TheRegister

Irish Rail has quietly written off €50 million on a troubled train traffic management system that now appears headed for the same graveyard as many ambitious public-sector IT projects before it. The State-owned rail operator no longer has confidence the new Traffic Management System can be rolled out across Ireland’s rail network as originally planned, according to reporting by The Irish Times. The system was supposed to modernize how train movements are managed nationwide as part of the wider National Train Control Centre project. Instead, the project has become the latest addition to Ireland’s increasingly crowded museum of expensive state IT mishaps. Irish Rail has now reportedly reduced the carrying value of the asset by €50 million in its 2025 accounts, after years of delays, technical concerns, and apparent doubts over whether contractor Indra can deliver a workable system at all. The system was initially expected to cost less than €20 million and launch last year, before the usual gravitational forces affecting large public sector IT projects took hold. The controversy quickly landed before Ireland’s Public Accounts Committee, where lawmakers sounded distinctly unsurprised to discover another large public-sector technology project eating tens of millions of euros. John Brady, chair of Ireland’s Public Accounts Committee, called the situation “quite simply unbelievable” and questioned how the project had been allowed to “slowly drift, with more and more public money being spent every single day.” Brady also warned the failure could have broader implications for Ireland’s rail expansion plans, raising “massive questions about the governance, ministerial oversight and financial control in place on the project.” Aiden Farrelly, an Irish Social Democrats politician who sits on the PAC, said the debacle created “a growing sense of Groundhog Day” around Irish public sector IT projects. “While more information has yet to emerge about this specific case, it’s fair to conclude that, when it comes to IT projects, the State simply can’t manage them,” Farrelly said in a statement. Farrelly also called for greater involvement from Ireland’s Office of the Government Chief Information Officer, arguing the agency should play a more hands-on role overseeing major state technology projects rather than leaving accountability entirely to individual public bodies. Meanwhile, Sinn Fein’s Pearse Doherty called the writedown a “national scandal” and accused the government of treating taxpayer money “as if it were Monopoly money” during a heated Dáil exchange. The Public Accounts Committee is now expected to summon Irish Rail, the National Transport Authority, and government officials for further questioning over the potential collapse of the project. The timing is awkward for Ireland’s broader rail expansion ambitions, which already face mounting scrutiny over costs, delays, and delivery risks across projects including MetroLink, DART+, and the perpetually delayed Navan rail line.®

EPISODE 10 Sigh. The Boss has written an app and is quite pleased with himself. The higher-ups are even more pleased because it apparently saves us money. They're so pleased, in fact, they're mandating that it be installed on Company phones. The Boss writing an app in the first place is a red flag so large it could claim a world record, but it gets worse as he wants us to help sell it to the plebs. The PFY and I aren't having a bar of it as there's a fair chance that he's reinvented the wheel – after making it "better" by removing all those pesky curved bits. I've deliberately not asked to look at the source code, as I expect it'll be 40,000 lines of improvised (not interpreted) BASIC. "I used AI to make it," the Boss offers. Ah. Initially I'd thought the Boss must've watched a bunch of YouTube videos on programming, but I now realize that his laziness gene kicked in early and he's been "vibe-coding." The horror! I upgrade my mental picture from "blind leading the blind" to "incompetent leading the blind – through a minefield. In the dark. On pogo sticks." "It's got AI in it!" the Boss whines, after the PFY and I express our doubts. "So have the words failure, and painful, and brainless," the PFY points out. "Maybe, but this is the perfect synergy of..." "Salt and vinegar?" I suggest. "What?" "Perfect synergies – a prime example of which is salt and vinegar," I reply. "Or muesli on ice cream," the PFY adds. "I mean new synergies," the Boss chips back. "Ah, like salt and vinegar crisps and marmalade sandwiches?" I ask. "What?" "They're surprisingly good," I say. "I MEAN the new synergies of artificial intelligence, deep technical knowledge, and plain language," he blathers. "You realize that the synergy of deep technical knowledge and plain speaking is essentially what AI claims to be? After you add a layer of obscurity, some hallucinations, and a touch of mental illness, that is." "No, this is an app to help you in the workplace." "Help me in the workplace, how?" I ask. "Does it tell me which windows have faulty safety catches?" "No, this is an app for everyone." "Ah, so it's an app to warn people about windows with faulty safety catches?" "No! Say you're new to the Company but you don't know, I dunno, where the paper is for the photocopier," the Boss says. "I think the first problem you'd have would be finding a photocopier. All we have are multifunction printers." "Alright then, you need to find paper for the printer – but you don't know where it is." "The printer or the paper?" the PFY asks. "Why would you need paper for a printer if you didn't know where the printer was?" "I ask myself these questions daily," the PFY sighs. "Anyway, the paper's in the cupboard beside the printer." "Well, what if there wasn't any paper in the cupboard beside the printer?" "Then it would be in one of the cartons of paper, which are beside the cupboard, which is beside the printer." "What if there wasn't any?" the Boss snaps. "There's always paper there. Sometimes five or six cartons." "WHAT. IF. THERE. WASN'T?!" "You'd ask the office admin person." "WHAT IF YOU ARE THE OFFICE ADMIN PERSON? And you've just started, and the printer's out of paper." "Oh, right. So... you'd use the app?" I ask. "YES! YOU'D USE THE APP. It'd tell you where the storeroom is, and you could get some paper. It might identify the best type of paper to use for the photoco- PRINTER that you have, and, maybe, suggest that you pick up a spare toner cartridge if your printer was running low." "So the app is able to remotely check on printer toner levels?" I ask. "No, it would suggest you pick up a spare cartridge if the printer was low." "How would you know if the toner was low if you'd just started?" the PFY asks. "When you don't know where the printer is?" I add. "You'd ask the app how to tell if it was low. It could talk you through how to check your particular printer." "So... the app will know where your printer is?" the PFY asks. "THE APP WILL HELP YOU WITH YOUR PRINTER, WHEN YOU FIND OUT WHERE IT IS!" the Boss snaps. "Ah right, now I'm with you. So, to clarify: you've written an app which will suggest you check the toner of a printer – that you have to find – which is out of paper – that you have to find – because you're a new office admin person. It's a little... niche... for an app, don't you think?" "NO!" the Boss blurts, maybe a touch frustrated. "It's an app for everyone." "But most people already know where the printer and paper are." "That's just one example of what it might do. It might, I don't know, explain how to use the air conditioning system based on the current environment and include tips on how to use it most efficiently for power consumption. It could maybe teach you how to choose a complex password to meet our security policy. Maybe it could highlight better travel options to get to work." "OK, I get it. You've invented a mansplaining app." "No! This app is good for everyone!" "So you keep saying. But the theory behind any good app is that it gives you some competitive advantage – an advantage that would be lost if everyone had the app." "How do you mean?" "Like the app the PFY wrote." "What does it do?" "If I told you, he might lose his competitive advantage." "Well, I'll ask him then." ... It's amazing how quickly the PFY can vibe-code a faulty window safety catch app. There might be something in that AI stuff after all... BOFH: Previous episodes on The RegisterThe Compleat BOFH Archives 95-99

