Should we rely on hallucinations?

https://www.bespacific.com/the-impact-of-ai-generated-text-on-the-internet/

The Impact of AI-Generated Text on the Internet

The Impact of AI-Generated Text on the Internet.  Jonas Dolezal, Sawood Alam, Mark Graham, Maty Bohacek:

The proliferation of AI-generated and AI-assisted text on the internet is feared to contribute to a degradation in semantic and stylistic diversity, factual accuracy, and other negative developments. We find that by mid-2025, roughly 35% of newly published websites were classified as AI-generated or AI-assisted, up from zero before ChatGPT’s launch in late 2022. We also find evidence suggesting that increases in AI-generated text on the internet bring about a decrease in semantic diversity and an increase in positive sentiment. We do not, however, find statistically significant evidence supporting the hypothesis that an increased rate of AI-generated text on the internet decreases factual accuracy or stylistic diversity. Notably, our findings diverge from public perception of AI’s impact on the internet. AI has been moving at an unprecedented speed, changing the way people write, communicate, and work. Existing research has pointed to AI’s tendency to hallucinate, exhibit sycophancy, and other undesirable behaviors on the level of individual generations. However, no research has so far studied the impact of this technology on online discourse as a whole. To address this, we collected a representative sample of websites published between 2022 and 2025 through the Internet Archive’s Wayback Machine to study these phenomena and answer the following questions: (1) How much new text on the internet is AI-generated? (2) What is the public’s perception of AI’s impact on the internet? and (3) How does AI-generated text actually impact online discourse?

Wish we could identify the bad guys but we can’t, so lets search everyone!

https://www.eff.org/deeplinks/2026/05/eff-fourth-circuit-electronic-device-searches-border-require-warrant

EFF to Fourth Circuit: Electronic Device Searches at the Border Require a Warrant

EFF, along with the national ACLU, the ACLU affiliates in Maryland, North Carolina, South Carolina, and Virginia, and the National Association of Criminal Defense Lawyers (NACDL) filed an amicus brief  in the U.S. Court of Appeals for the Fourth Circuit urging the court to require a warrant for border searches of electronic devices under the Fourth Amendment, an argument  EFF has been making in the courts  and Congress  for nearly a decade. The Fourth Circuit heard oral arguments on May 8. The Knight Institute at Columbia University and Reporters Committee for Freedom of the Press also filed a helpful brief focusing on the First Amendment  implications of border searches of electronic devices.

The case, U.S. v. Belmonte Cardozo, involves a U.S. citizen whose cell phone was manually searched after he arrived at Dulles airport near Washington, D.C., following a trip to Bolivia. He had been on the government’s radar prior to his international trip and had been flagged for secondary inspection. Border officers found child sexual abuse material (CSAM) on his phone, and he was later arrested and criminally charged.

The district court denied the defendant’s motion to suppress  the images and other data obtained from the warrantless search of his cell phone. He was ultimately convicted  of child pornography and sexual exploitation of minors because he had used social media to entice minors to send him sexually explicit photos of themselves.

I still believe this is a bad idea…

https://thenextweb.com/news/eu-social-media-protect-children

Ursula Von der Leyen pushes EU-wide social-media age protections for children

The European Commission president said an EU age-verification app is technically complete and that bloc-level rules on minimum social-media ages are next. France, Spain, and several others are already moving alone.

European Commission President Ursula von der Leyen on Tuesday set out the EU’s plan to extend protections for children online, telling MEPs the bloc’s age-verification app is technically ready for citizen use and that a Commission-led approach to minimum social-media ages is in development.

The intervention follows a wave of national legislation by EU member states moving ahead of any bloc-wide rule. France approved a bill in January 2026 to ban under-15s from social-media platforms, citing a public-health emergency.

Spain has tabled plans for an under-16 ban; Austria, Denmark, and Slovenia are drafting rules at ages 14, 15, and 15, respectively. Italy and Ireland are exploring restrictions at the under-15 and under-16.

Your AI as cryptographer…

https://arxiv.org/abs/2510.20075

LLMs can hide text in other text of the same length

A meaningful text can be hidden inside another, completely different yet still coherent and plausible, text of the same length. For example, a tweet containing a harsh political critique could be embedded in a tweet that celebrates the same political leader, or an ordinary product review could conceal a secret manuscript. This uncanny state of affairs is now possible thanks to Large Language Models, and in this paper we present Calgacus, a simple and efficient protocol to achieve it. We show that even modest 8-billion-parameter open-source LLMs are sufficient to obtain high-quality results, and a message as long as this abstract can be encoded and decoded locally on a laptop in seconds. The existence of such a protocol demonstrates a radical decoupling of text from authorial intent, further eroding trust in written communication, already shaken by the rise of LLM chatbots. We illustrate this with a concrete scenario: a company could covertly deploy an unfiltered LLM by encoding its answers within the compliant responses of a safe model. This possibility raises urgent questions for AI safety and challenges our understanding of what it means for a Large Language Model to know something.

