Latest news with #GoogleDrive
Business Insider
13 hours ago
- Business
- Business Insider
Here's the list of websites gig workers used to fine-tune Anthropic's AI models. Its contractor left it wide open.
An internal spreadsheet obtained by Business Insider shows which websites Surge AI gig workers were told to mine — and which to avoid — while fine-tuning Anthropic's AI to make it sound more "helpful, honest, and harmless." The spreadsheet allows sources like Bloomberg, Harvard University, and the New England Journal of Medicine while blacklisting others like The New York Times and Reddit. Anthropic says it wasn't aware of the spreadsheet and said it was created by a third-party vendor, the data-labeling startup Surge AI, which declined to comment on this point. "This document was created by a third-party vendor without our involvement," an Anthropic spokesperson said. "We were unaware of its existence until today and cannot validate the contents of the specific document since we had no role in its creation." Frontier AI companies mine the internet for content and often work with startups with thousands of human contractors, like Surge, to refine their AI models. In this case, project documents show Surge worked to make Anthropic's AI sound more human, avoid "offensive" statements, and cite documents more accurately. Many of the whitelisted sources copyright or otherwise restrict their content. The Mayo Clinic, Cornell University, and Morningstar, whose main websites were all listed as "sites you can use," told BI they don't have any agreements with Anthropic to use this data for training AI models. Surge left a trove of materials detailing its work for Anthropic, including the spreadsheet, accessible to anyone with the link on Google Drive. Surge locked down the documents shortly after BI reached out for comment. "We take data security seriously, and documents are restricted by project and access level where possible," a Surge spokesperson said. "We are looking closely into the matter to ensure all materials are protected." It's the latest incident in which a data-labeling startup used public Google Docs to pass around sensitive AI training instructions. Surge's competitor, Scale AI, also exposed internal data in this manner, locking the documents down after BI revealed the issue. A Google Cloud spokesperson told BI that its default setting restricts a company's files from sharing outside the organization; changing this setting is a "choice that a customer explicitly makes," the spokesperson said. Surge hit $1 billion in revenue last year and is raising funds at a $15 billion valuation, Reuters reported. Anthropic was most recently valued at $61.5 billion, and its Claude chatbot is widely considered a leading competitor to ChatGPT. What's allowed — and what's not Google Sheet data showed the spreadsheet was created in November 2024, and it's referenced in updates as recent as May 2025 in other documents left public by Surge. The list functions as a "guide" for what online sources Surge's gig workers can and can't use on the Anthropic project. The list includes over 120 permitted websites from a wide range of fields, including academia, healthcare, law, and finance. It includes 10 US universities, including Harvard, Yale, Northwestern, and the University of Chicago. It also lists popular business news sources, such as Bloomberg, PitchBook, Crunchbase, Seeking Alpha, and PR Newswire. Medical information sources, such as the New England Journal of Medicine, and government sources, such as a list of UN treaties and the US National Archives, are also in the whitelist. So are university publishers like Cambridge University Press. Here's the full list of who's allowed, which says that it is "not exhaustive." And here's the list of who is banned — or over 50 "common sources" that are "now disallowed," as the spreadsheet puts it. The blacklist mostly consists of media outlets like The New York Times, The Wall Street Journal, and others. It also includes other types of sources like Reddit, Stanford University, the academic publisher Wiley, and the Harvard Business Review. The spreadsheet doesn't explain why some sources are permitted and others are not. The blacklist could reflect websites that made direct demands to AI companies to stop using their content, said Edward Lee, a law professor at Santa Clara University. That can happen through written requests or through an automated method like Some sources in the blacklist have taken legal stances against AI companies using their content. Reddit, for example, sued Anthropic this year, saying the AI company accessed its site without permission. Anthropic has denied these claims. The New York Times sued OpenAI, and The Wall Street Journal's parent, Dow Jones, sued Perplexity, for similar reasons. "The Times has objected to Anthropic's unlicensed use of Times content for AI purposes and has taken steps to block their access as part of our ongoing IP protection and enforcement efforts," the Times spokesperson Charlie Stadtlander told BI. "As the law and our terms of service make clear, scraping or using the Times's content is prohibited without our prior written permission, such as a licensing agreement." Surge workers used the list for RLHF Surge contractors were told to use the list for a later, but crucial, stage of AI model training in which humans rate an existing chatbot's responses to improve them. That process is called "reinforcement learning from human feedback," or RLHF. The Surge contractors working for Anthropic did tasks like copying and pasting text from the internet, asking the AI to summarize it, and choosing the best summary. In another case, workers were asked to "find at least 5-10 PDFs" from the web and quiz Anthropic's AI about the documents' content to improve its citation skills. That doesn't involve feeding web data directly into the model for it to regurgitate later — the better-known process that's known as pre-training. Courts haven't addressed whether there's a clear distinction between the two processes when it comes to copyright law. There's a good chance both would be viewed as crucial to building a state-of-the-art AI model, Lee, the law professor, said. It is "probably not going to make a material difference in terms of fair use," Lee said.
