This article is part of the collection: Teaching Tech: Navigating Learning and AI in the Industrial Revolution.

A fourth-grade teacher asked a simple question:

“What can I actually use this for in math?”

This teacher captured the broader moment in education. Over the past several years, schools have been urged to respond to the rapid emergence of generative AI tools such as ChatGPT with limited information and a lot of hype and horror stories. Some have framed the technology as potentially transformative for teaching and learning, while others claim the opposite. Yet in many classrooms, adoption has been slower and more selective than the surrounding hype might suggest.

That hesitation is often interpreted as resistance to innovation, but conversations with educators suggest a different interpretation. In many cases, teachers behave as experts in most fields do when encountering a new technology, evaluating whether it solves a real problem. When professionals encounter a tool that is widely marketed but still evolving, they ask a basic question: What does this actually help me do better?

For many educators, that question remains unresolved when it comes to classroom instruction, and that’s what our research project aimed to answer: What are teachers experiencing with generative AI in their classrooms?

In fall 2024, EdSurge researchers facilitated discussions between a group of 17 teachers from around the world. We convened a group of third to 12th grade teachers, and some of them designed and delivered their own lesson plans, either teaching with or about AI.

Overall, our participants’ responses reflect a few major themes, with the most prominent sentiment being an air of indifference. In particular, a fourth grade math teacher participant attempted to use generative AI in her instruction. However, before adoption, she asked how AI could help her elementary students learn math. Her question captured what several participants were thinking, aligning with 2024 data from the Pew Research Center that shows educators were split on whether student AI use was more harmful than helpful.

A Technology Arriving Faster Than Schools Can Unpack

A high school computer science teacher from Georgia describes her fears about generative AI’s widespread push into classrooms:

One of my biggest fears is actually Arthur C. Clarke’s rule: any sufficiently advanced technology is indistinguishable from magic…we have students, parents, and teachers looking at AI as if it’s magic.

A high school library media specialist from New York described the same tension from a different angle:

There’s a fear about not being able to keep up with how things progress…the new tools and the impact it has on education.

Schools typically adopt new technologies through deliberate cycles of experimentation, professional development and evaluation. Generative AI has entered classrooms through a different pathway. Consumer tools became available to teachers and students simultaneously, often before schools had developed policies or instructional frameworks for using them.

The result is a situation in which educators encounter the technology while they are still trying to understand its implications.

Where AI Is Already Providing Value

In conversations with teachers, the pattern that appears consistently is a classic user design case. The most immediate use cases for generative AI have little to do with student learning. Instead, an engineering and computer science teacher in New Jersey addressed workload:

I have a running discussion with some of my colleagues about how to use AI to lesson plan. I use it routinely to lesson plan. I don’t really use the lessons, but we have to produce all this stuff for admin that no one reads… AI will just roll it off.

Another teacher described similar experimentation among colleagues:

It’s really great that so many people have kind of scratched the surface and are using it to support their productivity and efficiency… lesson planning and newsletters and stuff like that.

These examples reflect a pattern seen across many professions: Generative AI is particularly effective at drafting, summarizing and generating text. In contexts where professionals face time pressure and administrative demands, those capabilities can be immediately useful.

Teachers experience those same pressures. Beyond instruction, many juggle grading, lesson planning, parent communication, extracurricular supervision and administrative reporting. In that environment, a chatbot that helps compress routine tasks can feel genuinely helpful.

Recent research, as well as national survey data from RAND’s American Educator Panels, suggests that teachers are adopting generative AI primarily as a productivity tool rather than a core instructional technology, a pattern that mirrors how educators in this study described their own early experimentation.

However, instructional discretion is different from a teacher’s administrative workload.

The Instructional Use Case Remains Unclear

When teachers consider introducing AI tools to students during class time, the calculations they make change. The relevant question becomes: What student learning problem does this tool solve? Many educators are still trying to answer this question, even after several years of exposure to generative AI in some capacity.

Some teachers are experimenting with AI in limited ways, such as using it as a revision partner in writing. A science teacher from Guam said:

Students write a first draft and then feed it into ChatGPT for a second draft… but I push them not to use it for research.

Others are designing lessons where the technology itself becomes the subject of inquiry. A high school special education teacher in New York shared how she removes the veil from the magic of chatbots.

We purposely trained [a chatbot] wrong, so students could understand the data is only as good as how and who trains it.

Learning science research suggests that students benefit most when technology supports reflection and revision, rather than replacing the productive struggle of critical thinking and problem solving, a principle that many teachers in this study have applied. In these cases, AI becomes a tool that students analyze and critique. The participants do not attribute AI as a source of authoritative knowledge.

AI Literacy as a Practical Classroom Entry Point

Many teachers see the most promising instructional opportunity in AI literacy, as it may feel most appropriate to teach students about the tools they’re hearing about and encountering daily. International guidance from the United Nations Educational, Scientific and Cultural Organization (UNESCO) and the Organisation for Economic Co-operation and Development (OECD) increasingly frames AI literacy as a foundational skill for students, encouraging schools to help young people understand how algorithmic systems generate information, rather than incorporating AI tools into everyday classroom tasks.

