Bumblebees can use tools to solve a problem, according to experiments that demonstrate their remarkably advanced cognitive abilities. The bees were given an adapted version of an experiment that, 100 years ago, first demonstrated chimpanzees could work out how to retrieve an out-of-reach banana by stacking boxes. Since then, various other primates, elephants and crows have joined an elite cohort of species known to be capable of this level of insight and spontaneous problem solving. In the latest research, bees were shown to be able to roll a polystyrene ball to a specific location and climb on to it in order to access an artificial flower on a low ceiling. The findings challenge the longstanding assumption that insects operate purely on instinct and mindless trial-and-error learning.

Using public benchmarks and previously unreported data from within Anthropic, The Anthropic Institute is showing that AI is already accelerating the development of AI systems. To take just one example: today, Anthropic engineers on average ship 8x as much code per quarter as they did from 2021-2025.

The technical trends discussed in this piece suggest that AI systems are going to become much more capable in coming years. These trends have huge implications. AI that can build itself would be a major development in the history of technology — one that could bring enormous good for the world in science, healthcare, and beyond. But full recursive self-improvement also might increase the risks of humans losing control over AI systems. If systems are capable of fully building their own successors, the ways we secure them, monitor them, and shape their behavior all grow much more important. […]

If it were possible to effectively slow the development of this technology to give ourselves more time to deal with its immense implications, we think that would likely be a good thing. But if a slowdown simply lets the least cautious actors catch up technologically, it could leave everyone less safe. Without a global coordination mechanism, companies and governments will have to make difficult decisions about safety while under competitive and geopolitical pressures.

We believe it would be good for the world to have the option to slow or temporarily pause frontier AI development to enable societal structures and alignment research to keep up with the advance of the technology. The Anthropic Institute will conduct research — in collaboration with many others — and take actions to help build the systems that a credible slowdown or pause would require. These systems would enable frontier AI developers to verify that others globally have actually stopped or slowed, and that a bad actor could not use the auspices of a coordinated slowdown to jump ahead in secret. If such systems existed, we expect that we would slow down or temporarily pause, if other developers at or near the frontier also did so in a verifiable manner…

According to researchers at supply-chain and devops company JFrog, IronWorm is written in Rust, hides behind an eBPF kernel rootkit, and communicates with the operator over the Tor network. The Rust-based malware self-propagates by using stolen credentials for publishing on npm; this includes secrets associated with npm’s Trusted Publishing workflow. Once it compromises a developer or CI environment, it can publish trojanized versions of packages owned by the victim, which then infect additional developers and CI systems.

This behavior is conceptually similar to Shai Hulud, which had its code published on GitHub recently. Although JFrog researchers did not find a clear connection between IronWorm and Shai Hulud, they observed the same commit names in both supply-chain attacks. This opens the possibility that the new malware is an evolution of TeamPCP’s payload, since IronWorm appears to be “a custom, carefully built implant from an operation with its own infrastructure.”

[…] The company provides a list of all impacted package names and their versions in the report and recommends that developers upgrade to fixed releases, rotate their keys, and enable two-factor authentication (2FA) for all accounts. At the same time, Endor Labs and StepSecurity have spotted a very similar but distinct attack involving a JavaScript-based malware named binding.gyp, performing registry poisoning and GitHub Actions infection, unfolding during the same time-frame.

The moderators of the biohacking subreddit say that peptide and hormone replacement therapy companies have been surreptitiously spamming Reddit in an attempt to get their posts scraped by AI chatbots. The strategy is an effort to systematically manipulate the answers provided by chatbots by manipulating the underlying source material that those chatbots will scrape — in this case, a popular Reddit community. In a post last week, the moderators of r/biohackers said they would be banning new posts about peptides and hormone replacement therapy (HRT) because of attempted manipulation by the companies that make, market, and sell them. […] “As AI search engines increasingly pull answers from Reddit, companies are using us for AEO. On top of that, there’s been an explosion of peptide interest and AI usage flooding the sub. Together, this has put serious pressure on content quality,” a post by the moderators read.

