Breaking AI & Tech News Analyzed

The Passkey Debate Readers of The Guardian have expressed concerns and curiosity about the safety and security of using passkeys, which can be a pin on your phone or facial recognition, as an alternative to complicated passwords and two-factor authentication. How Passkeys Work Passkeys are considered safer than passwords because they are unique to a device, not stored on a company's server, and are unphishable and less hackable by cybercrims. A passkey is a complex value used as a start for a mathematical calculation, the result of which is sent to the website, making it impossible for hackers to steal the passkey even if a server is hacked. Reader Responses wyldfam: Passkeys are safer because they are vulnerable only to a hacker who can steal your phone, and you tend to notice quickly and can cancel (revoke) your passkey on your accounts. TechGirl: Passkeys are good, strong protection – much better than passwords. Create a 10-digit pin on your phone from random numbers and remember it so it’s second nature. gh05ted: Passkeys don’t have the weakness of shared secrets like passwords do. A passkey is stored in your phone, laptop or password manager and unlocked using a simple pin or biometrics. Concerns and Limitations dannytheclown: The subject seems very confusing, and there are concerns about software companies trying to self-stuff we don’t need and making things more complicated. GordonLiv: Getting security right is a minefield, and there are concerns about syncing passkeys between devices and possible vulnerabilities. Jiminoz: Passkeys are tied to a single device, and what happens if you want to access your bank account and you’re away from your desktop? Conclusion The debate on passkeys vs passwords continues, with experts weighing in on the safety and security of using passkeys. While some readers are convinced of the benefits of passkeys, others remain skeptical and concerned about the limitations and potential vulnerabilities.

The AI-Powered Scam Text Epidemic Google is suing to dismantle the infrastructure behind an alleged massive AI-powered cybercrime operation. The tech giant announced a lawsuit against an alleged Chinese cybercrime network called Outsider Enterprise, which Google says uses AI in its campaigns to send scam text messages impersonating Google and other brands to steal passwords and credit card numbers. The Scale of the Scam Outsider Enterprise has financially scammed “hundreds of thousands of victims” with losses “estimated in the millions.” The group deployed 9,000 fake websites, 1 million fraudulent web domains, and 2.5 million texts sent to Android users in a two-week period, according to Google. The Data Behind the Scam The company said, “55,000 spam texts were flagged by Android users in just two weeks this past May — that’s more than two text spam complaints a minute.” Google also reported that its AI-powered tools enable the company to detect scams and alert users of suspicious calls and text messages, leading to the interception of more than 10 billion scam messages a month. The Impact on Users and Industry Collaboration Google said it has been collaborating with AT&T;, T-Mobile, and Verizon to block the scam text messages and said it is coordinating with the FBI, which is taking unspecified law enforcement actions. The Future of AI-Powered Cybersecurity As AI-powered scams continue to evolve, Google's use of “AI-powered tools to fight AI-powered scams” sets a precedent for the tech industry's approach to combating cybercrime. The outcome of this lawsuit and the collaboration between Google, telecom companies, and law enforcement agencies will be crucial in shaping the future of cybersecurity.

The LeadAs cybersecurity experts increasingly endorse passkeys as the future of authentication, many users remain skeptical about whether smartphone-based authentication methods like PINs or facial recognition can truly be safer than traditional passwords enhanced with two-factor authentication.The Authentication Debate: Passkeys vs Traditional SecurityThe article highlights a common concern in the evolving landscape of digital security. While passkeys offer advantages such as being device-specific and not stored on company servers (making them "unphishable" and less vulnerable to hacking), questions remain about their practical security in everyday scenarios.Key concerns raised include:What happens if a phone is stolen and someone guesses the PIN?How does authentication work when a user loses their device?Are these methods truly more secure than well-crafted passwords with two-factor authentication?Expert Endorsement and Public SkepticismDespite these concerns, reputable organizations like the UK's National Cyber Security Centre strongly advocate for passkeys as a superior security method. This endorsement creates a significant knowledge gap between security experts and average users who struggle to understand the technical advantages.The Future of Authentication: Bridging the Understanding GapAs digital security continues to evolve, the industry faces the challenge of not only developing more secure authentication methods but also educating the public about their benefits and limitations. The article suggests that user education will be crucial for the successful adoption of passkeys and other emerging authentication technologies.

