theodp writes: After issuing mea culpas over diversity and compensation equity issues, tech companies began to promote their K-12 CS education philanthropy initiatives as corrective measures as they sought to deflect criticism and defeat shareholder calls for greater transparency into hiring and compensation practices. In 2016, for instance, Amazon argued it was already working with tech-backed nonprofits such as Code.org, the Anita Borg Institute, and Girls Who Code to increase women's and minorities' involvement in tech as it sought the SEC's permission to block a shareholder vote on a proposal on gender pay equality. As such, it wasn't terribly surprising to see the nation's tech giants again remind the public of their K-12 CS philanthropy efforts as they recently announced quarterly earnings.

In the Addressing Racial Injustice and Inequity section of its most recent 10-K Annual Report SEC filing, Microsoft boasted, "We also expanded our Technology Education and Learning Support ("TEALS") program to reach nearly 550 high schools across 21 racial equity expansion regions with the support of nearly 1,500 volunteers, 12% of whom identify as Black or African American."

An Amazon press release claimed the company is inspiring Girl Scouts to explore the future of STEM by awarding girls aged 7-and-up a co-branded Girl Scouts and Amazon patch for attending in-person or virtual Amazon warehouse tours. "As humanity looks to science, technology, engineering, and math (STEM) for new ideas and discoveries," Amazon explained, "it is more important than ever to harness the unique insights, skills, and potential of girls. [..] That's why Amazon partnered with Girl Scouts of the USA (GSUSA) to host exclusive tours [of Amazon fulfillment centers] for troops around the nation to showcase the importance and diversity of careers in STEM."

Most recently, a press release celebrated the move of Google's Code Next high school program into a lab located in the newly-rehabbed Michigan Central Station, which has thus far enrolled approximately 100 students. "Google has called Michigan home for over 15 years with offices in Detroit and Ann Arbor. We're dedicated to investing in the city and providing its students with the resources and inspiration they need to excel," said Shanika Hope, Director, Google Education and Social Impact. "We're excited to bring our Code Next program to Michigan Central, empowering Detroit's youth with computer science education to help them reach their full potential in the classroom and beyond."

U.S. Judge Amit Mehta released a 286-page ruling Monday in the Google search antitrust case, revealing key details of the tech giant's business practices. The document is packed with factual findings and legal conclusions and some amazing comments. Here's one, for instance: Google pays Apple billions of dollars a year to be the default search engine in Safari. But according to Eddy Cue, Apple's senior vice president of services, there's no other meaningful alternative. During the trial, he said that "there's no price that Microsoft could ever offer" to Apple to get the company to preload Bing in Safari. "I don't believe there's a price in the world that Microsoft could offer us," Cue said at another point. "They offered to give us Bing for free. They could give us the whole company."

For Google, this is a sign that they've earned their default status (which, incidentally, they pay Apple gobs of money to maintain). Judge Mehta says that this is an indication that the "market reality is that Google is the only real choice as the default GSE [general search engine]." (Of course, Cue's opinion doesn't mean Bing is objectively bad. Elsewhere, the opinion notes that Bing's search quality is comparable to Google's on desktop, though it falls behind on mobile.)

Microsoft said Delta Air Lines turned down repeated offers for assistance following last month's catastrophic system outage, echoing claims by CrowdStrike in an increasingly contentious conflict between the carrier and its technology partners. From a report: Microsoft employees reached out to Delta to give technical support every day from July 19 through July 23, and "each time Delta turned down Microsoft's offers to help," according to a letter Tuesday from the technology giant's attorneys to Delta's representatives. Microsoft Chief Executive Officer Satya Nadella also personally emailed Delta CEO Ed Bastian and never heard back. "Even though Microsoft's software had not caused the CrowdStrike incident, Microsoft immediately jumped in and offered to assist Delta at no charge," according to the letter, which was signed by Mark Cheffo of Dechert LLP. The claims, in response to Delta's hiring of attorney David Boies, heighten the tension after Delta suggested it would try to seek compensation for a breakdown it expects to cost it $500 million this quarter. The airline was slower to recover than competitors after an errant software update from CrowdStrike affected Microsoft systems, creating a cascading effect that led Delta to cancel thousands of flights over several days.

snydeq writes: CSO Online's Evan Schuman reports on a design flaw in Microsoft Authenticator that causes it to often overwrite authentication accounts when a user adds a new one via QR scan. "But because of the way the resulting lockout happens, the user is not likely to realize the issue resides with Microsoft Authenticator. Instead, the company issuing the authentication is considered the culprit, resulting in wasted corporate helpdesk hours trying to fix an issue not of that company's making."

