Agregátor RSS

New technologies rarely leave work untouched. They also rarely eliminate the need for human contribution altogether.

Forecasts of the impact of artificial intelligence range from the apocalyptic to the utopian. An October 2025 report from Senate Democrats, for example, predicted AI will destroy millions of US jobs. A couple of years earlier, consultant company McKinsey forecast AI will add trillions to the global economy, while emphasizing job losses can be mitigated by training workers to do new things.

The problem is that many of these claims are based on projections, overly simplified surveys, or thought experiments rather than observed changes in the economy. That makes it hard for the public, and often policymakers, to know what to trust.

As a labor economist who studies how technology and organizational change affect productivity and well-being, I believe a better place to start is with actual data on output, employment, and wages—which are all looking relatively more hopeful.

AI and Jobs

In one of my new research papers with economist Andrew Johnston, we studied how exposure to generative AI affected industries across America between 2017 and 2024, using administrative data that covers nearly all employers. Our analysis covered a crucial period when generative AI use exploded, allowing us to analyze the effect within businesses and industries.

We measured AI exposure using occupation-level task data matched to each industry and state’s occupational workforce mix prior to the pandemic. A state and industry with more workers in roles requiring language processing, coding, or data tasks scored higher on exposure, for example, compared with one with more plumbers and electricians.

We then took that exposure ranking by occupation and looked at changes in the standard deviation in occupational exposure, comparing that with labor market and GDP across states and industries from 2017 to 2024.

Think of a standard deviation as roughly the gap between a paramedic—whose work centers on physical assessment, emergency response, and hands-on care that AI cannot easily replicate—and a public relations manager, whose work involves drafting communications, analyzing sentiment, and synthesizing information that AI tools handle well. That gap in AI exposure is roughly what we’re measuring when we ask: Does being on the higher-exposure side of that divide change your industry’s trajectory?

This data allowed us to answer two questions: When AI tools became widely available following the public release of ChatGPT in late 2022, did states and industries that were more exposed to generative AI become more productive, and what happened to workers?

Our answers are more encouraging, and more nuanced, than much of the public debate suggests.

We found that industries in states that were more exposed to AI experienced faster productivity growth beginning in 2021—before ChatGPT reached the public—driven by enterprise tools already embedded in professional workflows, including GitHub Copilot for software development, Jasper for marketing and content writing, and Microsoft’s GPT-3-powered business applications. In 2024, for example, industries whose AI exposure was one standard deviation higher saw gains of 10% in productivity, 3.9% in jobs, and 4.8% in wages than comparable industries in the same state.

Those patterns suggest that, at least so far, AI has acted as a productivity-enhancing tool that boosts employment and wages rather than a simple substitute for labor.

Augmentation Versus Displacement

A crucial distinction in the data is between tasks where AI works with people and tasks where AI can act more independently. In sectors where AI mainly complements workers—think marketing, writing, or financial analysis—our data show that employment rose by about 3.6% per standard deviation increase in exposure.

In sectors where AI can execute tasks more autonomously—including basic data processing, generating boilerplate code, or handling standardized customer interactions—we found no significant employment change, though workers in those roles saw slower wage growth.

What these findings suggest is that when AI lowers the cost of completing a task and raises worker productivity, companies expand output enough to increase their demand for labor overall—the same logic that explains why power tools didn’t eliminate construction workers.

The economic question is not whether any given task disappears. It is whether businesses and workers can reorganize fast enough to create new productive combinations. And so far, in most sectors, our evidence suggests they can.

But state policies also matter: These benefits were concentrated in the states with more efficient labor markets, meaning that the impact of generative AI on workers and the economy also depends on the types of policies and institutions of the local economy.

Importantly, these findings hold beyond occupational exposure. In additional work with co-authors at the Bureau of Economic Analysis, we found a similar effect on GDP and employment when looking at actual AI utilization—that is, how often workers use AI. Drawing on the Gallup Workforce Panel, we measured workers actively using AI daily or multiple times a week. We found that each percentage-point increase in the share of frequent AI users in a state and industry is associated with roughly 0.1% to 0.2% higher real output and 0.2% to 0.4% higher employment.

To put that in context: The share of frequent AI users across all occupations rose from about 12% in mid-2024 to 26% by late 2025, a shift our estimates suggest corresponds to roughly 1.4% to 2.8% higher real output—or about 1 to 2 percentage points of annualized growth over that period.

New technologies rarely leave work untouched. But they also rarely eliminate the need for human contribution altogether. Instead, they change the composition of work, as our research shows. Some tasks shrink. Others expand. New ones emerge that were previously too costly or too hard to perform at scale. Put simply, some occupations might go away, but most of them just change.

