from the maybe-don’t-trust-them? dept

The folks at the National Center on Sexual Exploitation (NCOSE) have spent decades demonizing technology (and speech) they don’t understand, so it seems particularly ironic that they’re now getting benchslapped for allowing AI hallucinated citations in legal filings.

First, some background: NCOSE has gone through a few different branding phases, but for a long while were known as “Morality in Media,” an extraordinarily prudish and busybodyish entity that went around scolding retailers for offering magazines that showed models on the cover for being too sexy.

When they renamed themselves to NCOSE and started focusing on the internet (including the laughably false claim that any porn is a health issue and, now, that it’s a national security issue), they jumped on the anti-encryption and anti-Section 230 bandwagons, and politicians (including many Democratic ones who should have known better) quickly embraced the group under the false pretense that they actually were interested in ending sexual exploitation, rather than locking down the internet, and blocking any speech that acknowledges LGBTQ+ people exist.

Suffice it to say, the group is a far right, anti-sex, anti-speech, and anti-internet group, and it’s ridiculous that any politician supports them.

And now we can add to the list that their lawyers apparently can’t make it through a filing without fabricating citations — and then doubling down when caught. This came out in a convoluted case, in which NCOSE lawyers sued some Nevada brothels for supposedly exploiting women who chose to work there. It is possible that something bad happened in those places, but NCOSE apparently did themselves no favors by hiring a local lawyer whose AI-assisted work they were supposed to review — and then didn’t. Even worse, when the other side called out the hallucinated citations, NCOSE’s lawyers tried to attack the defendant and play down the hallucinations… in a filing with more hallucinated citations:

Let’s have Judge Andrew Gordon explain the basics:

Her briefs contained AI hallucinations. Despite Bistro pointing out these errors in its opposition, JD2 did not withdraw or correct her motion and her reply brief also contained misquotes. Bistro then filed a notice identifying the reply’s misquotes. About a month later, JD2 filed multiple errata, an amended motion for reconsideration, and an amended reply that purported to correct these errors, but the amended motion still contained AI hallucinations.

The order also suggests that NCOSE and the local lawyer they hired engaged in an awful lot of finger pointing and blame passing rather than, you know, doing actual lawyering. And then, once they were on notice of falsified filings, they… didn’t fix them. Indeed, NCOSE’s lawyers continued to rely on a hallucinated citation.

And thus, the defendants win their motion for sanctions, striking the falsified filings from the document, and denying the original request to reconsider an earlier ruling dismissing NCOSE’s exaggerated claims. The court notes that while it was the local lawyer who used the AI (and eventually admitted to doing so), the real problem is with NCOSE’s lawyers:

I have read Guinasso’s affidavit about the serious life events he was experiencing during the time frame of these violations, and I am sorry for his losses and the strain that must have put him under. But, as he acknowledges, that does not excuse the over-reliance on artificial intelligence without a human cite-checking the papers. I credit him for accepting responsibility and implementing procedures that hopefully preclude repeating this incident.

Although JD2’s motion and Guinasso’s declaration request that any sanctions fall solely on Guinasso, that is not appropriate here. There were six NCOSE attorneys on this case at the time. Additionally, the evidence before me shows that the NCOSE attorneys had some responsibility for cite checking. Although the errors may have begun with Guinasso, both Guinasso and Hirsch state that the NCOSE attorneys were supposed to double-check his citations. Moreover, Bistro’s opposition to the original motion for reconsideration should have put all attorneys on notice that there was an AI hallucination problem. Bistro devoted considerable space in its opposition to pointing out those errors, including that cases did not stand for the proposition cited, that quotations did not exist as cited, and that specific cited sources did not exist altogether. Rather than apologize and promptly fix the motion, JD2’s counsel minimized Bistro’s concerns and, in what is a bit of a pattern, criticized Bistro for attacking citation errors, calling Bistro’s concerns quibbling and distraction devices.

The NCOSE attorneys admit they were asked to review the original draft reply brief. That reply brief mentioned that Bistro had challenged citations in the motion for reconsideration. Despite being asked to review the reply brief, Hirsch stated at the hearing that the NCOSE attorneys had not read Bistro’s opposition brief, which is itself disturbing. Reading the draft reply brief should have tipped the NCOSE attorneys off to a potential problem. So laying all the blame on Guinasso’s shoulders for the initial errors is not warranted.