Android Authority
a day ago
- Android Authority
Google Drive's new tool makes it a breeze to skip right to the good part of your video uploads
Edgar Cervantes / Android Authority TL;DR Google Drive will now show thumbnail previews when hovering over the video progress bar. The feature will be available to all users on the web version of Drive, but it only works on newly uploaded videos. It's rolling out to Rapid Release domains starting today, with a wider rollout starting on August 20. Scrubbing through a video in Google Drive often meant dragging the progress bar blindly and hoping for the best. That's finally changing, with Google adding thumbnail previews to the progress bar to make it easier to find the moment you're looking for. The new feature is already rolling out, but don't get too excited about navigating your old videos just yet. The feature was just announced in a Workspace Updates post and is now rolling out to Rapid Release domains, with a broader rollout to follow from August 20. Users can hover over the timeline of a new video in Drive on the web to view scene-by-scene thumbnails, helping you jump to the right moment without much guesswork. It's certainly a step in the right direction, albeit by adding a perk many other video players already offer. The slight catch here is that older video files won't benefit — only those uploaded after the feature becomes available will show thumbnails. This is just the latest in a string of updates for Google Drive. In June, the Android app got a redesigned video player that aligned it with the desktop version. That same update also improved the mobile upload process with easier file renaming and folder selection. Google has also been rolling out Gemini-powered features in Drive, including AI summaries for PDFs and a 'Catch me up' tool that highlights changes made to shared documents since you last opened them. Got a tip? Talk to us! Email our staff at Email our staff at news@ . You can stay anonymous or get credit for the info, it's your choice.
Civil.ge
a day ago
- Business
- Civil.ge
GD-Established Grants Agency Opens First Call for Applications
Georgia's State Grants Management Agency , established by a Georgian Dream government decree in April, issued its first call for grant applications on July 21, saying it 'aims to support civic initiatives through state funding.' Critics, however, have argued the ruling Georgian Dream party is seeking to fund loyal organizations – so-called government-organized non-governmental organizations (GONGOs), while continuing to cut western funding to independent civil society groups, including through legislative moves. The agency is headed by Tamar Zodelava, a former regional project manager with the German Society for International Cooperation (GIZ), who has also worked with the Council of Europe and the Eastern Partnership Regional Fund. 'Eligible applicants are non-commercial legal entities registered in Georgia whose founding documents reflect work in areas of state or public significance,' the agency said on July 21, adding that entities established by government bodies, municipalities, or other public institutions are not eligible. All grant proposals must align with one or more of 12 priority areas: (1) Democratic institutions, good governance, and human rights and fundamental freedoms; (2) Foreign policy and Georgia's integration into the EU; (3) Economic development; (4) Education, science, and