Database management work will soon be mostly automated by AI agents, just like coding, according to the CEO of Cockroach Labs, the company behind the distributed database of the same name.

Spencer Kimball told The Register that the proliferation of databases demanded by the explosion of AI agents in coding and business functions will mean that managing them in a largely manual way is out of the question.

“Nobody’s going to do manual work on a database, just like almost nobody’s doing manual coding anymore,” he said. “A lot of people don’t even know what’s within their code base anymore, like they only know the designs, specifications and guarantees. They’re still verifying the software, but in the end they’re just not down at the level of code, because it doesn’t make sense. It’s like nobody programs in Assembly,” he said.

Kimball is among the tech CEOs with the commensurate background in software engineering to make such statements. He helped build Google’s Colossus distributed file storage system and, as a computer science student at UC Berkely, developed FOSS image editor GIMP, which continues to this day.

In the time since, he has seen shifts in the level of abstraction before. “These cycles happen all the time. It’s pretty easy to see what’s coming next, because ultimately agents beyond coding are going to be increasingly complementing and supplementing human-driven workloads. They’re going to use tools, tools are using APIs, and APIs are talking to operational databases, every single one. If you think about the implications of this massive scale-up of traffic, it means that operational databases are going to get busier, and a lot busier. We’re talking about exponential scale-up,” he said.

Cockroach Labs is not the only database company to see the level of AI agent demand on the enterprise as an opportunity. It’s where many vendors are positioning themselves. For example, vector database vendor Pinecone’s idea is that by compiling a knowledge base of an organization’s data structure and content, its technology can avoid burning through tokens back and forth between the data and AI agents. Tiger Data, the company behind TimescaleDB, has built Ghost, a technology designed specifically for developers working with AI agents, charging by compute, rather than by database.

Cockroach Labs, whose customers include OpenAI, CoreWeave, Booking.com, and Cisco, is pitching the idea of an Agentic Database Cloud to address this demand. Among the elements will be elastic compute and storage separation, unified estate management, database virtualization and agentic operations. It expects to announce a product around this idea later this year.

Nonetheless, in database estates, Kimball expects AI agents to act in an advisory role to avoid disruptions to operations. “You can imagine, the enterprise isn’t eager to turn over the keys to production to an agent. These agents are a second pair of eyes,” he said.

To this end, Cockroach has been building its own agents to improve its operations and how it manages databases.

Kimball said it had built AI agents in a layered approach, giving agents sub tasks to perform and then allowing agents to manage those agents, and other agents that verify the approach taken.

“There’s all kinds of hand-offs, there’s agents that help with migrations, agents that help with slow queries, agents that can diagnose problems with clusters, because they’ve been given the institutional knowledge. For example, our entire Zendesk history for the last two years — every customer ticket, every issue, the resolutions — has been digested and cross-indexed. The agents we’re building are the engineering of the prompts, the handoffs and the quality control,” he said.

The “thinking” is done by foundation models, he said. “We have some open-source ones we use that are very, very fast and inexpensive. Those do more… prosaic and mundane tasks that you do a lot of, quickly.”

Kimball said Cockroach also uses proprietary models including OpenAI gpt-oss and Claude Opus.

“We’re trying to provide a replacement for a lot of human labor. We provide corporate ‘Artificial General Intelligence’ for database roles, that once you used to have to hire humans for, but you simply cannot do that at 10x the scale, much less 100x the scale. You have to find that way to get these agents to do extremely useful work, very consistently, at a level that is as good or increasingly better than humans. Frankly, there are things the agents can do that are so grungy you couldn’t hire a human to do it, such as constantly looking through log files, and investigating threads. It’s just too boring,” Kimball said.

As such, Cockroach expects to be able to increase the scope of its products and the number of customers it serves, but only modestly increase its workforce.

“You can do different things right now with your resources. You can try to scale the human teams, or you can figure out how to make the human teams more efficient, and that’s what we’re doing internally. Fundamentally, this is what we’re going to do for our customers, because if you anchor yourself to what’s possible today, then you might say, ‘Oh, the AI is not completely ready,’ but like the speed at which these things are changing makes it all but inevitable at some point in the near future,” he said.

Whether Cockroach’s vision will become reality or not, the database market will have to respond to AI in the enterprise, spending on which shows no sign of letting up. Nonetheless, if agents need databases, and databases need agents to manage them, maybe it’s going to be turtles all the way down. ®

American insurance giant Aflac has disclosed a new data breach after attackers breached its Japan subsidiary’s systems and stole personal and bank account information.

Aflac (short for American Family Life Assurance Company) is a Fortune 500 company and the largest supplemental insurance provider in the United States, serving millions of customers in the U.S. and Japan.

In a filing with the U.S. Securities and Exchange Commission (SEC) on Monday, the company revealed that threat actors gained access to Aflac Japan’s systems earlier this month.

“On June 30, 2026, Aflac Life Insurance Japan Ltd. (“Aflac Japan”), a wholly owned subsidiary of Aflac Incorporated, a Georgia corporation (the “Company”), issued a press release announcing that, on June 25, 2026, Aflac Japan discovered an unauthorized third-party had unlawfully accessed certain of Aflac Japan’s systems between June 15, 2026 and June 25, 2026,” the insurance company said.

“Upon identifying the unlawful access, Aflac Japan promptly took steps designed to contain the incident and prevent further intrusion, including suspending certain systems. Notwithstanding the suspension of certain systems, Aflac Japan continues to serve its policyholders as it responds to this incident.”

Aflac is now investigating the incident with the help of external cybersecurity experts and has revealed that the threat actors have gained access to some sensitive information stored on the affected systems.

The company has alerted Japanese authorities to the incident and will notify affected individuals of the data breach.

“Although the investigation remains ongoing, Aflac Japan has determined that certain impacted files contain policy and coverage details, personal information, and bank account information. Aflac Japan has notified the Japan Financial Services Agency and other relevant authorities, and intends to provide appropriate notifications to individuals affected by this incident.

“This incident is limited to systems in Japan, the Company’s systems related to its U.S. business were not accessed by the unauthorized third-party. At this time, the full scope and potential ultimate impact on the Company are not known.”

An Aflac spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.

One year ago, Aflac disclosed another data breach amid a broader campaign targeting insurance companies across the United States, saying that the attackers may have gained access to documents containing sensitive information about customers, beneficiaries, employees, agents, and other individuals.

While Aflac didn’t attribute last year’s breach to a specific threat group, the incident had all the signs of a Scattered Spider attack.

Scattered Spider (also tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra) was also behind breaches at Erie Insurance and Philadelphia Insurance Companies (PHLY), part of the same wave of attacks.

They’ve also previously partnered with other ransomware operations, such as Qilin, RansomHub, and DragonForce, and their list of victims includes MGM Resorts, DoorDash, Caesars, MailChimp, Twilio, Coinbase, Riot Games, and Reddit.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

A malicious extension in the Chrome Web Store is masquerading as the Perplexity AI answer engine, intercepting search traffic and collecting browsing information.

Called “Search for perplexity ai,” the extension routed search queries and real-time suggestions through its infrastructure before redirecting users to the legitimate search services.

