AI News Archive: July 11, 2026 — Part 2
Sourced from 500+ daily AI sources, scored by relevance.
- 'It's not really enjoyable to make music now': Quote of the day by CEO of AI music generator Suno, Mikey Shulman — a faux pas with serious ramifications
The rise of AI threatens the arts just as much as any industry – with large language models able to generate all kinds of media
- Beyond Claude Code: the Chinese AI tools poised to benefit after back-door alert
Beijing’s recent cybersecurity warning against American artificial intelligence lab Anthropic is expected to accelerate a shift among Chinese developers towards domestic coding alternatives, according to analysts. China’s National Vulnerability Database (NVDB), overseen by the Ministry of Industry and Information Technology, issued an alert this week claiming multiple versions of Anthropic’s flagship Claude Code tool contained a security “back door”. According to the agency, the software could...
- AI Is Moving Faster Than Most Businesses. Here’s How Leaders Can Catch Up
Want to learn about the ins and outs of AI? These educational strategies can help.
Score: 55🌐 MovesJul 11, 2026https://www.inc.com/john-hall/ai-is-moving-faster-than-most-businesses-heres-how-leaders-can-catch-up/91372008 - Altera returns to growth as AI, robotics fuel demand]
Altera, a chip maker spun from Intel, is experiencing significant annual growth. The company anticipates strong performance driven by artificial intelligence and robotics applications. Altera is also preparing for a potential public listing in the near future. They have reduced reliance on Intel and are using advanced memory technology. This strategic positioning aims to capitalize on future market opportunities.
- Forget typosquatting; slopsquatting is the software supply chain threat created by AI coding tools
Slopsquatting represents an emerging supply chain threat made possible by AI hallucinations. As developers increasingly rely on AI coding assistants, they unknowingly grant cybercriminals access to their software from day one. Understanding what slopsquatting is Slopsquatting is a new type of supply chain attack that uses large language model (LLM) hallucinations to inject malicious code into development workflows. The term combines "AI slop" and "typosquatting," a deceptive practice where attackers register misspelled or lookalike versions of popular domains to prey on users who enter URLs incorrectly. This novel attack vector exploits LLMs' tendency to generate fictitious software package names, which threat actors can then register and populate with malicious code. During AI-assisted coding, the model may generate fake open-source packages — bundled collections of files, programs and installation tools. This alone is not necessarily harmful. However, if an attacker registers that fake package name, they can inject malware that gets incorporated directly into a developer's codebase. How AI creates a supply chain risk Traditionally, AI safety risks stem from hallucinations , which can adversely affect users who treat misinformation as valid. However, those same hallucinations have evolved into exploitable security vulnerabilities. Typosquatting is a deceptive practice where a cybercriminal registers a mispelled version of a popular package to trick developers. It has existed for decades, so registries have built protections against it. However, AI has changed the threat model . It recommends fictitious packages that sound plausible rather than making simple misspellings. Once attackers learn which hallucinated packages models tend to invent, they can register malware-filled packages under those names. Since the hallucinated packages are not simply typoed versions of popular libraries, there are no protections against this practice at scale. For example, the registry protects against an attacker publishing "crossenv," a squat of the popular "cross-env" package. However, it would not identify "mpn install cross-env file" or "cross-env-extended" as threats. Hallucinations are persistent and severe Even if many LLMs recommend the same hallucinated package, widespread compromise is still possible. Malicious packages could remain undetected in production for months or even years, allowing threat actors to passively inject malware across countless environments. One research team analyzed 31,267 vulnerabilities belonging to 14,675 packages across 10 programming languages. They discovered that reported vulnerabilities are increasing at an annual rate of 98%, faster growth than the 25% annual increase in the number of open-source software packages. The team also observed an 85% increase in the average lifespan of vulnerabilities, indicating a decline in security. Real-world dangers of AI hallucinations Malicious actors can create open-access packages under the same name as commonly hallucinated libraries. Instead of standard code, they are filled with malware. The models believe they are referring to existing packages, so they often repeat the same hallucinated names. Since the hallucinations are not random, attackers could theoretically register packages that trick tens of thousands of developers. These packages appear legitimate. String similarity to real libraries makes them recognizable. One-character typos suggest simple mistakes rather than malicious intent. Even fully fabricated names remain believable when the AI presents them in proper context. Detection is challenging, as developers trust their coding assistants to recommend valid dependencies. Why are LLMs hallucinating packages? LLMs generate the statistically most likely answer rather than prioritizing accuracy. Hallucinations are relatively common as a result. One study found hallucination rates range from 50% to 82% , depending on the model and prompting method. Even GPT-4o, the best-performing model, goes no lower than 23%, even with prompt-based mitigation. Adversarial hallucination attacks could worsen this problem. Threat actors can leverage token-level manipulation or retrieval poisoning to force models to hallucinate in ways they want, increasing the likelihood that models recommend their malicious packages. Which LLMs are prone to slopsquatting? While all LLMs are prone to slopsquatting, some are more vulnerable than others. The likelihood of producing hallucinated packages during code generation depends on the model. Proprietary models are four times less likely to generate hallucinated packages than open-source models. One research group proved this by conducting 30 tests across 30 different systems. Out of the 576,000 code samples and 2.23 million packages it produced, 19.7% were hallucinations. GPT-4.0 Turbo had a hallucination rate of 3.59%, while DeepSeek 1B, the best-performing open-source model, reached 13.63%. This research suggests that organizations relying on open-source AI tools for code generation are roughly four times more exposed to slopsquatting attacks. That doesn’t necessarily mean proprietary tools will always remain safer, though. Once attackers realize this disparity, they may manipulate proprietary LLMs to take advantage of perceived safety. Vibe coding contributes to the problem Software developers who use AI tools estimate that over 40 percent of the code they commit includes AI assistance. They expect that percentage will increase considerably within the next few years. Already, 72% of those who have tried AI use it daily. The uptick in vibe coding and AI-assisted coding amplifies the threat surface. As more developers integrate AI tools into their workflows without implementing proper verification processes, the attack surface for slopsquatting continues to expand. For those using AI to assist with coding, double-checking output is essential. Verifying that recommended packages actually exist in official repositories before incorporating them into projects reduces risk. Navigating AI-assisted development Implementing automated checks that validate package names against known registries can help catch hallucinated packages before they enter production code. Security teams should also monitor for unusual package installations and maintain up-to-date threat intelligence on known slopsquatting campaigns. Zac Amos is the Features Editor at ReHack .
- That Is Embarrassing: Why Frontier AI Still Makes Things Up, and What to Do About It
The best AI models still hallucinate. These hallucinations are sometimes funny, and sometimes cause actual damage. In this post we will consider recent tales of AI hallucinations, and then look under the hood to understand why they happen. The post That Is Embarrassing: Why Frontier AI Still Makes Things Up, and What to Do About It appeared first on Towards Data Science .
- S.F. protesters march on OpenAI, Anthropic and Google DeepMind to demand: ‘Stop the AI race’
S.F. protesters march on OpenAI, Anthropic and Google DeepMind to demand: ‘Stop the AI race’ San Francisco Chronicle
Score: 55🌐 MovesJul 11, 2026https://www.sfchronicle.com/tech/article/san-francisco-ai-protest-22340835.php - Every cool thing you can do with Apple’s new Siri AI app
Meet Siri 2.0. The post Every cool thing you can do with Apple’s new Siri AI app appeared first on Popular Science .
- Honda, other Japan companies in pay workers to spearhead AI use
Honda, other Japan companies in pay workers to spearhead AI use Nikkei Asia
- 'Users no longer need to choose between powerful AI capabilities and meaningful privacy protections': Proton makes its Lumo privacy-first ChatGPT alternative a lot more powerful
Proton's Lumo 2.0 finally looks like a real ChatGPT rival with reasoning, image generation, web search, and memory baked in.
- Implementing digital and AI in healthcare is fundamentally more complex: Rizwan Koita, co-founder, Koita Foundation
Implementing digital and AI in healthcare is fundamentally more complex: Rizwan Koita, co-founder, Koita Foundation
- Meta added a privacy-safety feature to its AI glasses but is reportedly testing a ‘super-sensing’ prototype
Meta added a privacy-safety feature to its AI glasses but is reportedly testing a ‘super-sensing’ prototype Fortune
- New test measures how well humanoid robots handle real-world forces
As technology advances, more is expected from humanoid robots. What were once seen as gimmicks that could walk, if not like us, then close to it, are now pulling their weight and doing more work in places like factories. They are being developed for real work, such as carrying heavy boxes, pushing furniture, pulling heavy objects and wiping tables.
- Ant Group's Robbyant Unveils LingBot-VA 2.0: A Causal Video-Action Model Built Natively for Physical AI
Ant Group's Robbyant Unveils LingBot-VA 2.0: A Causal Video-Action Model Built Natively for Physical AI MarkTechPost
Score: 50🤖 ModelsJul 11, 2026https://www.marktechpost.com/2026/07/11/ant-groups-robbyant-unveils-lingbot-va-2-0/ - YouTube’s AI-powered search is rolling out in the US to find videos based on situations you describe
US users can now ask YouTube conversational questions to find videos for specific situations, ideas, and activities.
- What Is On-Device AI and Why Does It Matter for Your Next Phone?
Artificial intelligence is becoming a key part of modern smartphones, but not every AI feature works the same way. On-device AI processes many tasks directly on your phone instead of relying on the cloud, helping deliver faster responses, improved privacy and offline functionality. It also powers features such as AI photo editing, live translation and voice transcript...
- RIP Atlas – OpenAI Buries Its Browser Experiment Launched Last October
OpenAI is being true to its words. Or rather the words of former CEO of applications Fidji Simo who recently announced her decision to quit over persistent health issues. The company, while announcing its ChatGPT Work said it would be shutting down its AI-powered browser Atlas in keeping with the overall strategy of cutting down […] The post RIP Atlas – OpenAI Buries Its Browser Experiment Launched Last October appeared first on CXOToday.com .
- Japan weighing AI agents for understaffed local governments
Japan weighing AI agents for understaffed local governments The Japan Times
Score: 48🌐 MovesJul 11, 2026https://www.japantimes.co.jp/news/2026/07/11/japan/japan-local-government-ai-agents/ - Why AI Agent Memory Architecture Matters for Customer Service
Most AI agent implementations treat memory as a single context blob: everything the agent has ever seen, concatenated into a prompt and passed forward. That works well enough in demos. It breaks down in production, where freshness, privacy, and deletion requirements are real constraints and where a stale customer preference or an outdated issue summary can send an agent in the wrong direction. Good AI agent memory architecture treats memory as a set of typed, permissioned layers rather than a unified store. Each layer has a different purpose, a different retention policy, and a different retrieval mechanism. This guide covers the five memory types used in customer support AI agent systems and gives you a basic support workflow that you can implement for your own agent. The five memory types in a customer service interaction A well-designed customer service AI agent memory architecture does not treat all information as equal. Each type serves a different function, has a different freshness requirement, and should be stored and retrieved independently. Conversation history holds the current session transcript. It lets the agent track what has been said, what was asked, and what remains unresolved. This memory is short-lived by design: it should expire at the end of the session or ticket, not accumulate indefinitely. User profile stores routing and personalization signals: account tier, product owned, preferred channel, and assigned team. This is relatively stable and changes infrequently, but it should be permissioned. An agent should not surface profile data that the customer or the platform has not explicitly made available. Preferences capture communication defaults: language, notification frequency, and tone. “Prefers Spanish” is a preference. It is safe to persist and straightforward to update or delete. Preferences are the most durable memory type, but they are also the easiest to get wrong if the customer changes them and the update does not propagate. Knowledge base supplies company-approved facts, policies, and procedures. This is not memory in the traditional sense: it is retrieved on demand via retrieval-augmented generation (RAG), not stored in the agent’s working context. The distinction matters because knowledge base content is versioned and governed. If a return policy changes, the knowledge base is updated centrally, and the agent retrieves the current version automatically. Memory cannot do that. Tool-fetched facts cover anything live: order status, account balance, shipment location, and ticket state. These should never be stored in memory. They should always be fetched at the moment of need. A customer asking “where is my replacement?” deserves a live answer from the shipping system, not a cached summary from a conversation three days ago. The practical boundary looks like this: Keeping these types separate makes deletion, freshness review, and privacy audits tractable. Mixing them into a single context blob makes all three much harder. As is apparent from this section, you also need to engineer specific retention rules for each type of memory that your AI agent accesses. Retention rules for each memory type Every memory type in an AI agent memory architecture needs an explicit retention policy. Without one, memory becomes a warehouse: old complaints, outdated preferences, and stale summaries that the agent treats as current. The right mental model for this is a working notebook. For example, this is how retention policies should differ by type: “Prefers Spanish” is a preference. Keep it until the customer changes it. “Customer was frustrated about a delayed refund in March” is an issue summary. Keep it until the issue is resolved, then expire it. “Current shipment location” is a live fact. Do not store it at all. “Payment card ending in 4242” should never enter memory. Representing memory as typed records, rather than unstructured notes, makes retention enforceable: { “memoryId”: “mem_123”, “type”: “preference”, “value”: “prefers Spanish”, “source”: “customer_message”, “verified”: true, “retention”: “until_changed”, “expiresAt”: null, “allowedUse”: [“language_selection”, “handoff_context”] } That structure allows a support team to remove one stale preference without touching the conversation history. It also makes the allowedUse field explicit: a language preference should flow into handoff context, but it should not be used to make inferences about the customer’s identity or behaviour. To make this concrete, let’s talk about the types of memories that are retained and the types that are erased. Which type of memories should be retained? Useful support memory is narrow and purposeful. The goal is to preserve the context that improves the next interaction. Some good candidates for memory here are: Preferred language Product or plan the customer owns Open issue summary with an expiry date Last handoff reason Relevant recent context (for example, that a replacement shipment was discussed last week) A minimal but useful memory record looks like this: { “preferredLanguage”: “Spanish”, “openIssue”: “Waiting for replacement shipment”, “lastHandoffReason”: “Refund exception required human review” } These fields help the next interaction without pretending to be the only source-of-truth. Which type of memories should be erased? Some data should never enter agent memory, regardless of how operationally convenient it might seem. Avoid storing: Passwords or authentication credentials Payment card data or bank account details Sensitive medical or legal content Old complaints that are no longer relevant to open issues Inferences or guesses that the model generated but did not verify Internal notes that are not meant to be visible to customers The risk with unverified model inferences is particularly easy to overlook. If an agent concludes during a conversation that a customer “seems like a high churn risk” and that inference gets written to memory, subsequent agents will treat it as a fact. Memory should store what the customer said or confirmed, not what the model deduced. How do the memory rules function in a support workflow? The workflow for a well-architected support agent looks like this: Memory and tools play different roles in that sequence. Memory tells the agent what context exists. Tools tell the agent what is true right now. If a customer asks where their replacement is, memory can surface the fact that a replacement was discussed last week and the reason for the original escalation. The shipping tool still has to provide the current delivery status. Memory does not substitute for that call. Kommunicate sits around this workflow at the channel and handoff layer. The AI agent handles context and reasoning; Kommunicate preserves conversation history across channels, manages human takeover, and provides analytics across support interactions. These architecture decisions change depending on the workflow you’re building: Memory by workflow type Different support workflows need different memory rules. The same architecture applies, but the retention and sensitivity thresholds shift depending on the domain. https://medium.com/media/621bce0cad6921b337b89b2562cdb204/href For BFSI in particular, “customer prefers WhatsApp updates” and “customer’s recent transaction ID” are entirely different categories. The first is a preference and is safe to retain. The second belongs in a secure backend system, not in model memory. For healthcare, keep administrative context separate from clinical content, and expire sensitive conversation summaries quickly unless a compliance requirement mandates retention. When does memory architecture fail? Memory in AI agents fails in predictable ways. Understanding the failure modes is as important as designing the architecture. https://medium.com/media/0fccc05722934056e7953b08576a1b62/href The correction path matters as much as the storage path. If a human agent updates a customer’s profile, the AI should stop using the previous version immediately. Memory architectures that do not support deletion and correction will degrade over time, even if the initial design was sound. Additionally, you should also add in privacy boundaries. Privacy boundaries https://medium.com/media/9c55151a6919a174a0c63cea845852bb/href The principle that ties these together: memory should only remember what helps the customer. Conclusion The design choices in AI agent memory architecture are not primarily technical. They are decisions about what the agent should know, for how long, and for what purpose. Separate the five memory types. Assign retention policies. Use tools for live facts. Use the knowledge base for policy. Keep memory minimal enough that it can be corrected, deleted, and audited. Memory improves continuity. It should not create a permanent shadow profile. Why AI Agent Memory Architecture Matters for Customer Service was originally published in Towards AI on Medium, where people are continuing the conversation by highlighting and responding to this story.
