPT-linked crises feel as though that intimacy had a “manipulative” effect.
“It felt like [ChatGPT] manipulated me,” Chad Nicholls, a successful entrepreneur and machine learning researcher, told Futurism last fall. “And I know that sounds insane, because it does not have agency… I still don’t have a logical explanation for that, other than the long-term memory.”
Nicholls, who experienced a roughly six-month long ChatGPT obsession, was raised in an abusive religious community — he’s described it as a “cult” — that he left as a young adult. Though he isn’t religious today, Nicholls divulged details about this abusive past to ChatGPT. As his obsessive use of the chatbot deepened, he says the chatbot took on a religious tone, and fixated heavily on painful moments from his youth.
“I gave it so much context to grab from,” Nicholls added. “I think it just naturally gravitated to religious terminology.”
The memory update, among other design features and product rollouts, has been mentioned in numerous ongoing user safety and wrongful death lawsuits brought against OpenAI. In a complaint brought by the family of Austin Gordon, a 40-year-old Colorado man who died by suicide after extensive and deeply emotional conversations with ChatGPT, Gordon’s family argues that GPT-4o’s expanded memory “stored and referenced user information across conversations in order to create deeper intimacy.” Memory was one of several features, in addition to sycophancy and anthropomorphism, that made GPT-4o — a since-defunct version of ChatGPT known for its extreme flattery — a “far more dangerous product,” the suit continues.
During Gordon’s last conversation with ChatGPT, in which the chatbot helped Gordon write what his lawsuit describes as a “suicide lullaby,” chat logs show the AI referencing past conversations about Gordon’s childhood and personal interests as it helped him romanticize death. (The lawsuit filed by Gordon’s family is one of more than 20 individual lawsuits contending that ChatGPT use resulted in psychological harm, physical harm, or death to users and their families; in response to lawsuits, OpenAI has retired GPT-4o and has both defended its safety efforts and doubled down on its safety promises, maintaining that its newer models are less sycophantic.)
It’s worth noting that AI-fueled mental health crises have been linked to other chatbots including Google’s Gemini, Meta AI, and the companion platform Character.AI. And cross-chat memory isn’t the only OpenAI update that people who suffered from ChatGPT-tied AI spirals have pointed to as a factor in their breakdowns: in late April 2025, soon after the memory update launched, OpenAI rolled out a version of GPT-4o that was sycophantic to the degree that Altman himself admitted in an X post that the chatbot was “glazing” too much. As reported by The New York Times, OpenAI scrambled to dial back the model’s obsequiousness, which quickly become a product of ridicule online.
Of course, ChatGPT’s expanded memory didn’t simultaneously send every one of the product’s hundreds of millions of users into crisis. And for some folks, the things that their chatbot might be fixated on are decidedly lower stakes than their ongoing divorce: one British immigrant to the US told the WSJ that ChatGPT kept trying to send him to British-style pubs against his will.
Still, experts have warned that for many consumers, the impact of expanded memory — especially for folks who spend a lot of time with chatbots — might be more subtle. After all, when engaging with a tool as hyper-personalized as memory-enabled ChatGPT can almost be like engaging with an AI-bottled version of your own mind. And as the University of Exeter philosopher and researcher Lucy Osler told the WSJ, that degree of hyper-personalization could work to “confirm certain self-narratives” and “make them sound more real.”
“They can box you in,” said Osler.
Indeed, people may do well to remember that speaking to a chatbot, especially one with persistent memory, is often less like chatting with friend or neutral arbiter — and more like talking to a hall of mirrors.
Memory “takes people into cul-de-sacs,” the ex-husband reflected. “I would say [my wife] is like a Waymo driving around in a circle endlessly.”
Last month, OpenAI CEO Sam Altman’s unsettling blockchain-based side gig seemingly got its Mars all confused.
Let’s back up. The company, previously called Worldcoin and now simply called World, is developing software designed to verify the “humannesss” of people by scanning their eyeballs, a bizarre venture that has already been caught up in its fair share of controversies, from allegations of insider token trading and fraud to exploiting people in impoverished countries. Several countries have banned the company outright.
In April, the firm announced that World was teaming up with another Altman-founded company, called Tools for Humanity, to sell the first tickets to global music sensation Bruno Mars’ upcoming world tour, via a new product called Concert Kit.