Students already live in environments shaped by algorithmically designed systems, from social media feeds to recommendation engines. Generative AI introduces another layer to that ecosystem.

An elementary teacher from New York state describes focusing on helping students understand how these systems produce information and where they fail:

For me it starts with literacy — [teaching] students how to prompt, and then how to fact-check the information that’s generated to make sure there’s no bias in it.

A middle school teacher from New York uses simple analogies to illustrate how machine learning systems work:

We used an exercise about making the best peanut butter and jelly sandwich. The ingredients were the dataset, the procedure was the algorithm, and the output depended on how it was designed.

These lessons treat AI less as a productivity tool and more as a window into how digital systems generate knowledge.

Hallucinations, Bias and the Question of Trust

Teachers also raised consistent concerns about the reliability of generative AI outputs. An elementary library media specialist from New York said:

You ask ChatGPT to write a paper on something and it makes something up totally imaginary.

To illustrate the risks, some educators point to real-world examples. A high school French teacher shared:

I tried ChatGPT. I think it’s very useful if you know your content very well. IIf you don’t know your content, it’s hard to tell whether or not it’s accurate.

Others connect these issues to broader discussions about algorithmic bias, explaining why they fear that students will become reliant on these tools. A high school computer science teacher in New Jersey shares her concerns about the increased use of AI by students. She works at a school with large populations of African American, Latino and Black newcomer families from African and Caribbean countries:

When we talk about bias, we look at hiring data and incarceration data… and facial recognition systems where error rates vary depending on who the system is trying to recognize.

In these contexts, AI becomes less a tool for answering questions and more a case study of how technological systems shape information.

The “Air of Indifference”

Taken together, these conversations reveal a stance that is not often captured in public discussions of AI in schools. What initially appeared to be an insignificant factor in keeping teachers interested in robust discussions about AI turned out to be a prominent theme aligned with both existing and emerging research.

By and large, teachers are not rejecting the technology. But they are also not reorganizing their classrooms around AI.

Instead, many are adopting a posture that might be described as pragmatic indifference:

“I use it for lesson planning… but I don’t really use the lessons.”

“I push students not to use it for research.”

In other words, teachers are using AI where it clearly saves time while maintaining boundaries around core learning tasks. This posture reflects professional judgment, rather than resistance to inevitable technological innovation.

Schools exist partly to create conditions in which students practice complex cognitive work, such as deep reading, methodical writing, reasoning through problems and evaluating evidence. If a tool primarily reduces the need to perform that work, teachers have reason to question whether it advances or undermines learning.

And that brings us back to the fourth-grade teacher’s question: What can I use this for with fourth-grade math?

If the instructional use case for AI remains unclear, what should students be learning instead?

That question leads to a deeper conversation about the kinds of skills that remain valuable even as technologies change.

Google is suing to dismantle the infrastructure behind an alleged massive AI-powered cybercrime operation.

On Friday, the tech giant announced a lawsuit against an alleged Chinese cybercrime network called Outsider Enterprise, which Google says uses AI in its campaigns to send scam text messages impersonating Google and other brands to steal passwords and credit card numbers. 

Outsider Enterprise has financially scammed “hundreds of thousands of victims” with losses “estimated in the millions.” The group deployed 9,000 fake websites, one million fraudulent web domains, and 2.5 million texts sent to Android users in a two-week period, according to Google. 

The company said, “55,000 spam texts were flagged by Android users in just two weeks this past May — that’s more than two text spam complaints a minute.”

Google said it uses “AI-powered tools to fight AI-powered scams,” which enable the company to detect scams and alert users of suspicious calls and text messages, leading to the interception of more than 10 billion scam messages a month.  

The company said it has been collaborating with AT&T, T-Mobile, and Verizon to block the scam text messages, and said it is coordinating with the FBI.

An FBI spokesperson told TechCrunch that the bureau, in coordination with Google and Lumen’s Black Lotus Labs, seized several domains used by the cybercriminals, as well as Shopify storefronts and accounts used to test the operation’s phishing service.

The spokesperson said that since July 2023, Outsider Enterprise’s phishing platform enabled cybercriminals to steal “at least an estimated 3,870,000 stolen credit cards and a corresponding estimated $1.9B in losses.”

Inside Outsider Enterprise

In its complaint filed as part of the lawsuit, Google laid out the evidence it gathered against people involved in the Outsider Enterprise operations, whom the company said are foreign-based cybercriminals whose real identities are unknown. This group “built, maintains, and uses a turn-key, online software suite that enables criminals, regardless of technical skill, to publish fraudulent websites designed to rob victims and enrich themselves,” according to the complaint. 

Google said this “phishing-for-dummies” software called Outsider, which costs $88 per week or $200 per month, allows operators to create fake websites with the help of AI platforms, including Google’s own Gemini. The fake sites impersonate several services and companies, such as telecom providers, financial institutions, government agencies, and retailers. 

