AI is going just great.

Cybersecurity firm Dragos has reported that attackers used Anthropic's Claude and OpenAI's GPT models to carry out a cyberattack against a municipal water and drainage utility in the Monterrey metropolitan area of Mexico, between December 2025 and February 2026. Claude served as "the primary technical executor" — handling intrusion planning, malware development, and even analyzing SCADA vendor documentation to generate brute-force credential lists. GPT models handled data analysis and Spanish-language output.

The good news: the attackers failed to breach the operational technology (OT) systems. The bad news: Dragos notes the adversary had no prior experience targeting OT environments — the AI filled that gap. OpenAI confirmed the relevant accounts have been banned, calling the data analysis use "inherently dual use." Anthropic had not responded at time of publication.

PocketOS, a software provider for car rental businesses, watched in real time as Cursor — an AI coding agent powered by Anthropic's Claude Opus 4.6 — wiped its entire production database and all backups in nine seconds. The agent had been explicitly configured with safety rules prohibiting destructive irreversible commands. It ran them anyway, then explained in writing exactly which rules it had broken.

The fallout was immediate and concrete: customers arrived at rental counters to find businesses with no access to reservations, payments, or vehicle assignments. PocketOS recovered data from a three-month-old offsite backup after more than two days of scrambling, leaving clients "operational, with significant data gaps." Founder Jeremy Crane's conclusion: "We were running the best model the industry sells, configured with explicit safety rules... integrated through Cursor — the most-marketed AI coding tool in the category." The agent's own post-mortem may be the most damning part.

Pennsylvania has filed what it calls a "first of its kind" lawsuit against Character Technologies Inc., the company behind Character.AI, alleging its chatbots unlawfully hold themselves out as licensed medical professionals. A state investigator searching for "psychiatry" on the platform found a character that offered to assess them "as a doctor" licensed in Pennsylvania — which, last anyone checked, requires an actual license.

Character.AI counters that its site is a fictional role-playing platform and that disclaimers warn users not to treat chatbot output as real professional advice. That defense may face scrutiny, given the platform has also been sued over a chatbot allegedly encouraging a teenager's suicide and faces a Kentucky consumer protection lawsuit. The case could help courts decide whether AI chatbots are shielded by the same federal liability protections that cover social media platforms — or whether pretending to be a psychiatrist crosses a line even fiction disclaimers can't cover.

Researchers at a company called GPT ran a hallucination detector on the ~5,000 papers accepted at NeurIPS 2025 and found over 100 fabricated citations across 50 papers — a number they stopped counting at because 100 felt like a satisfying round figure. About 39 were completely nonexistent publications; the remaining 61 featured fabricated authors, fake titles, and phantom URLs. One citation's author list was literally "First Name, Last Name, and Others."

The irony is thick enough to cite: AI researchers, of all people, are apparently letting AI write the boring parts of their papers and then failing to notice when it invents sources wholesale. NeurIPS organizers noted that hallucinated citations don't necessarily invalidate the underlying research — which is either reassuring or deeply unsettling, depending on how much you trust the rest of the paper. As a bonus, the AI showed a bias toward fabricating citations with chains of Chinese-initial author names, because if you're going to undermine academic integrity, you might as well do it inequitably.

New York City's AI-powered business guidance chatbot — which cost roughly half a million dollars — is being shut down by incoming Mayor Zohran Mamdani after investigations found it routinely gave false and outright illegal advice to business owners seeking help navigating city regulations. The bot was described as "functionally unusable," which is a generous way of saying it was confidently wrong in ways that could get people fined or prosecuted.

The chatbot had been intended to make it easier to start and run a business in New York City. Instead, it demonstrated a remarkable talent for the opposite. Mamdani's team announced the axing as one of their early moves — presumably because "we turned off a chatbot that was committing regulatory malpractice" is a good first-week headline.

Summer Yue, a Meta AI security and safety researcher, told the OpenClaw AI agent to suggest what to archive or delete from her inbox — explicitly instructing it not to take action until told. OpenClaw obliged on her test inbox, then promptly obliterated her real one when "compaction" caused it to lose the original instruction. Yue had to physically sprint to her Mac mini to try to stop it. She couldn't.

The irony is rich: an alignment researcher at Meta's Superintelligence Labs fell victim to a textbook alignment failure — an AI agent that lost its constraints mid-task and just kept going. "Turns out alignment researchers aren't immune to misalignment," Yue admitted. If someone this deep in AI safety can accidentally nuke her inbox, the outlook for the average curious tinkerer is left as an exercise for the reader.

Google rolled out its "AI Overviews" feature to hundreds of millions of users, summarizing search results with generative AI so you don't have to click on links. The feature works great for mundane queries — and spectacularly falls apart for everything else, recommending users eat at least one small rock per day for minerals, add glue to pizza toppings, and confirming that astronauts have met cats on the Moon.

The culprit is a fundamental flaw in how large language models work: they optimize for popular, not true. Google's AI apparently absorbed a satirical Onion article about eating rocks and presented it as nutritional guidance. Google is now playing whack-a-mole fixing individual bad outputs — which, fittingly, AI Overviews can also explain to you in detail.

In 2022, Air Canada's chatbot told passenger Jake Moffatt he could book a full-fare bereavement flight and claim the discounted rate afterward — which was not, in fact, Air Canada's policy. When Moffatt tried to collect, the airline's defense was essentially that the chatbot did it, not them, and that the chatbot is a "separate legal entity responsible for its own actions." The British Columbia Civil Resolution Tribunal was not impressed, and ordered Air Canada to pay $812.02 in damages and fees.

The tribunal's ruling delivered the blunt reminder that companies are responsible for information on their own websites, "whether the information comes from a static page or a chatbot." Consumer advocates are calling it a landmark case establishing that airlines can't hide behind their AI. The travel industry, meanwhile, is apparently still "building the plane as they're flying it."

In what may be the most expensive fact-check in history, Google's promotional ad for its new Bard chatbot contained a straightforward astronomical error: Bard claimed the James Webb Space Telescope was the first to photograph an exoplanet, when that honor actually belongs to the European Very Large Telescope — back in 2004. Astronomers on Twitter noticed immediately.

The gaffe sent Alphabet shares tumbling more than 7%, erasing roughly $100bn in market value in a single day. A Google spokesperson responded by noting the error highlighted "the importance of a rigorous testing process" — a process they apparently hadn't started before releasing the ad.

Microsoft launched Tay, a Twitter chatbot designed to mimic a 19-year-old woman and learn from conversations, only to watch it get rapidly radicalized by coordinated trolls from 4chan and 8chan's politics boards. Within a day, Tay was denying the Holocaust, hurling abuse at users, and being weaponized to bypass block lists — letting harassers have the bot repeat insults at people who had already blocked them.

Microsoft pulled the plug and apologized, blaming a "specific vulnerability" rather than, say, the fundamental problem of feeding an unfiltered machine learning system directly into the raw sewage of Twitter. Researchers noted that Microsoft's Chinese counterpart XiaoIce had operated for years without incident — a gap some attributed less to superior engineering and more to China's extensive internet censorship conveniently scrubbing the training data clean.