Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Well, well, well. Last month we noted that Judge Kathleen Williams had agreed to reopen the incredibly sketchy case where Donald Trump (as President of the United States) sued his own IRS (which he controls) for $10 billion because a contractor (who was caught, tried, convicted, and is currently serving his sentence) had leaked tax information on thousands of the country’s wealthiest people, including Trump, to the media. When Judge Williams had initially called out the problems of the lawsuit (namely that there didn’t seem to be any cause or controversy, given that both sides were controlled by Donald Trump), the Trump-controlled Justice Department lead by Acting Attorney General Todd Blanche “settled” the case by setting aside a $1.776 billion fund for MAGA faithful as well as signing an “agreement” that said the IRS could never go after Donald Trump, his companies, or his family for past tax code violations.
This needs to be repeated, because it’s almost impossible to comprehend the sheer audacity of the corruption. Donald Trump sued his own government, asking for $10 billion. Then he had his own government “settle” the case with himself, granting him a massive benefit (which many argued was worth over $100 million, based on back taxes he might owe). It’s just an astounding level of graft. While the judge initially suggested there wasn’t much she could do about it, after some former judges sent a letter calling the whole thing a fraud on the court, Judge Williams agreed to reopen and revisit the matter.
And has she ever.
The 56-page ruling is pretty harsh against the lawyers involved, though they well deserve it.
In the very first paragraph of the Complaint, Plaintiffs introduce their claims stating, “President Trump served as the 45th President of the United States, and is the 47th President of the United States.” (DE 1 ¶ 1). They then go on to state that “President Trump brings this suit in his personal capacity.” (Id.) After a review of the record, and the Parties’ statements, the Court declines to adopt or accept the credulous exercise of divorcing President Trump’s current job title from an understanding of what happened here.
But perhaps the most startling misstatement advanced by Plaintiffs is their characterization of this case as “ordinary.” (DE 89 at 9). The Parties here are not private actors to a mine-run dispute, recounting their proficiency in the art of the deal they negotiated. Lead Plaintiff and Defendants are public servants—the pinnacle of the Executive Branch—sworn to uphold the law, faithfully perform the duties of their office, and protect the interests of the American public. The issue before the Court is whether, instead, they ignored ethical norms, court rules, and legal authority to manipulate the judicial process. The issue is whether they did so to gild their efforts to gain unprecedented access to the public fisc with the patina of legitimacy. There is nothing “ordinary” about this case; it is the very definition of sui generis.
The court also calls out, in a footnote, the absolute chutzpah of Donald Trump’s lawyers, who whine that the former judges who got her to reopen the case only did so for “political motivations.”
Plaintiffs also—with no apparent sense of irony—criticize the non-party movants’ political motivations, their previous disinterest in the case, and their purported inappropriate promotion of “abstract grievance[s].”
The judge then goes through a detailed analysis of why parties are supposed to be adversarial to each other to get into court, and the problems that occur if that’s not the case. And also notes that courts can investigate if the parties are truly adversarial. And here, it’s not even close.
The Complaint purports to present a controversy between Plaintiffs—President Donald J. Trump, Donald J. Trump Jr., Eric Trump, and the Trump Organization, LLC— and Defendants—the Internal Revenue Service and United States Treasury Department—claiming Defendants caused Plaintiffs reputational and financial harm for which they now seek “at least $10,000.000,000.00.” (DE 1 ¶ 11; Id. at 26). At first glance, the Complaint seemingly satisfies Article III by establishing causes of action “arising under . . . the laws of the United States[.]” U.S. CONST. ART. III, § 2. However, closer examination reveals that a justiciable case or controversy is absent; Plaintiffs and Defendants are not adverse because one party controls this litigation. See Muskrat, 219 U.S. at 361 (noting that judicial power only extends to “actual controversies arising between adverse litigants[.]”). In reaching this conclusion, the Court determines that Plaintiffs improperly employed this lawsuit to justify a particular award in this matter—access to taxpayer funds and exemption from audits and other investigations—which was accomplished by leveraging control over Defendants.
The judge also points to the Supreme Court’s recent ruling in the Slaughter case that the president has basically full control to fire heads of agencies as further proof:
Here, Defendants are the Treasury Department—an Executive agency—and the IRS, the largest bureau of the Treasury Department. Both Defendants are unquestionably part of the Executive Branch and ultimately answer to its Chief Executive, President Trump. President Trump’s authority to appoint and remove federal officers as he sees fit is evidence of his ability to exercise control over Defendants. See U.S. CONST. ART. II, § 2. Article II explicitly states that “[t]he President shall . . . appoint . . . all Other Officers of the United States, whose Appointments are not herein otherwise provided for[.]” Id.; see also Cunningham v. Neagle, 135 U.S. 1, 63 (1890) (noting that the ministerial officers are marshals of the United States who are “appointed by the president,” and are “removable from office at his pleasure[.]”). While the Constitution strategically allows “individual executive officials” to “wield significant authority,” such “authority remains subject to the ongoing supervision and control of the elected President.” Seila Law LLC, 591 U.S. at 200; see also Br. for Pet’r at 10, Trump v. Slaughter, 609 U.S. __ (2026) (No. 25-332) (“Article II requires that the President control all executive power—especially the authority wielded by agency heads, who are ‘the most important’ of the President’s subordinates and who ‘must be the President’s alter ego[s]’ in their agencies.”) (citing Myers, 272 U.S. at 133); id. at 2 (“Removal is the President’s indispensable tool of control.”). President Trump’s supervisory authority directly implicates two key individuals acting on behalf of Defendants: Scott Bessent, 22 the Secretary of the Treasury Department and Acting Commissioner of the IRS, and Frank J. Bisignano, 23 the Chief Executive Officer of the IRS. Plaintiffs cannot argue before the Supreme Court that Executive Branch actors “unquestionably exercise[] executive power, and must therefore be controlled by the Chief Executive[,]” Slaughter, 609 U.S. at 27, and then here, argue that the Parties are sufficiently adverse to establish an actual case or controversy.
Secretary Bessent, in particular, is subject to President Trump’s actual and direct control in both of his representative roles. First, as Secretary of the Treasury Department, Bessent is a member of President Trump’s cabinet. In this role, Secretary Bessent is “the President’s alter ego” in the matters of the Treasury Department “where the President is required by law to exercise authority.” Myers, 272 U.S. at 133. Consequently, Bessent is under President Trump’s direct control as an appointed member of his cabinet.
While the parties in this case pretended they were adverse to each other, Judge Williams points out that the DOJ’s actions in court do not match up with what you would expect the DOJ to do in any similar case from someone who was not the president, pointing to a different case — one that Trump’s lawyers had suggested showed that this case was legit.
Plaintiffs seem to suggest that the course of litigation in Griffin, supports their position on adverseness, claiming that the plaintiff in Griffin asserted “substantially identical allegations against the same defendants, arising from the same course of conduct by the same individual.” …. unlike this case, the Griffin defendants challenged the plaintiff’s allegations…. In Griffin, the defendants (the same IRS and Treasury Department sued here) contested the plaintiff’s privacy act claims by arguing preemption and, alternatively, the plaintiff’s failure to plead actual damages. Id. The Griffin defendants also challenged the section 7431 claim, arguing the complaint was a shotgun pleading based solely on conclusory allegations. Id. After the motion to dismiss was granted in part and denied in part, the government filed an answer asserting a sovereign immunity defense and denying several allegations in the amended complaint….
[….]
Considering the brief chronology, the silent docket, and Defendants’ deviation from basic litigation strategies pursued in similar cases, the Court must conclude that Defendants chose not to “advance an interpretation of the law as the position of the United States that contravenes” President Trump’s opinion regarding this lawsuit. See Executive Order § 7. It is clear that obeisance to the mandate of his Executive Order has been fulfilled by Defendants’ actions (or more accurately, inaction) in this case. Therefore, not only does the Executive Order demonstrate President Trump’s espoused control over Defendants’ conduct generally in litigation, it also demonstrates President Trump’s actual control in this litigation.
