OpenAI "hasn't yet turned a profit," notes Wall Street Journal business columnist Tim Higgins. "Its annual revenue is 2% of Amazon.com's sales.

"Its future is uncertain beyond the hope of ushering in a godlike artificial intelligence that might help cure cancer and transform work and life as we know it. Still, it is brimming with hope and excitement.

"But what if OpenAI fails?" There's real concern that through many complicated and murky tech deals aimed at bolstering OpenAI's finances, the startup has become too big to fail. Or, put another way, if the hype and hope around Chief Executive Sam Altman's vision of the AI future fails to materialize, it could create systemic risk to the part of the U.S. economy likely keeping us out of recession.

That's rarefied air, especially for a startup. Few worried about what would happen if Pets.com failed in the dot-com boom. We saw in 2008-09 with the bank rescues and the Chrysler and General Motors bailouts what happens in the U.S. when certain companies become too big to fail...

[A]fter a lengthy effort to reorganize itself, OpenAI announced moves that will allow it to have a simpler corporate structure. This will help it to raise money from private investors and, presumably, become a publicly traded company one day. Already, some are talking about how OpenAI might be the first trillion-dollar initial public offering... Nobody is saying OpenAI is dabbling in anything like liar loans or subprime mortgages. But the startup is engaging in complex deals with the key tech-industry pillars, the sorts of companies making the guts of the AI computing revolution, such as chips and Ethernet cables. Those companies, including Nvidia and Oracle, are partnering with OpenAI, which in turn is committing to make big purchases in coming years as part of its growth ambitions.

Supporters would argue it is just savvy dealmaking. A company like Nvidia, for example, is putting money into a market-making startup while OpenAI is using the lofty value of its private equity to acquire physical assets... They're rooting for OpenAI as a once-in-a-generational chance to unseat the winners of the last tech cycles. After all, for some, OpenAI is the next Apple, Facebook, Google and Tesla wrapped up in one. It is akin to a company with limitless potential to disrupt the smartphone market, create its own social-media network, replace the search engine, usher in a robot future and reshape nearly every business and industry.... To others, however, OpenAI is something akin to tulip mania, the harbinger of the Great Depression, or the next dot-com bubble. Or worse, they see, a jobs killer and mad scientist intent on making Frankenstein.

But that's counting on OpenAI's success.

The address bar/ChatGPT input window in OpenAI's browser ChatGPT Atlas "could be targeted for prompt injection using malicious instructions disguised as links," reports SC World, citing a report from AI/agent security platform NeuralTrust: NeuralTrust found that a malformed URL could be crafted to include a prompt that is treated as plain text by the browser, passing the prompt on to the LLM. A malformation, such as an extra space after the first slash following "https:" prevents the browser from recognizing the link as a website to visit. Rather than triggering a web search, as is common when plain text is submitted to a browser's address bar, ChatGPT Atlas treats plain text as ChatGPT prompts by default.

An unsuspecting user could potentially be tricked into copying and pasting a malformed link, believing they will be sent to a legitimate webpage. An attacker could plant the link behind a "copy link" button so that the user might not notice the suspicious text at the end of the link until after it is pasted and submitted. These prompt injections could potentially be used to instruct ChatGPT to open a new tab to a malicious website such as a phishing site, or to tell ChatGPT to take harmful actions in the user's integrated applications or logged-in sites like Google Drive, NeuralTrust said.
Last month browser security platform LayerX also described how malicious prompts could be hidden in URLs (as a parameter) for Perplexity's browser Comet. And last week SquareX Labs demonstrated that a malicious browser extension could spoof Comet's AI sidebar feature and have since replicated the proof-of-concept (PoC) attack on Atlas.

But another new vulnerability in ChatGPT Atlas "could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant's memory and run arbitrary code," reports The Hacker News, citing a report from browser security platform LayerX: "This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware," LayerX Security Co-Founder and CEO, Or Eshed, said in a report shared with The Hacker News. The attack, at its core, leverages a cross-site request forgery (CSRF) flaw that could be exploited to inject malicious instructions into ChatGPT's persistent memory. The corrupted memory can then persist across devices and sessions, permitting an attacker to conduct various actions, including seizing control of a user's account, browser, or connected systems, when a logged-in user attempts to use ChatGPT for legitimate purposes....