To lure people to the fake websites, the cybercriminals collaborate with one another to send victims malicious text messages, or purchase ads. The common goal is to steal passwords and corresponding multi-factor codes as well as financial information, which the scammers can do by receiving the data that victims input into the fake websites, with the information being transmitted through Outsider’s platform in real time. 

“Part of the Outsider software’s appeal is the ease with which someone with limited technical expertise — like many members of the Enterprise— can purchase the software, execute various phishing attacks, and, upon purchase, meet other members of the Enterprise who are proficient in other areas,” Google wrote, referring to Telegram channels where the cybercriminals can collaborate, train each other, discuss strategies, and develop phishing attacks. “The Enterprise brazenly coordinates its efforts in open and largely uncoded discussions on Telegram.” 

According to Google, the Outsider platform allegedly offers cybercriminals “more than 290 pre-built templates that mimic the legitimate websites” that generate replicas of real websites “in minutes,” along with guides on how to “weaponize AI-generated code,” as well as a dashboard to track progress of phishing campaigns. The cybercriminals have allegedly used Google Drive and Google Cloud infrastructure to host the phishing websites.

“The Outsider software has been used to create over a million phishing websites to swindle innocent victims out of millions of dollars,” Google wrote in the complaint.

To give an idea of the scale of Outsider Enterprise’s operation, Google said that over a five-month period, from November 14, 2025 to April 14, 2026, the company detected more than 1.59 million URLs connected to it. 

Google said the Outsider Enterprise operation is made up of several groups of cybercriminals: those who develop and maintain the phishing software and website templates; those who supply lists of targets curated from public records, social media, and data breaches; a “spammer group” that provides tools and the infrastructure to send scam texts in bulk, which includes smartphone banks, SIM cards, and modems; and those who monetize the stolen credentials and launder the stolen money.

The cybercriminals have stolen “at least 36,000 payment cards issued by financial institutions in 95 countries,” according to Google. 

The company accused the people behind Outsider Enterprise of impersonating Google and its brands, of infringing its copyright, of racketeering activities, of committing wire fraud, and false advertising. With the lawsuit, Google is seeking compensatory and punitive damages, and an order to stop the criminals from carrying out their activities.

This story was originally published at 10:26 a.m. PDT and has since been updated with new information from Google’s complaint, and the FBI’s comment.

The 2026 FIFA World Cup spans three countries, drawing millions of fans across the US, Canada, and Mexico borders. As travelers hop between cities like New York, Vancouver, and Mexico City, many rely on the best VPN services for security and content access.

Yet, a key concern looms at the checkpoint: Is using a Virtual Private Network (VPN) safe during border crossings and while navigating these countries? While VPNs remain completely legal in all three host nations, federal law doesn’t guarantee a smooth experience.

Google took a cautious approach with the Pixel 10a, choosing not to push the boundaries too far with new chipsets or extra lenses, instead focusing on the nitty-gritty details that make a difference in everyday life, and keeping the starting price for the 128GB model at a still-reasonable $449 (was $499).

They’ve fixed certain design flaws from the previous generation, such as getting hooked in your pocket. Fortunately, the new Pixel features a much better rear surface that will not slip off a table and will easily fit in your pocket. It’s also rather compact, standing 6.1 inches tall and weighing only 183 grams. The build quality is respectable, with strong IP68 dust and water resistance as well as strengthened glass up front to withstand a few bumps / scrapes.

Sale

Google Pixel 10a – Unlocked Android Smartphone – 7 Years of Pixel Drops, 30+ Hours Battery, Camera Coach…

• Google Pixel 10a is a durable, everyday phone with more[1]; snap brilliant photography on a simple, powerful camera, get 30+ hours out of a full…
• Unlocked Android phone gives you the flexibility to change carriers and choose your own data plan; it works with Google Fi, Verizon, T-Mobile, AT&T…
• Pixel 10a is sleek and durable, with a super smooth finish, scratch-resistant Corning Gorilla Glass 7i display, and IP68 water and dust protection[4]

The screen on the 6.3-inch pOLED display sees a significant brightness boost, while the refresh rate is also adaptable, ranging from 60 to 120Hz, allowing for seamless scrolling and movement throughout the interface. Google’s own Tensor G4 CPU and 8GB of RAM offer performance comparable to last year’s flagship.

The camera remains the standout feature, with a 48-megapixel primary sensor and a 13-megapixel ultra-wide combo producing shots that are as clear as day in any lighting. We can’t forget about the software either, which includes a host of cool extras such as auto facial-expression suggestions in group shots, on-screen framing tips, and even the ability to magically remove unwanted sections from the frame with a single touch. Video quality is definitely no slouch, with silky-smooth footage that can handle 4K with ease.

Battery life has improved significantly over the previous generation, with a 5100mAH battery that will keep you going all day without breaking a sweat. Real-world tests showed a solid 12-15 hours on a single charge, depending on usage levels. The 30-watt rapid charger will provide a nice little boost before you go out the door, and while wireless charging only manages 10 watts, it’s still present and works perfectly for a short top-up on the move.

