Enlarge / Three images generated by "Imagine with Meta AI" using the Emu AI model. (credit: Meta | Benj Edwards)

On Wednesday, Meta released a free standalone AI image generator website, "Imagine with Meta AI," based on its Emu image synthesis model. Meta used 1.1 billion publicly visible Facebook and Instagram images to train the AI model, which can render a novel image from a written prompt. Previously, Meta's version of this technology—using the same data—was only available in messaging and social networking apps such as Instagram.

If you're on Facebook or Instagram, it's quite possible a picture of you (or that you took) helped train Emu. In a way, the old saying, "If you're not paying for it, you are the product" has taken on a whole new meaning. Although, as of 2016, Instagram users uploaded over 95 million photos a day, so the dataset Meta used to train its AI model was a small subset of its overall photo library.

Since Meta says it only uses publicly available photos for training, setting your photos private on Instagram or Facebook should prevent their inclusion in the company's future AI model training (unless it changes that policy, of course).

Enlarge / The Google Gemini logo. (credit: Google)

On Wednesday, Google announced Gemini, a multimodal AI model family it hopes will rival OpenAI's GPT-4, which powers the paid version of ChatGPT. Google claims that the largest version of Gemini exceeds "current state-of-the-art results on 30 of the 32 widely used academic benchmarks used in large language model (LLM) research and development." It's a follow-up to PaLM 2, an earlier AI model that Google hoped would match GPT-4 in capability.

A specially tuned English version of its mid-level Gemini model is available now in over 170 countries as part of the Google Bard chatbot—although not in the EU or the UK due to potential regulation issues.

Like GPT-4, Gemini can handle multiple types (or "modes") of input, making it multimodal. That means it can process text, code, images, and even audio. The goal is to make a type of artificial intelligence that can accurately solve problems, give advice, and answer questions in a variety of fields—from the mundane to the scientific. Google says this will power a new era in computing, and it hopes to tightly integrate the technology into its products.

Enlarge (credit: Getty Images)

Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or remove using current defense mechanisms.

The attack—dubbed LogoFAIL by the researchers who devised it—is notable for the relative ease in carrying it out, the breadth of both consumer- and enterprise-grade models that are susceptible, and the high level of control it gains over them. In many cases, LogoFAIL can be remotely executed in post-exploit situations using techniques that can’t be spotted by traditional endpoint security products. And because exploits run during the earliest stages of the boot process, they are able to bypass a host of defenses, including the industry-wide Secure Boot, Intel’s Secure Boot, and similar protections from other companies that are devised to prevent so-called bootkit infections.

Game over for platform security

LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux. The vulnerabilities are the product of almost a year’s worth of work by Binarly, a firm that helps customers identify and secure vulnerable firmware.

Enlarge / Sam Altman, president of Y Combinator and co-chairman of OpenAI, seen here in July 2016. (credit: Drew Angerer / Getty Images News)

When Sam Altman was suddenly removed as CEO of OpenAI—before being reinstated days later—the company's board publicly justified the move by saying Altman "was not consistently candid in his communications with the board, hindering its ability to exercise its responsibilities." In the days since, there has been some reporting on potential reasons for the attempted board coup, but not much in the way of follow-up on what specific information Altman was allegedly less than "candid" about.

Now, in an in-depth piece for The New Yorker, writer Charles Duhigg—who was embedded inside OpenAI for months on a separate story—suggests that some board members found Altman "manipulative and conniving" and took particular issue with the way Altman allegedly tried to manipulate the board into firing fellow board member Helen Toner.

Board “manipulation” or “ham-fisted” maneuvering?

Toner, who serves as director of strategy and foundational research grants at Georgetown University’s Center for Security and Emerging Technology, allegedly drew Altman's negative attention by co-writing a paper on different ways AI companies can "signal" their commitment to safety through "costly" words and actions. In the paper, Toner contrasts OpenAI's public launch of ChatGPT last year with Anthropic's "deliberate deci[sion] not to productize its technology in order to avoid stoking the flames of AI hype."