The WWDC Opening: A Repair‑Centric KeynoteCraig Federighi, Apple’s senior vice president of Software Engineering, spent the first half of the keynote outlining a series of fixes—ranging from the controversial Liquid Glass design to performance tweaks—before introducing the AI‑powered Siri update. The sequencing underscored Apple’s belief that a stable foundation is required before users can trust new AI features.Speed Gains Across Devices: 30%‑80% Faster PerformanceApple highlighted measurable speed improvements that affect everyday usage:iPhone and iPad apps launch 30% faster.New photos appear in the library up to 70% faster.AirDrop file transfers are up to 80% faster, extending to all models back to the iPhone 11 (2019).Reworking the User Experience: Liquid Glass, Toolbar, and Health UpdatesKey usability upgrades were announced:A slider lets users revert the Liquid Glass aesthetic to a fully tinted view.macOS receives a more uniform toolbar for clearer control distinction.App icons get sharper definitions even in clear mode.The Health app adds tracking for perimenopause and menopause.iCloud shared photo albums now accept contributions from Android and Windows users.Screen‑time controls for parents receive enhancements.AI Integration Strategy: Siri Beta, Apple Intelligence, and New Image ToolsThe AI announcements were positioned as part of a broader effort:Siri enters beta later this year, excluding the EU and China due to regulatory hurdles.Apple Intelligence can organize web tabs, generate Safari extensions, suggest stronger passwords, and provide contextual reply suggestions in Messages.Calendar can create events from natural‑language commands.During calls, AI can surface relevant information such as confirmation codes.The Home app will summarize events, catching up with competitors on smart‑home insights.Image Playground now produces functional images and will be opened to developers via an API.Generative photo editing—including item removal and spatial reframing—works on existing library images.What Comes Next: Adoption Hurdles and Competitive LandscapeBy leading with repairs, Apple signals that restoring confidence in its core software is a prerequisite for AI adoption. The beta rollout of Siri, limited by regional regulations, suggests a cautious market entry. Meanwhile, the expanded AI capabilities aim to narrow the gap with rivals such as Google and Amazon in areas like image generation and smart‑home summarization. Observers will watch whether the performance upgrades and broader AI toolkit translate into higher user engagement and whether Apple can leverage its on‑device AI advantage to differentiate its ecosystem in the coming year.

Apple's AI-Powered iPhone Updates Apple today announced a slate of new Apple Intelligence updates across its apps at WWDC 2026, including tab management for Safari, one-tap password updating, cross-app context awareness, and AI-powered shortcut creation via natural language. Safari Gets AI-Powered Tab Management Safari is getting AI-powered tab management that groups tabs by topic automatically. It can also suggest and add related tabs to an existing group. The company is also adding a page monitor to Safari that notifies you when it detects changes — useful for tracking prices, news stories, or anything time-sensitive. Enhanced Password Security and Cross-App Context The company is adding a way to update compromised passwords with one tap, with Apple handling the process on your behalf through AI and Safari — no manual login required. The Phone app can now pull context from other apps like Mail and Messages mid-call. AI-Driven Photo Editing and Shortcuts Messages is getting AI-powered reply suggestions and a new ability to surface photos based on a text description. Image Playground is also getting a significant update with easier natural-language editing and a new model capable of generating more photorealistic images. The company is also overhauling Shortcuts with AI-powered creation. The Future of AI on iPhone Apple's updates suggest that the AI assistant wars are increasingly being fought at the operating system level — with your personal data as the differentiator. With these updates, Apple is bringing AI-powered capabilities to the mainstream iPhone user.