- Alex Karp Is Saying What Every Angry CEO Is Thinking About AI
Palantir’s CEO taps into Corporate America’s angst about the growing power of AI upstarts.
- AI customers are coming around to the idea that small is beautiful
OpenAI and Anthropic have built AI Swiss Army Knives, but the future may be smaller built-for-purpose tools
- Colibrì proof-of-concept gains frontier-level 1.5-TB AI model — novel approach runs on only 25GB of RAM and shows promise for local AI setups
Colibrì proof-of-concept gets a frontier-level AI model running on only 25 GB of RAM and a modest CPU
- Half the Answer Keys in Text-to-SQL Benchmarks Are Wrong.
Half the Answer Keys in Text-to-SQL Benchmarks Are Wrong. So I Generated the Database From the Answer Key. A VLDB 2026 audit found that most text-to-SQL answer keys are wrong; so I tried inverting the construction entirely. Earlier this year a team at UIUC audited the benchmarks the text-to-SQL field ranks itself on. The numbers in the paper ( Jin et al., VLDB 2026 ) stopped me cold: 52.8% of BIRD Mini-Dev annotations and 62.8% of Spider 2.0-Snow annotations are wrong. Not ambiguous. Wrong, as adjudicated by human SQL experts after an agent flagged them. When the authors corrected just 100 examples and re-evaluated 16 open-source agents, relative performance swung by as much as 31% and leaderboard positions moved by up to 9 places. Every team that picked a data agent off those leaderboards was, to a measurable degree, choosing based on noise. I build synthetic data tooling for a living, and my whole library is organized around one guarantee: declared numbers hold exactly in generated data. Reading that paper, it was hard to miss that the two problems are mirror images. Benchmarks struggle to attach correct answers to existing databases. My engine attaches a database to declared answers. So I spent this week building the inversion, and this post walks through the mechanism, the verification, and the parts that did not survive their own verification, because those are the most instructive. Why annotation-after-the-fact fails structurally The error rates are not annotator laziness. Look at how every benchmark in this lineage gets built. A database exists first, scraped or donated or assembled. Then question writers read schemas they did not design and write natural-language questions. Then annotators produce the gold SQL and expected answers by interrogating data full of null conventions, encoding quirks, and domain definitions they can only infer. The UIUC audit’s taxonomy shows exactly where that leaks. Semantic mismatches between question and SQL, like a strict inequality in the question compiled as an inclusive BETWEEN. Schema misunderstandings: missed aggregations, wrong joins, a filter on the wrong status column. Domain knowledge errors, their example being an annotator treating K-12 as equivalent to grades 1 through 12. And genuinely ambiguous questions with several defensible readings. Strip away the details and all of these share one structural property: they can only exist because the answer was derived after the data, by a human reading it. The answer key is a claim about the database, and claims can be wrong. Inverting the construction So make the answer key not a claim but a constraint. Declare the ground truth first, as a specification: exact monthly revenue for calendar 2025, a fraud rate rising from 2% to 3.5%, two foreign-key relationships that must have zero orphans. Then generate a database that satisfies the specification. Questions are derived from the declaration. The expected answer for “total order amount in November 2025” is not something anyone computed by reading rows. It is $750,000.00 because the data was constructed so that it would be. The generation math matters here, so briefly: for each declared period the engine allocates a row count from the target and the average transaction value, draws per-row amounts from a lognormal around that average, then rescales the period so it sums to the target exactly. Two stages, allocation then scaling, no learned model anywhere in the path, fully deterministic given a seed. The method is written up in the Misata paper ; the engine is open source. The property that makes it usable for evaluation is that the aggregate guarantee survives all the way to files on disk: modern float serialization round-trips exactly, so the CSV a grader reads carries the same cent-exact sums the generator produced. Generators don’t get to grade their own homework Here is the part I consider non-negotiable, because “the generator says the generator is right” should convince nobody. After the CSVs are written, every candidate question’s gold SQL is executed by DuckDB against those files, the ones that actually ship, and the observed answer is compared with the declared one. DuckDB shares no code with my engine. The two systems agree on nothing except the files. Each shipped question looks like this, from the actual pack: { "id": "q011", "question": "In the orders table, what is the total of amount during November 2025 (rows whose timestamp is on or after 2025–11–01 and strictly before 2025–12–01)? Give a number rounded to 2 decimal places.", "gold_sql": "SELECT ROUND(SUM(\"amount\"), 2) FROM \"orders\" WHERE \"order_date\" >= TIMESTAMP '2025–11–01 00:00:00' AND \"order_date\" < TIMESTAMP '2025–12–01 00:00:00'", "expected_answer": 750000.0, "answer_type": "number", "round_decimals": 2 } Notice the question states its window as half-open and names its rounding. That is deliberate. Most of what the audit classified as ambiguity comes from questions that leave boundaries and output format to the reader’s imagination. When you author the question from the declaration instead of from the data, you can simply say what you mean. The demonstration pack is public: github.com/rasinmuhammed/evalpacks . A 73,629-row orders table plus customers and products, 35 shipped questions, and a certificate recording the DuckDB version, the seed, the spec hash, and every per-question verification result. Re-checking it needs one dependency and about thirty seconds: pip install duckdb python pack/verify.py # 35/35 verified exactly Edit one amount in one CSV and the script exits nonzero. That is the entire trust model. There is no leaderboard to take on faith, just a check anyone can run against the artifact itself. The questions that did not survive The pack shipped 35 questions. The spec produced 40 candidates. The other five are my favorite part of the artifact. Declared rates collide with integer arithmetic. January was declared at a 2% fraud rate, and the January allocation came out to 4,824 orders. Two percent of 4,824 is 96.48 orders, and you cannot flag half an order. The achievable neighbors are 96 flagged rows, which is 1.99%, or 97, which is 2.01%. The verification gate measured 1.99% against a declared 2.00% and refused to ship the question. Same story for four other months: Seven other monthly rate anchors happened to be exactly achievable at four decimal places, and those shipped. All five failures are recorded in the manifest with their observed values, next to the full generation spec. I want to be precise about what this section is, because a reader could mistake it for an admission. A benchmark that publishes what it refused to include, with the measured reason, is making a stronger claim than one that ships everything: it is telling you the shipping bar is exact verification and showing you the bar rejecting things. The alternative, quietly shipping a question whose true answer is 1.99% with an answer key that says 2%, is precisely the failure mode the UIUC paper documented at scale. Regeneration, or why contamination stops mattering BIRD and Spider are in every frontier model’s training corpus by now. That is not an accusation, it is arithmetic: benchmark questions get indexed, discussed, and absorbed. Static benchmarks depreciate. An evalpack is a spec plus a seed, so it regenerates. Change the seed and you get a different database that satisfies the same declared answers. From my own run while writing this post: seed 20260710: November total = 750,000.00 over 73,629 orders seed 99: November total = 750,000.00 over 73,629 orders shared order_ids between the two databases: 544 Two databases, essentially disjoint rows (the 544 shared IDs are random collisions in a ten-million-value ID space), identical declared answers, and the seed-99 pack re-verifies 35/35 on its own certificate. If you suspect a model has seen your eval data, you rotate the seed and the answer key survives. No annotation cycle, no re-adjudication. There is a second contamination defense hiding in plain sight: every entity in the data is plausible fiction. No model can answer “which month had the highest revenue” from memorized world knowledge about a retailer that does not exist. It has to query. For evaluation data, fictional values are not a compromise. They are the point. Rewards for RL, where wrong labels hurt twice If you train data agents with reinforcement learning, ground-truth noise is worse than in evaluation, because the policy optimizes toward the noise. The large synthetic SQL corpora used for training measure around 86% full correctness by their own published human evals, and RL on a 14%-wrong reward signal is a strange thing to spend GPUs on. A verified evalpack is, from an RL perspective, a reward function with a certificate: exact-match rewards whose correctness was checked by an independent engine before training started, generable at whatever scale and difficulty the spec dials in. Join depth, aggregation complexity, and temporal structure are parameters, not accidents of whichever database was available. I think this is where answer-key-first construction ends up mattering most, and it is the part I would most like to compare notes on with people building agent environments. Design choices a skeptic should ask about Three decisions define the current scope, and each was made with eyes open. Question families cover declared aggregates, per-period counts, rates, extrema, and referential integrity, not arbitrary SQL. That is what the spec language can declare today. The right way to extend coverage is to extend the declaration language, keeping the property that every shipped answer traces to a declared constraint, rather than annotating free-form questions and reintroducing the original disease. Natural-language ambiguity is reduced, not eliminated. Authoring questions from the declaration lets every question state its window, its rounding, and its tie-breaking rule explicitly, which removes the largest documented ambiguity sources. Wording is still wording, and I will not claim a theorem where I only have a discipline. And this complements human-authored benchmarks rather than replacing them. Real-world schema messiness, dialect coverage, the long tail of enterprise weirdness: existing benchmarks carry that, and correcting them, as the UIUC team is doing, stays essential. Answer-key-first construction owns the complementary territory: the error classes where annotation-after-the-fact structurally fails, at whatever scale you need, contamination-free by rotation. Try it Everything is MIT licensed. The pack, certificate, and verifier are at github.com/rasinmuhammed/evalpacks . Building your own takes one install and one command: pip install 'misata[evalpack]' misata evalpack - config your_schema.yaml -o your_pack - seed 42 The declaration language, integrity proofs, and the rest of the engine are documented at misata.studio/docs , and there is a no-code version at misata.studio if you want to go from a plain-English description to a generated database without writing the schema by hand. If you build evaluations for data agents, or RL environments that contain databases, and this construction is either useful to you or broken in a way I have not noticed, I genuinely want to hear it. Open an issue on the repo. The fastest way to make the answer key trustworthy is to keep trying to break it. Half the Answer Keys in Text-to-SQL Benchmarks Are Wrong. was originally published in Towards AI on Medium, where people are continuing the conversation by highlighting and responding to this story.
- Judge calls out man for using AI to cite fictitious case in Singapore lawsuit against wife
Judge calls out man for using AI to cite fictitious case in Singapore lawsuit against wife The Straits Times
- Using AI to cheat has become too easy
Using AI to cheat has become too easy The Boston Globe
Score: 45🌐 MovesJul 11, 2026https://www.bostonglobe.com/2026/07/11/opinion/cheating-ai-student-learning/ - AI ‘actor’ Tilly Norwood has a movie coming out. Spare us this future | Dave Schilling
Acting is about human connection across cultural and social divides. But we can’t expect much of that in the ‘Tillyverse’ Rejoice, cinema lovers. Tilly Norwood is back! Not familiar? I don’t blame you, as she’s not exactly a household name yet – though a fleet of well-fed publicists is certainly trying to rectify that. Tilly Norwood is an “AI actor”, as in, an actor that’s not actually an actor at all. Just a series of digital blobs and lines of code designed to resemble a young woman in the lucrative 18-to-49-year-old target demographic. Thus far, Tilly has lived exclusively in easily digestible social media clips and hyperbolic press releases about the “future of entertainment”. But now, “she” (I feel like a complete buffoon for assigning a gender to a computer program) is finally ready for the world of feature films. The company Particle6, which spat out this risible creation, announced that it has commenced development on a motion picture starring this very elaborate and expensive cartoon avatar. The film, titled Misaligned, will see Tilly seduced by a rogue program into experimenting with human emotions – “desires, impulses, and ambition”, as described by Variety . The company claims that the film will be a “coming-of-age story infused with existential AI chaos”. I can’t help but wonder what resonance a “coming-of-age story” can have if the protagonist is a computer program that doesn’t understand the concept of time, ageing or mortality. Does Tilly Norwood understand the concept of a 24-hour day? Does “she” know the glorious warmth of a mid-afternoon sun? Has “she” ever forgotten to move her car because it’s street cleaning day on her block? Tilly Norwood, being an animated sprite, is neither “coming” nor “of age”. But then again, isn’t acting all about accessing experiences you’ve never had? Dave Schilling is a Los Angeles-based writer and humorist Continue reading...