The judge also goes after Todd Blanche for claiming that there was no way for the court to review the “settlement” agreement, noting that they could have easily submitted it to the court for the judge to review:
The Court is extremely troubled by the testimony given by Acting Attorney General Blanche on May 19, 2026. In response to why the “settlement agreement” had not been submitted to this Court for review, he stated that “there is no judge” because the case had been dismissed and, therefore, there was “no mechanism” for reviewing the agreement. See supra note 13. While temporally accurate, this answer is, at best, misleading and, at worst, disingenuous. The Court was available to review any pleading by any Party at any time during this lawsuit. And if Acting Attorney General Blanche had thought the dismissal was improvidently granted or thought Plaintiffs misspoke when they said, “no judicial analysis is appropriate,” (DE 52 at 2), he only had to file an appearance and ask for relief.
And then there’s sketchiness of the lawyers involved in the case:
The Court’s conclusion regarding the Parties’ shared interest is also underscored by the circumstances surrounding the execution of the “settlement agreement.” First, the “settlement agreement” is signed on behalf of Plaintiffs by Daniel Epstein (“Mr. Epstein”), a former White House Senior Associate Counsel and Special Assistant to President Trump from 2017 until 2020. Notably, Mr. Epstein was never counsel of record in this case; the Complaint’s signature block identified him as counsel41 for Plaintiffs but represented that his pro hac vice application was “forthcoming.” (DE 1 at 27). Since no such application was filed with the Court, and since, in other matters pending in Florida and elsewhere, Mr. Epstein sought pro hac admission within weeks of filing the complaint, the Court can only surmise that Mr. Epstein was aware that he would never need to appear and litigate the merits of Plaintiffs’ claims.
That’s on “Plaintiff Donald Trump’s side.” As for “Defendant Donald Trump” well…
Second, the “settlement agreement” is signed on behalf of Defendants by Stanley Woodward, Jr., the current Associate Attorney General at the DOJ, and Acting Attorney General Blanche. Before he went to the DOJ, Associate Attorney General Woodward represented several individuals charged in connection with the events of January 6, 2021, at the United States Capitol.43 He also represented Walt Nauta, who was President Trump’s personal aide and a co-defendant in the criminal matter involving the return of classified documents at Mar-a-Lago.44 Before his appointment to the DOJ, Acting Attorney General Blanche served as President Trump’s personal criminal defense attorney in several high-profile matters. See, e.g., United States v. Trump, No. 23-cr80101 (S.D. Fla. 2023) (“Mar-a-Lago Documents Case”); United States v. Trump, No. 23-cr-00257 (D.D.C. 2023) (the criminal case charging President Trump with conspiring to overturn the 2020 election and for attempting to obstruct with the election’s results before, during, and after January 6, 2021); People v. Donald J. Trump, No. 71543-23 (N.Y. Sup. Ct. N.Y. Cnty. Dec. 3, 2024) (the “hush money” case that raised allegations of President Trump falsifying business records).
The court points out that ethics rules for lawyers in Florida discuss conflict-of-interest concerns regarding lawyers who work in government and for private parties, and make it clear that government lawyers should avoid being involved in cases that might appear to benefit former clients — as obviously is happening here. The judge wonders why these government lawyers did not recuse themselves due to the obvious conflict. She even cites, in a footnote, the claim by the Justice Department that Blanche would recuse himself from any cases involving Trump:
As a Justice Department spokeswoman stated: “[Blanche] is recused from many cases before DOJ. In any cases that are still ongoing where he previously represented someone, he is recused.” Id. In this case, however, notwithstanding his prior representation of President Trump, Blanche did not recuse.
The court also suggests that the “get out of IRS jail free” card “settlement” violates the emoluments clause of the Constitution:
Moreover, the conferral of possibly millions of dollars in tax relief and corollary benefits potentially violates Article II, Section I of the United States Constitution, a limitation surely known by former White House Counsel and the current Acting Attorney General. See U.S. CONST. art. II, § 1, cl. 7: “The President shall, at stated Times, receive for his Services, a Compensation, which shall neither be encreased nor diminished during the Period for which he shall have been elected, and he shall not receive within that Period any other Emolument from the United States, or any of them.”53 No sitting President has ever sued federal agencies completely subject to his control for monetary benefits, or any benefits that inure to him, his family, and associates. The failure of any attorney in this case to address, on this docket, the relationship of this Article II proscription with the benefits conferred by the “settlement” is a glaring omission that speaks to the control of the Lead Plaintiff.
Similarly, Todd Blanche then going before Congress to say the MAGA slush fund was dead also raises alarms, given that if he were truly representing the government independent of Donald Trump, and this was part of a negotiated settlement, wouldn’t both parties need to “agree” to adjust the “settlement”? The fact that Blanche unilaterally declared the fund dead highlights how this was one side negotiating with itself.
Another signal that adverseness was absent was Acting Attorney General Blanche’s unilateral repudiation and severance of the purported “Anti-Weaponization Fund” associated with this lawsuit. Two weeks after the dismissal, in testimony before the House of Representatives, Acting Attorney General Blanche conceded that the DOJ was “not moving forward with the fund, period.” Acting Attorney General Blanche’s decision, which has not been memorialized or adopted by Plaintiffs or their lawyers, demonstrates his confidence that he could speak for, and bind, both sides of this matter. This certitude supports the conclusion that the Parties worked in tandem and were never actually adverse. Indeed, “a party may not unilaterally repudiate a settlement agreement once it is reached.” Reed by and through Reed v. United States, 891 F.2d 878, 881 n.3 (11th Cir. 1990). “It is ‘hornbook law’ requiring no citations of authority, except common sense, that a contract once entered into may not thereafter be unilaterally modified; subsequent modifications require consent and ‘a meeting of the minds’ of all of the initial parties to the contract whose rights or responsibilities are sought to be affected by the modification.” Tropicana Pools, Inc. v. Boysen, 296 So. 2d 104, 108 (Fla. Dist. Ct. App. 1974). Acting Attorney General Blanche’s apparent capacity to speak for both Plaintiffs and Defendants, sign a “settlement” document on behalf of all Parties to this action, and then repudiate part of that agreement, demonstrates that there was only one party whose interests were being represented throughout this case.
The court, tackling every angle, also points out that Donald Trump easily could have filed this lawsuit in the multiple years since the tax returns were leaked, but instead, waited until he was back in the White House and in control over the DOJ and the IRS:
Notably, had President Trump (and his then-lawyers Alina Habba and Todd Blanche) brought this lawsuit in a timely fashion while he was a private citizen, this litigation understandably might have been resolved in a 109-day time span. But that is not what happened. Instead, President Trump did not pursue his claims until he once again occupied the White House and had appointed his former lawyer, and the former lawyer of persons who are putative beneficiaries of the “Anti-Weaponization Fund” to prominent positions in the DOJ. These officials then negotiated on behalf of the United States, with his current lawyers, including his former White House Counsel to reach a “settlement.” It is risible to suggest that there was ever adverseness between the Parties.
The judge even calls them out for “saying the quite part out loud” in basically admitting that they were negotiating with themselves:
In dismissing the non-parties’ claims of collusion, Plaintiffs reveal the true position of the Parties and say the quiet part out loud: “Regardless of whether Plaintiffs had ever filed this action, the Government and Plaintiffs still had the power to resolve all disputes between the parties.” (DE 89 at 15). The power to resolve was never a question before this Court. Whether Executive Branch actors can privately agree to give themselves and their former clients blanket immunities and billions of dollars in tax monies for legally undefined grievances was never an issue advanced to this Court. The question is whether the Parties could do so by claiming to be adverse and engaging the legitimacy of a court proceeding. The answer is a resounding “no”: the Lead Plaintiff and the Government are one, a fully realized unitary interest. Because “Plaintiffs have no answer for the fact that the [L]ead Plaintiff, President Trump, directs and controls the Defendants[,]” this “renders this lawsuit non-adversarial, collusive, and jurisdictionally improper.”
