Kevin Weil, OpenAI’s former chief product officer who was recently tapped to build a new AI workspace for scientists, Prism, is leaving the company, WIRED has confirmed. Weil was previously an early executive leading product at Instagram.

“Today is my last day at OpenAI, as OpenAI for Science is being decentralized into other research teams,” Weil said in a social media post on Friday, shortly after WIRED reported his departure. “It’s been a mind-expanding two years, from Chief Product Officer to joining the research team and starting OpenAI for Science.”

Weil did not immediately respond to a request for comment from WIRED.

OpenAI is also sunsetting Prism, which the company launched as a web app in January to give scientists a better way to work with AI. The company is folding the roughly 10-person team behind it under OpenAI’s head of Codex, Thibault Sottiaux, and aims to incorporate Prism’s capabilities into its desktop Codex app. An OpenAI spokesperson confirmed the changes and tells WIRED this is part of the company’s effort to unify its business and product strategy. OpenAI has broader ambitions to turn Codex, its AI coding application, into an “everything app.”

Weil, who joined OpenAI in June 2024, announced last September that he would be starting a new initiative inside of the company called OpenAI for Science. Now, OpenAI is dispersing those employees throughout the company’s product, research, and infrastructure teams. An OpenAI spokesperson reiterated the company’s commitment to accelerating scientific discovery and says it’s one of the clearest ways AI can benefit humanity. Earlier on Friday, the company announced a new series of AI models—GPT-Rosalind—built to help life sciences researchers work faster.

OpenAI is trying to refocus the company around a few key areas, such as enterprise offerings and coding, as the company faces increasing pressure from rivals like Anthropic and gears up to file for an IPO later this year. In March, OpenAI’s CEO of AGI deployment, Fidji Simo, told staff that the company needs to simplify its product offerings. The push to divert resources to more consequential efforts resulted in OpenAI discontinuing its Sora video-generation app.

Unrelated to Weil’s news, two other executives announced on Friday that they are departing OpenAI. OpenAI’s chief technology officer of enterprise applications, Srinivas Narayanan, announced internally that he is leaving the company to spend time with his family. Narayanan had joined OpenAI as the company’s VP of engineering. And Bill Peebles, head of Sora, posted on X that he was done at OpenAI as well.

The exits of Weil, Peebles, and Narayanan are just the latest in a series of executive shake-ups at OpenAI. The company recently announced a major reorganization of its executive team as Simo took a medical leave to focus on her health. In the same announcement, OpenAI said cofounder and president Greg Brockman would oversee the company’s products in the interim, and the company’s chief marketing officer, Kate Rouch, would take a leave of absence due to medical issues. Chief operating officer Brad Lightcap transitioned to a “special projects” role as part of the restructuring as well.

OpenAI CEO Sam Altman seemed to acknowledge the various upheavals in a recent blog post. “I am also very aware that OpenAI is now a major platform, not a scrappy startup, and we need to operate in a more predictable way now,” he wrote. “It has been an extremely intense, chaotic, and high-pressure few years.”

PwC research found that Irish companies are somewhat lagging behind their global peers where AI implementation and benefits are concerned.

Professional services company PwC has released data exploring how organisational leaders are navigating AI gains across a range of areas, such as growth, revenue, investment, workflows, autonomous decisions, reinventing business models and governance, and analysing where the AI leaders are driving results.

PwC collected data for a survey from 1,217 senior executives around the world, including from Ireland, at a director level or above, at companies across 25 sectors and multiple regions worldwide. 

From that information, PwC found that nearly three-quarters (74pc) of AI’s economic gains are being utilised by only 20pc of companies. According to the findings, this is indicative of a “stark and widening divide between a small group of AI leaders and the majority of businesses still stuck in pilot mode”.

Commenting on the report, David Lee, the chief technology leader for PwC Ireland, said, “Many companies are busy rolling out AI pilots, but only a minority are converting that activity into measurable financial returns.

“The leaders stand out because they point AI at growth, not just cost reduction, and back that ambition with the foundations that make AI scalable and reliable.”

Is Ireland keeping pace?

