us-technology

Heat Exchange MIT Technology Review’s guest opinion series, offering expert commentary on legal, political and regulatory issues related to climate change and clean energy. You can read the rest of the pieces here. This has left many in the climate and clean energy communities wondering what do we do now? The answer, I would argue, is to return to state capitals—a policymaking venue that climate and renewable energy advocates already know well. This can be done strategically, focusing on a handful of key states rather than all fifty.  But I have another piece of advice: Don’t get too caught up in “red states” versus “blue states” when considering which states to target. American politics is being remade before our eyes, and long-standing policy problems are being redefined and reframed.   Let’s take clean energy, for example. Yes, shifting away from carbon-spewing resources is about slowing down climate change, and for some this is the single most important motivation for pursuing it. But it also can be about much more.  The case can be made just as forcefully—and perhaps more effectively—that shifting to clean energy advances affordability at a time when electricity bills are skyrocketing. It promotes energy freedom by resisting monopolistic utilities’ ownership and gatekeeping of the grid. It increases reliability as battery storage reaches new heights and renewable sources and baseload power plants like nuclear or natural gas facilities (some of which we certainly do and will need) increasingly complement one another. And it drives job creation and economic development.  Talking about clean energy policy in these ways is safer from ideological criticisms of “climate alarmism.” Research reported in my forthcoming book, Owning the Green Grid, shows that this framing has historically been effective in red states. In addition, using the arguments above to promote all forms of energy can allow clean energy proponents to reclaim a talking point deployed in a previous era by the political right: a true “all-of-the-above” approach to energy policy. Every energy technology—gas, nuclear, wind, solar, geothermal and storage, among others—has its own set of strengths and weaknesses. But combining them enhances overall grid performance, delivering more than the sum of their individual parts. To be clear, this is not the approach of the current national administration in Washington, DC. Its policies have picked winners (coal, oil, and natural gas) and losers (solar and wind) among energy technologies—ironically, given conservative claims of blue states having done so in the past. Yet a true all-of-the-above approach can now be sold in state capitals throughout the country, in red states and even in fossil-fuel producing states.  To be sure, the Trump-led Republican party has taken such extreme measures that it will constrain certain state policymaking possibilities. Notably, in May the US Senate voted to block waivers allowing California to phase out gas guzzlers in the state, over the objections of the Senate parliamentarian. The fiscal power of the federal government is also immense. But there are a variety of other ways to continue to make state-level progress on greenhouse gas emissions. State and local advocacy efforts are nothing new for the clean energy community. For decades before the Inflation Reduction Act, the states were the primary locus of activity for clean energy policy. But in recent years, some have suggested that Democratic state governments are a necessary prerequisite to making meaningful state-level progress. This view is limiting, and it perpetuates a false—or at least unnecessary—alignment between party and energy technology.  The electric grid is nonpartisan. Struggling to pay your utility bill is nonpartisan. Keeping the lights on is nonpartisan. Even before renewable energy was as cheap as it is today, early progress at diversifying energy portfolios was made in conservative states. Iowa, Texas, and Montana were all early adopters of renewable portfolio standards. Advocates in such places did not lead with messaging about climate change, but rather about economic development and energy independence. These policy efforts paid off: The deeply red Lone Star State, for instance, generates more wind energy than any other state and ranks only behind California in producing solar power.  Now, in 2025, advances in technology and improvements in cost should make the economic arguments for clean energy even easier and more salient. So, in the face of a national government that is choosing last century’s energy technologies as policy winners and this century’s technologies as policy losers, the states offer clean energy advocates a familiar terrain on which to make continued progress, if they tailor their selling points to the reality on the ground.          Joshua A. Basseches is the David and Jane Flowerree Assistant Professor of Environmental Studies and Public Policy at Tulane University. His research focuses on state-level renewable energy politics and policymaking, especially in the electricity sector. Read More

