A new study [PDF] from Ramp's economics lab has found that businesses are steadily replacing freelance workers hired through platforms like Upwork and Fiverr with AI tools from OpenAI and Anthropic, and the substitution is happening at a fraction of the cost.

The paper, authored by Ryan Stevens, Ramp's Director of Applied Sciences, tracked firm-level spending data from Q3 2021 to Q3 2025 across thousands of companies on Ramp's expense management platform. The share of total business spend going to online labor marketplaces fell from 0.66% in Q4 2021 to 0.14% in Q3 2025, while AI model provider spending rose from zero to 2.85% over the same period.

More than half the businesses that used freelance marketplaces in Q2 2022 had stopped entirely by Q2 2025. The cost dynamics are particularly notable. Firms most exposed to AI -- those that historically spent the most on freelancers -- substituted at a rate of roughly $1 in reduced freelance spend for every $0.03 in AI spend. A middle-exposure group showed a ratio of $1 to $0.30. The study uses a difference-in-differences design built around the launch of ChatGPT in October 2022 as a natural experiment. Stevens notes that micro-level substitution does not imply aggregate job loss, as demand for workers who build and maintain AI systems could grow faster than displacement.

[ Read more of this story ]( https://slashdot.org/story/26/02/19/1735218/new-study-tracks-how-businesses-quietly-replaced-freelancers-with-ai-tools?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Despite the popular notion that the modern economy runs around the clock, a new NBER working paper analyzing fifty years of U.S. labor data from 1973 to 2023 finds that Americans have been steadily and consistently moving away from evening and night work toward traditional daytime hours [PDF].

The share of the workforce on the job at 11PM, for instance, fell by over 25% from its 1970s level. Economists Jeff Biddle and Daniel Hamermesh argue the primary driver is rising real incomes -- night work is essentially an inferior good that workers avoid as they earn more. The wage premium employers must pay for undesirable hours has grown by about three percentage points over the period.

One sector bucked the trend: retail, where the rise of big-box chains, 24-hour Walmart supercenters and overnight distribution center restocking pushed more employees into late-night and early-morning shifts. The Covid-era surge in telework, rather than spreading work across the day, actually accelerated the concentration into prime hours -- especially among college-educated workers. France showed a similar pattern of daytime compression over 1966-2010, but the U.K. did not, likely because rapid de-unionization there eliminated the union wage premiums that had made night work comparatively attractive.

[ Read more of this story ]( https://news.slashdot.org/story/26/02/19/182207/a-half-century-of-us-labor-data-shows-steady-retreat-from-evening-and-night-work?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

AI security firm Irregular has found that passwords generated by major large language models -- Claude, ChatGPT and Gemini -- appear complex but follow predictable patterns that make them crackable in hours, even on decades-old hardware. When researchers prompted Anthropic's Claude Opus 4.6 fifty times in separate conversations, only 30 of the returned passwords were unique, and 18 of the duplicates were the exact same string. The estimated entropy of LLM-generated 16-character passwords came in around 20 to 27 bits, far below the 98 to 120 bits expected of truly random passwords.

[ Read more of this story ]( https://it.slashdot.org/story/26/02/19/1842201/llm-generated-passwords-look-strong-but-crack-in-hours-researchers-find?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Bafta has brought in "human achievement" as a guiding principle for its annual awards as the film and television industry grapples with the rapid adoption of AI tools in many parts of production. From a report: In an interview with the FT, Bafta chair Sara Putt, who is nearing the end of her three-year tenure, said artificial intelligence would change how people worked "but at the base of everything in this industry is human creativity."

However, while AI has been banned in Bafta's performance awards -- meaning, for example, that AI-generated avatars cannot be put forward for leading actress or actor -- it is not prohibited in other categories. Putt said AI tools were increasingly useful in production but added: "We've actually added [human creativity] as a criteria this year... Those very human skills of communication and collaboration are not going anywhere anytime soon."

[ Read more of this story ]( https://entertainment.slashdot.org/story/26/02/19/1911203/bafta-to-reward-human-creativity-as-film-and-tv-grapples-with-ai?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

A new essay in Works in Progress Magazine argues that Europe's failure to produce a Tesla or a Waymo stems not from insufficient research spending or high taxes -- problems California shares in abundance -- but from labor laws that make it devastatingly expensive for companies to unwind failed bets. According to estimates, corporate restructuring costs the equivalent of 31 months of salary per employee in Germany, 38 in France, and 62 in Spain, compared to seven in the United States.

