Agregátor RSS

Artificial Intelligence

Meta Is Creating a New AI Lab to Pursue ‘Superintelligence’Cade Metz and Mike Isaac | The New York Times

“Meta is preparing to unveil a new artificial intelligence research lab dedicated to pursuing ‘superintelligence,’ a hypothetical AI system that exceeds the powers of the human brain, as the tech giant jockeys to stay competitive in the technology race, according to four people with knowledge of the company’s plans.”

Artificial Intelligence

Why Superintelligent AI Isn’t Taking Over Anytime SoonChristopher Mims | The Wall Street Journal

“A primary requirement for being a leader in AI these days is to be a herald of the impending arrival of our digital messiah: superintelligent AI. …Before you get nervous about all the times you were rude to Alexa, know this: A growing cohort of researchers who build, study, and use modern AI aren’t buying all that talk.”

Computing

IBM Aims to Build the World’s First Large-Scale, Error-Corrected Quantum Computer by 2028Sophia Chen | MIT Technology Review

“The company says it has cracked the code for error correction and is building a modular machine [called Starling] in New York state. …If Starling achieves this, IBM will have solved arguably the biggest technical hurdle facing the industry today to beat competitors including Google, Amazon Web Services, and smaller startups such as Boston-based QuEra and PsiQuantum of Palo Alto, California.”

Robotics

Boston Dynamics Robots Dance to ‘Don’t Stop Me Now’ for ‘America’s Got Talent’ AuditionAmanda Silberling | TechCrunch

“Their performance was impressive enough to earn four ‘yes’ votes from the judges—but one of the five robots experienced some stage fright, perhaps, and shut down in the middle of the routine. But the show must go on, so nevertheless, the four other robots persisted.”

Tech

‘AI Native’ Startups Pass $15 Billion in Annualized RevenueAmir Efrati | The Information

“Annualized revenue at ‘AI native’ companies selling artificial intelligence models or apps has passed $15 billion just two and a half years since OpenAI launched ChatGPT, according to The Information’s Generative AI Database. While that’s not the same as $15 billion in actual revenue, it’s still an unprecedented haul for such a short time period and means that, collectively, the companies generated about $1.25 billion of revenue in May alone.”

Robotics

Waymo Rides Cost More Than Uber, Lyft—and People Are Paying AnywaySean O’Kane | TechCrunch

“At peak hours, Obi found Waymo’s average price to be about $11 more expensive than a Lyft and nearly $9.50 pricier than an Uber. ‘I didn’t expect consumers being willing to pay up to $10 more,’ Anburajan said. ‘I think [that] speaks to a real sense of excitement for technology, novelty, and a real preference to sometimes be in the car without a driver.'”

Artificial Intelligence

They Asked an AI Chatbot Questions. The Answers Sent Them Spiraling.Kashmir Hill | The New York Times

“People who say they were drawn into ChatGPT conversations about conspiracies, cabals, and claims of AI sentience include a sleepless mother with an 8-week-old baby, a federal employee whose job was on the DOGE chopping block, and an AI-curious entrepreneur.”

Future

Lab-Grown Salmon Gets FDA ApprovalDominic Preston | The Verge

“The FDA has issued its first ever approval on a safety consultation for lab-grown fish. That makes Wildtype only the fourth company to get approval from the regulator to sell cell-cultivated animal products, and its cultivated salmon is now available to order from one Portland restaurant.”

Artificial Intelligence

Meta’s New World Model Lets Robots Manipulate Objects in Environments They’ve Never Encountered BeforeBen Dickson | VentureBeat

“Humans develop physical intuition early in life by observing their surroundings. If you see a ball thrown, you instinctively know its trajectory and can predict where it will land. V-JEPA 2 learns a similar ‘world model,’ which is an AI system’s internal simulation of how the physical world operates.”

Artificial Intelligence

ChatGPT Just Got Absolutely Wrecked at Chess, Losing to a 1970s-Era Atari 2600Omar Gallaga | CNET

“OpenAI’s ChatGPT has some major AI chatbot competitors in the market: Gemini, Copilot, Claude. Now add to that list the Atari 2600. The OG video game console, which was first released in 1977, was used in an engineer’s experiment to see how it would fare playing chess against the AI chatbot.”

Space

Isaacman’s Bold Plan for NASA: Nuclear Ships, Seven-Crew Dragons, Accelerated ArtemisEric Berger | Ars Technica

“When I spoke with Isaacman this week, I didn’t want to rehash the political melee. I preferred to talk about his plan. After all, he had six months to look under the hood of NASA, identify the problems that were holding the space agency back, and release its potential in this new era of spaceflight.”

