According to a WIRED report this week, Meta has quietly embedded inactive facial recognition code in over 50 million smartphones. This code resides within the companion app used to connect its Ray-Ban and Oakley smart glasses. If enabled, the feature—internally referred to as NameTag—would allow users to identify individuals by comparing captured facial images against a biometric database stored locally on the device. This technology mirrors the type of system Meta previously abandoned in 2021, following multi-billion dollar settlements for biometric privacy lawsuits in Texas and Illinois.
In related news, xAI is seeking a federal court order to compel four individuals suing the company over AI-generated explicit deepfakes to reveal their real identities, moving away from their current pseudonyms. This includes one plaintiff who claims the chatbot was used to create sexualized images of her as a minor. The plaintiffs have stated they would rather withdraw the lawsuit than face potential harassment and doxing from Elon Musk’s online base. Conversely, xAI’s legal team argues that because the deepfake content will remain sealed from public view, there is “nothing inherently stigmatizing” about identifying the individuals depicted.
Google has introduced a new Android feature this week designed to combat the rise of AI-driven impersonation scams, where fraudsters mimic trusted phone numbers and replicate voices. Integrated into Google Dialer and available for devices running Android 12 and above, the feature initiates a silent cryptographic verification with the caller’s device. If a call is identified as fraudulent, Android will issue a warning and remove the contact photo from the display. However, this protection is currently limited to calls between two Google Dialer users, excluding iPhone users from the safeguard.
WIRED also revealed this week that the Manhattan Institute—a conservative think tank known for pioneering 1990s broken-windows policing and leading the Trump administration’s anti-DEI initiatives—is currently promoting model legislation. This legislation aims to reclassify minor protest-related offenses as felonies based on a new legal framework termed “civil terrorism.”
Security researchers have unveiled a sophisticated new browser-based side-channel attack named FROST. This technique can identify other open tabs—and occasionally other applications on a device—by measuring the time it takes to access a sandboxed file on the solid-state drive. The attack is executed entirely through JavaScript and utilizes a neural network trained on the input/output patterns of common software to analyze the timing data. Currently, there is no evidence that this method has been deployed in real-world attacks.
And there is more to cover. Every week, we compile a summary of security and privacy news that we haven’t reported on in detail. Click the headlines to access the full articles, and please stay vigilant.
Peptides—amino acid chains marketed as solutions for weight loss, skin rejuvenation, and more through topical application, ingestion, or injection—have evolved into a largely unregulated pharmaceutical sector. It is therefore unsurprising that their expansion is being driven by cryptocurrency payments, frequently sent directly to the Chinese laboratories producing these unverified remedies.
Blockchain analysis firm Chainalysis released a study this week tracking cryptocurrency transactions to peptide vendors, estimating this gray market at over $100 million annually and expanding. The analysis revealed that several Chinese labs previously involved in selling fentanyl precursors have transitioned to manufacturing and distributing peptides. Chainalysis suggests this shift is a strategic move to capitalize on the “looksmaxing” trend on social media, which has boosted peptide demand, while simultaneously mitigating the legal risks associated with opioid production.
AI is capable of performing a vast range of tasks upon request: developing applications, enhancing images, or even compromising high-profile social media accounts. Since Meta announced in March that its account support would increasingly rely on AI automation—including for password resets—hackers discovered they could manipulate this tool to gain unauthorized access to accounts belonging to celebrities and public figures. Victims, as reported by 404 Media, include Barack Obama, the chief master sergeant of the US Space Force, and the cosmetics retailer Sephora. Meta has stated the vulnerability has been addressed and impacted accounts secured. Nevertheless, these incidents highlight the dangers of delegating security protocols to AI, particularly for a company like Meta that has aggressively integrated AI across its operations.
When AI company Anthropic launched its advanced Mythos tool for testing with a select group of organizations, it sparked controversy by granting initial access to the US National Security Agency. Mythos is reportedly capable of rapidly identifying previously unknown, exploitable software vulnerabilities, raising concerns about its potential use for automated mass surveillance and cyber warfare. While the NSA also has a defensive mandate, early reports suggested the agency might be using the tool to find flaws in widely used American software, such as Microsoft’s, to enhance its security. However, the Financial Times now reports that Anthropic is deepening its collaboration with the NSA by deploying its own engineers to the agency to train personnel on utilizing the AI tool—including for offensive hacking purposes. While the FT could not confirm Mythos is currently used in active operations, given the increasing adoption of AI for state-sponsored cyber activities, it would be unexpected if the US were not participating in this era of automated digital intrusion.
President Donald Trump has appointed Bill Pulte as the acting director of national intelligence. Pulte succeeds Tulsi Gabbard, who recently resigned from the position due to her husband’s health concerns. Trump has indicated he is evaluating candidates for the permanent role, though the confirmation process is expected to take several months.
In his capacity as acting director, Pulte will oversee the entire US intelligence community, coordinating the efforts of 18 distinct agencies, including the Central Intelligence Agency and the NSA.
