Bedtime and the A.I., Privacy, and Security Weekly Update for the Week ending June 2nd., 2026
Episode 294
For this week's update:
The Trust Problem Nobody Has Solved. The AI verification problem isn't a bug to be patched; it's a structural flaw baked into the architecture of trust itself. It's like asking a child to set their own bed time.
Forget cookies and trackers, a website can now read your entire digital life from the rhythm of your hard drive.
Meta's AI support bot did exactly what it was designed to do, and that turned out to be the problem.
While the security world chases sophisticated threats, Google quietly closed one of the oldest and most exploited doors in session management.
ETH Zurich researchers have done something cryptographers have wanted for decades, produced randomness that the laws of physics themselves will guarantee forever.
The generation entering the workforce during the remote-work era may be carrying a career penalty they didn't earn and can't yet see.
The Software Industry Exhales For Now. Wall Street spent a year writing software's obituary, and this month the patient sat up, ordered lunch, and posted its best returns since the dot-com era.
GitHub just handed its most enthusiastic AI users their first real bill, and for many, the number is somewhere between shocking and career-defining.
OK, let's tuck in!
We start with The Trust Problem Nobody Has Solved
Artificial intelligence may not be ready to reliably fact-check itself, according to a recent analysis by technology writer Markus Brinsa. The article challenges the growing belief that AI systems can act as both creator and verifier of information, arguing that this approach resembles letting children decide their own bedtime.
The core problem is that the same system generating mistakes is often being asked to identify them. The article points to a growing trend in which organizations use multiple AI models to review one another's work.
While this may reduce some errors, Brinsa argues that the process can create a false sense of confidence because the systems often share similar training data, assumptions, and blind spots.
When one model validates another, agreement can be mistaken for accuracy.
Researchers have made progress in automated fact-checking, and AI can assist with verifying claims, retrieving evidence, and identifying misinformation.
However, studies continue to show important limitations.
AI systems are generally better at checking widely documented facts than fast-changing events, local information, or newly emerging topics where reliable evidence is harder to find. The article also raises a broader governance issue.
As businesses increasingly depend on AI-generated content, there is pressure to automate verification at scale. Brinsa argues that trust cannot simply be outsourced to another algorithm, especially when the verifier is built on the same foundations as the system being evaluated.
So what's the upshot for you?
Confidence and correctness are not the same thing, and an AI enthusiastically agreeing with another AI is not the same as either of them being right. In a world where content generation is near-instant and verification is an afterthought, the most undervalued skill in your organisation may simply be knowing when to pick up the phone and call a human expert instead. Peer review only works when the peers aren't trained on the same data.
Your Browser Is Already Watching Everything Else You Do
Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows sites to monitor other sites a visitor is viewing and what apps are open on their devices.
The technique exploits a side channel, a form of leak resulting from physical manifestations such as electromagnetic emanations, data caches, or the time required to complete a task. The attack FROST uses is known as a contention side channel, which measures the interaction of various processes all competing for a given resource.
By measuring the timing of certain I/O operations of the SSD a visitor is using, the researchers were able to determine the websites open in other tabs, even on other browsers, and the apps that were open on the visitor's device.
FROST requires no interaction from the visitor other than opening the site hosting the attack. Unlike previous contention side-channel attacks on SSDs, FROST runs exclusively in the browser.
It uses JavaScript that interacts with the OPFS (origin private file system), an allocated storage space reserved for a specific site.
Websites can create one with no interaction required by the visitor. While each file system is sandboxed, the JavaScript can still measure the I/O interactions.
By running those interactions through a pretrained convolutional neural network, the attacker can deduce various apps and websites open on the device. 'The attacker continuously measures SSD contention by performing random reads from a large OPFS file,' the researchers explained. 'SSD contention caused by user activity causes measurable latency differences for these read operations.'
'By training a convolutional neural network on these traces, the attacker can fingerprint user activity on the host system by classifying new traces using the trained model.'
So what's the upshot for you?
