Editor’s Pick

Enlarge / The original AI-generated spiral village that captivated social media, created using Stable Diffusion and ControlNet. (credit: Ugleh / Stable Diffusion)

On Sunday, a Reddit user named “Ugleh” posted an AI-generated image of a spiral-shaped medieval village that rapidly gained attention on social media for its remarkable geometric qualities. Follow-up posts garnered even more praise, including a tweet with over 145,000 likes. Ugleh created the images using Stable Diffusion and a guidance technique called ControlNet.

Reactions to the artwork online ranged from wonder and amazement to respect for developing something novel in generative AI art. “Never seen pictures like this. Something new in the world of art,” wrote one X user. “Tbh, I’ve seen a LOT of ai art, been in this space a long long time, and this is one of the most awesome pieces I’ve ever seen. You did so good,” wrote AI artist Kali Yuga on X.

Perhaps most notably, Y-Combinator co-founder and frequent social media tech commentator Paul Graham wrote, “This was the point where AI-generated art passed the Turing Test for me.” While Graham was referencing the Turing Test (which purports to test if a machine’s behavior is indistinguishable from a human) as a metaphor rather than literally, he was clearly impressed.

Enlarge (credit: Getty Images)

A security company is calling out a feature in Google’s authenticator app that it says made a recent internal network breach much worse.

Retool, which helps customers secure their software development platforms, made the criticism on Wednesday in a post disclosing a compromise of its customer support system. The breach gave the attackers responsible access to the accounts of 27 customers, all in the cryptocurrency industry. The attack started when a Retool employee clicked a link in a text message purporting to come from a member of the company’s IT team.

“Dark patterns”

It warned that the employee would be unable to participate in the company’s open enrollment for health care coverage until an account issue was fixed. The text arrived while Retool was in the process of moving its login platform to security company Okta. (Okta itself disclosed the breach of one of its third-party customer support engineers last year and the compromise of four of its customers’ Okta superuser accounts this month, but Wednesday’s notification made no mention of either event.)

Enlarge / Google CEO Sundar Pichai and Meta CEO Mark Zuckerberg arrive to the Senate bipartisan Artificial Intelligence (AI) Insight Forum on Capitol Hill in Washington, DC, on September 13, 2023. (credit: Getty Images)

On Wednesday, US Senator Chuck Schumer (D-NY) hosted an “AI Insight Forum” in the Senate’s office building about potential AI regulation. Attendees included billionaires and modern-day industry titans such as Elon Musk, Bill Gates, Mark Zuckerberg, OpenAI’s Sam Altman, and Jensen Huang of Nvidia. But this heavily corporate guest list—with 14 out of 22 being CEOs—had some scratching their heads.

“This is the room you pull together when your staffers want pictures with tech industry AI celebrities. It’s not the room you’d assemble when you want to better understand what AI is, how (and for whom) it functions, and what to do about it,” wrote Signal President Meredith Whittaker on X.

The CEO-heavy list had others questioning the technical AI acumen of the attendees. “I hope that Schumer and others pivot to hear counterpoints from the many technical people who are good at explaining tech,” said Dr. Margaret Mitchell of AI platform Hugging Face, whose CEO attended the meeting. “These CEOs are largely not. And they are very much incentivized to obscure critical details, to the extent they themselves understand them.”

Enlarge / Gamblers and hotel guests at MGM casinos on the Las Vegas Strip, including the Bellagio, were affected by the security breach. (credit: Ethan Miller/Getty Images)

A cyber criminal gang proficient in impersonation and malware has been identified as the likely culprit for an attack that paralized networks at US casino operator MGM Resorts International.

The group, which security researchers call “Scattered Spider,” uses fraudulent phone calls to employees and help desks to “phish” for login credentials. It has targeted MGM and dozens of other Western companies with the aim of extracting ransom payments, according to two people familiar with the situation.

The operator of hotel casinos on the Las Vegas Strip, including the Bellagio, Aria, Cosmopolitan, and Excalibur, preemptively shut down large parts of its internal networks after discovering the breach on Sunday, one of the people said.

Enlarge (credit: Getty Images)

End users, admins, and researchers better brace yourselves: The number of apps being patched for zero-day vulnerabilities has skyrocketed this month and is likely to get worse in the following weeks.

People have worked overtime in recent weeks to patch a raft of vulnerabilities actively exploited in the wild, with offerings from Apple, Microsoft, Google, Mozilla, Adobe, and Cisco all being affected since the beginning of the month. The total number of zero-days in September so far is 10, compared with a total of 60 from January through August, according to security firm Mandiant. The company tracked 55 zero-days in 2022 and 81 in 2021.

