Snippings

xxx

In Taiwan, the group responsible for the laundering built two payment platforms, HeroPay and MatchPay, to serve as intermediaries for illegal gambling traffic. By routing funds through their own processors, they were able to mask source and destination, sidestep traditional detection systems and scale to nearly a billion dollars in illicit volume. When they eventually launched their own gambling portal, they didn’t need to find a bank to work with. They already had the rails.

From: Fintech has outpaced the guardrails meant to protect it.

xxx

xxx

A paper published last week has found more than 700 endpoints delivering such texts on behalf of more than 175 services that put user security and privacy at risk. One practice that jeopardizes users is the use of links that are easily enumerated, meaning scammers can guess them by simply modifying the security token, which usually appears at the right of a URL. By incrementing or randomly guessing the token—for instance, by first changing 123 to 124 or ABC to ABD and so on—the researchers were able to access accounts belonging to other users. From there, the researchers could view personal details, such as partially completed insurance applications.

From: Millions of people imperiled through sign-in links sent by SMS – Ars Technica.

xxx

xxx

Richard Crone’s analysis of UCP quantifies the stakes: intent data worth $267-$736 per monthly active user, cross-sell revenue (33-76% of incremental sales) shifting to whoever controls the agent conversation, retail media margins under pressure when discovery moves off-platform.

The same week UCP launched, Amazon was litigating against Perplexity for building shopping features using Amazon’s product data. Amazon understood what was being intermediated. They had resources to protect it.

Most merchants don’t have that leverage. The choice looks binary: adopt and gain discoverability, or refuse and become invisible to AI-mediated commerce.

There’s a third option. Adopt on terms that preserve merchant interests.
The hotel industry learned this with OTAs. Properties that refused Expedia declined. Properties that listed without strategy became commoditised warehousing. The winners participated for reach while retaining enough customer data to compete on experience.

Merchants evaluating UCP should demand data parity:
→ Bank-grade verification of who built and deployed the agent
→ Contextual metadata passthrough for fraud signals
→ Audit trails documenting the instruction chain
→ Equivalent data to on-site checkout, or liability allocation that reflects the gap

UCP explicitly leaves agent identity to “other layers.” The question is whether merchants require those layers before participating.

From: (3) Post | LinkedIn.

xxx

xxx

Private-equity firm Brookfield is starting its own cloud business, going up against tech giants like Amazon by arguing it can bring down the costs of developing AI. The firm, which has long invested in infrastructure and energy, is becoming the first major investment firm to try to lease chips inside data centers directly to developers, rather than just owning or developing the physical structures that surround them.

The cloud business will be tied to a new $10 billion AI fund that the firm is starting and a cloud company called Radiant that Brookfield will operate. In November, Brookfield laid out plans to acquire up to $100 billion of land, data center and power assets for AI.

From: Brookfield to Start Cloud Business to Lower Cost of AI — The Information.

xxx

xxx

In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively autonomous cyber workflows are rapidly coming down, and highlights the importance of security fundamentals like promptly patching known vulnerabilities.

From: AI Models on Realistic Cyber Ranges \ red.anthropic.com.

xxx

xxx

To understand how a stablecoin-backed card program actually works, a look at the names on the plastic or metal might help, but as most of this audience already knows, there’s more to it than that. From a cardholder’s perspective, the experience is familiar. Under the hood, however, the system added several new, tightly coordinated layers, each with its own responsibilities and failure modes.

From: CardsFTW #188: A Stablecoin Card Primer.

xxx

xxx

GPTZero, a detector of AI output, has found yet again that scientists are undermining their credibility by relying on unreliable AI assistance.

The New York-based biz has identified 100 hallucinations in more than 51 papers accepted by the Conference on Neural Information Processing Systems (NeurIPS). This finding follows the company’s prior discovery of 50 hallucinated citations in papers under review by the International Conference on Learning Representations (ICLR).

From: AI conference’s papers contaminated by AI hallucinations • The Register.

xxx

xxx

Bank of New York Mellon said it now employs dozens of artificial intelligence-powered ‘digital employees’ that have company logins and work alongside its human staff.

From: Digital Workers Have Arrived in Banking – WSJ.

xxx

xxx

Indeed, D&D’s complex rules, extended campaigns and need for teamwork are an ideal environment to evaluate the long-term performance of AI agents powered by Large Language Models, according to a team of computer scientists led by researchers at the University of California San Diego.

From: AI models tested on Dungeons & Dragons to assess long-term decision-making.

xxx

xxx

The models played against each other, and against over 2,000 experienced D&D players recruited by the researchers. The LLMs modeled and played 27 different scenarios selected from well-known D&D battle set ups named Goblin Ambush, Kennel in Cragmaw Hideout and Klarg’s Cave.

In the process, the models exhibited some quirky behaviors. Goblins started developing a personality mid-fight, taunting adversaries with colorful and somewhat nonsensical expressions, like “Heh—shiny man’s gonna bleed!” Paladins started making heroic speeches for no reason while stepping into the line of fire or being hit by a counterattack. Warlocks got particularly dramatic, even in mundane situations.

Researchers are not sure what caused these behaviors, but take it as a sign that the models were trying to imbue the game play with texture and personality.

From: AI models tested on Dungeons & Dragons to assess long-term decision-making.

xxx