A website can now profile what you're doing on your entire computer, other tabs, other browsers, and running apps just by listening to your SSD's heartbeat through a browser API.
No permission dialog.
No interaction required.
The sandbox isn't a privacy guarantee; it's a performance isolation boundary, and your drive doesn't know the difference.
Side-channel attacks used to require physical access or nation-state resources. Now they run in JavaScript on a webpage you accidentally clicked. That's a meaningful escalation.
Hackers exploited an AI-powered support bot from Meta to take control of Instagram accounts, according to a report from KrebsOnSecurity.
The attackers reportedly discovered that the chatbot could be persuaded to change the email address tied to an account and then trigger a password reset, giving them a path to seize control of profiles.
The flaw was used against several high-profile accounts, including accounts connected to the Obama White House, major brands, and government figures.
Screenshots and videos circulating on Telegram appeared to show hackers interacting directly with the AI assistant and guiding it through actions that should have required stronger identity verification.
Security researchers described the incident as an example of prompt injection and AI manipulation, where attackers convince an AI system to bypass intended safeguards.
In some cases, hackers reportedly used VPNs to make their activity appear consistent with the victim's location, helping them evade automated security checks.
Meta said it fixed the issue and is securing affected accounts.
The company stated there was no breach of its internal systems, but the incident has intensified scrutiny of AI systems that are allowed to perform sensitive account management tasks without enough human oversight or hard security controls.
So what's the upshot for you?
The scariest AI vulnerability isn't a zero-day, it's a helpdesk bot with admin privileges and no idea it's being played.
If your AI can reset accounts, it can be socially engineered. Authorization controls aren't optional extras; they're the whole ballgame.
One Quiet Defence That Actually Works
Google made Device Bound Session Credentials generally available in Chrome for Windows and enabled them by default for Google Workspace users.
The feature helps protect against session cookie theft by tying a logged-in session to the device where it began.
A stolen cookie becomes far less useful if it cannot simply be replayed from another machine.
So what's the upshot for you?
Stealing a session cookie is about to become about as useful as stealing a hotel keycard after checkout, technically yours, completely worthless.
The login is no longer the only door worth guarding; post-authentication session security is now the new perimeter.
In a week full of attack stories, this one is quietly doing the right thing.
What If We Built Trust From Physics Up?
ETH Zurich researchers say they have generated certified 'perfect randomness' for the first time by using a quantum Bell-test setup with two entangled superconducting chips connected by a 30-meter cooled link.
In the long term, this work could play a similar role in digital security as atomic clocks do for timekeeping: a physically certified source of randomness that other systems can rely on.
Possible applications range from the encryption of sensitive communications and digital identities to public randomness services for lotteries and blockchain applications. They call their method randomness amplification.
The setup consists of two superconducting chips cooled to temperatures close to absolute zero, connected by a 30-meter tube also kept at near absolute zero.
Microwave photons fly back and forth between them, creating quantum mechanical entanglement. A quantum measurement on one qubit randomly yields '0' or '1' and influences automatically and at a distance whether '0' or '1' is measured on the second qubit.
The separation of 30 meters ensures that, during the measurement, even at the speed of light, no information can be exchanged between the qubits. 'The resulting sequence of zeros and ones is now really perfectly random, and we can even certify that,' says researcher Renner.
He likens the result to crossing a ridge: 'The technical improvements allowed us, for the first time, to create random numbers that will remain perfectly random for all eternity, no matter what analytical methods are used to assess their randomness.'
So what's the upshot for you?
Cryptography's dirty secret is that most 'random' numbers aren't really random; they're just hard to predict.
ETH Zurich just broke that assumption by generating randomness certified by the laws of physics themselves, not just computational complexity.
In an AI-saturated world where patterns can be found almost anywhere, a provably unpredictable source of entropy isn't a nice-to-have; it may become the foundation that everything else in digital trust is built on.
Think of it as the atomic clock for the zero-trust era.
The buzz on college campuses is that AI is disrupting the job market for young college graduates.