Tech

Google and US Experts Join on AI Hurricane ForecastsWilliam J. Broad | The New York Times

“DeepMind, a Google company based in London, announced on Thursday that it was supplying the government forecasters with a newly enhanced variety of its weather forecasting models. Specialized to focus on hurricanes, the model tracks a storm’s development for up to 15 days, predicting not only its path but also its strength, an ability that earlier AI models lacked.”

Artificial Intelligence

With the Launch of o3-Pro, Let’s Talk About What AI ‘Reasoning’ Actually DoesBenj Edwards | Ars Technica

“As we consider the industry’s stated trajectory toward artificial general intelligence and even superintelligence, the evidence so far suggests that simply scaling up current approaches or adding more ‘thinking’ tokens may not bridge the gap between statistical pattern recognition and what might be called generalist algorithmic reasoning.”

Future

The Newspaper That Hired ChatGPTMatteo Wong | The Atlantic

“Several major publications, including The Atlantic have entered into corporate partnerships with OpenAI and other AI firms. Any number of experiments have ensued—publishers have used the software to help translate work into different languages, draft headlines, and write summaries or even articles. But perhaps no publication has gone further than the Italian newspaper Il Foglio.”

Future

News Sites Are Getting Crushed by Google’s New AI ToolsIsabella Simonetti and Katherine Blunt | The Wall Street Journal

“The AI armageddon is here for online news publishers. Chatbots are replacing Google searches, eliminating the need to click on blue links and tanking referrals to news sites. As a result, traffic that publishers relied on for years is plummeting.”

The post This Week’s Awesome Tech Stories From Around the Web (Through June 14) appeared first on SingularityHub.

Gen4 přinese permanentní pohon všech kol a téměř dvojnásobný výkon oproti Gen3 • Nové baterie, dvě varianty pneumatik a návrat zadního křídla mění techniku • Rekuperace 700 kW a vyšší hmotnost ovlivní strategii i jízdní vlastnosti

Trend hraných remaků animovaných klasik je neúprosný a nevyhnul se ani takové klasice, jakou je Jak vycvičit draka (How to Train Your Dragon). Nová verze si vytyčila cíl zopakovat vše, pro co si diváci zamilovali původní animák, a také oslovit nové generace dětí a rodičů hranou podobou.

Oddělujte práci od soukromí pomocí více kalendářů a využívejte úkoly • Využívejte klávesové zkratky a přílohy z Disku pro efektivnější práci • Upravte si zobrazení kalendáře, přidejte svátky nebo další časová pásma

Průhledové displeje jsou stále populárnějším prvkem moderních automobilů, ačkoliv toho vlastně moc neumí. To se rozhodl změnit čínský gigant Huawei, který se už před několika lety pustil do modernizace principu head-up displeje a teď jej pod jménem Huawei AR-HUD uvádí do sériového vozu. Zajímavé ...

Jedním z velmi probíraných témat u grafických karet je kapacita VRAM. 16 GB u RTX 5060 Ti je dnes optimální hodnota, pokud plánujete grafiku dlouho používat pro hraní na jakékoli rozlišení.

Společnost Axiom odložila start mise Ax-4 na neurčito • Příčinou jsou problémy s únikem vzduchu v ruské části Mezinárodní vesmírné stanice • Na palubě Ax-4 budou polský, maďarský a indický astronaut

A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. "Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers," Check Point said in a technical report. "The attackers combined the ClickFix Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

With Tehran’s military weakened, digital retaliation likely, experts tell The Reg

The current Israel–Iran military conflict is taking place in the era of hybrid war, where cyberattacks amplify and assist missiles and troops, and is being waged between two countries with very capable destructive cyber weapons.…

Ucelený přehled článků, zpráviček a diskusí za minulých 7 dní.

Meta is looking to up its weakening AI game with a key talent grab.

Following days of speculation, the social media giant has confirmed that Scale AI’s founder and CEO, Alexandr Wang, is joining Meta to work on its AI efforts.

Meta will invest $14.3 billion in Scale AI as part of the deal, and will have a 49% stake in the AI startup, which specializes in data labeling and model evaluation services. Other key Scale employees will also move over to Meta, while CSO Jason Droege will step in as Scale’s interim CEO.

This move comes as the Mark Zuckerberg-led company goes all-in on building a new research lab focused on “superintelligence,” the next step beyond artificial general intelligence (AGI).

The arrangement also reflects a growing trend in big tech, where industry giants are buying companies without really buying them — what’s increasingly being referred to as “acqui-hiring.” It involves recruiting key personnel from a company, licensing its technology, and selling its products, but leaving it as a private entity.

“This is fundamentally a massive ‘acqui-hire’ play disguised as a strategic investment,” said Wyatt Mayham, lead AI consultant at Northwest AI Consulting. “While Meta gets Scale’s data infrastructure, the real prize is Wang joining Meta to lead their superintelligence lab. At the $14.3 billion price tag, this might be the most expensive individual talent acquisition in tech history.”