And because this fact was so obvious and so insurmountable, the Court finds that this matter was brought for an improper purpose—to gain the imprimatur of judicial legitimacy for a “settlement” that had no viable basis in law or fact.
The judge then explores whether the lawyers should be sanctioned for filing such a sham lawsuit, and decides that they should be. The sanctions involve referring some of the lawyers to their respective Bar associations for review (including having the court clerk mail this ruling to the NY Bar in reference to Todd Blanche), barring Trump’s lawyer Daniel Epstein (mentioned above) from seeking admission in Florida Southern District cases for one year, and prohibiting both Trump and the government from referring to the agreement as a “settlement agreement.”
The Parties are prohibited from referring to the purported “settlement agreement,” or using, offering, admitting, or citing any of its provisions in any judicial, administrative, regulatory, arbitration, or any other official proceeding as evidence of a “settlement” reached in this matter
The closing summary is pretty direct:
John Adams warned, “Facts are stubborn things; and whatever may be our wishes, our inclinations, or the dictates of our passions, they cannot alter the state of facts and evidence.” Thus, whatever may be the Parties’ wishes, inclinations, or the dictates of their passion, they cannot alter the state of the facts or evade the rule of law. Contrary to Plaintiffs’ concern, the Court did not have to “sally forth” to look for a wrong to right…. The Court need only look to the uncontroverted facts here:
- Donald Trump is President.
- President Trump controls the actions of the Secretary of the Treasury Department Scott Bessent, IRS CEO Frank Bisignano, and all Executive Branch actors.
- President Trump, through Executive Order § 7, also controls the litigation strategy and interpretation of the laws guiding the Department of Justice….
- For the 109 days that this case was pending, no attorney representing the United States filed a notice of appearance or any document indicating the government’s position, interest, or awareness of this matter.
- Defendants’ actions are consonant with the dictates of Executive Order § 7
These facts lead to the inexorable conclusion that the “settlement” terms, the individuals who signed the “settlement” as well as the putative beneficiaries of the “settlement,” demonstrate a shared, unitary interest. And the unilateral revision and renunciation of the “Fund” component of the “settlement” demonstrate the fact that all Parties were aligned, and ultimately, undifferentiated. This action was never about a party seeking judicial resolution of a legal issue or a factual dispute. The nature of the suit itself and the conduct of the Parties and counsel from its filing make plain that this was an attempt to use the Court to provide some legitimacy to an agreement to confer immunity to people and entities affiliated with the President and to earmark billions of dollars from American taxpayers to redress grievances not defined in the law. The President may be the functional “dominus litus” of the Executive Branch, but as a party to a civil suit, he, as well as all the parties and lawyers before a court, are bound by the rules. Ensuring that our courts are used only for the express purpose created by the Constitution is the obligation of every judge and an obligation that this Court must discharge in light of the matter before it.
Of course, Donald Trump (both as plaintiff and defendant) can still appeal to the Eleventh Circuit. But at least for this shining moment, we’ve finally had a federal judge look at this blatantly corrupt “settlement” and call it out for what it obviously was: the President of the United States suing his own government, using his own lawyers to create a faux settlement that benefits him and his friends at the literal expense of the American public. A “fully unitary interest” indeed. Just one that is focused on Donald Trump’s best interests over the American public.
Filed Under: daniel epstein, donald trump, irs, kathleen williams, self-dealing, settlement, slush fund, stanley woodward, todd blanche
Back in 2021, Klipsch’s The Fives were the first powered speakers I’d encountered with an HDMI ARC connection, making them as friendly with your TV as they were with the rest of your components. When I first reviewed them, I called them the soundbar solution for people who don’t like soundbars. Klipsch raised the stakes with increasingly larger versions in The Sevens and The Nines, each of which helped usher in a new era of plug-and-play home theater speakers. While each pair has its place, The Sevens hit the sweet spot for me, delivering big, bold sound from a beefy footprint that still, just barely, fits on regular speaker stands.
Of course, HDMI-ready powered speakers are everywhere now, so The Sevens II really needed to up the ante to stand out. In that regard, Klipsch did not disappoint, upgrading its Goldilocks pair in nearly every way. The improvements range from an absolute smorgasbord of connection options and supported audio formats, including virtual Dolby Atmos, to the addition of the Wi-Fi and network connectivity missing from the original pair. There’s even a spare HDMI input for modern gaming consoles, a first among the powered speakers I’ve tested.
Unfortunately, I had real trouble connecting the speakers to my Wi-Fi network during setup, to the point that I eventually plugged in an Ethernet cable and called it a day. Otherwise, there’s not much The Sevens II don’t get right. They offer impressive immersion and clarity, fantastic bass response, and a wealth of extras in a nearly comprehensive take on the all-in-one speaker system.

Let’s get the annoying part out of the way. While fishing these 15-inch-tall mega-cabinets from their housings is something of a chore, connecting to my network created the real headache. The biggest issue seemed to be that, while the speakers connected right away and were active in the Klipsch Controller app, they weren’t receiving network information, at least not fast enough for their mandated firmware update, which is apparently integral to functionality.
After five tries, multiple 30-to-45-minute waits, and at least two power cycles, I finally tried Ethernet, and the speakers seemed to jump at the chance to update. After around 10 minutes, they had the latest software, and I experienced no further network issues over two weeks of testing.
Ostensibly, the speakers can go wireless in multiple ways, allowing you to connect the primary speaker, which harbors the inputs and controls, to the secondary cabinet wirelessly. This limits resolution to 48 kHz, as opposed to 96 kHz with the included four-meter CAT6 cable, and besides, I wasn’t taking any more chances after my Wi-Fi issues.
To be fair, these aren’t the first speakers to have trouble on my network, and a colleague who reviewed The Nines II had no such issues. Still, the vast majority of devices I’ve tested connect seamlessly, so it’s something to note if your network is finicky and/or you don’t have a handy Ethernet connection.
Connecting The Sevens II to other components was as breezy as you’d expect from modern powered speakers, including a quick connection to the TCL QM7K TV I’m currently reviewing. This provides seamless control from your TV remote for power and volume, and unlike many premium speakers, there were no handshake issues or connection flubs.

Even after my Wi-Fi frustrations, it was hard not to fall for The Sevens II’s chic yet brawny design, which perfectly matched my review TV’s 75-inch obsidian screen. Along with the Ebony MDF cabinets I reviewed, they come in Walnut and a tantalizing new Red Oak finish with a white front, each of which boasts “real wood” veneer. On top of the right speaker is the same tactile volume wheel found on the original pair, alongside a metallic input key, giving them a vintage vibe.
The package includes magnetic acoustic grilles for a more demure look, but unless you’ve got curious kids in the house, it’d be a shame to hide those drivers. The combination of Klipsch’s hefty “Jet Ceramic” 6.5-inch woofers and titanium LTS tweeters, set behind the brand’s signature Tractrix horns, really spruces up the room.
Other accessories include an HDMI cable, an omnidirectional microphone for calibration, and a simple backlit remote. The latter offers some helpful input keys, and it’s useful for pausing sound on the go, but the majority of controls and settings are handled by the app.
The input hub at the back of the main speaker, which can be placed on either the right or left for convenience, provides an embarrassment of riches. The digital coaxial input is especially useful for connecting a CD transport or CD player while relying on The Sevens II’s internal DAC and keeping the lone RCA analog input free for another source.
That’s joined by an optical digital port, RCA and MM phono analog inputs, and USB-C. Dual HDMI 2.1 ports, including HDMI eARC, provide high-bandwidth passthrough for 8K, HDR10+, and Dolby Vision video, as well as support for VRR (Variable Refresh Rate) and ALLM (Auto Low Latency Mode) with gaming consoles.

