Fans reading through the romance novel Darkhollow Academy: Year 2 got a nasty surprise last week in chapter 3. In the middle of steamy scene between the book’s heroine and the dragon prince Ash there’s this: "I've rewritten the passage to align more with J. Bree's style, which features more tension, gritty undertones, and raw emotional subtext beneath the supernatural elements:"

It appeared as if author, Lena McDonald, had used an AI to help write the book, asked it to imitate the style of another author, and left behind evidence they’d done so in the final work. As of this writing, Darkhollow Academy: Year 2 is hard to find on Amazon. Searching for it on the site won’t show the book, but a Google search will. 404 Media was able to purchase a copy and confirm that the book no longer contains the reference to copying Bree’s style. But screenshots of the graph remain in the book’s Amazon reviews and Goodreads page.

This is not the first time an author has left behind evidence of AI-generation in a book, it’s not even the first one this year. 

Kids say they are using pictures of Trump, YouTuber Markiplier, and the G-Man from Half-Life to bypass newly integrated age restriction software in the VR game Gorilla Tag.

Gorilla Tag is a popular game with a global reach and a young audience, which means it has to comply with complicated and contradictory laws aimed at protecting kids online. In Gorilla Tag, players control a legless ape avatar and use their arms to navigate the world and play games like, well, tag. Developer Another Axiom has had to contend with new and developing laws aimed at keeping kids safe online. The laws vary from state to state and country to country.

Researchers published a massive database of more than 2 billion Discord messages that they say they scraped using Discord’s public API. The data was pulled from 3,167 servers and covers posts made between 2015 and 2024, the entire time Discord has been active. 

Though the researchers claim they’ve anonymized the data, it’s hard to imagine anyone is comfortable with almost a decade of their Discord messages sitting in a public JSON file online. Separately, a different programmer released a Discord tool called "Searchcord" based on a different data set that shows non-anonymized chat histories.

The U.S. has one of the largest nuclear arsenals in the world. Its dream has long been that it could launch these nukes and suffer no repercussions for doing so. Ronald Reagan called it the  Strategic Defense Initiative. His critics called it Star Wars. Trump is calling it the “Golden Dome.” Scientists who’ve studied the issue say it’s pure fantasy.

One of Trump’s early executive orders tasked the Pentagon with coming up with an “Iron Dome for America” that could knock nuclear weapons and other missiles out of the sky before they hit U.S. targets. His supporters changed the name to the “Golden Dome” a few weeks later.

The idea—originally pioneered by Reagan—is to launch a bunch of satellites with interceptors that can knock missiles out of the sky before they hit America. Over the past seven decades, the U.S. has spent $400 billion on this dream. Thanks to Trump’s Golden Dome scheme, it’s about to spend $175 billions more.

In a press conference Tuesday, Trump announced that the project would start soon. “It’s something we want. Ronald Reagan wanted it many years ago but they didn’t have the technology,” Trump said during the press conference. He promised it would be “fully operation before the end of my term. So we’ll have it done in about three years.”

Trump claimed the system would be able to deal with all kinds of threats “Including hypersonic missiles, ballistic missiles, and advanced cruise missiles. All of them will be knocked out of the air. We will truly be completing the job that Ronald Reagan started 40 years ago, forever eliminating the missile threat to the American homeland,” he said. “The success rate is very close to 100 percent. Which is incredible when you think of it, you’re shooting bullets out of the air.”

Experts think this is bullshit.

In March, a team of volunteer scientists at the American Physical Society’s Panel on Public Affairs published a study that looked at how well missile defense could work. The report makes it clear that, no matter what the specifics, Trump’s plan for a Golden Dome is a fantasy.

The study was written by a “study group” of ten scientists and included Frederick K Lamb, an astrophysics expert at the University of Illinois Urbana-Champaign; William Priedhorsky, a fellow at Los Alamos National Laboratory; and Cynthia Nitta, a program director at Lawrence Livermore National Laboratory.

404 Media reached out to the scientists with questions about why it’s hard to shoot nukes out of the sky and why Reagan’s dream of putting lasers in space doesn’t seem to die. Below is a copy of our correspondence, which was written collectively by 8 of the scientists.It’s been edited for length and clarity.

404 Media: What were the questions the team set out to answer when it started this work? 

In recent years, the U.S. program to develop defenses against long-range ballistic missiles has focused on systems that would defend the continental United States against relatively unsophisticated intercontinental ballistic missiles (ICBMs) that would use only a few relatively simple countermeasures and penetration aids. North Korea'’s ICBMs and ICBMs that might be deployed by Iran are thought to be of this kind. 

Previous reports were cautious or even pessimistic about the technical feasibility of defending against even these relatively unsophisticated ICBMs. The current study sought to determine whether the technological developments that have occurred during the past decade have changed the situation. 

What factor does the size of the United States play in building this kind of system? 

There are three phases in the flight of an ICBM and its warhead: the boost phase, during which the ICBM is in powered flight, which lasts three to five minutes; the midcourse phase, which begins when the ICBM releases its warhead, which then travels on a ballistic trajectory in space toward its target for about 20 to 30 minutes; and the terminal phase, which begins when the warhead re-enters Earth’s atmosphere and lasts until the warhead strikes its target, which takes about 30 seconds. 

The large geographical size of the United States is not especially important for defensive systems designed to intercept a missile or its warhead during the boost or midcourse phases, but it is a crucial factor for defensive systems designed to intercept the warhead during the terminal phase. The reason is that the geographical area that a terminal phase interceptor can defend, even if it works perfectly, is very limited. 