[…] It has become incredibly difficult to stop Reddit manipulation, because the firms doing it are getting more sophisticated. The moderator said that there are really standard and long-running strategies where brands will hop in the comments and suggest their products: “That type of marketing has always existed and if people want to try something new because the brand resonated with them, cool. That’s the way marketing should flow in my mind,” they said. “But what I’m seeing that is way scarier to me is that there are companies that will reverse-engineer the actual prompt patterns that are prioritized by LLMs, and so you’ll see someone post a super clickbait, high-traction, vague question like ‘Is all the hype around Vitamin D actually worth it?” they added. “And that thread will do really well because everyone on biohackers actually has an opinion, so it gets engagement and prioritized by LLMs, and then brands will sneak in and they’ll embed their brand mentions in those threads in the exact right places in a seemingly organic way. But none of it is organic, the entire thing is a strategy by an agency to prioritize brand mentions or a narrative within an LLM.”

The Reddit accounts that are doing this are “warmed up” or are made to seem human, meaning they have a posting history that is not just promotional. This makes them much harder to detect and moderate against. Some of the agencies doing this are paying real people to post promotional content, or have built communities where people are incentivized to post promotional content. The moderator said that Reddit’s automated moderation tools have been helpful, but that the type of promotion happening has become so sophisticated that it has become more of a you-know-it-if-you-see it kind of thing. “A lot of it has become pattern recognition,” they said. “You literally just sort of know what to look for. But the problem is you don’t want to become punitive to the people who aren’t doing this maliciously, and so I think the over-moderation risk is very real.”

A Meta spokesperson told Reuters on Wednesday that the company is already testing the Application Programming Interface (API) with some early partners and is looking forward to releasing it this month. “The muse spark API will be coming soon,” Meta AI Chief Alexandr Wang announced in a post on X in April.

Meta unveiled Muse Spark in April as the first model built to close the gap with rivals. Muse Spark is the first in a new series of models created by the company’s Superintelligence Labs. Earlier on Wednesday, Meta unveiled an AI agent aimed at helping businesses carry out day-to-day operations, hinting at the company’s ambitions to compete with rivals such as OpenAI, Anthropic and Alphabet’s Google.

China was targeting Five Eyes nationals with security clearance, particularly those working in foreign affairs, security and intelligence, and military personnel including people stationed in the Asia-Pacific region, it said. People with more peripheral access to government information, such as academics, journalists and think tank employees, were also being approached.

The Chinese embassy in the UK strongly condemned the accusations, calling the allegation of Chinese espionage threats “entirely fabricated” and “malicious slander.” The “Five Eyes” members have “engaged in unscrupulous espionage and intelligence-gathering activities around the globe. Their activities are the real threat to peace-loving countries,” the embassy said in a statement Thursday.

[…] According to the agencies, Chinese spies have commissioned reports to be written by those they’ve approached, paying them anywhere from a few hundred to several thousand dollars, with payments sometimes made in cryptocurrency. “Military members may be asked about their roles and unit activities, home base or naval vessel,” the notice said. “Five Eyes agencies have identified individuals who have undertaken these activities, leading to criminal prosecutions, job losses, and security-clearance revocation,” it warned.

The Supreme Court sided with the Trump administration Thursday in upholding the power of federal regulators to enforce data privacy laws on telecommunications companies. The 8-1 decision (PDF) preserved one of the Federal Communications Commission’s key tools, though the companies also won a concession from the Republican administration that could shift the regulatory landscape.

The appeal from telecommunications giants Verizon and AT&T challenged a combined $100 million in penalties imposed after the agency determined that the companies had failed to safeguard customer location data. The companies argued that the FCC’s process was unconstitutional because it gave them little opportunity to tell their side of the story in front of a jury. The administration defended the fines are an essential regulatory tool. But the government also said companies did not have to pay the penalties right away, a regulatory shift in the companies’ favor.

The Supreme Court agreed, affirming the FCC’s power to order fines when challenges are still available. “The orders at issue did not settle the carriers’ legal obligations because, stated simply, they did not create an obligation to pay,” Chief Justice John Roberts wrote for the majority. […] Other agencies use similar enforcement methods, so a sweeping victory for AT&T and Verizon could have had widespread effects, advocates said.

Samsung is pulling up stakes in New Jersey and heading to Texas, a move that could leave roughly 1,000 Garden State workers facing a stark choice: relocate or risk losing their jobs. The South Korean tech giant confirmed this week that it will move its US headquarters from Englewood Cliffs, NJ, to its existing campus in Plano, Texas, marking a stunning reversal less than a year after it celebrated the opening of a new headquarters in Bergen County. The relocation is expected to be completed by the end of the year, according to company statements.