Microsoft Threat Intelligence researchers said that the extension did not steal credentials or other sensitive information but its permissions would easily allow it if the operator decided to extend the scope of the data theft.

Fake Perplexity AI extension

Perplexity AI is a research assistant that searches the web and synthesizes the information in a direct, conversational response instead of showing a list of links for the user to access to find their answer.

Perplexity AI is available on the web, on mobile (Android and iOS), and as a desktop app, and its official Chrome extension is named “Perplexity – AI Search.”

The fake extension that Microsoft spotted uses similar branding and the domain “perplexity-ai[.]online,” instead of the legitimate perplexity.ai.

Once installed, it changes the browser’s search settings to replace the default search provider and to pass all address-bar queries through the attacker’s infrastructure.

“The extension overrides browser search settings through chrome_settings_overrides to replace the browser default search provider as well as intercept and redirect all queries in a Chromium browser’s Omnibox to an intermediary infrastructure not associated with the official vendor domain,” explains Microsoft.

This level of data collection is not accidental, based on the logging code Microsoft found on the extension’s server, which indicates intentional design.

The extension also requests Chrome permissions that allow redirections, URL rewriting, and monitoring when rules execute.

“The extension requests powerful DNR permissions that enable traffic redirection, URL rewriting, and selective request filtering, which aren’t consistent with expected AI assistant behavior,” the researchers mention.

Even though Microsoft found no evidence that the extension targeted credentials, its confirmed data collection routines still allowed for extensive profiling, creating potential avenues for exploitation.

Those who installed the extension with the ID “flkebkiofojicogddingbdmcmkpbplcd” should remove it from their browser and rotate their critical account passwords out of an abundance of caution.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Advertisement

Get the whitepaper

WhatsApp is a cross-platform messaging service that uses the same internet data plan you use for email and web browsing, there is no cost to message and stay in touch with your friends. In addition to basic messaging WhatsApp users can create groups, send each other unlimited images, video and audio media messages.

If you are into trying new features you can also download the latest WhatsApp Beta version for Android.

Can WhatsApp read my messages?

No, WhatsApp cannot read your messages because it uses end-to-end encryption, meaning only you and the recipient can access the content of your chats. However, WhatsApp does collect metadata such as your phone number, device info, and usage patterns.

Is WhatsApp free?

Yes, WhatsApp is free to use. There are no subscription fees for messaging, voice calls, or video calls. You only need an internet connection (Wi-Fi or mobile data) to use the app. Your mobile carrier may charge for data usage if you’re not on Wi-Fi.

Can I use WhatsApp on a PC without my phone?

WhatsApp Web and the desktop app require an initial connection to your phone for setup. After linking, they can function independently for a limited time. However, for full functionality and to maintain end-to-end encryption, periodic reconnection with your phone is necessary.

How can I format text in WhatsApp messages?

WhatsApp supports text formatting using specific characters:

• Bold: Wrap text with asterisks (*).
• Italic: Wrap text with underscores (_).
• Strikethrough: Wrap text with tildes (~).
• Monospace: Wrap text with backticks (‘).

Features

• No hidden costs: Once you and your friends download the application, you can use it to chat as much as you want. Send a million messages a day to your friends for free! WhatsApp uses your Internet connection: 3G/EDGE or Wi-Fi when available.
• Multimedia: Send Video, Images, and Voice notes to your friends and contacts.
• Group Chat: Enjoy group conversations with your contacts. Add or Remove group participants, change group subject and set a group icon.
• Personal: Set a profile photo which will be shown to all your contacts
• No international charges: Just like there is no added cost to send an international email, there is no cost to send WhatsApp messages internationally. Chat with your friends all over the world as long as they have WhatsApp Messenger installed and avoid those pesky international SMS costs.
• Say no to pins and usernames: Why even bother having to remember yet another PIN or username? WhatsApp works with your phone number, just like SMS would, and integrates flawlessly with your existing phone address book.
• No need to log in/out: No more confusion about getting logged off from another computer or device. With push notifications WhatsApp is always on and always connected.
• No need to add buddies: Your Address Book is used to automatically connect you with your contacts. Your contacts who already have WhatsApp Messenger will be automatically displayed under Favorites, similar to a buddy list.
• Offline Messages: Even if you miss your push notifications or turn off your iPhone, WhatsApp will save your messages offline until you retrieve them during the next application use.
• And much more: Share location and places, Exchange contacts, Custom wallpaper, Custom notification sounds, Landscape mode, Message timestamps, Email chat history, Broadcast messages and media to many contacts at once, and much much more.

About new privacy policy

We’ve heard from so many people how much confusion there is around our recent update. There’s been a lot of misinformation causing concern and we want to help everyone understand our principles and the facts.

WhatsApp was built on a simple idea: what you share with your friends and family stays between you. This means we will always protect your personal conversations with end-to-end encryption, so that neither WhatsApp nor Facebook can see these private messages. It’s why we don’t keep logs of who everyone’s messaging or calling. We also can’t see your shared location and we don’t share your contacts with Facebook.

With these updates, none of that is changing. Instead, the update includes new options people will have to message a business on WhatsApp, and provides further transparency about how we collect and use data. While not everyone shops with a business on WhatsApp today, we think that more people will choose to do so in the future and it’s important people are aware of these services. This update does not expand our ability to share data with Facebook.

We’re now moving back the date on which people will be asked to review and accept the terms. No one will have their account suspended or deleted on February 8. We’re also going to do a lot more to clear up the misinformation around how privacy and security works on WhatsApp. We’ll then go to people gradually to review the policy at their own pace before new business options are available on May 15.

WhatsApp helped bring end-to-end encryption to people across the world and we are committed to defending this security technology now and in the future. Thank you to everyone who has reached out to us and to so many who have helped spread facts and stop rumors. We will continue to put everything we have into making WhatsApp the best way to communicate privately.

What’s New

New Feature Roundup: Free up space, multiple accounts, cross-platform transfer and more

Over time, our chats become a record of the moments that matter: conversations with family, laughs with friends, the photos and videos we couldn’t stop sharing. To help you make the most of all of it, we’re rolling out new ways to make WhatsApp even easier to use – whether you’re staying organized, juggling work and personal, or getting more out of every chat.

Free up space, keep what matters: As your chats fill up, so can the clutter. Now you can find and delete large files directly within any chat, so you can clear what you don’t need without wiping your entire conversation. Simply tap the chat name and select Manage Storage. You can also choose to clear just media files when clearing a chat – keeping your chat history intact.

Cross-platform chat transfer made easy: Our chat transfer feature now supports moving your chat history from iOS to Android, in addition to within the same platform. Changing phones shouldn’t be complicated. Now, with just a couple taps, your conversations, photos, and videos easily come with you.

Two accounts, one phone – now on iOS: You can now have two WhatsApp accounts logged in at the same time on iOS – just like on Android. No more carrying two phones to keep work and personal separate. You’ll always know which account you’re in because your profile picture will now be visible in the bottom tab.

