Month: April 2025

“Big tech, and now government officials, argue that the draft AI rulebook layers on extra obligations, including third party model testing and full training data disclosure, that go beyond what is in the legally binding AI Act’s text, and furthermore, would be very challenging to implement at scale,” explained Thomas Randall, director of AI market research at Info-Tech Research Group.

Onus is shifting from vendor to enterprise

On its web page describing the initiative, the European Commission said, “the code should represent a central tool for providers to demonstrate compliance with the AI Act, incorporating state-of-the-art practices.”

The code is voluntary, but the goal is to help providers prepare to satisfy the EU AI Act’s regulations around transparency, copyright, and risk mitigation. It is being drafted by a diverse group of general-purpose AI model providers, industry organizations, copyright holders, civil society representatives, members of academia, and independent experts, overseen by the European AI Office.

Could disrupt the browser market

Harrington countered, “this is not as simple as selling off a product; it’s a complete platform. And it’s moving from Google, where data collection is about selling ads, to OpenAI, where data collection is about training AI to then sell to a ridiculously wide variety of purposes. A ‘devil you know versus the devil you don’t know’ sort of deal.”

Such a move, said Harrington, has the potential to completely disrupt the browser market as a whole, not just for Google. “It’s understandable why OpenAI would want it for training the AI models, but if they purchase Chrome, what happens to Chromium? While it’s the open-source project of Chrome and ChromeOS, does Google keep the project under their development arm, or does it go with the browser?”

He pointed out that the majority of non-Chrome browsers use Chromium as their engine, so “if it stays under Google, by and large the browser market should probably remain the same. If it goes along with the sale to OpenAI, that could cause a serious disruption, as the privacy focused developers may want to distance themselves from a company that’s making money feeding their AI models.”

One of the biggest problems with today’s AI models is that they tend to simply make up answers when they don’t know what’s going on, something called hallucinations.

You would think that the number of hallucinations would decrease over time, but according to internal tests from Open AI, the opposite is true. The o3 and o4-mini reasoning AI models produce more hallucinations than their predecessors o1, o1-mini, and o3-mini, Techcrunch reports.

In one of the tests, the o3 model hallucinated in 33% of responses, compared to 16% for the o1 and 14.8% for the 03-mini.

Oct. 31, 2023: Google CEO Sundai Pichai takes the stand, for long-awaited testimony about the relationship between his company and Apple. He gave some details about Google’s negotiations with Apple over a contract that made Google the default search engine on Apple’s iPhones, iPads, and Macs. Google has paid billions for the privilege of being the default search on Apple products, and the relationship is a key part of the case – which was underlined by the Justice Department’s cross-examination of Pichai, during which he admitted that default search status is a major driver of market share.

Oct. 18, 2023: Google begins its defense, calling Paul Nayak, a vice president of search, to the stand as its first witness. Nayak downplays the importance of scale in his testimony, stressing that machine intelligence, compute infrastructure, and a team of 16,000 staff that checks on search results are crucial to maintaining quality of service. DOJ witnesses including DuckDuckGo CEO Gabriel Weinberg and Microsoft CEO Satya Nadella had testified that Google keeps an edge over competitors via an ever-increasing trove of data — the result of its default search engine status, maintained through exclusive contracts and billions of dollars in payments to Apple, Samsung and other companies. This data gives Google an advantage in refining search engine results, they said. 

Oct. 3, 2023: As a witness for the prosecution in the Google antitrust trial, Microsoft CEO Satya Nadella warns that Google’s monopoly profits could lock in publishers as AI-enabled search arrives. Nadella argued that it’s almost impossible to compete with Google, given the search leader’s massive competitive edge in collecting and analyzing user data. He also warned that Google, with its vast profits and lock on the search market, stands poised to extend its monopoly power in a new era where artificial intelligence technologies will turbocharge the search business.

Things are getting serious regarding Apple security. This shouldn’t really surprise you, given the normalization of chaos we’re enduring, as confusion always makes people more vulnerable. It’s easier to be hoodwinked into clicking that particular malware link when your head’s all over the place, you can’t think, and you don’t know whether you’ll still be in business tomorrow.

