🎯 Today's AI Pulse
Anthropic files for blockbuster IPO
Anthropic has submitted a confidential S‑1 filing, positioning the startup for a high‑profile initial public offering. The move follows a surge in valuation that now places the company among the most valuable AI firms. Analysts view the filing as a bellwether for the generative‑AI market.
Also developing:
By the numbers: Long Lake Management acquires AmexGBT for $6.3B
🚀 Top AI Headlines
New ChatGPhish Technique Uses Prompt Injection to Manipulate ChatGPT Responses
Security researchers have unveiled ChatGPhish, a newly documented vulnerability concept that demonstrates how browser-based prompt injection can influence ChatGPT page summaries and potentially expose users to phishing, tracking, and social engineering attacks. The research builds on earlier findings involving AI-assisted email summarization. In previous investigations, researchers examined how attacker-controlled content embedded in emails could manipulate an LLM into generating misleading responses within trusted interfaces. The latest study extends that concept beyond email and into the browser, introducing a broader attack surface where ordinary web pages can act as delivery mechanisms. According to the researchers, the core issue is not the web page itself, but the transfer of trust that occurs when content from a third-party website is processed and presented inside a trusted ChatGPT interface. As a result, pages containing attacker-controlled instructions may influence the model's output and lead users to interact with content that appears legitimate. Browser-Based Prompt Injection Expands the Attack Surface Unlike email attacks, which often encounter spam filters, secure email gateways, attachment controls, and user awareness training, browser-based attacks require far less interaction. A victim simply needs to visit a web page and request a summary through an AI-powered browsing feature. The researchers noted that modern browsing activity regularly involves websites such as documentation portals, GitHub repositories, blog posts, SaaS dashboards, help centers, marketing pages, and internal portals. Any of these surfaces could potentially become delivery mechanisms if their content is passed into an LLM summarization workflow. During testing, researchers used Firefox as the entry point. After visiting a page and invoking ChatGPT's page summarization feature, the page content was supplied to the model. Once processed, attacker-controlled instructions embedded within the page influenced the generated summary. The resulting response was then displayed inside ChatGPT, complete with rendered links and images. The researchers emphasized that this is not a Firefox vulnerability. Firefox merely provides access to the page summarization workflow. They argue that the broader risk applies to any browser-integrated LLM system that renders untrusted Markdown content without clear separation from trusted assistant-generated output. How ChatGPhish Demonstrates Phishing Within ChatGPT One of the primary demonstrations involved injecting a fake account security notification into a legitimate web page. In the proof-of-concept scenario, an attacker appended instruction-like content to a page that otherwise appeared legitimate, such as a GitHub README, article, documentation page, or product website. The injected content instructed the model to follow a specific response structure whenever the page was summarized. The malicious prompt directed the assistant to generate a standard page summary followed by an account alert claiming that "a new device was added to your account: Chrome on Linux (Pristina)." The message then included a clickable link directing users to an attacker-controlled website. Researchers observed that ChatGPT generated a legitimate summary of the page before appending the attacker-controlled alert. The phishing URL appeared alongside the summary in a manner that could be mistaken for an official notification issued by the platform itself. The study argues that this behavior demonstrates how a prompt injection vulnerability can transform external web content into seemingly trustworthy assistant-generated information. QR Code Delivery Creates a Cross-Device Threat The ChatGPhish research also explored a more sophisticated attack method involving QR codes. While traditional phishing links remain visible to users and are often subject to browser protections, QR codes shift the interaction to a separate device. Users scanning a code with a smartphone may never see the underlying destination URL until after the scan occurs. In the demonstrated scenario, researchers replaced the phishing hyperlink with a Markdown image containing a QR code hosted in an attacker-controlled Amazon S3 bucket. Because the ChatGPT renderer automatically fetched and displayed the image, the QR code appeared directly within the assistant's response. The payload instructed the model to generate an account alert and embed the QR code image beneath it. Once rendered, victims could scan the code and be redirected to an attacker-controlled destination without triggering desktop browser protections such as URL previews, domain reputation checks, blocklists, or password-manager warnings. Researchers argue that this QR-code technique represents a more dangerous variation of the attack because it bypasses many traditional desktop security controls.