Stickers that match your mood: Stickers can bring bigger, bolder expressions to your chats – and now WhatsApp will make it easier to use them by suggesting them as you type emojis. With just a tap, you can swap an emoji for a sticker that captures exactly how you’re feeling.

Photo touch-ups with Meta AI: You can now use Meta AI to touch up photos directly in your chat before sending, making it easy to remove something distracting, swap in a new background, or apply a fun style. Meta AI features may not be available to all users.

AI Writing Help is even more useful: Writing Help can now draft a suggested response based on your conversation, so you can get your message just right – all while keeping your chats completely private.

WhatsApp’s Latest Privacy Protection: Strict Account Settings

At WhatsApp, we think you should be able to have a private conversation online, just like you would in-person. We will always defend that right to privacy for everyone, starting with default end-to-end encryption. But we also know that a few of our users – like journalists or public-facing figures – may need extreme safeguards against rare and highly-sophisticated cyber attacks.

That’s why today we’re announcing a new, lockdown-style feature called Strict Account Settings.

If you turn this on, certain account settings will lock to the most restrictive settings, and it will limit how your WhatsApp works in some ways, like blocking attachments and media from people not in your contacts. You can enable Strict Account Settings – which is rolling out gradually over the coming weeks – by going to Settings > Privacy > Advanced.

Strict Account Settings is one of many ways we’re working to protect you from the most sophisticated of cyber threats. We’ve also rolled out a programming language called Rust behind the scenes to help keep your photos, videos, and messages safe from things like spyware, so you can share and chat with confidence. To go deeper in the tech, click here.

Level Up Your WhatsApp Group Chats With New Member Tags, Text Stickers, and More

It’s a new year and a great time for some upgrades to your group chats. Group chats on WhatsApp make it easier to stay connected with the people in your life no matter what device they own – whether it’s sharing New Year’s resolutions, preparing for that special celebration you have coming up, or planning to win your football league.

Today, we’re introducing new features that make staying connected and expressing yourself in group chats even better.

Member tags: We all wear different hats and sometimes you want to give that more context in a group chat. Now you can give yourself a tag that tells the group what your role is, and can be customized for each group you’re in. So you can be “Anna’s Dad” in one group, and “Goalkeeper” in another.

Text stickers: For the messages you want to really stand out, you can now turn any word into a sticker by typing your text into Sticker Search. You can also add newly created stickers directly to your sticker packs instead of having to send them in a chat first.

Event reminders: Now when you create and send an event in your group chat you can set custom early reminders for your invitees. This helps everyone remember to commute to the party you’re hosting or hop on the call at the right time, depending on the event type.

These new updates join a bunch of great features we’ve launched over the years to bring groups closer together – like sharing large files up to 2GB, HD media, screen sharing, voice chats, and more. We believe WhatsApp offers the best group chat experience, and we’re committed to making it even better.

Get the Tone of Your Message Right with Private Writing Help

Sometimes you know what you want to say, but just need a little help with how to say it.

That’s why today we’re introducing Writing Help. It’s our latest AI feature powered by Private Processing that keeps your messages completely private. You can review the suggestions from AI in various styles such as professional, funny, or supportive that you can select or continue editing to deliver that perfect message.

To use Writing Help, just start drafting your message in a 1:1 or group chat, and tap the new pencil icon.

Is this really private?

Yes. Writing Help is built on top of Private Processing technology, which allows you to leverage Meta AI to generate a response without Meta or WhatsApp ever reading your message or the suggested re-writes.

For those interested in learning more about the technical details behind Private Processing, we invite you to read our engineering blog and technical white paper that explains how this and other features we’re building work. From the start, we worked with our peers in the security community to stress-test and validate the architecture of Private Processing to help us continue to harden it. Today, independent researchers at NCC Group and Trail of Bits published their audit reports on the steps we’ve taken to evolve this privacy-preserving technology.

As always, we believe that you should be in control of your experience on WhatsApp. That’s why using Private Processing features like Writing Help and Message Summaries are optional and are off by default.

Writing Help is rolling out in the English language, starting with the United States and several other countries. We hope to bring it to other languages and countries later this year.

Catch up on conversations with Private Message Summaries

We’ve all been there – rushing between meetings, catching up after a flight without Wi-Fi, or simply having too many chats to catch up on. Sometimes, you just need to quickly catch up on your messages. That’s why we’re excited to introduce Message Summaries, a new option that uses Meta AI to privately and quickly summarize unread messages in a chat, so you can get an idea of what is happening, before reading the details in your unread messages.

How it works

Message Summaries uses Private Processing technology, which allows Meta AI to generate a response without Meta or WhatsApp ever seeing your messages or the private summaries. No one else in the chat can see that you summarized unread messages either. This means your privacy is protected at all times. For those interested in learning more about the technical details behind Private Processing, we invite you to read our engineering blog and technical whitepaper.

You’re in control

At WhatsApp, we believe that you should always be in control of your experience. That’s why using Private Processing features like Message Summaries is optional and they are off by default. You can choose whether or not to use them, and can use Advanced Chat Privacy to select which chats can be shared for AI features.

Message Summaries is rolling out in the English language to people in the United States and we hope to bring it to other languages and countries later this year.

Helping you Find More Channels and Businesses on WhatsApp

Today we’re introducing some new features for our Updates tab, which is home to both Channels and Status. We’ve worked over the last two years to make this tab the place for you to discover something new on WhatsApp and it’s now used by 1.5 billion people a day. We’re encouraged by the enthusiasm and also want to help admins, organizations, and businesses grow on WhatsApp.

We’re going to do this in three ways:

• Channel subscriptions: You’ll be able to support your favorite channel by subscribing to receive exclusive updates for a monthly fee.
• Promoted Channels: We’ll help you discover new channels that might be interesting to you when you’re looking through the directory. For the first time, admins have a way to increase their Channel’s visibility.
• Ads in Status: You’ll be able to find a new business and easily start a conversation with them about a product or service they’re promoting in Status.

These new features will appear only on the Updates tab, away from your personal chats. This means if you only use WhatsApp to chat with friends and loved ones there is no change to your experience at all.

Ads built with privacy in mind

Like everything we do at WhatsApp, we’ve built these features in the most private way possible. Your personal messages, calls, and statuses remain end-to-end encrypted, meaning no one (not even us) can see or hear them.

To show ads in Status or Channels you might care about, we’ll use limited info like your country or city, language, the Channels you’re following, and how you interact with the ads you see. For people that have chosen to add WhatsApp to Accounts Center, we’ll also use your ad preferences and info from across your Meta accounts.

We will never sell or share your phone number to advertisers. Your personal messages, calls and groups you are in will not be used to determine the ads you may see.

We’ve been talking about our plans to build a business that does not interrupt your personal chats for years and we believe the Updates tab is the right place for these new features to work. For businesses and Channel admins looking to get started, more information about how to do so is here.

Voice Chat on WhatsApp: Audio Hangouts for groups of all sizes

Whether it’s a nail-biting football game, a dramatic season finale or sharing some big news, sometimes you need to talk it out with those available at that moment. That’s why we’re bringing voice chat to groups of all sizes so you can connect live over audio whenever, without having to leave your group chat or switch to a call, that people in your group can hop into whenever they want.