youth; (5) Sports development; (6) Labor, health, and social welfare; (7) Defense and security; (8) Regional development and local self-government; (9) Environmental and natural resource protection; (10) Agriculture; (11) Legal and professional education; and (12) Reconciliation and civil equality. Applicants may request up to GEL 100,000 (approximately USD 37,000) per project, with a minimum project duration of three months from the signing of the grant agreement. A separate category of 'institutional development grants,' offering up to GEL 700,000 (USD 260,000), is also available for organizations seeking to 'strengthen organizational capacity and ensure long-term sustainability.' The application period runs from July 21 to August 11. The detailed guidelines are shared through a shared Google Drive folder as the agency currently lacks an official website and operates through a publicly listed email and phone number. Proposals will be evaluated by the Agency's council, with a quorum of at least 10 members required for any session. Decisions will be made by majority vote, with abstentions prohibited. In the case of a tie, the chairperson will cast the deciding vote. The state grant call comes as GD targets western funding for non-governmental organizations with repressive laws, including adopting Georgian interpretation of Foreign Agents Registration Act (FARA), and introducing amendments to grant laws requiring foreign donors to obtain government approval before disbursing funds. The legislative crackdown was followed by further moves against media outlets and watchdogs through public agencies, including the Anti-Corruption Bureau targeting several civil society organizations with inspection requests, and the Revenue Service seizing accounts of media organizations citing outstanding debts. Also Read:
UPI
2 days ago
- UPI
Accused killer of 13-year-old Florida girl pleads guilty to 2024 murder
July 21 (UPI) -- Stephan Sterns, the Florida man accused of raping and killing 13-year-old Madeline Soto, pleaded no contest on Monday for last year's heinous crime. Previously, Sterns pleaded not guilty to the 2024 death of his ex-girlfriend's daughter and was in an Osceola County court room for a hearing at around 1:30 p.m. local time. He was to initially go on trial Tuesday. The change in his plea means Sterns, 38, could potentially avoid the death penalty but only if a judge accepts the plea deal. Sterns had pleaded innocent to first-degree murder and the some 60 cases of sex-abuse charges. However, both trials were to be separately held. On Monday, he pleaded guilty to both the murder and sex-abuse charges. Soto disappeared the day after her 13th birthday. It was previously believed that Sterns dropped off Soto at Hunter's Creek Middle School in Orlando around 8:30 a.m. that morning. But the investigation revealed she never arrived, which was backed up by surveillance footage. At Monday's hearing, the teen's grandmother, cousin and aunts spoke to the court. According to investigators, images depicting him raping the teen were uncovered on his phone and Google Drive. Her body was found last year in Osceola County at the end of February. Police officials in Kissimmee believe Sterns killed the girl before discarding her body along a road. Sterns was named early as "prime suspect" in the murder and later arrested on charges of sexual battery and possession of child sexual abuse materials.