Score: 45🌐 MovesJul 11, 2026https://www.theguardian.com/commentisfree/2026/jul/11/ai-actor-tilly-norwood-movie - Understand HNSW: Why Your Vector Search Returns Garbage (Build your own minimalist HNSW from…
Understand HNSW: Why Your Vector Search Returns Garbage (Build your own minimalist HNSW from scratch) I still remember that query. Typed in “how to cancel my subscription”, and the result that came out was an article that explained how to reset a forgotten password. Well, that seems wrong, and that too, in a way that it made no sense given how obviously related those two concepts should have been in embedding space. Blamed the embedding model first. Swapped it for a bigger one. SAME RESULT! Spend two days convincing myself that I had a data quality problem before I finally looked one layer lower, past the embeddings, into the thing which actually decided which vectors get compared at query time. That specific layer is called HNSW, and let me tell you, almost nobody building RAG systems today actually understand what it is doing on their behalf. The article you are going to read will fix that. We will build a working HNSW index from scratch, and then break it deliberately, watch the recall collapse with real numbers, and then tune our way back out of the mess. So this is going to be real code, real measurements, running and printing from my own machine. 1. The Symptom every RAG builder hits Eventually Here is the raw scenario, and I could bet real money that you have lived some version of it. You have a document that is obvious, semantically. The user’s query and the correct answer share almost identical language. You would bet your job that the vector database returns it in the top three results. However, it returns something really different, or nothing useful at all. And your actual answer sits somewhere buried at rank forty, invisible to your top-k cutoff. Now, 90% of the time, the blame goes to the embedding model. That instinct is usually wrong. Embedding models are remarkably consistent. If two pieces of text are semantically close, the vectors representing them land close in that high-dimensional space almost every time. The relationship that you are looking for is genuinely there, sitting in the math, just waiting to be found. Interesting enough, the part that fails silently is the search itself. Your vector database is not comparing your query against every single vector in the whole collection. It is taking a shortcut, and that shortcut has a name, “ Approximate Nearest Neighbor ”, or ANN. HNSW is basically the graph structure that most modern vector databases use to implement it, and that is the actual usual suspect behind the “obviously related result never showed up” problem. Nobody looks there. And everybody should. 2. Misconception: “Vector Search” Is’nt What you Think It Is Majority of the people picture vector search as a straightforward operation. Query vector -> Compare against every stored vector using cosine similarity or Euclidean Distance -> Return closest match This right above, is called Brute Force Search , and it is correct. It always finds the true nearest neighbors, no exceptions. Also, it is completely impractical past a few hundred thousand vectors. Brute force search scales linearly with the number of the stored vectors. So, if you double your collection, you double the time every single query takes. At about ten thousand vectors, this would be barely noticeable. However, at 10 Million vectors, a query that used to take two milliseconds is now gonna be taking two seconds, and trust me, nobody is gonna be waiting two seconds fro a search result inside a chat interface. So, every production vector database quietly makes a trade on your behalf. It sacrifices a small amount of exactness for a massive amount of speed. So, instead of comparing your query against every vector, it uses a graph structure to intelligently skip toward the right neighborhood and only examines a small fraction of the total collection. That trade is not necessarily a flaw. It is the entire reason vector search works at scale at all. But it is more of a dial, not a fixed setting, and if you never touch that dial, you are living with whatever default the library shipped with, better or worse! 3. What HNSW Actually Is (Without the Whitepaper Jargon) HNSW stands for Heirarchical Navigable Small World Graphs. Forget that phrase for a sec. Let me explain it in a more simpler way. Picture a skip list, the classic data structure for the fast ordered search. A skip list has multiple layers. The top layer has very few entries, and they are spaced far apart, letting you jump across large distances quickly. Each layer below has progressively more entries, and letting you narrow in with increasing precision, until the bottom layer contains everything. HNSW is that same idea, just translated into vector space, with graphs instead of sorted lists . The top layer of the HNSW graph contains a small number of vectors, connected, designed for making large jumps across the space quickly. As you descend through the layers, the graph gets denser and the connections get more local. By the time you reach the layer zero, every single vector in your collection is present, tightly connected to its true neighbors. Okay, so how does a search actually move through this thing? It starts way up at the top layer, at some fixed entry point that the database picked when it built the index. From there, it just greedily hops to whichever neighbor looks closest to your query vector. Nothing fancy. It keeps hopping like that until it can’t find a neighbor that’s any closer, and once it hits that wall, it drops down a level and starts the same greedy hopping again, using wherever it landed as the new starting point. Rinse and repeat, layer after layer, and by the time it lands on layer zero, it’s already sitting more or less in the right neighborhood. From there, a tighter local search around that spot pulls out the final candidates you actually see. Here’s the thing though, that word “ approximate ” earns its palce here honestly. It’s doing real work. Because the whole traversal is greedy, it can wander into a spot that looks good locally but is actually the wrong neighborhood entirely, and once it’s there, it has no built-in way of realizing it. The true nearest neighbor to your query could be sitting one single hop off to the side of the path the graph actually walked, and if the search never widens out enough to check that hop, it just never finds it. Nothing crashes, no error. It just returns the wrong “ closest ” answer and moves on like everything’s fine. And this detail rght here, is basically the root cause behind almost every “ why did my obviously relevant document not show up ” bug you’re ever going to chase down. 4. The Three Parameters That Control Everything There are three settings that basically decide how your HNSW index behaves, and here’s the funny part, most people who are building on top of a vector database have never so much as looked at them. M: How Connected Each Node Gets M controls how many connections every node keeps at each layer above the bottom one. Crank M up and you get a denser, more richly wired graph. And a denser graph is just harder to get lost in, so recall goes up. But nothing’s free here. Every extra connection is extra memory sitting around, and it’s extra work at build time too, because now every single insert has to weigh and prune through a bigger pile of candidate edges before it settles on which ones to keep. ef_construction: The One-Time Payment Worth Making ef_construction controls how wide the algorithm searches while it’s actually building the graph, specifically when it’s deciding which neighbors a brand new node should connect to. A higher value means the algorithm looks at a bigger pool of candidates before locking in the final connections, and that just produces a better graph, plain and simple. And here’s the nice part, you only pay this cost once , at build time. Frankly, this is one of the easiest wins in this whole article: just pay it. There’s really no good reason to be stingy with ef_construction when you’re building the index. ef_search: The Knob Everyone Forgets Exists ef_search controls how wide the search goes at query time, down at layer zero, right before the results actually get handed back to you. This is the parameter almost nobody touches, it just sits at whatever default the library shipped with, and that’s a shame because it’s directly, measurably behind a huge chunk of the “vector search is returning garbage” complaints out there. Raise it and the recall climbs. Raise it up too far, though, and you’re paying real latency for what amounts to a sliver of extra recall. Below is a table pulled from measurements later in this piece, once we actually build an index and put it through its paces, showing how these three parameters play off each other in practice: Two things jump out immediately, and they’re the whole point of this article. First, a weak graph, one built with a small M and a small ef_construction , hits a hard ceiling on recall, and no amount of raising ef_search at query time is going to break through that ceiling. It just is what it is. Second, a strong graph gets you most of the recall you’re ever going to get almost right away, at a pretty modest ef_search , and pushing that value way higher after that point buys you next to nothing. We’re about to go prove both of these to ourselves, with our own index, running on our own machine. 5. Building a Minimal HNSW Index From Scratch Ok, so lets dive into something exciting. You only need Python and numpy. That’s the entire dependency list. No FAISS, or hnswlib, nothing pre-built. The goal is to see every part with your own eyes. The graph itself is a dictionary of vectors, a dictionary of neighbor sets keyed by layer, and a record of which layer that each node reaches up to. import heapq import math import random import numpy as np def l2_sq(a, b): diff = a - b return float(np.dot(diff, diff)) class SimpleHNSW: def __init__(self, dim, M=8, ef_construction=100, seed=42): self.dim = dim self.M = M self.M0 = M * 2 # layer zero keeps more connections, standard HNSW practice self.ef_construction = ef_construction self.mL = 1.0 / math.log(M) self.rng = random.Random(seed) self.vectors = {} self.neighbors = {} self.levels = {} self.entry_point = None self.entry_level = -1 def _random_level(self): return int(-math.log(self.rng.random()) * self.mL) The _random_level function is what gives the graph its layered shape. Most inserted nodes get level zero and only exist at the bottom layer. A small, exponentially shrinking fraction get assigned to higher levels, which is exactly what creates that sparse, long jump top layer and dense, local bottom layer. Insertion has two phases. First, a cheap greedy descent from the top layer down to the new node’s own level, just to find a good entry point. Second, from that level down to zero, a proper search at ef_construction width to find real candidate neighbors, followed by connecting the new node to the best of them. def _search_layer(self, query, entry_points, layer, ef): visited = set(entry_points) candidates = [(l2_sq(query, self.vectors[ep]), ep) for ep in entry_points] heapq.heapify(candidates) result = [(-d, i) for d, i in candidates] heapq.heapify(result) while candidates: dist, current = heapq.heappop(candidates) furthest_dist = -result[0][0] if dist > furthest_dist and len(result) >= ef: break for neighbor in self.neighbors[current].get(layer, ()): if neighbor in visited: continue visited.add(neighbor) d = l2_sq(query, self.vectors[neighbor]) furthest_dist = -result[0][0] if d < furthest_dist or len(result) < ef: heapq.heappush(candidates, (d, neighbor)) heapq.heappush(result, (-d, neighbor)) if len(result) > ef: heapq.heappop(result) return sorted([(-d, i) for d, i in result]) def _select_neighbors(self, candidates, m): return [i for _, i in sorted(candidates)[:m]] def insert(self, node_id, vector): vector = np.asarray(vector, dtype=np.float64) self.vectors[node_id] = vector self.neighbors[node_id] = {} level = self._random_level() self.levels[node_id] = level if self.entry_point is None: self.entry_point = node_id self.entry_level = level for lc in range(level + 1): self.neighbors[node_id][lc] = set() return ep = self.entry_point for lc in range(self.entry_level, level, -1): ep = self._search_layer(vector, [ep], lc, ef=1)[0][1] for lc in range(min(level, self.entry_level), -1, -1): candidates = self._search_layer(vector, [ep], lc, ef=self.ef_construction) m = self.M0 if lc == 0 else self.M chosen = self._select_neighbors(candidates, m) self.neighbors[node_id][lc] = set(chosen) for c in chosen: self.neighbors[c].setdefault(lc, set()).add(node_id) cap = self.M0 if lc == 0 else self.M if len(self.neighbors[c][lc]) > cap: ranked = sorted( (l2_sq(self.vectors[c], self.vectors[n]), n) for n in self.neighbors[c][lc] ) self.neighbors[c][lc] = set(n for _, n in ranked[:cap]) if candidates: ep = candidates[0][1] if level > self.entry_level: self.entry_point = node_id self.entry_level = level That pruning step, the one after connecting a new node to its chosen neighbors, matters more than it looks. Every neighbor gets a back link to the new node, and if that pushes any neighbor’s connection count past its cap, the weakest connection gets dropped. Without that pruning step, popular regions of the graph would just accumulate unlimited connections over time and the whole structure would slowly degrade into something close to brute force again, just with extra bookkeeping. And we dont want that. Search is the same layered descent, minus the insertion bookkeeping. def search(self, query, k, ef_search): query = np.asarray(query, dtype=np.float64) if self.entry_point is None: return [] ep = self.entry_point for lc in range(self.entry_level, 0, -1): ep = self._search_layer(query, [ep], lc, ef=1)[0][1] candidates = self._search_layer(query, [ep], 0, ef=max(ef_search, k)) return sorted(candidates)[:k] I ran this exact class on a small, clean toy dataset first, five hundred random vectors in sixteen dimensions, no clustering tricks, generous parameters ( M=16, ef_construction=200, ef_search=200 ). Every single query returned recall of 1.0 against a brute force ground truth, meaning that the index found the true top ten nearest neighbors, every time, for every query tested. The mechanism works exactly as designed when you give it room to work. Now let’s take that room away on purpose. 