Organizations are racing to implement autonomous artificial intelligence (AI) agents across their operations, but a sweeping new study reveals they’re doing so without adequate security frameworks, creating what researchers call “the unsecured frontier of autonomous operations.” The research, released Tuesday by Enterprise Management Associates (EMA), surveyed 271 IT, security, and identity and access management (IAM)..
Researchers from MIT, Northeastern University, and Meta recently released a paper suggesting that large language models (LLMs) similar to those that power ChatGPT may sometimes prioritize sentence structure over meaning when answering questions. The findings reveal a weakness in how these models process instructions that may shed light on why some prompt injection or jailbreaking approaches work, though the researchers caution their analysis of some production models remains speculative since training data details of prominent commercial AI models are not publicly available.
The team, led by Chantal Shaib and Vinith M. Suriyakumar, tested this by asking models questions with preserved grammatical patterns but nonsensical words. For example, when prompted with “Quickly sit Paris clouded?” (mimicking the structure of “Where is Paris located?”), models still answered “France.”
This suggests models absorb both meaning and syntactic patterns, but can overrely on structural shortcuts when they strongly correlate with specific domains in training data, which sometimes allows patterns to override semantic understanding in edge cases. The team plans to present these findings at NeurIPS later this month.
When I was a kid, my mom used to call my Nintendo the “anti-social idiot box.” The widespread assumption back then was that video games, in any format, were a new and particularly efficient way to waste time and money while also becoming an obsessed shut-in.
Over the course of the subsequent decades, video games have grown into both a multi-billion-dollar industry and a much more socially acceptable hobby. While gaming does attract its share of anti-social obsessives, just like any other form of media, I’ve found it’s much more common for people to meet and bond over their mutual enjoyment of the hobby.
Whether it’s friends you meet through MMORPGs or fighting games, finding stories and characters that deeply resonate with you, or discussing your latest game in a shared space like Bluesky or a message board, video games often have a positive impact on the people who play them. That impact simply doesn’t get a fraction of the press of gaming’s various downsides.
That ability is the focus of a new paper from the University of Washington, “’I Would Not Be This Version of Myself Today’: Elaborating on the Effects of Eudaimonic Gaming Experiences.” The paper, by Nisha Devasia, Georgia Kenderova, Julie A. Kientz, Jin Ha Lee, and Michele Newman, was the focus of a presentation this month at the Annual Symposium on Computer-Human Interaction in Play (CHI-PLAY) in Pittsburgh.
For the paper, the authors surveyed 166 respondents about the “meaningful experiences” they’d had as a result of playing video games, such as rich storytelling, becoming interested in specific skill development, or the experience of watching a narrative shift based upon the player’s in-game actions.
According to the paper’s abstract, “While much of the research in digital games has emphasized hedonic experiences, such as flow, enjoyment, and positive affect, recent years have seen increased interest in eudaimonic gaming experiences, typically mixed-affect and associated with personal meaningfulness and growth.”
Of the 166 respondents, 78% reported that they’d had meaningful, life-changing experiences from their time playing video games, the researchers said in a UW News story about the paper.
“We highlighted three conclusions drawn from modeling the data,” Devasia told UW News. “The first is that playing games during stressful times was strongly correlated with positive outcomes for physical and mental health. For example, during COVID, people played games they felt strongly improved their mental health, such as Stardew Valley.”
Devasia also noted that other respondents had developed new interests, such as sports, due to video games they’d played, or gained insight into themselves or their identities from the journeys undertaken by video game protagonists.
“Playing as a character and seeing your choices change the course of events is pretty unique to games, compared with other narrative media like novels or movies,” Devasia said.
“As researchers, we develop games for learning, for instance, for teaching people about misinformation or AI, or promote digital civic engagement, because we want to foster meaningful experiences,” Lee added. “But a lot of the existing research just focuses on the short-term effects of games. This study really helps us understand what actually caused a game to make a difference in someone’s life.”
(Xbox Photo)
It sounds obvious at first glance if you’re someone who grew up around video games. It’s almost a given that there’s at least one game that made a serious mark on you somehow, especially if you live in a heavily nerd-coded space like the greater Seattle area.
Anecdotally, that strikes me as an underexplored part of the hobby. If anything, there’s a strange critical drive in the space to deliberately treat gaming as disposable pop culture, without any real meaning or lasting value. If you read any op-ed in the gaming press that discusses the cultural or political meaning of a video game, someone will inevitably show up in the comments to accuse the author of overthinking something that isn’t meant to matter. It’s “just a game.”