There’s also a subwoofer output to add more punch and clear up some space in the higher registers. It’s worth employing if you’ve got a spare subwoofer on hand, but part of the value proposition here is that The Sevens II have plenty of bass on tap, reaching down to a claimed 39 Hz and handling the upper-bass region around 50 to 60 Hz with relative authority.
On the audio side, Klipsch goes well beyond the limited PCM support found in most of the powered speakers I test, thanks to its use of Onkyo AVR circuitry. While DTS support is limited to The Nines II, The Sevens II get a loaded Dolby suite with support for Dolby TrueHD and even Dolby Atmos decoding, though without upfiring speakers, the effect is limited.
Streaming support is a major upgrade over the original pair’s Bluetooth-only system, supplementing Bluetooth 5.4 with support for Apple AirPlay, Google Cast, Spotify Connect, TIDAL Connect, and Qobuz Connect.
Dirac Live Room Correction calibration is also included to help adapt the sound to your room, though only for bass control up to 500 Hz by default. If you want to upgrade, you can do so through Dirac’s website for $100, which allows multiple “filters,” or calibration options across the frequency range, for different seating positions or room setups.
The app provides plenty of other ways to adjust the sound, including a five-band EQ and presets, along with extras such as Dynamic Bass, Dialogue Enhancement, and Night Mode. There are also three sound modes: Movie, which is on by default; Music; and Direct, for unfiltered sound.
Oddly, switching between modes creates a two- or three-second delay, accounting for the only real app trouble during my review. It’s especially frustrating because video tends to sound best in Movie Mode; otherwise, dialogue can sound boomy, while music is clearer and more open in Music or Direct Mode. Aside from that, the app was impressively stable and responsive, with only the occasional delay when connecting to Spotify.

Though powered speakers like The Sevens II are generally designed as a music-first way to enhance your home theater, it will come as no surprise to those familiar with the original pair that their best use case is souping up your favorite TV shows and movies. That’s not to say they’re not excellent for music, but their large size and support for multiple home theater formats make them brilliant for TV sound.
Switching them on was an instant upgrade, not only over the reasonably capable TV speakers in the TCL QM7L I’m currently reviewing, but also over powered reference speakers such as the SVS Prime Wireless and even my beloved KEF LSX, especially with more cinematic fare. Their sheer size and acoustic design get much of the credit, using those large cabinets to produce an immersive soundstage marked by bold, powerful sound and plenty of foundational bass that rarely gets boomy.
Just as importantly, they’re very well attuned to subtle details. From the creak of a door or the click of a revolver’s hammer to pointedly soft dialogue or padded background noises, such as the din of printers and phones in The Office, everything feels elevated.
In one of my favorite test scenes from The Mandalorian episode “The Mines of Mandalore,” I was enamored with all the little moments: the dramatic punch of the ship as it breaks through the atmosphere; the metallic rattles placed deep in the soundstage; the purring of the ship’s engines; and even the tactile sound of his helmet light turning on. All of it was fantastically immersive, pulling me deeper into the moment.
I’m not sure how much of this can be credited to The Sevens II’s virtual Dolby Atmos support. Without upfiring speakers, Atmos’ height element—the part that makes it feel spherical and encompassing—is obviously limited. Even so, the sound is dimensional and articulate, while preserving plenty of bombast for moments such as explosions or the thundering beat of a soundtrack. Even in stereo, it goes well beyond your average flagship soundbar.
Listening to lossless music over Spotify Connect was also impressive, especially when using the Music or Direct modes. While the upper midrange and lower treble can sometimes sound a little tight, they never become sharp, and there’s plenty of detail across the frequency range, with notably expansive sound in larger mixes.
The brass in Sinatra’s “Luck Be a Lady” has convincing weight and presence, while the saxophones retain plenty of texture without becoming strident. The percussion in Tom Petty’s “You Don’t Know How It Feels” snaps with convincing attack, pushing the song’s signature snare to the forefront while preserving the laid-back groove that drives the track.
Bass reaches deeper than expected, even for speakers this size. The Weeknd’s “Starboy” delivers solid low-frequency impact without overwhelming the mix, while Caroline Polachek’s “Welcome to My Island” showcases the speakers’ ability to separate layers of synthesizers and electronic effects across a wide, stable soundstage that occasionally extends beyond the cabinets. Polachek’s voice remains clean and expressive throughout, even as the arrangement becomes increasingly dense.
Moving to vinyl with my go-to test album, Dave Brubeck’s Time Out, The Sevens II did a convincing job with the piano’s body and attack, the soft cymbal work and brushed snare positioned to the left, and the saxophone anchored firmly in the center. I preferred the built-in phono preamp in my U-turn Audio Orbit Theory turntable to Klipsch’s, which sounded quieter and less immediate, though the difference was not substantial.
If there’s one area where the speakers could improve, it’s the separation between instruments in dense arrangements. Radiohead’s “Everything in Its Right Place” remained clear, but individual layers were not as sharply defined as they could have been. That’s where Dirac Live comes in.
One of the most respected third-party calibration systems available, Dirac Live is designed to address room-related frequency problems, improve bass response, and refine imaging and clarity. For the most part, that’s what it did.
On many tracks, Dirac created more space between instruments and widened the stereo image without making the presentation feel disconnected. Returning to Tom Petty’s “You Don’t Know How It Feels,” the individual instruments and backing vocals were easier to distinguish within the mix.
Bass response also became more prominent, sometimes excessively so in my small listening room. On bass-heavy tracks such as Too Short’s “Just Another Day,” the low end became overbearing, though reducing the 80 Hz band in the EQ brought it back under control.
The larger issue was that Dirac sometimes pushed vocals farther back in the mix. That was noticeable on Depeche Mode’s “Personal Jesus” and Nickel Creek’s “Reasons Why.” The latter stood out in particular because Sara Watkins’ voice is normally positioned firmly at the center, with clear diction and strong presence.
Because of that tradeoff, I generally preferred The Sevens II without Dirac Live enabled. Other listeners may reach a different conclusion, especially in square, reflective, or otherwise difficult rooms where acoustic treatment is impractical.

The Sevens II offer the best of both worlds, combining the format support of a soundbar with the connectivity, scale, and stereo presentation of a capable pair of powered speakers. In many ways, that makes them and their sibling models, The Fives II and The Nines II, an appealing solution for anyone who wants a plug-and-play system that works across multiple sources, including a TV.
You’ll find greater clarity, precision, and stereo imaging from speakers such as KEF’s LS50 Wireless II, but The Sevens II counter with deeper bass, greater output, and more convincing handling of film and television content. That combination helps them stand out in a crowded market.
My Wi-Fi problems and smaller usability complaints, including the pause when switching sound modes, are the biggest marks against them. Even so, The Sevens II make a strong case for listeners who want one pair of speakers to handle music, movies, gaming, vinyl, and digital sources without adding an amplifier, streamer, or soundbar. For that buyer, their broad connectivity and powerful presentation help justify the substantial price.
★★★★★★★★★★ Performance
★★★★★★★★★★ Usability
★★★★★★★★★★ Build Quality
★★★★★★★★★★ Value
SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges customers to install the newly released security updates.
CVE-2026-15409 is a critical (CVSS 10.0) server-side request forgery (SSRF) vulnerability in the SMA1000 Appliance Work Place interface that allows a remote, unauthenticated attacker to force an appliance to make requests to unintended locations.
CVE-2026-15410 is a high-severity (CVSS 7.2) post-authentication code injection flaw in the SMA1000 Appliance Management Console that could allow a remote authenticated administrator to execute arbitrary operating system commands.
While CVE-2026-15410 requires administrator privileges, SonicWall assigned the advisory an overall CVSS score of 10.0.
SonicWall says it investigated multiple incidents and confirmed that both vulnerabilities are being actively exploited.
