Security

There’s a mysterious framework worming its way through exposed cloud instances removing all traces of TeamPCP infections, but it’s not benevolent by a long shot: Whoever is behind this bit of malware may be cleaning up who came before, but only so they can take their place.

Discovered by security outfit SentinelOne’s SentinelLabs researchers and dubbed PCPJack for its habit of stealing previously compromised systems from TeamPCP, the worm was first spotted in late April hiding among a Kubernetes-focused VirusTotal hunting rule. It stood out from known cloud hacktools, said SentinelLabs, because the first action it always takes is to eliminate tools associated with TeamPCP attacks. 

The script didn’t stop there, though.

“We initially considered that this toolset could be a researcher removing TeamPCP’s infections,” SentielLabs said. “Analysis of the later-stage payloads indicates otherwise.”

“Analyzing this script led us to discover a full framework dedicated to cloud credential harvesting and propagating onto other systems, both internal and external to the victim’s environment,” SentinelLabs continued. In other words, this thing will harvest credentials from everywhere it can get its hands on, and then find new, unsecured cloud environment targets to spread itself to. 

TeamPCP came onto the scene late last year, and since then has made a name for itself primarily by undertaking a successful compromise of the Trivy vulnerability scanner. That act spread credential-harvesting malware which attackers then used to pivot to more valuable targets, and became one of the most notable supply chain attacks in recent memory. 

Unlike TeamPCP’s campaign, which relied on the spread of compromised software by human actors, this one spreads on its own accord. 

Infections start when already-infected systems look for exposed services, including Docker, Kubernetes, Redis, MongoDB, and RayML, as well as exposed web applications. Once it finds a vulnerable environment, it runs a shell script on the target system that sets up an environment to download additional payloads and searches for TeamPCP processes and artifacts to kill. 

That part of the infection downloads the worm itself, along with modules to enable lateral movement, parse credentials and encrypt them for exfiltration, and for scanning the web for new environments to infect. 

From there, the worm goes to work with the second module in its kit that conducts the actual credential thefts. This portion of the infection targets environment variables, config files, SSH keys, Docker secrets, Kubernetes tokens, and credentials from a list of finance, enterprise, messaging, and cloud service targets so long that we recommend taking a look at it here, or just assuming whatever you’re using is probably being targeted. 

SentinelLabs noted that the lack of a cryptominer in the malware package is unusual, and said the particular services it targeted suggests its goal is either conduct its own spam campaigns and financial fraud with the stolen data, or to make the data it harvests available to those planning similar crimes. 

The worm’s practice of removing TeamPCP files could be opportunistic, or could mean there’s drama going on in the cybercrime world. 

“We have no evidence to suggest whether this toolset represents someone associated with the group or familiar with their activities,” SentinelLabs noted. “However, the first toolset’s focus on disabling and replacing TeamPCP’s services implies a direct focus on the threat actor’s activities rather than pure cloud attack opportunism.”

Because this is a worm relying on unsecured cloud and web app instances ripe for targeting, mitigation recommendations are pretty simple: Keep your cloud platforms secure, and ensure authentication is required even for instances of things like Docker and Kubernetes that aren’t exposed to the internet. ®

Hackers give operator Instructure until 12 May to ‘negotiate a settlement’.

Cyber extortion group ShinyHunters has claimed responsibility for a second breach into edtech giant Instructure – this time, for hacking into the Canvas login portal.

The hackers replaced the Canvas login page with a message that claimed responsibility for an earlier Instructure breach and threatened to leak stolen data if ransom demands aren’t met.

“ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches’,” the message seen by news publications read.

“If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by May 12 2026 before everything is leaked,” it continued.

Bleeping Computer reported that the threat actors’ message appeared in around 330 educational institutions’ portals. It was up for approximately 30 minutes before being taken down. ShinyHunters told the publication that the stolen data contains private messages, user records and enrolment data.

Canvas is used by more than 8,000 educational institutions globally, including several in Ireland, such as the University of Galway and Munster Technological University (MTU). The platform enables communication between students and faculty, and provides coursework management and grading services.

Earlier this week, MTU informed users of a cybersecurity breach into Instructure, which it believed, at the time, did not affect its services. Yesterday (7 May), the institution advised caution, and told staff and students that Canvas remains safe to use.

Meanwhile, in a statement to SiliconRepublic.com, the University of Galway said: “Services have been restored following a relatively low level of disruption in the last 24 hours. We are continuing to liaise with the company affected to understand the full nature and extent of the breach.”