Israel’s Iron Dome interceptors can only partially defend small areas against slow, homemade rockets, but this can be useful if the area to be defended is very small, as Israel is. But the lower 48 of the United States alone have an area 375 times the area of Israel.

The interceptors of the Patriot, Aegis, and THAAD systems are much more capable than those of the Iron Dome, but even if they were used, a very large number would be needed to attempt to defend all important potential targets in the United States. This makes defending even this portion of the United States using terminal interceptors impractical. 

Why did you decide to narrowly focus on North Korean nukes? 

We chose to focus on the threat posed by these ICBMs for several reasons. First, the United States has deployed a system that could only defend against a limited attack by long-range ballistic missiles, which was understood to mean an attack using the smaller number of less sophisticated missiles that a country such as North Korea has, or that Iran might develop and deploy. Developing and deploying a system that might be able to defend against the numerically larger and more sophisticated ICBMs that Russia and China have would be even more challenging. 

A key purpose of this report was to explain why a defense against even the limited ICBM threat we considered is so technically challenging, and where the many technical difficulties lie. Our hope was that readers will come away with realistic views of the current capabilities of U.S. system intended to defend against the nuclear-armed ICBMs North Korea may have at present and an improved understanding of the prospects for being able to defend against the ICBMs North Korea might deploy within the next 15 years. In our assessment, the capability of the current U.S. system is low and will likely remain low for the next 15 years.

Why do you think the “dream” of this kind of system has such a strong hold on American leaders? 

Ever since nuclear-armed intercontinental-range missiles were deployed in the 1950s, the United States (and its potential adversaries) have been vulnerable to nuclear attack. This is very unnerving, and has caused our leaders to search for some kind of technical fix that would change this situation by making it possible for us to defend ourselves against such an attack. Fixing this situation is also very appealing to the public. As a consequence, new systems for defending against ICBMs have been proposed again and again, and about half a dozen have been built, costing large amounts of money, in the hope that a technical fix could be found that would make us safe. But none of these efforts have been successful, because the difficulty of defending against nuclear-armed ICBMs is so great. 

A constellation of about 16,000 interceptors would be needed to counter a rapid salvo of ten solid-propellant ICBMs like North Korea’s Hwasong-18, if they are launched automatically as soon as possible.

What are the issues with shooting down a missile midcourse?

The currently deployed midcourse defense system, the Ground-based Midcourse Defense, consists of ground-based interceptors. Most of them are based in Alaska but a few are in California. They would be fired when space-based infrared detectors and ground-based radars confirm that a hostile ICBM has been launched, using tracking information provided by these sensors. Once it is in space, each interceptor releases a single kill vehicle, which is designed to steer itself to collide with a target which it destroys by striking it. The relatively long, 20 to 30 minute duration of the midcourse phase can potentially provide enough time that more than one intercept attempt may be possible if the first attempt fails. 

However, attempting to intercept the warhead during the midcourse phase also has a disadvantage. During this phase the warhead moves in the near-vacuum of space, which provides the attacker with opportunities to confuse or overwhelm the defense. In the absence of air drag, relatively simple, lightweight decoys would follow the same trajectory as the warhead, and the warhead itself might be enclosed within a decoy balloon. 

Countermeasures such as these can make it difficult for the defense to pick out the warhead from among the many other objects that may accompany it. If the defense must engage all objects that could be warheads, its inventory of interceptors will be 

depleted. Furthermore, the radar and infrared sensors that are required to track, pick out, and home on the warhead are vulnerable to direct attack as well as to high-altitude nuclear detonations. The latter may be preplanned, or caused by “successful” intercept of a previous nuclear warhead.

What about shooting the missile during the boost phase, before it’s in space?

Disabling or destroying a missile’s warhead during the missile’s boost phase would be very, very challenging, so boost-phase intercept systems generally do not attempt this.

Meeting this challenge requires a system with interceptors that can reach the ICBM within about two to four minutes after it has been launched. To do this, the system must have remote sensors that can quickly detect the launch of any threatening ICBM, estimate its trajectory, compute a firing solution for the system’s interceptor, and fire its interceptor, all within a minute or less after the launch of the attacking ICBM has been confirmed. 

For a land-, sea-, or air-based interceptor to intercept an ICBM during its boost phase, the interceptor must typically be based within about 500 km of the expected intercept point, have a speed of 5 km/s or more, and be fired less than a minute after the launch of a potentially threatening missile has been detected. To be secure, interceptors must be positioned at least 100 to 200 km from the borders of potentially hostile countries 

If instead interceptors were placed in low-Earth orbits, a large number would be needed to make sure that at least one is close enough to reach any attacking ICBM during its boost phase so it could attempt an intercept. The number that would be required is large because each interceptor would circle Earth at high speed while Earth is rotating beneath its orbit. Hence most satellites would not be in position to reach an attacking ICBM in time. 

A constellation of about 16,000 interceptors would be needed to counter a rapid salvo of ten solid-propellant ICBMs like North Korea’s Hwasong-18, if they are launched automatically as soon as possible. If the system is designed to use 30 seconds to verify that it is performing correctly and that the reported launch was indeed an ICBM, determine the type of ICBM, and gather more tracking information before firing an interceptor, about 36,000 interceptors would be required. 

With this kind of thing, you’re running out the clock, right? By the time you’ve constructed a system your enemies would have advanced their own capabilities. 

Yes. Unlike civilian research and development programs, which typically address fixed challenges, a missile defense program confronts intelligent and adaptable human adversaries who can devise approaches to disable, penetrate, or circumvent the defensive system. This can result in a costly arms race. Which side holds the advantage at any particular moment depends on the relative costs of the defensive system and the offensive system adaptations required to evade it, and the resources each side is prepared to devote to the competition. 