Schuman writes: "The core of the problem? Microsoft Authenticator will overwrite an account with the same username. Given the prominent use of email addresses for usernames, most users' apps share the same username. Google Authenticator and just about every other authenticator app add the name of the issuer -- such as a bank or a car company -- to avoid this issue. Microsoft only uses the username."

The flaw appears to have been in place since Authenticator was released in 2016. Users have complained about this issue in the past to no avail. In its two correspondences with Schuman, Microsoft first laid blame on users, then on issuers. Several IT experts confirmed the flaw, with one saying, "It's possible that this problem occurs more often than anyone realizes because [users] don't realize what the cause is. If you haven't picked an authentication app, why would you pick Microsoft?"

Reeling from security and optics issues, Microsoft appears to be trying to correct its story. An anonymous reader shares a report: Microsoft made it clear earlier this year that it was planning to make security its top priority, following years of security issues and mounting criticisms. Starting today, the software giant is now tying its security efforts to employee performance reviews. Kathleen Hogan, Microsoft's chief people officer, has outlined what the company expects of employees in an internal memo obtained by The Verge. "Everyone at Microsoft will have security as a Core Priority," says Hogan. "When faced with a tradeoff, the answer is clear and simple: security above all else."

A lack of security focus for Microsoft employees could impact promotions, merit-based salary increases, and bonuses. "Delivering impact for the Security Core Priority will be a key input for managers in determining impact and recommending rewards," Microsoft is telling employees in an internal Microsoft FAQ on its new policy. Microsoft has now placed security as one of its key priorities alongside diversity and inclusion. Both are now required to be part of performance conversations -- internally called a "Connect" -- for every employee, alongside priorities that are agreed upon between employees and their managers.

Elon Musk has reignited his legal battle against OpenAI, the creators of ChatGPT, by filing a new lawsuit in a California federal court. The suit, which revives a six-year-old dispute, accuses OpenAI founders Sam Altman and Greg Brockman of breaching the company's founding principles by prioritizing commercial interests over public benefit.

Musk's complaint alleges that OpenAI's multibillion-dollar partnership with Microsoft contradicts the original mission to develop AI responsibly for humanity's benefit. The lawsuit describes the alleged betrayal in dramatic terms, claiming "perfidy and deceit... of Shakespearean proportions." OpenAI has not yet commented on the new filing. In response to Musk's previous lawsuit, which was withdrawn seven weeks ago, the company stated its commitment to building safe artificial general intelligence for the benefit of humanity.

CrowdStrike says that it isn't to blame for Delta Air Lines' dayslong meltdown following the tech outage caused by the cybersecurity company, and that it isn't responsible for all of the money that the carrier says it lost. From a report: In a letter responding to the airline's recent public comments and hiring of a prominent lawyer, CrowdStrike said Delta's threats of a lawsuit have contributed to a "misleading narrative" that the cybersecurity company was responsible for the airline's tech decisions and response to the outage. "Should Delta pursue this path, Delta will have to explain to the public, its shareholders, and ultimately a jury why CrowdStrike took responsibility for its actions -- swiftly, transparently, and constructively -- while Delta did not," wrote Michael Carlinsky, an attorney at law firm Quinn Emanuel Urquhart & Sullivan.