Even so, modern video games have just as much ability to resonate with their audience as any novel or film, and people who’ve grown up with them will take lessons away from that. It’s something we don’t discuss often enough in the field; we’ll talk at length about how video games are fun or socially acceptable now or a surprisingly big business, but their influence as culture is less discussed.
“People have a tendency to treat technology as a monolith, as if video games are either good or bad, but there’s so much more nuance,” Kientz told UW News. “The design matters. This study hopefully helps us untangle the positive elements. Certainly, there are bad elements — toxicity and addictiveness, for example. But we also see opportunities for growth and connection.”
Undetected Malware and the Cost of Inadequate Security Measures
One of our clients had recently implemented a new log monitoring system within their company. Shortly after deployment, the system flagged suspicious network traffic originating from two employees’ work laptops. The traffic was being routed to a foreign domain, and logs indicated that this communication had been ongoing for the past three years. Alarmed by the discovery, they turned to CQURE for assistance.
Investigation & Findings
The Cqure team conducted a thorough analysis of network logs and disk images from the affected devices. During this process, we identified two distinct malware programs. One of them was specifically designed to steal sensitive company data and transmit it to the suspicious foreign domain.
Upon further investigation of the domain, we discovered that it had been blackholed (blocked) by the company’s internet service provider (ISP) at some point shortly after the malware was introduced. As a result, communication between the infected devices and the malicious domain was cut off, preventing the exfiltration of sensitive data.
While the company’s systems remained intact, this wasn’t due to proactive defense measures but rather a fortunate coincidence. Had the malicious domain remained active longer, the malware could have successfully transmitted sensitive information, leading to severe data loss and security consequences.
However, despite this stroke of luck, the company still suffered massive financial losses. They were forced to halt operations to prevent a potential malware outbreak, as their network lacked sufficient segmentation to contain the threat.
What Went Wrong?
The financial impact of this incident stemmed not from actual data theft, but from the fear and uncertainty caused by the company’s lack of security visibility. Had proper security measures been in place, this situation could have been detected and mitigated years earlier. The key weaknesses were:
Delayed Threat Detection: The company had no sufficient log monitoring for three years, allowing the malware to remain undetected. If monitoring had been implemented earlier, the suspicious traffic could have been addressed immediately.
Lack of Network Segmentation: Without proper network segmentation, the company had no way to contain malware threats. This forced them to suspend operations out of fear that the infection might spread, leading to substantial financial losses.
Outdated Systems & Poor Patch Management: The company’s systems were outdated, with critical security updates neglected. This likely left them vulnerable to malware infections that could have been prevented with timely updates.
No USB Device Policy in Place: The most likely infection vector was an infected USB drive. Without a strict USB usage policy, employees unknowingly introduced malware into the company network.
Summary
This incident highlights the importance of proactive cybersecurity measures. To prevent similar incidents in the future, companies should:
Implement real-time log monitoring to detect suspicious activity immediately.
Enforce network segmentation to prevent malware from spreading across critical systems.
Keep all systems updated and conduct regular security patching.
Establish a strict USB device policy, such as blocking unauthorized external storage devices or using USB scanning solutions.
By proactively securing their environment, organizations can avoid unnecessary disruptions and financial losses caused by undetected cyber threats.
Unauthorized Software Leads to Admin Account Takeover
One of our clients noticed a high number of login attempts to an administrator’s account, all originating from a foreign location. Before they could isolate the account, it was deleted. Concerned about what had happened and the potential consequences, they turned to CQURE for help.
Investigation & Findings
The CQURE team began the investigation by conducting cloud analysis and OSINT (Open Source Intelligence).
During the OSINT process, we discovered multiple passwords associated with the affected user’s name and surname in online databases. Additionally, we found over 30 leaked passwords related to the company’s domain.
Armed with this information, we performed a thorough examination of the victim’s work laptop. Our analysis revealed spyware responsible for credential theft, along with plaintext password files stored in text documents. The stolen passwords matched those we had found in online databases.
The affected user later admitted that they had downloaded the spyware based on a recommendation from an online forum they actively participated in. The software was supposedly intended to assist with their work tasks, but in reality, it had been designed to steal credentials.
Further analysis revealed that the account deletion was not the only malicious activity within the company’s infrastructure. Here’s a timeline of the attack:
Attack Timeline
Day 1 – The user’s passwords appeared in online databases. This was also the day they downloaded the malicious software onto their computer.
Day 4 – The first login attempts were made by the attackers.
Day 6 – The first successful login using the stolen credentials. The malware intercepted the victim’s access token, which likely allowed the hackers to access the account.
Day 7 – The attackers created a new user account using the compromised admin’s privileges.