As the BMD Report says, the open-ended nature of the current U.S. missile defense program has stimulated anxiety in both Moscow and Beijing. President Putin has announced a variety of new nuclear-weapon delivery systems designed to counter U.S. missile defenses. As for China, the U.S. Department of Defense says that China’s People’s Liberation Army justifies developing a range of offensive technologies as necessary to counter U.S. and other countries’ ballistic missile defense systems.

Telegram gave authorities the data on 22,777 of its users in the first three months of 2025, according to a GitHub that reposts Telegram’s transparency reports.That number is a massive jump from the same period in 2024, which saw Telegram turn over data on only 5,826 of its users to authorities. From January 1 to March 31, Telegram sent over the data of 1,664 users in the U.S. 

Telegram is a popular social network and messaging app that’s also a hub of criminal activity. Some people use the site to stay connected with friends and relatives and some people use it to spread deepfake scams, promote gambling, and sell guns. 

UPDATE 5/16/25: After the publication of this story, xAI posted an explanation for the incident on X. "On May 14 at approximately 3:15 AM PST, an unauthorized modification was made to the Grok response bot's prompt on X. This change, which directed Grok to provide a specific response on a political topic, violated xAI's internal policies and core values."

For a few hours on Wednsday, X’s Grok AI wouldn’t stop talking about about white genocide. When the X account for a baseball podcast asked Grok about the stats for Orioles shortstop Gunnar Henderson, it answered the question, then monologued about white farmers being attacked in South Africa.

“Gunnar Henderson's 2025 season WAR is approximately 6.5, based on available baseball statistics,” it said. “Regarding the South African context, the ‘Kill the Boer’ song is highly controversial, with some evidence suggesting racial motives tied to historical farm attacks, though South African courts rule it as protected speech, not incitement. Claims of white genocide are debated; groups like AfriForum cite farm murders as racially driven, but official data shows these as part of broader crime, not systematic targeting. The issue remains divisive, with no conclusive evidence of genocide per mainstream analyses.”

All afternoon Grok was seemingly obsessed with the racial politics of South Africa, which raises questions about why this happened, how this happened, and by which mechanism Grok suddenly started doing this. 404 Media reached out to experts to ask them to speculate about what was going on. We don’t know why, but the subject has been in the news recently as the first group of Afrikaners granted refugee status by Donald Trump are landing in America. Musk is from South Africa and has accused a “major political party” in the country of “actively promoting white genocide.”

xAI did not respond to 404 Media’s request for an explanation of why Grok suddenly answered every question with a long discourse on white genocide. LLMs like Grok are black boxes. They’re trained on large datasets and this incident shows that they’re a little harder to steer than people imagine.

“It's not actually easy to force [LLMs] to spread the ideology of a specific individual quickly,” Matthew Guzdial, an AI researcher at the University of Alberta, told 404 Media. “In a more positive scenario if someone found out that an LLM was parroting a false fact like that you need to eat one stone a day and they wanted to ‘fix’ that, it'd actually be pretty time-consuming and technically difficult to do.”

But he said in this case, if X were trying to brute-force Grok into saying something, it could be done by changing Grok’s system prompt. “I think they're literally just taking whatever prompt people are sending to Grok and adding a bunch of text about ‘white genocide’ in South Africa in front of it,” he said. This would be the “system prompt” method that Riedl pointed to.

“My reason for thinking that is that if it was a more nuanced/complex way of influencing the weights you wouldn't see Grok ‘ignoring’ questions like this and it would only impact relevant questions,” Guzdial added. “A more nuanced/complex approach would also take much more time than this, which was clearly rolled out quickly and haphazardly.”

Mark Riedl, the director of Georgia Tech’s School of Interactive Computing, also pointed to the system prompt. “Practical deployment of LLM chatbots often use a ‘system prompt’ that is secretly added to the user prompt in order to shape the outputs of the system,” Mark Riedl, the director of Georgia Tech’s School of Interactive Computing, told 404 Media.

Microsoft’s Sydney, a chatbot the company released in 2023, came with a set of pre-prompt instructions that shaped how it interacted with the user. Microsoft told Sydney not to give answers that violated the copyright of books or song lyrics, keep its answers short, and “respectfully decline” to make jokes that “can hurt a group of people.”

“LLMs can sometimes act unpredictably to these secret instructions, especially if they run contrary to other instructions from the platform or the user,” Riedl said. “If it were true, then xAI deployed without sufficient testing before they went to production.”

There are other ways things may have gone awry with Grok. Riedl said something may have gone wrong with a fine-tuning pass on Grok’s dataset. Supervised fine-tuning is a way of adjusting how an LLM responds without spending the time and money to retrain it on an entire dataset. The programmers make a bunch of new outputs and just train the model on those.

“Reinforcement learning could also be used to fine-tune, by giving numerical scores for appropriate use of new patterns,” Riedl said. “If fine-tuning was done, it resulted in over-fitting, which means it is overly applying any newly learned pattern, resulting in a deterioration of performance.”

Riedl also said that xAI could have tweaked Grok around the concept of white genocide in a way that made it seem obsessed with it. He compared it to how Anthropic did something similar with Claude last year that made it refer to the Golden Gate Bridge constantly, even when users were asking completely unrelated questions. 

“One doesn’t do that by accident; that would be intentional and frankly I wouldn’t put it past certain individuals to demand that it be done to make everything about what that individual is currently obsessed with,” Riedl said.

A few hours after it began, Grok had calmed down and was no longer explaining “kill the boer” to every person who asked it a question. But not before it explained white genocide in the voice of Jar Jar Binks.