Moreover, Hirsch admits that she drafted the amended filings. The amended motion for reconsideration still contains two critical citation errors. It cites the Marcum case for a proposition that Marcum does not even address, much less stand for. And it cites the Cross case, which does not exist. These are not minor errors. JD2’s reconsideration motion rests in significant part on the argument that, under Nevada law, a contract procured through a threat is void, not voidable, and she cites Marcum and Cross for that proposition. Those errors remain uncorrected to this day, and the briefs with the offending AI hallucinations still have not been withdrawn. At the hearing, Hirsch stated that “even without those cases in there and without the premises that we said that they stood for, the substance of the motion is — stands and is still arguable.” But “[i]t is irrelevant that other cases may stand for the propositions asserted” because if other cases support the propositions, then it is the lawyer’s “responsibility to cite them.” Malkeet Lnu, 2026 WL 1587554, at *8. Moreover, later in the hearing, JD2’s new local counsel candidly admitted that he could locate no existing Nevada law that would support the reconsideration motions’ argument that duress makes a contract void rather than voidable. Thus, the failure to withdraw or correct these citations in the amended motion is significant.

So in the end, the judge orders the plaintiffs lawyers at NCOSE and the local counsel, Guinasso, to pay the defendant’s legal fees.

I also impose monetary sanctions in the form of Bistro’s reasonable attorney’s fees jointly and severally against the National Center on Sexual Exploitation and Guinasso Law, Ltd. Reasonable attorney’s fees are an appropriate sanction under both my inherent power and 28 U.S.C. § 1927. Goodyear Tire & Rubber Co. v. Haeger, 581 U.S. 101, 107 (2017) (inherent power); 28 U.S.C. § 1927 (“Any attorney . . . who so multiplies the proceedings in any case unreasonably and vexatiously may be required by the court to satisfy personally the excess costs, expenses, and attorneys’ fees reasonably incurred because of such conduct.”). “Citing even a single fake case can be sanctionable because no brief, pleading, motion, or any other paper filed in any court should contain any citations—whether provided by generative AI or any other source—that a lawyer has not personally read and verified.” Whiting, 170 F.4th at 461 (simplified)). Citing fake legal authority is not harmless. It wastes the other parties’ and the court’s resources trying to track down the nonexistent cases. Id. at 467 (“Citing fake cases unnecessarily burdens the court and the taxpayers, so courts can and should fine the offending lawyers to reimburse the court for its time.” (simplified)). And the burden it imposes on the opposing party and the court is lopsided because “[w]hile one party can create a fake legal brief at the click of a button, the opposing party and court must parse through the case names, citations, and points of law to determine which parts, if any, are true. As AI continues to proliferate, this creation-response imbalance places significant strain on the judicial system.” Ferris v. Amazon.com Servs., LLC, 778 F. Supp. 3d 879, 880-81 (N.D. Miss. 2025). To rectify that imbalance, an award of fees is warranted in this case.

For what it’s worth the NCOSE lawyers apparently also had tried to argue that the defendants legal fees were its own fault for not filing for sanctions earlier, and the court is (rightly) having none of it:

I reject JD2’s argument that Bistro’s fees are its own fault for not filing a Rule 11 motion. Bistro did not originally seek sanctions and instead was content to point out the errors in its response brief and let the original motion for reconsideration play out on the papers. It was JD2’s counsel who did not read the opposition brief that pointed out the errors, did not withdraw the briefs, decided to instead file the errata and amended briefs, did so without leave of court, left AI hallucinations in the new filings, and materially altered her briefs through a procedural mechanism that did not give Bistro an opportunity to respond to these changes. Despite acknowledging that the amended reconsideration motion still has AI hallucinations, JD2’s counsel has not withdrawn that document or moved to correct it to this day.

The next time NCOSE shows up at a Senate hearing — and they will, because nothing stops a well-funded moral panic lobby from getting a Senate invite — someone should slide this ruling across the dais. Senator Richard Blumenthal has treated NCOSE as a credible voice at KOSA hearings for years, despite ample evidence that the group cares far more about restricting speech than protecting anyone from exploitation. Now there’s a federal judge’s order explaining, in patient detail, that NCOSE’s lawyers fabricated citations, doubled down when caught, and filed corrected briefs that still contained fabrications. The fake cases are still in the record. The organization still hasn’t withdrawn them.

And yet this is who Blumenthal thinks you should trust in helping set internet policy for hundreds of millions of Americans.

Filed Under: ai, ai hallucinations, bad lawyering

Companies: ncose

The eastern US is the latest place to be hit with intense heat as the world plays a game of hot potato.