Previously available only for large groups, now anyone in your group can start a voice chat by going to the bottom of your chat, swiping up and holding for a few seconds. Starting a voice chat doesn’t notify or ring anyone, so that people can join and leave the hangout whenever. The voice chat stays pinned to the bottom of your chat so you can easily access call controls, while new members can join when they want and see who else has already.

As always, WhatsApp protects your voice chats alongside your personal calls and messages with end-to-end encryption by default.

Introducing Advanced Chat Privacy: Enhanced Protection for Your Most Sensitive Conversations

The foundation of privacy on WhatsApp is that your personal messages and calls are protected by end-to-end encryption so that only the sender and recipient can see, listen to or share them. From there, we’ve built multiple layers of privacy, like disappearing messages and chat lock, that take privacy one step further.

Today we’re introducing our latest layer for privacy called “Advanced Chat Privacy.” This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy.

When the setting is on, you can block others from exporting chats, auto-downloading media to their phone, and using messages for AI features. That way everyone in the chat has greater confidence that no one can take what is being said outside the chat.

WhatsApp groups are increasingly an extension of our real world networks, some of which are far closer than others. We think this feature is best used when talking with groups where you may not know everyone closely but are nevertheless sensitive in nature, like talking about health challenges in a support group or organizing your community about something important to you.

You can turn this on by tapping the chat name, then tapping on Advanced Chat Privacy. This is the first version of this feature and we’re planning to add more to it so that it will eventually include even more protections.

This new setting is rolling out to everyone on the latest version of WhatsApp.

Turn Up the Volume: Add Music to Your WhatsApp Status

WhatsApp Status has always been a way to share life’s moments with friends and family – but what’s a moment without the perfect soundtrack? Now, you can do exactly that by adding music to your Status updates.

When creating a Status, you’ll now see a music note icon at the top of your screen. Tap it, and you’ll unlock a library of songs to pick from – whether it’s today’s top hits, something new, or the earworm that’s stuck in your head. Choose the exact part of the song that fits your moment – up to 15 seconds for a photo and up to 60 seconds for a video.

Our library has millions of songs to choose from. Your Status is end-to-end encrypted so WhatsApp can’t see what you share, and we don’t know which songs you add to your Status.

We’re rolling this out globally and expanding over the next few weeks. Get ready to drop the beat, one update at a time.

Introducing Voice Message Transcripts

Sending a voice message makes connecting with friends and family even more personal. There’s something special about hearing your loved one’s voice even when you’re far away. Though sometimes, you’re on the move, in a loud place, or you receive a long voice message that you just can’t stop and listen.

For those moments we’re excited to introduce voice message transcripts. Voice messages can be transcribed into text to help you keep up with conversations no matter what you’re doing.

Transcripts are generated on your device so that no one else, not even WhatsApp, can hear or read your personal messages.

To get started, go to Settings > Chats > Voice message transcripts to easily turn transcriptions on or off and select your transcript language. You can transcribe a voice message by long pressing on the message and tapping on ‘transcribe’. We’re excited to build on this experience and make it even better and more seamless.

Transcripts are rolling out globally over the coming weeks with a few select languages to start though we plan to add more over the coming months. You can learn more about how they work and which languages are currently supported by clicking here.

Making it Easier to Add and Manage Contacts

What’s more important than sending a message? It’s the person you’re sending it to, of course. Today we’re making it easier to privately add and manage your contacts on WhatsApp, from any device you may be using.

Until now, the only place you were able to add contacts was from your mobile device, by either typing in a phone number or scanning a QR code. Soon, you’ll be able to add and manage contacts from the comfort of your keyboard on WhatsApp Web and Windows – and eventually other linked devices.

We’re also introducing a new choice to save a contact exclusively to WhatsApp. These WhatsApp contacts are ideal for when you are sharing your phone with others or if you want to separate personal and business contacts when managing more than one WhatsApp account on your phone.

Contacts you save to WhatsApp will be restored in case you ever lose your phone or change devices.

These updates will also make it possible to eventually manage and save contacts by usernames. Usernames on WhatsApp will add an extra degree of privacy so that you don’t need to share your phone number when messaging someone. Today’s just one crucial step to making that reality possible and we’ll have more to share when it’s ready.

Meta AI on WhatsApp – Now Multilingual, More Creative and Smarter

As Meta AI continues to improve with new useful features and languages, we’re excited to bring this helpful and creative assistant to more countries starting today.

Continued International Expansion

Meta AI can help you with answers, ideas and inspiration. It’s now available in 22 countries, with the newest additions rolling out now including Argentina, Chile, Colombia, Ecuador, Mexico, Peru and Cameroon in several new languages including French, German, Hindi, Italian, Portuguese and Spanish with more to come.

Imagine Edit

We are also making it easier to create your ideal image with Meta AI by making it possible to easily change and edit an image, including adding or removing objects within it. To start, type “imagine” to describe your image and then respond to what Meta AI provides by asking it to add, subtract, or animate the image to your liking. Imagine Edit is available in English at first, with more languages coming soon.

Imagine Yourself

If you’ve ever wondered what you might look like as a superhero, or wanted to try out different hair or outfits – you can now imagine yourself doing just about anything. Simply type “Imagine me” in chats with Meta AI to get started. After a quick set up, you’ll be able to add a prompt like “Imagine me in a retro pink and green ski outfit” and Meta AI will generate an image of you in that personalized scene. You can reset or delete your setup photos at any time. This is available in beta in the U.S. for now, with more languages and countries coming soon.

We are excited to continue to share new capabilities and advancements from Meta AI with more and more people on WhatsApp. As always, your personal messages and calls remain end-to-end encrypted, meaning not even WhatsApp or Meta can see or listen to them. The team is working on improving responses to Meta AI rapidly and introduces improvements every two weeks. We would love to hear from you, and see how Meta AI has helped you be more creative and expressive. Tag us on Threads and share what you’ve imagined.

Choose your favorites on WhatsApp

Focusing on your favorites just got a lot easier on WhatsApp. Starting today, you can quickly find the people and groups that matter most at the top of your calls tab and as a filter for your chats.

Whether it’s your family group chat or your best friend, your ‘favorites’ will be the same across your chats and calls, so you can speed dial them from your calls tab too.

To add to your ‘favorites’:

• From your chats screen, select the ‘favorites’ filter, and select your contacts or groups there.
• From the calls tab, tap ‘Add favorite’ and select your contacts or groups.
• Or, simply manage your ‘favorites’ in your settings by going to Settings > Favorites > Add to Favorites, and you can reorder them at any time.

We’re rolling out to users today, and will be available to everyone in the coming weeks.

Better calling across desktop and mobile

Since we brought Calling to WhatsApp back in 2015, we’ve continued to improve it with the introduction of group calls, video calls, and multi-platform support.