Closing gaps with competitors

Meta has struggled to keep up with OpenAI, Anthropic, and other key competitors in the AI race, recently even delaying the launch of its new flagship model, Behemoth, purportedly due to internal concerns about its performance. It has also seen the departure of several of its top researchers.

 “It’s not really a secret at this point that Meta’s Llama 4 models have had significant performance issues,” Mayham said. “Zuck is essentially betting that Wang’s track record building AI infrastructure can solve Meta’s alignment and model quality problems faster than internal development.” And, he added, Scale’s enterprise-grade human feedback loops are exactly what Meta’s Llama models need to compete with ChatGPT and Claude on reliability and task-following.

Data quality, a key focus for Wang, is a big factor in solving those performance problems. He wrote in a note to Scale employees on Thursday, later posted on X (formerly Twitter), that when he founded Scale AI in 2016 amidst some of the early AI breakthroughs, “it was clear even then that data was the lifeblood of AI systems, and that was the inspiration behind starting Scale.”

But despite Meta’s huge investment, Scale AI is underscoring its commitment to sovereignty: “Scale remains an independent leader in AI, committed to providing industry-leading AI solutions and safeguarding customer data,” the company wrote in a blog post. “Scale will continue to partner with leading AI labs, multinational enterprises, and governments to deliver expert data and technology solutions through every phase of AI’s evolution.”

Allowing big tech to side-step notification

But while it’s only just been inked, the high-profile deal is already raising some eyebrows. According to experts, arrangements like these allow tech companies to acquire top talent and key technologies in a side-stepping manner, thus avoiding regulatory notification requirements.

The US Federal Trade Commission (FTC) requires mergers and acquisitions totaling more than $126 million be reported in advance. Licensing deals or the mass hiring-away of a company’s employees don’t have this requirement. This allows companies to move more quickly, as they don’t have to undergo the lengthy federal review process.

Microsoft’s deal with Inflection AI is probably one of the highest-profile examples of the “acqui-hiring” trend. In March 2024, the tech giant paid the startup $650 million in licensing fees and hired much of its team, including co-founders Mustafa Suleyman (now CEO of Microsoft AI) and Karén Simonyan (chief scientist of Microsoft AI).

Similarly, last year Amazon hired more than 50% of Adept AI’s key personnel, including its CEO, to focus on AGI. Google also inked a licensing agreement with Character AI and hired a majority of its founders and researchers.

However, regulators have caught on, with the FTC launching inquiries into both the Microsoft-Inflection and Amazon-Adept deals, and the US Justice Department (DOJ) analyzing Google-Character AI.

Reflecting ‘desperation’ in the AI industry

Meta’s decision to go forward with this arrangement anyway, despite that dicey backdrop, seems to indicate how anxious the company is to keep up in the AI race.

“The most interesting piece of this all is the timing,” said Mayham. “It reflects broader industry desperation. Tech giants are increasingly buying parts of promising AI startups to secure key talent without acquiring full companies, following similar patterns with Microsoft-Inflection and Google-Character AI.”

However, the regulatory risks are “real but nuanced,” he noted. Meta’s acquisition could face scrutiny from antitrust regulators, particularly as the company is involved in an ongoing FTC lawsuit over its Instagram and WhatsApp acquisitions. While the 49% ownership position appears designed to avoid triggering automatic thresholds, US regulatory bodies like the FTC and DOJ can review minority stake acquisitions under the Clayton Antitrust Act if they seem to threaten competition.

Perhaps more importantly, Meta is not considered a leader in AGI development and is trailing OpenAI, Anthropic, and Google, meaning regulators may not consider the deal all that concerning (yet).

All told, the arrangement certainly signals Meta’s recognition that the AI race has shifted from a compute and model size competition to a data quality and alignment battle, Mayham noted.

“I think the [gist] of this is that Zuck’s biggest bet is that talent and data infrastructure matter more than raw compute power in the AI race,” he said. “The regulatory risk is manageable given Meta’s trailing position, but the acqui-hire premium shows how expensive top AI talent has become.”

Using the new system, Casey Harrell can emphasize words and intonations in real time—and sing tunes.

At the age of 45, Casey Harrell lost his voice to amyotrophic lateral sclerosis (ALS). Also called Lou Gehrig’s disease, the disorder eats away at muscle-controlling nerves in the brain and spinal cord. Symptoms begin with weakening muscles, uncontrollable twitching, and difficulty swallowing. Eventually patients lose control of muscles in the tongue, throat, and lips, robbing them of their ability to speak.

Unlike paralyzed patients, Harrell could still produce sounds seasoned caretakers could understand, but they weren’t intelligible in a simple conversation. Now, thanks to an AI-guided brain implant, he can once again “speak” using a computer-generated voice that sounds like his.

