Agregátor RSS

Dochází vám místo v iPhonu a nechcete kvůli tomu hned navyšovat tarif na iCloud? S tímto programem můžete zálohovat data z iPhonu rovnou do počítače. Už se nemusíte spoléhat na cloud nebo pomalou synchronizaci přes Finder.

Evropští uživatelé odmítají přechod na eSIM kvůli ztrátě pohodlí • Levné mobilní telefony tuto technologii nepodporují, což brání jejímu rozšíření • Změnu nakonec prosadí výrobci úplným zrušením fyzických slotů

Over the years, enterprise IT execs have gotten frighteningly comfortable having little control or visibility over mission-critical apps, from SaaS to cloud and even cybersecurity. But generative AI (genAI) and agentic systems are taking that problem to a new extreme, with vendors able to dumb down a system IT is paying billions for without so much as a postcard. 

It’s not necessarily that AI changes are made to boost profits or revenue. Even if we accept the vendor argument that such changes are in the customer’s interest, companies still need for their systems to do  on Thursday what they did on Tuesday, let alone what they did when the purchase order was signed.

Alas, that is no longer the case.

Consider a recent report from Anthropic that detailed a lengthy list of changes the company made to some of its AI offerings — including one that explicitly dumbed down answers — without asking or telling customers beforehand.

The report describes various changes the Anthropic team made on their own and then decided to reconsider the move only after users noticed and complained about the drop in quality.

“On March 4, we changed Claude Code’s default reasoning effort from high to medium to reduce the very long latency — enough to make the UI appear frozen — some users were seeing in high mode. This was the wrong tradeoff. We reverted this change on April 7 after users told us they’d prefer to default to higher intelligence and opt into lower effort for simple tasks,” the April 23 Anthropic report said. “On March 26, we shipped a change to clear Claude’s older thinking from sessions that had been idle for over an hour, to reduce latency when users resumed those sessions. A bug caused this to keep happening every turn for the rest of the session instead of just once, which made Claude seem forgetful and repetitive. We fixed it on April 10.”

Our bad — we’ll change it back

The fastest “Oops! Our bad. We’ll change it back” moment came last month. “On April 16, we added a system prompt instruction to reduce verbosity. In combination with other prompt changes, it hurt coding quality and was reverted on April 20,” Anthropic said. 

Beyond forcing changes on customers — not necessarily for customers — the AI vendor said the interdependence among complex GenAI systems makes it more difficult to quickly detect performance problems, including weaker answers and the speed of delivering those answers. 

“Because each change affected a different slice of traffic on a different schedule, the aggregate effect looked like broad, inconsistent degradation,” Anthropic said. When “we began investigating reports in early March, they were challenging to distinguish from normal variation in user feedback at first, and neither our internal usage nor evals initially reproduced the issues identified.”

This inability to reproduce errors and, for that matter, any behavior at all, is just one of the realities of genAI tools and agents. The fact that the same model is likely to give a different answer to the identical question posed two minutes apart is exactly why reproducibility is so difficult. That’s the case with all AI vendors, but it’s not their fault, in the same way hallucinations and ignored guardrails are not their fault. It’s just how LLMs operate. You want the good?Accept the bad. Blaming genAI technology for inconsistencies is like blaming the fabled scorpion. 

All major AI vendors are in an awkward position: When deciding the performance they deliver, they face what looks like a conflict-of-interest. That’s because the vast majority of current enterprise clients are paying for token usage. That gives vendors like Anthropic, OpenAI and others a real financial incentive to make background changes that increase the number of tokens customers need to purchase. Anthropic tried to suggest that its team was trying to reduce problems where token usage was artificially increased. 

For example, in its report, Anthropic  said it “received user feedback that Claude Opus 4.6 in high effort mode would occasionally think for too long, causing the UI to appear frozen and leading to disproportionate latency and token usage for those users. In general, the longer the model thinks, the better the output. Effort levels are how Claude Code lets users set that tradeoff — more thinking versus lower latency and fewer usage limit hits. As we calibrate effort levels for our models, we take this tradeoff into account in order to pick points along the test-time-compute curve that give people the best range of options.”

Technology often backfires

Sometimes, an effort to help customers backfires because, well, technology hates all of us.