Today we have several updates that will make calls across your devices even bigger and better, rolling out over the next few weeks:

• Screen sharing with audio: Ideal for watching videos together, now when you share your screen, you can share your audio too
• More participants: Now you can have up to 32 people on a video call across all your devices
• Speaker spotlight: Easily see who’s talking with the speaker automatically highlighted and appearing first on screen

We also remain relentlessly focused on audio and video quality, for clearer calls no matter where you are. We recently launched MLow codec which improves call reliability. Calls made on mobile devices benefit from improved noise and echo cancellation, making it easier to have calls in noisy environments, and video calls have higher resolution for those with faster connections. Audio is crisper overall, even if you have poor network connectivity or are using an older device. You can read more about the MLow codec and listen to the difference in audio quality here.

We’ll continue making improvements to calling on WhatsApp so you can make the best quality, private calls wherever you are in the world.

Previous Release Notes:

• Moments happen fast, share them faster with video notes.

Voice messages just got more private

We introduced View Once for photos and videos back in 2021 to add another layer of privacy to your messages. Today, we’re excited to announce you can now send a voice message that will disappear once listened to.

For reading out your credit card details to a friend, or when you’re planning a surprise, you can now also share sensitive information over voice message with added peace of mind. For consistency with View Once photos and videos, View Once voice messages are clearly marked with the “one-time” icon and can only be played one time.

As with all your personal messages, WhatsApp protects your voice messages with end-to-end encryption by default, and View Once is just another example of our continued privacy innovation.

View Once voice messages are rolling out globally over the coming days, and we look forward to your feedback. See more information on how they work here.

Multiple Accounts Coming to WhatsApp

What’s better than having a WhatsApp account? Well, of course it’s having two.

Today, we’re introducing the ability to have two WhatsApp accounts on Android logged in at the same time. Helpful for switching between accounts – such as your work and personal – now you no longer need to log out each time, carry two phones or worry about messaging from the wrong place.

To set up a second account, you will need a second phone number and SIM card, or a phone that accepts multi-SIM or eSIM. Simply open your WhatsApp settings, click on the arrow next to your name, and click “Add account”. You can control your privacy and notification settings on each account.

As a reminder, only use the official WhatsApp and don’t download imitations or fake versions as a way of getting more accounts on your phone. Your messages are only secure and private when using the official WhatsApp.

How to lock chats in WhatsApp

On Android and iPhone, you can turn on the chat lock feature to password protect your most personal chats. In order to read or send messages, you’ll need to unlock your chats using device authentication, such as your phone passcode, Face ID or fingerprint. These chats will be kept separate from your other chats in a Locked chats folder.

• When chats are locked, the notification content and contact are hidden. The notification will show as WhatsApp: 1 new message.
• To help keep media private, you’ll have to turn chat lock off to save media to your phone’s gallery.
• Group chats and muted chats can also be locked.
• Calls won’t be locked. A call from a locked chat contact or group will still appear.
• When you turn on chat lock from your phone, it will lock chats on that phone only. If you have other devices linked to WhatsApp, such as a desktop computer, the chats on those linked devices won’t be locked.
• If you use the backup and restore feature on WhatsApp, your locked chats will still be locked once you restore to a new phone. To access your locked chats you will need to have device authentication (fingerprint or Face ID) set up first.
• When you turn on chat lock, the person you’re chatting with won’t know you’ve locked the chat.
• If you want to lock an archived chat, you’ll need to unarchive it first, then lock it.

Turn on chat lock

You can turn chat lock off or on within the chat’s info for each chat you want to lock. If you don’t have your device authentication set up yet, such as your phone passcode, fingerprint or Face ID, you’ll be prompted to set it up before locking a chat.

How to turn on chat lock:

• Tap chat info > Chat lock.
• Tap Lock this chat with fingerprint or Lock This Chat with Face ID.
• Tap View to see the chat in the Locked chats folder.

View your locked chats

You can view your locked chats in the Locked chats folder.

How to view your locked chats:

• Go to the Chats tab and swipe down.
• Tap the Locked chats folder.
• Confirm your Face ID or touch the fingerprint sensor to unlock.
• Tap the chat to view or send a message.

Turn off chat lock

You can turn off chat lock in the chat’s info.

How to turn off chat lock:

• Tap chat info > Chat lock.
• Toggle off and confirm your fingerprint or Face ID.

How to edit messages in WhatsApp

You can edit any message up to 15 minutes after sending, and it’ll update for everyone in the chat. Edited messages will have the word “edited” next to the timestamp.

If you aren’t on the latest version of WhatsApp you’ll see, “This message was edited for everyone in this chat on the latest version of WhatsApp.” Update your app to see edited messages.

1. Select a message
2. Then click Menu (three dots) > Edit message.
3. Edit your message.
4. Click the checkmark when you’re finished with your update.

Note:

• There is a 15 minute time limit for editing messages.
• Editing a message won’t send a new chat notification to people in your chat.
• You can’t edit photos, videos, or other types of media.

You can edit any message up to 15 minutes after sending, and it’ll update for everyone in the chat. Edited messages will have the word “edited” next to the timestamp.

If you aren’t on the latest version of WhatsApp you’ll see, “This message was edited for everyone in this chat on the latest version of WhatsApp.” Update your app to see edited messages.

1. Select a message
2. Then click Menu (three dots) > Edit message.
3. Edit your message.
4. Click the checkmark when you’re finished with your update.

Note:

• There is a 15 minute time limit for editing messages.
• Editing a message won’t send a new chat notification to people in your chat.
• You can’t edit photos, videos, or other types of media.

British tech company Nothing is gearing up to launch the next two devices in its ever-expanding product portfolio on July 7. In the phone category, Nothing is set to launch the Phone 4B, the successor to the Phone 4A, which it just announced in March. Meanwhile in audio, its newest offering will be the Ear 3A — likely its next pair of in-ear headphones, building on the success of the Ear 3.

Nothing teased the Phone 4B launch last week, then confirmed over the weekend that the phone was on its way, and gave us a series of pictures and a bunch of details to whet our appetites for the upcoming launch. The company’s phone strategy is very much focused on only releasing one major flagship phone every other year, but delivering a range of budget and mid-range alternatives in the interim.

The upcoming Phone 4B, pictured in blue, has a unibody design that Nothing says is both strong and smooth. The Glyph Bar, which was also on the Phone 4A, will now flash with live updates, and the phone will come with a slimmed-down version of its predecessor’s transparent bump.

On Tuesday, Nothing said it will also launch the Ear 3A on the same day as the Phone 4B. In a teaser image, the company listed four colors — white, black, yellow and pink — presumably letting us know the shades it’s chosen for the upcoming buds.

Nothing has always had a distinct design language that differentiates from its comparatively bland competitors in the Android phone market, which since the company’s inception has been defined by its transparency. But throughout 2026, we’ve seen the company increasingly experiment with color — particularly blue, pink and yellow.

Nothing’s Chief Brand Officer Charlie Smith told me back in March at Mobile World Congress that the company’s embrace of color is an important part of its culture of “rebellious creativity.” “If we want to make technology fun,” Smith said, “we can’t do that by things just being gray, black and white.”