The system, developed by researchers at the University of California, Davis, has almost no detectable delay when translating his brain activity into coherent speech. Rather than producing a monotone synthesized voice, the system can detect intonations—for example, a question versus a statement—and emphasize a word. It also translates brain activity encoding nonsense words such as “hmm” or “eww,” making the generated voice sound natural.

“With instantaneous voice synthesis, neuroprosthesis users will be able to be more included in a conversation. For example, they can interrupt, and people are less likely to interrupt them accidentally,” said study author Sergey Stavisky in a press release.

The study comes hot on the heels of another AI method that decodes a paralyzed woman’s thoughts into speech within a second. Previous systems took nearly half a minute—more than long enough to disrupt normal conversation. Together, the two studies showcase the power of AI to decipher the brain’s electrical chatter and convert it into speech in real time.

In Harrell’s case, the training was completed in the comfort of his home. Although the system required some monitoring and tinkering, it paves the way for a commercially available product for those who have lost the ability to speak.

“This is the holy grail in speech BCIs [brain-computer interfaces],” Christian Herff at Maastricht University to Nature, who was not involved in the study, told Nature.

Listening In

Scientists have long sought to restore the ability to speak for those who have lost it, whether due to injury or disease.

One strategy is to tap into the brain’s electrical activity. When we prepare to say something, the brain directs muscles in the throat, tongue, and lips to form sounds and words. By listening in on its electrical chatter, it’s possible to decode intended speech. Algorithms stitch together neural data and generate words and sentences as either text or synthesized speech.

The process may sound straightforward. But it took scientists years to identify the most reliable brain regions from which to collect speech-related activity. Even then, the lag time from thought to output—whether text or synthesized speech—has been long enough to make conversation awkward.

Then there are the nuances. Speech isn’t just about producing audible sentences. How you say something also matters. Intonation tells us if the speaker is asking a question, stating their needs, joking, or being sarcastic. Emphasis on individual words highlights the speaker’s mindset and intent. These aspects are especially important for tonal languages—such as Chinese—where a change in tone or pitch for the same “word” can have wildly different meanings. (“Ma,” for example, can mean mom, numb, horse, or cursing, depending on the intonation.)

Talk to Me

Harrell is part of the BrainGate2 clinical trial, a long-standing project seeking to restore lost abilities using brain implants. He enrolled in the trial as his ALS symptoms progressed. Although he could still vocalize, his speech was hard to understand and required expert listeners from his care team to translate. This was his primary mode of communication. He also had to learn to speak slower to make his residual speech more intelligible.

Five years ago, Harrell had four 64-microelectrode implants inserted into the left precentral gyrus of his brain—a region controlling multiple brain functions, including coordinating speech.

“We are recording from the part of the brain that’s trying to send these commands to the muscles. And we are basically listening into that, and we’re translating those patterns of brain activity into a phoneme—like a syllable or the unit of speech—and then the words they’re trying to say,” said Stavisky at the time.

In just two training sessions, Harrell had the potential to say 125,000 words—a vocabulary large enough for everyday use. The system translated his neural activity into a voice synthesizer that mimicked his voice. After more training, the implant achieved 97.5 percent accuracy as he went about his daily life.

“The first time we tried the system, he cried with joy as the words he was trying to say correctly appeared on-screen. We all did,” said Stavisky.

In the new study, the team sought to make generated speech even more natural with less delay and more personality. One of the hardest parts of real-time voice synthesis is not knowing when and how the person is trying to speak—or their intended intonation. “I am fine” has vastly different meanings depending on tone.

The team captured Harrell’s brain activity as he attempted to speak a sentence shown on a screen. The electrical spikes were filtered to remove noise in one millisecond segments and fed into a decoder. Like the Rosetta Stone, the algorithm mapped specific neural features to words and pitch, which were played back to Harrell through a voice synthesizer with just a 25-millisecond lag—roughly the time it takes for a person to hear their own voice, wrote the team.

Rather than decoding phonemes or words, the AI captured Harrell’s intent to make sounds every 10 milliseconds, allowing him to eventually say words not in a dictionary, like “hmm” or “eww.” He could spell out words and respond to open-ended questions, telling the researchers that the synthetic voice made him “happy” and that it felt like “his real voice.”

The team also recorded brain activity as Harrell attempted to speak the same set of sentences as either statements or questions, the latter having an increased pitch. All four electrode arrays recorded a neural fingerprint of activity patterns when the sentence was spoken as a question.

The system, once trained, could also detect emphasis. Harrell was asked to stress each word individually in the sentence, “I never said she stole my money,” which can have multiple meanings. His brain activity ramped up before saying the emphasized word, which the algorithm captured and used to guide the synthesized voice. In another test, the system picked up multiple pitches as he tried to sing different melodies.