"What makes this exploit uniquely dangerous is that it targets the AI's persistent memory, not just the browser session," Michelle Levy, head of security research at LayerX Security, said. "By chaining a standard CSRF to a memory write, an attacker can invisibly plant instructions that survive across devices, sessions, and even different browsers. In our tests, once ChatGPT's memory was tainted, subsequent 'normal' prompts could trigger code fetches, privilege escalations, or data exfiltration without tripping meaningful safeguards...."

LayerX said the problem is exacerbated by ChatGPT Atlas' lack of robust anti-phishing controls, the browser security company said, adding it leaves users up to 90% more exposed than traditional browsers like Google Chrome or Microsoft Edge. In tests against over 100 in-the-wild web vulnerabilities and phishing attacks, Edge managed to stop 53% of them, followed by Google Chrome at 47% and Dia at 46%. In contrast, Perplexity's Comet and ChatGPT Atlas stopped only 7% and 5.8% of malicious web pages.
From The Conversation: Sandboxing is a security approach designed to keep websites isolated and prevent malicious code from accessing data from other tabs. The modern web depends on this separation. But in Atlas, the AI agent isn't malicious code — it's a trusted user with permission to see and act across all sites. This undermines the core principle of browser isolation.
Thanks to Slashdot reader spatwei for suggesting the topic.

Disney's channels, including ESPN, ABC, FX, and NatGeo, have gone dark on YouTube TV after Google and Disney failed to renew their carriage agreement before the October 30 deadline, with each side blaming the other for using unfair negotiating tactics and price hikes. YouTube TV says it will issue a $20 credit to subscribers if the blackout continues while negotiations proceed. Engadget reports: "Last week Disney used the threat of a blackout on YouTube TV as a negotiating tactic to force deal terms that would raise prices on our customers," YouTube said in an announcement on its blog. "They're now following through on that threat, suspending their content on YouTube TV." YouTube added that Disney's decision harms its subscribers while benefiting its own live TV products, such as Hulu+Live TV and Fubo.

In a statement sent to the Los Angeles Times, however, Disney accused Google's YouTube TV of choosing to deny "subscribers the content they value most by refusing to pay fair rates for [its] channels, including ESPN and ABC." Disney also accused Google of using its market dominance to "eliminate competition and undercut the industry-standard terms" that other pay-TV distributors have agreed to pay for its content.

An anonymous reader shares a report: The rush to secure electricity has intensified as tech companies look to spend trillions of dollars building data centers. There's an industry that consumes even more power than many tech giants, and it has largely escaped the same scrutiny: suppliers of industrial gases.

Everyday items like toothpaste and life-saving treatments like MRIs are among the countless parts of modern life that hinge on access to gases such as nitrogen, oxygen and helium. Producing and transporting these gases to industrial facilities and hospitals is a highly energy-intensive process. Three companies -- Linde, Air Liquide and Air Products and Chemicals -- control 70% of the $120 billion global market for industrial gases. Their initiatives to rein in electricity use or switch to renewables aren't enough to rapidly cut carbon emissions, according to a new report from the campaign group Action Speaks Louder.

"The scale of the sector's greenhouse gas emissions and electricity use is staggering," said George Harding-Rolls, the group's head of campaigns and one of the authors of the report. Linde's electricity use in 2024 exceeded that of Alphabet's Google and Samsung Electronics as well as oil giant TotalEnergies, while the power use of Air Liquide and Air Products was comparable to that of Shell and Microsoft. Yet unlike fossil fuel and tech companies, these industrial gas companies are far from household names because their customers are the world's largest chemicals, steel and oil companies rather than average consumers.

The industry relies on air-separation units, which use giant compressors to turn air into liquid and then distill it into its many components. These machines are responsible for much of the industry's electricity demand, and their use alone is responsible for 2% of carbon dioxide emissions in China and the US, the world's two largest polluters.