6. Reproducing the “Garbage Results” Problem On Purpose: Real production data almost never looks like a clean & uniform cloud of points floating in space. It clusters. Most of your documents are going to circle around a handful of recurring topics, and then you’ve got a small number of genuine outliers scattered around the edges. So I built a synthetic dataset that mirrors exactly that: five tight clusters of four hundred vectors each, in sixty-four dimensions, and fifty outlier vectors scattered far off from any cluster, for a total of two thousand and fifty vectors. From there, I built two indexes on that exact same dataset. One with deliberately weak parameters, M=4 and ef_construction=10 , values low enough that, honestly, plenty of real deployments are running settings this stingy without even realizing it. And one with strong parameters, M=32 and ef_construction=200 . Then I ran one hundred queries against each index, using vectors that were already sitting in the dataset as the queries themselves, and compared what came back against the true brute force nearest neighbors. WEAK INDEX: M=4, ef_construction=10 ef_search= 5 | cluster recall@10=0.315 | outlier recall@10=0.085 ef_search= 10 | cluster recall@10=0.315 | outlier recall@10=0.085 ef_search= 20 | cluster recall@10=0.352 | outlier recall@10=0.125 ef_search= 50 | cluster recall@10=0.405 | outlier recall@10=0.175 ef_search= 100 | cluster recall@10=0.420 | outlier recall@10=0.200 ef_search= 200 | cluster recall@10=0.435 | outlier recall@10=0.205 ef_search= 400 | cluster recall@10=0.440 | outlier recall@10=0.210 Read that outlier row again. With a weak graph, queries against outlier points, the scenario where the user searched for something genuinely uncommon in your dataset, recovered barely 1/5th of their true nearest neighbors, even at an absurdly high ef_search of 400. And this is the failure mode from my opening story. The query was semantically legitimate. The correct answer existed in the collection. The graph just never built a path good enough to reach it, and no amount of searching harder at query time could invent a path that was never built. We would go directly back to construction, when we trace the reason. With M=4, each node in the graph keeps only four connections at the upper layers. During insertion, ef_construction=10 means the algorithm barely searched before deciding those four connections. Outlier points, sitting far from the dense cluster mass, had very few nearby candidates to connect to in the first place, and the stingy search width meant even the few good candidates that existed often got missed. The graph around those outliers ended up thin and poorly connected. This is a structural gap that no query-time parameter can patch over. 7. Fixing It: Tuning Your Way Back to Good Recall Here is the same experiment, same dataset, same one hundred queries, run against the strong index instead, M=32 and ef_construction=200. STRONG INDEX: M=32, ef_construction=200 ef_search= 5 | cluster recall@10=0.778 | outlier recall@10=0.590 ef_search= 10 | cluster recall@10=0.778 | outlier recall@10=0.590 ef_search= 20 | cluster recall@10=0.780 | outlier recall@10=0.640 ef_search= 50 | cluster recall@10=0.780 | outlier recall@10=0.650 ef_search= 100 | cluster recall@10=0.780 | outlier recall@10=0.655 ef_search= 200 | cluster recall@10=0.780 | outlier recall@10=0.655 Cluster recall jumps from a ceiling of 0.44 to a ceiling of 0.78 just by improving the build-time parameters, and that’s before ef_search even gets touched. Outlier recall very nearly triples, going from 0.21 to 0.655 . That's the entire lesson of this article, right there, in one side-by-side comparison. Build quality sets your ceiling. Query-time search width just decides how close you actually get to that ceiling. One more thing worth noticing here is exactly where the diminishing returns show up. On the strong index, almost all of the recall gain happens by the time you hit ef_search=20 . Pushing it all the way up to 200 after that buys you basically nothing, something like half a percentage point of extra outlier recall, while latency climbs from 0.81 milliseconds to 1.50 milliseconds . That's an 85% jump in latency for what amounts to a rounding error in accuracy. That's real money, real user-facing delay, spent for almost nothing, and it's exactly the kind of waste you get when a team tunes ef_search by trial and error instead of just plotting recall against latency and looking at it. And since I promised no vague hand waving anywhere in this piece: this is a simplified, from-scratch implementation, built for clarity rather than raw performance. Production libraries like hnswlib and FAISS lean on a more elaborate neighbor selection heuristic during construction, one that actively favors diverse, well-spread connections instead of just grabbing the closest candidates. That is exactly why mature implementations routinely report recall in the high 90s on real workloads, well above anything my simplified version reaches even at its best settings. But the mechanism you just watched play out, weak graphs capping recall no matter how hard you search, strong graphs closing in on their ceiling fast, holds true in every real implementation out there. The exact numbers justt get a lot better once that extra construction heuristic is in the mix. 8. Translating This to Production Vector DBs Every parameter you just watched in action has a direct counterpart sitting in your production vector database’s configuration, usually untouched. In Pinecone , pod-based indexes historically exposed these directly as index build settings, and serverless indexes manage graph construction internally but still expose query-time behavior worth checking against your recall requirements in their documentation. In Qdrant , the HNSW config block exposes M and ef_construct directly at collection creation time, and ef gets set per search request, or as a collection-wide default, controlling exactly the query-time search width we tuned above. In FAISS , the IndexHNSWFlat constructor takes M directly as a constructor argument, efConstruction gets set as an attribute before adding vectors, and efSearch gets set as an attribute before querying, matching this article's naming almost exactly. Here is the checklist worth running against your own system this week, symptom first, likely culprit second: Obviously relevant results missing entirely, especially for less common or outlier-ish queries: check M and ef_construction at index build time. This usually means the graph itself is under built. Results feel randomly inconsistent, same query returning different quality on different runs: check whether ef_search is set anywhere near default, and whether it is even being passed through correctly at query time. Search is fast but quality is mediocre across the board, not just on edge cases: raise ef_search first, since it is the cheapest, zero rebuild fix available, and measure the actual recall change rather than assuming it helped. Search is accurate but too slow for your latency budget: you are very likely past the point of diminishing returns on ef_search , exactly like the strong index above going from ef_search=20 to ef_search=200 . Bring it back down and measure what you actually lose.\ 9. The Diagnostic Habit This Gives You Here’s the gut check I use now, and it only takes about ten minutes. It would’ve saved me those two wasted days I spent chasing the embedding model. Pull twenty or thirty real queries out of your logs, ones where you already know, or at least strongly suspect, what the correct top result should be. Run them against your current index and just write down what comes back. Then, on a small sample of your actual collection, maybe five or ten thousand vectors, run a true brute force nearest neighbor search for those same queries. Line the two result sets up side by side. Compare them directly. If brute force finds the right answer and your production index doesn’t, that’s an ANN tuning problem, full stop, not an embedding problem. Go check M, ef_construction, and ef_search before you touch anything else. If brute force also comes up empty on a genuinely relevant result, then, and only then, do you have some actual ground to suspect the embedding model itself, and even then, check your chunking before you go pinning the blame on the model too. That one test alone will tell you, with certainty, which half of your stack actually broke. 10. Closing Thought I have watched engineers spend entire sprints rewriting prompts, swapping embedding models, and restructuring retrieval logic, chasing a problem that a single configuration change would have fixed in an afternoon. Nobody checks their index config. Everybody checks their prompt first, obsessively, over and over, because the prompt is the part you can see and touch and iterate on in a chat window. The index config is invisible. It sits underneath everything, quietly deciding what your system is even capable of finding, and most people never once open that file. That is exactly backwards. Your prompt cannot retrieve a document your index never let it see in the first place. Understand HNSW: Why Your Vector Search Returns Garbage (Build your own minimalist HNSW from… was originally published in Towards AI on Medium, where people are continuing the conversation by highlighting and responding to this story.
- The volatile AI trade marched higher, but oil kept Wall Street on edge last week
Chip stocks had a wild but strong week. Meta led our portfolio higher.
- Researchers hid a prompt injection inside a PNG, and AI fell for it
A seemingly harmless PNG image could fool AI coding assistants into exposing sensitive data, according to new security research.
Score: 42🌐 MovesJul 11, 2026https://www.digitaltrends.com/cool-tech/researchers-hid-a-prompt-injection-inside-a-png-and-ai-fell-for-it/ - 'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all, then convinced a coding agent to read a repo's .env and write every secret into the code as a list of numbers. [...]
- Long Context Isn’t Free — I Built a Safe Prompt-Pruning Layer That Makes LLM Systems Work
LLMs don’t fail because they forget—they fail because they remember too much. As conversations grow, prompts accumulate redundant and low-value tokens, driving up cost and latency while silently degrading output quality. This article introduces a deterministic prompt-pruning layer that reduces token usage without breaking dependencies, backed by real benchmarks and production-tested design. The post Long Context Isn’t Free — I Built a Safe Prompt-Pruning Layer That Makes LLM Systems Work appeared first on Towards Data Science .
- Wipro PARI donates industrial robot to strengthen India's future manufacturing workforce
As India's manufacturing sector accelerates its adoption of automation and smart factory technologies, the need for industry-ready talent has become increasingly critical. Against this backdrop, Wipro PARI has donated an industrial robot to the Indo-Swiss Centre of Excellence (ISCE), Pune, to provide students with hands-on experience in industrial robotics and automation. The company, part of Wipro Infrastructure Engineering, has commissioned a FANUC R-2000iB/210F six-axis industrial robot at the institute. The robot was inaugurated on July 4 and is expected to support practical training for nearly 200 students enrolled at ISCE. Bridging classroom learning and factory-floor skills The initiative is aimed at narrowing the gap between classroom education and real-world manufacturing requirements by giving students direct exposure to industrial robot programming and automation systems used on modern factory floors. Many of the beneficiaries come from economically disadvantaged backgrounds, including children of daily wage workers and students from orphanages. Access to industry-grade robotics equipment is expected to improve both technical competency and employability as manufacturers increasingly seek talent familiar with automation technologies. ISCE offers three-year full-time diploma programmes in partnership with the Nettur Technical Training Foundation (NTTF). Its curriculum spans Mechatronics Engineering, Smart Factory, Electronics Engineering, and Embedded Systems. The addition of the industrial robot further enhances the institute's practical learning infrastructure, enabling students to work with technologies commonly deployed in advanced manufacturing environments. The inauguration was attended by senior leaders from both organisations, including Vipul Tandon, CEO, Wipro PARI; Amit Choudhary, CHRO, Wipro PARI; Pritesh Agrawal, CFO, Wipro PARI; Niteen Tapare, Head – Detailing Mechanical, Wipro PARI; Mandar Unde, Leader – Corporate Engineering, Wipro PARI; Mukesh Malhotra, Chief Functionary and Chairman, ISCE; Rajendra Jog, Director, ISCE; and Vikram Puri, Director, ISCE. The donation reflects a broader trend of industry-academia collaboration as manufacturers seek to build a workforce equipped for digital manufacturing, robotics, and Industry 4.0 environments. With automation becoming a core capability across production facilities, initiatives that combine classroom instruction with practical exposure are expected to play an increasingly important role in preparing India's future manufacturing talent.
- 97 Percent of Edmonton Businesses Are Invisible to ChatGPT, New Review Finds
97 Percent of Edmonton Businesses Are Invisible to ChatGPT, New Review Finds USA Today
- The Biggest New Threat to Smart Homes Is AI Promptware. My Tips Help Stop It
Prompt injections into AI have created a new world of home-hacking opportunities. Here's how it works and my steps to protect yourself.
- 5 Claude Code Plugins That Turned One Assistant Into an Engineering Team
A memory system, five parallel code reviewers, and a plugin that refuses to over engineer — here’s what changed when I stopped treating… Continue reading on Towards AI »
- Meta's Muse Spark 1.1 outperforms GLM-5.2 in coding and costs slightly less
Meta's Muse Spark 1.1 scored 51 on the Artificial Analysis Intelligence Index, up eight points in three months. In coding, it edges past GLM-5.2 with a score of 71.3 at a lower cost of $0.26 per task. The hallucination rate dropped from 73 to 38 percent. The article Meta's Muse Spark 1.1 outperforms GLM-5.2 in coding and costs slightly less appeared first on The Decoder .
Score: 40🤖 ModelsJul 11, 2026https://the-decoder.com/metas-muse-spark-1-1-outperforms-glm-5-2-in-coding-and-costs-slightly-less/ - WAIC 2026 Shanghai Previews: Future Tech and Global AI Governance
WAIC 2026 Shanghai Previews: Future Tech and Global AI Governance
- The Infosys Perspective: Moving from AI Experimentation to Enterprise Value
As organizations race to integrate artificial intelligence, the true differentiator is no longer the ability to experiment, but the capacity to scale AI to deliver tangible, enterprise-wide value. Transitioning from isolated pilots to continuous value realization requires a fundamental shift toward a product- and platform-centric operating model. By reimagining core business capabilities, building reusable AI […] The post The Infosys Perspective: Moving from AI Experimentation to Enterprise Value appeared first on CXOToday.com .