The number of zero-days tracked this month is considerably higher than the monthly average this year. A sampling of the affected companies and products includes iOS and macOS, Windows, Chrome, Firefox, Acrobat and Reader, the Atlas VPN, and Cisco’s Adaptive Security Appliance Software and its Firepower Threat Defense. The number of apps is likely to grow because a single vulnerability that allows hackers to execute malicious code when users open a booby-trapped image included in a message or web page is present in possibly hundreds of apps.

Enlarge (credit: Getty Images)

Imagine typing “dramatic intro music” and hearing a soaring symphony or writing “creepy footsteps” and getting high-quality sound effects. That’s the promise of Stable Audio, a text-to-audio AI model announced Wednesday by Stability AI that can synthesize music or sounds from written descriptions. Before long, similar technology may challenge musicians for their jobs.

If you’ll recall, Stability AI is the company that helped fund the creation of Stable Diffusion, a latent diffusion image synthesis model released in August 2022. Not content to limit itself to generating images, the company branched out into audio by backing Harmonai, an AI lab that launched music generator Dance Diffusion in September.

Now Stability and Harmonai want to break into commercial AI audio production with Stable Audio. Judging by production samples, it seems like a significant audio quality upgrade from previous AI audio generators we’ve seen.

Enlarge / SpaceX Starlink satellite dish at Pelican Beach on Willard Bay Reservoir in Willard, Utah, in October 2022. (credit: Tony Webster (CC BY-SA 2.0))

SpaceX’s Starlink division hasn’t come close to meeting customer and revenue projections that the company shared with investors before building the satellite network, according to a Wall Street Journal report published today.

A 2015 presentation that “SpaceX used to raise money from investors” reportedly projected that in 2022, Starlink would hit 20 million subscribers and generate nearly $12 billion in revenue and $7 billion in operating profit. The WSJ said it obtained the 2015 presentation and recent documents with numbers on Starlink’s actual performance in 2022.

Actual Starlink revenue for 2022 was $1.4 billion, up from $222 million in 2021, according to the report. The documents apparently didn’t specify whether Starlink is profitable.

Enlarge (credit: Coca-Cola)

Coca-Cola has taken a fizzy leap into the future of AI hype with the release of Coca‑Cola Y3000 Zero Sugar, a “limited-edition” beverage reportedly co-created with artificial intelligence. Its futuristic name evokes flavor in the year 3000 (still 977 years away), but its marketing relies on AI-generated imagery from 2023—courtesy of the controversial image synthesis model Stable Diffusion.

Stable Diffusion, a technology which is mentioned by name when launching the “Coca-Cola Y3000 AI Cam” mobile app, gained its ability to generate images by scraping hundreds of millions of copyrighted works found on the Internet without copyright holder permission and is currently the subject of litigation related to copyright infringement.

But there is no hint of that controversy in Coca-Cola’s marketing materials, which lean heavily into today’s buzzy, AI-centered tech zeitgeist.

Enlarge / A digital Trojan horse. (credit: Getty Images | posteriori)

A download site surreptitiously served Linux users malware that stole passwords and other sensitive information for more than three years until it finally went quiet, researchers said on Tuesday.

The site, freedownloadmanager[.]org, offered a benign version of a Linux offering known as the Free Download Manager. Starting in 2020, the same domain at times redirected users to the domain deb.fdmpkg[.]org, which served a malicious version of the app. The version available on the malicious domain contained a script that downloaded two executable files to the /var/tmp/crond and /var/tmp/bs file paths. The script then used the cron job scheduler to cause the file at /var/tmp/crond to launch every 10 minutes. With that, devices that had installed the booby-trapped version of Free Download Manager were permanently backdoored.

After accessing an IP address for the malicious domain, the backdoor launched a reverse shell that allowed the attackers to remotely control the infected device. Researchers from Kaspersky, the security firm that discovered the malware, then ran the backdoor on a lab device to observe how it behaved.

Enlarge (credit: Jakub Porzycki/NurPhoto via Getty Images)

Qualcomm has extended a deal to supply 5G modems for Apple’s smartphones, in a sign the iPhone maker is still struggling to perfect the technology in-house.

Apple has been trying to make modems—which govern how its devices communicate with cellular mobile networks—for its iPhones since 2018. The plan is an extension of its multibillion-dollar effort to develop more of its semiconductor components itself instead of relying on external suppliers.

Qualcomm said on Monday that it will supply Apple with its chips for its smartphone launches in 2024, 2025, and 2026. The terms of the deal were not made public but Qualcomm said they were similar to the original deal struck in 2019.