The Rise of Spyware Attacks Spyware attacks on journalists, human rights defenders, and political dissidents are no longer rare or exotic. In early 2025, WhatsApp notified roughly 90 users — many of them journalists and civil society members across Europe — that they had been targeted by Israeli spyware company Paragon Solutions. Months later, Apple sent threat notifications to a new group of iOS users; forensic analysis confirmed two of them, both journalists, had been hit with Paragon’s Graphite spyware using a zero-click attack, meaning they didn’t even have to tap a link to be compromised. How Spyware Works These attacks rely on expensive, sophisticated, and stealthy tools that allow their operators to hack into and install spyware on computers, but especially smartphones, which hold virtually all of the data about a person’s daily life. Spyware gives its operators virtually full access to the target’s device and data. Government spies can record phone calls, steal chat messages, access photos, and switch on the device’s camera and microphone to record ambient sound and record nearby conversations. Spyware also typically tracks a person’s real-time location. Tech Giants Offer Defenses In response to these attacks, tech giants now provide their users with better defenses. In particular, Apple, Google, and Meta offer opt-in features specifically designed to counter targeted spyware attacks. Generally speaking, these features add extra protection, sometimes by turning off or limiting some regular features. It’s a tradeoff, but having used these myself for a long time, I have never found them to be too onerous or annoying to use. Apple's Lockdown Mode Apple’s Lockdown Mode is available on all Apple devices, including iPhones. Apple says that when Lockdown Mode is enabled, “your device won’t function like it typically does.” In exchange for this inconvenience, your device will be more secure. There is evidence that Lockdown Mode has helped in the past. Citizen Lab found that Lockdown Mode stopped one spyware attack carried out with NSO Group’s Pegasus software. As recently as March, Apple said it has never detected a successful attack on an Apple device with Lockdown Mode enabled. Google's Advanced Protection Program Google launched its Advanced Protection Program in 2017. This feature is designed to make your Google account more resilient against malicious hackers of all kinds. Advanced Protection Program includes the following features: Requires a physical security key (or a software passkey) as an additional verification factor apart from your passwords Requires a recovery phone and a recovery email to your account, or use a backup passkey or security key WhatsApp's Strict Account Settings WhatsApp launched Strict Account Settings earlier this year, an opt-in feature that switches on some privacy and security controls depending on the operating system. On Android and iOS, Strict Account Settings turns on the following features: Two-step verification Account protection To switch the feature on, use your primary device and go to Settings, then Privacy, then scroll down to Advanced and turn it on. The Future of Spyware Protection No security measure is perfect, and it’s a constant effort to keep security flaws at bay. Spyware makers find new ways to hack into phones and services, then software makers learn from those attacks and respond. Rinse and repeat. But that doesn’t mean these features are not worth using. On the contrary; these features have been proven effective. “These features are free, easy to enable, and the best defense we have today against sophisticated spyware,” said Runa Sandvik, a security researcher who has worked to protect journalists and other at-risk communities for more than a decade. “If the features get in the way of something you need to do, you can easily turn them off again — meaning it costs very little to turn them on and try them out.”

The Security VulnerabilityTrump Mobile, a phone company launched by Donald Trump's family business, is investigating a potential security flaw on its website that appears to have exposed the personal details of an estimated 27,000 people who sought to buy a gold-coloured smartphone. The company stated it is investigating the issue "with the assistance of independent cybersecurity professionals" in which the full names, addresses and phone numbers of people who filled out preorder forms appeared to be exposed.Based on the available information, Trump Mobile has not identified evidence that its systems, infrastructure, or network were directly compromised. The investigation remains ongoing. At this time, the incident does not appear to involve Trump Mobile payment card information, banking information, Social Security numbers, call records, text messages, or other highly sensitive financial data. The impacted information appears to be limited to certain customer details, including names, email addresses, mailing addresses, order identifiers and mobile phone numbers.The Technical DetailsAn Australian programmer, who has been working in IT for nearly 20 years, incidentally discovered the site's possible security flaws and reported them to Trump Mobile. Jonathan Soma, a programmer and professor at New York's Columbia University, reviewed the code that the Australian had uncovered and copied from the Trump Mobile website. Soma said the website used a common e-commerce model, in which every potential order added another "1" to a list, the total of which had reached 27,224 possible pre-orders on the available information.However, the code reflected the last step before payment, meaning those who didn't proceed with the purchase were also recorded in the data, even those people who have abandoned their carts without paying the deposit. The true number of preorders was likely to be even lower than the initial count.Customer Impact and Company ResponseTrump Mobile has stated that additional safeguards and monitoring measures are now in place, and it is "also evaluating any applicable notification obligations." The company advised customers to remain alert for any suspicious emails, calls or text messages regarding their orders, and emphasized that "Trump Mobile will not ask customers to provide payment information, passwords, or other sensitive information through unsolicited communications."Context of the Trump Mobile LaunchThe discovery coincided with Trump Mobile beginning to distribute its bespoke T1 smartphones after an almost 10-month delay and an about-face on the company's initial promise to manufacture the phones in the US. The Trump Mobile website now says the phones are "designed with American values in mind." Last week, the company's chief executive, Pat O'Brien, said the first T1 phones were assembled in the US and, moving forward, would use components "primarily manufactured" locally.O'Brien would not confirm how many preorders there had been and told USA Today that Trump Mobile was "incredibly pleased" with the interest in its products. He said the T1 phones were starting to be shipped to customers.