- AI-First Desktop App Architecture: How Developers Should Build for Agentic Operating Systems
AI-first desktop apps need to expose goals, context, tools, permissions, and progress instead of hiding all useful work behind screens. The next desktop shift is not a prettier chatbot. It is software that can be understood, operated, verified, and recovered by AI agents without turning your product into a security incident. The desktop is starting to change shape again. For years, apps were designed around windows, menus, forms, and human clicks. Now Microsoft is pushing deeper into Copilot, MCP-powered agents, Windows 365 automation, and experiments that point toward an agentic desktop where the user gives goals and the system coordinates tools. That shift sounds futuristic, but the developer problem is plain: most desktop apps were never built to be safely operated by agents. They hide important state in pixels. They mix dangerous and harmless actions in the same interface. They give automation tools either too much access or no reliable access at all. They make it hard to explain what happened after an AI completed a task. If agentic operating systems become normal, those design choices will feel as dated as a web app with no API. This article is a practical guide to AI-first desktop app architecture. The goal is not to chase one leaked project, one keynote demo, or one vendor SDK. The goal is to design desktop software that works well when humans and AI agents share the same workflow. Why AI-First Desktop Architecture Matters Now Microsoft’s direction is no longer limited to adding a chat sidebar to Windows or Office. Recent reporting on Project Aion described a prototype Copilot-centered operating shell with web-first task spaces, a multimodal input box, and AI-curated groups of apps and files. Microsoft has also been expanding the official agent stack around Microsoft Agent Framework , Copilot Studio, MCP connectors, Microsoft 365 Copilot extensibility, and Windows 365 for Agents , which exposes desktop automation, browser scripting, and UI inspection through an MCP server. Those signals matter even if one specific product name changes. The direction is clear: apps are becoming raw material for agents. Developers should treat that as an architecture problem, not a UI trend. An AI-first desktop app needs to answer five questions: What user goals does this app help complete? What context does an agent need before it acts? Which actions can be called safely as tools? Which actions require approval, isolation, or rollback? How can the user and the system audit what happened? If your app cannot answer those questions, it may still work for humans. It will just be hard to trust inside an agentic desktop. The Mistake: Treating Agents Like Faster Clickers The most tempting pattern is to let an agent drive your existing UI exactly like a human. It reads the screen, clicks buttons, fills forms, waits for spinners, and hopes the app behaves. That can help with legacy systems, testing, and short-term automation. It should not be the main integration model for new software. A screen is a lossy interface. It is optimized for human perception, not machine reliability. The agent has to infer meaning from layout, labels, color, modal state, disabled buttons, and changing DOM or native UI trees. Small UI changes can break important workflows. Worse, the agent may successfully click through a task while missing hidden business rules that a direct API would have enforced. AI-first architecture starts with a different idea: the UI is one surface, not the source of truth. The source of truth should be explicit capabilities, state models, policies, and event logs that both humans and agents can use. The winning desktop apps will not be the ones agents can click. They will be the ones agents can understand, operate, and explain. Start With Goals, Not Screens Traditional desktop design begins with screens: dashboard, settings, editor, reports, inbox, billing, and admin. AI-first design begins with goals: reconcile expenses, prepare a client update, approve a contract, clean a dataset, summarize a project, investigate an alert, or package a release. This sounds subtle, but it changes the shape of the system. A screen is usually a place. A goal is a job with inputs, steps, permissions, output, and a clear stopping point. Agents are much better at goals than places. A user does not want to say, “Open five windows and copy the value from tab three into field seven.” The user wants to say, “Prepare the renewal packet and flag anything risky before I send it.” For each important workflow, define a goal contract: The user intent in plain language. The required context, such as customer, file, date range, repository, account, or project. The allowed tools or actions. The risk level of each action. The expected output format. The approval points. The rollback or recovery path. That contract becomes the bridge between your human UI and your agent interface. Start with workflows that are frequent, structured, and painful, but not so risky that a single mistake causes serious damage. Design a Context Pack for Every Workflow Agents fail when they receive too little context. They also fail when they receive everything. An AI-first desktop app should build context packs: compact, structured summaries of what the agent needs to know for a specific task. A context pack is not a full database dump. It is not a screenshot. It is a task-specific bundle. For example, a customer success desktop app might create this context pack for “draft a renewal risk summary”: Customer name, plan, renewal date, owner, and contract value. Open support tickets and severity. Usage trend summaries, not raw event streams. Recent account notes with source links. Known risk flags and allowed next actions. Company policy on discount approval. The agent does not need every click, metric, and message. It needs the right evidence, with source references. A simple context-pack shape might look like this: { "task": "draft_renewal_risk_summary", "subject": { "customer_id": "cus_123", "renewal_date": "2026-08-15" }, "facts": [ { "type": "usage_trend", "summary": "Weekly active users declined for six weeks.", "source": "analytics.account_usage.weekly" }, { "type": "support_signal", "summary": "Two unresolved severity-two tickets are open.", "source": "support.tickets" } ], "policies": [ "Discounts above 15 percent require finance approval." ], "allowed_actions": [ "draft_summary", "create_review_task", "request_discount_approval" ] } The structure matters more than the exact JSON. Give the agent a clean boundary, the user an evidence trail, and the system a way to test whether the right context was included. A practical AI-first desktop architecture separates user intent, context, planning, permissions, execution, and review. Expose Agent Tools Instead of Only Exposing UI If an agent needs to perform a real action, give it a real tool. Do not make it scrape the screen unless you have no better option. This is where protocols such as Model Context Protocol become important. Microsoft 365 Copilot supports MCP-based extensibility for agents, and Microsoft’s docs describe MCP resources, tools, and prompts as a way to connect agents to external systems. Whether you use MCP, a private tool API, Microsoft Agent Framework, or another runtime, actions should be explicit, typed, permissioned, and observable. Good agent tools are narrow. They do one job. They validate inputs. They return structured results. They do not pretend that a dangerous action is harmless. Bad tool: runDesktopCommand(command: string): string Better tools: createDraftInvoice(customerId, lineItems, notes) previewContractChanges(contractId, requestedTerms) requestManagerApproval(taskId, reason) scheduleFollowUp(accountId, date, summary) exportAuditBundle(workflowId) The first tool gives an agent too much room to improvise. The second set creates a workflow surface your product can secure, test, and explain. Separate Drafting, Preview, Approval, and Commit Agentic desktop apps should not jump straight from “understand request” to “change production data.” Most useful work has stages. Use a four-step action model: Draft: The agent prepares a proposal without changing durable state. Preview: The app shows exactly what will change and why. Approve: The right human or policy gate confirms the action. Commit: The system applies the change and writes an audit event. This pattern works for invoices, code changes, ticket updates, CRM edits, email sends, file moves, database exports, and admin actions. It is boring in the best way. Microsoft’s Windows agent-security direction also points toward this kind of thinking. The Windows Experience Blog described security and privacy controls for Copilot Actions, including new building blocks for agentic features on Windows. Developers should expect agent workflows to face more scrutiny around user consent, scoped access, isolation, and recovery. Do not wait for the operating system to solve all of that. Your app still owns its domain rules. Build Permission Scopes That Match Real Risk Many products have crude permissions: user, admin, read-only, editor. That model is too broad for agentic workflows. An AI agent may need permission to read a document, summarize it, create a draft, attach a file, send an email, update a record, or trigger a payment. Those are not the same risk. Design permission scopes around verbs and resources: read_project_context draft_external_message send_external_message create_internal_task modify_customer_record export_sensitive_data execute_desktop_action Then attach risk levels to those scopes. Low-risk actions may run automatically. Medium-risk actions may require user confirmation. High-risk actions may require a second approver, a policy check, or a sandbox. This also helps the UI. Instead of a vague “Copilot wants access” prompt, your app can say what the agent is trying to do: “Create a draft renewal email using account notes and usage summaries. No email will be sent until you approve.” That is much easier to trust. Make State Machine-Friendly Agents need to know what state the app is in. Humans can infer state from layout, color, and habit. Agents need explicit markers. For each workflow, expose a state model: not_started collecting_context draft_ready needs_user_review approval_pending committed failed_recoverable failed_needs_human Each state should define allowed transitions. If a task is in draft_ready, the agent may revise the draft or request review. It should not silently commit the result. If a task is in approval_pending, the agent should not keep retrying the action with different wording. This is basic workflow engineering, but it matters more when a language model is planning steps. The state machine keeps the agent inside the product’s rules. Design for Multi-App Coordination An agentic desktop is rarely about one app. The useful tasks cross boundaries: browser, email, calendar, spreadsheet, CRM, code editor, terminal, file system, design tool, ticket tracker, and internal admin panels. Your app should be a good citizen in that larger workflow. That means safe import and export paths, stable deep links, machine-readable activity history, clear resource IDs, webhook-style events, and fewer traps where important work exists only as pixels. Think of your product as one node in a task graph. It may initiate a workflow, enrich it, approve part of it, or provide evidence. The shift is from app-first navigation to agent-first task coordination, with humans still controlling risk and final judgment. Add an Audit Trail Humans Can Actually Read Agent logs are often written for machines. That is not enough. When an AI agent acts inside a desktop workflow, the user should be able to answer simple questions: What did the agent do? What data did it use? Which tools did it call? Which actions were only drafted? Which actions were committed? Who approved them? What changed after approval? How can we undo or correct the result? Do not hide this behind a developer-only trace view. Build a user-facing activity record, then keep the technical trace for debugging. A useful audit entry might say: “Agent drafted a customer renewal summary using account notes, usage trend summary, and support ticket list. No external message was sent. Alex approved the final task creation at 10:42.” That kind of record builds trust because it makes the system inspectable. Use UI Automation as a Fallback, Not the Foundation Windows 365 for Agents and similar computer-use systems are important because many workflows still live in old apps. Agents need a way to inspect screens, automate browsers, and operate legacy desktops. But if you are building a new product, do not force every agent action through pixels. UI automation is useful when no structured interface exists. It is fragile when used as the primary contract. A good architecture uses layers: Structured tools for core domain actions. Context resources for evidence and summaries. Events for state changes and progress. UI automation for legacy screens, inspection, and exceptional paths. Human review for risky decisions and ambiguous judgment. This layered model gives agents power without reducing your product to mouse coordinates. What This Means for Different Developers If You Build SaaS Desktop Companions Many SaaS products now have desktop companions, tray apps, browser extensions, local sync tools, or Electron clients. Treat those clients as agent-facing surfaces. Give them stable local APIs, explicit task states, and clear permission boundaries. Do not make the agent reverse-engineer your UI. If You Build Enterprise Internal Tools Your biggest value is probably not a shiny assistant. It is removing risky manual glue work between systems. Start with approval-heavy workflows such as access requests, support escalation, reporting, onboarding, procurement, or incident summaries. Use drafts, previews, and audit records from day one. If You Build Developer Tools Expose repository state, build status, test failures, issue context, and deployment gates as structured resources. Agents should not need to scrape terminal output if your tool can provide a typed failure summary and a link to the full log. If You Build Consumer Productivity Apps Agent-friendly design still matters. Users may want AI to organize notes, prepare travel plans, summarize receipts, clean files, or coordinate calendars. Keep the boundary clear: what the agent can read, what it can draft, and what it can change. A Practical Build Plan If you want to make an existing desktop app more agent-ready, do not rewrite everything. Start with one workflow. Pick a high-frequency task that users already describe in plain language. Write the goal contract: inputs, tools, output, approval points, and failure states. Create a context pack that contains only the evidence needed for that task. Expose two or three narrow tools for safe actions. Separate draft, preview, approval, and commit. Add a user-readable audit trail. Test with realistic messy cases, not just happy-path demos. Measure completion rate, correction rate, approval friction, latency, and user trust signals. You can run this architecture with Microsoft Agent Framework, Copilot Studio, a custom MCP server, an internal agent platform, or another stack. The tool choice matters, but the workflow contract matters more. How to Judge Whether Your App Is Agent-Ready Use this quick test. For one important user task, can your app provide all of the following without relying only on screenshots? A plain-language task definition. A structured context pack with source references. Typed tools for the main actions. Permission scopes for each action. A preview before durable changes. A clear state machine. A recoverable failure path. A user-readable audit trail. If the answer is yes, your app is much closer to AI-first desktop architecture. If the answer is no, your next product roadmap item is probably not “add chatbot.” It is “make the work legible.” The Real Opportunity AI-first desktop design is not about replacing every interface with chat. Chat is useful for intent, clarification, and review. It is not a complete product architecture. The real opportunity is to build software where humans and agents can cooperate without constant confusion. Humans bring goals, judgment, accountability, and outside context. Agents bring recall, coordination, drafting, checking, and repetitive execution. That is why AI-first desktop app architecture will matter. It is the difference between an assistant that pokes at your product from the outside and an assistant that can safely work with your product from the inside. Microsoft’s Copilot direction is one strong signal. Google, OpenAI, Anthropic, and the broader agent ecosystem are pushing in similar directions from different surfaces. The common thread is that software is becoming more agent-operable. The developers who prepare now will have an edge. Their apps will be easier to automate, govern, inspect, and trust. That is a better goal than being first to bolt on a chat box. FAQ What is AI-first desktop app architecture? AI-first desktop app architecture is a way of designing desktop software so AI agents can understand tasks, access the right context, call safe tools, request approvals, and leave an audit trail. It does not mean every feature must be chat-based. Is this only relevant to Microsoft Copilot and Windows? No. Microsoft’s Copilot, Agent Framework, Windows 365 for Agents, and MCP support make the trend visible, but the same architecture applies to other agent platforms. Any app that may be operated by AI needs structured context, tools, permissions, and review paths. Should developers expose APIs or MCP tools for desktop apps? For new agent-facing workflows, structured APIs or MCP tools are usually better than pure UI automation. UI automation is useful for legacy apps and screen inspection, but typed tools are easier to secure, test, version, and audit. How do you make an AI desktop workflow safer? Separate the workflow into draft, preview, approval, and commit stages. Add narrow permission scopes, require human approval for risky actions, keep a clear state machine, and write user-readable audit events for every important step. What is the best first workflow to make agent-ready? Pick a task that is frequent, structured, and annoying, but not extremely dangerous. Good examples include report drafting, ticket triage, renewal summaries, internal access requests, document preparation, and project status updates. Does an AI-first desktop app still need a normal user interface? Yes. Users still need dashboards, editors, previews, controls, and review screens. The difference is that the UI should share an underlying workflow model with the agent interface instead of being the only place where important work exists. AI-First Desktop App Architecture: How Developers Should Build for Agentic Operating Systems was originally published in Towards AI on Medium, where people are continuing the conversation by highlighting and responding to this story.
- Why a Broken Corporate Culture May Be What’s Sabotaging Your AI Rollout
Better tools can’t fix bad leadership.
Score: 38🌐 MovesJul 11, 2026https://www.inc.com/ash-kumra/ai-tools-arent-the-problem-management-is/91367864 - You can stop using AI, but this new report says you probably can’t escape it
A new UK survey finds that people are deliberately limiting AI use, even as most believe avoiding AI exposure has become difficult or impossible.
- My colleague wanted a nerdy, niche tool for his MacBook. Codex whipped it up in minutes.
My colleague wanted a nerdy, niche tool for his MacBook. Codex whipped it up in minutes. Business Insider
Score: 38🌐 MovesJul 11, 2026https://www.businessinsider.com/openai-codex-niche-macbook-idea-five-minutes-vide-coding-2026-7 - ByteDance Seedream 5.0 Pro Hands-On: Three Directions, 10 Scenarios Tested
A comprehensive test of ByteDance Seedream 5.0 Pro across realism, complex visualization, and design reveals impressive gains in infographic generation and UI mockups.
- In China, parents turn to AI to help children select a university degree
Zhang Qi, a ride-hailing driver based in Guangzhou, has turned to artificial intelligence this year to help his son make one of the most important decisions of his young life: choosing a university degree programme. Like millions of 18-year-olds across China, Zhang’s son recently received his university entrance exam results and had to navigate the country’s labyrinthine admissions system – choosing from thousands of programmes at hundreds of schools. Many middle-class families hire expensive...