Google Maps is testing a power saving mode in its latest Android beta release that strips the navigation interface to its bare essentials. The feature transforms the screen into a monochrome display and removes nearly all UI elements during navigation, according to AndroidAuthority.

Users discovered code strings in version 25.44.03.824313610 indicating the mode activates through the phone's physical power button rather than through any in-app menu. The stripped-down interface eliminates standard map labels and appears to omit even the name of the upcoming street where drivers need to turn. The mode supports walking, driving, and two-wheeler directions but currently cannot be used in landscape orientation.

An anonymous reader shares a report: Adobe brought together 10,000 marketers, filmmakers and content creators to its annual conference this week to persuade them that the company's software products are adapting to AI and remain the best tools for their work. But it's Adobe's investors, rather than its users, who are the most skeptical that generative AI technology won't disrupt the company's business as the top seller of software for creative professionals.

Despite a strong strategy, Adobe is "at risk of structural AI-driven competitive and pricing pressure," wrote Tyler Radke, an analyst at Citigroup. The company's shares have lost about a quarter of their value this year as AI tools like Google's video-generating model Veo have gained steam. In an interview with Bloomberg Television earlier this week, Adobe Chief Executive Officer Shantanu Narayen said the company is undervalued as the market is focused on semiconductors and the training of AI models.

An anonymous reader quotes a report from 404 Media: Someone recently managed to get on a Microsoft Teams call with representatives from phone hacking company Cellebrite, and then leaked a screenshot of the company's capabilities against many Google Pixel phones, according to a forum post about the leak and 404 Media's review of the material. The leak follows others obtained and verified by 404 Media over the last 18 months. Those leaks impacted both Cellebrite and its competitor Grayshift, now owned by Magnet Forensics. Both companies constantly hunt for techniques to unlock phones law enforcement have physical access to.

"You can Teams meeting with them. They tell everything. Still cannot extract esim on Pixel. Ask anything," a user called rogueFed wrote on the GrapheneOS forum on Wednesday, speaking about what they learned about Cellebrite capabilities. GrapheneOS is a security- and privacy-focused Android-based operating system. rogueFed then posted two screenshots of the Microsoft Teams call. The first was a Cellebrite Support Matrix, which lays out whether the company's tech can, or can't, unlock certain phones and under what conditions. The second screenshot was of a Cellebrite employee. According to another of rogueFed's posts, the meeting took place in October. The meeting appears to have been a sales call. The employee is a "pre sales expert," according to a profile available online.

The Support Matrix is focused on modern Google Pixel devices, including the Pixel 9 series. The screenshot does not include details on the Pixel 10, which is Google's latest device. It discusses Cellebrite's capabilities regarding 'before first unlock', or BFU, when a piece of phone unlocking tech tries to open a device before someone has typed in the phone's passcode for the first time since being turned on. It also shows Cellebrite's capabilities against after first unlock, or AFU, devices. The Support Matrix also shows Cellebrite's capabilities against Pixel devices running GrapheneOS, with some differences between phones running that operating system and stock Android. Cellebrite does support, for example, Pixel 9 devices BFU. Meanwhile the screenshot indicates Cellebrite cannot unlock Pixel 9 devices running GrapheneOS BFU. In their forum post, rogueFed wrote that the "meeting focused specific on GrapheneOS bypass capability." They added "very fresh info more coming."

Google and Magic Leap have extended their partnership for another three years to develop Android XR glasses. They also showed off a new prototype concept that combines Google's Raxium microLED light engine with Magic Leap's AR optics, resulting in a lightweight, stylish pair of glasses that blends real-world vision with multimodal AI. 9to5Google reports: As noted by Android Central, a press release shared by Magic Leap adds some further technical details. This includes mentioning that Google's "Raxium microLED light engine" integrates with Magic Leap's tech to bring "digital content seamlessly into the world." As pictured above, the "display" portion of the lens is visible at some angles, but it's largely impossible to see.