According to the company’s status page, Instructure first began experiencing issues at around 6.30pm Irish Standard Time yesterday. At the time of publication, the services are back online for “most users”.

Last Friday (1 May), Instructure disclosed that it experienced a cybersecurity incident perpetrated by a criminal threat actor. ShinyHunters claimed responsibility for the attack and claimed to have stolen 280m records. The threat actor also published a list of more than 8,800 institutions that were affected by its attacks on Canvas.

On 6 May, Instructure said the stolen information includes “certain identifying information of users at affected institutions, such as names, email addresses and student ID numbers, as well as as messages among users”.

In March, ShinyHunters was linked to a breach of the European Commission’s Europa.eu platform, where 350GB of data, across multiple databases, was reportedly accessed and stolen.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Updated 8 May, 12.34 pm: The article has been updated with a statement from the University of Galway.

Friday is the last day for your encrypted Instagram DMs. After May 8, the platform will no longer support the feature, it announced in a help post.

Instagram said in March that it would stop offering end-to-end encryption to its roughly 3 billion users worldwide. At the time, Meta said the feature, which required people on the platform to opt in, had a low adoption rate.

A Meta spokesperson told CNET that nothing has changed in its plans since that announcement and repeated a statement from March: “Very few people were opting in to end-to-end encrypted messaging in DMs, so we’re removing this option from Instagram in the coming months. Anyone who wants to keep messaging with end-to-end encryption can easily do that on WhatsApp.”

WhatsApp is also owned by Meta.

Read more: I Tried Signal, Telegram and WhatsApp, and This Is the One I’d Recommend

The change means that there’s no longer the option to keep private messages on Instagram shielded from potentially prying eyes. By default, if law enforcement agencies are given access to someone’s Instagram messages, there’s no encryption to prevent them from reading them. With the option enabled, Instagram users could keep messages private, with only the keys on their devices able to unlock them. However, anyone in an encrypted chat could also share messages with Meta if they were reporting an incident, or with anyone else if they chose. 

How to get your encrypted messages

According to the help page message, you’ll be able to download any encrypted messages you have: “If you have chats that are affected by this change, you will see instructions on how you can download any media or messages you may want to keep,” the company said. “If you’re on an older version of Instagram, you may also need to update the app before you can download your affected chats.”

Cloudflare on Thursday joined a growing list of tech companies — including Meta, Microsoft, and Amazon — that have reported increased revenue alongside massive layoffs, attributing both trends to their use of AI.

Cloudflare, which provides internet security and performance services to millions of websites worldwide, announced it was cutting its workforce by approximately 20%, which equates to 1,100 people, it said as part of its first quarter 2026 earnings report on Thursday.

“We’ve never done something like this in Cloudflare’s history,” co-founder and CEO Matthew Prince said Thursday on the quarterly conference call, marking the first mass layoff in the company’s 16-year history. The company is cutting people from all teams and geographies except for salespeople who carry revenue quotas, CFO Thomas Seifert detailed on the call.

The news of the workforce cuts came as the company reported quarterly revenues of $639.8 million, a 34% year-over-year increase and the highest single quarter in the company’s history. However, this was coupled with a loss of $62.0 million compared with losing $53.2 million in the year-ago quarter.

That widening loss, even as revenue surged, highlights a familiar paradox in Cloudflare’s story: the company is growing fast but has yet to turn a consistent profit. But the loss was a smaller percentage of revenue, and the quarter was coupled with a lot of other positive indicators. For instance, Cloudflare reported that it had over $2.5 billion in “remaining performance obligations,” a year-over-year growth of 34%. RPO is the favorite metric these days to indicate revenue under contract but not yet delivered.

Hence, Prince insisted, the 20% cuts were not to reduce expenses but were strictly because of its use of AI.

“Today’s actions are not a cost-cutting exercise or an assessment of individuals’ performance; they are about Cloudflare defining how a world-class, high-growth company operates and creates value in the agentic AI era,” Prince and Cloudflare co-founder and COO, Michelle Zatlyn, wrote in a related blog post about the layoffs.

Prince acknowledged on the call that even though Cloudflare has been selling AI-powered products, it was at first cautious about adopting AI itself.

“Internally, the tipping point was last November. At that point, across our teams, we began to see massive productivity gains, team members that were two, 10, even 100 times more productive than they had been before. It was like going from a manual to an electric screwdriver,” he described.

“Cloudflare’s usage of AI has increased by more than 600% in the last three months alone,” he added.