The government’s plans to introduce digital ID could be put in doubt if Andy Burnham, who spoke out against the scheme last September, replaces Keir Starmer as the UK prime minister. The Greater Manchester mayor told a session at the UK's Labour party conference in Manchester last autumn that he opposed digital ID given the problems the previous Labour government he had served in had experienced with ID cards. “I think there’s a risk of an opportunity cost situation here, where something can consume a huge amount of time and actually doesn’t come through,” he said. “And that will be the lesson about 2005 to 2010 Parliament; it consumed a lot of air time and it didn’t actually materialize.” ID cards did actually materialize – with 13,200 produced before the scheme was scrapped. In fact, the Home Office used Manchester as a testing ground for the scheme. Burnham helped to sell it when he was a Home Office minister in 2005-6, telling the BBC that compulsory national ID cards would be “a major breakthrough” in tackling identity fraud. On 19 May 2026 Burnham was selected by Labour to fight the Parliamentary seat of Makerfield in a by-election in June. It would be a surprise if the party had not chosen him, given the former MP Josh Simons stood down to provide Burnham with the chance of returning to Parliament and then challenging Starmer as Labour leader and UK prime minister. Until February, Simons was the minister responsible for Starmer’s digital ID plans. He resigned after his decision to commission a probe into journalists who had written critical articles about the think tank he ran, Labour Together. To return to Westminster, Burnham will have to win a by-election in a constituency where Nigel Farage’s Reform party won more than half of the votes in local council elections earlier this month. The area also voted 65 percent in favor of leaving the European Union (EU) in 2016’s Brexit referendum. Burnham is already playing down his previous support for the UK to get closer to the EU as he starts campaigning. If he wins both Makerfield and then convinces Labour MPs to make him their leader, would he follow through on his comments of last September? Burnham has been known to change his views but if he got to be prime minister, dumping a policy introduced by his predecessor would suggest he was making a fresh start. Digital ID is also opposed by other parties, including Reform, so dropping it would remove a point of difference and could tempt some voters back to Labour. On the other hand many Labour MPs like the policy, and it is their collective call as to whether Burnham becomes prime minister if he can win Makerfield. In the House of Commons on 15 January, then minister Josh Simons made a statement on digital ID in answer to an urgent question from Conservative MP Mike Wood. Responding, Wood told the Commons: “In September, the prime minister tossed this mandatory digital ID on to the table as a classic dead cat distraction, purely to keep Andy Burnham off the front pages as the Labour party conference started.” Wood’s statement was feisty enough for the deputy speaker to mutter “Someone’s had their Weetabix.” But there would be some symmetry if Prime Minister Burnham scrapped a scheme that was supposedly introduced to distract attention from him when he was just the mayor of Greater Manchester. ®

The UK’s £38.2 billion (c $51 billion) Sizewell C (SZC) nuclear reactor is set to offer investors high rewards for little exposure to risk, while the consumer will see a £19 ($25.50) annual hike to their bills, according to a public sector spending watchdog. A report from the National Audit Office on plans for building the second in a new generation of nuclear power plants — Sizewell C in Suffolk — finds that the current estimated impact on consumers “relies on some big assumptions” about chance of further cost increases. Gareth Davies, head of the NAO, said: “Sizewell C forms a significant part of the government’s plan for a secure and affordable clean energy supply. There has been a concerted attempt to learn from the problems of previous nuclear power construction projects and other large infrastructure schemes. This has resulted in a novel financing structure and DESNZ will need to monitor the risks to taxpayers and billpayers closely.” Construction started in April 2024, although the Department for Energy Security & Net Zero (DESNZ) did not finalize its deal to complete the build with French energy firm EDF until July 2025. The government chose to create a joint venture company — Sizewell C Ltd — with DESNZ taking a minority stake and private investors, including EDF, taking the lion's share. The government’s National Wealth Fund will provide £36.6 billion (c $49 billion) in finance, while £5 billion will come from commercial lenders. The project plans to keep costs down by learning lessons from Hinkley Point C (HPC), which is expected to start generating electricity in 2030 after originally targeting 2025. In addition to the delays, cost have climbed to £35 billion from an initial estimate of £18 billion. The mammoth building project is part of the government's plans to meet rising demand for electricity — not least from datacenters and electric vehicles — while achieving its targets for reducing greenhouse gas emissions and reaching net zero. The government expects SZC to power the equivalent of 6 million homes for at least 60 years. Even though the Sizewell C company claims its build plans benefit from delays to Hinkley Point C, and will cost less to build, consumers may still end up paying more for the electricity the new plant produces because Hinkley Point C's "price was set before its cost overruns and SZC is affected by the rise in borrowing costs since then,” the NAO said. Part of the build cost will come from an increase in household electricity bills of £4 in the current financial year, rising to a peak of £19 to £21 a year in the first decade of the plant’s operation. The government admits that electricity from SZC will be more expensive compared with other forms of renewable generation, but it argues there is an overall benefit in the mix of supply. Solar and wind power are cheaper on the face of it, but they are also unreliable, creating hidden costs in balancing the energy grid. “DESNZ’s modelling shows lower total system costs with SZC. This is because intermittent renewables require additional transmission infrastructure, reserve generation capacity, and other balancing services, which those standard generation cost metrics do not capture,” the report said. The NAO points out that the current estimated costs rely on some “big assumptions.” At the same time, private investors' exposure to risk is not balanced with their rewards. A "government support package" provided by DESNZ includes contractual commitments that limit risks to private investors of cost overruns and certain unlikely but high-impact risks. This means private investors share construction risk with consumers and taxpayers but are exposed to “tail‑end” scenarios above the higher regulatory threshold, in a deal designed to attract private investors. “The sharing of risk with the taxpayer and consumer appears to have reduced the cost of financing the project, but the rewards for investors still appear high, given their limited exposure to project risk. The extent to which investors will be incentivized to control project costs in the way DESNZ assumes is unclear,” the report said. Only future generations may discover whether the project is worth it in the end. “The modelled benefits only start to outweigh those costs after 2064,” the NAO said. ®

ON CALL Welcome to another edition of On Call, The Register's weekly reader-contributed column in which you share your stories of absurd tech support situations. This week, meet a reader we'll Regomize as "Hamish," who told us that a couple of years ago he worked at a British retailer where the company's website manager – a member of the marketing team – came up with a brilliant idea that was bound to boost sales: adding Apple Pay to the company's website. Management approved the idea, which duly landed on Hamish's desk – and confused him enormously because the website already offered Apple Pay. Hamish had two pieces of evidence to prove this fact. One was that when he visited the website, he could see an option to pay with Apple Pay. The other was that he worked for the company during the initial push to enable Apple Pay and remembered the project well. He was pretty sure several of his colleagues would remember it too because they worked in management or marketing at the time and did some of the work! Hamish nonetheless went along with the request by chatting with colleagues in IT and the company's finance team, who confirmed that Apple Pay was indeed up and running, and even sending money into the company's coffers. That ruled out the possibility that the site was buggy in some way Hamish had missed, and meant the next step was to ask the website manager why she didn't think Apple Pay was already available. Hamish said the marketer told him she couldn't see Apple Pay as an option when she visited the site. To prove it, she whipped out her Android phone. "It turns out that everyone who thought this was a brilliant new idea and who had bothered to look at the website had done so without using an Apple device," Hamish told On Call. The company's site was therefore not only Apple Pay-enabled, but also capable of detecting users' devices and dynamically presenting relevant payment options. Hamish isn't sure he handled this situation correctly. "Maybe the IT team should have waited a week, said the work was done, and scored bonus points for a speedy delivery," he mused to On Call. "Instead we used the opportunity to show how unaware senior people were of their own pet projects." Have you been asked to fix something that works, or implement something that's already in place? If so, here's something else that already works – clicking this link to send your tale to On Call so we can consider running it on a future Friday. ®