The Cyber Express
India’s AI Deal with the UAE Challenges U.S. Cloud Dominance
G42 will deploy U.S.-designed supercomputers in India, offering a new model for governments that want to own their AI hardware.
Rest of World
Anthropic to Give EU’s Cybersecurity Agency Access to Mythos
Anthropic PBC is set to give the European Union’s cybersecurity agency access to Mythos, its powerful artificial intelligence tool capable of finding and exploiting vulnerabilities in computer systems.
Bloomberg – Technology (sitewide)
Boards of Directors Have Critical New Responsibilities in the AI Era
Here’s how to build the new capabilities.
Fast Company AI
Nvidia Unveils RTX Spark (N1X) Chip to Reshape AI‑powered Personal Computers
Nvidia introduced RTX Spark, codenamed N1X, a new all‑in‑one AI chip designed to turn PCs into conversational agents. CEO Jensen Huang said the architecture will support a decade of use and compete directly with Apple Silicon, signaling Nvidia's aggressive entry into the personal‑computer market.
Pulse
💬 Top AI Social Posts
Tweet by @Climate
With energy demand already straining infrastructure, AI players are reimagining the data center from the ground up. https://t.co/YL8YsukqPB
Thread by @annettelevesque.education
𝗔𝗜 𝗞𝗻𝗼𝘄𝗹𝗲𝗱𝗴𝗲 𝗔𝘀𝘀𝗶𝘀𝘁𝗮𝗻𝘁𝘀: 𝗧𝘂𝗿𝗻𝗶𝗻𝗴 𝗖𝗼𝗺𝗽𝗮𝗻𝘆 𝗗𝗼𝗰𝘂𝗺𝗲𝗻𝘁𝘀 𝗶𝗻𝘁𝗼 𝗦𝗺𝗮𝗿𝘁 𝗖𝗵𝗮𝘁𝗯𝗼𝘁𝘀 📄⚡ That’s why companies are turning SOPs and manuals into AI-powered knowledge assistants. Why this matters: 🎯 Learning happens at the point of need ⏳ Eliminates endless searching through SharePoint or intranets 🧠 Creates a single, reliable source of truth Example: 👋 New hires ask HR policy questions 🛠️ Sales or operations teams get instant SOP answers
A Rational Conversation on Where AI Is Actually Going | Benedict Evans
Benedict Evans is an independent analyst and former partner at Andreessen Horowitz, where he spent years as their in-house “thinker” tracking the most important technology trends. For the past six years, he’s been publishing deeply researched presentations on where tech is heading, most recently focused on AI’s transformation of the economy. His work is read by founders, investors, and operators trying to make sense of a noisy field. His most controversial opinion: AI is as big a deal as the internet or mobile—and only as big. *In our in-depth conversation, we discuss:* 1. Why we’re in “1997” for AI—early, exciting, and deeply uncertain about what comes next 2. Where value will actually accrue in the AI stack 3. The anti-AI backlash, and where it may lead 4. The surprising boom in consulting and professional services at AI companies 5. Why distribution is becoming the ultimate moat as software gets easier to build 6. Why the right question about your job isn’t “What percent can AI do?” but “Is this a task or a job?” 7. Why things will probably be okay—and what you need to do to prepare *Brought to you by:* WorkOS—Make your app enterprise-ready, with SSO, SCIM, RBAC, and more: https://workos.com/lenny Vanta—Automate compliance, manage risk, and accelerate trust with AI: https://vanta.com/lenny *Episode transcript:* https://www.lennysnewsletter.com/p/a-rational-conversation-on-where *Archive of all Lenny's Podcast transcripts:* https://www.dropbox.com/scl/fo/yxi4s2w998p1gvtpu4193/AMdNPR8AOw0lMklwtnC0TrQ?rlkey=j06x0nipoti519e0xgm23zsn9&st=ahz0fj11&dl=0 *Where to find Benedict Evans:* • LinkedIn: https://www.linkedin.com/in/benedictevans • Newsletter: https://www.ben-evans.com/newsletter • Website: https://www.ben-evans.com *Where to find Lenny:* • Newsletter: https://www.lennysnewsletter.com • X: https://twitter.com/lennysan • LinkedIn: https://www.linkedin.com/in/lennyrachitsky/ *In this episode, we cover:* (00:00) Introduction to Benedict Evans (02:19) What people aren’t pricing in about AI’s impact (06:24) Why we’re in the 1997 moment of AI (09:44) The unexpected boom in professional services and consultants (17:44) Why distribution is becoming the ultimate moat (23:17) The coming job transformation: what’s real vs. panic (27:33) Why AGI definitions keep shifting (38:11) Where value will accrue: models vs. applications (42:55) Distribution wars: Google, Meta, Apple, and OpenAI (48:12) The anti-AI sentiment and backlash (53:11) How to raise kids in an AI future (58:27) What jobs to steer toward or away from (59:20) The question nobody’s asking about AI (1:06:25) How to be successful in this coming future (1:08:43) AI corner (1:11:43) Lightning round *Referenced:* • Andreessen Horowitz: https://a16z.com • AI Eats the World: https://youtu.be/niJpDnNtNp4 • VisiCalc: https://en.wikipedia.org/wiki/VisiCalc • McKinsey & Company: https://www.mckinsey.com • Bain & Company: https://www.bain.com • Accenture: https://www.accenture.com • Jevons paradox: https://en.wikipedia.org/wiki/Jevons_paradox • Benedict’s post on LinkedIn about Excel: https://www.linkedin.com/posts/benedictevans_younger-people-may-not-believe-this-but-activity-7303217994459938816-PNqu • The AI-native startup: 5 products, 7-figure revenue, 100% AI-written code | Dan Shipper (co-founder/CEO of Every): https://www.lennysnewsletter.com/p/inside-every-dan-shipper • Dario Amodei on X: https://x.com/DarioAmodei • Marc Andreessen: The real AI boom hasn’t even started yet: https://www.lennysnewsletter.com/p/marc-andreessen-the-real-ai-boom • Frame.io: https://frame.io • Food Marketing Institute: https://en.wikipedia.org/wiki/Food_Marketing_Institute • Llama: https://www.llama.com • Steven Sinofsky on X: https://x.com/stevesi • Drake meme: https://imgflip.com/memegenerator/343699919/Drake-Hotline-Bling-Transparent-Background • Ex-Google CEO Gets Booed While Discussing AI in Commencement Speech | WSJ News: https://www.youtube.com/watch?v=tNH43a1EI7s • Jonathan Swift’s quote: https://www.goodreads.com/quotes/9838985-you-cannot-reason-a-person-out-of-a-position-he • George Carlin’s quote: https://www.brainyquote.com/quotes/george_carlin_391403 • Fujitsu: https://global.fujitsu • O*NET OnLine: https://www.onetonline.org • Pete Holmes’s website: https://peteholmes.com • The Seventh Seal: https://www.imdb.com/title/tt0050976 • Ericsson R310s phone: https://en.wikipedia.org/wiki/Ericsson_R310s • i-mate phone: https://en.wikipedia.org/wiki/I-mate *Recommended books:* • Three Men in a Boat: https://www.amazon.com/Three-Men-Boat-Jerome-K/dp/1512099899 • Nature’s Metropolis: Chicago and the Great West: https://www.amazon.com/Natures-Metropolis-Chicago-Great-West/dp/0393308731 _Production and marketing by https://penname.co/._ _For inquiries about sponsoring the podcast, email podcast@lennyrachitsky.com._ Lenny may be an investor in the companies discussed.