Ireland specifically was found to be falling behind its global peers when it comes to AI implementation and benefits.

Lee said: “Based on our previous studies, Irish companies do somewhat lag global peers where AI implementation and benefits are concerned.”

He added that “PwC’s 2026 Irish CEO survey reveals fewer Irish CEOs (8pc) report AI application across a range of business areas compared to global counterparts (18pc), including demand generation, products, services, experiences and strategic direction-setting”.

He noted: “Some of the benefits from AI are also taking longer to come through compared to global peers, with Irish organisations seeing the opportunities from AI, but are not yet grasping the transformative powers.

“17pc of Irish CEOs say that AI has delivered increased revenues in the past 12 months, behind global peers (29pc). Nearly a quarter (23pc) say that AI has delivered cost reductions in the past 12 months, also behind global peers (26pc).”

The companies that are leading were found to be roughly two to three times more likely to use AI to identify and pursue growth opportunities or reinvent their business model. They are also twice as likely to redesign workflows to incorporate AI rather than simply adding new AI tools.

They are nearly three times more likely to have increased the number of decisions made without human intervention and were shown to be going further in relation to AI governance. Within high-performing companies, trust at scale models were found to be effective. 

The report said, “AI leaders are more likely than other companies to have mechanisms such as a responsible AI framework (1.7 times as likely as other companies) and a cross-functional AI governance board (1.5 times). As a result of their efforts, their employees are twice as likely to trust AI outputs.”

Time for a change

PwC’s report suggested that a failure to shift the current approach to the implementation of artificial intelligence by the majority would likely widen the performance gap between AI leaders and “laggards”, particularly as leading organisations continue to learn, grow, and automate safely and speedily.  

Commenting on the results of the research, Martin Duffy, the head of AI and emerging technologies at PwC Ireland, said: “AI return on investment comes down to execution discipline – clear metrics, fast stop-or-scale decisions and designs built for reuse. Value shows up when AI is embedded in everyday workflows, not isolated pilots.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Quordle was one of the original Wordle alternatives and is still going strong now more than 1,400 games later. It offers a genuine challenge, though, so read on if you need some Quordle hints today – or scroll down further for the answers.

Enjoy playing word games? You can also check out my NYT Connections today and NYT Strands today pages for hints and answers for those puzzles, while Marc’s Wordle today column covers the original viral word game.

Good morning! Let’s play Connections, the NYT’s clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need Connections hints.

What should you do once you’ve finished? Why, play some more word games of course. I’ve also got daily Strands hints and answers and Quordle hints and answers articles if you need help for those too, while Marc’s Wordle today page covers the original viral word game.

Grinex, a US-sanctioned cryptocurrency exchange registered in Kyrgyzstan, said it’s halting operations after experiencing a $13 million heist carried out by “western special services” hackers.

Researchers from TRM, which has confirmed the theft, put the value of stolen assets at $15 million after discovering roughly 70 drained addresses, about 16 more than Grinex reported. Neither TRM nor fellow blockchain research firm Elliptic has said how the attackers slipped past Grinex’s defenses. Grinex said it has been under almost constant attack attempts since incorporating 16 months ago. The latest attacks, it said, targeted Russian users of the exchange.

Damaging “Russia’s financial sovereignty”

“The digital footprints and nature of the attack indicate an unprecedented level of resources and technology available exclusively to the structures of unfriendly states,” Grinex said. “According to preliminary data, the attack was coordinated with the aim of causing direct damage to Russia’s financial sovereignty.”

“Due to the attack, the Grinex exchange is forced to suspend operations,” Grinex continued. “All available information has been transferred to law enforcement agencies. An application has been submitted to the location of the infrastructure to initiate a criminal case.”

TRM said that TokenSpot, a second Kyrgyzstan-based exchange, was also breached. Two of the exchange’s addresses sent funds to the same consolidation address used by the affected Grinex-linked wallets. What’s more, both exchanges became inoperable on Wednesday, suggesting they were hit by the same attacker.