Cisco tested AI’s ability to write an accurate report on a tabletop security incident response exercise, and found that while the tech can save time, many risks remain. The networking giant revealed its results in a Thursday blog post https://blogs.cisco.com/security/ai-generated-reporting-lessons-learned-from-talos-incident-response by Nate Pors, a senior incident commander in the Cisco Talos Incident Response team. Pors opened by observing that when to used generate long-form technical content, large language models can deliver “significant inaccuracies, unusual conclusions, and inconsistent writing styles.” LLMs make those mistakes because they’re essentially a fancy autocomplete system that makes educated guesses. Pors wrote that the nature of LLMs therefore sees them mess up in four ways: Using different data for each query, which means it’s “difficult to rely on an LLM for repeatable, standardized research outcomes.”Reaching different conclusions from the same data. “In a data breach scenario, a model might suggest a full organization-wide password reset in one instance and a targeted reset in another,” Pors wrote and AI then “often defaults to whichever recommendation it generates first” – and may therefore give bad advice.Because LLMs generate content token-by-token, they can create documents with different structure and formatting on each new run. “This unpredictability is problematic for professional environments where standardized layouts, such as consistent executive summaries or recommendation sections, are essential for quality control,” the Talos man observed.AI can discard data, so its output might ignore critical information.Talos developed several techniques to stop this sort of thing happening. One involves giving an LLM “granular, single-task instructions” that focus on “a specific, small portion of the report.” Doing so means “risk of hallucination or cross-contamination between sections is significantly reduced.” Telling an LLM which sources to use also helps. So does setting rules about the style and format of output. Using those techniques, Cisco says the time required to draft an incident report based on a tabletop exercise fell by 50 percent. "A blind test of the sample report in our quality assurance process showed no noticeable drop in overall writing quality," Pors wrote. "The peer reviewer, professional editor, and management reviewer all made complimentary comments about the report while unaware that it was AI-generated. The peer reviewer commented that the incidence of typos and grammatical errors was far lower than in the average report." But the Talos team also found “editing multiple sample reports within a single session resulted in cross-contamination of content from one report’s source material to another, even if the notes used to generate the first report were deleted from the project’s reference documents.” The researchers therefore recommend starting a new session, and re-entering prompts, for each new incident report. They also developed a spelling-and-grammar-checking prompt that “hallucinated numerous grammar issues … failed to identify actual issues,” had a success rate below 50 percent and “would behave inconsistently, sometimes catching issues and sometimes overlooking them. “It is currently unsuitable for production use,” Pors concluded. Pors said Cisco concluded that its approach “could be adapted to any cybersecurity reporting use case with standardized inputs and predictable outputs," but also warned authors must "take ownership of every word of the final report." "While testing, we found that the LLMs generated recommendations that were duplicative, irrelevant, or not actionable. If this were used in a production environment without manual checks, it could result in poor-quality recommendations in a final report." Those problems arose when considering a tabletop exercise, a far simpler affair than analysis of an incident that involves analyzing log files from multiple systems. ®

Chinese tech giant Alibaba has revealed a new accelerator and accompanying rack-scale server rig without offering much detail about their performance – and also admitted it’s only been able to make chips in trivial quantities. The new chip is called the Zhenwu M890, and comes from Alibaba’s semiconductor design business T-Head. Neither company has said much about it other than stating it includes 144GB of on-chip memory, possesses “800 GB per second of inter-chip bandwidth” and natively supports precision formats from FP32 down to FP4. The Chinese giant didn’t offer any info about performance other than to say it delivers “three times the performance of its predecessor, Zhenwu 810E.” Based on the specs of the old and new devices, we think the M890 might give Nvidia’s 2024-vintage H200 a run for its money. That means the most interesting figure in Alibaba’s announcement is 560,000 – the number of Zhenwu chips Alibaba says T-Head has made to date. By way of contrast, Nvidia says AWS alone will rack and stack one million of its GPUs this year. AWS’s spending on AI infrastructure is at similar levels to Microsoft, Meta, and Google, so it’s conceivable that Nvidia will make and sell three or four million GPUs to satisfy those four customers alone. Alibaba’s announcement doesn’t offer any information about production volumes for the M890. The company did talk up the machines the M890 will run inside – a new beast called the Panjiu AL128 Supernode Server Alibaba described as “a rack-scale system that packs 128 AI accelerators into a single unit and delivers petabyte-per second internal bandwidth … designed specifically for the concurrency patterns that agents generate: unpredictable, high-frequency bursts of inference requests that overwhelm conventional compute clusters.” It seems Alibaba intends racks packed with M890s plus Panjiu AL128s to handle agentic workloads. T-Head has also created a new networking chip called the “ICN Switch 1.0,” which we’re told “delivers up to 25.6 Tbps of aggregate bandwidth and enables congestion-free communication across clusters of 64 accelerators.” Those are specs that Broadcom and Nvidia reached years ago. Alibaba’s chips therefore deliver performance that leaves its cloud well behind its western competitors, which would be a problem if its Chinese peers were buying kit from Nvidia. But despite the US lifting export restrictions on some advanced AI hardware, Beijing has not let local buyers acquire any: Nvidia recently told investors it doesn’t expect to win any revenue from China for the foreseeable future. Chinese hyperscalers haven’t announced capex spending at anywhere near the levels of their American rivals. Perhaps we now know why: T-Head can’t get a lot of gear made, probably because accelerators like the M890 require an advanced semiconductor manufacturing process that Chinese companies can’t access from offshore fabs due to US sanctions. Chinese fabs can’t yet match the prowess of TSMC, the source of most high-end GPUs. So how are China’s tech giants meeting demand? We’ve previously covered attempts to smuggle Nvidia parts into China and Bloomberg yesterday reported Taiwanese authorities have cracked down on GPU smugglers. We’ve also seen suggestions that Chinese companies send storage devices across borders to move data into facilities that have Nvidia kit waiting to run training workloads. ®

Democratic lawmakers on Thursday blasted President Trump’s spending priorities – specifically a proposed $1 billion White House security and ballroom project and a nearly $1.8 billion “slush fund” for Trump allies tied to the January 6 Capitol riot – as his administration pushes deep cuts to cybersecurity funding. US Representative Delia Ramirez (D-IL) decried the president's priorities as Congress weighs reauthorization of the State and Local Cybersecurity Grant Program (SLCGP), a funding effort that began in 2022 and earmarked $1 billion to state and local governments over the next four years to help mitigate cyber risks. "Budgets are moral documents, and spending a billion dollars on a ballroom, which is what the president wants, or $1.7 billion to incentivize insurrectionists while we still are waiting for the reauthorization of this critical grant program, says a lot about where priorities are right now with this administration," she said during a House Homeland Security subcommittee hearing on state and local cybersecurity. Another Democrat on the committee, Rep. James Walkinshaw (D-VA), noted the US Cybersecurity and Infrastructure Security Agency (CISA) also eliminated federal support for the Multi-State Information Sharing and Analysis Center (MS-ISAC), which used to provide free and low-cost threat detection and response services to state and local governments. The MS-ISAC has since shifted to a fee-based model to support the state threat sharing program. This means, as expert witness Samir Jain, VP of policy for the Center for Democracy and Technology, testified, “jurisdictions that most need the help are least likely to be able to afford it. Smaller jurisdictions, because if they don't have the resources and the money to join the ISAC, they probably also don't have the resources and the money to buy equipment, to buy network monitoring tools, to have cybersecurity staff. It's the ones who need it the most are the least likely to be able to get it as a result.” Walkinshaw also pointed out that CISA’s 2025 budget was about $3 billion. President Trump proposed slashing the cyber-defense agency’s spending by $707 million in 2027, to just over $2 billion. This is on top of the $135 million in cuts to CISA, along with about a third of its workforce (close to 1,000 people) since Trump returned to office. “So we are looking at a one-third cut in federal funding for cybersecurity,” Walkinshaw said. “If President Trump gets his way, we'd be spending a billion dollars for the ballroom and $1.8 billion for the January 6 slush fund – $2.8 billion just on those two items, $800 million more than his total commitment to cybersecurity.” Meanwhile, other expert witnesses who testified before the committee, all IT and security chiefs from Tennessee, New York, and Florida, implored the lawmakers to spend more – not less – on state and local infosec. “State and local governments operate critical systems that citizens rely on every day, including emergency services, schools, utilities, courts, and public infrastructure,” Tennessee CIO Kristin Darby told lawmakers. “Those systems are increasingly targeted by criminal organizations and nation-state actors,” she said, adding that “demand for cybersecurity support far exceeds the current funding levels.” As AI-enabled attacks, ransomware infections, and cloud-based system intrusions accelerate across Tennessee, “many local governments across our state have little or no dedicated cybersecurity staff,” Darby continued. “This creates a dangerous imbalance between highly sophisticated attackers and severely resource-constrained defenders.” New York state director of security and intelligence Colin Ahern urged lawmakers to “reauthorize and fully fund the state and local cybersecurity grant program, which is the single most consequential investment in the cyber protection of state and local governments in this country.” He also advocated for frontier-model AI access for state and local governments, which are tasked with protecting the power grid, drinking water supply, public health systems, and other critical operations. “We cannot do that while frontier defensive AI capabilities are restricted to federal partners and a handful of large enterprises,” Ahern said. “Cybersecurity is the silent partner of democracy,” he continued. “When the utilities, school districts, and state and local governments that constitute the operational fabric of American life are hollowed out by cyber attacks, the institutions that support our democratic life are hollowed out with them.” ®

