Headaches and the AI Privacy and Security Weekly Update for the Week Ending June 9th. 2026

 EP 295.

In this week's update:
The NHS is about to hand half a million clinicians an AI assistant for their paperwork - and the question isn't whether it will work, it's whether healthcare will ever look the same again.

An innocent man spent a month behind bars because an AI license plate reader put him in two places at once - and the cameras that could have cleared him were right there the whole time.

China's military intelligence services have quietly turned LinkedIn into a recruitment tool, and the side gig that seemed too good to be true may be the most expensive mistake of your career.

Anthropic spent a year watching how criminals actually use AI, and what they found is less about catastrophe and more about something far more unsettling: amplification.

Researchers just demonstrated an AI-powered worm that doesn't just exploit weaknesses - it reasons, adapts, and chooses its own attack path in real time.

Meta removed a facial recognition system from its smart glasses app this week - a system that, according to Meta, did not yet exist.

A San Francisco burglar used a Waymo robotaxi as a getaway car, and between deleted footage and blurred faces, the case is still wide open months later.

Hidden inside the GPS signal that guides every phone, every ship, and every missile on the planet, a researcher just found something the military has been quietly broadcasting for nearly two decades.

Welcome back, everyone. This week, we are taking you from a British hospital corridor to a San Diego courtroom, from LinkedIn's shadowy recruitment pipeline to the hidden depths of a GPS signal that billions of people use every single day. 

Buckle up - this one covers the full spectrum, from the bureaucratic to the alarming to the genuinely mind-bending. 
Let's get into it.


NHS England plans to roll out Microsoft Copilot to 505,000 clinicians and support staff after a 30,000-person pilot claimed the AI assistant saved users an average of 43 minutes a day on administrative work.
The rollout won't happen overnight. NHS England said that each trust will receive a central allocation of licenses based on headcount, typically starting with around 2,000 Copilot seats, and that more than half a million staff are expected to have access by October 2026.
The NHS has no shortage of administrative work to throw at the software.
The rollout envisions Copilot helping with discharge paperwork, bed management, rota planning, meeting minutes, board papers, briefings, data analysis, and assorted HR, finance, and procurement tasks.
NHS organizations will also receive access to Copilot Studio, Microsoft's toolkit for building custom AI agents.
NHS England said trusts will be able to develop agents for tasks such as handling Freedom of Information requests, processing complaints, reducing helpdesk workloads, and assisting with financial analysis.
A governance framework called Agent 365 will oversee the deployment of those systems.

So what's the upshot for you?
The days of popping into your general practitioner for a couple of painkillers to get rid of a headache are way in the back window. Now they run up an agentic solution and it deals with your headaches.


'When Hugo Parra was arrested last year on felony charges, his pleas of innocence fell on deaf ears,' reports the Times of San Diego: San Diego police had a description of the Alfa Romeo car he was riding in [but no license plate number] and a witness who identified him during a curbside lineup as the man who brandished a handgun in Golden Hill. 
They had also checked the city's automatic license plate camera system, run by the private company Flock, and got a 'hit,' substantiating the claim. 
The problem, says attorney Alex Coolman, was that Parra was five miles away from Golden Hill at the time of the crime, and the so-called hit from the license plate reader was captured before any police pursuit began. 
'This Flock hit was obviously the wrong car, as it could not have been in both places simultaneously,' said Coolman, who represents Parra and the driver, 23-year-old Ariel Beltran.
Despite the signs pointing to it being a different Alfa Romeo, police arrested Beltran and Parra. [An officer had informed dispatch that one of the men 'matched the victim's description, other than having a different-colored hooded sweatshirt.'] 
Parra spent nearly one month behind bars, missing Thanksgiving and other special events with his family, before the assault with a firearm and evasion charges were dropped.
Parra says he was incarcerated with actual murderers, according to the article, and Parra and Beltran are now preparing to sue the city, seeking $1.5 million each in damages for civil rights violations and negligence. 
Their claim notes they'd driven past several other Flock cameras, which officers could've used to corroborate their story (not to mention location data on their cell phones).