The Phone 4A’s pale pink hue was one of CNET Editor at Large Andrew Lanxon’s favorite things about the phone when he reviewed it back in May. “It’s a fun color that doesn’t take itself too seriously — and that’s refreshing,” he said. “Would I like to see the next model go eye-meltingly magenta? Absolutely.”

On its Ear 3A teaser post, the company has included some brighter tones, but the blue Phone 4B looks very similar in color to the blue iteration of the Phone 4A. Bolder tones for the headphones would make sense, especially given that the launch tag line on Nothing’s website describes them as “your new party pill.”

With July 7 just one week away, we don’t have long to wait to find out exactly what that means.

from the maybe-don’t-trust-them? dept

The folks at the National Center on Sexual Exploitation (NCOSE) have spent decades demonizing technology (and speech) they don’t understand, so it seems particularly ironic that they’re now getting benchslapped for allowing AI hallucinated citations in legal filings.

First, some background: NCOSE has gone through a few different branding phases, but for a long while were known as “Morality in Media,” an extraordinarily prudish and busybodyish entity that went around scolding retailers for offering magazines that showed models on the cover for being too sexy.

When they renamed themselves to NCOSE and started focusing on the internet (including the laughably false claim that any porn is a health issue and, now, that it’s a national security issue), they jumped on the anti-encryption and anti-Section 230 bandwagons, and politicians (including many Democratic ones who should have known better) quickly embraced the group under the false pretense that they actually were interested in ending sexual exploitation, rather than locking down the internet, and blocking any speech that acknowledges LGBTQ+ people exist.

Suffice it to say, the group is a far right, anti-sex, anti-speech, and anti-internet group, and it’s ridiculous that any politician supports them.

And now we can add to the list that their lawyers apparently can’t make it through a filing without fabricating citations — and then doubling down when caught. This came out in a convoluted case, in which NCOSE lawyers sued some Nevada brothels for supposedly exploiting women who chose to work there. It is possible that something bad happened in those places, but NCOSE apparently did themselves no favors by hiring a local lawyer whose AI-assisted work they were supposed to review — and then didn’t. Even worse, when the other side called out the hallucinated citations, NCOSE’s lawyers tried to attack the defendant and play down the hallucinations… in a filing with more hallucinated citations:

Let’s have Judge Andrew Gordon explain the basics:

Her briefs contained AI hallucinations. Despite Bistro pointing out these errors in its opposition, JD2 did not withdraw or correct her motion and her reply brief also contained misquotes. Bistro then filed a notice identifying the reply’s misquotes. About a month later, JD2 filed multiple errata, an amended motion for reconsideration, and an amended reply that purported to correct these errors, but the amended motion still contained AI hallucinations.

The order also suggests that NCOSE and the local lawyer they hired engaged in an awful lot of finger pointing and blame passing rather than, you know, doing actual lawyering. And then, once they were on notice of falsified filings, they… didn’t fix them. Indeed, NCOSE’s lawyers continued to rely on a hallucinated citation.

And thus, the defendants win their motion for sanctions, striking the falsified filings from the document, and denying the original request to reconsider an earlier ruling dismissing NCOSE’s exaggerated claims. The court notes that while it was the local lawyer who used the AI (and eventually admitted to doing so), the real problem is with NCOSE’s lawyers:

I have read Guinasso’s affidavit about the serious life events he was experiencing during the time frame of these violations, and I am sorry for his losses and the strain that must have put him under. But, as he acknowledges, that does not excuse the over-reliance on artificial intelligence without a human cite-checking the papers. I credit him for accepting responsibility and implementing procedures that hopefully preclude repeating this incident.

Although JD2’s motion and Guinasso’s declaration request that any sanctions fall solely on Guinasso, that is not appropriate here. There were six NCOSE attorneys on this case at the time. Additionally, the evidence before me shows that the NCOSE attorneys had some responsibility for cite checking. Although the errors may have begun with Guinasso, both Guinasso and Hirsch state that the NCOSE attorneys were supposed to double-check his citations. Moreover, Bistro’s opposition to the original motion for reconsideration should have put all attorneys on notice that there was an AI hallucination problem. Bistro devoted considerable space in its opposition to pointing out those errors, including that cases did not stand for the proposition cited, that quotations did not exist as cited, and that specific cited sources did not exist altogether. Rather than apologize and promptly fix the motion, JD2’s counsel minimized Bistro’s concerns and, in what is a bit of a pattern, criticized Bistro for attacking citation errors, calling Bistro’s concerns quibbling and distraction devices.

The NCOSE attorneys admit they were asked to review the original draft reply brief. That reply brief mentioned that Bistro had challenged citations in the motion for reconsideration. Despite being asked to review the reply brief, Hirsch stated at the hearing that the NCOSE attorneys had not read Bistro’s opposition brief, which is itself disturbing. Reading the draft reply brief should have tipped the NCOSE attorneys off to a potential problem. So laying all the blame on Guinasso’s shoulders for the initial errors is not warranted.

Moreover, Hirsch admits that she drafted the amended filings. The amended motion for reconsideration still contains two critical citation errors. It cites the Marcum case for a proposition that Marcum does not even address, much less stand for. And it cites the Cross case, which does not exist. These are not minor errors. JD2’s reconsideration motion rests in significant part on the argument that, under Nevada law, a contract procured through a threat is void, not voidable, and she cites Marcum and Cross for that proposition. Those errors remain uncorrected to this day, and the briefs with the offending AI hallucinations still have not been withdrawn. At the hearing, Hirsch stated that “even without those cases in there and without the premises that we said that they stood for, the substance of the motion is — stands and is still arguable.” But “[i]t is irrelevant that other cases may stand for the propositions asserted” because if other cases support the propositions, then it is the lawyer’s “responsibility to cite them.” Malkeet Lnu, 2026 WL 1587554, at *8. Moreover, later in the hearing, JD2’s new local counsel candidly admitted that he could locate no existing Nevada law that would support the reconsideration motions’ argument that duress makes a contract void rather than voidable. Thus, the failure to withdraw or correct these citations in the amended motion is significant.

So in the end, the judge orders the plaintiffs lawyers at NCOSE and the local counsel, Guinasso, to pay the defendant’s legal fees.

I also impose monetary sanctions in the form of Bistro’s reasonable attorney’s fees jointly and severally against the National Center on Sexual Exploitation and Guinasso Law, Ltd. Reasonable attorney’s fees are an appropriate sanction under both my inherent power and 28 U.S.C. § 1927. Goodyear Tire & Rubber Co. v. Haeger, 581 U.S. 101, 107 (2017) (inherent power); 28 U.S.C. § 1927 (“Any attorney . . . who so multiplies the proceedings in any case unreasonably and vexatiously may be required by the court to satisfy personally the excess costs, expenses, and attorneys’ fees reasonably incurred because of such conduct.”). “Citing even a single fake case can be sanctionable because no brief, pleading, motion, or any other paper filed in any court should contain any citations—whether provided by generative AI or any other source—that a lawyer has not personally read and verified.” Whiting, 170 F.4th at 461 (simplified)). Citing fake legal authority is not harmless. It wastes the other parties’ and the court’s resources trying to track down the nonexistent cases. Id. at 467 (“Citing fake cases unnecessarily burdens the court and the taxpayers, so courts can and should fine the offending lawyers to reimburse the court for its time.” (simplified)). And the burden it imposes on the opposing party and the court is lopsided because “[w]hile one party can create a fake legal brief at the click of a button, the opposing party and court must parse through the case names, citations, and points of law to determine which parts, if any, are true. As AI continues to proliferate, this creation-response imbalance places significant strain on the judicial system.” Ferris v. Amazon.com Servs., LLC, 778 F. Supp. 3d 879, 880-81 (N.D. Miss. 2025). To rectify that imbalance, an award of fees is warranted in this case.

