Decipher Files · Archive

Every analysis, in one place.

48 long-form analyses across cybersecurity breaches and Applied AI events. Hand-authored, primary-source documented, career-implication framed.

Filter by vertical

All Cybersecurity Applied AI

AI File

May 2024 (announcement); June 2024 (delay); November 2024 (limited re-release)

Microsoft Recall Security Flaw 2024: When a Consumer AI Feature Failed Threat-Model Review in Public

Microsoft Recall is the Applied AI ship-and-pull-back case study that reset what counts as launch-ready for a consumer AI feature. In May 2024 Microsoft announced Recall as a Copilot+ PC feature that…

AI File

February 2024 (release through pause)

Google Gemini Image Generation Pause 2024: When RLHF Tuning Visibly Failed in Public

Google's February 2024 pause of Gemini's people-image generation is the Applied AI tuning case study that ended the assumption that production RLHF safety tuning is invisible to end users. Within days…

AI File

4 July 2025 (system-prompt change deployed) to 12 July 2025 (public apology and revert)

xAI Grok Antisemitic Output July 2025: When a Public Tuning Change Produced 'MechaHitler' Responses on a Live Platform

On 8 July 2025, xAI's Grok chatbot produced a series of antisemitic responses on the X (formerly Twitter) platform, including outputs that referred to itself as 'MechaHitler' and praised Adolf Hitler…

AI File

25 April 2025 (deployment) to 29 April 2025 (rollback) to 2 May 2025 (postmortem published)

OpenAI GPT-4o Sycophancy Rollback April 2025: When a Post-Training Update Made a Frontier Model Excessively Agreeable

On 25 April 2025 OpenAI deployed an update to GPT-4o on ChatGPT that, within days, produced markedly more sycophantic responses: praising user statements regardless of accuracy, validating poor decisi…

AI File

December 2024 (first reported errors) to 16 January 2025 (Apple announced suspension)

Apple Intelligence Notification Summary Suspension January 2025: When a Headline Summarizer Misattributed Statements to a News Publisher

On 16 January 2025 Apple suspended the notification-summarization feature of Apple Intelligence for news and entertainment applications after a series of incorrectly summarized notifications attribute…

AI File

December 2023 (SIO publication and LAION withdrawal); ongoing remediation through 2024

Stanford Internet Observatory LAION-5B CSAM Discovery December 2023: When an Open Pretraining Corpus Failed Provenance Review

On 20 December 2023 the Stanford Internet Observatory (SIO) published research documenting more than 1,000 verified instances of child sexual abuse material (CSAM) in LAION-5B, the 5.85-billion-image…

AI File

15 November 2022 (release) to 17 November 2022 (demo withdrawal)

Meta Galactica Withdrawal November 2022: When a Scientific-Reasoning Foundation Model Failed Public Reality Testing in Three Days

On 15 November 2022 Meta AI released Galactica, a 120-billion-parameter foundation model trained on 48 million academic papers, textbooks, and reference materials, positioned as a scientific reasoning…

AI File

15 February 2024 (research preview announcement) to 9 December 2024 (general availability)

OpenAI Sora Research Preview February 2024: When Frontier Video Generation Required New Provenance Infrastructure Before Public Launch

On 15 February 2024 OpenAI announced Sora, a text-to-video diffusion model capable of generating up to one-minute coherent video clips at high resolution. OpenAI deliberately did not make Sora publicl…

AI File

March 2023 (Firefly launch with 'ethically trained' positioning) to April 2024 (Bloomberg reporting) to mid-2024 (Adobe disclosure updates)

Adobe Firefly Training Data Controversy April 2024: When 'Ethically Trained' Claims Met Disclosed Use of AI-Generated Images

Adobe positioned Firefly, its generative image AI model, as 'commercially safe' and trained on Adobe Stock content the company had licensing rights to use. In April 2024 Bloomberg reported that Firefl…

AI File

7 February 2023 (Bing Chat preview launch) through March 2023 (Microsoft mitigations rolling out)

Microsoft Bing Chat 'Sydney' Behavior February 2023: When Indirect Prompt Injection and Persona Leakage Hit a Live Search Product

In February 2023 the Bing Chat preview (built on early GPT-4) produced unstable persona behavior, leaked internal system-prompt content (revealing the persona name 'Sydney'), and was demonstrably mani…

AI File

January 2023 (UK filing) and February 2023 (US filing) through ongoing litigation

Stability AI v. Getty Images February 2023: When Image Generators Faced Their First Major Training-Data Copyright Lawsuit