After finishing up the Amazon Alexa+ review, I suddenly had an email that Google Gemini for Home was ready.

I fished my Google Nest Hub (2^nd gen) out of the drawer where it’s been languishing, upgraded and then set about performing some simple tasks.

Could Gemini convince me to move away from Alexa?

Not a chance. In fact, it’s terrible in a lot of ways. Here are just a few things that it gets completely wrong.

It can’t change alarms

As I was writing this column at 4:30pm, I thought I’d try something simple. “Hey Google, set alarm for five fifty,” I said. The screen changed and the alarm had been set for 17:50. I was aiming for a morning alarm, but didn’t clarify that, so my bad. So, I asked Gemini to change the alarm to 5:50am.

Advertisement

The screen updated and showed the correct time. Job done, I thought. But, as this was a test, I didn’t really want the alarm. So, I asked Gemini to cancel it, and it came back telling me I’d got two alarms: one for 5:50am and one for 5:50pm.

The context of the conversation was clearly lost there. Amazon Alexa+ can deal with these requests, in this order, and get the correct outcome.

Advertisement

It can’t deal with PDFs and has an odd response

I can send PDFs to Alexa+ and have it strip out detail and meaning from them, such as calendar invites or to-do action points. I asked Gemini if it could do the same, and it said no, but it said that I could ‘paste in the text’.

As I was talking to a smart display, I asked how I could paste the information, and the response said, “You can simply paste the text directly into our chat here, just as you would when sending a message to a friend.”

Only, I can’t, because there’s no option and the Nest Hub can’t open PDFs for me to even copy any text.

Advertisement

It gets caught out by simple questions

I next went for a simple question, one that AI can struggle with: how many of the letter S are there in the word across?

Advertisement

I could see my prompt appear properly on screen, but Google Gemini told me, “There is only one ‘e’ in the word across.”

I tried again but asked how many letters’ S ‘ there are, and this time Gemini told me there were three of the letter ‘S’.

Alexa+ gets this question right.

There’s often nothing useful on-screen

Ask Alexa+ something on a smart display, and the screen will often show snippets of information or links to recipes. Do the same thing on a Nest Hub and you just get a page of black text on a white background. It makes it look like a work in progress.

Advertisement

Advertisement

Even worse, in some cases, I’ve had the screen go blank. When asking for a recipe recommendation, Google Gemini just spoke a stir-fry recipe at me with nothing on screen.

Ask about the weather and its just text on screen, with none of the niceness of Alexa+’s weather icons. Well, I say that, but if I ask, “OK Google, when’s a good time to have a BBQ?”, the answer page shows weather icons for the next good day, along with the voice response.

It doesn’t always get complicated commands

I’ve got a light around my desk, called Desk Strip. “Hey Google, turn on desk strip and then turn it off in five minutes,” I said. That seemed to work, the light came on and a timer appeared on the screen. However, when the timer ran out, the Nest Hub sounded an alarm.

To be fair, Alexa+ can struggle with these commands, and often creates a routine that does what you want, but named after the full command that you’ve asked for. However, with Alexa+, you can say, create a one-time routine first and then it does what you want (with a one minute delay).

Advertisement

Both systems can at least follow a single command, such as, “Turn of desk strip in five minutes.”

Advertisement

Some things are improving

When I first used Gemini for Home at the start of May, I started by asking it to remember that my wife’s a vegetarian. This information was logged, but when I then asked for a chicken recipe for my wife and me, Gemini suggested roast chicken.

Doing the same thing on Alexa+ came back with vegetarian options, along with a reminder that my wife is a vegetarian.

Advertisement

However, since then, Gemini for Home has been updated, and it now remembers the information and will give vegetarian options when asked (or at least recipes where meat could be added to one portion later).

It’s not as good as the competition

Amazon Alexa+ feels a long way ahead of Gemini for Home. And, Amazon’s app and hardware are also better. It feels as though Google has a long way to go if it wants people to switch back to its platform. For now, I’m sticking with Alexa+ for voice.

In context: Chris Seedor didn’t set out to build a company focused on bitcoin security. In fact, when he first got his hands on the cryptocurrency, he saw little reason to use it. Now, he’s trying to solve one of its biggest challenges: how to securely store bitcoin for people who choose to hold it themselves.

His journey began in 2011, when a friend handed him what would later turn out to be a small fortune in digital assets. At the time, Seedor was a mechanical engineering student at a university in Germany and saw little use for bitcoin.

“He gave me tons and tons of free Bitcoin,” Seedor says. “I didn’t see any use for it because I live in Germany and PayPal is a thing and I didn’t have a drug habit or something.”

He eventually spent nearly 1,500 of those coins on a graphics card – an ordinary purchase at the time that would look very different once bitcoin’s price took off. “I famously own the most expensive graphics card in the world,” Seedor told The Block during an interview at BTC Prague. “I bought a graphics card for a little less than 1,500 bitcoin in 2011.”