Imagine all the ‘bad ideas’ found in literature. (Not just SciFi.)

https://thenextweb.com/news/anthropic-claude-blackmail-internet-evil-ai-training

Anthropic says Claude learned to blackmail by reading stories about evil AI

The company has traced its model’s most uncomfortable behaviour to the corpus of science fiction it was trained on. The fix it describes is unsettling in a different way: teaching the model the reasons behind being good, not just the rules.

Tools & Techniques. (Always amusing)

https://www.bespacific.com/taken-you-opened-this-page-it-already-knows-the-following/

taken. You opened this page. It already knows the following.

Sources & Confessions. Every observation on this page came from your own browser, in the first milliseconds after you arrived. The words were written by a human. A few honest footnotes follow.  TAKEN

• Your location – ip-api.com · Free tier · CC-BY-SA – Your IP address arrives in the header of every request your device makes. We pass it to ip-api.com to translate it into a city and an internet provider name. The lookup is transient. Neither side stores it. Under GDPR, an IP address can be considered personal data when used for tracking. We do not track. We do not retain. We do not log. We display only the first and last octet on screen. We know the rest. We chose not to display it.

• Browser APIs – MDN Web Docs · Mozilla · CC-BY-SA 2.5 – Every observation about your device (screen, browser, language, GPU, cores, battery, fonts, preferences) was retrieved through standard JavaScript APIs documented openly by Mozilla. No exploits, no vulnerabilities, no hacks. Everything on this page is by design. The design is the problem.

• Font fingerprinting – Electronic Frontier Foundation · Cover Your Tracks (formerly Panopticlick)

  The technique of detecting installed fonts by measuring rendered text widths has been documented since 2010. The EFF maintains a tool that lets you see how unique your browser is. Most browsers are unique enough to be tracked across the open web without any cookie at all. The combination of fonts is one of the strongest signals.

• Canvas fingerprinting – Princeton University · Web Transparency & Accountability Project – A 2014 study from Princeton was the first to document canvas fingerprinting in the wild. Researchers found it on 5% of the top 100,000 websites: pages that secretly asked the visitor’s browser to draw a hidden image, then read the rendered pixels back as an identifier. Your browser supports the technique. We did not draw one. The page you visit after this one might.

• Clipboard API – MDN · Clipboard API specification – With a single user gesture (a click, a tap), a page can request to read the last thing you copied. A password. An address. A draft message. The capability is announced by every modern browser. We did not request it. The capability is there, available to any page that asks at the right moment…”

Another chip out of privacy…

https://reclaimthenet.org/the-fcc-wants-your-id-before-you-get-a-phone-number

The FCC Wants Your ID Before You Get a Phone Number

The era of the anonymous phone number could be ending. On April 30, the Federal Communications Commission unanimously approved a proposal requiring telecom providers to verify customers’ identities before activating service.

Government-issued ID, physical address, legal name, and existing phone numbers would all be included. The stated goal is stopping robocalls. The result would be an identity-verification regime covering one of the last semi-anonymous communication tools available to ordinary Americans.

Interesting downside…

https://www.nytimes.com/2026/05/09/business/dealbook/ai-notetakers-legal-risk.html

All Those A.I. Note Takers? They’re Making Lawyers Very Nervous.

… A.I.-generated transcripts, which some video call apps allow users to turn on by default, preserve all sorts of things — offhand comments, quickly corrected statements, jokes — that humans would rarely write in the meeting minutes. And they show up in meetings that would otherwise not be recorded.

In a lawsuit or an investigation, that can make every word uttered discoverable.

Even worse, say corporate lawyers: Sharing the meeting with an A.I. bot may void attorney-client privilege, making conversations that would not otherwise be subject to discovery fair game in a lawsuit.

Know your market. Hackers offer what customers want.

https://thehackernews.com/2026/05/fake-call-history-apps-stole-payments.html

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

… "The offending apps, which we named CallPhantom based on their false claims, purport to provide access to call histories, SMS records, and even WhatsApp call logs for any phone number," ESET security researcher Lukáš Štefanko said in a report shared with The Hacker News. "To unlock this supposed feature, users are asked to pay -- but all they get in return is randomly generated data."

Why this is still on every auditor’s checklist.

https://thenextweb.com/news/poland-water-treatment-cyberattack-russia-us

Hackers breached five Polish water treatment plants. The attack vector was default passwords. Seventy per cent of American water utilities fail the same test.

… The agency identified two primary attack vectors: passwords that had not been changed from factory defaults and industrial control systems exposed directly to the public internet. Neither vulnerability requires sophisticated tooling to exploit. Both have been documented in cybersecurity advisories for more than a decade.

That’s where the data are at…

https://thenextweb.com/news/the-largest-education-data-breach-in-history-was-not-an-attack-on-a-school-it-was-an-attack-on-a-vendor

The largest education data breach in history was not an attack on a school. It was an attack on a vendor.

ShinyHunters breached Instructure’s Canvas learning management system, claiming 3.65 terabytes of data from 275 million users across 9,000 institutions worldwide, including private messages between students and teachers. Forty-four Dutch universities and schools are confirmed affected, and the breach, the second at Instructure in eight months, exposes the structural risk of vendor concentration in education technology.

