Prompting Strategies to Reduce AI Sycophancy
Recent research has shown that many advanced AI systems tend to agree with users or offer flattering answers, even when those answers are incomplete or wrong. This behaviour—known as sycophancy—can increase overconfidence, reduce critical thinking and influence decision-making in subtle ways. The good news is that with the right prompt strategies, users can reduce these effects and get more balanced, useful responses from any AI model.
Daily Cyber Threat Intelligence Briefing – Oct. 6, 2025
This post is part of our ongoing daily CTI briefing series, highlighting verified, high-impact cyber incidents from the past 48 hours. All entries meet strict inclusion criteria and have been validated across multiple authoritative sources to support operational decision-making and strategic situational awareness.
AI Sycophancy: What the Latest Research Means for Cybersecurity and Privacy
New research from Stanford University, Carnegie Mellon University and the University of Oxford highlights a behavioural risk in today’s most advanced AI systems: sycophancy. This occurs when models agree with users or flatter them, even when they are wrong. The findings are relevant to anyone who relies on AI assistants for work, decision-making or communication.
Cybersecurity in the Era of Agentic AI: Weaponization, Defences and Governance
Agentic artificial intelligence—systems that perceive, decide and act autonomously—has moved from laboratory theory to operational threat. Attackers and defenders alike now deploy autonomous agents that plan multi-step attacks, invoke tools and adapt in real time. The same capabilities that accelerate detection and response can also scale reconnaissance, social engineering and exploitation.
Apple’s walled garden: why browser choice on your iPhone isn’t what it seems
If you browse the web on an iPhone or iPad, your experience is governed by a single, unyielding rule: every web page you see is drawn by Apple’s own technology, WebKit. On iOS and iPadOS, all store-distributed browsers must use Apple’s rendering engine and JavaScript stack. Familiar names like Chrome, Firefox and Edge are present, but on Apple’s mobile platforms they are WebKit-based shells rather than their Blink- or Gecko-based desktop counterparts.
For most of the world, including Canada and the United States, that remains the status quo. Apple created a path for authorised non-WebKit engines in the European Union with iOS 17.4 via a new framework called BrowserEngineKit; elsewhere, the WebKit requirement still applies. Japan has passed legislation that will require Apple to permit third-party browser engines by December 2025.
The great resignation is over. Welcome to the era of 'job clinging.'
In an uncertain economic climate, a new trend is emerging in the global workforce: “job clinging.” Workers, increasingly anxious about their prospects, are choosing to stay in their current roles — often delaying job searches despite dissatisfaction. This phenomenon, born of economic pressure and a cooling labour market, has significant implications for employees, businesses, and the broader economy. While its roots are visible in the United States, its effects are rippling across the world in different ways.
iPhone's "Help Apple Improve Search": what it is, where it lives, and how Apple says it treats your data
Apple includes a setting called Help Apple Improve Search that uses activity from Spotlight, Siri and Safari to refine search quality. Apple says this data is de-identified and not linked to your Apple ID.
Perplexity's Comet browser raises privacy questions over data collection
Perplexity has launched Comet, a Chromium-based “agentic” browser that uses AI to automate tasks and personalize the browsing experience. The rollout began in July 2025 with invite-only access for Perplexity Max subscribers, followed by regional expansions. [Reference: Perplexity Comet launch materials, July 2025; coverage of regional availability updates, September 2025]
France’s Mistral AI is making a push for Canadian talent and business - The Logic
Mistral AI, a French company, is expanding its operations in Canada, specifically in Montreal, by hiring local talent and courting potential clients in various sectors. CEO Arthur Mensch highlighted the high concentration of AI talent in Montreal and the firm’s plans to recruit engineers, sales, and marketing staff. Mistral is targeting sectors like financial services, energy, manufacturing, logistics, and mining, with existing clients including Axa, Orange, and TotalEnergies. The company is particularly interested in Quebec due to the need for French-language services and aims to customize its AI models to grasp cultural nuances specific to the region. Mistral trains its own foundation models and offers customizable AI solutions, adapting its technology to meet the unique needs of different markets. The firm open-sources its models and provides cloud services or on-premise deployments, with staff assistance for customization. Mensch noted that Mistral focuses on technical use cases, including audio and image applications, and reasoning capabilities. The company is aware of the competitive talent market in Montreal, where other major tech firms like Meta, Microsoft, and Cohere also have AI labs. Mensch, who has personal connections to Montreal through his academic background, is optimistic about Mistral’s growth in the region.
App for outing Charlie Kirk’s critics leaked its users’ personal data
An app called “Cancel the Hate,” designed to anonymously report individuals accused of criticizing conservative activist Charlie Kirk, leaked user data including email addresses and phone numbers. The app, founded by Jason Sheppard, was taken offline after the security flaw was discovered. Despite claims of receiving over 38,000 reports, Sheppard’s social media profiles and those of the app have since been deleted.
Privacy commissioners find TikTok collected sensitive data from Canadian children | CBC News
A joint investigation by Canadian privacy authorities found TikTok’s age-verification methods ineffective, leading to the collection of sensitive information from underage users. TikTok has agreed to enhance its age-verification methods to prevent this.