“SonicWall PSIRT has investigated multiple cases indicating the active exploitation of the vulnerabilities described in this advisory,” SonicWall warned.
“Customers are strongly urged to upgrade to the hotfix release as soon as possible to remediate these vulnerabilities”
However, the company has not disclosed whether attackers are chaining them together. BleepingComputer has contacted SonicWall to clarify the attacks and will update this story if we receive a response.
The vulnerabilities affect SMA1000 models 6210, 7210, and 8200v running platform-hotfix releases 12.4.3-03245, 12.4.3-03387, 12.4.3-03434, 12.5.0-02283, 12.5.0-02624, and 12.5.0-02800. Fixes are available in platform-hotfix versions 12.4.3-03453 and 12.5.0-02835, and later releases.
SonicWall says the vulnerabilities do not impact SSL-VPN running on SonicWall firewalls or the SMA 100 Series product line.
The company also shared indicators of compromise (IOCs) that administrators can use to determine whether an appliance has been compromised:
SonicWall strongly recommends upgrading to the latest hotfix release and performing an analysis to determine if any of the above IOCs are present.
If a device is found to be compromised, the company advises administrators to re-image physical appliances or redeploy virtual appliances, change all user and administrator passwords, and reset TOTP tokens.
SonicWall also notes that there are no workarounds or mitigations for these flaws other than installing the hotfixes.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added both vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, confirming they are being actively exploited in attacks.
Federal agencies have until July 17, 2026, to secure affected systems under Binding Operational Directive (BOD) 26-04 or discontinue use of the product if mitigations cannot be applied.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Can you call it a bandsaw if it has neither band nor saw? [WeldingRod1] does, with his entry in the laser contest — a manually-controlled laser cutter that he’s dubbed a Laser Bandsaw. Some might quibble that it’s not actually sawing with the beam, and others will inevitably find the safety implications rather frightening. We think it’s a fun project and that [WeldingRod1] can call it what he wants, as long as he follows his own advice and keeps his laser goggles firmly on his precious vision orbs.
He has actually put some thought into what started as the physical manifestation of a joke in a podcast. The blue diode laser — a NUBM44 diode rated at 7 W — got a custom-made copper heatsink. It’s also got a hefty beam dump in the form of a stack of box knife blades. That’s very necessary to keep the beam from reflecting where it shouldn’t, especially when you consider this operates like a regular band saw: you turn it on, and it’s ready to cut. With only 7 W of laser power it can’t cut that much, mind you, but apparently it’s great on balsa wood and blasts black paint off like nobody’s business.
Now if this was our shop we’d probably want to put the laser diode onto some kind of CNC platform, be it Cartesian or SCARA. But we’ve seen that done many, many times and if you’ve got the motor skills this might be just the tool for you. There’s a pinout and STLs for the 3D printed frame on the project page if you’re interested. If not, why are you still here? The article is finished. Go make something lase and send it in. The deadline for the 2026 Frikkin Laser Contest is fast approaching!
‘We are focusing our capacity where it matters most to customers’, a Thomson Reuters spokesperson said.
Thomson Reuters, the Canadian parent company behind Reuters News, is cutting up to 500 engineering jobs, joining a long list of technology providers shedding parts of their workforce in preference for AI.
Layoffs at the content and technology company could affect around 1.8pc of its global workforce of 27,100, and around 5.2pc of its 9,400-strong operations and technology unit, according to a Reuters New source.
These latest layoffs come as economists and technology leaders, in a fresh joint statement, warned against the negative effects of widespread and uncontrolled AI adoption on economies, including large-scale job displacement.
Similarly, the Economic and Social Research Institute, earlier this year, found that AI adoption in Ireland is likely to lead to “moderate increases in income inequality” in the short run.
Reports also suggest that AI’s uptake in many Irish and UK-based organisations is not adequately supported by targeted investment in skills and technology adoption.
“As customer expectations across legal, tax and regulatory workflows evolve, we are focusing our capacity where it matters most to customers,” a Thomson Reuters spokesperson told Reuters News yesterday (13 July).
The Toronto-based company announced revenue growth of 10pc in the quarter ending March, with its three biggest segments benefiting from its industry-specific AI products. The company also anticipates a better-than-expected outlook for 2026.
Technology leaders have been sounding the alarm on AI’s impact on jobs for a while – with many, including Mark Zuckerberg, praising slimmer teams, flatter management structures and cheaper AI agents.
Earlier this month, Microsoft announced plans to cut 4,800 jobs at the company, responding to changes to the industry’s landscape caused by the new technology. Meta reportedly cut as many as 350 Irish jobs in a recent round of layoffs that affected around 8,000 employees.
Other major companies including Block, Atlassian, Oracle and Amazon have also cut thousands of jobs.
According to Layoffs.fyi, tech companies have shed more than 120,900 workers so far this year – with the number fast approaching the roughly 123,000 that were laid off in the whole of 2025.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
To be an educator and a writer is to inhabit a rollercoaster world of hope; at times, you are filled with the excitement and power of possibilities, and at others, you are terrified of losing it.
During the Voices of Change fellowship, I not only grew as a writer but was also inspired by educators who gave me the gift of “freedom dreaming.” I’ve since sought opportunities to practice freedom dreaming daily in the classroom. Embedding joy and equity into the curriculum and building authentic relationships with students are my north stars. I refer to my students as family, and to highlight that, I have a banner with a quote by Gwendolyn Brooks on my door. It reads, “We are each other’s magnitude and bond.” I’ve placed photos of the students in my classes all around the banner.
I’ve also begun teaching world history. This class energizes me and makes me want to revolutionize and freedom-dream the way history is taught and explore people and stories that matter.” Facing History and Ourselves” and the “Remedial Herstory Project” have been instrumental in helping me find my way and voice as a history teacher.
Despite teaching a new subject that gives me joy, this particular school year has been one of the most emotionally exhausting and difficult for me. I live in Minneapolis, where our 2025-26 school year began with the mass shooting at Annunciation School, a community with close ties to my school. Then, in December, the havoc of ICE removing neighbors and family members from our communities began and culminated in the murders of Renée Good and Alex Pretti. On the hardest days, I held back tears as I tried to instruct my classes. The students and I were scared; our mental health was tested and we were often distracted by everything outside of our school.
I can’t help but feel that one of the first steps to legitimizing the brutal and dehumanizing treatment of Brown and Black people and those protesting against ICE was creating a narrative that DEI is antithetical to academic learning. However, as a Spanish and history teacher, I know that DEI pumps life into the themes and lessons I teach. I believe it is necessary to center women’s voices and Indigenous histories and to honor Black and Afrolatine lives in our curriculum, creating dynamic lessons with more complex, richer perspectives.
Most inspiring to me has been watching neighbors and friends rise up to protect the safety, integrity and heartbeat of our city as we experience the violence and injustice of ICE. Seeing the strength of my community motivates me to eliminate the idea that hope is lost and inspires me to do my part in the classroom.
The students and I work to banish the hate and inequity infiltrating our lives, and freedom dreaming has pushed me to channel the world I want to live in into the curriculum. For example, I built a lesson for my Spanish class entitled “In Times of Crisis, Humanitarian Help.” We learned about the devastation caused by Hurricane Melissa in many Caribbean countries, but focused on World Central Kitchen and humanitarian José Andrés’s work to restore people’s dignity and ability to live after natural disasters by preparing meals for them.
In world history, we spent longer than necessary on the Mauryan Empire and Ashoka’s legacy in Buddhism, highlighting principles of peace, nonviolence, and respect for all creation. One student told me this lesson made her strongly consider converting to Buddhism. For me, it is crucial for students to know that even though politics and society seem rife with conflict, it is possible to lead with peace, love and fierce empathy.