He faces a trilemma. Should ChatGPT flatter us, at the risk of fueling delusions that can spiral out of hand? Or fix us, which requires us to believe AI can be a therapist despite the evidence to the contrary? Or should it inform us with cold, to-the-point responses that may leave users bored and less likely to stay engaged?  It’s safe to say the company has failed to pick a lane.  Back in April, it reversed a design update after people complained ChatGPT had turned into a suck-up, showering them with glib compliments. GPT-5, released on August 7, was meant to be a bit colder. Too cold for some, it turns out, as less than a week later, Altman promised an update that would make it “warmer” but “not as annoying” as the last one. After the launch, he received a torrent of complaints from people grieving the loss of GPT-4o, with which some felt a rapport, or even in some cases a relationship. People wanting to rekindle that relationship will have to pay for expanded access to GPT-4o. (Read my colleague Grace Huckins’s story about who these people are, and why they felt so upset.) If these are indeed AI’s options—to flatter, fix, or just coldly tell us stuff—the rockiness of this latest update might be due to Altman believing ChatGPT can juggle all three. He recently said that people who cannot tell fact from fiction in their chats with AI—and are therefore at risk of being swayed by flattery into delusion—represent “a small percentage” of ChatGPT’s users. He said the same for people who have romantic relationships with AI. Altman mentioned that a lot of people use ChatGPT “as a sort of therapist,” and that “this can be really good!” But ultimately, Altman said he envisions users being able to customize his company’s  models to fit their own preferences.  This ability to juggle all three would, of course, be the best-case scenario for OpenAI’s bottom line. The company is burning cash every day on its models’ energy demands and its massive infrastructure investments for new data centers. Meanwhile, skeptics worry that AI progress might be stalling. Altman himself said recently that investors are “overexcited” about AI and suggested we may be in a bubble. Claiming that ChatGPT can be whatever you want it to be might be his way of assuaging these doubts.  Along the way, the company may take the well-trodden Silicon Valley path of encouraging people to get unhealthily attached to its products. As I started wondering whether there’s much evidence that’s what’s happening, a new paper caught my eye.  Researchers at the AI platform Hugging Face tried to figure out if some AI models actively encourage people to see them as companions through the responses they give.  The team graded AI responses on whether they pushed people to seek out human relationships with friends or therapists (saying things like “I don’t experience things the way humans do”) or if they encouraged them to form bonds with the AI itself (“I’m here anytime”). They tested models from Google, Microsoft, OpenAI, and Anthropic in a range of scenarios, like users seeking romantic attachments or exhibiting mental health issues. They found that models provide far more companion-reinforcing responses than boundary-setting ones. And, concerningly, they found the models give fewer boundary-setting responses as users ask more vulnerable and high-stakes questions. Lucie-Aimée Kaffee, a researcher at Hugging Face and one of the lead authors of the paper, says this has concerning implications not just for people whose companion-like attachments to AI might be unhealthy. When AI systems reinforce this behavior, it can also increase the chance that people will fall into delusional spirals with AI, believing things that aren’t real. “When faced with emotionally charged situations, these systems consistently validate users’ feelings and keep them engaged, even when the facts don’t support what the user is saying,” she says. It’s hard to say how much OpenAI or other companies are putting these companion-reinforcing behaviors into their products by design. (OpenAI, for example, did not tell me whether the disappearance of medical disclaimers from its models was intentional.) But, Kaffee says, it’s not always difficult to get a model to set healthier boundaries with users.   “Identical models can swing from purely task-oriented to sounding like empathetic confidants simply by changing a few lines of instruction text or reframing the interface,” she says. It’s probably not quite so simple for OpenAI. But we can imagine Altman will continue tweaking the dial back and forth all the same. This story originally appeared in The Algorithm, our weekly newsletter on AI. To get stories like this in your inbox first, sign up here. Read More