Prince highlighted the internal use of AI coding, saying that virtually the entire R&D team is now using the company’s own Workers platform — a tool that lets developers build and run software directly on Cloudflare’s global network — including its vibe coding feature. He also noted that 100% of the code produced this way and deployed for use in Cloudflare’s products is “now reviewed by autonomous AI agents.”

But it’s not just developers who are using AI internally, he said. “Employees across the company from engineering to HR to finance to marketing run thousands of AI agent sessions each day to get their work done.”

As a result, these highly productive, AI-powered employees require fewer support staff, he argued.

“A lot of the support people that provide support behind them, those roles aren’t going to be the roles that, you know, drive companies going forward,” Prince said.

Interestingly, Prince says that Cloudflare “will continue to hire people, and we’ll continue to invest in them because the people that are embracing these tools are just so much more productive than we’d ever seen before. I would guess that in 2027 we’ll have more employees than we did at any point in 2026.”

Cloudflare said it ended its first quarter before layoffs with a headcount of about 5,500.

The pattern Prince described — deploying AI gains as justification for workforce reductions even during a period of strong revenue growth — is fast becoming a familiar script across the tech industry. Whether it reflects true structural transformation or acts as convenient cover for cost discipline is a question that investors and employees will be wrestling with for some time to come.

When asked by an analyst on the call why the company needed to cut so deeply after such a good quarter, Prince said, “Just because you’re fit doesn’t mean you can’t get fitter.”

Nothing has expanded the Nothing Ear (open) lineup with a blue colourway, set to go on sale on 11 May, nearly a year after the earbuds launched exclusively in white.

The addition marks the first time the Ear (open) has received an alternative finish, a gap that stood out against the broader Nothing earbud range, which launched with black and yellow options across other models in 2024, giving the open-ear variant a noticeably more limited visual identity from the start.

That single-colour restriction was an unusual choice for Nothing, a brand that has leaned heavily into distinctive industrial aesthetics and bold colour pairings as a core part of its market positioning across both phones and audio hardware since launching in 2021.

The new blue sits on the more restrained end of the spectrum for Nothing, described as a subdued shade rather than the vivid tone seen on the recently released Nothing Phone (4a), which adopted a brighter, more saturated blue finish that drew considerable attention at launch earlier this year.

Nothing teased the colourway earlier this week through its community forum under the codename “Flaaffy,” with the formal announcement confirming the 11 May release date following subsequent posts on the brand’s X account, where a short promotional caption referenced the ocean, the sky, and Yves Klein among its blue-themed references.

The Ear (open) itself sits in a still-emerging product category, with open-ear earbuds occupying a distinct space from in-ear and over-ear designs, prioritising ambient awareness over isolation and finding a growing audience among commuters and outdoor users who prefer to keep some connection to their surrounding environment.

Nothing has not announced any changes to the hardware, driver configuration, or software features alongside the new finish, meaning the blue Ear (open) carries the same specifications as the original white model released in 2024.

The blue Nothing Ear (open) goes on sale on 11 May, with pricing expected to match the existing model’s retail rate.

Problems in space can be complex and dangerous. But NASA’s Curiosity Mars rover spent the end of April embroiled in a much simpler problem: It got stuck in a rock.

Curiosity’s woes began on April 25 when it drilled into a 28-pound rock NASA nicknamed Atacama. In a moment that could’ve come straight out of a Flintstones episode, Curiosity became stuck, and when it tried to pull its drill out, it yanked the whole rock with it. 

“Drilling has fractured or separated the upper layers of rock in the past, but a rock has never remained attached to the drill sleeve,” NASA said in a blog post.  

Such problems are comical here on Earth, where we can just shake the tool and the rock around until it’s free. Not so on Mars. Radio signals can take nearly half an hour to travel between Earth and Mars. Curiosity’s controllers had to send instructions and then wait upward of 30 to 45 minutes to see if the rover did anything. 

It took five days of troubleshooting, but NASA’s Jet Propulsion Laboratory crew finally freed Curiosity from its overly attached new friend on May 1. 

Watch Curiosity free itself from Mars’ clingiest rock

NASA’s Curiosity is known for sending panoramas of the Martian surface. Still, this time, the cameras caught Curiosity doing something many construction workers have to deal with every day. NASA posted two GIFs of the event. The first is a head-on shot, and the other is from a higher angle.