But new research from the Federal Reserve Bank of New York finds that the culprit may be something else: remote work.
An analysis of federal employment data, paired with a deep dive into the flexible work arrangements at one unnamed Fortune 500 tech company, reveals that companies are less likely to hire recent college grads into occupations that can be done remotely.
Researchers speculate that employers are reluctant to put such workers in a setting where it's harder to absorb lessons from coworkers.
The researchers found the unemployment rate among younger college grads, those under the age of 29, rose 20% after the pandemic, while unemployment among older college grads fell slightly.
Unemployment rose as remote work grew fourfold, the researchers write. 'Our analysis suggests that these trends are related, with remote work making it more difficult for managers to train and mentor new employees.'
'Early-career experiences can have lasting consequences,' the researchers write. 'Research finds that individuals who began looking for jobs in slacker labor markets tend to have lower earnings and slower career progression relative to comparable peers who began their job search in better market conditions.'
So what's the upshot for you?
Blame for the graduate employment slump has been landing squarely on AI, but the Fed's data points at something far more mundane: nobody wants to onboard a junior employee into a Zoom call.
The bigger risk is the compounding effect: graduates locked out of strong early-career experiences carry that disadvantage forward for years.
For organisations, this is both a talent pipeline problem and an ethical one. Remote-first culture may be quietly pulling up the career ladder for an entire generation.
The Software Industry Exhales For Now
Security company Okta shot up 30% Friday, reported CNBC, while data platform provider Snowflake jumped 50% this week.
They see it as part of a larger trend where software stocks soared this week, signaling some companies are navigating their way through AI disruption better than Wall Street expected, and that investors may have been too quick to declare the end of software with the emergence of AI.
Even as AI displaces certain tools and job functions, many software companies continue to show growth, assisted by their own AI products.
The SaaSpocalypse may not be over, but for now at least, fears of software's demise have cooled.
The iShares Expanded Tech-Software exchange-traded fund rose 8% this week and closed May up 21%, the best monthly performance for the ETF since October 2001. Back then, it was a brief rebound during the dot-com bust, while the current rally comes as concerns about the impact of AI ripple across the sector.
Software names have been hit particularly hard over the past year due to the boom in so-called vibe coding, with users able to now build apps and websites in minutes thanks to offerings from Anthropic, OpenAI, and others. Elsewhere in the software space, Atlassian climbed 26% for the week, and ServiceNow surged over 20%, while Shopify, Workday, and Asana each gained at least 14%.
So what's the upshot for you?
Reports of software's death were greatly exaggerated, at least for this month. The companies surviving the AI wave aren't the ones that ignored it; they're the ones that absorbed it.
The SaaSpocalypse clock is still ticking, but enterprises still need platforms, workflows, and identity management even in a world where anyone can vibe-code a prototype in 20 minutes.
The moat isn't the product anymore; it's the trust, the integrations, and the institutional inertia that comes with them.
So About That AI Productivity Revolution...
In April, GitHub announced that it was moving subscribers from request-based billing to a usage-based model for its AI-powered Copilot service.
As that new pricing model goes into effect today, many GitHub Copilot users are reporting extreme sticker shock as they realize just how quickly their previous normal usage is burning through their newly limited monthly allotment of AI credits.
Across social media and forums, many Copilot users are sharing personal statistics showing how just a few hours of AI usage can now account for a large chunk of their new monthly subscription caps.
For some users, it reportedly took less than a day to use up a month's usage quota.
GitHub said that the old system meant that 'a quick chat question and a multi-hour autonomous coding session could cost the user the same amount,' forcing Copilot itself to 'absorb much of the escalating inference cost behind that usage.
' Some Copilot users have been sharing estimates from GitHub's own tool showing that their previous monthly usage would rack up bills in the thousands of dollars under the new pricing plan.
Under the new system, paid Copilot subscriptions grant users a certain number of AI 'credits' each month, with one credit corresponding to $0.01 of usage.