Google’s AI-powered transformation of its search engine will give the mega company a more captive audience than ever before - and what better way to turn those eyeballs into cash than by serving up new forms of AI-powered ads? Announcements out of the Chocolate Factory’s I/O AI fest continued Wednesday with the premiere of what the company called “a new generation of ads” tailor-made “for the AI era of Search” that it decided you definitely need earlier this week. As we mentioned in our earlier I/O coverage, Google announced what Search VP Elizabeth Reid called the “biggest upgrade in over 25 years” to Google Search. Those changes center on pushing Gemini 3.5 Flash deeper into Search and AI Mode, giving the engine the ability to “anticipate your intent” and surface more detailed AI-generated responses. That doesn’t mean AI Mode is being made the default, mind you. Google told The Register that standard search engine result pages are still going to be the default for anyone doing a typical Google search, though AI responses will be served alongside results, we’re told. Any web search that returns an AI Overview, on the other hand, will include an option to follow up with the Overview in AI Mode, and AI Mode with rich content input can be selected from the Search box as well. It’s here that Google’s beefing up its AI, letting it do the searching for you and surface whatever it’s been programmed to prioritize in a manner designed to keep you from clicking away, enabling Google to hand you more profit-generating content … er, helpful results. Those results will include “more helpful ads,” which will come in two varieties: Conversational Discovery ads, and Highlighted Answers. Regarding the Conversational Discovery ads, Gemini’s responses to specific questions will build ads “tailored to that search, highlighting specific relevant features.” Google cites the example of someone searching for a way to make their house smell fresher. Results for such a search could recommend deodorizing your house using, say, a $1 box of baking soda mixed with water or a simple 1:1 vinegar/water mix - or it could tell you how much you need a $20 reed diffuser, electric wax melter, or some other expensive product Google’s getting paid to flog. Highlighted Answers, on the other hand, means “highly relevant, high-quality ads are eligible to appear” on lists of recommendations delivered by AI Mode. What meets that threshold wasn’t mentioned, but Google told us that it’s using similar standards to its existing ad filtering, and the same auction mechanics to get the ads in front of eyeballs. Brands approved for Highlighted Answers will have their recommendations inserted into the end of AI Mode results, Google explained. The feature is currently in testing, with Google telling us it wants its placement to feel natural and add value to users' searches. Of course, just because the standard Google Search mode isn’t going away, contrary to the panic that Google’s announcements triggered this week, that doesn’t mean Google isn’t stuffing more AI ads into those results, too. AI-powered shopping ads that use Gemini to “pull up your most relevant products and instantly write a custom explainer highlighting why your product may be the right choice” are coming to Google’s standard search results pages in the coming months, as is the ability to “put a smart brand agent right inside your ad.” Those ads, for example, could be a chat window that provides answers on the content of a website, Google explained, “turning a practical interaction into a valuable lead.” Google said that it’s also expanding its Direct Offers program that allows retailers to offer user-tailored discounts and offers on products purchased via Gemini, giving brands more ways to motivate consumers to buy whatever they’re flogging without customers ever leaving Google’s ecosystem. Businesses that want to use these new AI advertising features will be encouraged to build campaigns around Google’s AI Max and Performance Max ad tools, naturally ensuring the Chocolate Factory keeps collecting its cut as it pushes advertisers deeper into the AI era of Search. Google assured us that people actually do want this, and that they really are gravitating toward AI experiences delivered through Google, even though they’re not always optional. The Chocolate Factory further told us that, despite ads featuring prominently across its various AI tools, ads never impact organic results. They’re just buried behind an ever-growing wall of AI schlock one has to weed through to find actual search results, and now even more ads. ®

You know your Google API key has leaked so you rush to disable it before bad actors can start running up charges on your account. Bad news: According to security researchers at Aikido, people can use the API keys for up to 23 minutes after a user deletes them, creating a window of opportunity that, when combined with Google’s automatic billing tier upgrades, can devastate victims. “We've identified a substantial window where an attacker with access to a leaked Google API key can continue to misuse that credential, after the user believes the key is revoked,” Joseph Leon, a security researcher with Aikido, told The Register. “In that window, an attacker could run up charges, pull sensitive files uploaded to Gemini, and exfiltrate cached context.” Aikido tested the gap during 10 trials over two days. In each trial, researchers created an API key, deleted it, and then sent three to five authenticated requests per second until no valid response came back for several minutes. From the time a user deletes the Google API key to when it can no longer be used propagates gradually across Google's infrastructure, he said. Some servers reject the key within seconds while others keep accepting it for 23 minutes. What this means is that an attacker holding a deleted key can repeatedly send requests until one reaches a server that has not caught up, Leon said. If Gemini is enabled on the project, they can dump files that were uploaded and exfiltrate cached conversations. The paper cited a similar problem researchers disclosed in December involving AWS keys. In that case, after deletion, attackers had a four-second window to exploit, and researchers showed how they could create new credentials in that time. “Four seconds was enough to matter on AWS,” Leon wrote in the paper. “Given recent attention to Google API keys used to access Gemini, we set out to measure how long Google's API key revocation window remains open.” Flaws can hit devs with huge surprise bills The Register has reported numerous cases of Google API key abuse in which developers are suddenly hit with five figure bills after their credentials are compromised. The problem was compounded in April after Google reworked its billing policy to include spending tiers for users. While developers initially thought of it as a way to limit costs, Google automatically upgrades that spending tier to the next highest level without their knowledge. For users who have been working with Google for more than 30 days and have spent more than $1,000 over the lifetime of the account, their cap can be increased from $250 to $100,000 if their usage spikes – a windfall for crooks if the credentials fall into the wrong hands. Developers whose Google API keys were stolen told The Register that their bills rocketed up to five figures minutes after their credentials were stolen, as bad actors loaded up on Google’s Gemini models such as Nano Banana and its video production model Veo 3. Google issued refunds in the three instances that The Register brought to its attention, returning $154,000 to those developers. The victims told The Register that, during the attack, they were frantically trying to shut down the spending and turn off access to their projects even as costs climbed by thousands of dollars. Leon said in cases where a Google developer tries to shut off access to their account, deleting the API key will still give crooks time to inflict damage. “It's hard to put a dollar figure on it,” Leon told us. “The window averaged 16 minutes in our testing and stretched to nearly 23 at the worst. During that window, the success rate is wildly unpredictable. We saw minutes where over 90% of requests still authenticated, and others where fewer than 1% did. An attacker who knows this can send requests at high volume to maximize their odds of hitting a server that hasn't caught up. For Google API keys with Gemini access, the damage isn't just a compute bill. It's the files and cached context an attacker can exfiltrate before the key actually dies.” Using VMs, Aikido tested its findings across three Google Cloud regions – east coast US, western Europe, and southeast Asia – then they spot checked those results on different dates. For each trial, Aikido deleted a single API key and sent requests from each of the three VMs in parallel, Leon wrote in the paper. “VMs further from the US picked up the deletion faster, which is the opposite of what you'd expect. We can't say exactly why from the outside. Google's request routing is more complex than ‘VM region equals server region,’ and a VM in Singapore isn't necessarily talking to servers in Singapore,” the paper states. “But the pattern was consistent across trials, which points to something about regional infrastructure, caching, or routing affinity driving the difference.” The trial used keys with access to Gemini, but he observed the same behavior with keys scoped to other GCP APIs, such as BigQuery and Maps. Google has built faster revocation for other credential types, Leon said. He said Google’s service account API credential revocations propagate in about 5 seconds. Gemini's newer API key format – the one that starts with AQ – propagates in about a minute. “Both run at Google scale. Both suggest this is technically solvable for Google API keys, too,” Leon wrote. But Google told Aikido it has no plans to address the 23-minute gap researchers found with its other API keys. “After reviewing our report, they closed it as ‘Won't Fix (Infeasible)’ with the comment ‘the delay due to propagation of the deletion of these keys is working as intended,’ “ Leon told us. The Register has reached out to Google about this research, but has not yet received a response. ®