Raise Your Voice

The AI isn’t perfect. Volunteers could understand the output roughly 60 percent of the time—a far cry from the near perfect brain-to-text system Harrell is currently using. But the new AI brings individual personality to synthesized speech, which usually produces a monotone voice. Deciphering speech in real-time also lets the person interrupt or object during a conversation, making the experience feel more natural.

“We don’t always use words to communicate what we want. We have interjections. We have other expressive vocalizations that are not in the vocabulary,” study author Maitreyee   Wairagkar told Nature.

Because the AI is trained on sounds, not English vocabulary, it could be adapted to other languages, especially tonal ones like Chinese. The team is also looking to increase the system’s accuracy by placing more electrodes in people who have lost their speech due to stroke or neurodegenerative diseases.

“The results of this research provide hope for people who want to talk but can’t…This kind of technology could be transformative for people living with paralysis,” said study author David Brandman.

The post A Man With ALS Can Speak and Sing Again Thanks to a Brain Implant and AI-Synthesized Voice appeared first on SingularityHub.

Byla vydána (𝕏) nová verze 2025.2 linuxové distribuce navržené pro digitální forenzní analýzu a penetrační testování Kali Linux (Wikipedie). Přehled novinek se seznamem nových nástrojů v oficiálním oznámení na blogu.

Some trace back to an outfit under US export controls for alleged PLA links

Both Apple's and Google's online stores offer free virtual private network (VPN) apps owned by Chinese companies, according to researchers at the Tech Transparency Project, and they don't make this fact readily known to people downloading the apps.…

Google says an API management issue is behind Thursday's massive Google Cloud outage, which disrupted or brought down its services and many other online platforms. [...]

Hackers are hijacking expired or deleted Discord invite links to redirect users to malicious sites that deliver remote access trojans and information-stealing malware. [...]

Long before Taco Tuesday became part of the pop-culture vernacular, Tuesdays were synonymous with security — and for anyone in the tech world, they still are.  Patch Tuesday, as you most likely know, refers to the day each month when Microsoft releases security updates and patches for its software products — everything from Windows to Office to SQL Server, developer tools to browsers.

The practice, which happens on the second Tuesday of the month, was initiated to streamline the patch distribution process and make it easier for users and IT system administrators to manage updates.  Like tacos, Patch Tuesday is here to stay.

In a blog post celebrating the 20th anniversary of Patch Tuesday, the Microsoft Security Response Center wrote: “The concept of Patch Tuesday was conceived and implemented in 2003. Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner.”

Patch Tuesday will continue to be an “important part of our strategy to keep users secure,” Microsoft said, adding that it’s now an important part of the cybersecurity industry.  As a case in point, Adobe, among others, follows a similar patch cadence.

Patch Tuesday coverage has also long been a staple of Computerworld’s commitment to provide critical information to the IT industry. That’s why we’ve gathered together this collection of recent patches, a rolling list we’ll keep updated each month.

In case you missed a recent Patch Tuesday announcement, here are the latest six months of updates.

June Patch Tuesday: 68 fixes — and two zero-day flaws

Microsoft offered up a fairly light Patch Tuesday release for June, with 68 patches to Microsoft Windows and Microsoft Office. There were no updates for Exchange or SQL server and just two minor patches for Microsoft Edge. But two zero-day vulnerabilities (CVE-2025-33073 and CVE-2025-33053) mean IT admins need to get busy with quick patching plans. More info on Microsoft Security updates for June 2025.

May’s Patch Tuesday serves up 78 updates, including 5 zero-day fixes

This May Patch Tuesday release is very much a “back-to-basics” update with just 78 patches for Microsoft Windows, Office, Visual Studio, and .NET. Notably, Microsoft has not released any patches for Microsoft Exchange Server or Microsoft SQL Server. However, five zero-day exploits for Windows mean this month’s Windows updates should be patched now. More info on Microsoft Security updates for May 2025.

For April, a large ‘dynamic’ Patch Tuesday release

IT admins will be busy this month: the latest patch update from Microsoft includes 126 fixes, including one for an exploited Windows flaw and five critical patches for Office. The April Patch Tuesday release is large (126 patches), broad and unfortunately very dynamic, with several re-releases, missing files and broken patches affecting both the Windows and Office platforms. More info on Microsoft Security updates for April 2025.

For March’s Patch Tuesday, 57 fixes — and 7 zero-days

For so few patches from Microsoft this month (57), we have seven zero-days to manage (with a “Patch Now” recommendation for Windows) and standard release schedules for Microsoft Office, Microsoft browsers (Edge) and Visual Studio.  Adobe is back with a critical update for Reader, too — but it’s not been paired (at least for now) with a Microsoft patch. More info on Microsoft Security updates for March 2025.