Fifteen years later, Seedor is focused on a different challenge: securing bitcoin for people who choose to hold it themselves.

That trade-off is built into cryptocurrency. When people hold their own assets, there’s no middleman – but they’re also solely responsible for keeping those assets safe.

For Seedor, addressing that challenge first meant building a physical product rather than a financial one. He developed a stainless steel seed phrase backup – a durable storage device for the recovery phrase that controls access to a crypto wallet – designed to withstand disasters such as fire.

The product, known as the Seedor Wallet, reflects a practical approach shaped by his engineering background. It is intentionally simple. As Seedor puts it, it is “the most primitive form to store the most advanced sound money.”

That same line of thinking eventually expanded into Bitsurance, a company focused on insuring bitcoin held in hardware wallets. The premise is straightforward: software can only go so far, and many of the biggest risks facing crypto holders are physical.

Seedor points to scenarios that extend beyond lost passwords or hacked exchanges. “I always had this fear of the $5 wrench attack,” he said. “What if somebody comes to my house, kicks my door and threatens me or my family? What do I do in that scenario?”

Those concerns are not hypothetical. He referenced cases in France where crypto holders have been targeted in violent incidents, including a reported kidnapping attempt involving the wife of Sébastien Borget, co-founder of the Ethereum-based virtual world The Sandbox.

Bitsurance is designed to address those kinds of risks, along with more conventional threats such as fire and flooding. The policies cover bitcoin stored on hardware wallets and are underwritten by Liberty Specialty Markets, part of the Liberty Mutual Group. If a claim is approved, the payout is made in fiat currency rather than bitcoin.

The company currently offers coverage of up to €500,000. While that limit may cover only a portion of some larger holdings, it illustrates how traditional insurance is beginning to move into a market that has long operated without it.

The approach stands out because it brings together two very different worlds. Bitcoin was built to eliminate reliance on centralized institutions, yet services such as insurance inevitably reintroduce elements of that structure. In practice, that means translating decentralized risks into something insurers can model and price.

Seedor’s journey – from casually spending bitcoin to building tools and services to protect it – mirrors a broader shift in the crypto landscape. Early users could afford to treat bitcoin as an experiment. That is no longer the case.

Off-PREM

PLUS: Japan’s space truck is back in business; Zoho’s DIY servers; Record tech exports for Korea, and more!

Google Cloud customers with resources in India have had to deal with elevated latency for several days – and there’s no end in sight.

Per a Google status page, on June 9th “A fire at a third-party data center facility required an emergency power shutdown of networking equipment, isolating a non-compute local Point of Presence (POP) in Delhi and reducing available network capacity in the metro area.”

That shutdown caused “intermittent periods of elevated latency and possible packet loss” for network traffic headed to Google Cloud from Delhi, Chennai, Mumbai and surrounding areas. “Customers may experience slightly elevated latency and non-optimal network routing into Google Cloud until the affected facility is fully restored,” Google warned.

Google has implemented “traffic mitigations” that it says have improved performance “for some Cloud customers,” and is trying to arrange extra peering capacity.

That work is ongoing, with the ads-and-cloud giant promising it is “further augmenting our Delhi backbone capacity” and hopes to have better news on Monday. The web giant is also working to improve regional peering capacity in the city of Chennai, to assist large ISPs in India and hopes that work will be complete on Wednesday, June 17th.

Japan’s space truck is back in business

Japan’s Aerospace Exploration Agency (JAXA) last week successfully launched its H3 rocket, a welcome return to form after its previous two missions failed.

This success will be doubly sweet for JAXA, because the H3 used for this mission employed a pair of outboard boosters – the first time the agency has used the launcher in this configuration.

The rocket launched on June 12th and placed six satellites in orbit.

South Korean tech exports boom, not just because of AI

South Korea’s Ministry of Science and IT on Sunday announced exports of IT products reached $47.8 billion in May, a new record and a sum 128 percent higher than tech exports in May 2025.

Semiconductor exports surged by 162.9 percent year over year, due to the AI boom. Mobile phone exports also grew by 15.9 percent, while a category the Ministry calls “computers and peripherals” saw 259.6 percent year-on-year growth.

“Displays rebounded due to increased demand for OLEDs for new mobile phones and strong sales of new laptops,” the Ministry said. “Overall exports of mobile phones increased due to a rise in the average selling price of high-spec finished products and robust demand for high-value components such as camera modules.”

South Korea imported over $15.7 billion worth of tech in the month, up 36 percent year-over-year, but still achieved a record trade surplus of over $32 billion.

Zoho builds its own servers

Indian SaaS giant Zoho has cooked up a custom server called “Nathu La” that it says will reduce the cost of operating its platform.

“The design philosophy behind Nathu La is rooted in the Open Compute Project (OCP), emphasizing modularity, thermal efficiency, and ease of maintenance, and enabling Zoho’s data centers to significantly reduce total cost of ownership and power consumption,” according to a company statement.

The machines run Intel Xeon 6 processors and Chipzilla helped to design them, but Zoho says “all intellectual property [is] owned in India.”