If anything, the trends documented here are likely to strengthen rather than fade. Not only are generative AI tools rapidly improving, but also the experimentation and research and development that many workers and companies are engaging in are likely to pay large dividends. These investments—often referred to as intangible capital—tend to get unlocked a few years after a technology comes onto the scene, once complementary investments have been made.

The Role of Companies and Managers

Whether AI leads to anxiety or adaptation for workers depends in part on what happens inside organizations. Using additional data collected over many years in the Gallup Workforce Panel covering more than 30,000 US employees from 2023 to 2026, I found in a 2026 paper that workplace adoption of generative AI rose quickly over the period, with the share of workers using AI often increasing from 9% to 26%.

But the more important finding is that adoption was far more common where workers believed their organization had communicated a clear AI strategy and where employees said they trust leadership. This suggests that growing adoption and effective use of AI depends not only on the availability of the technology but on whether managers make its use clear, credible, and safe.

Where that clarity exists, frequent AI use is associated with higher engagement and job satisfaction, and it even reverses the burnout penalties that appear elsewhere.

In other words, the broader economic effects of AI depend not only on how sophisticated the tools are but on whether companies and managers create environments where workers can experiment, reorganize tasks, and integrate new tools into productive routines. That is, if employees do not feel the psychological safety to experiment, they are less likely to use AI, and they are especially less likely to use it for higher-value work.

That is precisely the kind of adaptation that I believe makes labor markets more resilient than the most alarmist forecasts suggest.

This article is republished from The Conversation under a Creative Commons license. Read the original article.

The post Industries Most Exposed to AI Are Not Only Seeing Productivity Gains but Jobs and Wage Growth Too appeared first on SingularityHub.

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. [...]

Think about Linux security like a product recall. A manufacturer starts fixing the issue before the public notice goes out. If you catch those early signals, you can act before it becomes a known problem.

Smartphony válcují nejen levné, ale už i pokročilé kompakty • Vlajkové modely jsou skoro jistota, dobře fotí ale i levnější přístroje • Po kterých fotomobilech byste měli aktuálně sáhnout?

Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection. [...]

Fortune 500 companies and one US defense contractor got taken for $5m in four-year scam

Two Americans have been jailed for a combined 200 months for helping North Korea generate $5 million through fraudulent IT worker schemes.…

Nová aplikace Gemini zamířila na desktopy, nejdříve na macOS. • AI chatbot lze vyvolat jednoduše zkratkou, můžete s ním i sdílet okno. • Aplikace funguje i v Česku a stačí jí bezplatný účet.

A new cybercrime platform called ATHR can harvest credentials via fully automated voice phishing attacks that use both human operators and AI agents for the social engineering phase. [...]

AI-powered SOC tools promise automation, but most only speed up triage instead of reducing real workload. Tines shows how real gains come from end-to-end workflows that execute actions across systems, not just summarize alerts. [...]

Český úřad zeměměřický a katastrální zavedl u anonymního nahlížení do katastru nemovitostí novou CAPTCHA ve formě mapové puzzle: nepřihlášení uživatelé musí nově správně otočit devět dlaždic v 3x3 poli tak, aby dohromady daly souvislý obrázek výseče reálné mapy, přičemž na to mají pouze jeden časově omezený pokus. Test je podle uživatelů i odborníků příliš obtížný a na sociálních sítích pochopitelně schytává zaslouženou kritiku a vyvolává spekulace, zda se nejedná o snahu všechny uživatele ztotožnit a přimět za veřejnou službu platit i podruhé (pokud si chcete výpis koupit, stále se zobrazuje původní jednoduchá CAPTCHA). Úřad opatření hájí nutností omezit masivní aktivitu zahraničních botů, přesto se brzy objevil jednoduchý skript, který tuto captchu zvládl automaticky řešit během zlomku vteřiny (nyní už nefunguje).

Vybrali jsme 15 nejdražších stavebnic Lego • Nejlevnější pořídíte zhruba za jedenáct tisíc • Špičkové sety pro filmové fanoušky i školní výuku

Byla vydána verze 1.95.0 programovacího jazyka Rust (Wikipedie). Podrobnosti v poznámkách k vydání. Vyzkoušet Rust lze například na stránce Rust by Example.

Mozilla prostřednictvím své dceřiné společnosti MZLA Technologies Corporation představila open-source AI klienta Thunderbolt. Primárně je určený pro firemní nasazení.

You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people's days, and enough supply chain drama to fill a season of television nobody asked for. Not Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Forged metadata made AI reviewer treat hostile changes as though they came from known maintainer

Security boffins say Anthropic's Claude can be tricked into approving malicious code with just two Git commands by spoofing a trusted developer's identity.…

4K projektor Optoma Photo Life PK31 zlevnil v Alze na 11 174 Kč. • Jinde stojí minimálně o dva tisíce víc. • Láká na dobrý obraz, tichý chod a jednoduché nastavení.