So what's the upshot for you?
Meanwhile, the article also notes that last month the Institute for Justice identified at least 17 cases in the United States of officers allegedly using Automated License Plate Reader technology to keep tabs on partners, exes, and strangers who had caught their eye.'


The U.S. and its Five Eyes intelligence partners issued a joint warning that Chinese military intelligence services are using LinkedIn and other professional networking sites to recruit people with access to government, military, foreign policy, or sensitive economic information.
'These actors use an aggressive online recruitment strategy whereby intelligence officers or their affiliates pose as employees of private consultancies, think tanks or human resources firms, and place online job advertisements for foreign policy and defense analysts,' the agencies said Wednesday. 
'China's military intelligence services ultimately seek to acquire privileged military, political, and economic intelligence that can provide China with a strategic and tactical advantage over the Five Eyes.'
China was targeting Five Eyes nationals with security clearance, particularly those working in foreign affairs, security and intelligence, and military personnel including people stationed in the Asia-Pacific region, it said. 
People with more peripheral access to government information, such as academics, journalists, and think tank employees, were also being approached.
The Chinese embassy in the UK strongly condemned the accusations, calling the allegation of Chinese espionage threats 'entirely fabricated' and 'malicious slander.' 
The 'Five Eyes' members have engaged in unscrupulous espionage and intelligence-gathering activities around the globe. Their activities are the real threat to peace-loving countries,' the embassy said in a statement Thursday.
According to the agencies, Chinese spies have commissioned reports to be written by those they've approached, paying them anywhere from a few hundred to several thousand dollars, with payments sometimes made in cryptocurrency.
 'Military members may be asked about their roles and unit activities, home base or naval vessel,' the notice said. 'Five Eyes agencies have identified individuals who have undertaken these activities, leading to criminal prosecutions, job losses, and security-clearance revocation,' it warned.

So what's the upshot for you?
That little side gig from that individual who made you think you were one in a million might just cost you a million. If it sounds too good to be true, it probably is.


Anthropic recently published findings from a year of monitoring misuse involving its AI systems. The research documented growing efforts by criminals and scammers to incorporate generative AI into fraud, deception, and other malicious activities. At the same time, the company reported continued improvements in detection and safeguards designed to identify abuse.
The report paints a picture of a rapidly evolving contest. Artificial intelligence lowers barriers to creating persuasive content, automating repetitive tasks, and scaling operations. Those same capabilities can benefit both defenders and attackers.
What emerges is not a story about technology choosing sides. Instead, it is a story about a new tool being adopted by everyone at once, with each group attempting to gain an advantage.

So what's the upshot for you?
This story avoids the common trap of portraying AI as either a miracle or a catastrophe. The reality is more interesting. The technology is amplifying existing human behavior, both good and bad.

CA/UK: Researchers Demonstrate an AI-Powered Internet Worm 
Researchers published a paper this month describing what may be the clearest demonstration yet of an AI-enabled computer worm. Unlike traditional worms that rely on preprogrammed techniques, the experimental system used artificial intelligence to generate attack strategies tailored to the systems it encountered.
Historically, worms spread by exploiting known weaknesses. Once those weaknesses were patched, their effectiveness declined. The new research suggests future malware could become significantly more adaptable, analyzing environments, selecting attack paths, and adjusting tactics in real time.
The researchers emphasize that the work was conducted to understand emerging threats rather than create offensive tools. Nevertheless, the findings have drawn attention because they demonstrate how AI may eventually alter the economics and speed of cyberattacks.

So what's the upshot for you?
Consider what happens when malicious software can reason and adapt rather than merely execute instructions. The next generation of malware may be defined less by code and more by decision-making.