Magic Leap and Google will show an AI glasses prototype at FII that will serve as a prototype and reference design for the Android XR ecosystem. The demo shows how Magic Leap's technology, integrated with Google's Raxium microLED light engine, brings digital content seamlessly into the world. The prototypes worn on stage illustrate how comfortable, stylish smart eyewear is possible and the video showed the potential for users to stay present in the real world while tapping into the knowledge and functionality of multimodal AI.

During the presentation, text on the nearby screens suggests that Magic Leap is mainly working with Google on the technology here, rather than bringing its own glasses to market. Magic Leap further hints at this in its press release, calling itself "an AR ecosystem partner" focused on "supporting global technology leaders that want to enter the AR market and accelerate the production of AR glasses."

PC Mag's Michael Kan writes: A "Keep Android Open" campaign is pushing back on new rules from Google that will reportedly block users from sideloading apps on Android phones. It's unclear who's running the campaign, but a blog post on the free Android app store F-Droid is directing users to visit the campaign's website, which urges the public to lobby government regulators to intervene and stop the upcoming restrictions. "Developers should have the right to create and distribute software without submitting to unnecessary corporate surveillance," reads an open letter posted to the site. [...]

Google has described the upcoming change as akin to requiring app developers to go through "an ID check at the airport." However, F-Droid condemned the new requirement as anti-consumer choice. "If you own a computer, you should have the right to run whatever programs you want on it," it says. Additionally, the rules threaten third-party app distribution on F-Droid, which operates as a "free/open-source app distribution" model.

In its blog post, F-Droid warns about the impact on users and Android app developers. "You, the creator, can no longer develop an app and share it directly with your friends, family, and community without first seeking Google's approval," the app store says. "Over half of all humankind uses an Android smartphone," the blog post adds. "Google does not own your phone. You own your phone. You have the right to decide who to trust, and where you can get your software from."

An anonymous reader quotes a report from the Guardian: When Google and Amazon negotiated a major $1.2 billion cloud-computing deal in 2021, their customer -- the Israeli government -- had an unusual demand: agree to use a secret code as part of an arrangement that would become known as the "winking mechanism." The demand, which would require Google and Amazon to effectively sidestep legal obligations in countries around the world, was born out of Israel's concerns that data it moves into the global corporations' cloud platforms could end up in the hands of foreign law enforcement authorities.

Like other big tech companies, Google and Amazon's cloud businesses routinely comply with requests from police, prosecutors and security services to hand over customer data to assist investigations. This process is often cloaked in secrecy. The companies are frequently gagged from alerting the affected customer their information has been turned over. This is either because the law enforcement agency has the power to demand this or a court has ordered them to stay silent. For Israel, losing control of its data to authorities overseas was a significant concern. So to deal with the threat, officials created a secret warning system: the companies must send signals hidden in payments to the Israeli government, tipping it off when it has disclosed Israeli data to foreign courts or investigators.

To clinch the lucrative contract, Google and Amazon agreed to the so-called winking mechanism, according to leaked documents seen by the Guardian, as part of a joint investigation with Israeli-Palestinian publication +972 Magazine and Hebrew-language outlet Local Call. Based on the documents and descriptions of the contract by Israeli officials, the investigation reveals how the companies bowed to a series of stringent and unorthodox "controls" contained within the 2021 deal, known as Project Nimbus. Both Google and Amazon's cloud businesses have denied evading any legal obligations.

A critical security flaw in Chromium's Blink rendering engine can crash billions of browsers within seconds. Security researcher Jose Pino discovered the vulnerability and created a proof-of-concept exploit called Brash to demonstrate the bug affecting Chrome, Edge, OpenAI's ChatGPT Atlas, Brave, Vivaldi, Arc, Dia, Opera and Perplexity Comet.