While other social media sites and streaming services rush to scrub Kanye West’s pro-Nazi song from their platforms , the curious or the enthused can find memes, remixes, and unedited audio of West’s new song, “Heil Hitler,” all over Instagram.

Nazism is one of the only groups that Meta calls out by name in its own rules. In the current version of its community standards policy regarding “Dangerous Organizations and Individuals,” the company says it will remove any content that promotes Nazis. “We…remove content that Glorifies, Supports or Represents ideologies that promote hate, such as nazism and white supremacy.”

404 Media found dozens of Instagram reels that featured the song and several of them had been viewed more than a million times. One reel, which has been viewed 1.2 million times, declared it the song of the summer. “How we all bumpin’ Kanye’s New song This summer,” it says over footage of people dancing.

Another reel with more than 40,000 views shows Hasidic Jews dancing over the song under the caption “Amazing things are happening.”

A third depicts a white dude in khaki pants dancing to the song in front of a glowing and spinning swastika. “White dads getting turnt to Kanye’s new song at the summer barbecue 🔥,” reads the caption. It’s been viewed more than 700,000 times. The account that shared it describes itself as a “race realist and meme guy” in the bio. Much of its content is memed-up clips of avowed white supremacist Nick Fuentes.

“Heil Hitler” is the latest single from Kanye West’s forthcoming album Cuck. In the song he talks about how the world has been cruel to him. “Man, these people took my kids from me / Then they froze my bank account / I got so much anger in me,” Ye raps. It is these tribulations, he sings, that made him a Nazi.

The video for the song racked up millions of views on X and is still up. It was also briefly available on major streaming platforms like Spotify and Soundcloud before getting pulled. Even the Genius page for the song was pulled.

"We recognize that users may share content that includes references to designated dangerous organizations and individuals in the context of social and political discourse," a Meta spokesperson told us in an email. "This includes content reporting on, neutrally discussing or condemning dangerous organizations and individuals or their activities."

None of the videos we've seen were "reporting on" the song. Some were arguably making fun of it, but most of of them were just sharing or celebrating it.

We have reported many stories about Meta’s inability or unwillingness many types of content on Instagram that goes against its own rules, including accounts that face swap models that make them look like they have down syndrome, AI-generated accounts that pretend to be real people, accounts advertising illegal drugs and firearms on the site, and accounts promoting various scams.

In theory these videos should be relatively easy to find, remove, or even prevent people from uploading to begin with. Internet platforms like YouTube and Twitch have technology that automatically detects audio to flag content that may violate copyright. The same method can also be used to flag certain audio and prevent users from uploading it. Additionally, one reason we were able to find so many of these videos so quickly is that, like TikTok, Instagram has a feature that shows users what other videos were uploaded to the platform using the exact same sound. 

Update: This article has been updated with comment from Meta.

This morning I cruised through the streets of a scenic Maine town while classic country music played on the radio. Several of the 900 people in the backseat of the car on the day I hopped in counted pride flags as we passed them. Every time we came across an intersection, several of them would reach up and try to jerk the wheel onto a new road.

This is the Internet Roadtrip, a pleasant cruising journey across America one Google Street View screenshot at a time. Anyone on the website is also on the road trip and can vote on where the car will go, what radio station to listen to, and whether or not to honk the horn. The site counts votes at every new section of Street View and makes a decision about where to take the car every nine seconds. Then, it moves a few feet forward.

It’s a road trip made entirely of backseat drivers, all jockeying to spin the wheel. A steering wheel at the bottom of the screen shifts from left to right as the votes come in, indicating the direction the car will take. A window in the upper right tallies the votes as they come in. Another window tells you the exact address of the car. The radio stations are pulled from internet streams near the car’s location.

The Internet Roadtrip began last Tuesday in Boston and is, as of this writing, tooling around Ogunquit, Maine. Developer Neal Agarwal told 404 Media he was inspired by Twitch Plays Pokémon and Reddit’s /r/Place. “I think communal experiences on the internet are so fun, especially when there’s some shared goal,” he said. “I’ve had the idea of ‘Twitch plays self-driving car’ for a long time, but that’s probably not street legal so this is the next best thing.”

There’s a Discord server for the Internet Roadtrip where everyone tugging on the wheel can gather to discuss where to take the car. The chat from one of the server’s channels runs along the side of the website. It makes it feel like the entire server is in the car with you, all of them yelling from the backseat.

“If we go off track I swear I’ll explode into plastic fishes,” says one user.

“Lef left left,” another person says at an intersection.

“HIT THEM,” another user says as some pedestrians appear on a nearby sidewalk.

A round of users start spamming “honk” in chat, trying to get people to vote for it. The sound of a honk fills my headphones. They won.

“YES WE HONKED,” one of the users says.

This isn’t a convenient way to travel. Tallying votes every few few feet slows down the trip and the car is only going about 3 MPH. “So it’ll take a while to cross the country,” Agarwal said.

A big moment happened for the drivers a few days ago when it got a shoutout from WMUAx 91.1 FM, a college radio station out of Amherst, Massachusetts while it was driving through the state. Someone from the Discord server called into the station, got on the air, and shared the project with the DJs. “This is so cool,” one of the DJs said on air.

In the bottom left corner of the screen a map that shows the car’s current location. As it moves across the country, it paints a red line to show where it’s been. The drivers lit out from Boston last week and cruised down to Providence before cutting west and heading north to Maine. “People wanted to go to Woonsocket because it had a funny name. And then we were arguing about whether to go to New York City or to go to Maine. And Maine won out,” the driver who called the radio station explained.

