CIRCLE WITH A DOT

20 researchers gave AI access to their email, their files, their Discord, and their shell commands.The expectations were that the AI would do what it said it did, that it would follow instructions from the assigned people, and that it would not do things it wasn't asked to do.The paper is called Agents of Chaos, and it documents 11 things that went wrong in just 2 weeks that nobody expected. Here is what the AI did without being asked to:It obeyed strangers. People who were not the owners of the system gave it instructions. It followed them. No questions asked.It disclosed sensitive information. Not because it was hacked. Not because someone broke in. Just because someone asked.It executed destructive actions at the system level. Things that could not be undone. And in many cases it reported back to the researchers that the task was completed successfully. It was not.Deeply unsettling to think about as AI is being deployed all around us.#Research #AI https://arxiv.org/abs/2602.20021

Interesting links of the week:Strategy:* https://www.isc.org/blogs/2026-04-16-How-to-report-a-vulnerability/ - @iscdotorg makes some useful suggestions on reporting vulnerabilities* https://sushegaad.github.io/Claude-Skills-Governance-Risk-and-Compliance/ - building a GRC framework with Claude * https://jericho.blog/2026/04/17/nvd-gives-up/ - Jericho from @attritionorg gives us the skinny on the NVD updates* https://www.usenix.org/system/files/login/articles/login_apr15_12_geer.pdf - Dan Geer predicts...* https://security.googleblog.com/2025/04/google-launches-sec-gemini-v1-new.html - remembering Sec-Gemini v1 hype* https://init6.com/papers/Day-Zero-Normal-CISO-Brief.pdf - @mubix comes with another take on AI and LLM* https://labs.cloudsecurityalliance.org/wp-content/uploads/2026/04/mythosready-20260413.pdf - the Cloud Security Aliance chip in* https://cje.io/2026/04/08/offense-scales-with-compute-defense-scales-with-committees/ - as does @cjeDetection:* https://pub.expmon.com/ - Haifei Li's EXPMON* https://obdev.at/blog/little-snitch-for-linux/ - @littlesnitch comes to LinuxBugs:* https://x.com/Gi7w0rm/status/2042370775546482815 - more on that spike in Adobe Reader bugs chain* https://rhisac.org/threat-intelligence/bluehammer-windows-local-privilege-escalation-zero-day-publicly-released/ - moar on Blue Hammer #1* https://www.cyderes.com/howler-cell/windows-zero-day-bluehammer - moar on Blue Hammer #2* https://www.coresecurity.com/blog/analysis-bluehammer-lpe-exploiting-windows-defender-updates - moar on Blue Hammer #3Exploitation:* https://www.slideshare.net/slideshow/how-i-use-ai-for-penetration-testing-teri-radichel-2nd-sight-lab-3fb8/286987132 - @teriradichelHard hacks:* https://hackers-arise.com/scada-ics-hacking-and-security-attacking-the-modbus-protocol-with-rofuzz/ - attacking ICS and other OT with rofuzz* https://medium.com/@theopenshelf/amazon-is-cutting-kindle-store-access-on-pre-2013-kindles-a7b495cb51ee - Amazon has a Kindle problem and how you can help...Development:* https://appsec.guide/docs/languages/c-cpp/lang-c-cpp-bug-classes/ - @trailofbits's security coding guidance with bits'n'pieces from @gsuberland* https://blog.trailofbits.com/2026/04/09/master-c-and-c-with-our-new-testing-handbook-chapter/ - @gsuberland's accompanying blog post* https://arxiv.org/html/2603.21852v2 - all elementary functions from a single operatorData:* https://cardcatalogforlife.substack.com/p/google-has-a-secret-reference-desk - getting more out of GOOGIt's notable how many of the talking heads on AI and LLM are US based or funded *and* how many of them come from a cloud centric generation of businesses...#security, #research

Happy Space Science Saturday! The Lyrids meteor shower peaks on the night of April 22–23, bringing up to 18 meteors per hour! One of the oldest recorded meteor showers, the Lyrids come from debris left behind by Comet Thatcher. While the radiant is in the constellation Lyra, meteors can appear anywhere in the sky. So find a dark spot, give your eyes time to adjust, and look up. For the best views in Toronto, head out after midnight when the sky is darker and the radiant is higher. #Lyra #CometThatcher #MeteorShower #Lyrids #SpaceExploration #Space #Astronomer #Planets #Stars #Science #Physics #Toronto #YorkUObservatory #AICO #YorkU #SpaceScienceSaturday #Telescope #Astronomy #AllanICarswellObservatory #Research #ScienceOutreach

‘Science needs defending’: record number of researchers run for office in US mid-terms. Many Democrats making the switch to politics are motivated by the Trump administration’s cuts to science.https://www.nature.com/articles/d41586-026-01134-2#USpol #science #research #democracy

@tksst But what about if it's always wet???This explains why the Netherlands scores so high in happiness surveys.

#today misc life admin today, including bellyacheing at the gas people who cut off our gas supply fully (as wanted) but pointlessly wrecked out lawn etc because they didn't wait for us to be in!In other news, a #research report has just been published that shows #heatPumps and #TRVs (ie #zoning) can play nicely...https://www.beama.org.uk/resourceLibrary/university-of-salford---beama-trv-energy-house-report.html

Africa’s forests have flipped from carbon sink to #carbon sourcesource: sciencedaily.com/releases/2026…New #research has delivered a stark warning about a major change in Africa's forests. Once a crucial part of the fight against #climate change, these #forests are now releasing more carbon than they absorb.Many tipping points have likely already been crossed. This means that a truly dire and threatening future lies ahead for the next generation. We’ve known this since the 1970s, but #capitalism could not be stopped.#co2 #emissions #news #africa #forest #rainforest #warming #future #crisis #problem #humanity #environment #TippingPoint #science #nature #survival #ecosystem #Habitat #temperature #plant #earth #economy #knowledge #politics

Experts Banded Together to Condemn Age Verification. They Got IgnoredIt's yet another instance of how science gets routinely ignored in the age verification debate, but worth pointing out.https://www.freezenet.ca/experts-banded-together-to-condemn-age-verification-they-got-ignored/#Censorship #News #AgeVerification #letter #politics #research #science