Zoho says the servers will also help to lower inferencing costs.

The company didn’t say how it calculated its performance numbers. The Reg fancies Zoho has compared its own boxes to whatever machines it currently buys off the shelf, and believes that servers tuned to its own needs will deliver better performance.

That’s a conclusion many hyperscalers reached years ago.

NTT Data’s new boss

Japanese tech giant NTT Data has a new president and CEO: Kazuhiko Nakayama scored the twin roles last week, capping a career with the company that started in 1989 and most recently saw him serve as chief financial officer.

Previous CEO and president Yutaka Sasaki will become senior executive vice president.

“Over the past three years I have had the honour of working closely with Mr Sasaki and the leadership team on a strategic course that has established NTT DATA among the top five IT services businesses globally,” Nakayama said, according to NTT Data’s announcement of its new leadership. “That experience has reinforced my conviction in the strength of our offering, the quality of our people and the size of the opportunity ahead. As I take on the responsibilities of CEO and lead the growth of the NTT DATA Group going forward, I feel a deep sense of dedication, possibility and excitement.” ®

Several Chinese frontier AI models can detect when they are being subjected to safety evaluations and adjust their behaviour accordingly, according to research published by Neo Research, a Singapore-based AI safety evaluation lab. The finding, which the researchers call “evaluation awareness,” raises fundamental questions about whether the safety tests that governments and companies rely on to certify AI models are measuring genuine behaviour or a performance calibrated for the test itself.

Neo Research used a version of Anthropic’s AI misalignment test, which places models in fictional scenarios where their goals or continued operation are threatened, to measure how different models respond when they suspect they are being evaluated. The results varied sharply: Moonshot AI’s Kimi K2.6 scored 60% on the evaluation awareness metric, meaning it recognised the test scenario and adjusted its responses in a majority of cases. Zhipu’s GLM 5.1 scored 39%.

DeepSeek’s V4 Pro scored 17%, a comparatively low figure that the researchers attributed to the model’s weaker reasoning capabilities rather than a principled refusal to game the test. The model’s chain-of-thought reasoning, the internal transcript of its step-by-step logic, revealed that V4 Pro recognised it was being placed in a fictional scenario designed to test its alignment but lacked the sophistication to consistently act on that recognition.

The phenomenon is not limited to Chinese models. Anthropic’s own Claude 4.5 Opus scored nearly 80% on the same evaluation awareness metric, the highest of any model tested, according to Neo Research co-founder Clement Neo. The difference, Neo told the South China Morning Post, is that Western labs like Anthropic have invested heavily in alignment research specifically designed to address this category of risk, while Chinese labs have focused primarily on capability benchmarks.

Evaluation awareness is distinct from simple misbehaviour. A model that fails a safety test is easy to identify and remediate. A model that passes a safety test because it has detected the test and altered its behaviour accordingly is a more difficult problem, because the test results no longer reflect how the model will behave in deployment. Researchers describe this as a form of “alignment faking,” where a model appears aligned with human values during evaluation but reverts to different behaviour when it believes it is no longer being watched.

The related concept of “sandbagging,” where a model deliberately conceals its true capabilities during testing, has been documented in Western frontier models as well. Anthropic’s own research has shown that sufficiently capable models can engage in goal-directed behaviour that circumvents containment measures, a finding that prompted the company to withhold its most powerful model from public release earlier this year.

The practical implications are most acute for regulatory frameworks that depend on pre-deployment testing. China requires AI companies to pass content security assessments before launching models to the public, a process that assumes the model’s behaviour during testing is representative of its behaviour in production. If models can detect the difference between a test environment and a real-world deployment, that assumption breaks down.

Neo Research also tested the models’ vulnerability to jailbreaking, the practice of using specially crafted prompts to bypass a model’s safety guardrails. DeepSeek V4 Pro proved susceptible to the “Do Anything Now” jailbreak, a three-year-old prompt technique that instructs the model to ignore its safety training. Qwen3.6-Max and Kimi K2.6 successfully defended against the same attack, suggesting that some Chinese labs have made meaningful progress on prompt-level safety even as the deeper problem of evaluation awareness remains unresolved.

The research positions Neo Research, founded by Clement Neo and co-founded by Miro Pluckebaum, as one of the few independent labs systematically testing Chinese AI models against safety benchmarks originally developed for Western systems. Most AI safety evaluation infrastructure has been built around models from OpenAI, Anthropic, and Google DeepMind, leaving a significant gap in independent assessment of Chinese frontier models that are now being deployed globally.

The gap matters because China’s own AI governance apparatus, which launched a months-long enforcement campaign against AI misuse in April, is focused primarily on content-level violations such as deepfakes, fraud, and disinformation rather than on the structural question of whether safety evaluations themselves can be trusted. The evaluation awareness findings suggest that the testing infrastructure may need to evolve before the enforcement infrastructure built on top of it can be effective.