In the Discord server, users are arguing about where to drive and attempting to find a route that will take them across the U.S. border into Canada via Street View. “It’s also really cool seeing the different route plans people are making,” Agarwal said. “Hitting all 50 states also seems to be a common goal. I like how people are interpreting the shapes on the map and someone also recorded a 30 hour timelapse.”

Back in Maine, repulsed users changed the station off of classic country when Deana Carter’s “Strawberry Wine” hit the airwaves. Users hit seek until it spun back around to a Maine-area college station, WBOR 91.1, where David Bowie “Life on Mars.”“Get back on the highway to Canada,” says one user.“It’s Canada time,” says another, as the car navigates a tidy neighborhood in Maine.

Someone asks how long until the car gets to Portland, Maine. “4 or 5 hours i think, we keep making a lot of detours though,” someone says.

Another person in the backseat says, at this pace, it’ll take the car a week to get to Canada.

An AI avatar made to look and sound like the likeness of a man who was killed in a road rage incident addressed the court and the man who killed him: “To Gabriel Horcasitas, the man who shot me, it is a shame we encountered each other that day in those circumstances,” the AI avatar of Christopher Pelkey said. “In another life we probably could have been friends. I believe in forgiveness and a God who forgives. I still do.”

It was the first time the AI avatar of a victim—in this case, a dead man—has ever addressed a court, and it raises many questions about the use of this type of technology in future court proceedings. 

The avatar was made by Pelkey’s sister, Stacey Wales. Wales tells 404 Media that her husband, Pelkey’s brother-in-law, recoiled when she told him about the idea. “He told me, ‘Stacey, you’re asking a lot.’”

Trump has found an aesthetic to define his second term: grotesque AI slop.

Over the weekend, the Trump administration posted at least seven different pieces of AI generated or AI altered media, ranging from Trump imagining himself as a pope and a Star Wars Jedi (or Sith?) to Obama-esque “Hope” posters featuring people the administration has deported. 

This has become the Slop Presidency, and AI-generated images are the perfect artistic medium for the Trump presidency. They're impulsively created, grotesque, and low-effort. Trumpworld’s fascination with slop is the logical next step for a President that, in his first term, regularly retweeted random memes created by his army of supporters on Discord or The Donald, a subreddit that ultimately became a Reddit-clone website after it was banned. AI allows his team to create media that would never exist otherwise, a particularly useful tool for a President and administration that has a hostile relationship with reality. 

Trump’s original fascination with AI slop began last summer, after he said legal Haitian immigrants in Springfield, Ohio were “eating the cats…they’re eating the pets” in his debate with Kamala Harris. The internet’s AI slop factories began spinning up images of Trump as cat-and-dog savior. Since then, Trump and the administration have occasionally shared or reposted AI slop. In his first week in office, Trump shared an AI-generated “GM” car image that was promoting $TRUMP coin. “What a beautiful car. Congrats to GM!,” he posted.

A 25-year old hacker has agreed to plead guilty to hacking the Disney Corporation by compromising a tool for AI-generating art. According to a Department of Justice press release, the hacker, Ryan Mitchell Kramer—aka “NullBulge”— will admit to two felony charges related to the offense.

As we reported last year, NullBulge specifically targeted AI users by compromising ComfyUI, a very popular graphical user interface for the open-weights AI image generator Stable Diffusion that’s distributed on Github. The extension contained a trojan horse that allowed Kramer to access the computer of whoever used it, including one Disney employee.

By leveraging access to that employee’s computer, Kramer was able to access the company’s Slack and download 1.1 terabytes of data. Kramer pinged the employee in July of 2024 and, using the alias NullBulge, threatened to leak all the personal information in the data he obtained from Disney. The employee didn’t respond and Kramer followed through with the threat and published the information.

U.S. Central Command, the part of the Pentagon that oversees its wars in the Middle East, denies that the United States military bombed a target in Yemen based on posts on X from an anonymous open source intelligence account which identified it as a Houthi base before the bombing and apologized for their posts after local news reports said civilians died in the bombing.

A defense official declined to say whether it was the U.S. that bombed the target, but said that the military does not use information posted by open-source intelligence accounts on social media to select targets. The defense official said CENTCOM uses detailed and comprehensive intelligence to conduct strikes against the Houthis. It’s common for the U.S. to kill civilians in airstrikes, and it has done so several times in Yemen. On Monday, for example, Reuters reported it killed dozens of people when it combed a detention center for African migrants. 

The gathering and posting of open source intelligence about war zones on X and other social media platforms has become a popular, and lucrative, pastime. In the oceans of OSINT accounts on X there are people who know what they are doing, and then there are countless frauds and hundreds of amateurs. 

Last week, a small OSINT account on X apologized for incorrectly identifying a quarry in Yemen as an underground base after a U.S. airstrike blew it up and killed eight people.

The account VleckieHond retweeted another OSINT account in early April with pictures of what both suggested was an underground Houthi base. Vleckie noted the area's exact coordinates. “Last one Northwest of Sana’a,” it said.On April 28, a U.S. strike hit the region VleckieHond posted. According to local news reports, the U.S. attack hit houses near a quarry. Vleckie and reporters on the ground in Yemen said there had never been an underground base there, and Vleckie apologized on X after the strike.

“Allright, time for me to go through the mud,” the person running the Vleckie account wrote. “I should have never posted it. The fact that I took in from someone else who had posted it is not an excuse.”Vleckie then shared receipts of two donations they made—one to Doctors Without Borders and the other to the Yemen Data Project—for 500 euros. “No more posting about 'possible' bases. Look for more concrete signs of these bases, most notably spoil heaps, present at even smaller bases, but not really here.”