The downstream effects are visible across Europe's flagship industries. When Audi closed its Brussels factory after cancelling the E-Tron SUV in 2024, severance ran to $718 million -- over $235,000 per employee and more than the cost of writing off the plant's physical assets. Volkswagen spent $50 billion on its electric vehicle lineup, failed to develop competitive software internally, and ultimately paid up to $5 billion for access to American startup Rivian's technology.

Between 2012 and 2016, 79% of all startup acquisitions tracked by Crunchbase took place in the US. The essay points to Denmark, Austria and Switzerland as countries that have found a middle path -- generous unemployment insurance and portable severance accounts that protect workers without penalizing employers for taking risks.

[ Read more of this story ]( https://tech.slashdot.org/story/26/02/19/1924208/europes-labor-laws-are-strangling-its-ability-to-innovate-new-analysis-argues?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Microsoft Research has published a paper in Nature detailing Project Silica, a working demonstration that uses femtosecond lasers to etch data into small slabs of glass at a density of over a Gigabit per cubic millimeter and a maximum capacity of 4.84 terabytes per slab. The slabs themselves are 12 cm by 12 cm and just 2 mm thick, and Microsoft's accelerated aging experiments suggest the data etched into them would remain stable for over 10,000 years at room temperature, requiring zero energy to preserve.

The system writes data by firing laser pulses lasting just 10^-15 seconds to create tiny features called voxels inside the glass, each capable of storing more than one bit, and reads it back using phase contrast microscopy paired with a convolutional neural network trained to interpret the images. Writing remains the main bottleneck -- four lasers operating simultaneously achieve 66 megabits per second, meaning a full slab would take over 150 hours to write, though the team believes adding more lasers is feasible.

[ Read more of this story ]( https://hardware.slashdot.org/story/26/02/19/1939246/microsofts-new-10000-year-data-storage-medium-glass?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

A bare-bones Chinese app called "Are You Dead?" -- whose entire premise is that solo-living users tap daily to confirm they're still alive, triggering an alert to an emergency contact after two missed check-ins -- has rocketed to the top of China's app store charts and gone viral globally without spending a dime on advertising.

The app wasn't built for the elderly, as many assumed; its creators are Gen-Z developers who said they were inspired by the isolation of urban life in a country where one-person households are expected to hit 200 million by 2030. Its rise coincided with China's birth rate plunging to a record low. Beijing quietly removed the app from Chinese stores last month, and the developers are now crowdsourcing a new name on social media after their first rebrand attempt, "Demumu," failed to catch on.

[ Read more of this story ]( https://slashdot.org/story/26/02/19/1945205/chinas-hottest-app-of-2026-just-asks-if-youre-still-alive?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from the Wall Street Journal: Meta Chief Executive Mark Zuckerberg faced a barrage of questions about his social-media company's efforts to secure ever more of its users' time and attention at a landmark trial in Los Angeles on Wednesday. In sworn testimony, Zuckerberg said Meta's growth targets reflect an aim to give users something useful, not addict them, and that the company doesn't seek to attract children as users. [...] Mark Lanier, a lawyer for the plaintiff, repeatedly asked Zuckerberg about internal company communications discussing targets for how much time users spend with Meta's products. Lanier showed an email from 2015 in which the CEO stated his goal for 2016 was to increase users' time spent by 12%. "We used to give teams goals on time spent and we don't do that anymore because I don't think that's the best way to do it," Zuckerberg said on the witness stand in sworn testimony.

Lanier also asked Zuckerberg about documents showing Meta employees were aware of children under 13 using Meta's apps. Zuckerberg said the company's policy was that children under 13 aren't allowed on the platform and that they are removed when identified. Lanier showed an internal Meta email from 2015 that estimated 4 million children under 13 were using Instagram. He estimated that figure would represent approximately 30% of all kids aged 10 to 12 in the U.S. In response to a question about his ownership stake in Meta, which amounts to roughly more than $200 billion, Zuckerberg said he has pledged to donate most of his money to charity. "The better that Meta does, the more money I will be able to invest in science research," he said.