Enlarge (credit: Getty Images | Benj Edwards)

In an editorial for Slate published Monday, renowned security researcher Bruce Schneier warned that AI models may enable a new era of mass spying, allowing companies and governments to automate the process of analyzing and summarizing large volumes of conversation data, fundamentally lowering barriers to spying activities that currently require human labor.

In the piece, Schneier notes that the existing landscape of electronic surveillance has already transformed the modern era, becoming the business model of the Internet, where our digital footprints are constantly tracked and analyzed for commercial reasons. Spying, by contrast, can take that kind of economically inspired monitoring to a completely new level:

"Spying and surveillance are different but related things," Schneier writes. "If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did."

Enlarge (credit: Getty Images | Benj Edwards)

On Tuesday, IBM and Meta announced the AI Alliance, an international coalition of over 50 organizations including AMD, Intel, NASA, CERN, and Harvard University that aims to advance "open innovation and open science in AI." In other words, the goal is to collectively promote alternatives to closed AI systems currently in use by market leaders such as OpenAI and Google with ChatGPT and Duet.

In the AI Alliance news release, OpenAI isn't mentioned by name—and OpenAI is not part of the alliance, nor is Google. But over the past year, clear battle lines have been drawn between companies like OpenAI that keep AI model weights (neural network files) and data about how the models are created to themselves and companies like Meta, which provide AI model weights for others to run on their own hardware and allow others to build derivative models based on their research.

"Open and transparent innovation is essential to empower a broad spectrum of AI researchers, builders, and adopters with the information and tools needed to harness these advancements in ways that prioritize safety, diversity, economic opportunity and benefits to all," writes the alliance.

Enlarge / An artist's impression of a human and a robot talking. (credit: Getty Images | Benj Edwards)

In a preprint research paper titled "Does GPT-4 Pass the Turing Test?", two researchers from UC San Diego pitted OpenAI's GPT-4 AI language model against human participants, GPT-3.5, and ELIZA to see which could trick participants into thinking it was human with the greatest success. But along the way, the study, which has not been peer-reviewed, found that human participants correctly identified other humans in only 63 percent of the interactions—and that a 1960s computer program surpassed the AI model that powers the free version of ChatGPT.

Even with limitations and caveats, which we'll cover below, the paper presents a thought-provoking comparison between AI model approaches and raises further questions about using the Turing test to evaluate AI model performance.

British mathematician and computer scientist Alan Turing first conceived the Turing test as "The Imitation Game" in 1950. Since then, it has become a famous but controversial benchmark for determining a machine's ability to imitate human conversation. In modern versions of the test, a human judge typically talks to either another human or a chatbot without knowing which is which. If the judge cannot reliably tell the chatbot from the human a certain percentage of the time, the chatbot is said to have passed the test. The threshold for passing the test is subjective, so there has never been a broad consensus on what would constitute a passing success rate.

Enlarge (credit: VMWare)

Broadcom announced back in May of 2022 that it would buy VMware for $61 billion and take on an additional $8 billion of the company's debt, and on November 22 of 2023 Broadcom said that it had completed the acquisition. And it looks like Broadcom's first big move is going to be layoffs: according to WARN notices filed with multiple states (catalogued here by Channel Futures), Broadcom will be laying off at least 2,837 employees across multiple states, including 1,267 at its Palo Alto campus in California.

As Channel Futures notes, the actual number of layoffs could be higher, since not all layoffs require WARN notices. We've contacted Broadcom for more information about the total number of layoffs and the kinds of positions that are being affected and will update if we receive a response. VMware has around 38,300 employees worldwide.

The WARN notices list the reason for the layoffs as "economic," but provide no further explanation or justification.

Enlarge / An artist's interpretation of what ChatGPT might look like if embodied in the form of a robot toy blowing out a birthday candle. (credit: Aurich Lawson | Getty Images)

One year ago today, on November 30, 2022, OpenAI released ChatGPT. It's uncommon for a single tech product to create as much global impact as ChatGPT in just one year.