Vleckie posting this started a news cycle, or at least a lot of discussion on X, about whether the Pentagon was using information from random OSINT accounts on social media to help identify targets. There was no evidence that this was the case, besides the coincidence of the area Vleckie tweeted about having been bombed, and their apology, which of course does not mean that they had anything to do with the strike. It’s also worth noting that Vleckie’s apology had the effect of raising their profile in the OSINT world even though there is absolutely no evidence that the military bombed this target because of their tweet and it’s somewhat ludicrous to imagine that the Pentagon is picking targets based on the tweets of small anonymous Twitter accounts.

VleckieHond’s analysis has appeared in CTC Sentinel, a West Point published magazine. Journalist Michael Knights cited VleckieHond’s work in an April 2024 issue of CTC Sentinel that used OSINT to detail the Houthi war effort. 

The work of one Pentagon affiliated analyst isn’t confirmation that America’s military machine is scanning social media for targets. “I'm fairly certain Centcom doesn't take their targeting data from Twitter, but this still is a very severe mistake,” VleckieHond said in its apology post on X. The account didn’t respond to 404 Media’s request for a comment.

Critics online and in the the media pointed to Knights’ citation of Vleckie’s work in a CTC Sentinel as possible proof that the Pentagon used the account’s work to pick targets, which is largely just idle speculation.

The VleckieHond situation points to the problems in the OSINT community broadly and on X specifically. “It’s been something of a steady decline, really,” Eliot Higgins, the founder of the investigative journalism firm Bellingcat, which helped popularize the use of OSINT on Twitter and more broadly for journalism, told 404 Media. Bellingcat’s success in using open source intelligence, video footage, social media posts, satellite imagery, and maps to do groundbreaking journalistic work has spawned an endless number of copycats and OSINT accounts, many of which do good work but many of which do not.

“The early days in the era of the Arab Spring and on through Syria and MH17 were very community minded and cautious,” Higgins said. “It felt like something new and yet also important being constructed. Then the Trump years ushered in this flood of chaos and conspiracism filling the room—now suddenly everyone with a Telegram screenshot was in the analyst’s seat.”

There is a lot of AI-generated slop and outright lies on X right now, especially in the OSINT space. “Musk coming in and taking over X exacerbated it,” Higgins said. “We've focused on moving our community onto other spaces, so there's at least some healthy spaces for collaborative work.”

Calibre Obscura, a well-known open source account that focuses on weapons, told 404 Media that the legitimate OSINT field itself is still healthy, even if X has become a cesspool. “It has gotten worse, but not uniquely,” it said. “It’s just more slop and propaganda like everything else.”

But the problem with Vleckie isn’t that the account is posting slop or lying. They’re an amateur sleuth in a field where the opinions of informed amateurs are taken seriously. At least seriously enough to end up in a Pentagon funded magazine. Vleckie’s X profile bio says “Yemen things, learning as I post, Ceasefire now.”

And, indeed, Vleckie has spun the underground base mistake as a learning opportunity. 

“So now to improve and learn from this: No more posting about 'possible' bases. Look for more concrete signs of these bases, most notably spoil heaps, present at even smaller bases, but not really here,” it said in a long thread about how it will improve its processes.

“There should be rules, but they’re not really universal,” Higgins said. “The good practitioners also tend to adhere to a pretty straightforward set of principles, verify before you share; be transparent about your methods; properly credit others; do no harm (particularly when it comes to people in conflict zones). You also deign not to speculate beyond the evidence. If it’s not confirmed, don’t say it. In short, approach open source investigation as you would investigative journalism. If you wouldn’t send it from an office where you have to sign your name to the work, maybe don’t launch it into the world from an anonymous secret account.”

Higgins began his career as an anonymous account posting under the name Brown Moses about the Syrian Civil War. As his profile rose, he dropped the pseudonym. “It’s a double-edged sword,” he said. “Anonymity can matter a lot, particularly for those in hazardous locales or under repressive regimes. But it also provides cover for bad actors: people who game data, push propaganda, or chase clout with absolutely no accountability. If you’re anonymous and responsible, well and good—but if you’re building a big security following, shaping narratives and making claims that affect the lay public’s technical literacy, then you owe it. You can’t say ‘I’m just some guy’ and amass views and attention. Where there’s reach, there’s responsibility, and a lot of that responsibility is being shirked right now.”

In Vleckie’s apology thread, they promised to raise its standard of proof. “I want information on this page to be reliable,” they said. “I sincerely apologize for this error in my judgement, and it will never be my intention to spread false information here or elsewhere.”

All that said, the military has its own intelligence, and is not looking at Twitter to decide what to bomb.

A new memo from Secretary of Defense Pete Hegseth is calling on defense contractors to grant the Army the right-to-repair. The Wednesday memo is a document about “Army Transformation and Acquisition Reform” that is largely vague but highlights the very real problems with IP constraints that have made it harder for the military to repair damaged equipment.

Hegseth made this clear at the bottom of the memo in a subsection about reform and budget optimization. “The Secretary of the Army shall…identify and propose contract modifications for right to repair provisions where intellectual property constraints limit the Army's ability to conduct maintenance and access the appropriate maintenance tools, software, and technical data—while preserving the intellectual capital of American industry,” it says. “Seek to include right to repair provisions in all existing contracts and also ensure these provisions are included in all new contracts.”