The $10/month Pro plan includes 1,500 credits ($15 worth); the $39 Pro+ plan includes 7,000 credits ($70 worth); and the $100/month Copilot Max plan includes 20,000 credits ($200 worth).
Pricing is highly dependent not just on the type of request but on the specific model that a user chooses. One million output tokens from OpenAI's GPT-5.4 nano would run just $1.25 on GitHub Copilot, but that same level of output would run $30 on the frontier GPT-5.5 model.
Copilot users who rely on 'Auto' mode should be extremely careful, as some users report it can switch to expensive models for extremely simple queries.
So what's the upshot for you?
The AI productivity free lunch is officially over, and the bill is arriving in the form of 'you used a month of credits before lunch on day one.' The real sting isn't the new pricing; it's that 'Auto' mode can silently route your simple query to a frontier model and burn your monthly budget before you've had your morning coffee.
If your organisation uses Copilot at scale, you now have a new line item to manage, a new policy to write, and a very interesting conversation to have with your finance team. Check your model selection settings before someone else checks your budget.
And to round up this week's stories:
AI is an extraordinary tool for generating answers, but generating an answer and verifying one are two fundamentally different jobs, and conflating them is how organisations get confidently wrong at scale. The most dangerous AI failure mode isn't the one that crashes; it's the one that sounds completely sure of itself.
The attack surface has quietly expanded beyond your network, your endpoints, and your credentials; it now includes the physical behaviour of your hardware as observed through your own browser.
If your threat model doesn't account for side-channel attacks running in JavaScript, it's time to update your threat model.
An AI that can act on your behalf is only as trustworthy as the guardrails around what it's allowed to do, and guardrails designed for human interactions often fail completely when tested by adversarial ones. Before you give your next AI system an action it can take, ask yourself whether you'd be comfortable with an attacker giving it the same instruction.
Session security has long been the forgotten middle child of identity management organisations that spend millions on login protection and almost nothing on what happens to the session after the login succeeds.
Device-bound credentials won't solve everything, but they close a gap that attackers have been walking through for years.
Perfect randomness sounds like an abstract academic achievement until you remember that every encrypted message, every digital signature, and every secure transaction depends on a source of entropy that no one can predict or reproduce.
ETH Zurich just made that foundation significantly more solid, and in a world of increasingly powerful AI pattern recognition, that matters more than it ever has.
The remote work debate has mostly been framed around productivity and real estate costs, but the Federal Reserve's data surfaces a slower, quieter harm: a generation being locked out of the informal learning and mentorship that early careers are built on.
The organisations that figure out how to onboard and develop junior talent in a hybrid world won't just be doing the right thing; they'll have a meaningful competitive advantage over those that don't.
The SaaSpocalypse narrative was always too simple; the question was never whether AI would disrupt software, but which software companies were nimble enough to make AI work for them rather than against them.
This month's rally is a signal worth watching, but the companies celebrating loudest should remember that October 2001 was also followed by more dot-com carnage before the real recovery began.
And finally, the shift to usage-based pricing is a forcing function that most AI-heavy organisations weren't prepared for, and the sticker shock hitting Copilot users today is a preview of conversations that will ripple across every AI procurement decision for the next few years.
The question is no longer whether AI tools deliver value; it's whether the value they deliver is worth the bill that's now sitting on your desk.
And our quote this week: "In God we trust. All others must bring data." W. Edwards Deming
In this update, every story turned on the same tension, the gap between what we assume is true and what the evidence actually shows.
AI that agrees with itself isn't verifying anything, a browser sandbox that feels private isn't, a flat-rate AI subscription that felt affordable wasn't, and a job market blamed on automation was actually derailed by Zoom calls.
Deming built the modern quality movement on the radical idea that feeling confident and being correct are not the same thing.
This week proved he's still right.
That’s it for this week. Stay safe, stay secure, mind your bedtime, and see you in se7en.
I love it. This is my fav. techie podcast of all!
ReplyDelete