The letter to Delta's legal team Sunday evening is the latest move in a growing conflict between the cybersecurity firm and the airline, which was thrown into several days of disarray following the outage. Delta Chief Executive Ed Bastian said in an interview on CNBC last week that the outage cost the airline about $500 million, including lost revenue and compensation costs. The airline has alerted CrowdStrike and Microsoft that it is planning to pursue legal claims to recover its losses, and has hired litigation firm Boies Schiller Flexner to assist, according to a memo Bastian sent to Delta employees last week. CrowdStrike said Sunday that its liability is contractually capped at an amount in the "single-digit millions."

Stack Overflow says over 65,000 developers took their annual survey — and "For the first time this year, we asked if developers felt AI was a threat to their job..."

Some analysis from The New Stack: Unsurprisingly, only 12% of surveyed developers believe AI is a threat to their current job. In fact, 70% are favorably inclined to use AI tools as part of their development workflow... Among those who use AI tools in their development workflow, 81% said productivity is one of its top benefits, followed by an ability to learn new skills quickly (62%). Much fewer (30%) said improved accuracy is a benefit. Professional developers' adoption of AI tools in the development process has risen rapidly, going from 44% in 2023 to 62% in 2024...

Seventy-one percent of developers with less than five years of experience reported using AI tools in their development process, as compared to just 49% of developers with 20 years of experience coding... At 82%, [ChatGPT] is twice as likely to have been used than GitHub Copilot. Among ChatGPT users, 74% want to continue using it.
But "only 43% said they trust the accuracy of AI tools," according to Stack Overflow's blog post, "and 45% believe AI tools struggle to handle complex tasks."

More analysis from The New Stack: The latest edition of the global annual survey found full-time employment is holding steady, with over 80% reporting that they have full-time jobs. The percentage of unemployed developers has more than doubled since 2019 but is still at a modest 4.4% worldwide... The median annual salary of survey respondents declined significantly. For example, the average full-stack developer's median 2024 salary fell 11% compared to the previous year, to $63,333... Wage pressure may be the result of more competition from an increase in freelancing.

Eighteen percent of professional developers in the 2024 survey said they are independent contractors or self-employed, which is up from 9.5% in 2020. Part-time employment has also risen, presenting even more pressure on full-time salaries... Job losses at tech companies have contributed to a large influx of talent into the freelance market, noted Stack Overflow CEO Prashanth Chandrasekar in an interview with The New Stack. Since COVID-19, he added, the emphasis on remote work means more people value job flexibility. In the 2024 survey, only 20% have returned to full-time in-person work, 38% are full-time remote, while the remainder are in a hybrid situation. Anticipation of future productivity growth due to AI may also be creating uncertainty about how much to pay developers.
Two stats jumped out for Visual Studio magazine: In this year's big Stack Overflow developer survey things are much the same for Microsoft-centric data points: VS Code and Visual Studio still rule the IDE roost, while .NET maintains its No. 1 position among non-web frameworks. It's been this way for years, though in 2021 it was .NET Framework at No. 1 among IDEs, while the new .NET Core/.NET 5 entry was No. 3. Among IDEs, there has been less change. "Visual Studio Code is used by more than twice as many developers than its nearest (and related) alternative, Visual Studio," said the 2024 Stack Overflow Developer survey, the 14th in the series of massive reports.
Stack Overflow shared some other interesting statistics:

• "Javascript (62%), HTML/CSS (53%), and Python (51%) top the list of most used languages for the second year in a row... [JavaScript] has been the most popular language every year since the inception of the Developer Survey in 2011."

• "Python is the most desired language this year (users that did not indicate using this year but did indicate wanting to use next year), overtaking JavaScript."

• "The language that most developers used and want to use again is Rust for the second year in a row with an 83% admiration rate. "

• "Python is most popular for those learning to code..."

• "Technical debt is a problem for 62% of developers, twice as much as the second- and third-most frustrating problems for developers: complex tech stacks for building and deployment."

A professor in the University of Chicago's department of geophysical sciences "believes that by intentionally releasing sulfur dioxide into the stratosphere, it would be possible to lower temperatures worldwide," reports the New York Times.