Imagine a computer that can talk to you. Nothing new, right? Those have been around since the 1960s. But ChatGPT, the application that first bought large language models (LLMs) to a wide audience, felt different. It could compose poetry, seemingly understand the context of your questions and your conversation, and help you solve problems. Within a few months, it became the fastest-growing consumer application of all time. And it created a frenzy.

During these 365 days, ChatGPT has broadened the public perception of AI, captured imaginations, attracted critics, and stoked existential angst. It emboldened and reoriented Microsoft, made Google dance, spurred fears of AGI taking over the world, captivated world leaders, prompted attempts at government regulation, helped add words to dictionaries, inspired conferences and copycats, led to a crisis for educators, hyper-charged automated defamation, embarrassed lawyers by hallucinating, prompted lawsuits over training data, and much more.

Enlarge (credit: OpenAI / Benj Edwards)

On Wednesday, OpenAI announced that Sam Altman has officially returned to the ChatGPT-maker as CEO—accompanied by Mira Murati as CTO and Greg Brockman as president—resuming their roles from before the shocking firing of Altman that threw the company into turmoil two weeks ago. Altman says the company did not lose a single employee or customer throughout the crisis.

"I have never been more excited about the future. I am extremely grateful for everyone’s hard work in an unclear and unprecedented situation, and I believe our resilience and spirit set us apart in the industry," wrote Altman in an official OpenAI news release. "I feel so, so good about our probability of success for achieving our mission."

In the statement, Altman formalized plans that have been underway since last week: ex-Salesforce co-CEO Bret Taylor and economist Larry Summers have officially begun their tenure on the "new initial" OpenAI board of directors. Quora CEO Adam D’Angelo is keeping his previous seat on the board. Also on Wednesday, previous board members Tasha McCauley and Helen Toner officially resigned. In addition, a representative from Microsoft (a key OpenAI investor) will have a non-voting observer role on the board of directors.

Enlarge (credit: FT)

In late 2020, Huawei was fighting for its survival as a mobile phone maker.

A few months earlier, the Trump administration had hit the Chinese company with crippling sanctions, cutting it off from global semiconductor supply chains.

The sanctions prevented anyone without a permit from making the chips Huawei designed, and the company was struggling to procure new chips to launch more advanced handsets.

Enlarge (credit: Getty Images)

In the stretch of a few days, two municipal water facilities that serve more than 2 million residents in parts of Pennsylvania and Texas have reported network security breaches that have hamstrung parts of their business or operational processes.

In response to one of the attacks, the Municipal Water Authority of Aliquippa in western Pennsylvania temporarily shut down a pump providing drinking water from the facility’s treatment plant to the townships of Raccoon and Potter, according to reporting by the Beaver Countian. A photo the Water Authority provided to news outlets showed the front panel of a programmable logic controller—a toaster-sized box often abbreviated as PLC that’s used to automate physical processes inside of industrial settings—that displayed an anti-Israeli message. The PLC bore the logo of the manufacturer Unitronics. A sign above it read “Primary PLC.”

WWS facilities in the cross hairs

The Cybersecurity and Infrastructure Security Administration on Tuesday published an advisory that warned of recent attacks compromising Unitronics PLCs used in Water and Wastewater Systems, which are often abbreviated as WWSes. Although the notice didn’t identify any facilities by name, the account of one hack was almost identical to the one that occurred inside the Aliquippa facility.

Enlarge / Example images generated using Stable Diffusion XL Turbo. (credit: Stable Diffusion XL Turbo / Benj Edwards)

On Tuesday, Stability AI launched Stable Diffusion XL Turbo, an AI image-synthesis model that can rapidly generate imagery based on a written prompt. So rapidly, in fact, that the company is billing it as "real-time" image generation, since it can also quickly transform images from a source, such as a webcam, quickly.