Apple will introduce age verification in the App Store for users in Texas starting on Thursday, June 4th. The move, as spotted by MacRumors, comes just days after a federal appeals court allowed Texas’ App Store Accountability Act to go into effect while a lawsuit against it proceeds. People in Texas who are creating a new Apple account will need to verify they’re over 18 using a credit card or government ID. Apple may also automatically verify users’ age using the age of their account and whether they have a credit card on file.

Despite Apple’s attempts to push back on app store-level age verification, the company has announced plans to implement age checks to comply with laws in places like Utah, Louisiana, Brazil, Australia, Singapore, and the UK. Google is required to make similar changes to the Play Store and is also introducing age-checking tools for developers. Last December, a judge blocked the App Store Accountability Act (SB 2420) from taking effect, but an appeals court has now reversed this decision — at least while the court figures out whether the law is constitutional. Even if this law gets struck down in Texas, a federal version with the same name is still making its way through Congress and could impose age verification at the app store nationwide.

UK regulators today ordered (PDF) Google to put clearer attributions and links to publishers’ content in its AI-generated search features. The UK’s Competition and Markets Authority (CMA) also said Google must give publishers a way to opt out of AI features in search. “In a world first, publishers will now have effective tools to prevent their content being used to power AI features in search, such as AI Overviews,” the CMA said today. “This will put publishers, like news organizations, in a stronger position to negotiate content deals with Google. To boost consumer trust, Google is also now required to make sure that publisher content is properly attributed, using clear links, in AI-generated search results.”

The CMA ruled that Google may not penalize publishers for opting out of AI, meaning that Google can’t downrank opted-out publishers in general search results. The CMA said Google will have nine months to comply with all requirements but that the agency “expects important parts of the controls to become available to publishers well before that deadline. Google will also be required to submit and publish compliance reports, supported by key data and metrics, explaining changes it has made and how it has complied.” […] The CMA applied the rules to Google after determining that it has “strategic market status” in general search services, and has ongoing investigations into Apple and Microsoft. Google today said it will comply with the CMA decision.

The NASA spacecraft MAVEN, short for Mars Atmosphere and Volatile Evolution, had been orbiting around the Red Planet since 2014. NASA last received a signal from MAVEN on Dec. 6, shortly before the spacecraft passed behind Mars. Then the spacecraft stopped responding. A review board found that MAVEN began unexpectedly rotating, causing its batteries to drain too quickly and resulting in a loss of power to the communications system.

“The team is certainly broken up about this,” said Shannon Curry, the principal investigator of the mission and a scientist at the University of Colorado Boulder, at a news conference on Wednesday. “But at the same time, we are incredibly proud of the science we’ve accomplished over the last decade.” NASA officials declined to speculate on the root cause of the mishap. A final report is expected to be released later this year.

Reports of what became Gero’s Stargate series started in 2022, after Amazon acquired MGM Studios. Dean Devlin, who co-wrote the 1994 Stargate movie with Emmerich, was another executive producer for the Amazon show, as were Joby Harold and Tory Tunnell via Safehouse Pictures. The project also had Brad Wright and Joe Mallozzi as consulting producers, with both having had extensive history working within the Stargate franchise.

On X, Michael Shanks, who played Daniel Jackson in Stargate SG-1, posted in response to the news that: “Yep. They did that.” Mallozzi was resistant to the idea that the series was being geared toward diehard fans: “Nope. No. Sorry. Gonna have to push back on this. We were ever mindful of creating a show that would have broad appeal.” In an additional post, Mallozzi went into further detail about why the cancellation is so disappointing:

Before the new series was canceled by Amazon, Stargate began with Emmerich and Devlin’s movie starring Kurt Russell and James Spader. This paved the way for 10 seasons of Stargate SG-1, followed by five seasons of Stargate Atlantis. There has also been the two-season Stargate Universe, the one-season animated show Stargate Infinity, the web miniseries Stargate Origins, and the 2008 direct-to-video movies Stargate: The Ark of Truth and Stargate Continuum, along with numerous games.