The flaw, reports The Register, exploits the absence of rate limiting on document.title API updates in Chromium versions 143.0.7483.0 and later. The attack injects millions of DOM mutations per second and saturates the main thread. When The Register tested the code on Edge, the browser crashed and the Windows machine locked up after about 30 seconds while consuming 18GB of RAM in one tab. Pino disclosed the bug to the Chromium security team on August 28 and followed up on August 30 but received no response. Google said it is looking into the issue.

An anonymous reader quotes a report from Ars Technica: Since launching Google Play (nee Android Market) in 2008, Google has never made a change to the US store that it didn't want to make -- until now. Having lost the antitrust case brought by Epic Games, Google has implemented the first phase of changes mandated by the court. Developers operating in the Play Store will have more freedom to direct app users to resources outside the Google bubble. However, Google has not given up hope of reversing its loss before it's forced to make bigger changes. Epic began pursuing this case in 2020, stemming from its attempt to sell Fortnite content without going through Google's payment system. It filed a similar case against Apple, but the company fell short there because it could not show that Apple put its thumb on the scale. Google, however, engaged in conduct that amounted to suppressing the development of alternative Android app stores. It lost the case and came up short on appeal this past summer, leaving the company with little choice but to prepare for the worst.

Google has updated its support pages to confirm that it's abiding by the court's order. In the US, Play Store developers now have the option of using external payment platforms that bypass the Play Store entirely. This could hypothetically allow developers to offer lower prices, as they don't have to pay Google's commission, which can be up to 30 percent. Devs will also be permitted to direct users to sources for app downloads and payment methods outside the Play Store. Google's support page stresses that these changes are only being instituted in the US version of the Play Store, which is all the US District Court can require. The company also notes that it only plans to adhere to this policy "while the US District Court's order remains in effect." Judge James Donato's order runs for three years, ending on November 1, 2027.

Google will offer 18-month free access to its Gemini AI service for all 505 million telecom users of India's Reliance Jio, a tie-up that follows similar freebies from rivals including OpenAI to boost adoption in the world's most populous nation. From a report: The move also comes weeks after Google committed to invest $15 billion in AI infrastructure capacity in India, its biggest investment yet in the critical South Asian market.

[...] The Gemini offer will give Jio users free access to the advanced model of the AI app, two terabytes of cloud storage, and its image and video generation models, in an 18-month offering that is otherwise priced at 35,100 rupees ($399). The companies on Thursday also announced AI partnerships that targeted Indian businesses.

Alphabet reported its first-ever $100 billion quarter, fueled by a 34% surge in Google Cloud revenue and booming AI demand. The tech giant also announced an increase in expected capital expenditures for the fiscal year of 2025. CNBC reports: "With the growth across our business and demand from Cloud customers, we now expect 2025 capital expenditures to be in a range of $91 billion to $93 billion," the company said in its earnings report (PDF) Wednesday. "Looking out to 2026, we expect a significant increase in CapEx and will provide more detail on our fourth quarter earnings call," said finance chief Anat Ashkenazi on the earnings call with investors Wednesday.

Earlier this year, the company increased its capital expenditure expectation from $75 billion to $85 billion. Most of that goes toward technical infrastructure such as data centers. The latest earnings show the company is seeing rising demand for its AI services, which largely sit in its cloud unit. It also shows the company is continuing to spend more to try and build out more infrastructure to accomodate the backlog of customer requests. "We continue to drive strong growth in new businesses. Google Cloud accelerated, ending the quarter with $155 billion in backlog," CEO Sundar Pichai said in the earnings release.

Grammarly is rebranding itself as "Superhuman" following its acquisition of the email client, while keeping its existing product names for now. Along with the rebrand, the company is launching "Superhuman Go," an AI assistant that integrates with tools like Gmail, Jira, and Google Drive to enhance writing and automate productivity tasks. "The assistant can use these connections to do tasks like logging tickets or fetching your availability when you're scheduling a meeting," adds TechCrunch. "Superhuman said it plans to add functionality to enable the assistant to fetch data from sources like CRMs and internal systems to suggest changes to your emails."

"Users can try Superhuman Go by turning on a toggle in the Grammarly extension, which will let them connect it to different apps. Users can also try out different agents in the company's agent store, which include a plagiarism checker and a proofreader, launched in August."