In the coming days, New York is expected to see temperatures rise to near 100 degrees Fahrenheit (38 degrees Celsius), but with humidity, it could feel more like 109 degrees Fahrenheit (43 degrees Celsius). Temperatures in other cities ranging from Detroit to Washington, DC, to Boston will see temperatures 20 degrees Fahrenheit above normal as the holiday weekend approaches.

The temperatures won’t be as high as they are in Phoenix. But this isn’t a dry heat; coupled with the humidity, anyone venturing outside is sure to experience roughly the equivalent of hanging out inside a dog’s mouth. Beyond the sheer grossness of hot, humid weather, there are also very serious health concerns.

Humidity hampers sweating—the most powerful tool the human body has to cool off. Sweat removes heat from the body by evaporating into the air, but this becomes less effective in humid conditions, when the atmosphere is already full of vaporized water. “When there’s high humidity, especially in a heat wave, it’s much more difficult for the body to physiologically cool off,” says Richard Allan, a climate scientist at the University of Reading.

The National Weather Service map of warnings is a patchwork of reds and pinks, with the agency raising extreme heat warnings and watches. While daytime highs will be eye-popping, overnight lows will be particularly problematic.

“Several days in a row of hot temperatures with little relief from overnight low temperatures can increase heat stress on the human body,” the NWS warned in its forecast.

That danger was underscored by New York mayor Zohran Mamdani, who wrote in a social post that New Yorkers should come up with a heat plan. First and foremost that means finding access to air conditioning, then checking on neighbors and people with illnesses that may make them susceptible to heat-related health issues.

The blast of extreme heat comes a week after Europe dealt with record-shattering temperatures. (The continent also saw blistering temperatures and high humidity in late May.) Burning fossil fuels has ensured that nearly every heat wave is more intense than it would’ve been in a preindustrial climate.

“The warming from rising greenhouse gases is clearly adding to global temperature, and that adds extra heat to the heat waves,” Allan says. “It promotes moderate heat to become extreme heat … These humid conditions may be more likely to be promoted into a hot, humid heat wave rather than just humid and warm.”

El Niño is another culprit that could be playing a role in this heat wave.

The natural climate phenomenon forms every few years in the tropical Pacific, but it affects weather around the world. That includes helping boost temperatures across the northern tier of the US and parts of Canada. El Niño was declared earlier this month, and it’s expected to be a particularly potent iteration that will only strengthen as summer goes on. With the hottest months still ahead, that means the odds are good that if you missed this chance to feel what it’s like inside a dog’s mouth, you’ll have plenty more chances.

With this funding, European researchers can test how their scientific work could impact society.

Four Irish-based researchers have won Proof of Concept grants from the European Research Council (ERC).

Funding for the first funding round this year is worth more than €27m, and is divided between 182 researchers with ideas that show potential for commercial or societal impact. Each individual grant is worth €150,000.

Some of the chosen ideas include developing 3D-printed ‘bio-inspired’ electronics, a tool to help doctors protect vital parts of the brain during surgery, and an advanced ready-made breast cancer vaccine.

University College Dublin (UCD) researcher Prof Niamh Nowlan received ERC funding to further her work around new treatments for a broad range of paediatric growth disorders.

Nowlan is a professor of biomedical engineering at the UCD School of Mechanical and Materials Engineering and a fellow of the UCD Conway Institute.

Her project, called ‘Grow-Reg’, will attempt to identify specific cell surface markers that aid in the growth of children’s bones, to help develop treatments designed to speed up or slow down growth of one or more bones without systemic drugs or surgeries.

“Advancing basic research closer to patients (especially babies and children) is hugely rewarding and we are excited to get started,” said Nowlan. Grow-Reg builds on a previous ERC-funded project led by Nowlan.

“By creating the foundation for a targeted delivery platform capable of modulating growth plate activity with high anatomical precision, we hope to ultimately enable new treatments for a broad range of paediatric growth disorders, reduce reliance on invasive surgery, and improve the safety and specificity of existing biologic therapies,” she said.

Meanwhile, two University of Galway research projects also succeeded in receiving Proof of Concept grants. Led by systems biomedicine professor Ines Thiele, ‘iChatRD’ aims to develop a user-centred clinical decision support system to diagnose rare and inherited metabolic diseases.

“When exploring avenues for translating our fundamental research on digital metabolic twins into patient-focused applications, we kept encountering a major challenge. The richest clinical information exists as free text – the language of a human, not of a computer,” Thiele said.

“iChatRD bridges this gap by enabling metabolic modelling and natural language work together to suggest candidate diagnoses for inherited metabolic diseases.