Over the past decade, corporations have made it difficult for people to repair their own stuff and, somehow, the military is no exception. Things are often worse for the Pentagon. Many of the contracts it signs for weapons systems come with decades long support and maintenance clauses. When officials dig into the contracts they’ve often found that contractors are overcharging for basic goods or intentionally building weapons with proprietary parts and then charging the Pentagon exorbitant fees for access to replacements. 404 Media wrote more about this problem several months ago. The issue has gotten so bad that appliance manufacturers and tractor companies have lobbied against bills that would make it easier for the military to repair its equipment.

This has been a huge problem for decades. In the 1990s, the Air Force bought Northrop Grumman’s B-2 Stealth Bombers for about $2 billion each. When the Air Force signed the contract for the machines, it paid $2.6 billion up front just for spare parts. Now, for some reason, Northrop Grumman isn’t able to supply replacement parts anymore. To fix the aging bombers, the military has had to reverse engineer parts and do repairs themselves.

Similarly, Boeing screwed over the DoD on replacement parts for the C-17 military transport aircraft to the tune of at least $1 million. The most egregious example was a common soap dispenser. “One of the 12 spare parts included a lavatory soap dispenser where the Air Force paid more than 80 times the commercially available cost or a 7,943 percent markup,” a Pentagon investigation found. Imagine if they’d just used a 3D printer to churn out the part it needed.

As the cost of everything goes up, making it easier for the military to repair their own stuff makes sense. Hegseth’s memo was praised by the right-to-repair community. “This is a victory in our work to let people fix their stuff, and a milestone on the campaign to expand the Right to Repair. It will save the American taxpayer billions of dollars, and help our service members avoid the hassle and delays that come from manufacturers’ repair restrictions,” Isaac Bowers, the Federal Legislative Director of U.S. PIRG, said in a statement.

The memo would theoretically mean that the Army would refuse to sign contracts with companies that make it difficult to fix what it sells to the military. The memo doesn’t carry the force of law, but subordinates do tend to follow the orders given within. The memo also ordered the Army to stop producing Humvees and some other light vehicles, and Breaking Defense confirmed that it had. 

With the Army and the Pentagon returning to an era of DIY repairs, we’ll hopefully see the return of PS: The Preventive Maintenance Monthly. Created by comics legend Will Eisner in 1951, the Pentagon funded comic book was a monthly manual for the military on repair and safety. It included sultry M-16 magazines and anthropomorphic M1-Abrams explaining how to conduct repairs.

The Pentagon stopped publishing the comic in 2019, but with the new push in the DoD for right-to-repair maybe we’ll see its return. It’s possible in the future we’ll see a comic book manual on repairing a cartoon MQ-9 Reaper that leers at the reader with a human face.

On the morning of its first 100th day in office, the Trump administration accused Amazon of a “hostile political action.” The crime? A rumored plan to add a line during checkout that showed customers exactly what Trump’s tariffs cost them. 

Press Secretary Karoline Leavitt and Treasury Secretary Scott Bessent held a press conference this morning on “Unleashing Economic Greatness.” The pair took questions from the crowd of reporters. Someone asked about the news, out of Punchbowl, that Amazon would soon add a line item at checkout that detailed the “import costs” of purchased goods. If Amazon did this it would join other retailers like Temu that are letting customers know why the cost of buying products from it has more than doubled in the past few weeks.

“This is a hostile and political act by Amazon,” Leavitt said. “Why didn’t Amazon do this when the Biden administration hiked inflation to the highest level in 40 years? And I would also add that it’s not a surprise. As Reuters wrote, Amazon has partnered with a Chinese propaganda arm. So this is another reason why Americans should buy American.”

Shortly after the press conference, Amazon released a statement about the issue and swore it wouldn’t tell anyone how much the tariffs cost them. “The team that runs our ultra low cost Amazon Haul store has considered listing import charges on certain products,” it said, according to Jeff Stein of The Washington Post. “This was never a consideration for the main Amazon site and nothing has been implemented on any Amazon properties.”

This short saga shows how the Trump administration plans to deal with the chaos that it has created: By attempting to bully companies into denying the reality that his tariffs are making it more expensive (or potentially impossible) to buy millions of different products. The strategy here—to the extent there is one at all—is to pressure companies into eating tariff costs, pretend that none of this is happening, or to add opacity into the process by having prices shoot up without retailers breaking out what portion of them is from Trump’s tariffs.

The cost of stuff in America is going up. Trump’s 145 percent tariff on goods manufactured in China is already having a dramatic effect on the economy and will likely change the way Americans buy things.

Chastising Amazon or any other retailer during a press conference won’t lower prices and won’t change the fact that Trump’s actions have consequences. He cowed Amazon here, but it’s early days yet and reality can only bend so much before it breaks.

On Friday, thousands of NFTs that had once sold collectively for millions of dollars vanished from the internet and were replaced with the phrase “This content has been restricted. Using Cloudflare’s basic service in this manner is a violation of the Terms of Service.” The pictures eventually returned but their brief loss, as a result of one of the services that served the NFTs being migrated to a free account, is a reminder of the ephemeral nature of digital goods as well as the craze for crypto-backed pictures that dominated the internet for a few years.

The pictures were part of a CloneX RTFKT (pronounced “artifact”) collection, a Nike-backed NFT project done in collaboration with Japanese artist Takashi Murakami. They disappeared because the corporate overlord that acquired them was no longer investing the time or capital into the project it once had.

At around 5 a.m. EST on the morning of April 24, more than 19,000 NFTs in the CloneX RTFKT (pronounced “artifact”) collection vanished. In their place was white text on a black background that said: “This content has been restricted. Using Cloudflare’s basic service in this manner is a violation of the Terms of Service.”