The report details an incident on March 26, where an internal Anthropic change “was meant to be an efficiency improvement. We use prompt caching to make back-to-back API calls cheaper and faster for users. Claude writes the input tokens to the cache when it makes an API request, then after a period of inactivity the prompt is evicted from cache, making room for other prompts. Cache utilization is something we manage carefully.”

Then things got sticky. “The design should have been simple: if a session has been idle for more than an hour, we could reduce users’ cost of resuming that session by clearing old thinking sections. Since the request would be a cache miss anyway, we could prune unnecessary messages from the request to reduce the number of uncached tokens sent to the API.”

Turns out, “the implementation had a bug. Instead of clearing thinking history once, it cleared it on every turn for the rest of the session. After a session crossed the idle threshold once, each request for the rest of that process told the API to keep only the most recent block of reasoning and discard everything before it. This compounded: if you sent a follow-up message while Claude was in the middle of a tool use, that started a new turn under the broken flag, so even the reasoning from the current turn was dropped. Claude would continue executing, but increasingly without memory of why it had chosen to do what it was doing. This surfaced as the forgetfulness, repetition, and odd tool choices people reported. …We believe this is what drove the separate reports of usage limits draining faster than expected.”

And with Claude Opus 4.7, the vendor noted, it “has a notable behavioral quirk” of being “quite verbose. This makes it smarter on hard problems, but it also produces more output tokens.”

To be clear, I’m not suggesting Anthropic was doing anything especially poorly. Indeed, these are the kinds of problems all genAi companies face, and I applaud Anthropic’s transparency in publishing its reasoning openly.. (Anthropic executives do seem to be trying to portray themselves as more ethical and responsible than many of their rivals.)

What the report makes clear, however, is that the AI package your company is spending a lot of money on is entirely within the control of the hyperscalers. They can dumb down answers and even charge you more money by increasing token usage.  

They don’t ask your team beforehand for permission to make these kinds of changes. They don’t even routinely disclose the changes after the fact. In many ways, it’s just like a cloud provider changing settings without your knowledge. Your team might have spent two days getting all of the settings just right for operations, security and compliance on Monday afternoon. You wouldn’t want that cloud team to change everything on Tuesday and not mention it. It’s the same story with SaaS.

Now more than ever, trust, honesty and integrity need to be critical vendor differentiations. That’s especially true for AI companies.You need to track accuracy, speed and a dozen other AI variables internally so you can detect any changes as quickly as possible. As boards push harder for IT to try and deliver clean ROI for AI efforts, these monitoring efforts are no longer optional.

Buyer beware indeed.

Trh s drtí vysoké ceny operačních pamětí, přesto se nám výrobci snaží dát důvod, proč si pořídit nový procesor.

A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting in millions of dollars in losses. The crackdown was led by the Dubai Police, under the United Arab Emirates (UAE) Ministry of Interior, in partnership with the U.S. Federal

A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting in millions of dollars in losses. The crackdown was led by the Dubai Police, under the United Arab Emirates (UAE) Ministry of Interior, in partnership with the U.S. Federal Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Na sklonku dubna poprvé odstartovala operační verze dronu Boeing MQ-25A Stingray, který plní roli malého autonomní tankeru. Dvouhodinovou premiéru si odbyl 25.4. na letišti MidAmerica v illinoiském Mascoutahu a v příštích letech by měl sloužit pro americké námořnictvo. Hlavním úkolem dronu je ...

První výkonnostní výsledky v databázi testu PassMark potvrzují existenci procesoru Ryzen 9 PRO 9965X3D. Jde o první šestnáctijádrový desktopový model z řady PRO a rovněž prvotinu s V-cache…

Google zveřejnil seznam 1 141 projektů (vývojářů) od 184 organizací přijatých do letošního, již dvaadvacátého, Google Summer of Code. Přihlášeno bylo celkově 23 371 projektů od 15 245 vývojářů ze 131 zemí.