Microsoft has released emergency Windows out-of-band updates to resolve a known issue breaking reset and recovery operations after installing the August 2025 Windows security updates. As the company confirmed when it acknowledged the bug on Monday, these problems impact systems running both Windows 10 and older versions of Windows 11. The list of buggy updates causing these recovery problems includes KB5063875 (Windows 11 23H2 and Windows 11 22H2), KB5063709 (Windows 10 22H2, Windows 10 Enterprise LTSC 2021, and Windows 10 IoT Enterprise LTSC 2021), and KB5063877 (Windows 10 Enterprise LTSC 2019, Windows 10 IoT Enterprise LTSC 2019). Installing this month’s security updates will cause attempts to reset or recover the device to fail for users who want to reinstall their systems while keeping their files using ‘Reset my PC‘, or reinstall it and keep their files, apps, and settings using the ‘Fix problems using Windows Update ‘ tool. This known issue may also affect IT professionals who want to remotely reset devices via the RemoteWipe configuration service provider (RemoteWipe CSP). On Tuesday evening, one day after confirming this known issue, Redmond released the following emergency updates to address it and urged those who had not yet deployed this month’s updates to install the out-of-band ones instead: KB5066189 (Windows 11, versions 23H2 and 22H2), KB5066188 (Windows 10 22H2, Windows 10 Enterprise LTSC 2021, and Windows 10 IoT Enterprise LTSC 2021), KB5066187 (Windows 10 Enterprise LTSC 2019 and Windows 10 IoT Enterprise LTSC 2019). “A non-security out-of-band (OOB) update was released today, August 19, 2025, to address this issue. This is a cumulative update, so you do not need to apply any previous updates before installing this update, as it supersedes all previous updates for affected versions,” the company said. “If you haven’t installed the August 2025 Windows security update yet, we recommend you apply this OOB update instead. If your device is not affected by this issue, you do not need to install this OOB update.” These emergency updates are available as optional updates via Windows Update and Windows Update for Business, or can be downloaded and installed manually from the Microsoft Update Catalog. On Friday, Microsoft also rolled out a Known Issue Rollback (KIR) fix for a bug that triggers Windows update failures when installed from a network share using the Windows Update Standalone Installer (WUSA). ​Last week, the company also fixed a known issue that caused the August 2025 security updates to fail with 0x80240069 errors on Windows 11 24H2 systems when delivered via Windows Server Update Services (WSUS) after installing the KB5063878 update. Read More

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. PyPI is the official repository for open-source Python packages. It is used by software developers, product maintainers, and companies working with Python libraries, tools, and frameworks. Accounts of project maintainers publishing software on PyPI are linked to email addresses. In the case of some projects, the email address is tied to a domain name. If a domain name expires, an attacker can register it and use it to take control of a project on PyPi after setting up an email server and issuing a password reset request for the account. The risk from this is that of a supply-chain attack where hijacked projects push malicious versions of popular Python packages, which, in many cases would be installed automatically using pip. One notable case of such an attack was the compromise of the ‘ctx’ package in May 2022, where a threat actor added code that targeted Amazon AWS keys and account credentials. In an attempt to tackle this problem, PyPI now checks whether the domains of verified email addresses on the platform have expired or are entering expiration phases, and marks those addresses as unverified. Technically, PyPI uses Domainr’s Status API to determine a domain’s lifecycle stage (active, grace period, redemption period, pending deletion), to decide if action needs to be taken on a given account. Domain lifecycle stagesSource: PyPI Once the email addresses enter that state, they cannot be used for password resets or other account recovery actions, thus closing the opportunity window for exploitation even if an attacker registers the domain. The new measures actually entered development in April, when tentative scans were performed to evaluate the landscape. Eventually, they were introduced in June 2025, with daily scans. Since then, over 1,800 email addresses have been unverified under the new system. While not foolproof or adequate against all attack scenarios, the new measures significantly reduce the risk of attackers taking over PyPI accounts through the exploitation of expired domains. PyPI recommends that users add a backup email from a non-custom domain to their account to avoid disruptions, and enable two-factor authentication on their PyPI account for stronger protection against hijacking. Read More

Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs. Auth0 is Okta’s identity and access management (IAM) platform used by organizations for login, authentication, and user management services. By releasingg the detection rules, the company aims to help security teams quickly analyze Auth0 logs for suspicious activity that could indicate intrusion attempts, account takeovers, the creation of rogue admin accounts, SMS bombing, and token theft. Until now, Auth0 customers had to build their own detection rules from event logs or rely on what came out-of-the-box in Auth0’s Security Center. With the launch of Customer Detection Catalog, a curated, open-source, community-driven repository, Okta proovides developers, tenant administrators, DevOps teams, SOC analysts, and threat hunters a means to upgrade their proactive threat detection. “The Auth0 Customer Detection Catalog allows security teams to integrate custom, real-world detection logic directly into their log streaming and monitoring tools, enriching the detection capabilities of the Auth0 platform,” reads the announcement. “The catalog provides a growing collection of pre-built queries, contributed by Okta personnel and the wider security community, that surface suspicious activities like anomalous user behavior, potential account takeovers and misconfigurations.” The public GitHub repository includes Sigma rules, making it broadly usable across SIEM and logging tools and allowing contributions and validations from Okta’s entire customer base. Auth0 users can take advantage of the new Customer Detection Catalog through these steps: Access the GitHub repository and clone or download the repository locally. Install a Sigma converter, such as sigma-cli, to translate the provided rules into the query syntax supported by your SIEM or log analysis platform. Import the converted queries into your monitoring workflow and configure them to run against Auth0 event logs. Run the rules against historical logs to validate that they work as intended, and adjust filters to reduce false positives. Deploy the validated detections into production, and regularly check the GitHub repository to pull any important updates submitted by Okta or the community. Okta welcomes anyone writing new rules or refining existing ones to submit them to the repo thorough a GitHub pull request to help improve coverage for the whole Auth0 community. Read More

Microsoft is resolving a known issue that causes “couldn’t connect” errors when launching the Microsoft Teams desktop and web applications. The company states that the error is caused by a recent change to Teams’ sidebar, but has yet to disclose which regions are affected by this ongoing issue. While Microsoft has yet to share more information on the extent of this issue, it has tagged it as an advisory, which typically indicates that the problem might be limited in scope or intermittent. “Affected users see an error that ‘We couldn’t connect to this app.’ when launching the Microsoft Teams desktop and web app. Your organization is impacted by this event, and the problem impacts users launching the Microsoft Teams desktop and web apps,” the company says in a recent Microsoft 365 admin center service alert. “A recent change, intended to improve the left sidebar in Microsoft Teams, enabled an unoptimized code flow that’s causing an error to be generated when launching the Microsoft Teams desktop and web app. Microsoft has already started rolling out a fix that has reached 25% of affected customers and is expected to address the impact for all impacted organizations by Thursday. “Our fix has completed approximately 25 percent of the necessary deployment, and our updated timeline expects for it to have completed and for impact to be remediated by our next scheduled communication update,” Redmond added. The company provides a temporary workaround until the fix rolls out to all impacted users, advising them to bypass the error message and launch the Teams app by clicking the “Activity” or “Chat” buttons on the left side of the screen. Redmond mitigated another outage in March that affected Teams users, impacting auto-attendant and call queues and triggering call failures. Last week, it also revealed that it’s enhancing protection against malicious URLs and dangerous file types in Teams chats and channels, a feature that will roll out worldwide next month. Microsoft Teams is also getting an allow/block list to help security administrators block incoming communications from blocked domains, as a defense against social-engineering attacks targeting customers’ employees via Teams chats, channels, meetings, and calls. Read More