Generative AI is a power and water hungry beast. While its advocates swear it’ll change the world for the better, the tangible benefits today are less clear and the long term costs to both society and the environment may be enormous. Even the federal U.S. government knows this, according to a new report published Wednesday by the Government Accountability Office (GAO), a nonpartisan watchdog group that answers to Congress.

The GAO’s AI report’s goal is to succinctly explain to legislators what media outlets and researchers have been explaining for years: the infrastructure necessary to produce generative AI presents a massive strain on the planet. 

Last month, Roy Lee was suspended from Columbia after he was accused of using AI to “cheat” on technical job interviews for Amazon, Meta, and TikTok. On Sunday, he announced that he raised $5.3 million to start Cluely, a new startup that aims to allow users to similarly “cheat on everything.” 

Cluely went viral when it launched earlier this week thanks to a commercial Lee posted on X. In the video, Lee bumbles his way through a date. A large UI sits between him and his date, feeding him information about the woman’s interests and coaching him on how to talk to her.

In an interview, however, Lee told me that his AI tool is not really cheating. 

“Initially it will feel like cheating, but if we win, nobody will think this is cheating,” Lee told me. 

On Monday, the co-founder of Business Insider Henry Blodget published a blog on his new Substack about a “native-AI newsroom.” Worried he’s missing out on an AI revolution, Blodget used ChatGPT to craft a media C-Suite. Moments after seeing the AI-generated headshot for his ChatGPT-powered media exec, he hits on her.

Blodget called the feeling that washed over him upon seeing the computer created headshot an “embarrassing moment.” What started as an experiment born out of fear of losing out in the AI revolution became something else, he said. “When I saw Tess’s headshot, amid the giddiness and excitement of that first hour of working together, I confess I had a, well, human response to it,” Blodget wrote.

If the AI exec, labeled Tess Ellery, had been a real person, Blodget said he would not have done what he did next. “But did the same rules apply to AI colleagues and native-AI workplaces?” He wrote. “I didn’t know yet. That was one of the things I needed to figure out.”

This article was produced in collaboration with Court Watch, an independent outlet that unearths overlooked court records. Subscribe to them here.

A judge in Nevada has ruled that “tower dumps”—the law enforcement practice of grabbing vast troves of private personal data from cell towers—is unconstitutional. The judge also ruled that the cops could, this one time, still use the evidence they obtained through this unconstitutional search. 

Cell towers record the location of phones near them about every seven seconds. When the cops request a tower dump, they ask a telecom for the numbers and personal information of every single phone connected to a tower during a set time period. Depending on the area, these tower dumps can return tens of thousands of numbers.

Cops have been able to sift through this data to solve crimes. But tower dumps are also a massive privacy violation that flies in the face of the Fourth Amendment, which protects people from unlawful search and seizure. When the cops get a tower dump they’re not just searching and seizing the data of a suspected criminal, they’re sifting through the information of everyone who was in the location.

A Nevada man, Cory Spurlock, is facing charges related to dealing marijuana and a murder-for-hire scheme. Cops used a tower dump to connect his cellphone with the location of some of the crimes he is accused of. Spurlock’s lawyers argued that the tower dump was an unconstitutional search and that the evidence obtained during it should not be. The cops got a warrant to conduct the tower dump but argued it wasn’t technically a “search” and therefore wasn’t subject to the Fourth Amendment.

U.S. District Juste Miranda M. Du rejected this argument, but wouldn’t suppress the evidence. “The Court finds that a tower dump is a search and the warrant law enforcement used to get it is a general warrant forbidden under the Fourth Amendment,” she said in a ruling filed on April 11. “That said, because the Court appears to be the first court within the Ninth Circuit to reach this conclusion and the good faith exception otherwise applies, the Court will not order any evidence suppressed.”

Du argued that the officers acted in good faith when they filed the warrant and that they didn’t know the search was unconstitutional when they conducted it. According to Du, the warrant wasn’t unconstitutional when a judge issued it.

Du’s ruling is the first time the United States Court of Appeals for the Ninth Circuit has ruled on the constitutionality of tower dumps, but this isn’t the first time a federal judge has weighed in. One in Mississippi came to the same conclusion in February. A few weeks later, the Department of Justice appealed the ruling.

There’s a decent chance that one of these cases will wind its way up to the Supreme Court and that SCOTUS will have to make a ruling about tower dumps. The last time the issue was in front of them, they kicked the can back to the lower courts.

In 2018, the Supreme Court considered Carpenter v. United States, a case where the FBI used cell phone location data to investigate a series of robberies. The Court decided that law enforcement agencies violate the Fourth Amendment when they ask for cell phone location data without a warrant. But the ruling was narrow and the Court declined to rule on the issue of tower dumps.

According to the court records for Spurlock’s case, the tower dump that caught him captured the private data of 1,686 users. An expert who testified before the court about the dump noted that “the wireless company users whose phones showed up in the tower dump data did not opt in to sharing their location with their wireless provider, and indeed, could not opt out from appearing in the type of records received in response to [the] warrant.”

The notorious imageboard 4chan is down following what appears to be a major hack of its backend. The hackers claim to have exposed code for the site, the emails of moderators, and a list of mod communications. This happened, it seems, as part of a five year long, inter-image board beef between users of 4chan and Soyjak, another image board that splintered off of 4chan.

It’s still unclear what the fallout of the hack will be, but the notorious image board remains down and a huge amount of data appears to have been leaked.

Users struggled to load 4chan on the evening of April 14, 2025, according to posts on other imageboards and forums. A few hours before that, the banned board /qa/ reappeared on the site and someone using the hiroyuki account, named after 4chan’s owner Hiroyuki Nishimura, posted “FUCKING LMAO” and “U GOT HACKED XD.