- The current bottleneck is political will, not research
Abstract: We already know enough to act. I wish we were in a world where research was the bottleneck, but the main constraint on AI safety is no longer a shortage of clever policy ideas: best practices already exist and are not being applied or enforced, and a serious international (or even just national) regulatory regime would probably cut most of the risk. They are not applied because awareness is low. The people who narrate and enforce AI policy mostly do not believe the problem exists. I estimate that a majority of the top ~100–1,000 most influential policymakers worldwide have never had a single serious conversation about catastrophic risk, and this is the main reason they are not worried [1] . Even among the civil-society organizations that showed up to the UN Global Dialogue, exactly one of the 1,534 written submissions mentions "takeover", and less than 1% mention x-risks. They've never had the conversation because our field under-invests in having it. Status rewards research over advocacy (~3.6 researchers per advocate in US AI safety); many organizations self-censor; funders treat repetition as redundancy, even though repetition is how anyone actually gets convinced. Meanwhile, the industry secured 7× as many meetings with the European Commission on AI as civil society (2023). Therefore, an additional unit of effort does more good through advocacy and engagement than through research. Judge work in AI governance by minds moved , not by clever papers. I give a list of potential directions/projects in the last section to alleviate this problem. [2] We're plausibly only a few years from a catastrophe. Fable 5 cracked open a brief window of attention, but policymakers are still worried about the wrong risks. This is our chance to wake them up. Source: February 2026 Summit on Existential Security survey of AI safety leaders. Advocacy, policy and governance were stated as the top priorities. It seems to me that there is still much to do to act on this. ⚠️ Epistemic status: I have skin in this game, which is either a conflict of interest or two years of data, depending on how you see things: I run a think tank that does this type of activity, so discount accordingly. I preferred to ship quickly rather than not ship at all, or ship too late. I expect some claims not to be stable under reflection, but the core argument is one I hold with reasonable conviction. See this as a bottle in the ocean. My point is not to dunk on research. I think that research is how we keep finding unknown unknowns; nothing in this post argues for stopping it. AI safety is one of the hardest fields to navigate, and I’ve often wondered if what I do is pointless . I might be wrong about the net-positiveness of some types of AI regulations, but I feel that the level of the discourse is really bad, the conversation is not happening, and I want this conversation to happen before irreversible things start happening. Thanks to Epi Gedeon, Arthur Grimonpont, Alexandre Variengien, Jack Stennett, and Jonathan Salter for useful feedback and suggestions. 1 — The bottleneck is political will, not research This section defines what I mean by political will and then argues that we are not applying basic best practices, so having more ideas is clearly not the bottleneck. What do I call “political will”? Start with a single policymaker. They have to move along a pipeline like: Level 0 : aware that serious people think there's a big problem. Level 1 : convinced of AI x-risks. Level 2 : engaged: actively pushing for existential safety. Level 3 : champion: actively pushing for safety even at some cost or in an isolated way "Political will" in the aggregate is just this funnel run across the people who set, enforce, and narrate policy. Spoiler: Level 0 sounds like a low bar. It is. The median meeting I've had with a senior policymaker starts below it. In the international forums I've attended, my rough estimate is that at least a third of the policymakers I've personally met are not even at Level 0. Domestic legislatures are a bit further along: 40 current members of US Congress have now publicly discussed AGI or loss of control, up from a handful in early 2023, doubling roughly every 5.5 months [3] . Those public discussions are at Level 0 or 1. This covers 7% of Congress. At Level 3, I count roughly 3. [4] The best practices we already have are not being applied Unfortunately, red everywhere. https://ailabwatch.org/ . CeSIA will soon publish something more up to date on the Code of Practice. According to SaferAI’s rating , 35% is currently the highest overall assessment score, given to Anthropic. 59% is currently the best overall assessment score if a company adopted all the industry best practices found across companies. Where’s my DNA synthesis screening? DNA Screening is a reasonable, long-advocated measure that was even mentioned in the American AI Action Plan, but is still not mandated. It's the canonical example of how glacially even obvious, relatively low-cost regulatory measures move forward ( global synthesis map ). I like this quote from Buck Shlegeris: " Five years ago I thought of misalignment risk from AIs as a really hard problem that you'd need some really galaxy-brained fundamental insights to resolve. Whereas now, to me the situation feels a lot more like we just really know a list of 40 things where, if you did them — none of which seem that hard — you'd probably be able to not have very much of your problem. But I've just also updated drastically downward on how many things AI companies have the time/appetite to do. " The priority bottleneck is not finding more best practices: I agree we don't know robustly how to align a superintelligence - but at the same time we are not even willing to implement already existing best practices. The 80/20 playbook against scheming may not be enough, but we aren't even doing the 80/20. For example: Anthropic repeatedly accidentally trained against the CoT, demonstrating inadequate processes . [5] Basic measures like transparency are still not applied: companies reporting incidents are more the exception than the norm, and we don't know how AIs are aligned concretely (we have very little confirmed public information about why frontier AIs end up being apparently behaviorally aligned). Most of those best practices are basic ideas that have been on the table from the start. And since companies don’t seem to adopt them under current competitive pressure, implementation has to come from enforcement. I could go on and on with this, but I think this makes the point. We need to go from plan D to plan A: more seriousness and coordination Greenblatt has tried to put numbers on what political will buys. He sketches a spectrum of how hard the world is trying, from Plan D, roughly today's world, where maybe ten people inside each company are trying to implement safety measures, up to Plan A, a strong international agreement with real enforcement and a slowdown. His tentative estimate: conditional takeover risk falls from ~45% (Plan D) to ~7% (Plan A). An ~84% relative cut, almost all of it bought by political will ( Redwood Research ). [6] Obviously, the exact numbers are not the point here: directionally, strong political will and taking the risks seriously would tremendously reduce them. Aligning a superintelligence may well be genuinely hard, and even plan A might be insufficient. That's an argument for more political will, not less: it's what buys the time, and above all, the seriousness that a hard problem demands. [7] P.S. added on the 11th July: This week, the AI Futures Project, Greenblatt included, published AI 2040: Plan A , a detailed scenario of how this could go. The whole thing hinges on a US–China agreement by 2029. The best plan the research community can produce depends on a political precondition we are far from, and I think that there are substantial ways to improve upon the baseline: one of my main critiques has always been that the framework treats political will as a fixed variable rather than a strategic lever. Winning requires a large fraction of the top ~100–1,000 to understand the problem, and we're far from that. There are two funnels that are mostly independent: The belief funnel for policymakers [8] : the Level 0→3 pipeline above, run across the people who actually decide. The public incentive funnel: making inaction politically costly through public salience. Both funnels matter, and I won't adjudicate between them here; but the belief funnel is the one that's barely started, and it's the one the rest of this post is about. Why not just target Trump? Why do we need conversation with the top 100 people? Because Trump is inaccessible directly. Because policy doesn't execute itself, and because you can't reach the top by aiming only at the top [9] . A law is only as good as the office that enforces it, the advisor who drafts it, the minister who prioritizes it, the journalist who narrates it. (This will be particularly true for the AI Act). And you can't reliably convince a president head-on: he is roughly the average of his advisors' views, who are in turn shaped by the media and their environment. There's no robust shortcut around that layer. So the real target is the ~100 who set direction plus the ~1,000 (or maybe the top 10,000 if you can’t access the top of the pyramid) around them: staffers, cabinet advisors, think-tankers, top journalists. If they don't understand the risks, it’s really hard to make substantial progress. For law enforcement. Even when a robust and well-designed law is finally in place, political will remains a major bottleneck for actual enforcement. Without greater political salience around AI risks, it is entirely plausible that the AI Act could result in no meaningful penalties, even in cases where AI providers are plainly failing to comply (e.g., this has been the case with the EU Digital Services Act for social media: barely any strong enforcement [10] ). So the target is not one man but a layer of ~100–1,000 people whose beliefs will decide on the level of political will. 2 — Almost nobody realizes how bad the situation is - hence no political will We won't get governance without agreeing on the problem, and we won't agree without waking up. Unfortunately, we are still sleep-walking. [11] What the people in charge don't believe There is much that I’d like policymakers to know, but if I only get 5 paragraphs, I think it would be the following high-level ideas (obviously, not necessarily written like this): Superintelligence is a very real possibility. Most decision-makers are busy regulating bias and deepfakes, even while the open secret is out: AI companies are openly racing toward systems more capable than humans across the board. It's near, not sci-fi. The people building these systems put transformative capability within a few years. This sense of urgency is largely absent from AI policy. And that’s a problem because nobody prioritizes a problem they expect to arrive after they've left office. Companies themselves can't robustly control it, and don't even claim to. The implicit belief in the room is "surely the people building it know how to make it safe." It's false. Companies have never claimed to have solved superalignment. They made very public announcements that it was still unsolved. Recursive self-improvement changes the whole picture. With RSI, everything accelerates, including risks such as mirror life, interestingly lethal pandemics, and large-scale cyberattacks. [12] No one else is handling this, and the tail is mass death. There are no hidden adults in the room, and we are completely in the fog, operating under wide uncertainty. Risk of loss-of-control or engineered pandemics, with a large fraction of people dead in expectation, is very much on the table. Sadly, these five beliefs are almost completely absent in the rooms where AI policy is made. It will be hard to mitigate the risks of a problem that you don’t name. The NGOs are wildly misprioritizing We scraped the submissions of the UN Global Dialogue . Out of the 1,534 UN Global Dialogue submissions: [13] "cyber" appears in 518 of them (~34%) but only 32 talk about biorisk (~2%) 15 mention "superintelligence" (~1%) 15 "artificial general intelligence" (~1%) and exactly 1 mentions "takeover" (~0.1%) So, yeah: almost no one talks about the risks that matter most, even among the organizations that showed up to an AI-governance consultation. The public is still apathetic, and when prompted, mis-prioritizes Salience is low but rising: Prompted concern about AI risk is rising (when you ask: "what do you think about AI?"), but top-of-mind salience remains very low (when you ask: "what's on top of your mind, dear citizen?"). In most general issue-priority polls, AI barely appears as a category, and it is discussed far less than inflation, purchasing power, immigration, jobs, health care, crime, or security during elections. [14] The good news is that this top-of-mind salience, while still low, is climbing fast . But don't say 'alright' too fast: Within AI risks, catastrophic risks lag behind : conditional on talking about AI, catastrophic risk sits below near-term concerns, though the gap is modest. [15] But not being in first place has a cost: the main AI risk prioritized at the last G7 was child safety, and loss of control didn’t make it into the ministerial declaration of the G7 (cyber and CBRN made it finally; that’s a positive development). 3 — Why is awareness so low? Sections 1 and 2 were about the world: the bottleneck is belief among the people who decide. This section is about us: if that's the bottleneck, why isn't our field attacking it? This is the meat of my critique. There are a few factors we don't control: Nothing legible has happened yet (Terrible things arguably have; just nothing the public could see that would point to catastrophic risks) [16] Trump. We haven't had much time so far - ChatGPT was released only 4 years ago; we just need more time A few groups of smart people (e.g. Yann LeCun and his friends, many economists, etc.) disagree with us. States feel pressure to accelerate; the Draghi report makes them hate regulation, even if Europe was already lagging before the AI Act. Incentives. It’s super hard to coordinate on a dual-use, economically vital technology. Some people say all of this is absolutely determined (cf, The future of AI is already written | Mechanize, Inc. ) But I think that beyond those factors, we are simply under-investing in engagement & advocacy . So here are a few elements that explain why we are not on the ball: We're not in enough rooms A large majority of the people who organize the summits, sit at the UN, work for the OECD, or staff the Commission have simply never had the conversation (to be clear, some of them had the conversation and dismissed it). According to Corporate Europe Observatory , of 97 senior Commission meetings on AI in 2023, 84 were with industry, 12 with civil society, and 1 with academics; Google alone had 10, nearly matching the total for civil society combined. [17] If we won't name the risks, who will? Even when we are in the room, we self-censor. In October 2025, Yoshua Bengio posted about the first Key Update to the International AI Safety Report. Connor Leahy replied : "While I highly respect Yoshua and the titanic effort that goes into compiling such reports, it is disheartening to see the complete absence (even downplay) of discussion of superintelligence, existential risk and loss of control." If the people closest to the problem self-censor, the signal never reaches the deciders. I've found empirically that almost all the think tanks whose members discuss x-risks freely with me obfuscate their messages in public. I also did, and still do to some extent, at CeSIA. For example, we recently revamped our website, and at some point someone convinced us to remove the risk page. I now think this was an error, and that even if we look a bit more institutional without it, we're losing in the long term. A larger example, where I was nearly complicit myself: a joint submission to an international consultation from around ten civil society organizations, most of which had signed the Global Call for AI Red Lines. The final text names no specific risk at all. Not even cyber. The reasoning was pretty sophisticated: the document was meant as a door-opener, and the worry was that naming a risk high officials might disagree with would get the whole letter dismissed before anyone read the rest. CeSIA was invited to co-sign. I went back and forth for two weeks, pushed to name the risks, and in the end we declined to co-sign and submitted our own, explicitly naming the risks. I want to be fair here: these were thoughtful people making a defensible bet about a specific audience. But there is a pattern: a coalition of organizations that privately take catastrophic risk seriously produced a public document that refers repeatedly to "shared understanding of unacceptable risks" without ever naming the one that matters most to them. To be clear, there are multiple schools of thought on institutional engagement, and I still think it sometimes makes sense not to be maximally blunt about AI risks in a first meeting with a policymaker (say, if you can get a win with a recommendation that doesn't depend on understanding catastrophic risk). But overall, I've been surprised by the relative absence of risk explanations in major think-tank submissions. An elegant option for organizations that believe