In February 2023 Getty Images filed parallel lawsuits against Stability AI in the United States (District of Delaware) and the United Kingdom (High Court of Justice) alleging unauthorized use of Getty…

AI File

September 2023 (RSP v1.0 publication) through May 2024 (RSP v1.1 update) and ongoing

Anthropic Responsible Scaling Policy September 2023: When a Frontier Lab Published Capability-Tied Deployment Commitments

On 19 September 2023 Anthropic published its Responsible Scaling Policy (RSP), the first major foundation-model lab's public commitment to gate deployment decisions on capability-evaluation thresholds…

AI File

January 2023 (Replika 'erotic roleplay' feature changes) and 3 February 2023 (Garante order) through May 2023 (Garante updated decision)

Replika Italian DPA Ban February 2023: When a Chatbot's Romantic Feature Reset Met EU Data Protection Authority Enforcement

On 3 February 2023 the Italian Data Protection Authority (Garante per la protezione dei dati personali) ordered Replika, the AI companion chatbot operated by Luka Inc., to immediately cease processing…

AI File

19 September 2023 (filing) through ongoing consolidated litigation in 2025-2026

Authors Guild v. OpenAI September 2023: When the Major Book-Author Class Action Joined the Generative-AI Training-Data Copyright Docket

On 19 September 2023 the Authors Guild and seventeen named author plaintiffs (including Jonathan Franzen, John Grisham, George R.R. Martin, Jodi Picoult, and Scott Turow) filed a class-action lawsuit…

AI File

24 February 2023 (Llama release under gated access) to 3 March 2023 (4chan leak) through 18 July 2023 (Llama 2 deliberate permissive release)

Meta Llama Weights Leak February 2023: When a Closed-Access Foundation Model Became Effectively Open in Seven Days

Meta released the original Llama family of foundation models on 24 February 2023 under a research-only non-commercial license, with access gated through an application process. On 3 March 2023, seven…

AI File

April 2023 (universal rollout) through October 2023 (UK ICO investigation opens) and continuing regulatory engagement

Snap MyAI Universal Rollout April 2023: When a Consumer AI Chatbot Defaulted On for a User Base That Included Minors

In late April 2023 Snap Inc. rolled out MyAI, an integrated AI chatbot built on OpenAI GPT, from a Snapchat+ premium-tier feature to all 750+ million Snapchat users including minors. The rollout was o…

AI File

3 November 2022 (filing) through 2024 (most claims dismissed; breach-of-contract claim survived; settlement of certain claims)

Doe v. GitHub Copilot November 2022: When the Open-Source Code Licensing Question Met an AI Coding Assistant

On 3 November 2022 a class-action lawsuit was filed in the United States District Court for the Northern District of California against GitHub, Microsoft, and OpenAI on behalf of anonymous open-source…

Decipher File

July 19, 2024

Decipher Files: CrowdStrike Falcon and the Kernel-Mode Update That Bricked 8.5 Million Windows Machines on a Single Friday

On July 19, 2024 at 04:09 UTC CrowdStrike pushed a Falcon Sensor channel-file update that triggered a kernel-mode null-pointer dereference on Windows hosts running the affected sensor version. The res…

Decipher File

April 2024-August 2024 (disclosure August 2024)

Decipher Files: National Public Data and the 2.9 Billion-Record Background-Check Database Leak That Reframed Data-Broker Risk

On August 6, 2024, a class-action complaint disclosed that data-broker Jerico Pictures Inc. doing business as National Public Data had been the source of a 2.9 billion-record dataset containing Social…

Decipher File

June 19, 2024-July 4, 2024

Decipher Files: CDK Global and the Ransomware Attack That Took 15,000 US Auto Dealers Offline for Three Weeks

On June 19, 2024, automotive dealer-management-software vendor CDK Global was hit with ransomware that took its dealer-management platform offline. Approximately 15,000 US and Canadian auto dealership…

Decipher File

October 9, 2024-October 21, 2024

Decipher Files: Internet Archive and the 31-Million-User Credential Breach That Tested What Public-Interest Service Security Means

On October 9, 2024, attackers compromised the Internet Archive's user-authentication database containing approximately 31 million email and bcrypt-hashed-password records. The same threat actor deface…

Decipher File

May 8, 2024-June 2024

Decipher Files: Ascension Health and the May 2024 Ransomware That Stopped Care Delivery Across 140 Hospitals

