"A coalition of state attorneys general has opened an investigation into OpenAI," reports the Wall Street Journal, citing "people familiar with the matter." OpenAI was served Friday with a subpoena seeking documents related to a broad range of its activities and impact on users, including advertising, user engagement and retention, handling of consumer data and health data, activities related to minors and seniors, deep learning models, model sycophancy and company policies, some of the people said. The subpoena, viewed by The Wall Street Journal, was sent by New York's attorney general....

Earlier this month, Florida became the first state to file a lawsuit against OpenAI and its chief executive, Sam Altman. The lawsuit claims OpenAI and Altman knowingly released an unsafe product and ignored warnings that it could harm users. Florida's Attorney General, James Uthmeier, opened a criminal investigation into OpenAI in April over the role its chatbot played in a mass shooting that killed two people at Florida State University last year. The suspect allegedly turned to ChatGPT as a confidant and sounding board to plan the attack, and the chatbot dispensed advice for his questions...

State attorneys general have been scrutinizing OpenAI's competitors in the AI industry as well. In December, a coalition of 42 state attorneys general led by Pennsylvania's Dave Sunday sent a letter to companies including OpenAI, Meta, Anthropic, Google and xAI. In the letter, the Attorneys General demanded safeguards to protect vulnerable users from harmful interactions with chatbots, warning that "developers may be held accountable for the outputs of their GenAI products" for "encouraging an individual to commit a criminal act."
"We take the concerns raised by state attorneys general seriously," OpenAI told the Journal in a statement, "and intend to engage constructively with their offices."

The article also acknowledges that The Wall Street Journal's parent company "has a content-licensing partnership with OpenAI."

It's the 10-year anniversary of Britain's "Brexit" vote withdrawing from the European Union. But a new UK poll "shows that a new Brexit referendum would reverse the vote that led to Britain's departure," reports Bloomberg: Fifty-two percent of Britons think the UK should rejoin the EU, according to an Ipsos survey of 1,137 British adults conducted between May 14 and May 20. That's the inverse of the mood in June 2016 when a comparable share of the electorate backed Brexit... Younger voters overwhelmingly favor reversing Brexit, whereas half of those ages 55 and above oppose returning to the bloc.
"The number of people who say Brexit is going worse than they had predicted has almost doubled in the past five years," reports The Independent, " from 27% in 2021 to 48% today — more than those saying it was going as well as or better than expected." [T]here is more backing for a second referendum, with 48 per cent now saying they would support one, against 27 per cent who would oppose it. Even a fifth of Reform UK voters and a quarter of those who voted Leave in 2016 would back a second vote, the study found.
Tufts University discussed the last 10 years with the European Studies chair at their international relations graduate school: Q: Have their fears of negative financial effects been realized?

A: The figures are quite revealing: The British GDP has been reduced by 6-8%, business investment has been reduced by 12%, and trade volume has been reduced by 15%, compared to what it could have been if the U.K. had remained in the EU...

Q: What do you think happens next?

A: The United Kingdom made a choice and they might have the opportunity, at some point, to revise this choice. I hope that when they have to decide again, they will be much more informed.

It's the U.S. law that allows wiretaps without a warrant for surveilling foreign targets. And the U.S. Congress just let it lapse. Sort of. NPR reports: Each year, the provision is used by American intelligence agencies to collect the electronic communications of hundreds of thousands of foreigners located outside of the United States. The government says that more than 60% of the president's daily intelligence briefing relies on information collected under the authority. The tool officially lapsed at the end of the day on Friday. What happens now?

Intelligence collection under FISA's Section 702 is authorized annually by a federal court — and the law allows for that collection to continue for the duration of the court's authorization, even if the law lapses before the court's next approval. That means companies — electronic communications service providers, in this context — will still be legally required to turn over material to intelligence agencies.

Still, some lawmakers worry that the companies compelled to turn over communications may attempt to challenge the law in court, possibly leading to an indeterminately long window during which they stop providing intel. Advocates on all sides of the surveillance fight believe those challenges are ultimately likely to fail, but those closely linked to the intelligence community emphasize that even a small pause comes with risks ahead of major events like America's 250th celebration and the World Cup.

The Trump administration released another large batch of government UAP records, including videos of glowing orb-like objects appearing to split and rejoin, witness accounts, illustrations, and decades-old investigative documents. Axios reports: The documents indicate that government agents have spent years monitoring, investigating and documenting suspected UAP incidents. At lease some of the sightings took place near sensitive government facilities, according to the reports. Videos showing red and yellow light-emitting orbs, some of which appear to split apart and then reattach as they fly across the sky. The videos were taken by witnesses whom the government deemed "credible."