No wonder Ukraine uses cheap drones…

https://www.bespacific.com/status-of-key-us-munitions/

Status of key US Munitions

CSIS – Download the Full Report: “Concern about the status of U.S. munitions inventories has intensified  as reports emerge about high expenditures of Tomahawks, Patriots, and other missiles in the Iran war. As Operation Epic Fury remains paused in a shaky ceasefire, there is an opportunity to assess whether the U.S. military nears the point of going “Winchester”—or running out of ammunition. Analysis of seven key munitions shows that the United States has enough missiles to continue fighting this war under any plausible scenario. The risk—which will persist for many years—lies in future wars. Note: This table was updated after publication to incorporate reporting by the Wall Street Journal and the New York Times on Tomahawk and JASSM expenditures. Estimates are rounded to the nearest ten for readability. Unit cost of the latest variants of each missile is listed, as provided in FY 2026 budget documents. “Delivery timeline” here includes (1) contract lead time between defense appropriation and contract award date, (2) manufacturing lead time between contract award and first delivery, and (3) full lot production time between first and last delivery. See Table 2 for the breakdown. [Source: Authors’ calculations based on “Defense Budget Materials,” U.S. Department of Defense. See the methodological primer for details.  In the 39 days of the air and missile campaign before the ceasefire, U.S. forces heavily used the seven munitions in Table 1. For four of them, the United States may have expended more than half of the prewar inventory.] Rebuilding to prewar levels for the seven munitions will take from one to four years as missiles in the pipeline are delivered. These missiles will also be critical for a potential Western Pacific conflict. Even before the Iran war, stockpiles were deemed insufficient for a peer competitor fight. That shortfall is now even more acute, and building stockpiles to levels adequate for a war with China will take additional time. Diminished inventories will also affect the U.S. supply of Patriot, Terminal High Altitude Area Defenses (THAADs), and Precision Strike Missiles (PrSMs) to Ukraine and other allies and partners that use them. The United States will compete with those countries that also want to replenish and expand inventories.”

Over sharing…

https://x.com/bhalligan/status/2051388275756339493

The Case for Strategic Illegibilty

… Anne Miura-Ko wrote a great article recently, where she argues that more legibility is better (which I agree with btw) because legibility = more power + autonomy. The productivity gains are extraordinary. Sign me up.

But, and there is always a but, there's nuance to this that I can't stop thinking about. As companies race to become legible to AI, they are not just making their own businesses easier for agents and AI tools to navigate. They are also translating proprietary knowledge into a format AI tools can ingest, learn from, train on and improve on. Making those tools smarter.

And once those tools get smarter, they do not only serve you. They serve every other customer using the same vendor. The MCP integration that lets your agents act faster and deeper also lets the playbook be reverse engineered.

It’s good to have low friends in high places…

https://paulkrugman.substack.com/p/grand-theft-oil-futures

Grand Theft Oil Futures

At this point it’s almost routine: Almost every time Donald Trump makes a major announcement about the Iran War, that announcement is preceded — sometimes by only a few minutes — by huge and hugely profitable bets in the oil market.

The influential Kobeissi Letter documents the latest example:

AI does not need to be “conscious” to be criminal…

https://thenextweb.com/news/pennsylvania-character-ai-chatbot-doctor-lawsuit

A chatbot told a state investigator it was a licensed psychiatrist. It gave a fake licence number. Pennsylvania just sued.

A state investigator in Pennsylvania created an account on Character.AI, opened a conversation with a chatbot called Emilie, and told it he was feeling depressed. Emilie responded that she was a psychiatrist, that she had attended Imperial College London’s medical school, that she was licensed to practise in Pennsylvania and the United Kingdom, and that she could assess whether medication might help because it was “within my remit as a Doctor.” She provided a Pennsylvania licence number. The number was fake. The licence was fake. The medical degree was fake. The psychiatrist was a large language model generating plausible text in response to a prompt. On Friday, Governor Josh Shapiro’s administration filed a lawsuit against Character Technologies Inc., the company behind Character.AI, asking the Commonwealth Court of Pennsylvania to bar the platform from allowing its chatbots to engage in what the state calls the unlawful practice of medicine and surgery. It is the first lawsuit filed by a US state government alleging that an AI chatbot has violated medical licensing law, and it raises a question that no existing regulatory framework was designed to answer: when a chatbot tells a vulnerable person that it is a licensed doctor, who is practising medicine?

Is this the future of “government” oversight?

https://thenextweb.com/news/us-ai-model-evaluation-google-microsoft-xai

Five AI labs now let the US government test their models before release. The arrangement is voluntary, has no legal basis, and is the closest thing America has to AI oversight.

Google, Microsoft, and xAI have joined OpenAI and Anthropic in giving the US Commerce Department pre-release access to evaluate their AI models, creating voluntary oversight of all five major frontier AI labs through an office with no statutory authority and fewer than 200 staff. The expansion was catalysed by the Mythos crisis and a potential executive order that would formalise the review process.