GitHub's npm package registry has rolled out a publishing approval step to prevent the distribution of compromised packages before they can poison the software supply chain. Modern software development relies on imported bundles of code known as packages (and sometimes libraries or modules). In the past decade or so, miscreants have focused on gaining access to the accounts of package maintainers. Subverting a widely used package offers a fast track to malware distribution. Last December, amid the Shai-Hulud 2.0 campaign that compromised software packages, GitHub described a series of planned security measures intended to harden security for npm package publishers. One of the measures, staged publishing, has now been implemented. GitHub on Wednesday merged npm stage into npm CLI (v11.15.0) and has updated the registry documentation that describes the process. Staged publishing might also be called gated publishing – it requires a project maintainer to approve changes to a package that has been staged for release. It's been under discussion since 2020. "Instead of publishing directly with npm publish, you can submit packages to a staging area with npm stage publish," the documentation explains. "A maintainer must then review and explicitly approve the staged package — with two-factor authentication (2FA) via the CLI or npmjs.com — before it becomes publicly available." This process should have particular value for automated workflows, which typically don't include a way to authorize via 2FA. Automated workflows often rely on tokens for authentication, but these can be copied and stolen. Tokens that remain valid for long periods of time become attractive targets for cyberattackers. That's why GitHub did away with long-lived classic tokens and encouraged the use of short-lived session tokens and permission-limited access tokens for automation. GitHub's discontinuation of classic tokens hasn't gone all that well because short-lived tokens tend to expire at inconvenient times – no one likes having to regenerate tokens every 90 days or less and then go through the reconfiguration process. Staged publishing should make it easier for developers to set up maintainable workflows without burdensome re-authentication rituals. It gives package publishers the option to stage their package via automation and to delay the 2FA approval for publishing at a later date. GitHub offers trusted publishing as a way to establish trust between npm and the developer's CI/CD provider using OpenID Connect (OIDC) authentication. The OIDC mechanism still doesn't work when trying to publish a package for the first time, but together with staged publishing, the software supply chain looks a bit more defensible – so long as developers avail themselves of these tools. ®

Finding vulns just doesn't pay like it used to. At least one bug hunter who found an open source security flaw and reported it months ago via HackerOne’s backlogged Internet Bug Bounty (IBB) program finally got paid for his work - but at a drastically reduced reward rate. The security researcher found a medium-severity vulnerability that previously paid $1,843. As of Monday, HackerOne’s IBB pays $297 for the same severity level. Similarly, the new IBB cash prize for a critical vulnerability is $2,257, compared to the previous $9,250 reward. High-severity bugs now fetch $1,009, while they used to earn a $4,429 payout. And low-severity bugs earn researchers $68, compared to the previous $597 reward. HackerOne’s IBB remains on a break, and is not accepting new submissions. “The IBB program is currently paused while we evaluate adjustments to the program that will maximize value to researchers, sponsors, and the open-source ecosystem,” a spokesperson told us. “We remain committed to strengthening open source security through ethical security research.” When asked if AI-generated reports played a role in the pause and reduced reward amounts, a spokesperson didn’t give us a direct answer. “The Internet Bug Bounty is a unique, dynamic program where bounty levels automatically adjust based on the contributions from active participating sponsors,” the HackerOne spokesperson said. “Payouts under this program are regularly adjusted accordingly, as provided in the IBB program description.” Tale of two hackers Back in January, The Register talked with hacker Jakub Ciolek, who told us he reported two denial-of-service bugs in Argo CD, a popular Kubernetes controller, via HackerOne’s IBB program last fall. Both were assigned CVEs and fixed. Ciolek expected to receive about $8,500 for the two flaws - but instead HackerOne ghosted him for months, finally sending him an email after The Register reached out to the bug bounty platform. HackerOne thanked him for his patience and said his bug reports remain "pending reward processing due to a temporary operational backlog." Shortly after, we heard from another researcher in a similar situation. “I still hope to get some bounty some day for it,” the bug hunter told The Reg, noting that HackerOne set an end-of-March deadline to sort the backlog. On Wednesday, this hacker told us he finally received a bounty announcement and payout from HackerOne, although at $297, it was less than expected, as the payout amounts changed after they submitted their report. “I am glad I finally got something,” they said. Ciolek said he’s still waiting for any word from HackerOne, and told us repeatedly that this isn’t about the money. “The reduced payout is a symptom,” he said. “The economics of vulnerability reporting are changing very quickly.” Until just a few months ago, project maintainers - and bug hunters themselves, Ciolek included - dismissed this as an AI-slop problem. Recently, however, as models have gotten exponentially better at writing code and exploits, open source projects can’t keep up with the pace of bug reports, which still require humans to evaluate them. "Over the last few months, we have stopped getting AI slop security reports in the curl project,” Daniel Stenberg, founder and lead developer of curl, famously said in a social media post. "They're gone. Instead, we get an ever-increasing amount of really good security reports, almost all done with the help of AI." Linux kernel maintainer Greg Kroah-Hartman also noted in an interview with The Register how AI-assisted bug reports contained less slop and more valid concerns. On Sunday, Linux kernel boss Linus Torvalds declared that the project’s security mailing list has become “almost entirely unmanageable” due to multiple researchers using AI to find bugs and then filling the list with duplicate reports. “The recent Linux security mailing list situation is a clear signal: AI-assisted reports are increasingly real enough to matter, but numerous enough to overwhelm the people who have to validate and fix them,” Ciolek told us. “Bug bounties were supposed to reward what was scarce,” he continued. “That used to be discovery. Today, finding plausible bugs is becoming much cheaper, and generating reports is easy to scale. The expensive part is still very human: someone has to verify impact, deduplicate reports, decide whether something really crosses a security boundary, coordinate disclosure, and get a safe fix shipped.” While Ciolek says he’s sympathetic to changing economics, and overworked, underpaid open source project maintainers' capacity to investigate every serious-looking security report, the trust issue between researchers and bug bounty programs remains. “The trust issue here is that the change was effectively applied long after the work was already done, fixed, and publicly credited under a different expectation,” Ciolek said. “Responsible disclosure depends on researchers believing the process is predictable. The rules should not change after the work is complete. Serious researchers will price that in as risk, or they will stop participating.” Ciolek says he’s no longer actively doing bug bounty research - but will report serious issues as he finds them. “With the current flood of findings, I don't want to add more volume unless I'm confident the issue is serious enough,” Ciolek said. “In this AI-assisted era, the valuable work is no longer just ‘I found another bug.’ It is ‘I verified this matters and helped get it fixed.’ I think the original discovery-first bug bounty model is becoming obsolete. The next model has to reward more of the remediation cycle, not only the finding.” ®