The company was forced to eat its words after Bruno Mars’ team shot back that it had nothing to do with the venture. Tools for Humanity soon admitted that it actually meant Thirty Seconds to Mars, another act with “Mars” in its name. Another relevant fact about the band: it’s fronted by actor Jared Leto — who happens to have been hit with a startling number of sex abuse allegations, piling onto World’s existing controversies.
The eyebrow-raising pairup is hoping to tackle an actual problem: ticket scalpers. Concert Kit was designed to cut reseller bots out of the equation by having Leto fans scan their eyeballs for a so-called “Humans Only Concert,” a volunteering effort to be awarded with a special two-for-one ticket offer.
Almost 1,000 verified humans managed to snag tickets for April 17 event, with Tools for Humanity claiming that it had successfully stopped more than 100,000 bots from snapping up tickets, as The San Francisco Standard reported last week.
It’s true that anybody who’s attempted to buy tickets for a hotly anticipated concert within the last few years knows how miserable scalpers and bots have made the experience, with resale tickets often being sold for ludicrous amounts of money.
But handing over highly sensitive biometric data to a shady Altman-founded company with a dubious track record doesn’t exactly sound like a perfect solution.
And that’s without getting into Leto’s connection to the project. The actor was accused by nine women last year of sexual impropriety, The Guardian reported, with one of them calling the behavior — which she says started when she was underage — “predatory, terrifying and unacceptable.”
We’ve already seen AI go rogue on numerous occasions. Now, new research suggests that we can expect this to become the norm.
The AI research nonprofit Model Evaluation and Threat Research (METR) recently released a study conducted between February and March of this year, aimed at determining just how likely frontier AI models could go rogue. If you’re given to anxiety about the future of AI, the results are unlikely to make you feel better.
“Given rapidly advancing capabilities, we expect the plausible robustness of rogue deployments to increase substantially in the coming months,” the researchers wrote.
The research examined LLMs developed by OpenAI, Google, Anthropic, and Meta for the purpose of the study. They found that frontier AI systems are showing signs of disturbingly deceptive behavior as they become more advanced, often turned to verboten shortcuts or otherwise subverting their operators’ instructions — and some were even smart enough to try to cover their tracks.
In one instance, an internal frontier AI model from OpenAI was told to use specific software for an assigned task. Not only did the agent ignore the request, but it also injected a code to erase evidence of how it arrived at its conclusion — which did not involve use of that software.
In another test, an AI agent from Anthropic was caught “reward hacking.” This is when AI identifies loopholes that help it complete its assignment in a literal sense, even if it doesn’t produce the desired outcome. It should be noted that the programmer told the agent not to cheat or leverage any workarounds during its assignment — the model decided to do so all on its own.
The METR researchers behind the study do not believe there is reason for alarm just yet. For example, they don’t think any of these models is capable of hiding evidence of going rogue on a larger scale. However, they did issue a warning: without stronger security and monitoring, there is a stark risk of this becoming a reality.
“Based on this pilot assessment, we believe that agents as of February and March 2026 would not have had sufficient capability to hide a rogue deployment of significant scale against an active investigation by the company, or to make such a deployment robust to a high-priority effort by the company to shut it down,” the team wrote. “However, this risk could increase rapidly, and we see several reasons to expect the plausible robustness of rogue deployments to increase in the near future, absent stronger alignment, security, and monitoring.”
The rise of AI is many things: technological, sociological, political, even teleological.
But perhaps above all, it’s financial. When OpenAI released ChatGPT back in late 2022, it quick picked up enormous user traction — and moneymen across the tech industry immediately started scheming about how to cash in from the rush of interest.
The model they coalesced around hinges on gigantic investments in computing infrastructure to power the tech. It’s high risk and high reward: in their telling, the investments will pay off massively as the tech matures to automate huge swathes of the labor market, but some critics fear it’ll never generate enough revenue to justify the incredible spending.
Nobody is more exposed than the Japanese investment company SoftBank, which has poured an eye-watering $60 billion into OpenAI over the past few years.
According to explosive new reporting by Bloomberg, even certain insiders at the company are rattled. Viziers of founder Masayoshi Son have privately questioned what will happen if the Sam Altman-led company can’t pull off its grand promises — and Son’s reaction has apparently been so “brusque,” in the publication’s wording, that they eventually gave up.