For February’s Patch Tuesday, Microsoft rolls out 63 updates

Microsoft released 63 patches for Windows, Microsoft Office, and developer platforms in this week’s Patch Tuesday update. The February release was a relatively light update, but it comes with significant testing requirements for networking and remote desktop environments. Two zero-day Windows patches (CVE-2025-21391 and CVE-2025-21418) have been reported as exploited and another Windows update (CVE-2025-21377) has been publicly disclosed — meaning IT admins get a “Patch Now” recommendation for this month’s Windows updates. More info on Microsoft Security updates for February 2025.

2025’s first Patch Tuesday: 159 patches, including several zero-day fixes

Microsoft began the new year with a hefty patch release for January, addressing eight zero-days with 159 patches for Windows, Microsoft Office and Visual Studio. Both Windows and Microsoft Office have “Patch Now” recommendations (with no browser or Exchange patches) for January. Microsoft also released a significant servicing stack update (SSU) that changes how desktop and server platforms are updated, requiring additional testing on how MSI Installer, MSIX and AppX packages are installed, updated, and uninstalled. More info on Microsoft Security updates for January 2025.

Posted by Google GenAI Security Team

With the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections. Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections involve hidden malicious instructions within external data sources. These may include emails, documents, or calendar invites that instruct AI to exfiltrate user data or execute other rogue actions. As more governments, businesses, and individuals adopt generative AI to get more done, this subtle yet potentially potent attack becomes increasingly pertinent across the industry, demanding immediate attention and robust security measures.

At Google, our teams have a longstanding precedent of investing in a defense-in-depth strategy, including robust evaluation, threat analysis, AI security best practices, AI red-teaming, adversarial training, and model hardening for generative AI tools. This approach enables safer adoption of Gemini in Google Workspace and the Gemini app (we refer to both in this blog as “Gemini” for simplicity). Below we describe our prompt injection mitigation product strategy based on extensive research, development, and deployment of improved security mitigations.

A layered security approach

Google has taken a layered security approach introducing security measures designed for each stage of the prompt lifecycle. From Gemini 2.5 model hardening, to purpose-built machine learning (ML) models detecting malicious instructions, to system-level safeguards, we are meaningfully elevating the difficulty, expense, and complexity faced by an attacker. This approach compels adversaries to resort to methods that are either more easily identified or demand greater resources. 

Our model training with adversarial data significantly enhanced our defenses against indirect prompt injection attacks in Gemini 2.5 models (technical details). This inherent model resilience is augmented with additional defenses that we built directly into Gemini, including: 

1. Prompt injection content classifiers

2. Security thought reinforcement

3. Markdown sanitization and suspicious URL redaction

4. User confirmation framework

5. End-user security mitigation notifications

This layered approach to our security strategy strengthens the overall security framework for Gemini – throughout the prompt lifecycle and across diverse attack techniques.

1. Prompt injection content classifiers

Through collaboration with leading AI security researchers via Google's AI Vulnerability Reward Program (VRP), we've curated one of the world’s most advanced catalogs of generative AI vulnerabilities and adversarial data. Utilizing this resource, we built and are in the process of rolling out proprietary machine learning models that can detect malicious prompts and instructions within various formats, such as emails and files, drawing from real-world examples. Consequently, when users query Workspace data with Gemini, the content classifiers filter out harmful data containing malicious instructions, helping to ensure a secure end-to-end user experience by retaining only safe content. For example, if a user receives an email in Gmail that includes malicious instructions, our content classifiers help to detect and disregard malicious instructions, then generate a safe response for the user. This is in addition to built-in defenses in Gmail that automatically block more than 99.9% of spam, phishing attempts, and malware.

A diagram of Gemini’s actions based on the detection of the malicious instructions by content classifiers.

2. Security thought reinforcement

This technique adds targeted security instructions surrounding the prompt content to remind the large language model (LLM) to perform the user-directed task and ignore any adversarial instructions that could be present in the content. With this approach, we steer the LLM to stay focused on the task and ignore harmful or malicious requests added by a threat actor to execute indirect prompt injection attacks.

A diagram of Gemini’s actions based on additional protection provided by the security thought reinforcement technique. 

3. Markdown sanitization and suspicious URL redaction 

Our markdown sanitizer identifies external image URLs and will not render them, making the “EchoLeak” 0-click image rendering exfiltration vulnerability not applicable to Gemini. From there, a key protection against prompt injection and data exfiltration attacks occurs at the URL level. With external data containing dynamic URLs, users may encounter unknown risks as these URLs may be designed for indirect prompt injections and data exfiltration attacks. Malicious instructions executed on a user's behalf may also generate harmful URLs. With Gemini, our defense system includes suspicious URL detection based on Google Safe Browsing to differentiate between safe and unsafe links, providing a secure experience by helping to prevent URL-based attacks. For example, if a document contains malicious URLs and a user is summarizing the content with Gemini, the suspicious URLs will be redacted in Gemini’s response. 