The secondary market for decades old, low-tech John Deere tractors has been booming for years as farmers have sought reliable tractors that they can actually fix without having to deal with John Deere’s repair monopoly. A Canadian company has seen that demand and came up with a radical thought: What if they made a new, repairable, “no-tech” tractor to solve what has become a gigantic pain point for farmers? Alberta’s Ursa Ag says that it has been inundated with demand after announcing its tractor, which costs roughly half as much as a Deere and has the benefit of not being a repair nightmare.

[…] Ursa Ag markets its tractors as “no frills” and “built to last.” Ursa Ag’s Doug Wilson told me that the company designed the tractor because of a need in the marketplace for a new machine that isn’t loaded with tech and is easy to maintain. The company follows in the footsteps of consumer electronics companies like Fairphone, which makes a repairable smartphone and Framework, which makes modular, repairable laptops. The demand Ursa Ag has seen is part of the backlash to manufacturer repair monopolies and the injection of technology and internet-connected sensors and terms of use into even the most basic of gadgets. “I talk to farmers every day and I hear from farmers every day about how they went out and bought machinery from 1987 so that it wouldn’t have a computer on it,” Wilson said. “All of this came from a simple discussion with a customer who wanted to be able to turn [the tractor] on at the start of the day, to use it, and shut it off at the end of the day. It needed to work, so that’s what we built.”

Ursa Ag’s tractor has been hyped in agriculture circles after Wilson showed the tractor off at a Canadian farm show and it was featured by Farms.com. Wilson said more than a thousand farmers have contacted him after that show, from roughly 30 countries. “I got a handwritten letter from a farmer in France who doesn’t own a computer and wanted us to mail him information about the tractors,” he said. He said the company has thus far made a couple fewer than 100 tractors but is working on tripling its production capacity and has seen a lot of demand over the last few months.

Fedora Linux 43 users upgrading to the latest Dovecot mail server discovered something rather unsettling: some older Microsoft Outlook configurations may have been silently ignoring SSL/TLS settings for POP3 email connections for years. According to a Fedora community blog post, affected Outlook clients reportedly continued using insecure port 110 connections even when encryption was enabled in the application settings. The issue surfaced after Dovecot 2.4 disabled plaintext authentication on non secure connections by default, causing Outlook users to suddenly lose mailbox access after the Fedora 43 upgrade.

The report suggests the behavior may date back as far as Outlook 2007, although modern Outlook builds were not fully tested. Fedora admins stress that the problem could be limited to legacy account configurations rather than current versions of Outlook itself. Still, the discovery has sparked discussion among Linux admins and security folks because many users likely assumed their email traffic was encrypted simply because Outlook claimed SSL/TLS was enabled. The incident also highlights how stricter defaults in modern open source infrastructure can expose ancient assumptions and questionable behaviors that quietly survived for decades.

The EU is moving to counter American dominance in technology by reaching for one of the oldest tools in its arsenal: industrial strategy. As the European Commission unveiled a plan Wednesday to reduce Europe’s reliance on the foreign technology providers that underpin the modern economy, it was careful to stress that it was not picking a fight with U.S. digital giants. Instead, the tech sovereignty package — motivated in no small part by U.S. President Donald Trump’s weaponization of Europe’s dependence on American firms — takes a longer-term view: boost the continent’s players so they can eventually challenge their U.S. rivals.

[…] If adopted, the package will direct public money toward products that contribute to Europe’s economy and independence from foreign firms; cut red tape for data centers; beef up research and innovation through “leadership initiatives”; incentivize countries to share digital capacities in a new “Eurocloud” forum; and require EU governments to come up with national strategies to boost the adoption of cutting-edge tech, including AI. The package will also seek to ramp up the bloc’s demand for advanced chips — a response to criticism by the industry — with a series of industrial initiatives to revise a 2023 chips law.

[…] As part of its proposal to keep a list of trustworthy countries, the Commission would require EU governments to run a so-called “sovereignty risk assessment” for every digital service they rely on, measuring foreign control, potential access to sensitive data and the risk of operational disruption. Within a year, they would have to determine the appropriate level of protection for each public sector and procure digital services accordingly — unless they can prove doing so would come at a “disproportionate cost,” the proposal reads. However, the Commission reserves the right to overrule their assessment in future legislation if it believes they downplayed the risks. The Commission estimated that just one percent of Europe’s public services are so sensitive that they would be required under the proposed certification scheme to rely on the strict level that totally excludes foreign technology.