Last Thursday, Wired reported that Meta had quietly embedded an unreleased facial recognition system called NameTag into software installed on millions of phones. In a follow-up report, Wired says the tech giant has now removed the face-recognition-related code, while saying 'no final decision' has been made about whether the feature will launch.
On Thursday, WIRED reported that Meta had quietly integrated substantial portions of the NameTag system into the Meta AI app. Though never publicly enabled, the feature was designed to convert faces captured by the glasses into unique biometric signatures, commonly known as faceprints, and compare them against a database of faceprints stored on the user's device.
WIRED also found that faces the system failed to recognize were cropped, indexed, and stored locally for future processing.
NameTag first surfaced in February, when The New York Times, citing internal Meta documents, reported that the company was developing face recognition for its smart glasses and weighing a launch as soon as this year.
One memo reportedly described releasing it during a 'dynamic political environment,' when privacy and civil liberties advocates would be distracted. Last week, WIRED reported that much of NameTag's machinery was already built into the Meta AI app, downloaded by millions of users, as early as January, even as Meta publicly said it had made no final decision about face recognition.
After WIRED's report, Stone dismissed the findings, writing that the company couldn't answer questions about how the system would work because 'the feature does not exist.' Andrew Bosworth, Meta's chief technology officer, called the reporting 'incredibly misleading' and 'absolutely dishonest.'
The newly released version of Meta AI removes nearly all traces of the feature Meta said did not yet exist. Gone is the face-recognition software itself, along with the code that ran the NameTag recognition process and the 'Person recognized' alert the app would have shown if someone were identified. The update also strips out a folder where the app would have stored the cropped images and biometric signatures of faces it captured but could not identify. [...] A few fragments of the NameTag system remain in the latest version of Meta AI, including an internal debug menu label and a dormant link meant to open a recognized person's profile. The leftover code points to parts of the system that are no longer there.

So what's the upshot for you?
It's comforting to know that 'the feature that does not exist' has been removed.


A burglar took a self-driving Waymo taxi to rob a San Francisco yoga studio this past January, reports TechCrunch, and police have still not caught them.
Even the police officer assigned to the case thought it would be easier to solve, notes The San Francisco Chronicle, since Waymos are outfitted with multiple high-definition cameras and require users to make accounts with their credit card numbers.
It's common for officers to seek video footage of a crime from any of the Waymos, Teslas and other high-tech vehicles that record their surroundings.
That information can be crucial for identifying suspects or creating a reliable timeline of events. At times, police will go so far as to obtain search warrants to tow the vehicle 'witnesses' to ensure they don't lose valuable video evidence.
In the Hot 8 Yoga burglary case, San Francisco police issued a search warrant that forced Waymo to turn over information on the account that ordered the ride and video footage from the white Jaguar that served as the getaway car, police records show.
Faye said that he couldn't discuss certain details of the case, but that the Waymo user's account information didn't lead police to the suspect. In general, he said, it's not unusual for a criminal to order a service with stolen information or a burner phone.
The video evidence didn't help much either, Faye said. He said that the company had not retained interior footage of the car by the time the search warrant was filed in April and that it had kept the faces seen outside the car blurred for privacy reasons.
Waymo does not publicly disclose how long it retains video footage. The company blurs faces and license plates in the public-facing images it uses in a database designed for research.
Last year in Los Angeles, a person allegedly robbed a grocery store before hopping in a Waymo. Officers were able to chase down the vehicle after the suspect got inside, and the car pulled over after police turned on the car's emergency lights, according to Los Angeles-area news outlets.

So what's the upshot for you?
'Farah Issa, studio manager of Hot 8 Yoga, showed the Chronicle a copy of the surveillance video from her phone, noting how the Waymo dropped off the suspect and waited for him to finish the burglary before taking off again.'