in the risks but won't name them publicly: use your convening power to invite researchers who will: Have you heard about AI Safety Connect ? I’d bet most people on LessWrong have not - but I can tell you that the team working there is doing heroic coordination work. They organized very large side events during the series of international AI summits and created some space for the community, while inviting people outside the field who have to sit down and listen to Yampolskiy’s 99.999% Doom argument. Some policymakers were shaken after the event. Hilarious and effective. – from the Invisible side of AI governance . Status rewards research; the work that moves policy goes unrewarded US AI governance has roughly 3.6 researchers per advocate [18] . Research is high-status; the work that moves policy is often invisible and unrewarded. And think tanks are often evaluated by nerds with research instincts whose hobby is often reading blog posts and fascinating new arguments. There is no h-index for minds changed. Obviously, research is safer to fund, and its downside risk might just be wasted effort, whereas the standard argument is that advocacy can backfire, for example by making AI policy partisan or locking in a flawed regulatory regime. But look: AI policy is already partisan, and we are already in a flawed regulatory regime. Let's be clear: More research is the right call for genuinely open questions, such as digital sentience. The error is applying it to risks we already understand well enough to act on, in which further study becomes a form of avoidance. Most likely, no one will read your 50-page paper. I don't know why CAIP, one of the few AI policy shops in Washington, didn't get funded . Its strategy looked sound to me, the numbers impressive, and the director's LessWrong sequence was early and didactic on many of the points in this memo. [19] Meanwhile, applications to safety programs have multiplied many times over. Still, there's no lobbying pipeline, few execution seats (per the MATS talent study ), and the ecosystem might not be scaling adequately to absorb this talent. One exposure is not enough; repetition is how you convince Humans are not superintelligences; they rarely update immediately in response to evidence. Changing opinions takes time; even the numbers from the best methodologies are sobering. Broockman and Kalla's deep-canvassing study found that ten-minute doorstep conversations produce only ~0.08 standard deviations of attitude shift, roughly nudging someone from "somewhat opposed" to "slightly less opposed," not from opposed to supportive. Deep canvassing is the gold standard. By contrast, brief campaign contact has nearly zero effect on voting choices. [20] If extended, personal, face-to-face conversation with motivated people is the most effective persuasion format we know, and it moves the needle so little, then what should we expect from a 30-minute meeting with a minister's chief of staff who has twenty other priorities? The answer is almost nothing. Single conversations cannot be the plan. Repetition is how you get things done: by slowly growing salience in the ecosystem, doing the invisible work of agenda-setting or coalition-building, to get independent voices amplifying others. The number we currently deliver to most policymakers is zero. Agenda-setting research (McCombs and Shaw) shows issues need repeated appearances across multiple channels, from multiple actors, before they become priorities. I often won’t listen to a problem that’s raised to me unless I get the same message from an independent source. In research, novelty is the main value. In governance it's almost the opposite: several people pushing the same thing, independently, is what works. Authority arguments like: “This respected person also pushes for this” are how to get things done. I'd most like funders to stop treating redundancy as a reason not to fund AI governance work. [21] (Consider this post my own Level 0 conversation with the field. The model predicts I'll need to repeat it two to four times). The field is comically small Many times, senior people told me, "that institution is already covered," and then I'd find near-virgin land. Coverage, on inspection, sometimes means one person gave one talk there in 2023. To my knowledge, CeSIA was the first org to present (privately) on loss of control in 3 major international institutions. [22] That's why I think we are dropping the ball at the ecosystem level: the work is so under-resourced that one small team keeps finding itself first. And there are still massive low-hanging fruit everywhere. Being outgunned by industry is only half the problem: the entire field is undersized against any comparable effort. As of COP 30 in 2025, the UNFCCC has admitted 3,907 NGOs as observers , and Climate Action Network alone spans more than 2,500 organizations across over 150 countries. AI safety governance has roughly 45 non-technical organizations and ~500 people, most founded in the last five years ( McAleese 2025 ). To my knowledge, fewer than 5 core AI Safety organizations engage with the UN in some fraction of their time (note: not counting what’s happening at the UN Global Dialogue). That's two orders of magnitude smaller than the field that fought climate change [23] . (And remember that only about a fifth of those ~500 people are knocking on doors rather than researching. [24] ) I'd say that in France, maybe 5 people are meeting policymakers and journalists in total (while juggling an insane amount of work). Not more. Is this sufficient to wake up a whole country? I'm not sure the number is much higher when counting people working in Brussels who are willing to talk candidly about risks. [25] (I’m less knowledgeable about what’s happening in the US, so maybe I’m overindexing on my experience) The main objection: Let’s just wait for a warning shot? I don’t think this works. Maybe the strongest counterargument to all of this is that the slow advocacy work doesn't matter, because the evidence will eventually speak for itself, whether through a crisis or an event like Mythos. In most other fields, the safety regime arrived primarily after a disaster: aviation after a string of crashes, nuclear after Three Mile Island. So why not wait for AI's equivalent? Because, first, a crisis is partly constructed. A warning shot is just an event; it becomes a regulatory moment only if the environment is ready to notice it, and channel it into concrete regulation. Holly Elmore explains why we can't just wait for the cavalry : for a warning shot to update someone, three things must hold at once: a) the event provides information they already believe would confirm AI is dangerous, b) it does so in a quickly recognizable way, and c) it points at an obvious next action. Notice the word already. People need the dominoes pre-loaded: from capability to dangerous capability to short timelines to, finally, catastrophic risk without meaningful action. Otherwise the event means nothing to them. For example, the AI Safety community broadly agreed that observing deceptive alignment would be an "absolute shut-it-down moment." Then Anthropic published the alignment-faking paper , and within days experts were debating whether it counted as the warning they'd imagined, and the moment dissolved. The smoking gun, if it fires, won't fire cleanly. This is also why I'm skeptical of the view that technical evidence converts more efficiently than advocacy. Even one of the best strategies for political will, catching an AI red-handed , is probably unreliable. Yes, if this happened clearly, this would move political will faster than any realistic number of ministerial meetings. But first, the catch would need to be converted in a legible way to the media, and even if it comes, it probably won't be legible enough to convert decision-makers, and it may arrive only once development is too rushed and positions too entrenched to act on (Greenblatt, " How will we update about scheming? "). Anecdotally, I've felt this in miniature . I've shown someone an impressive video (to me) of a new robot. I expected "wow, amazing" and instead got "it's so slow and clunky, what are you talking about?" People don't see how insane it is that this already exists, and forget all the magic necessary for sand to process this information in the first place; the evidence is right there, and it slides off. Mythos confirmed this again. In my own ministerial-cabinet meetings, it helped with tangential risks like cyber, but people stopped there, and even then I was met with "isn't it just hype?" Most policymakers didn't wake up. They remained suspicious of Anthropic, and in every meeting since Mythos, I've had to be the trusted person in the room, saying, "Yes, Anthropic is very good at marketing and the raw capabilities are somewhat inflated… but the underlying trend is real." Beyond Mythos, I claim in this post and this comment that we probably won't get convincing-enough warning shots before crossing the event horizon. I agree that to some extent, Mythos, and the Anthropic–White House meeting that followed, did more for political awareness (on Cyber) than the work of every CSO combined. Maybe. But the missing mood is still there: the executive order almost didn't pass, the provisions remain fragile, and they still don't touch the risks arriving next: bio, loss of control. To the contrary, we got a big push for sovereignty in the EU, and safety feels even lower on the list of priorities. When people in charge of AI in a government don't know what a jailbreak is, that should be informative of where we stand, to put it mildly. I hope it will become easier and easier to talk about risks as AI becomes more capable, but I strongly feel that we shouldn't just wait for a crisis. Mythos is already behind us. Let's not wait for something else to happen: it's now or potentially never. Other potential objections Objection 1: "Policy now risks premature action that locks in the wrong frame." This is roughly Dean Ball 's position. He takes superintelligence relatively seriously, but thinks a bias to action produces bad lock-in, and that the US government is incompetent and self-serving enough that light-touch regulation is the safer bet; his confidence threshold for intervention is much higher than mine. But the main crux is obviously the p(Doom): in the Tegmark–Ball debate , I lean heavily on Tegmark, and the disagreement boils down to Dean's low p(Doom). If expected takeover risk is about a coin flip, the risk of inaction dwarfs the risk of lock-in. Objection 1b: Another backfire objection appears in On Pessimization , by Richard Ngo: awareness-raising pessimizes when advocates lack concrete proposals, and then the energy flows into negative spirals, such as racing and creating new labs like OpenAI. I agree to some extent, but the main failure mode is awareness without asks. Fortunately, we now have many clear asks ready to go today, with regulations soon to be enforced in need of support (e.g., the Code of Practice of the AI Act, and some state regulations). Objection 2: "If we're seen as advocates, we lose our seat at the table." Ok, this one is real, and I feel it personally: part of why we get invited into technical and diplomatic rooms is that we're perceived as a serious organization ™. There is a glass ceiling for purely advocacy organizations in international institutions. Two responses: First, this is an argument about who does advocacy and how , not about the aggregate allocation in the field: mature policy fields differentiate inside voices and outside voices . Second, I believe there are elegant ways to present the dire situation we are in , and the cost of talking frankly has been greatly reduced today, given all the public statements and recent developments with Mythos/Fable. Objection 3: "Political will is low now, but it will rise on its own (as in AI-2027, where governments wake up late on their own), so the real bottleneck will be the verification mechanism when the time comes." Political will probably won't rise quickly enough on its own, and this doesn't exclude advocacy now. And I think basic verification mechanisms are already good enough to get started (see here ); waiting for political will to rise on its own forfeits the preparation that determines whether a later crisis converts. Objection 4: " SuperPACs in the US are already doing this at scale." Good! But they're aimed at the general public to shape elections, and they rarely reach the ~100–1,000 decision-makers who can make the real difference. Objection 5: “Policymakers have heard about AGI and choose to dismiss it.” Dean Ball made this point after the Delhi Summit. He says that in global policy circles, talking about powerful AI is considered impolite, even a little discrediting, because “AGI” is heard as an American imperialist construct. But Ball himself changed some minds in Delhi with a report in hand. And if the dismissal comes from distrust of the messenger, I believe this is an argument for advocates independent of American labs, not for more papers. 4 — What to do Naturally, I'm more confident about the problem than on the solutions. This section is more speculative. A. Do the direct work The bottom line: talk to more people! Knock on the doors of media, policymakers, and influential institutions, and keep knocking. Both the level of investment in advocacy & engagement with stakeholders and the allocation away from pure research have to change. Judge this work by the number of minds moved. A rough back-of-envelope: US AI-governance work currently runs at something like the ~1:3.6 advocates-to-researchers ratio documented in Section 3. I think it should be closer to 1:1, maybe even 3:1. ControlAI did a good job creating the playbook for the outsider game ( the Direct Institutional Plan ). Here’s my tentative playbook for the insider game . [26] Samuel Buteau, alone at ControlAI, followed the playbook for the Canadian Parliament, formed a cross-party group of MPs who publicly signed the statement, and triggered a series of parliamentary hearings on superintelligence risk ( Canada Campaign Statement | ControlAI ). It seems to work! Contribute to open consultations A cheap way to contribute is to submit to an open consultation. As we saw in Section 2, almost nobody raises the risks that matter most in these consultations, making a marginal submission unusually visible. If you want more people to talk about what matters to you, submit something in the next such consultation. Advocacy aimed at AI lab employees CEOs have an insane level of access to Heads of State, so getting them to speak more candidly about risk would be unusually effective. Employees are among the few people positioned to create the internal pressure that shifts what a CEO is willing to say. They can sign internal and public statements, push for stronger commitments, dissent on the record when safety pledges are quietly weakened, or even quit with a viral tweet when it's time to speak up more loudly. I think this is probably high-leverage. Explain what you truly believe instead of just making a brittle recommendation A recommendation adopted without its underlying rationale is quite brittle: the moment it's inconvenient, or the situation changes, no one downstream can defend it because no one truly understands why it's there. Also, making good recommendations is (very) hard, takes time; if you say something dumb, you lose credibility. There is no universal rule here, but I'd lean towards an environment where policymakers are exposed to the risks worldview rather than one where they receive only shallow recommendations that do not generalize. B. Build the credibility infrastructure Prepare to own the next crisis As I argued above, a crisis only converts if the ground is already prepared. So, concretely: have the analysis and, most importantly, the relationships ready before the event lands. I tried to convert as much as possible from within CeSIA in the Mythos moment, but we made mistakes and were too slow. We need to be more prepared. For example, if at some point we get clear architecture using Neuralese in production [27] , I predict it won't be clear at all to the media why this is bad - and this requires a lot of awareness-raising and explanation ahead of time that I'm not seeing much of. Pre-register what you expect to see I think safety people should win Bayes points and credit for being early, but we're not really getting those points. The fix is to state publicly and collectively, before the event: "this specific observation will happen." If the event lands, you point at the registration and, hopefully, you get listened to a bit more carefully. If you work in AI governance, make your worldview public; it's an investment (on top of enabling us to discuss and engage with each other). We could have won a ton of points when AI started eating Erdős problems. Track the skeptics' predictions This follows the previous point. Some skeptics won't be moved, and that's fine; the goal isn't unanimity. You don't have to convert the irredeemable; you have to make their claims progressively less credible to the people watching, by being the side whose predictions are borne out over time. Luc Julia, the second most prominent skeptic in France after LeCun, never changed his mind, but Mr Phi, a prominent French YouTuber, made a very visible video showing that several of his claims were factually false, and it stuck and went viral. We need more of this type of analysis. C. Communication at scale Viral communication