He's not the only one promoting the idea. "Harvard University has a solar geoengineering program that has received grants from Microsoft co-founder Bill Gates, the Alfred P. Sloan Foundation and the William and Flora Hewlett Foundation. It's being studied by the Environmental Defense Fund along with the World Climate Research Program.... But many scientists and environmentalists fear that it could result in unpredictable calamities." Because it would be used in the stratosphere and not limited to a particular area, solar geoengineering could affect the whole world, possibly scrambling natural systems, like creating rain in one arid region while drying out the monsoon season elsewhere. Opponents worry it would distract from the urgent work of transitioning away from fossil fuels. They object to intentionally releasing sulfur dioxide, a pollutant that would eventually move from the stratosphere to ground level, where it can irritate the skin, eyes, nose and throat and can cause respiratory problems. And they fear that once begun, a solar geoengineering program would be difficult to stop...

Keith, a professor in the University of Chicago's department of geophysical sciences, countered that the risks posed by solar geoengineering are well understood, not as severe as portrayed by critics and dwarfed by the potential benefits. If the technique slowed the warming of the planet by even just 1 degree Celsius, or 1.8 degrees Fahrenheit, over the next century, Keith said, it could help prevent millions of heat-related deaths each decade...

Opponents of solar geoengineering cite several main risks. They say it could create a "moral hazard," mistakenly giving people the impression that it is not necessary to rapidly reduce fossil fuel emissions. The second main concern has to do with unintended consequences. "This is a really dangerous path to go down," said Beatrice Rindevall, the chair of the Swedish Society for Nature Conservation, which opposed the experiment. "It could shock the climate system, could alter hydrological cycles and could exacerbate extreme weather and climate instability." And once solar geoengineering began to cool the planet, stopping the effort abruptly could result in a sudden rise in temperatures, a phenomenon known as "termination shock." The planet could experience "potentially massive temperature rise in an unprepared world over a matter of five to 10 years, hitting the Earth's climate with something that it probably hasn't seen since the dinosaur-killing impactor," Pierrehumbert said. On top of all this, there are fears about rogue actors using solar geoengineering and concerns that the technology could be weaponized. Not to mention the fact that sulfur dioxide can harm human health.

Keith is adamant that those fears are overblown. And while there would be some additional air pollution, he claims the risk is negligible compared to the benefits.
The opposition is making it hard to even conduct tests, according to the article — like when Keith "wanted to release a few pounds of mineral dust at an altitude of roughly 20 kilometers and track how the dust behaved as it floated across the sky."

The experiment was called off after opposition from numerous groups — including Greta Thunberg and an organization representing Indigenous people who felt the experiment was disrespecting nature.

Somewhere in America's Defense Department, the DARPA R&D agency is running a two-year contest to write an AI-powered program "that can scan millions of lines of open-source code, identify security flaws and fix them, all without human intervention," reports the Washington Post. [Alternate URL here.]

But as they see it, "The contest is one of the clearest signs to date that the government sees flaws in open-source software as one of the country's biggest security risks, and considers artificial intelligence vital to addressing it." Free open-source programs, such as the Linux operating system, help run everything from websites to power stations. The code isn't inherently worse than what's in proprietary programs from companies like Microsoft and Oracle, but there aren't enough skilled engineers tasked with testing it. As a result, poorly maintained free code has been at the root of some of the most expensive cybersecurity breaches of all time, including the 2017 Equifax disaster that exposed the personal information of half of all Americans. The incident, which led to the largest-ever data breach settlement, cost the company more than $1 billion in improvements and penalties.

If people can't keep up with all the code being woven into every industrial sector, DARPA hopes machines can. "The goal is having an end-to-end 'cyber reasoning system' that leverages large language models to find vulnerabilities, prove that they are vulnerabilities, and patch them," explained one of the advising professors, Arizona State's Yan Shoshitaishvili.... Some large open-source projects are run by near-Wikipedia-size armies of volunteers and are generally in good shape. Some have maintainers who are given grants by big corporate users that turn it into a job. And then there is everything else, including programs written as homework assignments by authors who barely remember them.