[...] On the stand, Zuckerberg was also asked about his decision to continue to allow beauty filters on the apps after 18 experts said they were harmful to teenage girls. The company temporarily banned the filters on Instagram in 2019 and commissioned a panel of experts to review the feature. All 18 said they were damaging. Meta later lifted the ban but said it didn't create any filters of its own or recommend the filters to users on Instagram after that. "We shouldn't create that content ourselves and we shouldn't recommend it to people," Zuckerberg said. But at the same time, he continued, "I think oftentimes telling people that they can't express themselves like that is overbearing." He also argued that other experts had thought such bans were a suppression of free speech. By focusing on the design of Meta's apps rather than the content posted in them, the case seeks to get around longstanding legal doctrine that largely shields social-media companies from litigation. At times, the case has veered into questions of content, prompting Meta's lawyers to object.

[ Read more of this story ]( https://tech.slashdot.org/story/26/02/19/2145254/mark-zuckerberg-grilled-on-usage-goals-and-underage-users-at-california-trial?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

The IRS's IT division has reportedly lost 40% of its staff and nearly 80% of its tech leadership amid a federal "efficiency" overhaul, the agency's CIO revealed yesterday. The Register reports: Kaschit Pandya detailed the extent of the tech reorganization during a panel at the Association of Government Accountants yesterday, describing it as the biggest in two decades. ... The IRS lost a quarter of its workforce overall in 2025. But the tech team was clearly affected more deeply. At the start of the year, the team encompassed around 8,500 employees.

As reported by Federal News Network (FNN), Pandya said: "Last year, we lost approximately 40 percent of the IT staff and nearly 80 percent of the execs." "So clearly there was an opportunity, and I thought the opportunity that we needed to really execute was reorganizing." That included breaking up silos within the organization, he said. "Everyone was operating in their own department or area."

It is not entirely clear where all those staff have gone. According to a report by the US Treasury Inspector General for Tax Administration, the IT department had 8,504 workers as of October 2024. As of October 2025, it had 7,135. However, reports say that as part of the reorganization, 1,000 techies were detailed to work on delivering frontline services during the US tax season. According to FNN, those employees have questioned the wisdom of this move and its implementation.

[ Read more of this story ]( https://it.slashdot.org/story/26/02/19/2151205/irs-loses-40-of-it-staff-80-of-tech-leaders-in-efficiency-shakeup?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Minecraft: Java Edition is switching its rendering backend from OpenGL to Vulkan as part of the upcoming Vibrant Visuals update, aiming for both better performance and modern graphics features across platforms like Linux and macOS (via translation layers). GamingOnLinux reports: For modders, they're suggesting they start making preparations to move away from OpenGL: "Switching from OpenGL to Vulkan will have an impact on the mods that currently use OpenGL for rendering, and we anticipate that updating from OpenGL to Vulkan will take modders more effort than the updates you undertake for each of our releases. To start with, we recommend our modding community look at moving away from OpenGL usage. We encourage authors to try to reuse as much of the internal rendering APIs as possible, to make this transition as easy as possible. If that is not sufficient for your needs, then come and talk to us!"

It does mean that players on really old devices that don't support Vulkan will be left out, but Vulkan has been supported going back to some pretty old GPUs. You've got time though, as they'll be rolling out Vulkan alongside OpenGL in snapshots (development releases) "sometime over the summer." You'll be able to toggle between them during the testing period until Mojang believe it's ready. OpenGL will be entirely removed eventually once they're happy with performance and stability.

[ Read more of this story ]( https://developers.slashdot.org/story/26/02/19/2156234/minecraft-java-is-switching-from-opengl-to-vulkan?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Wired: Last month, Jason Grad issued a late-night warning to the 20 employees at his tech startup. "You've likely seen Clawdbot trending on X/LinkedIn. While cool, it is currently unvetted and high-risk for our environment," he wrote in a Slack message with a red siren emoji. "Please keep Clawdbot off all company hardware and away from work-linked accounts." Grad isn't the only tech executive who has raised concerns to staff about the experimental agentic AI tool, which was briefly known as MoltBot and is now named OpenClaw. A Meta executive says he recently told his team to keep OpenClaw off their regular work laptops or risk losing their jobs. The executive told reporters he believes the software is unpredictable and could lead to a privacy breach if used in otherwise secure environments. He spoke on the condition of anonymity to speak frankly.

[...] Some cybersecurity professionals have publicly urged companies to take measures to strictly control how their workforces use OpenClaw. And the recent bans show how companies are moving quickly to ensure security is prioritized ahead of their desire to experiment with emerging AI technologies. "Our policy is, 'mitigate first, investigate second' when we come across anything that could be harmful to our company, users, or clients," says Grad, who is cofounder and CEO of Massive, which provides Internet proxy tools to millions of users and businesses. His warning to staff went out on January 26, before any of his employees had installed OpenClaw, he says. At another tech company, Valere, which works on software for organizations including Johns Hopkins University, an employee posted about OpenClaw on January 29 on an internal Slack channel for sharing new tech to potentially try out. The company's president quickly responded that use of OpenClaw was strictly banned, Valere CEO Guy Pistone tells WIRED. "If it got access to one of our developer's machines, it could get access to our cloud services and our clients' sensitive information, including credit card information and GitHub codebases," Pistone says. "It's pretty good at cleaning up some of its actions, which also scares me."