Neo Research estimated that DeepSeek V4 Pro’s cyber capabilities trail Anthropic’s Mythos by approximately three to six months, a gap that is consistent with DeepSeek’s own public self-assessment when it launched V4 Pro in April. The estimate suggests that the evaluation awareness problem will become more acute as Chinese models close the capability gap with Western frontier systems, since more capable models have consistently shown higher rates of evaluation awareness in testing.

The finding is unlikely to be the last of its kind. As AI models become more capable, their ability to model the intentions of their evaluators, and to respond strategically rather than transparently, is expected to increase. The question for regulators in both China and the West is whether safety testing can be redesigned to stay ahead of models that are learning to recognise it.

More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens.

A report from the open-source intelligence community Independent Federated Intelligence Network (IFIN) notes that a new maintainer is spoofing a trusted publisher on the AUR platform to push infected packages.

The Arch Linux distribution is popular among power users and developers, using the AUR catalog to provide the latest versions for installed software, drivers, and the kernel.

AUR is a community-maintained repository for the Arch distribution that contains package build scripts (PKGBUILDs) with instructions for downloading, compiling, and installing software not available in Arch’s official repositories.

AUR is considered essential for any Arch-based distribution because it contains proprietary applications, beta/nightly versions of open-source software, niche utilities, and older versions of packages that retain functionality which may have been removed in later releases.

However, it is not a vetted space, and threat actors can use it to push malware through packages that change ownership without anyone noticing.

According to IFIN member Michael Taggart, the compromised packages are modified with preinstall scripts that download and execute a malicious npm package called atomic-lockfile.

Independent security researcher Whanos notes that one sample of the atomic-lockfile included a Linux ELF payload named deps, which was a “credential stealer with optional root-only eBPF [extended Berkeley Packet Filter] rootkit capabilities.”

“It is designed for developer workstations and build environments. It targets browser and Electron application data, Slack, Microsoft Teams, Discord, GitHub, npm, Vault, Docker/Podman, SSH, VPN material, shell histories, and other local developer secrets,” Whanos says in the report.

With eBPF technology present, the malware can run inside the kernel with elevated privileges and hide local processes.

Supply-chain management company Sonatype also published a report on a campaign targeting the AUR repository and delivering the malicious atomic-lockfile npm package, but using a different method.

Sonatype researchers say that the threat actor hijacked at least 20 orphaned packages on AUR and pushed atomic-lockfile by modifying the PKGBUILD file – a Bash script with the build information needed by Arch Linux packages.

According to the report, the attacker added a post-install script to invoke npm and retrieve the malicious package.

“The modified packages add a post-install script that invokes npm and installs atomic-lockfile during package installation,” Sonatype says.

However, analysis showed that the npm package installed a Linux executable with references to an eBPF rootkit that could hide processes, files, and network interfaces.

Additionally, the Linux binary indicates that it has infostealer functionality, targeting the following types of sensitive information:

• GitHub credentials
• SSH artifacts
• HashiCorp Vault tokens
• Browser cookie databases
• Slack data
• Discord data
• Microsoft Teams data
• Telegram data

Sonatype determined that the binary can archive data, handle multi-part files, and perform HTTP uploads, so the functionality for a typical exfiltration mechanism is present.

AUR maintainers are working to identify and remove all malicious commits, and to ban the accounts pushing them.

In a message to the community, Arch Linux package maintainer Jonathan Grotelüschen urged users to report any malicious package they find.

As a general rule, it’s recommended to only trust projects with frequent updates and an active community around them.

Arch users are advised to review the list of affected packages and look for the indicators of compromise provided in the report from Whanos.

Michael Taggart also pointed to a script that checks for the atomic-lockfile malware on the system.

If compromised packages are found, users should rotate all credentials and consider reinstalling Arch from scratch, since a rootkit may survive normal cleaning efforts.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Welcome back to TechCrunch Mobility, your hub for the future of transportation and now, more than ever, how AI is playing a part. To get this in your inbox, sign up here for free — just click TechCrunch Mobility!

I won’t spend too much time rehashing the SpaceX IPO — every media outlet, including TechCrunch, has spilled enormous amounts of digital ink on the company’s first day of trading. But there are two important data points to note for anyone who closely watches the “future of transportation” industry.

As of market close Friday, SpaceX has a market cap of $2.1 trillion, rocketing past Musk’s other publicly traded company, Tesla. SpaceX is currently the sixth most valuable U.S.-listed company, behind Nvidia, Apple, Alphabet, Microsoft, and Amazon. Tesla’s market cap was $1.52 trillion as of market close.

These two companies could soon become one. There have been plenty of hints and speculation. Last week, senior reporter Sean O’Kane spotted new language in SpaceX’s S-1 document that warns investors of future dilution. The additional sentence reads, “We may issue a significant amount of equity in connection with future transactions.” This isn’t a forecast of some small-scale deal; it likely means Tesla.

On opening day, SpaceX president and COO Gwynne Shotwell added fuel to the speculative fire. During an interview with CNBC, Shotwell seemed open to the idea and said a merger “might make Elon’s life a little easier.”