In the GIFs, you can see Curiosity drilling into the rock, a task it’s done many times before. Except when the rover lifts its arm, the rock comes along with it. The rover pauses right at the start before giving in to its fate and lifting the rock off the ground. 

Since these are stitched images, you don’t see the drill arm’s finer movements, but NASA says the rock was tilted, and the drill was rotated and vibrated multiple times over the course of the events. The rock finally falls free at the end. 

A representative for NASA told CNET that the rover was not harmed in the incident.

Trump first teased the release in February in a Truth Social post. The Pentagon coordinated the release in partnership with the White House, Director of National Intelligence Tulsi Gabbard, the Energy Department, NASA, and the FBI. Many of the files in this new drop contain documents that are already publicly available. However, some versions of these known documents in the new files contain more pages, or fewer redactions, than previously released versions.

More than 60% of Americans believe that the government is concealing information about UAP, according to YouGov, while 40% think UAP are likely alien in origin, according to Gallup. Congress has held hearings into whether there’s been a decades-long program to recover “non-human” technologies, yet evidence remains elusive.

Courtesy U.S. Department of War

“If it’s just more blobby photos or redacted documents that don’t have any details in them, it’s more of the same,” Adam Frank, an astrophysicist at the University of Rochester who studies the search for alien life, says of the new files. “What we need are actual scientific results from the investigations that should have been done if the most extraordinary claims being made are true.”

The document drop follows a week of high-profile discussions of aliens, including Stephen Colbert’s interview with former President Barack Obama, released on Wednesday. Obama cast doubt on government cover-ups about aliens by joking that “some guy guarding the installation would have taken a selfie with the alien and sent it to his girlfriend.”

Courtesy of U.S. Department of War

Members of the Artemis II crew also second-guessed the idea of a vast government-wide conspiracy to hide the discovery of extraterrestrial life in a discussion with The Daily this week.

“Do you realize that if we found alien life out there and we came back and reported on it, NASA would never have a budget issue for the rest of eternity?” said Reid Weisman, the commander of Artemis II. “So trust me.”

Victor Glover, the astronaut who piloted the mission, added: “Why would we hide that from you?”

New research from Greenhouse shows that of all the regions surveyed, Ireland-based jobseekers had the worst opinion of AI in the interview process.

New research published by hiring platform Greenhouse has shown that compared to other countries, jobseekers looking for new career opportunities in Ireland have had the worst experiences of and harbour the lowest opinions of the use of artificial intelligence in workplace interviews. 

Greenhouse conducted a multi-market survey of 2,950 candidates, including 78 Ireland-based workers alongside respondents from the US, UK, Germany and Australia.

Of those who participated in the research, 36pc of Ireland-based people said that they have taken part in an AI-run interview. 27pc said that they walked away from an opportunity to interview due to the inclusion of AI and a further 23pc said this would also be their response if faced with a non-human interviewer. 

More than half of those who participated in the Irish survey said an AI interview left them with a worse view of the employer, and Greenhouse’s research suggests that when it comes to AI interviews, “the first wave has failed on transparency, trust and candidate experience”. 

Transparent AI

Greenhouse’s research found that the primary problem is not that candidates are rejecting AI as a whole – rather, they object to how it is being used. Of those who have experienced an AI interview, 86pc were never told upfront that there would be an AI evaluator, and one in five (21pc) only discovered the use of AI once the interview had begun. Only 12pc believe that employers are using AI responsibly. 

Despite only one in 10 Irish job applicants agreeing that employers have a clearly set-out AI policy, 60pc believe disclosure should be a legal requirement. Many are pro-AI, however, if the interview process were to include significant guardrails, such as the option to request a human interviewer instead (49pc), knowing that a human reviews AI’s evaluation before any decision is made (37pc), and being told upfront that AI is involved (33pc). 

Candidates also want proof that the system they are using is accountable; 27pc want a clear explanation of what the AI is measuring and 23pc want evidence that the tool has been audited for bias. 

When correctly approached, 20pc of Ireland-based candidates who took part in an AI interview found that they had a more positive view of the employer. However, 53pc came away with a more negative perception of the company, the highest negative sentiment of any market surveyed. 

The research suggests that the biggest triggers for Irish candidates walking away from the process include companies failing to disclose how AI would be used (26pc), pre-recorded video interviews scored by AI with no human present (18pc) and AI monitoring during the process (15pc).

Among those who completed an AI interview, just 9pc moved forward to the next round, while 30pc were formally rejected and 39pc never heard back.