For what it’s worth the NCOSE lawyers apparently also had tried to argue that the defendants legal fees were its own fault for not filing for sanctions earlier, and the court is (rightly) having none of it:

I reject JD2’s argument that Bistro’s fees are its own fault for not filing a Rule 11 motion. Bistro did not originally seek sanctions and instead was content to point out the errors in its response brief and let the original motion for reconsideration play out on the papers. It was JD2’s counsel who did not read the opposition brief that pointed out the errors, did not withdraw the briefs, decided to instead file the errata and amended briefs, did so without leave of court, left AI hallucinations in the new filings, and materially altered her briefs through a procedural mechanism that did not give Bistro an opportunity to respond to these changes. Despite acknowledging that the amended reconsideration motion still has AI hallucinations, JD2’s counsel has not withdrawn that document or moved to correct it to this day.

The next time NCOSE shows up at a Senate hearing — and they will, because nothing stops a well-funded moral panic lobby from getting a Senate invite — someone should slide this ruling across the dais. Senator Richard Blumenthal has treated NCOSE as a credible voice at KOSA hearings for years, despite ample evidence that the group cares far more about restricting speech than protecting anyone from exploitation. Now there’s a federal judge’s order explaining, in patient detail, that NCOSE’s lawyers fabricated citations, doubled down when caught, and filed corrected briefs that still contained fabrications. The fake cases are still in the record. The organization still hasn’t withdrawn them.

And yet this is who Blumenthal thinks you should trust in helping set internet policy for hundreds of millions of Americans.

Filed Under: ai, ai hallucinations, bad lawyering

Companies: ncose

The eastern US is the latest place to be hit with intense heat as the world plays a game of hot potato.

In the coming days, New York is expected to see temperatures rise to near 100 degrees Fahrenheit (38 degrees Celsius), but with humidity, it could feel more like 109 degrees Fahrenheit (43 degrees Celsius). Temperatures in other cities ranging from Detroit to Washington, DC, to Boston will see temperatures 20 degrees Fahrenheit above normal as the holiday weekend approaches.

The temperatures won’t be as high as they are in Phoenix. But this isn’t a dry heat; coupled with the humidity, anyone venturing outside is sure to experience roughly the equivalent of hanging out inside a dog’s mouth. Beyond the sheer grossness of hot, humid weather, there are also very serious health concerns.

Humidity hampers sweating—the most powerful tool the human body has to cool off. Sweat removes heat from the body by evaporating into the air, but this becomes less effective in humid conditions, when the atmosphere is already full of vaporized water. “When there’s high humidity, especially in a heat wave, it’s much more difficult for the body to physiologically cool off,” says Richard Allan, a climate scientist at the University of Reading.

The National Weather Service map of warnings is a patchwork of reds and pinks, with the agency raising extreme heat warnings and watches. While daytime highs will be eye-popping, overnight lows will be particularly problematic.

“Several days in a row of hot temperatures with little relief from overnight low temperatures can increase heat stress on the human body,” the NWS warned in its forecast.

That danger was underscored by New York mayor Zohran Mamdani, who wrote in a social post that New Yorkers should come up with a heat plan. First and foremost that means finding access to air conditioning, then checking on neighbors and people with illnesses that may make them susceptible to heat-related health issues.

The blast of extreme heat comes a week after Europe dealt with record-shattering temperatures. (The continent also saw blistering temperatures and high humidity in late May.) Burning fossil fuels has ensured that nearly every heat wave is more intense than it would’ve been in a preindustrial climate.

“The warming from rising greenhouse gases is clearly adding to global temperature, and that adds extra heat to the heat waves,” Allan says. “It promotes moderate heat to become extreme heat … These humid conditions may be more likely to be promoted into a hot, humid heat wave rather than just humid and warm.”

El Niño is another culprit that could be playing a role in this heat wave.

The natural climate phenomenon forms every few years in the tropical Pacific, but it affects weather around the world. That includes helping boost temperatures across the northern tier of the US and parts of Canada. El Niño was declared earlier this month, and it’s expected to be a particularly potent iteration that will only strengthen as summer goes on. With the hottest months still ahead, that means the odds are good that if you missed this chance to feel what it’s like inside a dog’s mouth, you’ll have plenty more chances.

With this funding, European researchers can test how their scientific work could impact society.

Four Irish-based researchers have won Proof of Concept grants from the European Research Council (ERC).

Funding for the first funding round this year is worth more than €27m, and is divided between 182 researchers with ideas that show potential for commercial or societal impact. Each individual grant is worth €150,000.

Some of the chosen ideas include developing 3D-printed ‘bio-inspired’ electronics, a tool to help doctors protect vital parts of the brain during surgery, and an advanced ready-made breast cancer vaccine.

University College Dublin (UCD) researcher Prof Niamh Nowlan received ERC funding to further her work around new treatments for a broad range of paediatric growth disorders.

Nowlan is a professor of biomedical engineering at the UCD School of Mechanical and Materials Engineering and a fellow of the UCD Conway Institute.

Her project, called ‘Grow-Reg’, will attempt to identify specific cell surface markers that aid in the growth of children’s bones, to help develop treatments designed to speed up or slow down growth of one or more bones without systemic drugs or surgeries.

“Advancing basic research closer to patients (especially babies and children) is hugely rewarding and we are excited to get started,” said Nowlan. Grow-Reg builds on a previous ERC-funded project led by Nowlan.

“By creating the foundation for a targeted delivery platform capable of modulating growth plate activity with high anatomical precision, we hope to ultimately enable new treatments for a broad range of paediatric growth disorders, reduce reliance on invasive surgery, and improve the safety and specificity of existing biologic therapies,” she said.

Meanwhile, two University of Galway research projects also succeeded in receiving Proof of Concept grants. Led by systems biomedicine professor Ines Thiele, ‘iChatRD’ aims to develop a user-centred clinical decision support system to diagnose rare and inherited metabolic diseases.

“When exploring avenues for translating our fundamental research on digital metabolic twins into patient-focused applications, we kept encountering a major challenge. The richest clinical information exists as free text – the language of a human, not of a computer,” Thiele said.

“iChatRD bridges this gap by enabling metabolic modelling and natural language work together to suggest candidate diagnoses for inherited metabolic diseases.

“The ERC Proof of Concept grant now helps us take iChatRD into the real world by working directly with clinicians to help shorten the diagnostic odyssey that may burden rare disease patients for years.”