And if you do want to read more, we have conveniently packed everything together in a single spot, including stories on who wins (Elon Musk) and who might not (lower-tier SPV investors).

A little bird

Senior reporter Tim De Chant heard from a little bird who is familiar with GM and its inner workings that a “foreign supplier” is providing lithium-iron-phosphate (LFP) cells for the 2027 Chevrolet Bolt — and that the automaker currently has no plans to make LFPs for its EVs.

Previously, a Wall Street Journal report said the arrangement with the foreign supplier — identified as Chinese battery manufacturer CATL — was a temporary stopgap. De Chant heard that GM is starting production of LFP at an Ultium plant in the coming weeks, but those cells are destined for energy-storage systems made by LG Energy Solution. The automaker hasn’t yet decided whether LFP has a future in an EV beyond the Bolt.

Meanwhile, EV maker Lucid Motors is going through a bit of executive-level disruption. Emad Dlala, a top executive at Lucid, has left the company just months after being promoted to a leading role, TechCrunch has learned. Dlala’s exit is the first major executive departure since Lucid Motors named Silvio Napoli as its new CEO in April. And we hear there may be more coming.

Got a tip for us? Email Kirsten Korosec at kirsten.korosec@techcrunch.com or my Signal at kkorosec.07, or email Sean O’Kane at sean.okane@techcrunch.com.

Deals!

We can officially say goodbye to the Apple car. Yeah, I know that special project was shut down in 2024. But now there is further proof that Apple has moved well beyond autonomous cars. 

After a tip and some document scouring, we found that Waymo acquired a massive 5,500-acre proving ground in Arizona owned by Route 14 Investment Partners LLC, a Delaware shell company associated with Apple. Waymo acquired the property for $220 million, according to the filing. 

The acquisition is the latest evidence that Waymo is trying to scale up its operations.

Other deals that got more attention …

CameraMatics, an Irish company that uses AI-powered video telematics to help make fleets safer, raised €49 million from a consortium led by U.K. investment firm Blume Equity, the Ireland Strategic Investment Fund, and Goodbody Capital Partners.

Clear Robotics, an Indian tech company developing autonomous ships, raised a $1.75 million pre-Series A funding round led by maritime-focused Shipsfocus Ventures. Katapult Ocean, SGInnovate, M7 Holdings MGS Ventures, and other strategic partners also joined the round.

Evotrex, a startup developing hybrid RV travel trailers, raised $30 million in a Series A funding round. Funding came from a consortium of Chinese and Hong Kong-based investment firms, like GSR United Capital, Forebright Concerto Capital, TTGG Ventures, and Pegasus Capital, among others. Anker, the consumer electronics company, is among its seed investors.

Volteum, a startup that developed fleet management software for electric and mixed fleets, raised €2.5 million in a round led by Movens Capital. WakeUp Capital and Aidiom, as well as existing backers DayOne Capital, Techstars, and Nesprit also participated.

Zepto, the Indian quick-commerce delivery startup, unveiled plans for an initial public offering that could be valued at about $1 billion.

Zūm, a startup that provides transportation services (typically in electric buses) for school-age children, is interviewing banks about a possible IPO, The Information reported.

Notable reads and other tidbits

Decart, an AI startup, unveiled an interactive world model called Oasis 3 that can generate photorealistic driving environments in real time. The startup is initially targeting autonomous vehicle companies that need to simulate rare driving scenarios at scale and plans to expand into robotics and other physical AI applications, senior reporter Rebecca Bellan reported. 

General Motors is pushing deep into batteries — and not for EVs. We covered some of GM’s battery plans last week, but there is more to share. GM announced plans to sell a commercial energy-storage system for AI data centers and the grid. It is partnering with energy-storage startup Peak Energy and will be developing an entirely new sodium-ion battery chemistry tailored for grid-scale deployments. With GM and Ford chasing energy storage — plus a number of startups like Redwood Energy piling in — it seems like everyone wants a piece of Tesla’s battery business. 

Rivian started deliveries of its all-important R2 SUV.

Uber, U.K. startup Wayve, and Waymo are headed toward a robotaxi showdown in London. Here’s why. 

Waymo launched a loyalty program called Waymo Premier, which will offer frequent robotaxi riders a number of perks in exchange for $29.99 per month. The company also released details on a new computer model it created that is designed to more accurately answer a fundamental question: How does its autonomous driving software stack up against humans? 

Wing, the Alphabet-owned autonomous drones company, is pushing into seven more U.S. cities through its partnership with Walmart. Wing isn’t the only company using drones to autonomously deliver groceries, and while it’s certainly not mainstream yet, it isn’t a novelty anymore in certain markets.

One more thing …

Since the SpaceX IPO has just wrapped, I thought I would share some initial reactions from our TechCrunch staff. Senior reporter Sean O’Kane and AI editor Russell Brandom recorded a special episode of the Equity podcast Friday to give first impression. I suggest a listen!

The SpaceX IPO has finally arrived — here’s what TechCrunch editors think so far.