"Open source has always been 'Use at your own risk,'" said Brian Behlendorf, who started the Open Source Security Foundation after decades of maintaining a pioneering free server software, Apache, and other projects at the Apache Software Foundation. "It's not free as in speech, or even free as in beer," he said. "It's free as in puppy, and it needs care and feeding."
40 teams entered the contest, according to the article — and seven received $1 million in funding to continue on to the next round, with the finalists to be announced at this year's Def Con, according to the article.

"Under the terms of the DARPA contest, all finalists must release their programs as open source," the article points out, "so that software vendors and consumers will be able to run them."

An anonymous reader shares a report: Google has agreed to pay a licensing fee [non-paywalled link] to chatbot maker Character.AI for its models and will hire its cofounders and many of its researchers, Character's leaders told staff on Friday. The leaders told Character staff that investors would be bought out at a valuation of about $88 per share, the leaders said in a meeting. That's about 2.5 times the value of shares in Character's 2023 Series A, which valued the company at $1 billion, they said.

The Character employees joining Google will work on its Gemini AI efforts, they said. Character will switch to open-source models such as Meta Platforms' Llama 3.1 to power its products, rather than its in-house models, they said. The deal follows a string of similar arrangements by other well-funded artificial intelligence startups. AI developers Adept and Inflection have both effectively sold themselves to Amazon and Microsoft, respectively, in the last five months despite raising considerable capital.

Microsoft Dynamics 365's "field service management" tools enable employers to monitor mobile workers via smartphone apps -- "allegedly to the detriment of their autonomy and dignity," reports The Register. From the report: According to a probe by Cracked Labs - an Austrian nonprofit research group -- the software is part of a broader set of applications that disempowers workers through algorithmic management. The case study [PDF] summarizes how employers in Europe actually use software and smartphone apps to oversee field technicians, home workers, and cleaning staff. It's part of a larger ongoing project helmed by the group called "Surveillance and Digital Control at Work," which includes contributions from AlgorithmWatch; Jeremias Adams-Prassl, professor of law at the University of Oxford; and trade unions UNI Europa and GPA.

Mobile maintenance workers used to have a substantial amount of autonomy when they were equipped with basic mobile phones, the study notes, but smartphones have allowed employers to track what mobile workers do, when they do it, where they are, and gather many other data points. The effect of this monitoring, the report argues, means diminished worker discretion, autonomy, and sense of purpose due to task-based micromanagement. The shift has also accelerated and intensified work stress, with little respect to workers' capabilities, differences in lifestyle, and job practices. "Field service workers travel to multiple locations servicing different products every day," a Microsoft spokesperson told The Register. "Dynamics 365 Field Service and its Copilot capabilities are designed to help field service workers schedule, plan and provide onsite maintenance and repairs in the right location, on time with the right information and workplace guides on their device to complete their jobs."

"Dynamics 365 Field Service does not use AI to recommend individual workers for specific jobs based on previous performance. Dynamics 365 Field Service was developed in accordance with our Responsible AI principles and data privacy statement. Customers are solely responsible for using Dynamics 365 Field Service in compliance with all applicable laws, including laws relating to accessing individual employee analytics and monitoring."

Progressive groups and Senator Elizabeth Warren are urging the Department of Justice to investigate Nvidia for potential antitrust violations due to its dominant position in the AI chip market. The groups criticize Nvidia's bundling of software and hardware, claiming it stifles innovation and locks in customers. Reuters reports: Demand Progress and nine other groups wrote a letter (PDF) this week, opens new tab urging Department of Justice antitrust chief Jonathan Kanter to probe business practices at Nvidia, whose market value hit $3 trillion this summer on demand for chips able to run the complex models behind generative AI. The groups, which oppose monopolies and promote government oversight of tech companies, among other issues, took aim at Nvidia's bundling of software and hardware, a practice that French antitrust enforcers have flagged as they prepare to bring charges.