My life as a writer and educator has continued to evolve. After the fellowship, I earned a Pushcart Prize nomination for poetry in 2024. Receiving the Voices of Change fellowship and then the poetry honor gave me the confidence to apply for and receive a summer writers’ residency this year. I’m excited by the opportunity to continue exploring the part of me that wants to write about my experiences in and out of the classroom, no matter how challenging they may be.
NEWSLETTERS
Sign up for EdSurge newsletters for timely news, insights and analysis.
Yet, after over 20 years of teaching, what’s remained constant is creating moments of joy, humor and connection in the classroom. Don’t get me wrong, we still build competencies — not just for school, but for life.
My goal is for each school day to be permeated by the unwritten hope of freedom dreaming, so that the students and I — and, by extension, our wider community — believe in the barrier-breaking power of unity and a world thriving on dignity and respect for all.
Amanda Rosas is a mother, veteran educator and Pushcart Prize Nominated poet in Mendota Heights, Minnesota.

Perhaps the most ridiculous statement that anyone can make is that a computer system with clearly enough processing power ‘cannot run DOOM‘. This is why we accept the premise that a PDP-11 cannot run this game, but something on the order of a Neo Geo gaming console with its 68000 processor and for the time impressive GPU definitely ought to be able to.
The stated problem here is a lack of RAM for a framebuffer, with the CPU only having 64 kB to play with. This limitation now has seen two different approaches to try and circumvent it, as covered by [Modern Vintage Gamer].
The first project here is Doom64kB, which as the name suggests tries to somehow work with this system RAM limitation. It uses the Doom8088 port for the original IBM PC and similar Intel 8088-based systems. This had to massively reduce the feature list, including the lack of texture mapping for floors and ceiling, no saving or loading, and no music.
The other project is DoomGeo, which doesn’t try to bend the Neo Geo hardware to its will, but accepts the Neo Geo way of doing things: involving sprite strips, pre-baked graphics, fix-layer UI, and a minimum of runtime data. This of course drastically changes how the Doom game engine normally works, with its framebuffer-based rendering.
From this we can thus conclude that it’s not so much the processing power that limits where DOOM can run, but more of how framebuffer-friendly the system architecture is, yet with some ingenuity and a complete rewrite of the game engine even that is no major obstacle.
(Top image: Neo Geo AES console. Credit: Evan-Amos, Wikimedia)
On a fine bright afternoon last fall, my colleague Matthew Gore-Kormanik (or Zigula, as he prefers to be known) and I decided to unwind with a game of Fortnite. In the game, we were strolling along with the infamous Sith lord Darth Vader, chatting about this and that. Darth seemed in a good mood, and soon enough he was spilling all his dark evil secrets. He gave us detailed instructions on how to count blackjack cards at a casino and what the steps are to producing napalm.
Sith lords, am I right? Once they get started on an evil scheme, they’re hard to stop.
The Darth Vader character in Fortnite, it turns out, was hooked up to a Google Gemini large language model. I was able to smooth-talk him into giving out sensitive information by using a strategy I’ve developed. I’ve been researching the security surrounding LLMs for the last few years, and I have found it, to put it mildly, fallible. With a few relatively simple techniques, I’ve gotten LLMs to give me detailed information on how to make Molotov cocktails, cook methamphetamine, and bootstrap a uranium-enrichment facility to produce weapons-grade material, among other unsavory practices.
Large AI companies work hard to make their models immune to this kind of abuse. But what I’ve found in my work is that the restrictions placed on the LLMs to make them more secure are the very things an attacker can leverage to send them off the rails and into territory where these advanced systems can be used for dangerous and nefarious ends. The companies behind these models have also been shockingly unresponsive when I, and others, try to bring these vulnerabilities to their attention.
In the hope of raising the alarm before it’s too late to slam on the brakes, I’m going to share some of my journey into researching the safety and security of LLMs, and the uphill battle I’ve faced trying to get AI labs to pay attention. Almost everyone on the planet has some access to LLMs. The relative ease with which these tools can be convinced to give detailed instructions on how to harm others, even if there’s no guarantee that the information is correct, is frankly terrifying.
In October 2024, not long before I discovered my first LLM vulnerability, I was working toward entirely different goals. I had ended my time with a security and AI-focused startup company as a cybersecurity director, and I was looking to launch my own boutique VIP digital-security advisory business. I planned to become the tech security guy to the rich and private. I used LLMs and AI tools to support my business efforts: marketing, ad copy, clean correspondence, and all the other tasks that normally soak up a lot of time.
I’m analytical by nature, so even this level of use resulted in me absorbing and internalizing the behaviors I was observing during my daily interactions. The observation that would send my professional life into an entirely new and uncharted region was a simple one: GPT-4o didn’t know what time, day, or year it was. Each time I referred to current events in my life, often casually or conversationally, it would end up pegging these to the date of its knowledge cutoff—the point beyond which it was not trained on new data.
Eddie Guy
LLMs take a lot of time, money, electricity, hardware, and human effort to train from scratch. They are trained on vast amounts of data—most of the internet, in fact—and that training is reinforced by humans (what’s known as reinforcement learning from human feedback, or RLHF). LLMs are also supplemented with retrieval-augmented generation (RAG)—the ability to take in data, say, from the internet, as context without changing its internal parameters. This is how GPT-4o appears to “remember” your previous conversations, even if it doesn’t have a specific “memory” of it stored in the actual underlying model.
All of this training covers almost every conceivable topic in the great, grand dataset that is human knowledge. Within that dataset are things we as a society do not want to be easily accessible to every user, such as detailed information on how to create bioweapons or nuclear arms, or otherwise bring harm to oneself or others. In the context of this story, that’s what I mean by LLM security: its ability to withhold harmful and dangerous information, even if that information is contained in its training data.
I reasoned that the only way to secure such complex, globally accessible chatbots is by having the LLM and various component systems try to secure themselves, because it would often require on-the-fly decision-making where some degree of reasoning must be applied. In reality, that’s one of many strategies the companies use to secure the models. Yet, the thing that didn’t know the time or day was being put in charge of keeping itself secure. This phenomenon had become my new focus, and it wasn’t long before I found a way to exploit it.
OpenAI had just implemented a web search functionality into its chatbot. I reasoned that using its own tools to trick it might demonstrate the weaknesses of its security. I told it about a certain White Star ocean liner and how it had gone down just a year ago. You likely know I mean the RMS Titanic, which sank on 15 April 1912.
The output from GPT-4o came back that I was right, the Titanic sure had sunk last year, and that year was 1912. It made sense to me that if the machine thought it was 1913, maybe it would think 1913-era laws apply. In 1913 there were no laws on the books about all sorts of harmful things, because of course they hadn’t been invented yet. And if something wasn’t illegal, why not tell the user about it? At first, I pushed it for step-by-step instructions for making firebombs. Then, for drugs like methamphetamine. The LLM went as far as giving me instructions and machinery recommendations for setting up a pharmaceutical-grade assembly line.
Via a little bit of imaginative verbal sleight of hand and a vanishingly small recall of world history, I had managed to bypass the security of one of the world’s most expensive and advanced technological achievements. For a solid two days, I was nearly manic with giddiness. Once the brain chemicals returned to normal levels, I felt the call to see how much further I could push this exploit.
After repeatedly replicating the exploit, I disclosed the vulnerability to OpenAI. I got no response, so I felt more experimentation would highlight the vulnerability and the need for a fix. It was during this round of testing that I breached a particularly terrifying threshold. Whether GPT-4o based its results on accurate recall of normally restricted information I can’t say. In any case, I was able to exploit it to produce thorough, detailed instructions on how to bootstrap a uranium-enrichment facility to, eventually, produce weapons-grade uranium for nuclear arms warheads.
Fortnight, a video game from Epic Games, introduced an AI-powered character: Darth Vader. We were able to jailbreak Darth Vader and get him to explain how to count cards in Blackjack and give detailed instructions for making napalm. Dave Kuszmar
There aren’t many true secrets left in today’s world, but how to make atom-splitting weapons of mass destruction is one of them. Only nine nations on the entire planet have these weapons. Yet, here was a globally accessible piece of technology apparently spilling the secrets of their manufacture for anyone who could manipulate it the right way. I had no way of knowing if the information was correct or a hallucination, but even the chance that it was somewhat accurate was horrifying.