“The ERC Proof of Concept grant now helps us take iChatRD into the real world by working directly with clinicians to help shorten the diagnostic odyssey that may burden rare disease patients for years.”

The second Galway project, called ‘GelEV’, will focus on developing technology that could improve regenerative medicine delivery to injured tissue sites. Led by Meadhbh Brennan, the project is engineering a hyaluronic acid hydrogel for better delivery to extracellular vesicles.

University of Limerick also bagged a grant win with a project called ‘Eve Heals’ that hopes to heal diseases affecting the skin using in-vitro engineered living substitutes. The project is led by Dimitrios Zevgolis, who also works across institutes at UCD.

“Many of today’s innovations begin with a researcher asking a fundamental question. These 182 projects show that curiosity-driven science and real-world impact go hand-in-hand,” said Ekaterina Zaharieva, the European commissioner for start-ups, research and innovation.

“With Proof of Concept funding, ERC researchers can test how their discoveries could become new treatments, technologies, services or solutions that benefit people across Europe.”

2026’s first Proof of Concept round invited 15pc more proposals than a year ago, the ERC said. Applications for the second round are open, with a September deadline.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Business Email Compromise (BEC) is often described in the media as merely an email scam, but in reality, it’s part of an organized broad operation. The email itself is only one part of the attack chain. In order to support a successful monetization of email fraud, attackers need to be patient and learn about the procurement process in the organization, and to build or rent an entire infrastructure and operation. 

A single BEC often includes gaining access to their targeted business, gathering raw data, analyzing the mailbox context, building reliable communication channel, accessing t reliable payment infrastructure, orchestrating everything in the right timing, and finding a way to move money after it’s stolen.

Flare researchers sampled and analyzed underground posts related to BEC from the past year; Highlights of the findings include:

• AI-powered BEC is getting popular, reducing the learning time and increasing the scam “quality”.

• Actors are interested mainly in SaaS accounts (such as O365). Corporate leadership and financial employees are the most desired targets.

Advertisement

• There are special call centers designed to apply pressure on a targeted business to finalize the fraudulent payment. 

• Cash-out is the biggest bottleneck of BEC, hackers need to find relevant business bank accounts or cash-out partners which is relatively considered a difficult task. 

BEC Exceeds the Boundaries of Email

BEC begins with access to an organizational mailbox or a business SaaS account. Once in, the threat actors often analyze the account, then study and map the organization, mainly by understanding organizational structure and specifically financial privileges, procurement process, internal conversations, communication with vendors, and invoices.

After everything is collected, the threat actors can attempt to make a fraudulent request.

This is what makes BEC difficult to detect. A suspicious email from an unknown sender is one thing. But a message sent from a compromised mailbox, inside an existing conversation, using real names, real invoice references, and familiar wording is much harder for employees to question.

Unsurprisingly, Flare data shows that threat actors highly value email accounts of employees from the finance department, as they are tools to understand the financial operations.

Inside these accounts, the threat actors are looking for referenced accounts receivable, accounts payable, payrolls, invoices, overdue payments, and customer payment relationships. 

Case Study: Hacker Discussions on BEC

A thread named “Business Email Compromise (BEC) – Experiences & Discussion” created by a threat actor named Bigjack, in January 2026, clearly illustrates how this operation works.

Bigjack described how he is using remote access malware to gain initial access, then compromising company mailboxes and using them to send invoices. The actor’s questions focused less on the technical intrusion and more on the practical fraud aspects based on experience: 

• When to send the invoice

• How to create urgency

• How to ask for a large amount without raising suspicion

Advertisement

• What mailbox information should be reused

• What kind of proof can be provided if questioned

• Which mistakes can ruin the operation

The replies showed how other threat actors view BEC and therel experiences. One threat actor highlighted the significance of intercepting an invoice payment process. Another said that identifying who validates the payment requests and defrauding him is the most important aspect. Other threat actors’ emphasize the significance of cash-out, saying that reliable collaboration and support is the most critical aspect.

This single correspondence clearly depicts the mindset of threat actors regarding BEC. Threat actors learn from experience that they need to fully understand the procurement process (the right timing, the right pressure, the right financial context, and the right receiving account) before they can start sending effective fraudulent invoices.

The Cash-Out Part Is a Bottleneck

Monetization of BEC is nearly impossible without a reliable proper receiving account, so. threat actors connect to mule networks and use cash-out services. This is a hard task because the threat actors need to find a reliable, operational, “clean”, relevant bank account to finalize the fraud.

A threat actor named neoresu emphasizes that it’s not just the destination bank account, but also the person who validates the payment needs special care. He offered his services and also talked about using a call center to increase the success rate.