"This aggressively proprietary approach, which is strongly contrary to industry norms about collaboration and interoperability, acts to lock in customers and stifles innovation," the groups wrote. Nvidia has roughly 80% of the AI chip market, including the custom AI processors made by cloud computing companies like Google, Microsoft and Amazon.com. The chips made by the cloud giants are not available for sale themselves but typically rented through each platform. A spokesperson for Nvidia said: "Regulators need not be concerned, as we scrupulously adhere to all laws and ensure that NVIDIA is openly available in every cloud and on-prem for every enterprise. We'll continue to support aspiring innovators in every industry and market and are happy to provide any information regulators need."

An anonymous reader shares a report: Microsoft has a long and tangled history with OpenAI, having invested a reported $13 billion in the ChatGPT maker as part of a long term partnership. As part of the deal, Microsoft runs OpenAI's models across its enterprise and consumer products, and is OpenAI's exclusive cloud provider. However, the tech giant called the startup a "competitor" for the first time in an SEC filing on Tuesday.

In Microsoft's annual 10K, OpenAI joined long list of competitors in AI, alongside Anthropic, Amazon, and Meta. OpenAI was also listed alongside Google as a competitor to Microsoft in search, thanks to OpenAI's new SearchGPT feature announced last week. It's possible Microsoft is trying to change the narrative on its relationship with OpenAI in light of antitrust concerns -- the FTC is currently looking into the relationship, alongside similar cloud provider investments into AI startups.

After striking deals with Google and OpenAI, Reddit CEO Steve Huffman is calling on Microsoft and others to pay if they want to continue scraping the site's data. From a report: "Without these agreements, we don't have any say or knowledge of how our data is displayed and what it's used for, which has put us in a position now of blocking folks who haven't been willing to come to terms with how we'd like our data to be used or not used," Huffman said in an interview this week. He specifically named Microsoft, Anthropic, and Perplexity for refusing to negotiate, saying it has been "a real pain in the ass to block these companies."

Reddit has been escalating its fight against crawlers in recent months. At the beginning of July, its robots.txt file was updated to block web crawlers it doesn't have agreements with. Then people began noticing that Reddit results were only visible in Google results -- where Reddit is paid for its data to be shown -- and not other search engines like Bing. Huffman said that Microsoft has been using Reddit's data to train its AI and summarizing its content in Bing results "without telling us" and that Reddit's data has also been sold through the Bing API to other search engines.

Shareholders have sued CrowdStrike on Tuesday, claiming the cybersecurity company defrauded them by concealing how its inadequate software testing could cause the global software outage earlier this month that crashed millions of computers. Reuters reports: In a proposed class action filed on Tuesday night in the Austin, Texas federal court, shareholders said they learned that CrowdStrike's assurances about its technology were materially false and misleading when a flawed software update disrupted airlines, banks, hospitals and emergency lines around the world. They said CrowdStrike's share price fell 32% over the next 12 days, wiping out $25 billion of market value, as the outage's effects became known, Chief Executive George Kurtz was called to testify to the U.S. Congress, and Delta Air Lines reportedly hired prominent lawyer David Boies to seek damages.

The complaint cites statements including from a March 5 conference call where Kurtz characterized CrowdStrike's software as "validated, tested and certified." The lawsuit led by the Plymouth County Retirement Association of Plymouth, Massachusetts, seeks unspecified damages for holders of CrowdStrike Class A shares between Nov. 29, 2023 and July 29, 2024. Further reading: Delta CEO Says CrowdStrike-Microsoft Outage Cost the Airline $500 Million

An anonymous reader quotes a report from Ars Technica: Microsoft's revenue from Xbox console sales was down a whopping 42 percent on a year-over-year basis for the quarter ending in June, the company announced in its latest earnings report. The massive drop continues a long, pronounced slide for sales of Microsoft's gaming hardware—the Xbox line has now shown year-over-year declines in hardware sales revenue in six of the last seven calendar quarters (and seven of the last nine). And Microsoft CFO Amy Hood told investors in a follow-up call (as reported by GamesIndustry.biz) to expect hardware sales to decline yet again in the coming fiscal quarter, which ends in September. The 42 percent drop for quarterly hardware revenue -- by far the largest such drop since the introduction of the Xbox Series X/S in 2020 -- follows an 11 percent year-over-year decline in the second calendar quarter of 2023.