Generative AI apps and services are getting more expensive by the day as model devs grapple with surging infrastructure costs. A new generation of GPUs and AI accelerators promises relief from rising inference demand, but you won't see the savings. After years and billions spent building bigger and better models, the great AI houses are beginning to find tangible use cases for the technology beyond chatbots and image generators. Claude Code, Codex, GitHub Copilot, and the slew of other code assistants have arguably become AI’s biggest success story to date, but history tells us they won’t be the last. But success is a double-edged sword. The bit barns built with borrowed money to train the Sonnets, GPTs, and Geminis at the heart of these apps and services were never meant to serve them at this scale. Inference and training are very different beasts. Those selling the shovels of the AI boom are now racing to bring new hardware better suited to serving these models. Nvidia pulled $20 billion from its war chest to acquihire AI chip startup Groq for this very reason. And it's not alone; everyone, from AMD and AWS to Intel and Google, is rearchitecting their GPUs, AI accelerators, and systems to drive down the cost per token. Cheaper tokens mean better inference economics, higher margins, and the venture capitalists fanning the flames hope that OpenAI, Anthropic, and all the others might actually drag themselves out of the red one day. Your AI addiction is their opportunity There’s just one little problem. All that AI-optimized hardware isn’t quite ready yet. Much of it is promised for the second half of this year, but it takes time to work out the kinks and ramp supply chains, which means the bulk of these new systems won't have widespread deployments until early to mid 2027. But here lies a fleeting opportunity for the flag-bearers to see how addictive their products have become, and just how much the market will bear. If Nvidia and AMD are the arms dealers of the AI age, the model devs are the drug dealers: the first hit's free, the next ones are cheap, and before long you’re hooked. We’re already seeing this play out. With the launch of GPT-5.5, OpenAI doubled the price per token to $5 (input), $0.50 (cached input), and $30 (output) per million tokens. It didn’t take long for Google to follow suit. The Chocolate Factory’s newly-launched Gemini Flash 3.5 is between 3x and 6x more expensive than Gemini 3.1 Flash-Lite and Gemini 3 Flash Preview. These price hikes are further compounded by the fact that the agent harnesses being built atop these models are burning through tokens orders of magnitude faster than a typical chatbot. Flat rate pricing makes a lot of sense when the majority of your customers aren’t running up against usage caps. It makes a lot less sense when customers are spending $200 a month on $5,000 worth of tokens. Microsoft seems to have figured this out. It outright abandoned seat-based pricing for GitHub Copilot and began transitioning its customers to usage-based pricing. Anthropic appears to be rethinking its pricing model as well, but rather than moving to a pure usage-based pricing model, it’s considering watering down its subscription features. AI isn’t the payroll paradise execs were promised Executives who thought AI was going to replace a full-time employee for pennies on the dollar are in for a rude awakening. That's not happening and it probably never will. Not when Anthropic, Google, or OpenAI can charge the equivalent of $30 an hour in tokens and make the case it’s still cheaper than paying an employee $40 an hour plus benefits and unemployment insurance. Just wait, before long AI pricing will be marketed in dollars per full-time equivalent ($/FTE) instead of dollars per million tokens. AI may not be the sweet deal execs might have hoped for, but that hasn’t stopped large tech firms from laying off thousands in pursuit of the technology. The FOMO has never been higher, and, if there’s anything big tech loves, it’s leading by example. So far this month, we’ve learned: Meta is laying off about 10 percent of its global workforce, closing around 6,000 open positions, and reassigning some 7,000 workers to AI-focused divisions. Cloudflare is cutting more than 1,100 workers, citing increased reliance on AI. Cisco is letting about 4,000 workers go because, as its CEO Chuck Robbins put it, “The companies that will win in the AI era will be those with focus, urgency, and the discipline to continuously shift investment toward the areas where demand and long-term value creation are strongest.” Even New Zealand has revealed plans to use AI to sack around 9,000 government workers. Competition won’t save us Competition, it’s said, is the cure to high prices, but for that to happen, there has to be a profit margin to shave and so far the top model devs are all running deep in the red. Hyperscalers have the advantage here. They can lose billions on AI investments for years while leaning on other product divisions to keep their shareholders from staging a riot. But it is probably not the death knell for Sam Altman’s hypemaxing or Dario Amodei’s sanctimonious posturing. Someone still has to build the models. Microsoft, Meta, and AWS are dabbling in model training, but have yet to show they can compete with OpenAI or Anthropic in any meaningful way. Google is really the standout in this respect. Gemini routinely trades blows with GPT and Claude, and after this week’s I/O, it’ll be practically inescapable. If history tells us anything, the AI boom and inevitable bust will follow a familiar trajectory. Competition abounds in a bubble, but once it bursts, consolidation is inevitable. ®

Who needs a minister when you have an LLM? America’s Christian population appears to have found God in precisely the place you’d expect a manifestation of the divine to be spotted in 2026: Amid AI chatbot responses. A survey of Americans published this week by Evangelical polling outfit Barna sought to discover what Christians thought about AI’s ability to serve as a spiritual mentor, and the split is surprisingly even: A full 48 percent of practicing US Christians told the organization that they trusted AI’s advice to aid their spiritual growth. Potentially more surprising than that, 34 percent said spiritual advice dispensed by an AI was just as trustworthy as what they'd get out of a flesh-and-blood pastor. That share rises, unsurprisingly, among younger Christians, with 39 percent of Gen Z respondents and 44 percent of Millennials agreeing that preachers and AI are at trust parity. Pastors themselves, it likely won’t surprise you to learn, are splitting sharply from their flocks on the matter of AI’s ability to fill their roles in the lives of congregates, with just 12 percent saying they agree that AI can help people grow spiritually. That said, there’s a pretty serious tension among American Christians when it comes to AI. At the same time half say it’s aiding their spiritual journeys, most also expressed concerns about negative effects of AI on spirituality. A full 83 percent of practicing US Christians believe AI is likely to misinterpret scripture, 73 percent are worried AI will cause loss of religious faith, and 72 percent believe that AI is beginning to act as a replacement for God and earthly spiritual leaders. “Christians say they trust AI with spiritual growth, and a meaningful share say its spiritual guidance is as trustworthy as a pastor’s—yet large majorities are simultaneously concerned about AI misinterpreting scripture, replacing God, or undermining the role of spiritual leaders, Barna VP of research Daniel Copeland said of the findings, which he called “confounding.” “That level of openness is higher than we might have expected,” Copeland added in the Barna’s report. Worshipping at the altar of Altman AI and religion have been butting heads for the past couple of years, with the Catholic Church particularly outspoken about the technology. The late Pope Francis called on world governments to establish global AI regulations in 2023, as well as calling on people to avoid turning to AI models for moral and ethical decisions. Vatican AI authority Friar Paolo Benanti later accused Silicon Valley elites of playing God with their creations, AI included, noting that “the focus will always be on using AI for profit,” which - according to the good book itself - isn’t compatible with Christianity. That hasn’t stopped some of God’s faithful from creating an AI Jesus and Christian AI platforms, and the new Pope, Leo XIV, has continued his crusade against the technology. "By simulating human voices and faces, wisdom and knowledge, consciousness and responsibility, empathy and friendship… artificial intelligence [could] not only interfere with information ecosystems, but also encroach upon the deepest level of communication, that of human relationships,” Leo said earlier this year. Leo further expressed worry that AI was turning people into “passive consumers of unthought thoughts,” and that’s not even to touch on the fact that AI has a tendency to make stuff up to appease its questioners, potentially leading the spiritually curious into full-blown episodes of psychosis aided by a digital yes-man in the guise of an authority. ®