SDXL Turbo's primary innovation lies in its ability to produce image outputs in a single step, a significant reduction from the 20–50 steps required by its predecessor. Stability attributes this leap in efficiency to a technique it calls Adversarial Diffusion Distillation (ADD). ADD uses score distillation, where the model learns from existing image-synthesis models, and adversarial loss, which enhances the model's ability to differentiate between real and generated images, improving the realism of the output.

Stability detailed the model's inner workings in a research paper released Tuesday that focuses on the ADD technique. One of the claimed advantages of SDXL Turbo is its similarity to Generative Adversarial Networks (GANs), especially in producing single-step image outputs.

Enlarge / The Amazon Q logo. (credit: Amazon)

On Tuesday, Amazon unveiled Amazon Q, an AI chatbot similar to ChatGPT that is tailored for corporate environments. Developed by Amazon Web Services (AWS), Q is designed to assist employees with tasks like summarizing documents, managing internal support tickets, and providing policy guidance, differentiating itself from consumer-focused chatbots. It also serves as a programming assistant.

According to The New York Times, the name "Q" is a play on the word “question" and a reference to the character Q in the James Bond novels, who makes helpful tools. (And there's apparently a little bit of Q from Star Trek: The Next Generation thrown in, although hopefully the new bot won't cause mischief on that scale.)

Amazon Q's launch positions it against existing corporate AI tools like Microsoft's Copilot, Google's Duet AI, and ChatGPT Enterprise. Unlike some of its competitors, Amazon Q isn't built on a singular AI large language model (LLM). Instead, it uses a platform called Bedrock, integrating multiple AI systems, including Amazon's Titan and models from Anthropic and Meta.

Enlarge (credit: Apple)

Apple has repeatedly trumpeted the success of its financial services, a product lineup that now encompasses the Apple Card credit card, high-interest savings accounts, and a buy-now-pay-later service called Apple Pay Later.

But even if those products have proven reasonably popular with consumers, they haven’t been working out for the bank that Apple has partnered with to supply those services. Goldman Sachs’ consumer services have been losing the company billions of dollars, according to reporting from Bloomberg, CNBC, and The New York Times, among others. These losses have been driven in part by a much higher-than-usual loss rate on its credit card loans—meaning that people with Goldman-backed credit cards like the Apple Card are actually making their payments less often than people with credit cards from other banks.

Today, The Wall Street Journal reports that Apple has sent Goldman Sachs a proposal that will end their partnership within the next 12 to 15 months, leaving Apple to find a new backer for its financial products.

Enlarge (credit: Getty Images)

Security researchers are tracking what they say is the “mass exploitation” of a security vulnerability that makes it possible to take full control of servers running ownCloud, a widely used open-source filesharing server app.

The vulnerability, which carries the maximum severity rating of 10, makes it possible to obtain passwords and cryptographic keys allowing administrative control of a vulnerable server by sending a simple Web request to a static URL, ownCloud officials warned last week. Within four days of the November 21 disclosure, researchers at security firm Greynoise said, they began observing “mass exploitation” in their honeypot servers, which masqueraded as vulnerable ownCloud servers to track attempts to exploit the vulnerability. The number of IP addresses sending the web requests has slowly risen since then. At the time this post went live on Ars, it had reached 13.

Spraying the Internet

“We're seeing hits to the specific endpoint that exposes sensitive information, which would be considered exploitation,” Glenn Thorpe, senior director of security research & detection engineering at Greynoise, said in an interview on Mastodon. “At the moment, we've seen 13 IPs that are hitting our unadvertised sensors, which indicates that they are pretty much spraying it across the internet to see what hits.”

Enlarge / The Ekobot autonomous weeding robot roving around an onion field in Sweden. (credit: Ekobot AB)

Anybody who has pulled weeds in a garden knows that it's a tedious task. Scale it up to farm-sized jobs, and it becomes a nightmare. The most efficient industrial alternative, herbicides, have potentially devastating side effects for people, animals, and the environment. So a Swedish company named Ekobot AB has introduced a wheeled robot that can autonomously recognize and pluck weeds from the ground rapidly using metal fingers.

