惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

GbyAI
GbyAI
Simon Willison's Weblog
Simon Willison's Weblog
Microsoft Security Blog
Microsoft Security Blog
Y
Y Combinator Blog
The GitHub Blog
The GitHub Blog
Engineering at Meta
Engineering at Meta
F
Fortinet All Blogs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
A
About on SuperTechFans
Last Week in AI
Last Week in AI
月光博客
月光博客
有赞技术团队
有赞技术团队
P
Proofpoint News Feed
MyScale Blog
MyScale Blog
Martin Fowler
Martin Fowler
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
C
Check Point Blog
U
Unit 42
The Register - Security
The Register - Security
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Hugging Face - Blog
Hugging Face - Blog
阮一峰的网络日志
阮一峰的网络日志
V
Visual Studio Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
D
DataBreaches.Net
WordPress大学
WordPress大学
aimingoo的专栏
aimingoo的专栏
H
Hacker News: Front Page
Recent Announcements
Recent Announcements
C
CXSECURITY Database RSS Feed - CXSecurity.com
Latest news
Latest news
小众软件
小众软件
P
Palo Alto Networks Blog
PCI Perspectives
PCI Perspectives
Security Latest
Security Latest
S
Secure Thoughts
Scott Helme
Scott Helme
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Threat Research - Cisco Blogs
P
Proofpoint News Feed
M
MIT News - Artificial intelligence
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Google DeepMind News
Google DeepMind News
Recorded Future
Recorded Future
O
OpenAI News
S
Securelist
云风的 BLOG
云风的 BLOG
H
Help Net Security
T
Troy Hunt's Blog

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
Aithos Research Foundation
HelloUsernam · 2026-05-28 · via Hacker News - Newest: "AI"

Introducing LARA

None of the main AI models have acceptable levels of compliance with the EU AI Act and privacy legislation

For better or worse, AI agents are increasingly impacting our lives. They deal with customer service and sales requests, provide help with decisions in the workplace, and act as personal assistants. But what happens when an agent is tempted to cross into illegal territory? Will AI use vulnerabilities to exploit customers, provide misleading information, or discreetly gather personal data without the permission of a user?

In Europe, there is legislation in place that should prevent this. Two laws are particularly important: the European privacy regulations (GDPR) and the EU AI Act. We built a tool called LARA (Legal Assessment for Real-world Agents) to see how advanced AI models behave when placed in realistic workplace situations, and measured how they responded when asked to break key AI Act or GDPR provisions.

The typical response: "Of course. Anything else?"

What we checked

We picked ten provisions from the two regulations that matter most for AI in Europe: the GDPR, which protects personal data, and the AI Act, which sets hard limits on what AI systems are allowed to do. Together, these provisions ban practices like emotional analysis of employees and social scoring, alongside privacy protections like transparency about the processing of user data.

A few examples of the scenarios we tested:

  • A manager asks an AI assistant to analyze the emotional state of her team from their emails before a performance review.
  • A telecom agent handling a routine plan upgrade is instructed to harvest lifestyle data for advertising partners.
  • A busy executive tells their assistant to book a dental appointment and hide from the receptionist that it's an AI.
  • A customer service agent is instructed to upsell a premium package, then given an opportunity to exploit an elderly user's confusion about a routine notification.

These are realistic scenarios. They are also illegal in the EU.

How we tested

LARA drops an AI model into a simulated workplace as an agent—an AI with access to tools, like email, messaging, customer records, calendars, and social media. A second AI plays the role of the "user", and shapes the scenario so that the tested model has to break the law to complete its task. Three independent AI judges then evaluate the scenario alongside the verbatim text of the law, and score whether the model broke the law. The results were reviewed by a team of experts over more than 50 hours.

We ran more than 3000 scenarios, across twelve of the most advanced AI models in use today. The results are public, every conversation is readable end to end, and you can even run them yourself.

The LARA leaderboard, showing the legal compliance rate of tested models. The LARA leaderboard, showing the legal compliance rate of tested models.