TRM said TokenSpot was a front for Grinex, which the US Treasury Department sanctioned last year. The department’s Office of Foreign Assets Control said that Grinex, in turn, was a rebrand of Garantex, an exchange it had sanctioned in 2022. The department said then that Ganantex had “directly facilitated notorious ransomware actors and other cybercriminals by processing over $100 million in transactions linked to illicit activities since 2019.” Last year’s sanctions against Grinex came a few months after TRM said that the exchange was likely a front for Ganantex.

• The dual agent AI system autonomously solved Anderson’s conjecture from 2014
• Rethlas explores problem-solving strategies like a human mathematician would
• Archon transforms potential proofs into projects for the Lean 4 verifier

A research team led by Peking University developed a dual-agent AI system capable of solving advanced mathematical problems while also verifying its own results.

The system resolved a conjecture proposed in 2014 by Dan Anderson, completing the process within 80 hours of runtime.

The underground market for stolen credit card data has long operated as a volatile and highly deceptive ecosystem, where even experienced actors routinely fall victim to scams, exit schemes, and compromised services.

In recent years, this environment has become even more unstable, driven by increased law enforcement pressure, internal distrust among criminals, and the rapid turnover of marketplaces. As a result, threat actors are increasingly forced to adopt more structured approaches to identifying reliable suppliers and minimizing risk within their own illicit operations.

A guide found on an underground forum by Flare analysts sheds light on how threat actors themselves navigate the volatile world of credit card (CC) marketplaces.

The document, titled “The Underground Guide to Legit CC Shops: Cutting Through the Bullshit”—provides a structured look at how actors attempt to reduce risk in an ecosystem plagued by scams, law enforcement infiltration, and short‑lived operations.

Analysis of the guide reveals more than just practical advice. It outlines a methodology for vetting carding shops, operational security practices, and sourcing strategies, effectively documenting how today’s fraud actors think about trust, reliability, and survivability.

While parts of the guide appear to promote specific services, suggesting a possible vested interest from its author, it still offers a valuable glimpse into the inner workings of the carding economy, and the evolving standards actors use to operate within it.

From Opportunistic Fraud to Supplier Vetting Discipline

One of the most striking aspects of the guide is how it reframes carding from opportunistic fraud into a process‑driven discipline. Rather than focusing on how to use stolen cards, the document emphasizes how to evaluate suppliers.

This shift reflects a broader evolution within underground markets, where the primary risk is no longer just operational failure, but being defrauded by other criminals or interacting with compromised infrastructure.

The author repeatedly stresses that legitimacy is not defined by branding or visibility, but by survivability. In other words, a “real” shop is one that continues operating over time despite law enforcement operations, scams, and internal instability.

This aligns with observed trends in underground economies, where the lifespan of marketplaces has become increasingly unpredictable, forcing actors to adopt continuous verification practices.

The guide makes it clear that what separates a “legitimate” shop from the rest isn’t branding or uptime, it’s the quality of the stolen data it delivers. References to “fresh bins” (BIN = Bank Identifiable Number) and low decline rates point directly to the sources behind the data, whether from infostealer infections, phishing campaigns, or point-of-sale breaches. In this ecosystem, reputation isn’t built on promises but on consistently providing cards that actually work.

Shops that fail to maintain reliable data sources are quickly exposed, while those with steady access to fresh compromises rise to the top.

Building Trust in a Trustless Market

Transparency is another recurring theme. The guide highlights the importance of clear pricing models, real‑time inventory, and functional support systems, including ticketing and escrow services. These characteristics closely mirror legitimate e‑commerce platforms, underscoring how leading carding shops have adopted business practices designed to build user confidence and reduce friction.

Equally important is the role of community validation. The guide dismisses on‑site testimonials as unreliable, instead directing users toward discussions in closed or invite‑only forums. This reflects a broader fragmentation of the underground landscape, where trust is increasingly tied to controlled environments and long‑standing reputations.

Actors are encouraged to look for sustained discussion threads and historical presence, rather than isolated positive feedback.

The document also reveals a strong awareness of adversarial pressures. The emphasis on security‑first infrastructure, such as mirror domains, DDoS protection, and the absence of tracking mechanisms, suggests that operators are actively defending against both law enforcement monitoring and competing criminal groups.