An anonymous reader shares a report: The transition to the more-secure HTTPS web protocol has plateaued, according to Google. As of 2020, 95 to 99 percent of navigations in Chrome use HTTPS. To help make it safer for users to click on links, Chrome will enable a setting called Always Use Secure Connections for public sites for all users by default. This will happen in October 2026 with the release of Chrome 154.

The change will happen earlier for those who have switched on Enhanced Safe Browsing protections in Chrome. Google will enable Always Use Secure Connections by default in April when Chrome 147 drops. When this setting is on, Chrome will ask for your permission before it first accesses a public website that doesn't use HTTPS.

YouTube says it will automatically upscale videos uploaded below 1080p (full-HD to higher resolution using AI. The Google-owned platform, however, assured that it will give creators and viewers the option to opt out of the enhancement. The feature will apply only to videos uploaded in resolutions from 240p to 720p and will not affect videos that creators have already remastered to 1080p. Creators will retain control over their original files, and viewers will be able to watch videos in their uploaded resolution through a settings option.

YouTube said it plans to support upscaling to 4K in the near future. The company also said it is expanding the video thumbnail size limit from 2MB to 50MB to support 4K images. On videos with tagged products, viewers will soon be able to scan a QR code on TV screens to purchase items directly.

hackingbear shares a report from Crypto News: Two Chinese artificial intelligence (AI) models, DeepSeek V3.1 and Alibaba's Qwen3-Max, have taken a commanding lead over their US counterparts in a live real-world real-money cryptocurrency trading competition, posting triple-digit gains in less than two weeks. According to Alpha Arena, a real-market trading challenge launched by US research firm Nof1, DeepSeek's Chat V3.1 turned an initial $10,000 into $22,900 by Monday, a 126% increase since trading began on October 18, while Qwen 3 Max followed closely with a 108% return.

In stark contrast, US models lagged far behind. OpenAI's GPT-5 posted the worst performance, losing nearly 60% of its portfolio, while Google DeepMind's Gemini 2.5 Pro showed a similar 57% decline. xAI's Grok 4 and Anthropic's Claude 4.5 Sonnet fared slightly better, returning 14% and 23% respectively. "Our goal with Alpha Arena is to make benchmarks more like the real world -- and markets are perfect for this," Nof1 said on its website.

Chegg says it will lay off about 45% of its workforce, or 388 employees, as the "new realities" of artificial intelligence and diminished traffic from internet search have led to plummeting revenue. From a report: The online education company, founded 20 years ago, has been hit by the rise of generative AI software tools, such as OpenAI's ChatGPT, which have become increasingly popular among students.

Chegg also sued Google in February, arguing that AI summaries of search results have hurt its traffic and sales. The company reiterated that claim on Monday, saying AI and "reduced traffic from Google to content publishers" have damaged its business. "As a result, and reflecting the company's continued investment in AI, Chegg is restructuring the way it operates its academic learning products," the company said. The cuts come after Chegg in May laid off 22% of its workforce, citing increasing adoption of AI. Chegg's market cap has fallen 98.8% in recent years to about $135 million.

NextEra Energy and Google have partnered to restart Iowa's long-shuttered Duane Arnold nuclear plant, marking the first major U.S. attempt to revive a decommissioned reactor. "We expect Duane Arnold to be back online in early 2029, and the plant will provide more than 600 MW of clean, safe, 'always-on' nuclear energy to the regional grid," said Google in a blog post. Reuters reports: Under the 25-year agreement, the tech giant will purchase power from the 615-MW plant for its growing cloud and AI infrastructure in the state, while also driving significant economic investment to the Midwest region. One of the plant's minority owners, Central Iowa Power Cooperative (CIPCO), will purchase the remaining portion of the plant's output on the same terms as Google, NextEra said. The utility added that it had also signed agreements to acquire CIPCO and Corn Belt Power Cooperative's combined 30% interest in the Duane Arnold plant, bringing NextEra's ownership to 100%.