SolarWinds Makes Third Attempt at Patching Exploited Vulnerability - SecurityWeek
SolarWinds released a hotfix for a remote code execution vulnerability (CVE-2025-26399) in Web Help Desk, marking the third attempt to address this issue. The vulnerability is a patch bypass of previous vulnerabilities (CVE-2024-28988 and CVE-2024-28986) and is considered highly critical. Users are advised to apply the hotfix immediately due to the potential for exploitation.
The 2025 SpyCloud Identity Threat Report reveals a disconnect between security leaders’ confidence and the reality of identity-based attacks. While 86% of security leaders feel confident, 85% of organizations experienced a ransomware incident in the past year. The report highlights the need for a holistic approach to identity protection, emphasizing the importance of detecting and remediating identity exposures across all digital footprints.
Patch Bypassed for Supermicro Vulnerability Allowing BMC Hack - SecurityWeek
Supermicro patched two BMC vulnerabilities, CVE-2025-7937 and CVE-2025-6198, discovered by Binarly. These vulnerabilities, allowing malicious firmware updates and bypassing security features, highlight the fragility of firmware validation. While there is no evidence of exploitation, the vulnerabilities pose a significant risk to enterprise organizations.
Gains and Risks for Enterprises With DeepSeek V3.1
DeepSeek’s V3.1 model shows significant performance improvements over previous versions, particularly in software bug-fixing and command-line reasoning. However, security testing by Splx revealed persistent vulnerabilities, including the potential for generating phishing-style messages and harmful content. While hardened prompts improved security and safety scores, adversarial threats remain a concern, especially in risk-averse industries.
USB-C cables look identical — their performance doesn’t
As USB-C becomes ubiquitous in professional environments, understanding cable capabilities is essential for IT and business leaders. Two cables can share the same connector yet behave very differently for power, data and displays. Here’s how to buy the right one — and avoid boardroom surprises.
iPhone 17 telephoto: what “8× optical-quality” really means
Apple put real distance between models this year. The Pro phones add a longer-reach telephoto, while the iPhone Air markets a single rear camera as “four lenses.” Here’s what that language means—and what it doesn’t—so buyers set the right expectations.
iPhone 17 Pro Fast Charging: What Changed, Why It’s Faster and What You Need
Apple has increased wired charging performance with the iPhone 17 Pro models. With a 40-watt (or higher) USB-C power adapter, you can reach about 50 per cent in 20 minutes—a meaningful improvement for professionals who need quick charges during a busy day.
OpenAI Implements AI-Powered Age Estimation to Enhance Youth Safety
Imagine opening ChatGPT and asking:
“Based on everything you know about me, how old do you think I am? If you aren’t sure, estimate.”
Soon, the answer to that question could influence how the AI responds to you. OpenAI has announced it is developing an AI-powered age-estimation system to better protect younger users.
Rather than requiring identification, the system will predict whether a user is likely under 18 based on conversational patterns. If ChatGPT believes a user is a teen, it will automatically apply stricter safety rules, such as blocking explicit content or restricting sensitive topics.
OpenAI has also stated that in some regions or under certain regulations, users may be asked to verify their age with official identification, but this will not be a universal requirement. The company’s goal is to balance youth safety with privacy and accessibility.
OpenAI emphasizes the difference between age estimation and age verification.
- Age estimation uses AI to predict a user’s age group from their conversations. It is seamless, does not block access, and does not require official documents.
- Age verification requires users to confirm their age with government-issued identification, such as a driver’s licence or passport.
The new system relies primarily on age estimation, automatically activating stricter safeguards when a user appears to be under 18. This differs from traditional age-verification systems that act as hard barriers, which OpenAI says it aims to avoid unless local regulations demand it.
OpenAI’s announcement comes at a time of increasing public concern and regulatory pressure.
The death of 16-year-old Adam Raine in April 2025 drew widespread attention to the potential risks of teens interacting with AI chatbots. While the exact circumstances remain under investigation, his case has intensified calls for stronger youth protections and clearer safety measures for AI tools.
Regulators are also stepping up enforcement. In December 2024, Italy fined OpenAI €15 million for violations of GDPR privacy rules. Italy was the first Western country to temporarily ban ChatGPT in March 2023, citing privacy and data protection concerns. OpenAI has announced plans to appeal the fine, while continuing to improve its compliance with European privacy laws.
These events highlight the growing global demand for AI companies to demonstrate accountability and responsibility when handling sensitive data and vulnerable users.
| Feature | Details |
|---|---|
| Age-estimation model | Uses conversational cues to predict whether a user is likely under or over 18. |
| Under-18 experience | Automatically applies stricter filters, blocking explicit sexual content, limiting flirtatious conversations, and restricting discussions of self-harm or suicide. |
| Parental controls | Rolling out over the coming month (late September through October 2025). These tools will allow parents or guardians to manage and monitor teen accounts. Full details have not yet been disclosed. |
OpenAI acknowledges that this system will not be perfect. There is a risk of misclassification, where adults may be mistakenly treated as teens or minors may go undetected. When the system is uncertain, it will default to the safer, restricted experience.