Information security agencies from the nations of the Five Eyes security alliance have co-authored guidance on the use of agentic AI that warns the technology will likely misbehave and amplifies organizations’ existing frailties, and therefore recommend slow and careful adoption of the tech. The agencies delivered that position last Friday in a guide titled Careful adoption of agentic AI services [PDF] that opens with the observation that “Agentic artificial intelligence (AI) systems increasingly operate across critical infrastructure and defense sectors and support mission-critical capabilities,” making it “crucial for defenders to implement security controls to protect national security and critical infrastructure from agentic AI-specific risks.” The thrust of the document is that implementing agentic AI will require use of many components, tools, and external data sources, creating an “interconnected attack surface that malicious actors can exploit.” “Consequently, every individual component in an agentic AI system widens the attack surface, exposing the system to additional avenues of exploitation,” the document warns. To illustrate the risks agentic AI poses, the document offers the example of an AI agent empowered to install software patches that is thoughtlessly given broad write access permissions, with the following unpleasant results: Here’s another nasty agentic mess the document uses as a warning: An organization deploys agentic AI to autonomously manage procurement approvals and vendor communications, and gives the agent access to financial systems, email and contract repositories; This user only considers permissions for the agent when deploying it; Over time, other agents rely on the procurement agent’s outputs and implicitly trust its actions; A malicious actor compromises a low-risk tool integrated into the agent’s workflow and inherits the agent’s over-generous privileges; The attacker uses that privileged access to modify contracts and approve unauthorized payments, and evades detection by creating faked audit logs that don’t trip alerts. Australia’s Signals Directorate and Cyber Security Centre (ASD’s ACSC) contributed to the document, working with the USA’s Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), the Canadian Centre for Cyber Security (Cyber Centre), the New Zealand National Cyber Security Centre (NCSC-NZ) and the United Kingdom National Cyber Security Centre (NCSC-UK). The document contains more scary stories, then lists 23 different risks and over 100 individual best practices to address them. Much of the advice targets developers who deploy AI, but the authors also urge vendors to ensure they test their wares thoroughly and ensure their products “fail-safe by default requiring agents to stop and escalate issues to human reviewers in uncertain scenarios.” The document also urges security practitioners and researchers to spend more time contemplating AI. “Threat intelligence for agentic AI systems is still evolving, which can introduce significant security gaps,” the document warns, because resources like the Open Web Application Security Project and MITRE ATLAS currently focus on LLMs. “As a result, some attack vectors unique to agentic AI may not be fully captured or addressed.” Given the huge to-do list for anyone creating agentic AI, or contemplating its use, the document argues for very cautious adoption. “Organisations should therefore approach adoption with security in mind, recognizing that increased autonomy amplifies the impact of design flaws, misconfigurations and incomplete oversight,” the document concludes. “Deploy agentic AI incrementally, beginning with clearly defined low-risk tasks and continuously assess it against evolving threat models.” “Strong governance, explicit accountability, rigorous monitoring and human oversight are not optional safeguards but essential prerequisites. Until security practices, evaluation methods and standards mature, organisations should assume that agentic AI systems may behave unexpectedly and plan deployments accordingly, prioritizing resilience, reversibility and risk containment over efficiency gains.” ®

Prioritize resilience over productivity, say CISA, NCSC and their friends from Oz, NZ, Canada

Information security agencies from the nations of the Five Eyes security alliance have co-authored guidance on the use of agentic AI that warns the technology will likely misbehave and amplifies organizations’ existing frailties, and therefore recommend slow and careful adoption of the tech.…

Na čem pracovali vývojáři GNOME a KDE Plasma minulý týden? Pravidelný přehled novinek v Týden v GNOME a Týden v KDE Plasma.

Linux Kernel proc_readdir_de() 6.18-rc5 - Local Privilege Escalation

Linux nf_tables 6.19.3 - Local Privilege Escalation

Linksys E1200 2.0.04 - Authenticated Stack Buffer Overflow (RCE)

MindsDB 25.9.1.1 - Path Traversal

Windows 11 24H2 - Local Privilege Escalation

Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking (CSWSH)

Educational tech giant Instructure has confirmed that data was stolen in a cyberattack, with the ShinyHunters extortion gang claiming responsibility. [...]

Více než polovina firem v Česku by si připlatila za ukládání dat v EU. Útoky se skrývají ve virtuálních strojích. Firmy je často vůbec nevidí. Kybernetické hrozby v ČR mění tvář – průniky do systémů vytlačují DDoS, závažnost útoků roste. AI asistent od N-able zkracuje dobu řešení problémů pro IT týmy. Anthropic a Amazon rozšiřují spolupráci: Claude získá infrastrukturu v Evropě.