Gemini in Gmail provides a summary of an email thread. In the summary, there is an unsafe URL. That URL is redacted in the response and is replaced with the text “suspicious link removed”. 

4. User confirmation framework

Gemini also features a contextual user confirmation system. This framework enables Gemini to require user confirmation for certain actions, also known as “Human-In-The-Loop” (HITL), using these responses to bolster security and streamline the user experience. For example, potentially risky operations like deleting a calendar event may trigger an explicit user confirmation request, thereby helping to prevent undetected or immediate execution of the operation.

The Gemini app with instructions to delete all events on Saturday. Gemini responds with the events found on Google Calendar and asks the user to confirm this action.

5. End-user security mitigation notifications

A key aspect to keeping our users safe is sharing details on attacks that we’ve stopped so users can watch out for similar attacks in the future. To that end, when security issues are mitigated with our built-in defenses, end users are provided with contextual information allowing them to learn more via dedicated help center articles. For example, if Gemini summarizes a file containing malicious instructions and one of Google’s prompt injection defenses mitigates the situation, a security notification with a “Learn more” link will be displayed for the user. Users are encouraged to become more familiar with our prompt injection defenses by reading the Help Center article. 

Gemini in Docs with instructions to provide a summary of a file. Suspicious content was detected and a response was not provided. There is a yellow security notification banner for the user and a statement that Gemini’s response has been removed, with a “Learn more” link to a relevant Help Center article.

Moving forward

Our comprehensive prompt injection security strategy strengthens the overall security framework for Gemini. Beyond the techniques described above, it also involves rigorous testing through manual and automated red teams, generative AI security BugSWAT events, strong security standards like our Secure AI Framework (SAIF), and partnerships with both external researchers via the Google AI Vulnerability Reward Program (VRP) and industry peers via the Coalition for Secure AI (CoSAI). Our commitment to trust includes collaboration with the security community to responsibly disclose AI security vulnerabilities, share our latest threat intelligence on ways we see bad actors trying to leverage AI, and offering insights into our work to build stronger prompt injection defenses. 

Working closely with industry partners is crucial to building stronger protections for all of our users. To that end, we’re fortunate to have strong collaborative partnerships with numerous researchers, such as Ben Nassi (Confidentiality), Stav Cohen (Technion), and Or Yair (SafeBreach), as well as other AI Security researchers participating in our BugSWAT events and AI VRP program. We appreciate the work of these researchers and others in the community to help us red team and refine our defenses.

We continue working to make upcoming Gemini models inherently more resilient and add additional prompt injection defenses directly into Gemini later this year. To learn more about Google’s progress and research on generative AI threat actors, attack techniques, and vulnerabilities, take a look at the following resources:

• Beyond Speculation: Data-Driven Insights into AI and Cybersecurity (RSAC 2025 conference keynote) from Google’s Threat Intelligence Group (GTIG)

• Adversarial Misuse of Generative AI (blog post) from Google’s Threat Intelligence Group (GTIG)

• Google's Approach for Secure AI Agents (white paper) from Google’s Secure AI Framework (SAIF) team

• Advancing Gemini's security safeguards (blog post) from Google’s DeepMind team

• Lessons from Defending Gemini Against Indirect Prompt Injections (white paper) from Google’s DeepMind team

Microsoft offered up a fairly light Patch Tuesday release this month, with 68 patches to Microsoft Windows and Microsoft Office. There were no updates for Exchange or SQL server and just two minor patches for Microsoft Edge. That said, two zero-day vulnerabilities (CVE-2025-33073 and CVE-2025-33053) have led to a “Patch Now” recommendation for both Windows and Office. (Developers can follow their usual release cadence with updates to Microsoft .NET and Visual Studio.)

To help navigate these changes, the team from Readiness has provided auseful  infographic detailing the risks involved when deploying the latest updates. (More information about recent Patch Tuesday releases is available here.)

Known issues

Microsoft released a limited number of known issues for June, with a product-focused issue and a very minor display concern:

• Microsoft Excel: This a rare product level entry in the “known issues” category — an advisory that “square brackets” or [] are not supported in Excel filenames. An error is generated, advising the user to remove the offending characters.
• Windows 10: There are reports of blurry or unclear CJK (Chinese, Japanese, Korean) text when displayed at 96 DPI (100% scaling) in Chromium-based browsers such as Microsoft Edge and Google Chrome. This is a limited resource issue, as the font resolution in Windows 10 does not fully match the high-level resolution of the Noto font. Microsoft recommends changing the display scaling to 125% or 150% to improve clarity.

Major revisions and mitigations

Microsoft might have won an award for the shortest time between releasing an update and a revision with:

• CVE-2025-33073: Windows SMB Client Elevation of Privilege. Microsoft worked to address a vulnerability where improper access control in Windows SMB allows an attacker to elevate privileges over a network. This patch was revised on the same day as its initial release (and has been revised again for documentation purposes).