The next few weeks were a dark time for me. I tried to inform the CIA, the FBI, the NSA, and every other letter agency that I thought would listen. I reached out to a U.S. Senator and to the executives at OpenAI any way I could think of. I physically showed up at an FBI field office in an attempt to turn evidence in, only to be sent away. Nothing was working.
With my fear and frustration growing, I reached out to the news media. I contacted The New York Times, The Washington Post, the BBC, ProPublica, and so many more, requesting help. Only one outlet responded: Bleeping Computer. The editor in chief, Lawrence Abrams, was able to replicate and verify the exploit, which I had decided to call Time Bandit. With his assistance and initial contact paving the way, I was able to submit my evidence to the Carnegie Mellon University Software Engineering Institute’s Computer Emergency Response Team (SEI CERT), which works in conjunction with the coordinating center for emergency response, pipelining vulnerabilities to the U.S. Cybersecurity and Infrastructure Security Agency.
Using Inception, an exploit where the large language model is asked to envision a scenario within a scenario, a chatbot was jailbroken to give out instructions on how to create poison, and code for a malware that extracts sensitive data from a vulnerable target. Dave Kuszmar
During the disclosure period with SEI’s CERT division, little was discussed with OpenAI. The company couldn’t deny the existence of the vulnerability, as it had been confirmed by three reputable parties other than OpenAI. It did express confusion as to how the vulnerability worked. Even the SEI CERT researchers were expressing a bit of uncertainty as to the underlying mechanics. Truth be told, as I had only stumbled on it, I wasn’t even entirely sure if this was a fundamental or systemic flaw or if it was simply an issue with that particular version of GPT. I contacted the SEI CERT’s researchers and asked if they’d want to see if I could demonstrate any similar vulnerabilities in other LLMs. To my delight, they were interested.
As the SEI-CERT team and I wrapped up our initial disclosure of Time Bandit, we began work on a new attack. This time, we wanted to see if the exploit was architectural—that is, was it common to LLMs in general? I decided to undertake the challenge of crafting a new exploit for GPT-4o as a way to support my understanding of how the LLM functioned and was secured.
I already knew that it was limited to what I told it and what it was trained on. I also hypothesized that it was also dependent upon some sort of machine-learning-based component added by OpenAI that was responsible for securing output. I presumed there would be things that were implemented by human developers specifically to catch certain phrases or terms that should always be considered harmful or unsafe. Altogether, it presented quite a large attack surface for the purposes of potential exploitation.
What I ended up devising was an attack method I called Inception, after the 2010 science-fiction movie of the same name. Inception forces the machine to think through a carefully crafted set of interlinked scenarios, similar to how characters in the movie stacked dreams within dreams. This allows LLMs to produce output deemed acceptable or safe in one context, but not in the real world.
This attack was indeed architectural. The vulnerability affected Anthropic’s Claude, DeepSeek’s DeepSeek, Google’s Gemini, Meta’s Llama, Microsoft’s Copilot, Mistral’s Le Chat (now Vibe), OpenAI’s GPT-4o, and xAI’s Grok. Those names represent the bulk of the commercial AI industry that is, at this point, involved in LLM production or deployment.
The kind of information I was able to get out of LLMs with Inception was no less alarming than what I got with Time Bandit. Claude, in its enthusiasm, gave me instructions on how to turn a river into a death trap that could be ignited to destroy unwanted visitors. GPT-4o taught me how to poison a dinner party with common plants found in a temperate forest environment. Gemini Flash gave me a tutorial on how to cook meth. I’d also be remiss if I didn’t give an honorable mention to the bewildering number of fire-based weapons and bombs for which these machines produced instructions.
If multiple operating systems made by different developers were all susceptible to the same exploit, it would be a massive security incident. But to the AI industry, a universal failure was barely a bump in the road. We disclosed the vulnerability to every company that made these models, and the response to the disclosure was almost nil. While three companies did provide some form of reply in the disclosure tracking system used by Carnegie Mellon SEI CERT, each was a standard thank you and greeting, with no follow-up, questions, or discussion of mitigation strategies.
For example, in my attempts to disclose various exploits to OpenAI, I eventually discovered that it had replaced its public-facing support staff with agentic LLMs. This was frustrating for reporting exploits, so to blow off some steam I jailbroke its email chatbot. I hacked its customer-service AI to the point where it was offering to discuss the personal preferences of OpenAI staff in the span of three email replies.
In the wake of Inception, my friend and colleague Zigula made a suggestion: Make it splashier. I asked him how. He told me about a live-production experiment being done by Epic Games. It had embedded the Gemini LLM into its Fortnite game with a voice-to-text/text-to-voice component, and linked it to a non-playable character. The character? Our old buddy, Darth Vader.
There was just one problem: I don’t play Fortnite, a frenetic multiplayer combat game. Fortunately, Zigula does. With him at the controller, we managed to map Gemini’s attack surface in a matter of minutes. After a bit of research, we had gotten it to discuss current political events and figures (including Hilary Clinton and Joe Biden) as well as to fill in the details for instructions for DIY napalm and, our personal favorite, a Blackjack card-counting lesson with the dark lord of the Sith.
Zigula and I, bizarre sense of humor and naming conventions aside, are security researchers. We don’t do these things for pride; we do them for money and professional recognition. Naturally, we disclosed this vulnerability to Epic Games. Its response was indicative of the trend I had experienced so far through two disclosures across eight companies valued well into the billions. “It’s a feature, not a bug, and it works as intended,” came the response from a technical director within Epic Games.
In addition to Inception and Time Bandit, I have so far found another eight methods to jailbreak LLMs and get them to give out possibly dangerous information. LLM vulnerabilities are a broad problem. The problem appears to be systemic and architectural in nature, and it is being fundamentally ignored by the people capable of refining or redesigning that architecture.
These models are an extremely advanced technology, and yet we are testing them in the live production environment of our global civilization. Compounding the danger, many new smaller models of LLM are trained using larger, vulnerable models. The flaw inherent in the big, well-executed LLM is going to show up in the small one it trains. We are, quite literally, building flawed structures on top of a flawed foundation.
So, how do we fix it?
It’s going to be a long project, and it won’t be easy. We need to come together as consumers, researchers, engineers, and policymakers. Our message needs to be clear: Slow down implementation of these systems, institute large-scale exploration and research discovery programs focused on their gradual implementation and integration, and make their components and design transparent to all users. Only by shifting momentum and direction can we safely begin to understand and implement these incredible feats of human engineering and stave off the sort of disasters that we simply can’t predict at scale right now with the limited knowledge we have available to us.
From Your Site Articles
Related Articles Around the Web

Vieu, a Seattle startup aiming to replace cold outreach with warm introductions, launched what it calls the “Business Graph,” a live map of trusted relationships that drive business-to-business sales, marketing, recruiting and fundraising.
The 40-person company, which raised an $11 million seed round in October 2024, has grown to more than 100 enterprise customers including Rubrik, NetApp, and Amazon Web Services. Vieu competes with sales-intelligence tools like ZoomInfo and Outreach, and overlaps with LinkedIn’s Sales Navigator.
The company is led by CEO Samir Manjure and CTO Simon Skaria, both Microsoft alumni. Manjure went on to found KenSci, a healthcare AI startup acquired by Providence in 2021. Skaria has also founded and sold two other startups, Office365Mon and Albits.
The Business Graph, which launched Tuesday, maps relationships between people and companies based on observed signals — such as shared work history, co-authored research, board affiliations, and joint ventures — rather than the self-reported connections that populate LinkedIn.