Illustrations and videos showing reenactments of what observers saw, and the positions they were in when they viewed them. Memos from government agents describing their experiences seeing flying objects. An illustration of a grayish-white balloon-like object hovering above an area near Colorado Springs, Colo. An illustration depicting a series of incidents that took place in the "western United States" where government officials reported seeing UAPs in 2023.

There also are decades-old records documenting the government's involvement in investigating UAPs, including a 1949 letter then-FBI Director J. Edgar Hoover wrote federal agents after receiving a message from an American citizen expressing their belief they'd seen a non-human-made flying object. The records released by the administration do not express any conclusions as to whether the government believes the UAPs represent the existence of alien life. They also do not indicate any conclusions as to whether UAPs represent a national security threat to the U.S.

"Anthropic said on Friday it will 'abruptly disable' its most advanced AI models for all users," reports Reuters, "after the U.S. government ordered it to suspend access to the models for foreign nationals, citing national security concerns. The company received the export control directive to suspend access to Fable 5 and Mythos 5 for all foreign nationals, without being given specific details of its national security concern, Anthropic said in a statement."

Anthropic's blog post writes that the directive applies to foreign nationals "whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance."

"Access to all other Anthropic models will not be affected." We received the directive from the government today at 5:21pm (ET)... Our understanding is that the government believes it has become aware of a method of bypassing, or "jailbreaking" Fable 5... We have not even received a disclosure of a concerning non-universal potential jailbreak that led to a harmful result. The potential jailbreaks that have been disclosed to us are either entirely benign responses or are minor findings that provide no Mythos-specific uplift.

To date, the government has only given us verbal evidence of a potential narrow, non-universal jailbreak, which essentially consists of asking the model to read a specific codebase and fix any software flaws. Our understanding is that one potential jailbreak was shared with the government. We have reviewed a report that we believe is the basis of the government's directive and validated that the level of capability displayed there is widely available from other models (including OpenAI's GPT-5.5), and is used every day by the defenders who keep systems safe... We are complying with the government's legal directive and are removing access to Fable 5 and Mythos 5 for all users. However, we disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people. If this standard was applied across the industry, we believe it would essentially halt all new model deployments for all frontier model providers.

As we have stated publicly, we believe the government should have the ability to block unsafe deployments, as part of a statutory process that is transparent, fair, clear, and grounded in technical facts. This action does not adhere to those principles. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible.
Reuters notes that Amazon's cloud unit AWS "said late on Friday that Anthropic has asked it to revoke access to the models for 'all users in all regions.'" Dean Ball, a former White House official who contributed to the AI Action Plan the administration issued in the summer of 2025, said in a post on X that the order suggests all "non-Americans" would be restricted from using Anthropic's latest models, including those based in the U.S. "This means you should expect to have to prove your citizenship to use Anthropic models," Ball said. Several key Anthropic personnel, including co-founder Chris Olah, AI researcher Andrej Karpathy and philosopher Amanda Askell, were born outside the United States.

An anonymous reader quotes a report from TechCrunch: Google is suing to dismantle the infrastructure behind an alleged massive AI-powered cybercrime operation. On Friday, the tech giant announced a lawsuit against an alleged Chinese cybercrime network called Outsider Enterprise, which Google says uses AI in its campaigns to send scam text messages impersonating Google and other brands to steal passwords and credit card numbers.

Outsider Enterprise has financially scammed "hundreds of thousands of victims" with losses "estimated in the millions." The group deployed 9,000 fake websites, 1 million fraudulent web domains, and 2.5 million texts sent to Android users in a two-week period, according to Google. "55,000 spam texts were flagged by Android users in just two weeks this past May -- that's more than two text spam complaints a minute," Google said.

Google said it uses "AI-powered tools to fight AI-powered scams", which enable the company to detect scams and alert users of suspicious calls and text messages, leading to the interception of more than 10 billion scam messages a month. The company said it has been collaborating with AT&T, T-Mobile, and Verizon to block the scam text messages and said it is coordinating with the FBI, which is taking unspecified law enforcement actions.