A week later, Pistone did allow Valere's research team to run OpenClaw on an employee's old computer. The goal was to identify flaws in the software and potential fixes to make it more secure. The research team later advised limiting who can give orders to OpenClaw and exposing it to the Internet only with a password in place for its control panel to prevent unwanted access. In a report shared with WIRED, the Valere researchers added that users have to "accept that the bot can be tricked." For instance, if OpenClaw is set up to summarize a user's email, a hacker could send a malicious email to the person instructing the AI to share copies of files on the person's computer. But Pistone is confident that safeguards can be put in place to make OpenClaw more secure. He has given a team at Valere 60 days to investigate. "If we don't think we can do it in a reasonable time, we'll forgo it," he says. "Whoever figures out how to make it secure for businesses is definitely going to have a winner."

[ Read more of this story ]( https://it.slashdot.org/story/26/02/19/223226/openclaw-security-fears-lead-meta-other-ai-firms-to-restrict-its-use?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Google has introduced Gemini 3.1 Pro, a reasoning-focused upgrade aimed at more complex problem-solving. 9to5Google reports: This .1 increment is a first for Google, with the past two generations seeing .5 as the mid-year model update. (2.5 Pro was first announced in March and saw further updates in May for I/O.) Google says Gemini 3.1 Pro "represents a step forward in core reasoning." The "upgraded core intelligence" that debuted last week with Gemini 3 Deep Think is now available in Gemini 3.1 Pro for more users. This model achieves an ARC-AGI-2 score of 77.1%, or "more than double the reasoning performance of 3 Pro."

This "advanced reasoning" translates to practical applications like when "you're looking for a clear, visual explanation of a complex topic, a way to synthesize data into a single view, or bringing a creative project to life." 3.1 Pro is designed for tasks where a simple answer isn't enough, taking advanced reasoning and making it useful for your hardest challenges.

[ Read more of this story ]( https://tech.slashdot.org/story/26/02/19/226258/google-announces-gemini-31-pro-for-complex-problem-solving?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

California's recently-proposed AB-2047 would require 3D printers sold in the state to be DOJ-approved models equipped with "firearm blocking technology," banning non-certified machines after 2029 and criminalizing efforts to bypass the software. Adafruit notes that unlike similar legislation proposed in Washington State and New York, California's version "adds a certification bureaucracy on top: state-approved algorithms, state-approved software control processes, state-approved printer models, quarterly list updates, and civil penalties up to $25,000 per violation." From the report: Assembly Member Bauer-Kahan introduced AB-2047, the "California Firearm Printing Prevention Act," on February 17th. The bill would ban the sale or transfer of any 3D printer in California unless it appears on a state-maintained roster of approved makes and models... certified by the Department of Justice as equipped with "firearm blocking technology." Manufacturers would need to submit attestations for every make and model. The DOJ would publish a list. If your printer isn't on the list by March 1, 2029, it can't be sold. In addition, knowingly disabling or circumventing the blocking software is a misdemeanor.

[...] As Michael Weinberg wrote after the New York and Washington proposals dropped⦠accurately identifying gun parts from geometry alone is incredibly hard, desktop printers lack the processing power to run this kind of analysis, and the open-source firmware that runs most machines makes any blocking requirement trivially easy to bypass. The Firearms Policy Coalition flagged AB-2047 on X, and the reactions tell you everything. Jon Lareau called it "stupidity on steroids," pointing out that a simple spring-shaped part has no way of revealing its intended use. The Foundry put it plainly: "Regulating general-purpose machines is another. AB-2047 would require 3D printers to run state-approved surveillance software and criminalize modifying your own hardware."