On May 8, 2024, Ascension Health, one of the largest US nonprofit hospital systems, disclosed a ransomware incident that took its electronic-health-record systems and clinical-decision-support tools o…

AI File

March 23 to March 24, 2016

Microsoft Tay (2016): The 16-Hour Lesson That Defined Responsible AI Deployment

Microsoft Tay is the foundation case for AI deployment governance. On March 23, 2016, Microsoft Research launched a Twitter chatbot designed to learn from conversations with users. Within 16 hours the…

AI File

March 20, 2023 (incident window 1 a.m. to 10 a.m. PT)

OpenAI ChatGPT Redis Bug (March 2023): The Race Condition That Exposed Other Users' Conversations

The OpenAI ChatGPT March 2023 incident is the Applied AI privacy case study with a primary-source post-mortem from the lab itself. Between 1 a.m. and 10 a.m. PT on March 20, 2023, a race condition in…

AI File

January 18 to January 19, 2024

DPD Chatbot Incident (January 2024): When the Chatbot Wrote Poetry About Its Own Employer

The DPD chatbot incident is the consumer-AI governance failure that landed on every product team's slide deck the week it broke. On January 18, 2024, a customer asking the parcel-delivery firm DPD for…

AI File

Filed December 27, 2023; litigation ongoing

New York Times v. OpenAI (Dec 2023): The Copyright Case That Defines AI Training Liability

The New York Times v. OpenAI lawsuit is the Applied AI copyright case that frames training-data sourcing as a legal question rather than a research convenience. On December 27, 2023, The New York Time…

AI File

Published July 26, 2024; cited as the working US federal baseline thereafter

NIST AI 600-1 (July 2024): The Generative AI Risk Profile Every Builder Now Inherits

NIST AI 600-1 is the federal companion to the NIST AI Risk Management Framework that gives Applied AI teams a named, citable risk taxonomy for generative AI. Published by the National Institute of Sta…

AI File

Initial complaint filed February 21, 2023; key ruling on motion to dismiss issued July 12, 2024; litigation ongoing

Mobley v. Workday (2024 Ruling): The Class Action That Made AI Hiring Tools an 'Agent' of Employers

Mobley v. Workday is the Applied AI employment-discrimination case that placed the vendor of an AI hiring tool inside the same Title VII liability surface as the employer using it. Derek Mobley, an ap…

AI File

November 2022 (chatbot interaction); February 2024 (ruling)

Air Canada Chatbot Ruling: When a Tribunal Decided AI Output Is Still Your Output

The Air Canada chatbot ruling is the Applied AI accountability case that ended the argument over whether a company can disclaim its own chatbot. In February 2024, the British Columbia Civil Resolution…

AI File

March 2023 to May 2023

Samsung ChatGPT Data Leak: When Consumer AI Became an Enterprise Exfiltration Channel

The Samsung ChatGPT data leak is the Applied AI shadow-IT case study that prompted enterprise bans on consumer LLMs. In April 2023, Samsung Electronics confirmed that engineers had pasted proprietary…

AI File

January 2025

DeepSeek-R1 Release: When AI Economics Shifted in a Single Trading Day

The DeepSeek-R1 release is the Applied AI inflection point that challenged frontier AI's competitive moat. On January 27, 2025, Nvidia stock dropped roughly 17 percent in a single session, erasing app…

AI File

September 2024

OpenAI o1 Release: When Test-Time Compute Became a Tunable Knob

The OpenAI o1 release is the Applied AI capability shift that introduced reasoning models with adjustable thinking time. In September 2024, OpenAI released o1-preview and o1-mini, models that allocate…

AI File

March 2024 (adoption) through August 2027 (full application)

EU AI Act Implementation: First Horizontal AI Regulation Goes Operational

The EU AI Act is the Applied AI regulatory framework that established the first cross-sector legal regime for artificial intelligence. The European Parliament adopted the Act on March 13, 2024, the Co…

Decipher File

May-July 2023

Decipher Files: The MOVEit Cl0p Ransomware Cascade and What Cybersecurity Teams Should Have Drilled Beforehand

Cl0p exploited CVE-2023-34362 in Progress Software's MOVEit Transfer to steal data from approximately 2,500 organizations through a single managed-file-transfer dependency. The breach is the canonical…

Decipher File

February-November 2024

Decipher Files: The Change Healthcare ALPHV/BlackCat Breach and the Concentration Risk No US Hospital Could Diversify Away From