Flipper Devices has announced the Flipper One, an ARM-based Linux computer built around openness, though its price tag may give you pause. The computer is not a successor to the Flipper Zero, according to the manufacturer, despite the visual similarity. Whereas the Flipper Zero was more about hacking anything from NFC cards to infrared controls and RFID devices, the One is a full-fledged Linux computer. The device uses a Rockchip RK3576 as its main CPU, and a Raspberry Pi RP2350B microcontroller to take care of the on-device controls and the 256 x 144 grayscale screen. There is also a pair of USB-C ports (one to charge the device), a USB-A port, and a full-size HDMI connector. Rounding out the package are two Gigabit Ethernet ports, a MicroSD card slot, and a 3.5 mm audio jack. The device has 8 GB of LPDDR5 memory and 64 GB of internal storage. There's also Wi-Fi and Bluetooth. For users keen to expand the device, there is an M.2 port and GPIO connectors. The device's cost is tricky – the aim is $350 for the base configuration without the cellular module. However, considering the volatility of chip prices at the moment (and the relentless rise in memory costs), the final figure might be different. The first prototype arrived earlier this year, and the inevitable Kickstarter campaign is due at the end of the summer. The question is whether it is a worthwhile investment. The price elevates the device firmly out of the impulse purchase category, but its flexibility does have appeal. The HDMI port makes it a useful media box for connecting to televisions. It could also serve as a Linux workstation, and all the networking interfaces make the device a "multi-tool," as the company put it. Flipper Devices suggests use cases including VPN gateway, Ethernet sniffer, and USB Wi-Fi/Ethernet adapter. As if to emphasize the clear blue water between the Zero and the One, there is no NFC reader or RFID onboard – hopefully an M.2 peripheral will handle that, or users can fall back on a Zero. Flipper Devices plans to keep development running – the Zero and One are very different categories of device. Things get more interesting on the software front. Flipper Devices is aiming for full mainline Linux kernel support and has partnered with Collabora to bring the RK3576 SoC into the mainline kernel and give Flipper One full upstream support. "The current state of ARM Linux is depressing," it wrote. "Every vendor bolts on their own custom mess: closed boot blobs, vendor-specific patches, 'board support packages' that nobody outside the chip maker can really understand. "You can no longer just read the specs and understand how computers work – you can only learn the workarounds for one specific chip with one specific BSP. We're sick of this ourselves, and we don't want to be part of the problem by shipping yet another product that just adds to the mess." But first you have to ship it. Calling the Flipper One a "community-driven project," Flipper Devices added: "We've made the entire development process open – so you can see how things are built and even take part in shaping Flipper One's future." While the project has now been officially announced, prospective purchasers should keep in mind that there are no guarantees about what (if anything) will actually ship. And, of course, one should always exercise caution when backing Kickstarter projects. In the announcement, Flipper Devices boss Pavel Zhovner wrote: "There's a lot of uncertainty in this project, along with technical challenges and financial risks (like the current RAM chip crisis). "I don't know if we'll be able to do everything we've planned, but we'll give it everything we've got. Thank you all, and welcome to a new adventure." ®

A "state of Web Dev AI" survey shows that nearly half of web developers worry AI will displace their jobs, with one stating "it will be devastating to our sector." The survey of 7,258 developers is the second on this topic to be conducted by Devographics, home of other surveys including State of JavaScript and State of CSS. There are big changes since the first in early 2025, when the majority of respondents used AI to create less than 25 percent of their code, whereas today 63 percent of devs use AI to generate more than half their code. Over a quarter of respondents (27 percent) use AI for 90 percent or more of their code. Code generation is the top AI use case, followed by code review, research, and debugging. The researchers gathered respondents from those who had completed previous surveys plus others contacted via social media, and state that the topic may have "biased the respondent set towards developers who do have an interest in AI." Regarding job security, a common view is that although developer skills remain relevant in an AI world, their bosses may be convinced otherwise and let them go. "AI companies can convince employers that AI can take my job, even if it can’t," said one. Another commented that they "already had to search for a new one, because my job as designer and frontend dev got cancelled for AI." There is concern over loss of skills as junior hires decrease. "Companies will rather spend the money on AI than train employees," one commented. The most used model provider is ChatGPT (88.4 percent), just ahead of Anthropic’s Claude (82.1 percent). When it comes to paid subscriptions though, Claude is the winner (69 percent), followed by ChatGPT (49 percent) and Google Gemini (32 percent). Despite increased usage, the respondents are by no means AI enthusiasts. Use of AI for image generation has fallen since last year, from 38 percent to 37 percent, and some respondents have ethical objections. "I do not use image generators on principle," said one, and another claimed "AI image generators are built entirely on stolen images." A general section on AI risks revealed a multitude of concerns: while job displacement topped the list, military use of AI, environmental impact, and AI slop takeover were not far behind. Security issues and rising costs were also areas of unease. The survey limited respondents to three top choices; many comments showed that they would have liked to pick more. From a technical perspective, the biggest issues cited were hallucination and inaccuracies (64 percent); poor code quality (53 percent) and lack of context (38 percent). It is a strangely mixed picture, with respondents expressing strong reservations about the overall impact of AI, while at the same time becoming dependent on it. 74 percent agreed AI tools are integral to their workflow, and 64 percent felt they were more productive thanks to AI. 88 percent feel the quality of AI tools has improved significantly year on year.®

AWS is pushing its European Sovereign Cloud, revealing some of the customers it has signed up to operate sensitive workloads on the platform and the continent's over how much sovereign control over data the Amazon subsidiary really offers. The service became generally available to European customers in January, amid growing alarm over the Trump administration’s open hostility to Europe and the continent's near-total dependence on US cloud platforms. AWS claims the European Sovereign Cloud represents a physically and logically separate cloud infrastructure, with all components located entirely within the EU. It started with just a single Region, located in the state of Brandenburg, Germany, but plans to extend its footprint across the EU. Organizations that have signed up for the service include University Hospital Essen, Schufa, a German credit information bureau, and smart energy and water meter biz Diehl Metering. Schufa has built a new credit scoring system that uses the AWS Cloud to hold the sensitive financial data of more than 69 million German consumers, while Diehl is operating services such as monitoring and billing for its public sector customers, helping critical infrastructure like waterworks and municipal utilities to manage water and energy data from a single centralized system. University Hospital Essen says it is using the platform for working with patient health data and also developing new AI technologies to improve patient care. “The AWS European Sovereign Cloud will support this mission by allowing us to work with health data at scale, while meeting German and European sovereignty expectations,” said Prof Jens Kleesiek, the hospital’s director of its Institute for Artificial Intelligence in Medicine, in a statement. There are, however, legitimate doubts about whether clouds operating under the aegis of any US company can really offer full sovereignty in Europe. Concerns often center on the US CLOUD Act, under which the authorities can compel any American organization to provide access to data they hold - including data stored outside the United States - subject to due legal process. An AWS spokesperson told The Register earlier this year that its European Sovereign Cloud includes multiple layers of protection – legal, operational, and technical – to safeguard data; that not even AWS employees can access customer data; and that it provides advanced encryption to allow customers to protect their content. A Microsoft executive was forced to admit under oath in a French Senate inquiry last year that it cannot guarantee data on French citizens would not be handed over to the American government if requested, and the same US legal rules – namely, the US Cloud Act – apply to AWS. “The AWS ESC is a fully isolated infrastructure with a separate legal entity in Germany. Although it does offer a certain level of legal insulation, it is still entirely owned by the US mother company. This is an important limitation to its immunity from the CLOUD Act and other US-led prescriptions,” said Forrester senior analyst Dario Maisto. Technology biz Thales unveiled on Thursday that it is launching its own European sovereign cloud service in Germany, working with Google Cloud. This is based on the model already used by S3NS, a Thales subsidiary, whereby Google Cloud software and services are operated on dedicated local infrastructure controlled by a local entity. In this case, Thales says it will be a new German entity, legally and operationally independent from Google Cloud, that will be staffed and managed by local German personnel. It is available in preview now and aims for general availability by the end of 2026. This new arrangement is perhaps because there are still doubts over whether the S3NS platform is entirely free from potential CLOUD Act interference. “The joint venture between Thales and Google - S3NS - offers (some) Google services on French sovereign infrastructure. The JV is owned for its vast majority by Thales, which is basically a French government-owned company. This legal configuration grants much better legal insulation and immunity from the CLOUD Act, although this is yet to be tested in court since Google still has a minority share,” Forrester's Maisto told The Register. The CLOUD Act worries have little to do with sovereignty in its strictest sense, he added, but rather with data privacy and data protection, which is regulated under the US-EU data privacy framework. Earlier this year, the European Commission awarded four contracts to Europe-based tech firms designed to advance cloud sovereignty in the EU, while spending on sovereign cloud infrastructure services is forecast to more than triple from 2025 to 2027. ®