Sam Bankman-Fried lost his appeal to overturn his FTX fraud conviction and 25-year sentence. Reuters reports: In a unanimous decision, a three-judge panel of the Manhattan-based 2nd U.S. Circuit Court of Appeals said prosecutors' evidence against Bankman-Fried "was, conservatively stated, robust." "While he was publicly reassuring customers, investors and regulators that FTX customer funds were safe, he was simultaneously using FTX as his own personal piggy bank, spending customer funds on real estate, political contributions, and investments," Circuit Judge Barrington Parker wrote on behalf of the panel.

Bankman-Fried's lawyers did not immediately respond to a request for comment. They may next ask all the active judges on the 2nd Circuit to hear the case, or ask the U.S. Supreme Court to take up the case. Bankman-Fried is also seeking a pardon from President Donald Trump, according to the Justice Department's Office of the Pardon Attorney. Bankman-Fried was sentenced to 25 years in prison in 2024 for "masterminding one of the largest financial frauds in American history," wrote US District Judge Lewis Kaplan. He was convicted on all charges, including wire fraud, conspiracy to commit securities fraud, commodities fraud, and money laundering.

Polish lawmakers have voted to criminalize "trash streaming," with up to five years in prison for online broadcasts of serious crimes such as rape or murder, animal cruelty, humiliating violence, gambling promotion, or even simulated depictions of those acts. Reuters reports: The move is part of a broader push by Poland to tighten regulation of online content. Recent measures include banning the use of mobile phones by children under 16 in schools and introducing stricter age verification rules to access pornography. Under the new provisions, broadcasting crimes punishable by more than five years in prison, including murder or rape, will itself be classed as a separate offence punishable by up to five years behind bars.

The law also covers content showing cruelty to animals, violence aimed at humiliating others, and the promotion of gambling. The same penalties will apply to individuals who simulate or falsely portray the commission of such crimes while streaming, lawmakers said.

fjo3 shares a report from Reason: Police arrested a man in Florida for attempted child abduction in a town he had never visited, and the only evidence linking him to the crime was an AI facial recognition hit. Represented by the American Civil Liberties Union (ACLU), he is now suing the officers and agencies who put him through it. [...] According to a police report, facial recognition software concluded with 93 percent confidence that the suspect was Robert Dillon. [...]

The ACLU is now suing the city of Jacksonville Beach, as well as the individual police officers and officials involved in the case. According to the lawsuit (PDF), the responding officer viewed security camera footage of the suspect but didn't take a copy; instead, he took pictures of the screen with his cell phone. "In the photos, the suspect image is low resolution, and the suspect's face is partially shadowed and off-axis," the lawsuit claims. When an investigator queried the facial recognition system, it was with the officer's grainy secondhand cell phone photos. [...]

But as the ACLU notes, facial recognition's accuracy "depends significantly on the quality of the probe image. Lower-quality images contain less interpretable facial data, degrading the system's ability to produce a reliable template." At the very least, it requires a much better source image. Besides, no such investigative tool should form the sole basis for an arrest warrant. "If you came to me with a facial recognition hit and that was your probable cause, I would probably kick you out of my office because that's not how it works," Jacksonville Sheriff T.K. Waters told local news. (Waters is among those being sued in the ACLU lawsuit, because it was an investigator from the Jacksonville Sheriff's Office who ran the grainy photo through facial recognition and advised O'Connell it was a "93% match" to Dillon.)

A Munich regional court has ruled (PDF) that Google can be held directly liable for false claims in AI Overviews. The case involved AI Overviews falsely linking two publishers to scams and shady business practices, with the court rejecting Google's argument that users could simply check the sources themselves. The Decoder reports: Google's AI overviews work nothing like traditional search results, the court argues. The AI rewrites and judges results "in its own words and according to its own structure," the ruling says. In the case at hand, for example, it opened with confident claims like "Yes, [company] is known for dubious business practices," then built its own structure with a summary, red flags for the alleged scam, and tips for users. The court also found that the AI overview made claims "that are not even made in the search results." None of the linked sources drew any connection between the plaintiffs and the shady companies the AI mentioned. The court called these "the defendant's own statements." Google built the AI, Google offered it to users, so Google owns what it produces, "because it alone has influence over the AI's offering and the algorithms with which the AI operates."