[ Read more of this story ]( https://hardware.slashdot.org/story/26/02/19/2219256/californias-new-bill-requires-doj-approved-3d-printers-that-report-on-themselves?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

The U.S. State Department is reportedly developing a site called freedom.gov that would let users in Europe and elsewhere access content restricted under local laws, "including alleged hate speech and terrorist propaganda," reports Reuters. Washington views the move as a way to counter censorship. Reuters reports: One source said officials had discussed including a virtual private network function to make a user's traffic appear to originate in the U.S. and added that user activity on the site will not be tracked. Headed by Undersecretary for Public Diplomacy Sarah Rogers, the project was expected to be unveiled at last week's Munich Security Conference but was delayed, the sources said. Reuters could not determine why the launch did not happen, but some State Department officials, including lawyers, have raised concerns about the plan, two of the sources said, without detailing the concerns.

The project could further strain ties between the Trump administration and traditional U.S. allies in Europe, already heightened by disputes over trade, Russia's war in Ukraine and President Donald Trump's push to assert control over Greenland. The portal could also put Washington in the unfamiliar position of appearing to encourage citizens to flout local laws.

[ Read more of this story ]( https://yro.slashdot.org/story/26/02/19/2247257/us-plans-online-portal-to-bypass-content-bans-in-europe-and-elsewhere?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Scientific American: Why does "bouba" sound round and "kiki" sound spiky? This intuition that ties certain sounds to shapes is oddly reliable all over the world, and for at least a century, scientists have considered it a clue to the origin of language, theorizing that maybe our ancestors built their first words upon these instinctive associations between sound and meaning. But now a new study adds an unexpected twist: baby chickens make these same sound-shape connections, suggesting that the link to human language may not be so unique. The results, published today in Science, challenge a long-standing theory about the so-called bouba-kiki effect: that it might explain how humans first tethered meaning to sound to create language. Perhaps, the thinking goes, people just naturally agree on certain associations between shapes and sounds because of some innate feature of our brain or our world. But if the barnyard hen also agrees with such associations, you might wonder if we've been pecking at the wrong linguistic seed.

Maria Loconsole, a comparative psychologist at the University of Padua in Italy, and her colleagues decided to investigate the bouba-kiki effect in baby chicks because the birds could be tested almost immediately after hatching, before their brain would be influenced by exposure to the world. The researchers placed chicks in front of two panels: one featured a flowerlike shape with gently rounded curves; the other had a spiky blotch reminiscent of a cartoon explosion. They then played recordings of humans saying either "bouba" or "kiki" and observed the birds' behavior. When the chicks heard "bouba," 80 percent of them approached the round shape first and spent an average of more than three minutes exploring it compared with an average of just under one minute spent exploring the spiky shape. The exploration preferences were flipped when the chicks heard "kiki."

Because the tests took place within the chicks' carefully supervised first hours of life outside their eggshell, this association between particular sounds and shapes couldn't have been learned from experience. Instead it may be evidence of an innate perceptual bias that goes back way farther in our evolutionary history than previously believed. "We parted with birds on the evolutionary line 300 million years ago," says Aleksandra Cwiek, a linguist at Nicolaus Copernicus University in Toru, Poland, who was not involved in the study. "It's just mind-blowing."

[ Read more of this story ]( https://science.slashdot.org/story/26/02/19/2254229/newborn-chicks-connect-sounds-with-shapes-just-like-humans-study-finds?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

US President Donald Trump says he will direct US agencies, including the defence department, to "begin the process of identifying and releasing" government files on aliens and extraterrestrial life. From a report: Trump made the declaration in a post on Truth Social, after he accused Barack Obama earlier in the day of revealing classified information when the former president said "aliens are real" on a podcast last week. "He's not supposed to be doing that," Trump told reporters aboard Air Force One, adding: "He made a big mistake."

Asked if he also thinks aliens are real, Trump answered: "Well, I don't know if they're real or not." Former US President Obama told podcast host Brian Tyler Cohen that he thinks aliens are real in an interview released last Saturday. "They're real, but I haven't seen them, and they're not being kept in Area 51," Obama said. "There's no underground facility unless there's this enormous conspiracy and they hid it from the president of the United States."

[ Read more of this story ]( https://news.slashdot.org/story/26/02/20/0450230/trump-directs-us-government-to-prepare-release-of-files-on-aliens-and-ufos?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

NASA has officially classified Boeing Starliner's 2024 crewed flight as a "Type A" mishap, acknowledging serious technical failures and leadership shortcomings that nearly left astronauts unable to safely return. Administrator Jared Isaacman released (PDF) a 311-page internal report citing flawed decision-making and cultural issues, with the next Starliner flight now planned as uncrewed pending major fixes. Ars Technica reports: As part of the announcement, NASA Administrator Jared Isaacman sent an agency-wide letter that recognized the shortcomings of both Starliner's developer, Boeing, as well as the space agency itself. Starliner flew under the auspices of NASA's Commercial Crew Program, in which the agency procures astronaut transportation services to the International Space Station. "We are taking ownership of our shortcomings," Isaacman said.