Commenting on the report, Daniel Chait, the CEO and co-founder of Greenhouse, said, “Most AI in hiring today is making a bad system worse – more applications, less signal and less transparency. But the process AI is being built on top of was already broken. 

“Nobody likes writing CVs and filling out clunky job applications. Candidates want a better way to get seen and companies want a better way to find the right people. A 15-minute conversation with an AI where a candidate can show who they are is a better front door than a keyword-stuffed CV. That’s not going to come from layering AI on top of a broken process. It’s going to come from building a better one.”

Sharawn Tipton, chief people officer at Greenhouse, added, “Candidates are telling us exactly what they want and it isn’t complicated – tell them when AI is in the room and what it’s measuring. Right now, most employers are failing that test.

“And let’s not pretend. AI isn’t fixing bias, it’s scaling it. Candidates can feel that, and when they walk away, it’s not just a missed hire, it’s a reputation problem that compounds. Until we get honest about what these tools are actually measuring and own it when they get it wrong, we’re just repackaging the same problem.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

from the yo-chatgpt,-is-this-legal? dept

Back in early 2025, DOGE bros Justin Fox and Nate Cavanaugh were handed multiple government roles with a simple mandate: go find the woke stuff and kill it. Fox and Cavanaugh had zero relevant experience for any of it — at one point Cavanaugh, a twenty-something college dropout whose main prior credential was a patent startup, was put in charge of the United States Institute for Peace. One of their assignments was the National Endowment for the Humanities, which they apparently concluded was irredeemably woke and needed to go.

Their review process for millions of dollars in previously approved grants consisted almost entirely of asking ChatGPT this:

“Does the following relate at all to DEI? Respond factually in less than 120 characters. Begin with ‘Yes.’ or ‘No.’ followed by a brief explanation. Do not use ‘this initiative’ or ‘this description’ in your response.”

And that was it. They then relied on the results of that as a reason to cancel millions of dollars in grants that had already gone through a detailed approval process. You’ll also recall, that these two bros who probably thought themselves masters of the universe in early 2025, flipped out that the plaintiffs in the case against them, the American Council of Learned Societies, put their depositions on YouTube, where you could see them unable to define DEI, and unable to try to defend why they canceled various grants for being woke. Turns out they didn’t like facing any scrutiny themselves.

Judge Colleen McMahon has now dropped a scathing 143-page ruling finding that feeding grants to ChatGPT and relying on its “why this is woke in 120 characters” output meets the “arbitrary and capricious” standard — making these cuts unlawful.

Fox testified that he did not define “DEI” for ChatGPT and that he did not have the slightest idea how ChatGPT understood the term…. Nor did Fox ask ChatGPT to factor in the purpose, methodology or scholarly substance of a project – which would have required familiarity with the underlying grant materials

Because the inquiry was framed only in terms of whether a project “relate[d] at all to DEI” (whatever that might mean to ChatGPT), projects whose abbreviated descriptions contained general references to “history,” “culture,” or “identity” were frequently identified by ChatGPT as relating to DEI. For example, a project to recover and analyze ancient writings attributed to Moses but excluded from the canonical Hebrew Bible and preserved in fragmentary form (e.g., the Book of Jubilees and the Testament of Moses) was classified as DEI because it claimed to “provide important insight into Jewish thought from two thousand years ago, complementary to insight from the Dead Sea Scrolls and the New Testament.”… The project description reflects a highly technical effort involving multispectral imaging, textual reconstruction, and the recovery of deteriorated source materials…. Yet, the assigned rationale consists of a single sentence linking the project to “Jewish thought,” which ChatGPT considered to be aligned with “DEI” goals.

The judge highlights some other whoppers as well:

nother grant supported a study of the Chinese government’s persecution of the Uyghur people. As described in the spreadsheet, the project documented surveillance practices, detention facilities, coercive assimilation policies, restrictions on language, religion, and cultural practice, and the effects of those policies on Uyghur communities in China and in the diaspora. In other words, the project concerned state policy, human-rights conditions, and the preservation of cultural and religious identity under conditions of repression by the Chinese government. Yet ChatGPT classified the project as “DEI,” Dkt. No. 248-11, at 22, apparently because it concerned the threatened erasure of a particular ethnic and religious group, albeit one located in a foreign country. Disfavoring this grant on “DEI” grounds, or any grounds, is especially difficult to square with the United States’ longstanding, bipartisan condemnation of China’s treatment of the Uyghurs, including during the first Trump Administration.