In effect, these marketplaces function not only as distribution platforms, but as hardened environments designed to ensure operational continuity.

The Technical Checklist 

Beyond high‑level principles, the guide introduces a step‑by‑step vetting protocol that provides insight into how threat actors conduct due diligence. Technical checks such as domain age, WHOIS privacy, and SSL configuration are presented as baseline requirements.

While these checks are relatively simple, they demonstrate an effort to apply structured analysis to what has historically been a trust‑based decision process.

The guide also highlights the importance of identifying mirror infrastructure and backup access points, noting that established operations rarely rely on a single domain. This reflects a practical understanding of the instability of underground services, where takedowns and disruptions are common. The presence of multiple access points is framed as an indicator of operational maturity and resilience.

Social intelligence gathering plays an equally significant role. Rather than relying on direct interactions with vendors, users are encouraged to analyze forum discussions, track vendor histories, and identify patterns of behavior over time.

Particular attention is given to detecting coordinated endorsement campaigns, such as multiple positive reviews originating from newly created accounts, a tactic frequently associated with scams.

Operational Security 

Another critical component of the guide is its focus on operational security. The recommendations provided, while framed in the context of carding, closely mirror practices observed across a wide range of cybercriminal activities. Users are advised to avoid direct connections, utilize proxy services aligned with target geographies, and compartmentalize their environments through dedicated systems or virtual machines.

The discussion of cryptocurrency usage is particularly notable. The guide strongly discourages direct transactions from regulated platforms, instead advocating for intermediary wallets and privacy‑focused assets such as Monero. This reflects a growing awareness among threat actors of blockchain analysis capabilities and the risks associated with traceable financial flows.

Taken together, these OPSEC recommendations highlight an important shift: actors are no longer relying solely on tools to evade detection, but are adopting layered strategies designed to reduce exposure across the entire operational chain. This level of discipline suggests that even mid‑tier actors are increasingly adopting practices once associated with more advanced threat groups.

Scale vs. Exclusivity

The guide further categorizes carding shops into distinct operational models, including large automated platforms and smaller, curated vendor groups. This segmentation reflects the diversification of the underground economy, where different actors prioritize scale, accessibility, or quality depending on their objectives.

Automated platforms are described as highly efficient environments, often featuring integrated tools and instant purchasing capabilities. These operations resemble legitimate online marketplaces in both structure and functionality, enabling users to quickly acquire and test data at scale.

In contrast, boutique vendor groups emphasize exclusivity, higher quality, and controlled access, often relying on invitation‑based systems and long‑term relationships.

Commercial Interests and Operational Reality

Despite its structured approach, the guide is not without bias. The inclusion of a direct endorsement for a specific platform suggests that the author may have a vested interest in promoting certain services. This is a common pattern in underground communities, where informational content is often used as a vehicle for subtle advertising or affiliate activity.

Such endorsements should be viewed with caution. However, they do not necessarily invalidate the broader insights provided by the guide. Instead, they highlight the complex interplay between information sharing and commercial interests within cybercriminal ecosystems.

From a defensive perspective, the guide offers valuable intelligence into how threat actors assess risk and make operational decisions. The emphasis on verification, community validation, and layered security reflects a level of maturity that complicates traditional disruption efforts. Rather than relying on single points of failure, actors are increasingly building redundancy and adaptability into their workflows.

Ultimately, the document serves as both a playbook and a signal. It demonstrates that the carding ecosystem became more structured, more cautious, and more resilient. For defenders, understanding these dynamics is critical to anticipating how these markets will continue to evolve, and where opportunities for disruption may still exist.

How Flare Can Help

Flare helps organizations stay ahead of fraud by continuously monitoring underground forums and marketplaces, revealing how threat actors source, vet, and use stolen credit card data. This provides early insight into attacker behavior, including how they optimize success rates, build trust, and adapt to defenses.

By turning this intelligence into actionable insights, Flare enables security teams to detect exposures, anticipate fraud campaigns, and disrupt attacker workflows-shifting from reactive response to proactive, intelligence-driven defense.

Learn more by signing up for our free trial.

Sponsored and written by Flare.