A security researcher believes the U.S. military has been quietly using a little-known GPS message field for nearly two decades to distribute encrypted cryptographic key updates worldwide. The discovery suggests GPS satellites may have been transmitting military key management data in plain sight, while ordinary receivers processed the signals without recognizing their purpose.
The finding comes from information security expert Steven Murdoch, who spent years studying a rarely examined GPS data field known as Subframe 4, Page 17. The data appeared unusually random, leading him to suspect it contained encrypted information rather than routine satellite transmissions. A deeper investigation, aided by historical GNSS archives and academic research, eventually revealed patterns that pointed to a military communications function.
Murdoch analyzed more than 12 million archived GPS observations and identified thousands of unique encrypted-looking messages. One recurring pattern appeared across the entire operational GPS constellation in May 2011. By comparing the timing with declassified government documents, he found a strong match with the deployment of the Pentagon's Over-the-Air Distribution and Over-the-Air Rekeying systems, which allow military equipment to receive new cryptographic keys remotely.
The research suggests these broadcasts replaced older, labor-intensive methods that required key material to be distributed through physical procedures. Murdoch also observed changes beginning in 2022 and the appearance of messages carrying a distinctive 'TEXT' prefix in late 2023, signs that the system may have entered a new phase or undergone modernization. The exact reason for the transition remains unclear.

So what's the upshot for you?
Beyond the military implications, the discovery demonstrates how significant information can remain hidden inside widely available data streams for years.
Sometimes the most valuable intelligence is not concealed behind secrecy, but buried in signals everyone receives and almost nobody looks at.
OUTRO
The NHS didn't just buy software this week - it made a bet that AI can give half a million healthcare workers back the most precious thing they've lost: time. The real test begins in October, and the world will be watching whether that 43-minute daily saving holds up at scale.

Hugo Parra's month behind bars is a vivid reminder that automated systems are only as trustworthy as the human judgment layered on top of them - and right now, that layer is dangerously thin. When technology says someone is guilty, someone still has to be willing to say the technology is wrong.

China's LinkedIn playbook is patient, professional, and alarmingly effective - and the targets aren't just spies in suits, they're academics, journalists, and analysts who never imagined a job posting could cost them their clearance. The first line of defense isn't a firewall; it's your own skepticism.

Anthropic's year-long study of AI misuse doesn't give us a villain or a savior - it gives us a mirror. The technology is neutral; the humans wielding it are not, and that means the responsibility for what happens next lands squarely on all of us.

An AI worm that reasons and adapts isn't science fiction anymore - it's a published research paper, and the clock is ticking on whether defenders or attackers get there first at scale. The next generation of cybersecurity won't be won with better patches; it'll be won with better intelligence.

Meta's NameTag story isn't really about a feature - it's about the growing gap between what tech companies say publicly and what's quietly running on a billion devices. When the code that 'doesn't exist' gets deleted after a news story, that's not a reassurance; that's a data point.

The Waymo getaway story is funny right up until it isn't: the surveillance infrastructure we assumed would make crime harder just handed a burglar a patient, camera-equipped ride. Privacy protections designed for innocent people are turning out to be equally useful to the guilty.

And buried in the GPS signal guiding your every move is nearly two decades of encrypted military messages that almost nobody noticed - which is perhaps the cleanest metaphor for this entire week. The most important things hiding in plain sight aren't always threats. Sometimes they're marvels.

That's your week. From hospital hallways to hidden satellites, from criminal AI to the AI fighting back, every single one of these stories connects to the same question: who is paying attention, and what are they doing about it? 
We hope you are. We hope you keep coming back. Because the signals are everywhere - and we'll keep helping you read them. 

And that brings us to our quote of the week, from Mark Twain: "Do not undervalue the headache. While it is at its sharpest it seems a bad investment. But when relief begins, the unexpired remainder is worth $4 a minute."

Think about that in the context of everything we covered today. The NHS didn't just buy software - they bought relief. Half a million people drowning in discharge paperwork, rota planning, and meeting minutes, and someone finally said: enough. Twain knew that the headache itself has value, because it's only when you've lived inside the pain that you truly appreciate the moment it lifts. Whether it's administrative overload, a wrongful arrest, a GPS signal nobody bothered to read for twenty years, or malware that thinks for itself - the headache is real. And so is the relief, when it finally comes. That's why we're here every week. Chasing the $4 a minute.  Oh, and those were 1910 dollars.
That’s it for this week.  Stay Safe, Stay Secure.  No more headaches, and we’ll see you in Se7en.



Comments

Post a Comment