The second Galway project, called ‘GelEV’, will focus on developing technology that could improve regenerative medicine delivery to injured tissue sites. Led by Meadhbh Brennan, the project is engineering a hyaluronic acid hydrogel for better delivery to extracellular vesicles.

University of Limerick also bagged a grant win with a project called ‘Eve Heals’ that hopes to heal diseases affecting the skin using in-vitro engineered living substitutes. The project is led by Dimitrios Zevgolis, who also works across institutes at UCD.

“Many of today’s innovations begin with a researcher asking a fundamental question. These 182 projects show that curiosity-driven science and real-world impact go hand-in-hand,” said Ekaterina Zaharieva, the European commissioner for start-ups, research and innovation.

“With Proof of Concept funding, ERC researchers can test how their discoveries could become new treatments, technologies, services or solutions that benefit people across Europe.”

2026’s first Proof of Concept round invited 15pc more proposals than a year ago, the ERC said. Applications for the second round are open, with a September deadline.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Business Email Compromise (BEC) is often described in the media as merely an email scam, but in reality, it’s part of an organized broad operation. The email itself is only one part of the attack chain. In order to support a successful monetization of email fraud, attackers need to be patient and learn about the procurement process in the organization, and to build or rent an entire infrastructure and operation. 

A single BEC often includes gaining access to their targeted business, gathering raw data, analyzing the mailbox context, building reliable communication channel, accessing t reliable payment infrastructure, orchestrating everything in the right timing, and finding a way to move money after it’s stolen.

Flare researchers sampled and analyzed underground posts related to BEC from the past year; Highlights of the findings include:

• AI-powered BEC is getting popular, reducing the learning time and increasing the scam “quality”.

• Actors are interested mainly in SaaS accounts (such as O365). Corporate leadership and financial employees are the most desired targets.

Advertisement

• There are special call centers designed to apply pressure on a targeted business to finalize the fraudulent payment. 

• Cash-out is the biggest bottleneck of BEC, hackers need to find relevant business bank accounts or cash-out partners which is relatively considered a difficult task. 

BEC Exceeds the Boundaries of Email

BEC begins with access to an organizational mailbox or a business SaaS account. Once in, the threat actors often analyze the account, then study and map the organization, mainly by understanding organizational structure and specifically financial privileges, procurement process, internal conversations, communication with vendors, and invoices.

After everything is collected, the threat actors can attempt to make a fraudulent request.

This is what makes BEC difficult to detect. A suspicious email from an unknown sender is one thing. But a message sent from a compromised mailbox, inside an existing conversation, using real names, real invoice references, and familiar wording is much harder for employees to question.

Unsurprisingly, Flare data shows that threat actors highly value email accounts of employees from the finance department, as they are tools to understand the financial operations.

Inside these accounts, the threat actors are looking for referenced accounts receivable, accounts payable, payrolls, invoices, overdue payments, and customer payment relationships. 

Case Study: Hacker Discussions on BEC

A thread named “Business Email Compromise (BEC) – Experiences & Discussion” created by a threat actor named Bigjack, in January 2026, clearly illustrates how this operation works.

Bigjack described how he is using remote access malware to gain initial access, then compromising company mailboxes and using them to send invoices. The actor’s questions focused less on the technical intrusion and more on the practical fraud aspects based on experience: 

• When to send the invoice

• How to create urgency

• How to ask for a large amount without raising suspicion

Advertisement

• What mailbox information should be reused

• What kind of proof can be provided if questioned

• Which mistakes can ruin the operation

The replies showed how other threat actors view BEC and therel experiences. One threat actor highlighted the significance of intercepting an invoice payment process. Another said that identifying who validates the payment requests and defrauding him is the most important aspect. Other threat actors’ emphasize the significance of cash-out, saying that reliable collaboration and support is the most critical aspect.

This single correspondence clearly depicts the mindset of threat actors regarding BEC. Threat actors learn from experience that they need to fully understand the procurement process (the right timing, the right pressure, the right financial context, and the right receiving account) before they can start sending effective fraudulent invoices.

The Cash-Out Part Is a Bottleneck

Monetization of BEC is nearly impossible without a reliable proper receiving account, so. threat actors connect to mule networks and use cash-out services. This is a hard task because the threat actors need to find a reliable, operational, “clean”, relevant bank account to finalize the fraud.

A threat actor named neoresu emphasizes that it’s not just the destination bank account, but also the person who validates the payment needs special care. He offered his services and also talked about using a call center to increase the success rate.

Another threat actor named “Capita” claimed to have operated BEC activity for six years in Europe (mainly in Germany, Finland, and Austria) and described using peer-to-peer money movement, and a call center to pressure companies into faster payments.

There are also posts that are looking to recruit money mules for a BEC scheme. Specifically involving business bank accounts, and fast money transfer.

Support Call Centers to Apply Pressure

Several posts also referenced calls as part of the BEC process. In the Bigjack thread, the actor asked when to call after sending the invoice, while another participant claimed to operate a call center used to pressure companies into faster payments.

This matters because BEC is not always email-only fraud. A follow-up call can make the request feel more legitimate and urgent. For defenders, a second channel should not be treated as proof of authenticity if the requester introduced or controlled that channel.

AI-Powered BEC Attacks

Underground discussions indicate that AI is increasingly being adopted to improve the effectiveness and scalability of BEC campaigns.

In the post below by blackhatpakistan, the threat actors describe using AI to generate realistic business correspondence, mimic executive and employee writing styles, and produce context-aware payment requests or invoice fraud emails that blend into legitimate communication.

Rather than relying on a single template, AI enables the creation of thousands of unique email variations, making campaigns more difficult for traditional content-based detection systems to identify.

Dedicated underground tools are also promoted for generating entire email conversation chains, allowing attackers to hijack existing business discussions and inject fraudulent payment requests with a higher degree of authenticity.

Practical Advices for Defenders

Underground discussions clearly show that we must increase BEC defenses.. The security posture should begin way long before the first fraudulent invoice arrives. What we’ve learned from attackers: 

• Attackers target specific personnel in the organization. Defenders must identify the potential targets and apply additional training to leadership, the financial department and whoever takes part in the procurement process.

Advertisement

• Attackers are now using AI-powered artifacts such as emails, invoices, documents, and messages. Defenders need to identify AI-generated content and deep-fake items.

• Attackers leverage dedicated call centers to pressure financial decision-makers and payment approvers into authorizing fraudulent transactions. Defenders should gather intelligence and learn what techniques these centers use to better educate their relevant employees.

• Attackers highlight the significance of specific points in time, waiting for approvers to be on vacation, as well as other tips to improve the success rate of their fraudulent activity. Defenders should learn about these special markers and apply further defense mechanisms during specific periods, such as employee vacations.

Flare helps by giving security teams visibility into these underground markets and by monitoring exposed employee credentials, corporate domains, login portals, SaaS applications, and related indicators across deep and dark web sources.

This allows organizations to detect when their access points appear in credential collections or search-service advertisements, prioritize the most relevant exposures, and respond faster with password resets, session revocation, MFA enforcement, and investigation of possible account misuse.

Learn more by signing up for our free trial.

Sponsored and written by Flare.