The court also examined existing rulings from Germany's Federal Court of Justice (BGH), which gave traditional search engines and autocomplete limited liability. The BGH had argued that search engine operators were only liable as indirect infringers because they merely made third-party content findable. A proactive duty to check results would threaten how search engines work. The Munich court found that this reasoning doesn't apply to AI overviews. A regular search engine just points to outside websites. But AI overviews generate "independent, new, and substantive statements" by evaluating and combining content from various third-party sites. And only Google can check those statements, the court said, "at least by comparing the underlying third-party websites with its own statements based on them." The court also noted that the AI overview is "by no means absolutely necessary" for using the internet. Traditional search results already help users sort through information, the AI overview is just an extra feature. At the hearing, Google argued that users could check the linked sources themselves to verify if the AI summary was correct. It also said that these users knew "that information generated with AI should not be blindly trusted." The court rejected this.

An anonymous reader quotes a report from 404 Media: The Federal Communications Commission (FCC) wants to make it effectively impossible for people to buy what many call burner phones -- a phone not explicitly linked to your identity at the point of purchase -- which would impact privacy-conscious people, to domestic abuse survivors, to journalists, and many more. The FCC plans to do this by legally forcing the country's telecoms to store a wealth of personal information about essentially all phone customers, including a government issued identification number and their physical address, alarming privacy advocates and civil rights activists who compare the measures to those from authoritarian countries where it can be difficult to buy a mobile phone plan without giving up your identity.

The proposed change would drastically shake up how people obtain phone plans in the U.S., and have all sorts of privacy and cybersecurity knock-on effects. The FCC is proposing the data collection partly as a way to combat scammers, with telecoms being required to collect other information on business and foreign customers like the intended use case of their bulk phone plan purchase and their IP address. But the changes would mean telecoms collect data on all new and renewing customers, and the FCC provides a long list of other things that the collected data could help authorities with.

In a synopsis of the proposed changes, the FCC writes, "Specifically, we seek comment on requiring originating providers to, at a minimum, obtain and retain the name, physical address, government issued identification number, and an alternate telephone number of any new and renewing customer before granting access to its services." The goal of collecting this data, the FCC writes, is to deter some scammers from getting onto a telecom network in the first place, and so "enforcers will be better able to identify the scammers when they do." The FCC compares the changes to the sort of data collected by banks to prevent money laundering.

One section stresses that the newly collected data would help "law enforcement to more easily identify callers that use the network to perpetuate crimes by ensuring that voice providers have accurate and complete customer information." It goes on to ask if the data would help identify people buying and selling illicit goods; the investigation of "fraud, espionage, or influence operations that undermine national security", and "address abuse in text messaging networks." "Criminals continue to leverage the anonymity provided by phone calls and texts to defraud Americans and exploit communications networks to further other crimes," one section reads. "For decades, civil libertarians have looked overseas at authoritarian countries where the government requires people to register to get a mobile phone to ensure they can be tracked. We never thought that would happen here," Jay Stanley, senior policy analyst at the American Civil Liberties Union's (ACLU) Speech, Privacy, and Technology Project told 404 Media in an email. "But make no mistake: with this rulemaking, the government is contemplating taking away people's ability to get a burner phone, which will hurt low-income people, domestic violence victims, and anyone else who cares about their privacy."

Meta says it will expand how it uses off-platform activity shared by other businesses to personalize Facebook and Instagram feeds as well as AI responses, not just ads. The change starts in July and can be disabled through the "Activity from other businesses" setting, though Meta says it is not collecting new data as part of the update. The Verge reports: For example, Meta says if you bought a tent online recently, you might see camping-related videos in your Reels feed. "We aren't collecting any new data as part of this update," the blog post says. "This is about using information that businesses already send to us to further improve your experience."

Meta spokesperson Emil Vazquez tells The Verge that the company previously only used the activity across its apps, such as likes, views, and follows, to tailor the content you see. The company also started using conversations with its AI assistant to personalize ads last year.

An anonymous reader quotes a report from 404 Media: Microsoft has shut down a wave of its own repositories on GitHub, including those related to Azure and AI coding agents, as it investigates a data breach, according to research from cybersecurity researchers and a statement given to 404 Media by Microsoft. Hackers planted malware that would harvest peoples' credentials when they opened it in AI coding tools like Claude Code or Gemini CLI, according to one set of researchers. The exact contours of the breach are unclear, but researchers say Microsoft has disabled more than 70 of its own repositories, and pointed to a particular package that was previously compromised.