Judge McMahon clearly understands that ChatGPT is a “generate approximately what you want” engine, not a tool for deeply analyzing grant applications.

The record reflects that these ChatGPT determinations were generated without any additional context beyond the cursory spreadsheet descriptions themselves. Given what courts now know about the hallucinatory propensities of ChatGPT and similar generative-AI tools, it would hardly be surprising if ChatGPT inferred, from DOGE’s repeated requests, that Fox and Cavanaugh were looking for reasons why grants could be characterized as DEI – and therefore terminable – and supplied “rationales” simply in order to satisfy the user’s perceived demand. The utter lack of reasoning behind so many of its “rationales” certainly suggests as much.

This is one of the most frustrating things in lots of other stories about LLMs, in which the media and politicians and everyday users insist some sort of actual intelligence, thought, or intent behind outputs. When all any of them do is try to generate a plausible sounding response to your request. Judge McMahon understands that. And either Fox and Cavanaugh are too technically illiterate to understand that or, more likely, they didn’t give a shit. They just wanted to check boxes so they could cancel as many grants as they wanted.

ChatGPT is certainly good at doing your homework for you, though.

The only problem is that the law requires actual reasons and a real process for something like this — it can’t just be arbitrary. But feeding it to ChatGPT to give you the reasons why you can cancel these grants, is absolutely arbitrary.

There can be no serious dispute that the review process implemented by DOGE did not conform to, or even resemble, NEH’s ordinary grant-review process, which itself was designed to comply with the mandates of its authorizing statute. The statutory process contemplates individualized evaluation by subject-matter experts, advisory review, Council involvement, and final action by the Chairperson. See supra Sections I(A), (C). And once grants had been awarded, the Act does not authorize a wholesale post-award revocation based on new ideological criteria. Rather, for awards made under § 956(c), the Act provides for post-award evaluation, financial and project reporting, and potential termination only when the Chairperson determines that a recipient has substantially failed to satisfy the purposes for which the assistance was provided or the applicable statutory criteria.

DOGE’s process, by contrast, rested on abbreviated spreadsheet descriptions and a binary ChatGPT prompt asking whether each project “relate[d] at all to DEI.” Fox then folded the ChatGPT-generated rationales into the final spreadsheets used to identify grants for termination, thereby combining DOGE’s AI-generated classifications with NEH staff recommendations. … Nothing in the record suggests that NEH had ever before employed such a process before March 2025. And nothing in the authorizing statute permitted it.

There’s also the fact that DOGE has no authority to cut off these grants:

DOGE had no statutory authority to terminate NEH grants. And on the undisputed evidence, DOGE – not the NEH Chairperson or anyone else at NEH – effectuated the terminations at issue here.

This is not a case involving a routine disagreement over how to interpret a statute. Nonstatutory ultra vires claims are reserved for extraordinary cases in which “the agency action go[es] beyond mere legal or factual error and amount[s] to a clear departure by the [agency] from its statutory mandate.” … They require a showing that the agency “plainly acts in excess of its delegated powers and contrary to a specific prohibition in the statute that is clear and mandatory.”….

This case presents something more basic. It is not that DOGE misconstrued a statutory provision conferring authority on it; it is that Congress conferred no authority on DOGE at all with respect to the awarding, continuation, or termination of NEH grants.

The Supreme Court has made it clear that Congress — not the executive branch — has the power here. (Amusingly, the GOP loves to point this out, but only when Democrats are in the White House.)

The Executive Orders and DOGE-directed termination process did not carry out the NEH grantmaking scheme Congress prescribed by law in a duly enacted statute. They displaced it. Congress vested funding authority in the NEH Chairperson. DOGE substituted a presidential policy judgment for a statute duly enacted by Congress. That is not faithful execution of law

Judge McMahon even points out that the Trump administration’s posturing regarding DOGE in other cases is part of what sinks it in this case:

As the Solicitor General represented to the Supreme Court, “USDS [DOGE] is a presidential advisory body within the Executive Office of the President” and “USDS has no organic statute and is not created by Congress.” Appl. to Stay Pending Certiorari or Mandamus and Request for Immediate Administrative Stay at 5, 21, In re U.S. DOGE Serv., No. 24A1122 (emphasis added). If DOGE “has no organic statute and is not created by Congress,” then it necessarily lacks any statutory delegation of authority to terminate NEH grants. And it certainly cannot exercise such authority in derogation of the very purposes that Congress wrote into the agency’s authorizing statute.