Day 9 – A second unauthorized user account was created and secured with MFA (Multi-Factor Authentication). The MFA phone numbers were foreign. Using this second account, the attackers then deleted the original admin account.
Impact & Potential Risks
Our investigation indicated that the malware did not spread to other accounts. However, the attackers’ primary objective appeared to be data theft. Had they chosen to, they could have caused significantly more damage, leading to operational disruption and financial loss for the company.
What Went Wrong?
The primary cause of this breach was the use of unauthorized software. If stricter policies on software installation had been in place, the incident could have been prevented.
Additionally, our team identified several other security vulnerabilities:
Employees were storing passwords in plain text, using .txt files.
Sensitive data was being uploaded to public file transfer services without encryption.
Log monitoring was insufficient, making it difficult to detect suspicious activity in real-time.
Summary
Those events highlight how a single lapse in cybersecurity hygiene –such as downloading unauthorized software – can lead to a full-scale security breach.
To prevent similar incidents in the future, companies should:
Enforce strict software policies – Only allow approved software installations, and implement application whitelisting to block unauthorized programs.
Strengthen password security – Encourage employees to use password managers instead of storing credentials in plaintext files. Implement multi-factor authentication (MFA) to reduce the risk of account takeovers.
Conduct regular security awareness training – Educate employees on the dangers of downloading software from untrusted sources and participating in online forums that promote risky practices.
Monitor logs and unusual activity in real time – Suspicious login attempts and foreign access should trigger immediate alerts and security responses.
By combining strict access controls, user awareness, and proactive monitoring, organizations can reduce the risk of credential theft and stay one step ahead of cybercriminals.
According to CROO, the study “will collect and analyze data and report on whether discrimination exists in the Illinois cannabis industry,” CROO states on its website. “If there is a finding that discrimination exists, the Disparity Study will evaluate the impact of the discrimination on the State and its residents regarding entering and participating in the State’s cannabis industry. The Disparity Study will include recommendations for reducing or eliminating any identified barriers to entry.“
The study will examine laws and court cases that involve cannabis and cannabis and disparity studies, conduct interviews and create focus groups for public input, and compile data in relation to the state’s cannabis application process and business information.
A final report is required to be sent to the General Assembly and governor within 12 months, including any “potential remedies” to amend current cannabis regulation. “This effort is a vital assessment of the state’s cannabis social equity licensing system,” said Acting CROO Officer Erin Johnson. “We look forward to seeing a final report that truly incorporates the voices of Illinois social equity applicants and our new cannabis businesses.”
This comes nearly one year since the state issued a request to find someone to conduct the Disparity Study in Feb. 2022. This led to the hiring of the Nerevu Group, which is a minority- and women-owned contractor group based throughout Illinois, as well as some out-of-state locations.
“Along with our partners, Nerevu is honored to support CROO, IDFPR and IDOA in building an even more inclusive and equitable cannabis industry,” said Nerevu Group Founder and President Reuben Cummings. “This study is essential in identifying potential disparities and suitable remedies. We are excited to initiate this project and look forward to connecting with the greater cannabis community.”
Legal adult-use cannabis sales began in 2020, and in July 2022, Gov. J.B. Pritzker announced that 149 condition state licenses would be issued and available for social equity applicants. “Illinois is leading the way in addressing the War on Drugs as no state has before, and dispensary ownership that reflects our state’s diversity is a product of that commitment,” said Pritzker. “These licenses represent a significant step toward accountability for the decades of injustice preceding cannabis legalization. Illinois will continue to deliver on the promises of putting equity at the forefront of this process.”
According to Nigel Dandridge, the co-founder of Ivy Hall Damen, it’s taken a long time for his business to open up. “We’ve been working to get a seat at the table for a while now, and we’re finally able to do that,” said Dandridge. “When this industry first opened up, we didn’t see anyone in our community benefiting, or even being able to participate. So it was kind of hypocritical. I think it’s important that we can show you what we’re doing. We want everyone to benefit. Our staff’s been working hard, and we’re just excited to share it with everyone.”
Falling in line with other states in the U.S., Illinois Rep. La Shawn Ford recently introduced House Bill 1 to legalize psychedelics in January. Ford’s bill would allow residents 18 years and older to seek out supervised psychedelic therapy. “I want to be clear that this is a health measure. My proposal does not allow retail sales of psilocybin outside of a regulated therapeutic setting and ensures that medicines purchased for therapeutic use at a service center must be used under medical supervision, and cannot be taken home,” Ford said. “Only licensed facilitators will be allowed to provide treatment at closely regulated and licensed healing centers, approved health care facilities, in hospice, or at a pre-approved patient residence.”
Login