Time Business News
3 days ago
- Time Business News
Top Cloud Malware Attacks Businesses Should Know About
Cloud computing is changing how we do business with higher flexibility, scalability, and cost savings than traditional infrastructure. However, this is providing new opportunities for criminals who are eternally looking to exploit weaknesses in cloud environments. Cloud malware is no longer a theoretical threat that persists in the cloud; it is using traditional security controls and lives in the same approved by your teams every day. The techniques that malware is using to deliver exploits through cloud environments are changing quickly and are becoming increasingly untraceable. Knowing how to protect your data from malware is not just good information; it is essential information that can be the difference between securing your operation and a catastrophic breach of sensitive data. One of the most prevalent attackis to upload dangerous files to reputable and known cloud storage services; including Google Drive, Dropbox, or Microsoft OneDrive; none of which receive the same level of security scrutiny as email. Cloud storage services do not require the traditional context of personal trust; they are inherently trusted by the users of the service. The danger is when those infected files are shared internally, amongst users, or externally with clients and partners. One document shared Ida file that has malware and is shared through your trusted cloud RFID cloud storage service can rapidly spread through the entirety of your organization, especially if your users are downloading and executing files without any validation. Most typical Halbumn security toolset region bind Found are usually overly stretched and unable to detect threats commingling in these environments because these platforms are perceived as trusted environments. Too many security solutions do not put the same effort into scanning files in the cloud that they put into scanning files that are email attachments or downloads from dubious sites. What you need to do is implement a comprehensive scanning solution that is designed specifically for cloud storage platforms that can detect suspicious content during the upload process and avoid spreading malicious files around your organization. Phishing campaigns aimed straight at cloud service credentials have evolved to be extremely sophisticated. Attackers create incredibly convincing fake log-in webpages, that mimic popular services like Office 365, Google Workspace, or Salesforce, leading employees to enter their username and password into the attacker controlled webpages. Once the attacker gets the stolen credentials, they can access your cloud accounts with no security alerts that would typically trigger for traditional security. The attacker can then use the information for many pernicious purposes – install malware, steal sensitive documentation, access communications between users, or even act as an authenticated user to launch attacks on other systems. These attacks provide great appeal to cybercriminals because the activity looks to external observers as if it is legitimate activity by a legitimate user. Standard security monitoring is unlikely to flag fallback activity suspicious because it is likely coming from an authenticated user with permission to access the data. So, yes, in addition to cyberattack exploitation of business communications and sensitive information of a business, when an attacker can get to the credentials and gain access to cloud-based systems they are likely in and permitted because they are (alternatively) logged into your cloud accounts! Multi-factor authentication is your best defense against credential based attacks. Even if they get your password, they will still need access to the second authentication process for log-in to their victim's system! Fileless malware is one of the more aggregated and sophisticated threats to cloud environments. As opposed to conventional executable files, these attacks run fully in system memory utilizing legitimate system tools and processes to execute malicious actions. In cloud environments, fileless attacks often exploit PowerShell scripts, Windows Management Instrumentation, or other administrative tools that are built-in to the system to run malicious code. Consequently, these scripts can remain undetected for long periods without leaving the conventional file signatures that antivirus usually looks for. Traditional antivirus solutions struggle significantly with fileless threats because there are no malicious files to scan. Furthermore, because the attacks run using legitimate system processes and tools, active detection will be extremely challenging with signature security-based forms of protection. Defense against fileless threats will require functionality for behavioral monitoring combined with threat intelligence that allows for risk patterns and behavioral anomalies, rather than just using file-based detection. Functionalities like behavioral monitoring can analyze system behavior to see when legitimate tools are being used maliciously. Software-as-a-Service integrations have created another attack vector that many organizations do not consider. Attackers create an application that looks legitimate and asks for OAuth permissions or other forms of integration access to popular platforms such as Slack, Microsoft Teams, or Google Workspace. Once a user accepts the integration, the attacker can gain access using the application's permissions without direct credential theft. The attacker could read emails, access files, read communications, or simply abuse the integration to get malicious software into the organization's environment. These attacks are particularly effective because malicious applications are often presented professionally, requesting reasonable permissions that look acceptable. For example, a user may not realize that by allowing an integration, they are granting access to an attacker, which then enables the attacker to operate in their cloud environment using real application credentials. Regularly reviewing authorized SaaS integrations should be included in the organization's standard security measures. Additionally, organizations should audit what applications have permission to access their systems, those permissions, and if the integrations are still needed and trusted. Cloud malware has progressed from being a niche concern to being a serious threat that affects small and large businesses. From fileless attacks that hide in plain sight to compromised SaaS integrations that are abusing legitimate permissions, cybercriminals are finding cunning means of infiltrating cloud environments. The solution to protection is remaining alert, educating your team on emerging threats, and implementing advanced security tools that are specifically built for cloud platforms. Understanding the threats and putting measures in place to limit exposure will help businesses proactively protect their resources and maintain their operational continuity. TIME BUSINESS NEWS