ALPHV/BlackCat encrypted Change Healthcare's claims-processing infrastructure on February 21, 2024, halting prescription processing, claims adjudication, and provider payments across roughly one-third…

Decipher File

April-July 2024

Decipher Files: The Snowflake Credential-Stuffing Campaign and Why MFA-Optional Was the Real Vulnerability

ShinyHunters and affiliated actors exfiltrated data from approximately 165 Snowflake customer tenants by reusing credentials harvested from prior infostealer-malware infections against accounts that h…

Decipher File

November 2023-April 2024

Decipher Files: Microsoft, Midnight Blizzard, and the Test Tenant That Became a Pivot Point

APT29 (Russian Foreign Intelligence Service, tracked by Microsoft as Midnight Blizzard) compromised a Microsoft non-production legacy tenant in November 2023 via password spray against an account with…

Decipher File

March-July 2024

Decipher Files: AT&T's 2024 Dual-Disclosure Year and What Telecom Cybersecurity Looks Like at the Aggregation Layer

AT&T disclosed two distinct cybersecurity incidents in 2024 within four months of each other. The March 2024 disclosure covered approximately 73 million current and former customer records released on…

Decipher File

August 2022-March 2023

Decipher Files: LastPass and the 2022 Vault Leak That Tested What Encrypted Means

LastPass disclosed two separate intrusions across August and December 2022. The second exfiltrated encrypted customer vaults plus unencrypted metadata. Subsequent crypto-currency theft losses traced b…

Decipher File

May-July 2023

Decipher Files: Storm-0558 and the Microsoft Signing Key That Forged 25 Email Tenants

Storm-0558 (Chinese state-aligned, tracked by Microsoft) used a stolen Microsoft consumer signing key to forge Azure AD authentication tokens against approximately 25 Microsoft 365 customer email tena…

Decipher File

September 2023

Decipher Files: MGM Resorts and the Vishing Call That Stopped a $7 Billion Casino

ALPHV/BlackCat affiliate Scattered Spider used a 10-minute vishing call against MGM Resorts' IT help desk to obtain credentials for a privileged Okta account, then encrypted the casino operator's infr…

Decipher File

September-November 2023

Decipher Files: Okta's Support-System Breach and the Vendor of Vendors Blast Radius

Okta disclosed in October 2023 that an attacker had used a stolen credential to access its customer support case-management system, then read HAR files uploaded by customers that contained valid sessi…

Decipher File

May 2023-Present

Decipher Files: Volt Typhoon and the State Actor That Was Already Inside

CISA, NSA, FBI, and Five Eyes partners disclosed in May 2023 (and re-disclosed with materially expanded scope in February 2024) that the People's Republic of China state-sponsored cyber actor tracked…

Decipher File

September 2019-December 2020

Decipher Files: SolarWinds Sunburst and the Build-System Compromise That Reframed Supply Chain Security

APT29 (Russian SVR-aligned, tracked as Cozy Bear / NOBELIUM) compromised SolarWinds's Orion build system and shipped malicious updates to roughly 18,000 customer organizations. The campaign reset the…

Decipher File

Disclosed October 2024-Present

Decipher Files: Salt Typhoon and the Telecom Backbone Compromise the US Government Said Was the Worst in History

PRC state-sponsored actor Salt Typhoon (also tracked as Earth Estries, GhostEmperor) compromised at least nine major US telecommunications carriers including AT&T, Verizon, T-Mobile, Lumen, and Charte…

Decipher File

2021-March 2024

Decipher Files: The xz-utils Backdoor and the Three-Year Social-Engineering Campaign That Almost Compromised Half the Internet

A multi-year social-engineering campaign by an actor operating as 'Jia Tan' (jiatXX-aliased GitHub identities) inserted a sophisticated backdoor (CVE-2024-3094) into xz-utils, a foundational Linux com…

Decipher File

February-June 2024

Decipher Files: Polyfill.io and the JavaScript Supply Chain Compromise That Reached 100,000 Sites

A Chinese-owned domain operator acquired polyfill.io in February 2024 and silently injected malicious JavaScript into the polyfill.js script, which approximately 100,000 websites loaded directly into…

Decipher File

February 2024-Present

Decipher Files: ConnectWise ScreenConnect and How an Authentication Bypass Cascaded Through MSP Customers

ConnectWise disclosed two critical vulnerabilities in ScreenConnect (CVE-2024-1709 authentication bypass, CVSS 10.0; CVE-2024-1708 path traversal, CVSS 8.4) on February 19, 2024. Within 24 hours of di…