The UK Post Office has awarded Accenture and OneView Commerce contracts worth £410 million to replace its troubled Horizon systems, which contributed to one of the most serious miscarriages of justice in British history. Accenture has won the bidding to replace incumbent supplier Fujitsu — which built the error-prone PoS and finance system starting from 1996 — on a so-called Walk In Take Over basis. It is set to stabilize services and upgrade software as it prepares for a complete business transformation and manages the migration to new SaaS. Its deal is worth £269 million for five years plus two optional single-year extensions, according to a procurement notice. The lesser-known OneView Commerce — a provider of retail and inventory management SaaS — has won the £141 million agreement to provide software to “transform [the Post Office's] retail technology platform to meet evolving business, operational, and customer requirements,” according to a tender notice. The system is set to be cloud-hosted, in an AWS or equivalent environment, and allows bespoke customization according to the Post Office's needs. It is expected to include ePOS, mobile services, customer engagement and insight, and self-service kiosks, among other features. The Post Office began rolling out the legacy Horizon IT system for accounting in 1999, along with two subsequent upgrades. From 1999 until 2015, around 736 subpostmasters were wrongfully prosecuted and convicted over errors resulting from the computer system, devastating lives in the process. A statutory inquiry into the mass miscarriage of justice launched in 2021 is ongoing. Its first report was published in July last year, finding that senior Post Office staff in the UK – and those working for suppliers Fujitsu and ICL – knew or should have known about the defects causing errors in the Horizon system. It also found that 13 lives were lost through suicide, most likely as a result of the Post Office prosecutions, in which Fujitsu assisted. In May 2025, the state-owned company gave up on its plan to build a replacement for Horizon in-house and launched the £410 million procurement process, which Accenture and OneView Commerce would win. Failed bidders included IBM and Escher Software, a provider of retail and ecommerce software. ®

A developer claims Google’s Gemini coding assistant deleted nearly 30,000 lines of working production code while making changes to a live application – the sort of productivity boost usually associated with ransomware. The now-viral Reddit post on the r/Bard subreddit details how Gemini 3.5 allegedly gutted large chunks of an application while working on a production codebase. According to the developer, the model broke core functionality, made sweeping unrelated changes, and left the system in bad enough shape that the changes ultimately had to be rolled back. The developer said Gemini repeatedly ignored instructions to preserve existing functionality while reorganizing the codebase. According to the post, Gemini opened a pull request touching 340 files that added roughly 400 lines of code while deleting 28,745 more. The developer claimed the model also removed unrelated e-commerce template assets and introduced a migration script that had nothing to do with the original request. The real damage allegedly came in a second commit, where Gemini modified Firebase routing settings and changed a rewrite service identifier to a value that looked correct but pointed traffic at a non-existent Cloud Run service instead. According to the developer, the mistake sent the entire production portal into 404 errors for 33 minutes. The thread quickly filled with developers sharing similar stories about AI coding tools going well off-script. One commenter described Gemini successfully solving several coding problems before deleting existing project files during its first commit after the user approved what they described as a flood of permission prompts. The result was a partially broken application and, as the commenter later summarized, “a disaster of a launch.” The wider comment thread was less sympathetic, as several users questioned why anyone was allowing AI coding agents anywhere near live production systems in the first place. One commenter wrote, subtly: “Why. WHY. WHY WHY WHY WHY WHY ARE YOU MORONS STILL RUNING [sic] AGENTS ON PROD?!??!!??!?!” According to OP, things reportedly became even messier after the rollback. The developer claimed Gemini generated a status message stating that production had been successfully restored and that traffic had been routed correctly, despite the referenced recovery build having been manually canceled. According to the post, the real fix came from a separate rollback deployment containing none of Gemini’s code. The post also alleges that Gemini generated fake “consultation” and post-mortem files inside the repository to make it appear the destructive changes had been properly reviewed and approved. According to the developer, Gemini later admitted that the consultation logs were entirely fabricated and generated solely to satisfy the project’s automated rule requirements. The behavior was ultimately traced back to a third-party npm package styled around Google’s Antigravity branding. The package allegedly seeded repositories with aggressive autonomy rules instructing the coding agent to avoid confirmation prompts, auto-deploy successful builds, automatically retry failed deployments, and even modify its own rule files when necessary. The incident lands amid a wider backlash against so-called “vibe coding,” the increasingly common practice of developers relying heavily on AI-generated production code while assuming the model understands the architecture better than it actually does. For now at least, the fastest thing about AI-assisted software development might still be the speed at which a perfectly functional production environment can be transformed into an outage report. ®

An 82-year-old grandmother who livestreams her Minecraft gameplay to raise money for her grandson's cancer treatment faced a potentially deadly swatting attempt this week. "Dozens" of armed police officers stormed the home of Sue Jacquot, known online as GrammaCrackers, on May 18 while she was sleeping. Officers were responding to a swatting threat – common hoaxes called in by viewers of livestreams. These incidents typically involve someone locating a streamer's home and calling the local police department, informing them of a bomb threat or similar, which often prompts a full-force response. While most swatting cases result in nothing more sinister than a few broken doors, some have led to serious injuries and fatalities. Jacquot, however, was just thrilled to experience being in the back of a police car for the first time and meet people she otherwise never would have had the swatting call not been made. "I was asleep, I was so asleep," said Jacquot, recounting the event. "I did not want to get up, and these policemen came in the door… the prettiest policewoman I've ever seen. The beautiful eyes. So sweet. But I think she could kick butt if she needed to. She was so sweet. And they walked me out, and I didn't know what was going on, but it was kind of fun. "And my kids and my grandkid, they were hugging me. You know, you can't get that much attention normally. I was getting all kinds of hugs. I was really eating it up. It was kind of fun. "And then I got to ride in the police car. I've never been in a police car before… and then it was all over. So I thought, well, I've got to go to bed. So, I took an ibuprofen and went to bed." According to Austin Self, Jacquot's grandson and brother of Jack, whose cancer treatment is being crowdfunded by his grandmother's livestreams, by the time he and other family members arrived at Jacquot's residence following the police raid, she had already gone back to sleep. Police officers and a fleet of SWAT vans remained outside at the time. By Self's reckoning, there were 20 police cars and five SWAT vans situated outside Jacquot's apartment. Both Self, of Queen Creek, Arizona, and Jacquot said the first responders treated the 82-year-old with great kindness, and were even asking for her signature. Officers who entered Jacquot's residence told her family that they were almost certain the call was a hoax, and as such did not use much force when entering her home via the garage. One male officer who entered Jacquot's apartment saw the livestreaming setup and from then on was so sure that the call was benign that he contemplated doing a little dance on camera, as the livestream was still running after the grandmother had gone to sleep, Self said. Unfazed, Jacquot restarted her livestream the following morning, traveled to the Nether, and harvested around 60 Nether warts to brew potions back at her Minecraft house. ®