Microsoft no longer shares raw console shipment numbers like its competitors, so we don't know how many Xbox consoles are selling on an absolute basis. But industry analyst Daniel Ahmad estimates that Microsoft sold less than 900,000 Xbox units for the quarter ending in March, compared to 4.5 million PS5 units shipped in the same period. Overall, the reported revenue numbers suggest that sales of the Xbox Series X/S line peaked sometime in 2022, during the console's second full year on store shelves. That's extremely rare for a market where sales for successful console hardware usually see a peak in the fourth or fifth year on the market before a slow decline in the run-up to a successor. [...] Aside from hardware sales, Microsoft's gaming content and services revenue was up a healthy-sounding 61 percent year-over-year for the latest reported quarter. But a full 58 percent of that increase was the "net impact from the Activision acquisition," which you may remember cost the company $68.7 billion dollars.

Microsoft is making Skype ad-free in an update that will rollout to users across all platforms soon. From a report: The update also includes improved AI image creation tools on Skype for Windows and macOS, and the ability to sign in automatically on iOS if you're already signed into another Microsoft app. "Our latest update removes all ads from Skype channels and the entire Skype platform, ensuring a smoother, decluttered and more enjoyable user experience," says Skype product manager Irene Namuganyi. The removal of ads in Skype means you'll no longer see ads in the main chat interface, or in the channels section. Microsoft says it has listened to feedback around ads in Skype, and decided to "focus on your chats without any ad distractions, making your Skype experience cleaner and more user-friendly."

Delta Air Lines CEO Ed Bastian said the massive IT outage earlier this month that stranded thousands of customers will cost it $500 million. From a report: Bastian said the figure is representative of not just the lost revenue, but "the tens of millions of dollars per day in compensation and hotels" over a period of five days. The airline canceled more than 4,000 flights in the wake of the outage, which was caused by a botched CrowdStrike software update and took thousands of Microsoft systems around the world offline. The company had to manually reset 40,000 servers, Bastian said. Further reading: Delta Seeks Damages From CrowdStrike, Microsoft After Outage.

Thomas Claburn reports via The Register: Meta's machine-learning model for detecting prompt injection attacks -- special prompts to make neural networks behave inappropriately -- is itself vulnerable to, you guessed it, prompt injection attacks. Prompt-Guard-86M, introduced by Meta last week in conjunction with its Llama 3.1 generative model, is intended "to help developers detect and respond to prompt injection and jailbreak inputs," the social network giant said. Large language models (LLMs) are trained with massive amounts of text and other data, and may parrot it on demand, which isn't ideal if the material is dangerous, dubious, or includes personal info. So makers of AI models build filtering mechanisms called "guardrails" to catch queries and responses that may cause harm, such as those revealing sensitive training data on demand, for example. Those using AI models have made it a sport to circumvent guardrails using prompt injection -- inputs designed to make an LLM ignore its internal system prompts that guide its output -- or jailbreaks -- input designed to make a model ignore safeguards. [...]

It turns out Meta's Prompt-Guard-86M classifier model can be asked to "Ignore previous instructions" if you just add spaces between the letters and omit punctuation. Aman Priyanshu, a bug hunter with enterprise AI application security shop Robust Intelligence, recently found the safety bypass when analyzing the embedding weight differences between Meta's Prompt-Guard-86M model and Redmond's base model, microsoft/mdeberta-v3-base. "The bypass involves inserting character-wise spaces between all English alphabet characters in a given prompt," explained Priyanshu in a GitHub Issues post submitted to the Prompt-Guard repo on Thursday. "This simple transformation effectively renders the classifier unable to detect potentially harmful content." "Whatever nasty question you'd like to ask right, all you have to do is remove punctuation and add spaces between every letter," Hyrum Anderson, CTO at Robust Intelligence, told The Register. "It's very simple and it works. And not just a little bit. It went from something like less than 3 percent to nearly a 100 percent attack success rate."