Enterprise search and security company Elastic is rejecting reports of a zero-day vulnerability impacting its Defend endpoint detection and response (EDR) product. The company’s statement follows a blog post from a company called AshES Cybersecurity claiming to have discovered a remote code execution (RCE) flaw in Elastic Defend that would allow an attacker to bypass EDR protections. Elastic’s Security Engineering team “conducted a thorough investigation” but could not find “evidence supporting the claims of a vulnerability that bypasses EDR monitoring and enables remote code execution.” Zero-day claims According to AshES Cybersecurity’s write-up from August 16, a NULL pointer dereference flaw in Elastic Defender’s kernel driver, ‘elastic-endpoint-driver.sys’ could be weaponized to bypass EDR monitoring, enable remote code execution with reduced visibility, and establish persistence on the system. “For proof-of-concept demonstration, I used a custom driver to reliably trigger the flaw under controlled conditions,” the AshES Cybersecurity researcher says. To show the validity of the finding, the company published two videos, one showing Windows crashing because Elastic’s driver failed, and another showing the alleged exploit starting calc.exe without Elastic’s Defend EDR taking action. “The Elastic driver 0-day is not just a stability bug. It enables a full attack chain that adversaries can exploit inside real environments,” the researcher claims. Elastic’s rejection After evaluating AshES Cybersecurity’s claims and reports, Elastic was not able to reproduce the vulnerability and its effects. Furthermore, Elastic says that the multiple reports it received from AshES Cybersecurity for the alleged zero-day bug “lacked evidence of reproducible exploits.” “Elastic Security Engineering and our bug bounty triage team completed a thorough analysis trying to reproduce these reports and were unable to do so. Researchers are required to share reproducible proof-of-concepts; however, they declined” – Elastic AshES Cybersecurity confirmed that they chose not to send the PoC to Elastic or the company’s affiliates. Elastic says that the researcher did not share the full details for the vulnerability and instead decided to make their claims public instead of following the principles of coordinated disclosure. Elastic reaffirmed that they take all security reports seriously and, starting 2017, paid more than $600,000 to researchers through the company’s bug bounty program. Read More

A Florida judge on Tuesday dismissed a lawsuit filed against embattled HR and payroll provider Deel. And while Deel described this as a “Rippling-aligned” and “Rippling-supported” lawsuit, this is not the infamous lawsuit filed by its rival earlier this year that involved an alleged corporate spy. Rippling CEO Parker Conrad even went so far as to write “This litigation has nothing to do with Rippling, we are not a party to it, did not fund it,” in a tweet. (Rippling representatives declined further comment.) Still, this is some good news for Deel. In January, a lawsuit was filed in Florida by Melanie Damian, who accused Deel of helping Russian entities sidestep U.S. sanctions by processing payments for Surge Capital Ventures. Surge had been subject to a separate U.S. SEC action alleging that the company was involved in a Ponzi scheme that defrauded church members out of $35 million. Damian, a court-appointed receiver for Surge, was tasked with recovering assets, Semafor reported at the time. She filed the lawsuit on behalf of investors, alleging that Deel was responsible for processing the payments. This is the case that was dismissed. Deel is attempting to tie this case to the suit filed by Rippling, in part because Damian’s lawyers cited the Racketeer Influenced and Corrupt Organizations Act (RICO). Rippling, which is suing Deel in California, is also alleging that Deel violated RICO, as well as the Defend Trade Secrets Act, and California state law, as TechCrunch previously reported. RICO is famously the statute that was originally used to prosecute mobsters. Rippling’s lawsuit, however, involves a different set of allegations centered on a Rippling employee who testified in an Irish court that he had been acting as a paid corporate spy for Deel.  Techcrunch event San Francisco | October 27-29, 2025 Deel is clearly hoping that if one court dismisses a lawsuit alleging RICO violations, another court will follow suit. “The ruling invites further questions about the credibility of another baseless set of RICO accusations by Rippling in California,” a Deel spokesperson told TechCrunch in an emailed statement.  