The four-wheeled Ekobot WEAI robot is battery-powered and can operate 10–12 hours a day on one charge. It weighs 600 kg (about 1322 pounds) and has a top speed of 5 km/h (2.5 mph). It's tuned for weeding fields full of onions, beetroots, carrots, or similar vegetables, and it can cover about 10 hectares (about 24.7 acres) in a day. It navigates using GPS RTK and contains safety sensors and vision systems to prevent it from unintentionally bumping into objects or people.

To pinpoint plants it needs to pluck, the Ekobot uses an AI-powered machine vision system trained to identify weeds as it rolls above the farm field. Once the weeds are within its sights, the robot uses a series of metal fingers to quickly dig up and push weeds out of the dirt. Ekobot claims that in trials, its weed-plucking robot allowed farmers to grow onions with 70 percent fewer pesticides. The weed recognition system is key because it keeps the robot from accidentally digging up crops by mistake.

Enlarge (credit: Getty Images)

A prolific espionage hacking group with ties to China spent over two years looting the corporate network of NXP, the Netherlands-based chipmaker whose silicon powers security-sensitive components found in smartphones, smartcards, and electric vehicles, a news outlet has reported.

The intrusion, by a group tracked under names including "Chimera" and "G0114," lasted from late 2017 to the beginning of 2020, according to Netherlands-based NCR, which cited “several sources” familiar with the incident. During that time, the threat actors periodically accessed employee mailboxes and network drives in search of chip designs and other NXP intellectual property. The breach wasn’t uncovered until Chimera intruders were detected in a separate company network that connected to compromised NXP systems on several occasions. Details of the breach remained a closely guarded secret until now.

No material damage

NCR cited a report published (and later deleted) by security firm Fox-IT, titled Abusing Cloud Services to Fly Under the Radar. It documented Chimera using cloud services from companies including Microsoft and Dropbox to receive data stolen from the networks of semiconductor makers, including one in Europe that was hit in “early Q4 2017.” Some of the intrusions lasted as long as three years before coming to light. NCR said the unidentified victim was NXP.

Enlarge / Still examples of images animated using Stable Video Diffusion by Stability AI. (credit: Stability AI)

On Tuesday, Stability AI released Stable Video Diffusion, a new free AI research tool that can turn any still image into a short video—with mixed results. It's an open-weights preview of two AI models that use a technique called image-to-video, and it can run locally on a machine with an Nvidia GPU.

Last year, Stability AI made waves with the release of Stable Diffusion, an "open weights" image synthesis model that kick started a wave of open image synthesis and inspired a large community of hobbyists that have built off the technology with their own custom fine-tunings. Now Stability wants to do the same with AI video synthesis, although the tech is still in its infancy.

Right now, Stable Video Diffusion consists of two models: one that can produce image-to-video synthesis at 14 frames of length (called "SVD"), and another that generates 25 frames (called "SVD-XT"). They can operate at varying speeds from 3 to 30 frames per second, and they output short (typically 2-4 second-long) MP4 video clips at 576×1024 resolution.

Enlarge / A blog post from AWS chief evangelist Jeff Barr shows the Workspaces Thin Client setup. (credit: Jeff Barr/Amazon)

Amazon has turned its Fire TV Cube streaming device into a thin client optimized for Amazon Web Services (AWS).

Amazon's Workspaces Thin Client also supports Amazon's Workspaces Web, for accessing virtual desktops from a browser, and AppStream.

The computer is a Fire TV Cube with a new software stack. All the hardware—from the 2GB of LPDDR4x RAM and 16GB of storage, to the Arm processor with 8 cores, including four running at up to 2.2 GHz—remain identical whether buying the device as an Alexa-powered entertainment-streaming device or thin client computer. Both the Fire TV Cube and Workspaces Thin Client run an Android Open Source Project-based Android fork (for now).