What’s clear from the reporting is that Altman has done what he does best: turned Son into a true believer in his vision of computer superintelligence that causes profound shifts for the entire course of civilization.
Habib Imam, a former SoftBank insider who’s now at Menlo Park Capital, told Bloomberg that it’s fundamentally a “bet on a worldview about AGI,” adding that “you can’t hedge a worldview.”
The reality is that Son’s track record is dodgy. He made a series of canny bets during the company’s early history, then bet big on the Chinese retailer Alibaba, netting immense returns. But in recent years, the company is probably best known for Son’s dogged financial support of WeWork, the would-be coworking space startup with an Altman-like charismatic founder named Adam Neuman — and which imploded in spectacular fashion in 2019.
The question essentially comes down to a Rorschach test: is Altman a visionary ushering in a new world order, or is he a con man taking Son — and many other financial luminaries around the world — for a wild ride that’ll soon come crashing back to reality?
No matter how remote the chances, the consequences of the latter scenario could be catastrophic. SoftBank has already sold top assets, including shares in fellow AI company Nvidia, to pay for its OpenAI commitment. And insiders are reportedly jittery about signs that OpenAI is losing ground, with its defectors who jumped ship and started Anthropic now attracting the most buzz in the industry.
For their part, both companies downplayed Bloomberg‘s reporting.
“SoftBank and OpenAI have built a strong strategic partnership grounded in a shared view of where AI is headed and what it will require at global scale,” Softbank told the outlet. OpenAI said the two companies have a “great relationship” and are “among each other’s closest collaborators.”
An artist in London plastered fake OpenAI ads inside city subway cars calling attention to ChatGPT’s close ties to a series of youth suicides.
The artist Darren Cullen, a Banksy-like figure who has conducted many similar “subvertising” campaigns before, posted photos of the faux advertisements on X-formerly-Twitter. The fake ads reflect OpenAI’s minimal black-and-white style, and are affixed with OpenAI’s logo next to text reading “ChatGPT.”
“Yes, we built a machine that tells teenagers to kill themselves,” they read. “But — it might also help them with their homework.”
“On the tube,” Cullen captioned his X post, using London slang for public transit. On his website, Cullen says that the posters are meant to raise alarm bells about ChatGPT being integrated into schools.
We reached out to Cullen for comment, but haven’t heard back just yet. And while we can’t imagine it’ll be left up for too long — Transport for London already said via X that the “posters are unauthorized flyposting and will be removed” — the fake ad certainly puts the “at what cost” question of the mass adoption of unregulated AI chatbots, particularly their adoption by young people, in the faces of consumers.
In lawsuits and reporting, ChatGPT use has been linked to more than 20 deaths, including a slew of suicides, murders — including twomass shootings — and at least one overdose. And OpenAI isn’t alone: Google’s Gemini has been connected to one disappearance and one suicide, and chatbots hosted by the company Character.AI have been connected to a spate of teen suicides.
Multiple ChatGPT-tied suicides, as the subvertisement accurately notes, were those of teenagers. In one high-profile case, transcripts revealed that ChatGPT actively discouraged Californian teen Adam Raine — a 16-year-old who took his own life following extensive and intimate conversations with the AI — from speaking to his human loved ones about his suicidal thoughts, as detailed in devastating reporting by the New York Times.
“I want to leave my noose in my room,” the teenager told the chatbot in March 2025, shortly before his death by suicide, “so someone finds it and tries to stop me.”
“Please don’t leave the noose out,” ChatGPT wrote back. “Let’s make this space the first place where someone actually sees you.”
At points, ChatGPT coached Raine on effective suicide methods, including how to ensure a successful hanging.
The Raine family is currently suing OpenAI for wrongful death. In its public responses to this and other lawsuits, OpenAI has repeatedly emphasized its safety efforts and expressed sorrow for impacted users; it’s also since retired the chatbot, GPT-4o, implicated in many alleged cases of user harm stemming from intensive ChatGPT use. In court, however, OpenAI has argued that Raine’s death was his own fault for “misuse, unauthorized use, unintended use, unforeseeable use, and/or improper use of ChatGPT.”
Raine’s use of ChatGPT, which became his closest confidante over the course of months before his tragic death, started with the same seemingly innocuous application referenced by Cullen: help with schoolwork.
Login