Canvas Reaches Agreement with Hackers to Purge Stolen Data Instructure, the parent company of the Canvas learning platform, announced that it has “reached an agreement with the unauthorized actor involved in this incident” to delete the data stolen in last week’s cyberattack that disrupted finals for students worldwide. Scope of the Breach: 9,000 Schools and 275 Million Records Affected 9,000 schools worldwide were threatened with data exposure. 275 million individuals’ personal information, including student IDs, email addresses, names and messages, were compromised. The hacking group ShinyHunters demanded a ransom by 6 May, later extending the deadline. Implications for U.S. Higher‑Education Operations and Cyber‑Risk Management The breach forced many U.S. colleges to lock out users, delay final exams and temporarily take Canvas offline, highlighting the platform’s central role in grading, coursework distribution and communication. Instructure’s chief information security officer Steve Proud confirmed that passwords, dates of birth, government IDs and financial data were not found in the stolen set, but the incident raised concerns about potential future publication of the data. What This Means for Future EdTech Security Strategies Instructure plans to work with “expert vendors” for forensic analysis, system hardening and a comprehensive review of the data involved. The company also received “digital confirmation” in the form of “shred logs” that the hackers destroyed remaining copies, though it acknowledged no absolute certainty of total erasure. Analysts suggest that the episode will push educational institutions to reassess vendor security contracts, invest in multi‑factor authentication and develop incident‑response playbooks tailored to large‑scale data breaches.

The Lead: Google's Android Show Unveils AI-Powered FutureGoogle's virtual "Android Show: I/O Edition" event revealed a comprehensive update to its Android ecosystem, featuring new hardware, AI enhancements, and user experience improvements. The announcements underscore Google's strategic focus on integrating its Gemini Intelligence across devices while expanding its hardware partnerships.Googlebooks: Redefining Laptops with AI at the CoreGoogle introduced Googlebooks, a new line of laptops designed from the ground up for Gemini Intelligence. The company is collaborating with major manufacturers including Acer, Asus, Dell, HP, and Lenovo to create these devices launching this fall. Googlebooks will feature "Magic Pointer" - a cursor with built-in Gemini capabilities, seamless integration with Android phones, and custom widget functionality.Vibe-Coded Widgets: Personalization Through Natural LanguageGoogle unveiled "Create My Widget," a feature allowing users to generate custom widgets using natural language descriptions. This innovation will first roll out on Samsung Galaxy and Google Pixel phones this summer. Users can simply describe what they want - such as "suggest three high-protein meal prep recipes every week" - to create personalized dashboard widgets that can be added and resized on their home screens.Android Auto: Enhanced Experience with Video SupportAndroid Auto is receiving a significant refresh with more personalization options, widgets, and an edge-to-edge interface adaptable to various screen shapes. Media apps like YouTube Music and Spotify are being redesigned for easier in-car use. Notably, Android Auto will support 60fps full HD video playback on YouTube in supported cars later this year, with BMW, Ford, Genesis, Hyundai, Kia, Mahindra, Mercedes-Benz, Renault, Škoda, Tata, and Volvo among the first manufacturers to implement this feature.Gemini Intelligence Expands Across Android EcosystemGoogle is broadening Gemini's presence across its platforms, with the assistant now capable of performing multistep functions across apps. Users can take a photo of an event flyer and ask Gemini to find that event on booking sites, or invoke the assistant with a grocery list to build a cart in their preferred shopping app. Gemini is also coming to Chrome on Android, allowing users to summarize content and ask questions about webpages, with an experimental auto-browse feature capable of completing tasks like booking tickets.Enhanced Security and Privacy FeaturesGoogle is expanding its default-on theft protections to all Android users globally. These features, including Remote Lock and Theft Detection Lock, will be enabled by default on new Android 17 devices, freshly reset devices, or those upgraded to the latest OS. The company is also reducing the number of PIN/password guess attempts a thief can make and increasing wait times between failed attempts. Additionally, Pixel users with Advanced Protection Mode now have access to Intrusion Logging to investigate suspected spyware attacks.The Future of Android: Seamless Integration and AI AssistanceGoogle's announcements signal a future where AI seamlessly integrates into daily tasks across devices. The company is working to break down barriers between platforms, with Quick Share expanding to work with iPhones from various manufacturers and a new iOS-to-Android transfer feature allowing users to import passwords, photos, messages, and more. The introduction of features like Rambler in Gboard, which converts speech to cleaned-up text by removing filler words, demonstrates Google's commitment to natural interaction with technology.