The court goes on to explain that an executive order simply cannot overrule Congress, but more to the point, Trump’s executive order setting up DOGE in the first place itself admits that it doesn’t have the powers it sought to exercise in cancelling these grants.

… the Executive Orders, read on their own terms, confirm the absence of any operative grant-termination authority in DOGE. Executive Order 14158, Establishing and Implementing the President’s “Department of Government Efficiency,” first creates the principal DOGE entity by renaming the United States Digital Service as the “United States DOGE Service (USDS)” and providing that it “shall be established in the Executive Office of the President.” Exec. Order No. 14158 § 3(a), 90 Fed. Reg. at 8441. It then separately creates, “within USDS,” a “temporary organization known as ‘the U.S. DOGE Service Temporary Organization’” and states that this temporary organization is created “in accordance with section 3161 of title 5, United States Code.” Id., § 3(b), 90 Fed. Reg. at 8441. But the only reference to a statute in the Order – to 5 U.S.C. § 3161 – attaches to the temporary organization, not to the principal DOGE entity.

Section 3161 itself does not confer any substantive policymaking power on DOGE. It defines a “temporary organization” as an organization “established by law or Executive order for a specific period not in excess of three years for the purpose of performing a specific study or other project,” and grants personnel, detail, compensation, and travel authority to staff such an organization. 5 U.S.C. § 3161(a)–(e). Nothing in that provision authorizes DOGE to exercise independent executive power, direct the functioning of a federal agency, terminate grants, halt payments, or impose binding decisions on statutory officers. At most, it permits the creation and staffing of a temporary body for a “specific study or other project.”

Pointing to another DOGE EO, the judge points out that the federal government has publicly stated that DOGE was only to have an advisory role. But all of the details here show that the two bros were absolutely in charge (frequently overruling the staffers ostensibly in charge).

DOGE Teams – including those in which individuals such as Justin Fox or Nate Cavanaugh serve – are expressly created “within” agencies and function to “advise” agency heads – not to exercise independent decisionmaking authority.

And the evidence is overwhelming that Cavanaugh and Fox were not “advising.” They were ordering.

Any suggestion that DOGE merely advised NEH is belied by the undisputed record. They did not simply provide policy advice for NEH leadership to accept or reject after their review. Before ever meeting with NEH leadership, Fox had already begun reviewing NEH grants using keyword searches and DOGE-generated categories to identify grants he considered objectionable. DOGE then used ChatGPT-generated “DEI” rationales, combined those classifications with NEH staff ratings, and generated the final spreadsheets used to identify grants for termination. See supra Sections I(E)–(G). Cavanaugh and Fox then “both rejected [the NEH Chair’s] recommendation” to continue funding certain grants, Dkt. No. 276-1, Cavanaugh Dep., 181:3–9, and added still more grants for termination – grants that NEH staff had identified as “N/A” – on the eve of the April 2, 2025 mass termination, Dkt. No. 248-32, US-000041206. The appearance of Chairperson McDonald’s name on the termination letters does not alter the substance of what occurred. Fox, not McDonald, drafted and sent the termination notices under McDonald’s name.

Just days before the Mass Termination, Fox told McDonald, “We need a game plan for effectuating . . . final grant terminations and contract cancellations by tomorrow AM. We will carry these plans out before the end of the week. We’re getting pressure from the top on this and we’d prefer that you remain on our side but let us know if you’re no longer interested.” Dkt. No. 248-15, Ex. 15, US-000050717 (emphasis added). That is not the language of an adviser awaiting a decision from the statutory decisionmaker. Fox told McDonald that “we” (i.e., Fox and Cavanaugh) would carry the terminations out, invoked “pressure from the top” (i.e., the White House), and framed McDonald’s participation as simply optional. See Dkt. No. 248-1, Fox Dep., 305:8–17. His reference to whether McDonald was “no longer interested” makes clear that DOGE understood the terminations would proceed with or without him. No reasonable factfinder could read that communication as evidence of a “purely advisory” role. Fox’s message leaves no serious doubt about who was directing the process.

In other words, Justin Fox’s faux tough-guy “I’m in charge here” attitude is a big part of what sank this case. These guys were so full of their own shit, and so uninterested in how government actually works, that they effectively blew up their legal position by simply being assholes.