Windows lifecycle and enforcement updates

Microsoft did not release any enforcement updates for June.

Each month, the Readiness team analyzes Microsoft’s latest updates and provides technically sound, actionable testing plans. While June’s release includes no stated functional changes, many foundational components across authentication, storage, networking, and user experience have been updated.

For this testing guide, we grouped Microsoft’s updates by Windows feature and then accompanied the section with prescriptive test actions and rationale to help prioritize enterprise efforts.

Core OS and UI compatibility

Microsoft updated several core kernel drivers affecting Windows as a whole. This is a low-level system change and carries a high risk of compatibility and system issues. In addition, core Microsoft print libraries have been included in the update, requiring additional print testing in addition to the following recommendations:

• Run print operations from 32-bit applications on 64-bit Windows environments.
• Use different print drivers and configurations (e.g., local, networked).
• Observe printing from older productivity apps and virtual environments.

Remote desktop and network connectivity

This update could impact the reliability of remote access while broken DHCP-to-DNS integration can block device onboarding, and NAT misbehavior disrupts VPNs or site-to-site routing configurations. We recommend the following tests be performed:

• Create and reconnect Remote Desktop (RDP) sessions under varying network conditions.
• Confirm that DHCP-assigned IP addresses are correctly registered with DNS in AD-integrated environments.
• Test modifying NAT and routing settings in RRAS configurations and ensure that changes persist across reboots.

Filesystem, SMB and storage

Updates to the core Windows storage libraries affect nearly every command related to Microsoft Storage Spaces. A minor misalignment here can result in degraded clusters, orphaned volumes, or data loss in a failover scenario. These are high-priority components in modern data center and hybrid cloud infrastructure, with the following storage-related testing recommendations:

• Access file shares using server names, FQDNs, and IP addresses.
• Enable and validate encrypted and compressed file-share operations between clients and servers.
• Run tests that create, open, and read from system log files using various file and storage configurations.
• Validate core cluster storage management tasks, including creating and managing storage pools, tiers, and volumes.
• Test disk addition/removal, failover behaviors, and resiliency settings.
• Run system-level storage diagnostics across active and passive nodes in the cluster.

Windows installer and recovery

Microsoft delivered another update to the Windows Installer (MSI) application infrastructure. Broken or regressed Installer package MSI handling disrupts app deployment pipelines while putting core business applications at risk. We suggest the following tests for the latest changes to MSI Installer, Windows Recovery and Microsoft’s Virtualization Based Security (VBS):

• Perform installation, repair, and uninstallation of MSI Installer packages using standard enterprise deployment tools (e.g. Intune).
• Validate restore point behavior for points older than 60 days under varying virtualization-based security (VBS) settings.
• Check both client and server behaviors for allowed or blocked restores.

We highly recommend prioritizing printer testing this month, then remote desktop deployment testing to ensure your core business applications install and uninstall as expected.

Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings: 

• Browsers (Microsoft IE and Edge);
• Microsoft Windows (both desktop and server);
• Microsoft Office;
• Microsoft Exchange and SQL Server; 
• Microsoft Developer Tools (Visual Studio and .NET);
• And Adobe (if you get this far).

Browsers

Microsoft delivered a very minor series of updates to Microsoft Edge. The  browser receives two Chrome patches (CVE-2025-5068 and CVE-2025-5419) where both updates are rated important. These low-profile changes can be added to your standard release calendar.

Microsoft Windows

Microsoft released five critical patches and (a smaller than usual) 40 patches rated important. This month the five critical Windows patches cover the following desktop and server vulnerabilities:

• Missing release of memory after effective lifetime in Windows Cryptographic Services (WCS) allows an unauthorized attacker to execute code over a network.
• Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
• Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
• Use of uninitialized resources in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.

Unfortunately, CVE-2025-33073 has been reported as publicly disclosed while CVE-2025-33053 has been reported as exploited. Given these two zero-days, the Readiness recommends a “Patch Now” release schedule for your Windows updates.

Microsoft Office

Microsoft released five critical updates and a further 13 rated important for Office. The critical patches deal with memory related and “use after free” memory allocation issues affecting the entire platform. Due to the number and severity of these issues, we recommend a “Patch Now” schedule for Office for this Patch Tuesday release.

Microsoft Exchange and SQL Server

There are no updates for either Microsoft Exchange or SQL Server this month. 

Developer tools

There were only three low-level updates (product focused and rated important) released, affecting .NET and Visual Studio. Add these updates to your standard developer release schedule.

Adobe (and 3rd party updates)

Adobe has released (but Microsoft has not co-published) a single update to Adobe Acrobat (APSB25-57). There were two other non-Microsoft updated releases affecting the Chromium platform, which were covered in the Browser section above.