Another threat actor named “Capita” claimed to have operated BEC activity for six years in Europe (mainly in Germany, Finland, and Austria) and described using peer-to-peer money movement, and a call center to pressure companies into faster payments.

There are also posts that are looking to recruit money mules for a BEC scheme. Specifically involving business bank accounts, and fast money transfer.

Support Call Centers to Apply Pressure

Several posts also referenced calls as part of the BEC process. In the Bigjack thread, the actor asked when to call after sending the invoice, while another participant claimed to operate a call center used to pressure companies into faster payments.

This matters because BEC is not always email-only fraud. A follow-up call can make the request feel more legitimate and urgent. For defenders, a second channel should not be treated as proof of authenticity if the requester introduced or controlled that channel.

AI-Powered BEC Attacks

Underground discussions indicate that AI is increasingly being adopted to improve the effectiveness and scalability of BEC campaigns.

In the post below by blackhatpakistan, the threat actors describe using AI to generate realistic business correspondence, mimic executive and employee writing styles, and produce context-aware payment requests or invoice fraud emails that blend into legitimate communication.

Rather than relying on a single template, AI enables the creation of thousands of unique email variations, making campaigns more difficult for traditional content-based detection systems to identify.

Dedicated underground tools are also promoted for generating entire email conversation chains, allowing attackers to hijack existing business discussions and inject fraudulent payment requests with a higher degree of authenticity.

Practical Advices for Defenders

Underground discussions clearly show that we must increase BEC defenses.. The security posture should begin way long before the first fraudulent invoice arrives. What we’ve learned from attackers: 

• Attackers target specific personnel in the organization. Defenders must identify the potential targets and apply additional training to leadership, the financial department and whoever takes part in the procurement process.

Advertisement

• Attackers are now using AI-powered artifacts such as emails, invoices, documents, and messages. Defenders need to identify AI-generated content and deep-fake items.

• Attackers leverage dedicated call centers to pressure financial decision-makers and payment approvers into authorizing fraudulent transactions. Defenders should gather intelligence and learn what techniques these centers use to better educate their relevant employees.

• Attackers highlight the significance of specific points in time, waiting for approvers to be on vacation, as well as other tips to improve the success rate of their fraudulent activity. Defenders should learn about these special markers and apply further defense mechanisms during specific periods, such as employee vacations.

Flare helps by giving security teams visibility into these underground markets and by monitoring exposed employee credentials, corporate domains, login portals, SaaS applications, and related indicators across deep and dark web sources.

This allows organizations to detect when their access points appear in credential collections or search-service advertisements, prioritize the most relevant exposures, and respond faster with password resets, session revocation, MFA enforcement, and investigation of possible account misuse.

Learn more by signing up for our free trial.

Sponsored and written by Flare.

X is making it easier for AI assistants like Claude, Cursor, Grok Build, and other MCP-compatible apps to connect directly to the platform through a new hosted MCP server.

On Monday, the Elon Musk-owned social network unveiled a hosted Model Context Protocol (MCP) server that lets AI tools communicate with the X API using a user’s own account permissions.

MCP, for context, is an open standard that defines a common way for AI models to connect to external tools and services. Previously, if developers wanted an AI assistant like Claude or Cursor to access X, they would have to build their own MCP server, host it, connect to the X API, and handle the authentication. Now, X hosts the MCP, and users authenticate with their own X account’s permissions.

This allows developers to save the time spent on integration work to focus on whatever it is they’re actually building.

Developers have long been able to search X, read posts, look up users, analyze conversations and trends, and do more using the platform’s API. The hosted MCP doesn’t add new capabilities on that front; it just makes them easier to expose to AI applications. By doing so, X can position itself as an information network filled with real-time data to retrieve and analyze, rather than just a social hangout.

The move sees X joining a growing number of companies that now offer their own official MCP servers or endpoints, like GitHub, Slack, Notion, Stripe and Salesforce.

Of course, there’s always concern that by removing an infrastructure hurdle, X is opening itself up to more automated posting or spam.

It’s worth noting that the hosted MCP isn’t bypassing X’s API rules, which continue to restrict its use if the company detects spammy behavior.

X also updated its API v2 earlier this year to address the issue of AI-generated spam, particularly programmatic replies to conversations. Plus, it recently updated its API pricing, increasing the cost for publishing posts to $0.015, and posting links to $0.20. The price increases were designed to “curb vectors of misuse,” X said at the time — meaning it’s at least getting more expensive to spam X.