Microsoft’s Windows Recall feature remains vulnerable to complete data extraction despite a major security overhaul, according to a cybersecurity researcher who says malware running in a user’s context can quietly siphon off everything Recall has captured, without administrator privileges, kernel exploits, or breaking encryption.

Alexander Hagenah, executive director at Zürich-based financial infrastructure operator SIX Group, made the claim in a LinkedIn post, where he also published a proof-of-concept tool called TotalRecall Reloaded to demonstrate the issue.

Hagenah first exposed Recall’s security flaws in 2024, forcing Microsoft to pull the feature from preview and rebuild it. Microsoft relaunched Recall in April 2025, saying the new architecture would restrict “attempts by latent malware trying to ‘ride along’ with a user authentication to steal data.” Hagenah said it does not.

“When you use Recall normally, TotalRecall Reloaded silently holds the door open behind you and then extracts what Recall has ever captured. That is precisely the scenario Microsoft’s architecture is supposed to restrict,” he wrote in the post.

Hagenah wrote in the post that he disclosed the research to Microsoft’s Security Response Center on March 6, submitting full source code and reproduction steps. Microsoft reviewed the case for a month and closed it on April 3, telling him the behavior “does not represent a bypass of a security boundary or unauthorized access to data.”

“Microsoft says this is by design,” Hagenah wrote. “That worries me.”

In an email response to CSO, a Microsoft spokesperson said, “After careful investigation, we determined that the access patterns demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data. The authorization period has a timeout and anti-hammering protection that limit the impact of malicious queries.”

Hagenah’s research does not challenge Microsoft’s encryption, which he said is sound. The gap, he told CSO, is in how decrypted data is handled once it leaves the enclave.

“Plaintext screenshots and extracted text end up in an unprotected process for display,” he told CSO. “As long as decrypted content crosses into a process that same-user code can access, someone will find a way in.”

What a fix would require

A fix is technically feasible, Hagenah said.

“The short-term fix is fairly straightforward. Microsoft could add stronger code integrity and process protections to AIXHost.exe, the process that renders the Recall timeline. Right now, it has none, which makes the injection path possible. That would block the specific technique I demonstrated and materially raise the bar,” he said.

The longer-term problem runs deeper, he said. “Microsoft should rethink how decrypted data is handled after it leaves the enclave. The cryptography and enclave design are genuinely well done, and I want to be clear about that. The problem is that plaintext screenshots and extracted text end up in an unprotected process for display. As long as decrypted content crosses into a process that same-user code can access, someone will find a way in,” he said.

“A durable fix would mean either rendering inside a protected process or adopting a compositing model where raw data never leaves the trust boundary. That is a bigger effort, but it is the only way to close this class of issue properly,” he said.

Exploitation risk

The barrier to weaponizing this technique is lower than Microsoft’s security messaging would suggest, Hagenah said.

“They only need code running in the user’s context and a way to reuse the authorized Recall session,” he said. “That is a much lower bar than many people would assume from Microsoft’s security messaging.”

While Recall’s limitation to Copilot+ PCs and its opt-in status reduce the scale of exposure, targeted abuse is a realistic near-term risk, he said. “For targeted abuse, surveillance, or high-value user collection, this is absolutely realistic,” he said.

Hagenah said he published the source code deliberately so defenders, EDR vendors, and security teams could build detections before threat actors operationalize the technique independently. “In my view, that gives the defensive side a valuable head start,” he said.

Independent security researcher Kevin Beaumont reached a similar conclusion after separately testing the current Recall implementation. “Yep, you can just read the database as a user process,” Beaumont wrote on Mastodon on March 11. “The database also contains all manner of fields that aren’t publicly disclosed for tracking the user’s activity. No AV or EDR alerts triggered,” he wrote.

The article originally appeared in CSO.

Firma Cal.com oznámila, že přesouvá svůj produkční kód z otevřeného do uzavřeného repozitáře z důvodu bezpečnostního rizika umělé inteligence, která prý dokáže vyhledávat a zneužívat zranitelnosti rychleji, než by je jejich vývojářský tým stíhal opravovat. Zároveň zveřejnila samostatnou, open-source verzi Cal.diy pod licencí MIT, ovšem bez řady původních funkcí. O tom, zda je toto opatření rozumné, existují pochyby. (Cal.com je platforma pro správu schůzek, která představuje alternativu ke Calendly s možností vlastního hostování. Platforma umožňuje uživatelům vytvářet typy rezervovatelných událostí, spravovat dostupnost, integrovat se s externími kalendářovými službami a službami pro videokonference, přijímat platby a tyto pracovní postupy automatizovat.)

Cisco has released security updates to patch four critical vulnerabilities, including a fixed improper certificate validation flaw in the company's cloud-based Webex Services platform that requires further customer action. [...]