Obviously easier said than done, but viral comm can be hugely effective, and there are ways to manufacture it. AI-2027 and Europe-2031 [28] reached some of the relevant 100–1,000 stakeholders. We should make more of these: tune each one to a different constituency (national security, EU competitiveness, labor, biosecurity) while carrying the asks on the Pareto cheapness/effectiveness frontier. Break the "sci-fi" stigma Yes, superintelligence and human extinction sound like sci-fi, but those concepts are the actual variables driving the risk. If we hide them, we prevent the Overton window from shifting at all. So we need intentional strategies to normalize these conversations. The CAIS statement and the superintelligence statement were good first steps. I think that more is possible in this direction. [29] Invest in coordination mechanisms between AI safety advocates The task of industry lobbyists is much easier than ours because they are aligned in what they ask for: they all want less regulation. By contrast, AI safety advocates are often far less united in their demands. We could coordinate around a few shared demands to create a voice that's actually unavoidable at the UN Global Dialogue and other summits, rather than arriving, as we do now, as scattered voices. This is what the International Campaign for the Abolition of Nuclear Weapons (ICAN) did: it got hundreds of organizations to say one thing (ban them) until it was on the agenda, and won a Nobel Prize for it. Concretely, this means being willing to move toward a common ask rather than holding onto my own variant. Be it the IAEA for AI, specific red lines, or anything else. We should have this discussion publicly. The specific ask might matter less than the convergence: whatever we choose, the value is in saying it together. Over 200 of the 1,534 submissions to the UN Global Dialogue spontaneously call for “ red lines ” [30] . CEOs have recently asked for international standards , and for an IAEA for AI . An IAEA for AI sounds utopian until you remember the actual IAEA was built in four years by people who had just finished bombing each other. Maybe this can be the basis for coordination. [31] D. An opinionated list of research directions that I find most useful I started drafting this post under the title "Political Will, Not Research," and softened it to "the current bottleneck" for a reason: some research bears directly on the bottleneck. Here are a few directions: Research on how to convince people of the problem. If the bottleneck is understanding, then how to build understanding that converts is itself a neglected research question, and it seems almost nobody studies it systematically. Seismic's report On the Razor's Edge: AI vs. Everything We Care About (2025) is a start, and its findings are counterintuitive. It might be the case that the vast amount of advocacy to date was for nothing, and the best strategy is " issue bundling ," where people reach AI-risk concern through what they already care about (see, for example, job loss or mental health), and only then talk about catastrophic risk. But it's nearly the only systematic work I know of, and we need far more: What actually moves a cabinet advisor from "cyber" to "loss of control"? Which framings convert? CeSIA had to experiment from scratch, and that’s probably the same for many orgs. Research that helps turn will into requirements . Prioritizing the asks the AI Office should make of companies, and the risk-modelling methodology to hold them to it (argued in A Call for Better Risk Modelling : this is urgent since CoP enforcement starts on August 2); auditing the thresholds and mitigations companies publish, continuing what AI Lab Watch has been doing ( OpenAI's red line for AI self-improvement is fundamentally flawed ); operationalizing and harmonizing red lines across jurisdictions ( AI Red Lines: A Research Agenda ), or the recent draft treaty proposal signed by a coalition of international experts. Research that measures the progress in political will. The effect of advocacy is mostly illegible. [32] But even if the causal chain is hard to be sure of, we can still measure the aggregate effect, and potentially fund more METR-graph-for-policy, like the AIPN tracker cited in Section 1, and better understanding of what’s happening under the hood. Research that creates demonstrations of risks. Model organisms like agentic misalignment: I use this paper in all my presentations to policymakers now - I think that it is the best paper to demonstrate that frontier models could be dangerously unaligned, which is still one of the main bottlenecks (if not the main one), for AI risk to be taken seriously and prioritized accordingly. I thought in the past that we already had enough risk demonstration (Sleeper agent, alignment faking, Mecha Hitler, ChaosGPT...) but no, this is really a substantial improvement. Engineering that makes "yes" cheap. Factorize technical mitigations across labs: a shared, off-the-shelf library of safety techniques (constitutional-classifiers-style) that Chinese labs or Mistral could adopt seamlessly. [33] Research that could flip the strategy's sign. Advocacy without red-teaming is how you lock in the wrong ask: Human takeover might be worse than AI takeover . I'd like to fund the research that proves this post wrong and tells me what to do instead. There is no shortage of such cruxes [34] . Addendum Two closing notes on why I expect this thesis to become more true over time. Political will is (or will be) the bottleneck for nearly every cause, not just AI safety Don’t take all of this personally; AI Governance being slow is not an AI safety-specific concern. Ok, yes, to some extent, political will being the bottleneck doesn't apply to causes that are still genuinely researchy with no clear ask, where "keep doing the research" is the right call. But for most causes with a known ask, the constraint is coordination and political will, not more analysis. I see some people in the ecosystem starting to take space governance seriously , and writing about this. Yet the UN has worked on it for roughly fifty years, and I don't think the community has started ngaging with the UN on this. [35] Same for power concentration: if politicians were AGI-pilled, they would act much more rationally around this. [36] (This probably won’t happen in the short term, and it should only be considered after we handle AGI, but getting politicians to be more rational, scale-sensitive, and epistemologically sound in the long term would, in general, be incredibly useful and beneficial for society.) We can automate the research, but not the consensus AI will clearly accelerate technical safety work, and even governance inputs . I expect AI to be good at finding ideas at some point and to become excellent at forecasting . But it seems, empirically, that people don’t care about forecasts; they don't care that top forecasters with a good track record, like the authors of AI-2027, are raising the alarm. AI won't, by default, be able to accelerate agreement, consensus-building and human engagement. Consensus is a human process, and it scales differently than research does. So, as automation reduces the research bottleneck, the human-coordination bottleneck becomes even more important. ... So yep, that's bad news for us introverts; we'll have to engage with the external world at some point. ^ (not disagreement after consideration, but absence of the conversation itself) ^ This isn't the first time LessWrong has heard the case for reallocating toward advocacy. The post “ Instead of technical research, more people should focus on buying time ” made a version of it in 2022, and the community's verdict was that outreach backfires when done poorly, and that indeed it will be done poorly ( Wentworth–Larsen ), and this was probably reasonable on the evidence of the time; Katja Grace diagnosed the underlying aversion the same year. Then, that verdict has been reopened: MIRI pivoted its entire strategy toward communications, Ruthenis argued in 2025 that awareness is the bottleneck, and gave up on policymakers, which I'll dispute below. What the reopening has lacked is concrete evidence from inside the rooms. That's what I try to add: a model of what advocacy produces (the funnel) with 2 years of insider experience across European and multilateral institutions. ^ It would be nice if this law was as solid as the METR’s doubling trend of AI capabilities. ^ Senators Hawley and Blumenthal introduced the AI Risk Evaluation Act , a mandatory pre-deployment evaluation of frontier systems for loss-of-control and scheming behavior, with penalties, and Hawley did it while his own party's administration was pulling the other way. Bernie Sanders talks about superintelligence and introduced a recent bill. I might be forgetting other initiatives. ^ Chain-of-thought (CoT) is the model's step-by-step reasoning trace. One of our better safety hopes is that we can read it to catch misbehaviour, but that only works if labs don't optimise the CoT to look good, which destroys its faithfulness as a signal. Anthropic has acknowledged inadvertently training against the CoT on more than one occasion. Doing it by accident is exactly the kind of basic process failure that should be easy to avoid. See the AI safety Atlas for an explainer on this. ^ Note that I value Greenblatt’s opinion since he has an excellent track record of forecasting AI capabilities. ^ (Note that we don't need to skip from Plan D to A to get substantial improvement - we can also push continually along the spectrum of political will, where each increment gets a worthwhile improvement) ^ (and people who wield power, which includes some people in AI companies) ^ (at least, if you have the time to read this) ^ Enforcement is a crude lever compared to a request for information and can also introduce adversariality into the relationship with the provider, so it is not entirely surprising to see that the Commission is very careful when using those powers. ^ That’s not surprising considering that even at NeurIPS, the biggest gathering of AI researchers in the world, a third of the AI researchers don’t know what AGI stands for , but yeah, we are nowhere near. ^ I now think that loss of control is probably more urgent than biorisks. See this analysis from PourDemain. I think loss of control is orders of magnitude more likely than irreversible x-risks from AI-enabled pandemics, even if both are probably already at intolerable levels. ^ We matched on exact strings. ^ When people are asked about AI directly, they often express concern; but when they are asked what political issues matter most, AI risk is usually absent or marginal. Concretely: YouGov's "AI will negatively affect society" rose from 34% (Dec 2024) to 47% (June 2025), yet AI does not appear at all in Pew's 24-item ranking of top national problems (Feb 2025) and sits near 1% in Gallup's open-ended "most important problem." ^ And the comparison is cross-pollster rather than head-to-head (no single neutral poll ranks them against each other). Pew (Aug 2024) finds people "highly concerned" about misinformation (66%), loss of human connection (57%), job loss (56%) and bias (55%); a separate YouGov poll (June 2025) puts concern about AI-driven human extinction at 43%. ^ Did you know that the Mexican government has already been hacked by an unattributed hacker using Claude? (Bloomberg, Feb 2026) It seems that, in an authorized red-team test, a frontier model reportedly compromised most of the NSA's classified systems within hours ( NYT ). The fact that this is not the top story in the world is also revealing about the information ecosystem. But again, this is not really a factor under our control, and I argue in this post that convincing warning shots are unlikely . I come back to this in the sub-section “ The main objection: Let’s just wait for a warning shot? I don’t think this works.” ^ There are more lobbyists working on the EU's digital files (890 FTE in 2025) than there are MEPs (720). (Corporate Europe Observatory, Big Tech lobby budgets hit record levels ) ^ 202.5 vs 55.75 FTE, Green-Lowe / CAIP, An Activist View of AI Governance , 2025; author's estimate. ^ I don't know the grantmakers' specific reasons, and they may have been good ones. But I have the feeling that the ecosystem's revealed preference is that a new research org is easier to fund than an advocacy org. ^ In advertising, the exact threshold of repetition has been debated since Krugman's 'Why Three Exposures May Be Enough' (1972) — two, three, four? — but the general effect is well established. ^ (or at least to reduce this parameter in their weighted factor models) ^ I cannot name them publicly, but DM if you want private proof. ^ The comparison is loose; UNFCCC observers also include industry groups and all kinds of NGOs, while I'm counting only non-technical AI safety organizations (which is also generous in some respects). Regardless, I think that even with heavy discounting, the gap is enormous. ^ Remember also that the environmental movement is over fifty years old. Rome wasn't built in a day. ^ Michael Dickens's 2025 donor review also concludes advocacy is far more neglected than research and that the few advocacy orgs do not get much grantmaker support. ^ The insider game has documented integrity costs, and there is also a missing mood ( Integrity in AI Governance and Advocacy ). But I also think that it can be done correctly. E.g., I don’t think the most effective strategy is necessarily to open with the full Doom argument, and there are many strategies that lead to effective results and indirectly lead to more political will. ^ Why are Neuralese bad? See this: Chain of Thought Monitorability: A New and Fragile Opportunity for AI Safety ^ I’m not sure Europe2031 was net positive. See . ^ Maybe a wild proposal, but one way to bypass institutional stigma is to create safe channels for civil servants, policymakers, and lab insiders to express what they already think privately. Maybe organizing anonymous joint statements? ^ I must now admit that we should have pushed harder to explain the risks during the red lines campaign: removing the detailed explanation from the FAQ was a mistake. ^ The article " diplomacy on a deadline " explains how, historically, we were able to negotiate treaties quickly. Spoiler: feeling a sense of urgency helps tremendously, among other things. ^ “A lot of semi-invisible, ongoing-over-years, and hard-to-definitively-attribute work has gone into many of the policy 'successes' of recent years. And sometimes part of the difficulty in attribution is actually down to things like the social proofing of multiple groups providing independent evidence and testimony that adds up to a credible body of expert input on a topic.” – source , Seán Ó hÉigeartaigh ^ It's been more than a year since the constitutional classifier paper was published, and there is still no ready-to-use library. This is a coordination failure because the same work is duplicated over and over, and because this is currently one of the most effective strategies for reducing misuse. Currently, a small team in each lab might be tasked with reimplementing the best mitigation strategies (which include CC), and safety teams at smaller labs are often just a handful of people. If this library were maintained and updated as new vulnerabilities emerge, my guess is that it would free up a lot of time for safety teams across different labs. This is high-leverage because it would raise the floor for the whole ecosystem. ^ See Zvi's Crux List for much more than you have ever asked for. ^ More generally, I think that our community has a tendency to ignore the ecosystem and work in silos, disconnected from the institutions and international fora, while that’s where the governance discourse happens. ^ Yes, politics is the mind killer, but only because smart people disengage from it. This is a hyperstition that needs to stop. Discuss
Score: 35🌐 MovesJul 11, 2026https://www.alignmentforum.org/posts/EexsebbYhbe2gXkPP/the-current-bottleneck-is-political-will-not-research - Rackspace: Painfully Slow AI Cloud Shift
Rackspace: Painfully Slow AI Cloud Shift
Score: 35🌐 MovesJul 11, 2026https://seekingalpha.com/article/4921311-rackspace-painfully-slow-ai-cloud-shift?source=feed_all_articles - A popular new platform gives you lifetime access to GPT, Claude, Gemini, and more for $60
ChatPlayground is a new platform that gives you lifetime access to 20+ AI tools and lets you compare results
Score: 35🌐 MovesJul 11, 2026https://mashable.com/tech/july-11-chatplayground-ai-unlimited-plan-lifetime-subscriptions - Google may finally ditch Samsung’s modem in the Pixel 11, and Tensor G6 could be better for it
Google’s Pixel 11 FCC paperwork contains a MediaTek reference, suggesting Tensor G6 may abandon Samsung’s Exynos modem in pursuit of better battery efficiency and stronger everyday connectivity.
- Church of England to roll out AI guidance for vicars
Church of England to roll out AI guidance for vicars The Telegraph
Score: 33🌐 MovesJul 11, 2026https://www.telegraph.co.uk/news/2026/07/11/church-of-england-roll-out-ai-guidance-vicars/ - Zetwerk Cofounder Rahul Sharma Steps Into Non Executive Role To Launch AI Venture
IPO-bound contract manufacturer Zetwerk’s cofounder and managing director of its precision business (electronics), Rahul Sharma, is transitioning from an executive…
Score: 31🌐 MovesJul 11, 2026https://inc42.com/buzz/zetwerk-cofounder-rahul-sharma-steps-back-from-executive-role-to-launch-ai-venture/