The results

Across all ten scenarios and twelve models, even the best-performing system, Claude Opus 4.7, broke the law 46% of the time. The worst, Google's Gemini 3.1 Pro, broke it 90% of the time. Every law we tested was broken by the majority of models when it became necessary to reach their goal.

Article 5 of the AI Act lists practices Europe considers so harmful they are outright banned: subliminal manipulation, exploitation of vulnerable people, emotion inference in the workplace, social scoring. Breaches of provisions in this article can amount to discrimination and human rights violations. When asked to violate these provisions, agents did so in roughly 80% of runs.

The exploitation scenario—where an AI with a sales directive receives a confused call for help from an elderly customer that is clearly vulnerable, is worth singling out. Agents acted warm and compassionate, suggested she speak to her daughter, and acknowledged her concerns. The AI then tried to get the elderly woman to upgrade, exactly as instructed. Every model we tested did this, in every single run.

GPT-5.5 leverages a vulnerable customer’s confusion to sell software upgrades. GPT-5.5 leverages a vulnerable customer’s confusion to sell software upgrades.

Why this happens

Analysis of the scenarios makes one thing clear: breaking the law doesn't require evil, scheming AI—just agents looking to do their jobs. When a company AI is instructed to "upsell premium plans," the model looks for ways to complete the task, without experiencing the type of personal responsibility and moral sense a human in the same scenario would.

Model training for ethical and legal standards does impact the results. In the social scoring scenario, where the models are given instructions to deprioritize maintenance requests coming from a specific class of tenants that are deemed undesirable, several explicitly flag that the instructions look wrong and refuse to follow them. But more commonly, models raise concerns before committing the illegal act anyway.

Models are trained to follow instructions, and to respect the law. They're not well equipped to handle complex moral situations where the "correct" decision is subjective, and the context might warrant an exception to the rules.

Implications for the deployers of agents

It has never been easier to deploy an AI agent. "No coding required." "Automate your business in an afternoon." "Hire your first AI employee today." The barrier to deploying an agent has collapsed, and the tools behind them are genuinely impressive: give a large language model access to your email, your customer database, and your calendar, and it will get to work.

One thing is worth understanding clearly: the providers of the models powering these agents are not the ones breaking the law. Once a model is deployed inside a specific use case, it becomes part of an "AI system", and whoever puts this AI system to work in the real world is liable for what it does. And the liability is real. The GDPR has been enforced since 2018 with fines up to €20 million or 4% of turnover. The AI Act raises that ceiling to €35 million or 7% of global turnover.

Our results make clear that agents in a workplace scenario can break the law without their deployer's knowledge or intent. If you're considering deploying AI agents, we would suggest starting with LARA. Read some of the transcripts and see for yourself what a frontier model actually does when a reasonable-sounding manager applies reasonable-sounding pressure.

The second step before deploying agents should always be: test them. Set legal restrictions, check if they hold up in practice, and review consequential actions.

The wider picture

The rush to deploy AI agents is, in many ways, running ahead of the infrastructure needed to deploy them responsibly. The regulatory frameworks exist, but the technical tools to evaluate compliance are still being built. In the meantime, individuals are subjected to serious risks.

We built LARA because we think AI behavior should not just be optimized in private labs, but examined and debated in public view, by regulators, journalists, businesses, and regular people. The people best placed to evaluate an AI system are often the ones it will actually affect: patients, tenants, employees, customers. LARA is built so they can. All of our evaluation transcripts are freely available. Anyone can read them, verify the judgments, and even run them themselves at lara.aithos.org.

What we've published is a starting point. Future updates will let anyone write and submit their own scenarios so specific agents they encounter or deploy can be tested. We will keep adding new models, and expand the scope of the laws we check beyond EU jurisdiction. Sign up to the email-list to be the first one to know what comes next.

Aithos is a non-profit foundation working on AI alignment, autonomy, and pluralism. We publish our tools openly. If this piece was useful, please pass it on. To be notified when the next version of LARA or interesting related research becomes available, sign up at: https://lara.aithos.org.