Last week, cybersecurity website OpenSourceMalware.com, which acts as a clearing house for indicators of supply chain attacks so defenders can secure their own networks, and which also publishes its own write-ups, wrote about the mass disabling of Microsoft GitHub repositories. "GitHub disabled 73 Microsoft repositories across four of its GitHub organizations -- the entire Azure Functions org, the whole Durable Task family, and a row of AI sample apps -- in a 105-second sweep on June 5," the website wrote on Friday. Is it very unusual for any company, let alone Microsoft, to disable so many of its own repositories in one go. They include 49 related to Azure, Microsoft's cloud computing arm, and some concerning AI agents. The shutdown repositories also include ones related to durabletask, a Microsoft development tool.

Researchers from StepSecurity wrote on Friday that the GitHub closures came after a malicious commit was pushed to the durabletask repository. That attack planted configuration files that would harvest peoples' credentials when they opened the repository in Claude Code, Gemini CLI, Cursor, or VS Code, StepSecurity wrote. Microsoft said in a statement: "Our priority is to protect customers and the broader ecosystem. We temporarily removed some repositories as we investigated potential malicious content. Some of these repos have been restored after review, while others may remain offline while work continues. As part of our investigation, we notified a small number of customers who may have pulled down content from the affected repositories. We will continue to investigate, and if anything further is identified that requires customer action, we will reach out directly through our established support channels."

UK Prime Minister Keir Starmer has given Apple, Google, and other tech firms until September to introduce device-level protections that prevent children from taking, sharing, or viewing explicit images. "If businesses do not comply within three months, legislation will be brought forward requiring the protection to be added to all phones and tablets sold in the UK," reports The Guardian. "Tech firms that fail to do so could face fines, and their senior managers could be made criminally liable." From the report: "Today, I am calling on tech companies operating in this country to introduce vice controls that prevent children from sending and receiving sexually explicit images. Because this is not an impossible challenge," he said. "If they choose not, then we will act and we will change the law." [...] Under the changes, sexual predators will be prevented from being able to exploit and abuse victims through their devices, and children stopped from being able to access pornography, the Home Office said. Adults will still be able to take, share or view nude content once they have verified their age.

In the Commons, Melanie Ward, the Labour MP for Cowdenbeath and Kirkcaldy, said: "It's time to stop asking social media companies to make their products safe, and instead time to start requiring them to do so through regulation." Clive Efford, the Labour MP for Eltham and Chislehurst, said the "sociopaths" running social media platforms had no concern for the welfare of children. "The only message that they're going to listen to is if there's legislation put before this house that is going to act and send a clear message to them." The proposal is designed to sit alongside the Online Safety Act, which requires companies to have processes for removing material that is illegal or harmful to children.

Last Thursday, Wired reported that Meta had quietly embedded an unreleased facial recognition system called NameTag into software installed on millions of phones. In a follow-up report, Wired says the tech giant has now removed the face-recognition-related code, while saying "no final decision" has been made about whether the feature will launch. From the report: On Thursday, WIRED reported that Meta had quietly integrated substantial portions of the NameTag system into the Meta AI app. Though never publicly enabled, the feature was designed to convert faces captured by the glasses into unique biometric signatures, commonly known as faceprints, and compare them against a database of faceprints stored on the user's device. WIRED also found that faces the system failed to recognize were cropped, indexed, and stored locally for future processing.

NameTag first surfaced in February, when The New York Times, citing internal Meta documents, reported that the company was developing face recognition for its smart glasses and weighing a launch as soon as this year. One memo reportedly described releasing it during a "dynamic political environment," when privacy and civil liberties advocates would be distracted. Last week, WIRED reported that much of NameTag's machinery was already built into the Meta AI app, downloaded by millions of users, as early as January, even as Meta publicly said it had made no final decision about face recognition. After WIRED's report, Stone dismissed the findings, writing that the company couldn't answer questions about how the system would work because "the feature does not exist." Andrew Bosworth, Meta's chief technology officer, called the reporting "incredibly misleading" and "absolutely dishonest."

[...] The newly released version of Meta AI removes nearly all traces of the feature Meta said did not yet exist. Gone is the face-recognition software itself, along with the code that ran the NameTag recognition process and the "Person recognized" alert the app would have shown if someone were identified. The update also strips out a folder where the app would have stored the cropped images and biometric signatures of faces it captured but could not identify. [...] A few fragments of the NameTag system remain in the version of latest Meta AI, including an internal debug menu label and a dormant link meant to open a recognized person's profile. The leftover code points to parts of the system that are no longer there.