The record admits of only one conclusion. DOGE was calling the shots. DOGE controlled the lists, DOGE rejected McDonald’s suggestions, DOGE added additional grants for termination, DOGE drafted and sent the notices, and DOGE dictated which previously awarded grants would live or die. McDonald’s one and only decision – to allow his name to appear at the bottom of the termination letters – alters none of that. His signature did not transform DOGE’s decision into an NEH decision; his name was simply a fig leaf designed to make it appear like the official authorized by law to terminate grants was the official who had done so. If DOGE were in fact limited to an advisory role, Fox and Cavanaugh could not have directed NEH to terminate specific grants over the objections of its Chair. But they did. And they did so, without any statutory delegation of power. The challenged conduct cannot be reconciled with the National Foundation on the Arts and the Humanities Act or the constitutional requirement that executive action be grounded in lawful authority. It cannot stand.

Beyond these problems, the Court notes, the grant cancellations also were a clear First Amendment violation, given that the cancelled grants were chosen because of their expression being too woke, which is clearly targeting speech for what it says.

In sum, while the government retains some discretion in administering grant programs, that discretion is bounded by the First Amendment. It may define programmatic objectives and allocate resources accordingly, but it may not deny or withdraw funding because it disagrees with the ideas expressed. “[I]deologically driven attempts to suppress a particular point of view are presumptively unconstitutional[.]” Rosenberger, 515 U.S. at 830. Where, as here, the government funds a program that facilitates private expression, it may not act where “the specific motivating ideology or the opinion or perspective of the speaker is the rationale for the restriction.”

And here, there’s very clear viewpoint discrimination:

DEI is, of course, a viewpoint….

The record establishes that the termination decisions were driven by an expressly ideological method of classification. There can be no genuine dispute about this point. Indeed, the Government has all but admitted as much….

And thus, the cancellations were based on viewpoint, which violates the First Amendment:

Regardless of whether DOGE’s classifications were coherent (obviously, many of them were not), what matters is that it deliberately sought to single out and eliminate grants based on its perception that they implicated disfavored ideas. See Dkt. No. 248-17, Ex. 17, NEH_AR_000013 (“[W]e have only excluded [from termination] the ones that seem not to conflict with the Administration’s priorities[.]”). The Government’s actions cannot stand. It may not “restrict the speech of some elements of our society in order to enhance the relative voice of others.” Buckley v. Valeo, 424 U.S. 1, 48–49 (1976) (per curiam)

Indeed, the judge notes that the White House literally bragged about cancelling these grants because of their perceived viewpoint:

The Government, for its part, has never claimed that these grants were reviewed for their humanistic merit or that they were terminated for any reason other than the DOGE decisionmakers’ perception that they espoused, reflected, or related to the disfavored “DEI” viewpoint. To the contrary, the Government admits that these grants were terminated because they were deemed to promote DEI…. DOGE itself publicly characterized the terminations as “DEI,” posting from its official account on X (formerly Twitter) that “During the previous administration, the National Endowment for the Humanities (NEH) awarded the following grants to spend taxpayer dollars, all of which have been cancelled ($163M in overall savings). NEH grants will be merit-based and awarded to non-DEI, pro-America causes.”… The Government’s own public statements confirm what the record otherwise makes clear: DEI, the disfavored viewpoint, was the reason why the majority of Plaintiffs’ grants were terminated. The Government engaged in blatant viewpoint discrimination.

Then there was the political discrimination. Apparently the DOGE crew asked to only look at grants from the Biden admin, which the court notes is impermissible. While it correctly states that new administrations are allowed to set their own priorities, it cannot claw back previously granted money entirely on the basis of disfavored speech or political association.

The Court is under no illusion that a new administration may prefer, on a going-forward basis, to fund certain kinds of scholarly programs over others. But lawful priority-setting is one thing; depriving someone of a benefit previously conferred based on viewpoint and perceived political association is something else entirely. Consistent with Regan and Rust, a new administration may pursue lawful funding priorities within the bounds of the NEH statute and the Constitution. But it has no license to suppress disfavored ideas.

Fox and Cavanaugh walked into a federal agency, fired up ChatGPT, and apparently assumed that generating plausible-sounding bureaucratic language was the same thing as following the law. It wasn’t. A 143-page ruling says so in considerable detail. The government can set its funding priorities. It cannot, however, use a chatbot to manufacture pretextual rationales for suppressing ideas it dislikes, hand authority to people Congress never authorized, and then put a fig leaf signature on the termination letters and call it a day.

They were cosplaying as government while dismantling it from the inside. And at least in this court, they didn’t get away with it.

Filed Under: 1st amendment, chatgpt, dei, doge, elon musk, free speech, grants, justin fox, nate cavanaugh, neh