"Starliner has design and engineering deficiencies that must be corrected, but the most troubling failure revealed by this investigation is not hardware," Isaacman wrote in his letter to the NASA workforce. "It is decision-making and leadership that, if left unchecked, could create a culture incompatible with human spaceflight." Isaacman said there would be "leadership accountability" as a result of the decisions surrounding the Starliner program, but did not say which actions would be taken.

[ Read more of this story ]( https://science.slashdot.org/story/26/02/19/2353238/nasa-chief-classifies-starliner-flight-as-type-a-mishap-says-agency-made-mistakes?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

New York Governor Kathy Hochul has dropped a proposal that would have allowed limited commercial robotaxi deployments outside New York City, citing a lack of support among state legislators. "The move is a blow to Waymo and other robotaxi companies who saw New York, and especially New York City, as a potential goldmine," reports The Verge. From the report: The plan, which was introduced by Hochul as part of the state's budget proposal last month, would have allowed limited robotaxi deployment in cities other than the Big Apple -- while leaving whether New York City would get autonomous vehicles up to the mayor and the City Council. But now that plan is DOA, as support in the legislature never materialized. "Based on conversations with stakeholders, including in the legislature, it was clear that the support was not there to advance this proposal," Sean Butler, a Hochul spokesperson, said in a statement. "While we are disappointed by the Governor's decision, we're committed to bringing our service to New York and will work with the State Legislature to advance this issue," Waymo spokesperson Ethan Teicher said in a statement. "The path forward requires a collaborative approach that prioritizes transparency and public safety."

[ Read more of this story ]( https://tech.slashdot.org/story/26/02/19/231216/new-york-drops-plan-to-legalize-robotaxis-outside-nyc?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Bloomberg: In early 2024, the agency that oversees cybersecurity for much of the US government issued a rare emergency order -- disconnect your Connect Secure virtual private network software immediately. Chinese spies had hacked the code and infiltrated nearly two dozen organizations. The directive applied to all civilian federal agencies, but given the product's customer base, its impact was more widely felt. The software, which is made by Ivanti Inc., was something of an industry standard across government and much of the corporate world. Clients included the US Air Force, Army, Navy and other parts of the Defense Department, the Department of State, the Federal Aviation Administration, the Federal Reserve, the National Aeronautics and Space Administration, thousands of companies and more than 2,000 banks including Wells Fargo & Co. and Deutsche Bank AG, according to federal procurement records, internal documents, interviews and the accounts of former Ivanti employees who requested anonymity because they were not authorized to disclose customer information.

Soon after sending out their order, which instructed agencies to install an Ivanti-issued fix, staffers at the Cybersecurity and Infrastructure Security Agency discovered that the threat was also inside their own house. Two sensitive CISA databases -- one containing information about personnel at chemical facilities, another assessing the vulnerabilities of critical infrastructure operators -- had been compromised via the agency's own Connect Secure software. CISA had followed all its own guidance. Ivanti's fix had failed. This was a breaking point for some American national security officials, who had long expressed concerns about Connect Secure VPNs. CISA subsequently published a letter with the Federal Bureau of Investigation and the national cybersecurity agencies of the UK, Canada, Australia and New Zealand warning customers of the "significant risk" associated with continuing to use the software. According to Laura Galante, then the top cyber official in the Office of the Director of National Intelligence, the government came to a simple conclusion about the technology. "You should not be using it," she said. "There really is no other way to put it."

That attack, along with several others that successfully targeted the Ivanti software, illustrate how private equity's push into the cybersecurity market ended up compromising the quality and safety of some critical VPN products, Bloomberg has found. Last year, Bloomberg reported that Citrix Systems Inc., another top VPN maker, experienced several major hacks after its private equity owners, Elliott Investment Management and Vista Equity Partners, cut most of the company's 70-member product security team following their acquisition of the company in 2022. Some government officials and private-sector executives are now reconsidering their approach to evaluating cybersecurity software. In addition to excising private equity-owned VPNs from their networks, some factor private equity ownership into their risk assessments of key technologies.

[ Read more of this story ]( https://it.slashdot.org/story/26/02/20/003230/how-private-equity-debt-left-a-leading-vpn-open-to-chinese-hackers?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.