That’s because threats don’t need to be aligned or even harmonized to work together. Insecurity in one space breeds less security elsewhere, and then the whole house of dominoes falls on the strength of a single malicious whisper. Just last week, Ric Derbyshire, principal cybersecurity researcher at Orange Cyberdefense, warned that the digital world is at risk. 

Apple fixes two zero-days

Then, as if on cue, Apple rushes out its iOS 18.4.1 security patch to fix a pair of zero-day attacks it thinks are being actively used. The patch has also been made available to Macs, iPads, and other Apple devices.

“The issue is that the setting to audit logon and logoff events may be disabled (set to ‘no auditing’) and yet still produce log entries for events of this type,” explained Fred Chagnon, principal research director at Info-Tech Research Group. “These events are triggered by users or devices authenticating to the local Active Directory when joining the domain.”

Potentially confusing reports

Out-of-band updates address urgent issues outside of regular release cycles, often for security or other critical issues. They require manual download and installation because they do not impact all users.

The AD Group Policy inconsistency is visible in the Local Group Policy Editor (where administrators manage policy settings on a local computer) and Local Security Policy (where administrators manage security settings on individual computers). The ‘audit logon events’ policy setting allows system administrators to track logon and logoff events and create new entries in audit logs that register all user and service activities. It is typically used in security and compliance scenarios.

“This is fully what we were expecting,” said Jon Nelson, a principal advisory director at Info-Tech Research Group. “[But] I do question the motives of the group. They are doing this under the auspices of reducing risk, but I question if that is the real reason. Do the people making up this group have a conflict of interest in that this move could generate additional revenue for their companies?”

Although the group voted overwhelmingly to approve the change, with zero “No” votes, not every member agreed with the decision; five members abstained.

Tim Callan, the chief compliance officer at Sectigo and vice chair of the CA/Browser Forum, said that one of the certificate authority (CA) members who abstained, who he declined to identify, wrote a note to the group. Callan said it read, “we have mixed feelings about this. We are in favor in principle. However, we are unconvinced that the most restrictive terms are necessary, to go all of the way down to 47 days.”

However, he said, “given the temporary workaround that was published, and an expected fast fix, the negative impact shouldn’t be long term or extensive. It’s also been widely shared in the news, and that could help reduce the call volume and trouble tickets for enterprises.”

Microsoft said in the release notes for a Patch Tuesday security update released this week that it is “aware of an edge case of Windows Hello issue affecting devices with specific security features enabled.”

The company stated, “after installing this update and performing a Push button reset or Reset this PC from Settings > System > Recovery and selecting Keep my Files and Local install, some users might be unable to login to their Windows services using Windows Hello facial recognition or PIN. Users might observe a Windows Hello Message saying ‘Something happened, and your PIN isn’t available. Click to set up your PIN again’ or ‘Sorry something went wrong with face setup.’”

People are ready to accept it

It’s not as if we’re not ready for such a service. Even back in 2022, CIRP Partner and Co-Founder Josh Lowitz said: “Based on current consumer behavior, iPhone users are primed to adopt a subscription service that provides an iPhone bundled with useful apps. Almost half iPhone owners already finance their iPhone purchase, paying monthly for a new phone. And about one-third trade-in their old phone when they buy a new one. So, a significant portion of the user base is accustomed to never owning a phone, instead basically leasing it.”

Apple also gains. In this case, it benefits from potentially lower, but at least recurring, income upon which to balance its stock. And it benefits from the fact that at the end of the subscription period (or during it if the consumer cannot maintain payments), the devices will be returned for refurbishment, resale/let, and/or recycling.

This also opens up the highly lucrative second-user iPhone market, which is an income stream Apple hasn’t yet fully explored. The iPhone is the most widely sold smartphone on the second-user market and holds its value the longest; company management is said to have been eyeing whether they can extract more from those sales.