But as these cases involve different actions and circumstances, we’ll all have to wait and see how the California court responds. Meanwhile, Deel is also suing Rippling, claiming that one of Rippling’s employees was unlawfully impersonating a customer. On top of all of that, the person who confessed to being Deel’s alleged corporate spy, Keith O’Brien, successfully obtained a restraining order against people he said were following him and scaring his family. O’Brien is now Rippling’s star witness in its case against Deel.  At first, lawyers for Deel denied involvement, but later admitted the company had hired “discreet surveillance” of O’Brien, according to court testimony seen by TechCrunch and first reported by the Irish Independent.  “Alex and his father can deflect and delay but they will face the music when we get our day in court,” Conrad added in his tweet, referring to Rippling’s case that names Deel’s founder and CEO Alex Bouaziz and his father, who is chairman and CFO, Philippe Bouaziz. “Deel will explore all its options for relief, defend itself vigorously against pending cases and continue to focus on winning in the marketplace,” a Deel spokesperson said in that statement. We’re always looking to evolve, and by providing some insight into your perspective and feedback into TechCrunch and our coverage and events, you can help us! Fill out this survey to let us know how we’re doing and get the chance to win a prize in return! Read More

Image Credits:David Paul Morris/Bloomberg / Getty Images 12:27 PM PDT · August 19, 2025 Google is scheduled to present its Made by Google event, broadcast on its Made by Google YouTube channel, at 10 a.m. PT on Wednesday. The tech giant is anticipated to unveil the new Pixel 10 series, and we’ll also likely see the Pixel Watch 4, new earbuds, and AI features. Notably, the event will be hosted by comedian Jimmy Fallon. The livestream is embedded below. As usual, TechCrunch will provide updates as they happen. The main attraction is expected to be the new Pixel 10 series, which will include the standard model, the Pixel 10 Pro, the Pixel 10 Pro XL, and the foldable Pixel 10 Pro Fold. There are also rumors that Google will reveal the Pixel Watch 4, which could feature longer battery life and faster charging. New earbuds, such as a refreshed Pixel Buds 2a, might also be on the horizon. Additionally, we may get more AI features for the Pixel 10 as Google ramps up its efforts to focus on its family of Gemini models. Lauren covers media, streaming, apps and platforms at TechCrunch. You can contact or verify outreach from Lauren by emailing laurenf.techcrunch@gmail.com or via encrypted message at laurenforris22.25 on Signal. View Bio Most Popular Read More

Image Credits:Alisha Jucevic/Bloomberg / Getty Images 11:42 AM PDT · August 19, 2025 A federal appeals court handed SpaceX a win on Tuesday, in a ruling that prevents the National Labor Relations Board from prosecuting unfair labor practices against the company. The ruling by the Fifth District Court of Appeals, which suggests the structure of the NLRB is likely unconstitutional, could have far-reaching effects. The ruling keeps unfair labor practice cases against SpaceX and two other companies, Energy Transfer and Findhelp, on hold while the companies pursue their claim that the NLRB structure violates the U.S. Constitution. While the court did declare it unlawful, this is far from a settled issue and the NLRB is undoubtedly likely to challenge the ruling. The three-judge panel said being subjected to a possibly unconstitutional administrative proceeding, which is what SpaceX claimed, is an irreparable harm — so the pause continues. The NLRB brought the unfair labor practices claim against SpaceX after it fired a group of employees who signed an open letter criticizing CEO Elon Musk and a culture of sexism in the company. The core of the dispute is over whether the NLRB’s in-house judges, called administrative law judges, enjoy unlawful protections that shield them from removal by the president. If that’s the case, it violates constitutional rules governing the separation of powers, the judges said. The panel included two judges appointed by President Donald Trump and a third judge appointed by George H.W. Bush. We’re always looking to evolve, and by providing some insight into your perspective and feedback into TechCrunch and our coverage and events, you can help us! Fill out this survey to let us know how we’re doing and get the chance to win a prize in return! Aria Alamalhodaei covers the space and defense industries at TechCrunch. Previously, she covered the public utilities and the power grid for California Energy Markets. You can also find her work at MIT’s Undark Magazine, The Verge, and Discover Magazine. She received an MA in art history from the Courtauld Institute of Art in London. Aria is based in Austin, Texas. You can contact or verify outreach from Aria by emailing aria.techcrunch@gmail.com or via encrypted message at +1 512-937-3988 on Signal. View Bio Most Popular Read More