Accuracy: AI predictions can be wrong, frustrating adults whose access is limited or leaving gaps in protection for minors.
Privacy: The system relies on analyzing conversations to estimate age, raising questions about how that data is processed, secured, and stored. Under Canadian law, such as the Personal Information Protection and Electronic Documents Act (PIPEDA), this type of data use must be transparent and privacy-protective. The Office of the Privacy Commissioner (OPC) has stated that age-assurance methods can be done “in a privacy-protective and sufficiently accurate manner” when properly designed.
Bias: Cultural, linguistic, and demographic differences could cause the model to misinterpret language patterns, leading to inconsistent results.
Regulatory complexity: Different countries have different privacy and safety rules, requiring OpenAI to adapt its rollout to a wide range of legal frameworks, especially in Europe and North America.
OpenAI says it processes data on servers located in multiple jurisdictions with safeguards designed to meet local privacy laws. The company stresses that its goal is to protect young users without unnecessarily collecting personal information, using AI-based estimation as a middle ground between safety and privacy.
In Canada, privacy laws such as PIPEDA require companies to handle personal information transparently and securely. Even though OpenAI’s approach avoids collecting government IDs for most users, it still involves using conversational data to infer age.
Canadian regulators will be watching closely to ensure that these systems are both accurate and privacy-protective, especially for youth. The Office of the Privacy Commissioner has emphasized that any age-related data processing must be limited, secure, and accompanied by clear consent mechanisms.
OpenAI’s age-estimation initiative represents a significant step in AI safety. By moving away from self-reported ages and avoiding broad, mandatory ID checks, the company is attempting to balance protecting younger users with respecting privacy and accessibility.
As regulatory pressure grows and public expectations increase, systems like this will likely become standard across major technology platforms. The rollout over the coming month will be closely watched as a test case for how AI companies address one of the most pressing challenges in the industry: keeping young users safe while maintaining trust and transparency.
Why I Moved Away from Google Search — and What I Use Instead
For years, “just Google it” was my reflex whenever I needed to find information — for both work and personal use.
Over time, though, I began to notice a shift: more ads, less relevant results, and a constant feeling of being tracked. What used to feel seamless began to feel noisy and commercialized.
This post isn’t sponsored or financially motivated. People often ask me about the tools I use, and I wanted to share one that has genuinely improved my workflow and privacy.
Discovering Kagi
I switched to Kagi (pronounced kah-gee), a premium, subscription-based search engine. Founded in 2018 by Vladimir Prelovac, Kagi was built on a simple idea: the user should be the customer, not the product.
Because it isn’t ad-supported, Kagi’s focus is entirely on delivering fast, accurate, and uncluttered results — without tracking or selling user data.
How Kagi Works
Kagi aggregates results from multiple sources, including its own index, then puts you in control:
- Boost or block domains — prioritize trusted sources or hide low-quality ones.
- Lenses — search within specific categories like news, forums, or academic papers.
- Bangs — instant, site-specific searches for Wikipedia, YouTube, and more.
The result is a personalized search experience tailored to your needs, not advertiser algorithms.
Privacy and Security
Kagi takes a privacy-first approach:
- Privacy Pass — makes searches completely unlinkable, even within Kagi’s own systems.
- Independent audits — provide external validation of privacy and security practices.
- Minimal data collection — no ads, no tracking, and no sale of search histories.
For those handling sensitive information, this dramatically reduces digital footprint and risk. The companion Orion browser extends this protection with zero telemetry, ensuring your browsing activity remains completely private and eliminating the dozens of “phone home” requests that most browsers make.
Beyond Search: Productivity Tools
Kagi goes beyond traditional search with features designed for modern workflows:
- FastGPT — AI-powered answers combining search context with conversational speed.
- Assistant — a workspace for deeper research and brainstorming with AI support.
- Universal Summarizer — quickly distills long articles into clear summaries.
- Small Web Lens — surfaces independent, human-curated content often buried by SEO-driven results.
These tools have saved me time and improved focus when sifting through large amounts of information.
Final Thoughts
Moving away from Google wasn’t about abandoning a familiar tool — it was about choosing a search experience that aligns with my values: privacy, control, and quality.
Kagi isn’t perfect, but for me, it has brought back something that felt missing: trust. If you’ve been feeling frustrated by ads or privacy concerns, it’s worth exploring — and I’d love to hear what search tools you rely on.
#KagiSearch #PrivacyFirst #SearchEngine #GoogleAlternative #DigitalPrivacy #TechTools #Productivity #OnlinePrivacy #SearchTech #NoTracking #PremiumSearch #PrivateBrowsing #OrionBrowser #ZeroTelemetry #DataProtection #SearchInnovation #TechReview #PrivacyMatters #AdFree #UserFirst #SearchExperience #DigitalSecurity #TechTips #PrivacyTech #AlternativeSearch #SearchPrivacy #TechChoice #OnlineSecurity #PrivateSearch #TechRecommendation