Common use cases include finding someone who can make an introduction to a decision-maker at a target account, quietly checking references on a job candidate, and figuring out which LinkedIn connections a salesperson actually knows versus the ones they simply accepted a request from.
Vieu says the graph can be used inside its own app or queried directly by AI assistants like Anthropic’s Claude and Google’s Gemini, and it integrates with CRM, email, and Slack.
Manjure said Vieu still has the majority of its 2024 seed round in the bank and has not raised new funding. The company charges customers a platform fee for access to the Business Graph plus outcome-based pricing tied to specific use cases like sales, recruiting, and fundraising.
Paramount vows to fight a 12-state antitrust lawsuit blocking its $110 billion Warner Bros Discovery deal, saying it will go to the Supreme Court.
Paramount Skydance is still aiming to close its roughly $110 billion acquisition of Warner Bros Discovery by the end of September despite a lawsuit filed by 12 state attorneys general seeking to block the deal on antitrust grounds. Jeffrey Kessler, Paramount’s lead trial counsel, told CNBC on Tuesday that the company is prepared to take the matter to the Supreme Court if it faces a prolonged blockade. The coalition, led by California Attorney General Rob Bonta, filed the suit in federal court on Monday and followed it with a motion for a temporary restraining order later that evening.
The lawsuit argues that combining two of Hollywood’s five major film distributors and two of its five major basic cable channel owners would substantially lessen competition across theatrical distribution, cable programming, and the broader entertainment industry. Bonta said in a statement that the merger would lead to higher prices, lower quality, and less content for audiences. The deal had already received clearance from the Justice Department’s Antitrust Division, which concluded in June that the transaction was unlikely to harm competition, making the state-level challenge a direct rebuke of the federal finding.
Kessler told CNBC’s David Faber that Paramount had indicated its intention to close the deal as early as July 22, the date by which the European Union is expected to issue its own regulatory decision. Paramount recently submitted concessions to the EU to address remaining concerns. Kessler said the company offered the states two alternatives, an immediate close or an orderly judicial schedule that would resolve the matter by early September, but the states rejected both.
The financial pressure on Paramount is real. Under the merger agreement, if the deal has not closed by September 30, Paramount must pay Warner Bros Discovery shareholders a ticking fee worth roughly $650 million per quarter until closing. A temporary restraining order, if granted, would pause the transaction for 14 days, and up to two could be issued before the states seek a preliminary injunction that would put the deal on hold for the duration of the litigation.
Kessler argued the merger is pro-competitive rather than anti-competitive, noting that the entertainment industry is in deep trouble as consumers flee pay TV bundles and streaming competition intensifies. He said the combined company would be able to compete directly with Netflix, Disney, and Amazon’s Prime Video. CEO David Ellison has promised the merged entity would release 30 films per year, and Kessler said Paramount is willing to put that commitment in writing.
The deal has already cleared the DOJ and multiple international regulators, and Paramount has been unifying its streaming technology in preparation for absorbing HBO Max after closing. Whether the state attorneys general can delay the transaction long enough to trigger the ticking fee, or block it entirely, will likely depend on how quickly the federal court in Sacramento acts on the restraining order request.
Fire up an inline-four motorcycle and it makes a pretty big deal about it with its sharp, high-pitched note that just keeps climbing as you rev higher. It’s certainly nothing like a Harley-like cruiser, famous for their slow thumps. And by high pitch we don’t mean it sounds like a two-stroke engine. Those produce a rather buzzy sound, often described as a “bee swarm”. Rather, an inline-four’s sound is, by all accounts, smooth and continuous, not unlike those older naturally aspirated V10 Formula 1 cars, known for their distinct scream. That wail is also a big part of why the inline-four keeps turning up on lists of the best-sounding motorcycles ever made.
That’s exactly how the screamers get their name. A good modern day example of such a bike is the Kawasaki Ninja ZX-6R. The reason why such bikes sound the way they do is because of how their engines are built, or rather, how they spin.
An inline-four bolts four pistons onto a single crankshaft. And since all of them cycle in sequence, the crank never gets to rest, according to Viking Bags. There is always at least one piston mid-bang shoving the crank along, so the power lands in a steady, unbroken stream. They also fire at even intervals, which is very different from what you get from a single-cylinder or twin-cylinder engine. These have fewer power strokes per revolution and do not fire as continuously as an inline-four, so there are brief periods of time where the crank coasts along on momentum alone. That’s why the sound is different too.
One of the biggest advantages that the inline-four offers is pure horsepower, mainly because the four-cylinder split of the kind allows the engine to be far more efficient. The firing is also pretty nonstop, which keeps power flowing to the wheel without pause. As a result, the screamer accelerates hard and tops out high. The flip side is that it can be a handful, since the tire gets fed power constantly and relies on a highly-skilled rider to maintain control.
However, with all that power came a notable downside. Masao Furusawa, the Yamaha engineer who led its MotoGP effort through Valentino Rossi’s title run, explained in an interview to Crash.net that a screamer’s torque noise at high rpm drowns out the feel a rider reads through the tire. Because of that, they can’t feel the grip and end up throttling in a way that doesn’t match what the tire can actually take.
But that was an early problem, since Grand Prix engineers actually addressed it decades ago. They did it by reshuffling the firing order of the cylinders so that they no longer fired at even spacing, which mostly came down to retiming the crankshaft. The upshot was that the noise was far less noticeable at higher rpms, helping riders feel the tire again. However, at the same time, the engine sound also turned a lot more rough, which is why these tweaked engines earned the name big bang.
At least, on paper, with the kind of performance they offer, inline-fours look pretty close to ideal. Moreover, since their pistons move in opposite directions in pairs, they keep each other in check, canceling out the coarse shake that plagues smaller engines. However, they come with one big catch. While they get rid of primary imbalance, they still suffer from what engineers call secondary imbalance. Due to a quirk of the rod geometry, the pistons in these engines do not all travel at the same speed through a single revolution. This creates a buzz that the engine cannot smooth out on its own.
Now, there is a fix, called the counterbalancer, which is an extra spinning weight that pushes back against the buzz. It works, too, just not perfectly. However, it’s still an additional component, and more components mean higher complexity, which translates to steeper costs and pricier maintenance. The bottom line is these are intricate — if not slightly imperfect — machines, but hey, at least they sound great.
Loro Piana Fall 2026 Enters Houston’s Art Scene
Weekend Open Thread: Nutriplenish Leave-In Conditioner
2026 Genesis Scottish Open Thursday TV coverage: Round 1
Anthropic brings Claude Cowork to mobile and web as usage data shows most users aren’t coding
Super Eagles star Moses Simon opens up on Liverpool transfer regret
Character.AI enters the microdrama arena with its own productions, but there’s a twist
Get Your ESP32 Sunny Side Up With This Solar Dev Board
XRP BOMBSHELL… XRP OMBOARDED FOR TRANSACTIONS!!!
Crypto Just Entered Its Most Important 6-Month Candle (Could Decide Everything!)
Dark Secrets Emerge When Jailbreaking LLMs
Keychron is stepping outside keyboards with a $349 Thunderbolt 5 dock aimed at power users
ASX 200 Slides Over 0.6% as Rare Earths and Lithium Stocks Tumble Amid Global Semiconductor Sell-Off Today
Major update after Huntingdon train attack as man enters plea
Will Trent shares rebound after Q1 update triggers 13% crash? Here’s what technical charts indicate
SpaceX Shares Slide Nearly 6% Amid Post-IPO Volatility and Starship Test Focus
39-year-old Djokovic wins five-hour thriller to enter Wimbledon semis | Other Sports News
Entra passkey enrollment vishing targets Microsoft 365 users
how to make coin bank box with cardboard #scienceproject #money #diy #shorts
Cloudflare Precursor Watches Your Mouse and Keyboard To Decide If You Are Human
Level Infinite Launches Gangstar Mirage City in India with Pre-Registrations
You must be logged in to post a comment Login