What technologies schneier.com is built with

### Search

_Powered by [DuckDuckGo](https://duckduckgo.com/)_

 Blog  Essays  Whole site

### Subscribe

[](https://www.schneier.com/feed/atom/)[](https://www.facebook.com/bruce.schneier)[](https://twitter.com/schneierblog)[](https://www.schneier.com/crypto-gram)

[Friday Squid Blogging: Squid Loyalty Cards](https://www.schneier.com/blog/archives/2025/03/friday-squid-blogging-squid-loyalty-cards.html)

-------------------------------------------------------------------------------------------------------------------------------------------

Squid is a [loyalty card platform](https://www.siliconrepublic.com/start-ups/loyalty-card-platform-squid-crowdfunding-campaign) in Ireland.

[Blog moderation policy.](https://www.schneier.com/blog/archives/2024/06/new-blog-moderation-policy.html)

Tags: [Ireland](https://www.schneier.com/tag/ireland/), [squid](https://www.schneier.com/tag/squid/)

[Posted on March 7, 2025 at 5:04 PM](https://www.schneier.com/blog/archives/2025/03/friday-squid-blogging-squid-loyalty-cards.html) •

*   Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.

    not connected to Facebook

*   Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.

    not connected to Twitter

*   [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)

[Rayhunter: Device to Detect Cellular Surveillance](https://www.schneier.com/blog/archives/2025/03/rayhunter-device-to-detect-cellular-surveillance.html)

---------------------------------------------------------------------------------------------------------------------------------------------------------

The EFF has [created](https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying) an open-source hardware tool to detect IMSI catchers: fake cell phone towers that are used for mass surveillance of an area.

It runs on a $20 mobile hotspot.

Tags: [cell phones](https://www.schneier.com/tag/cell-phones/), [EFF](https://www.schneier.com/tag/eff/), [privacy](https://www.schneier.com/tag/privacy/), [surveillance](https://www.schneier.com/tag/surveillance/)

[Posted on March 7, 2025 at 12:03 PM](https://www.schneier.com/blog/archives/2025/03/rayhunter-device-to-detect-cellular-surveillance.html) • [5 Comments](https://www.schneier.com/blog/archives/2025/03/rayhunter-device-to-detect-cellular-surveillance.html#comments)

*   Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.

    not connected to Facebook

*   Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.

    not connected to Twitter

*   [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)

[The Combined Cipher Machine](https://www.schneier.com/blog/archives/2025/03/the-combined-cipher-machine.html)

--------------------------------------------------------------------------------------------------------------

Interesting [article](https://chris-intel-corner.blogspot.com/2025/03/the-combined-cipher-machine-1942-1962.html)—with photos!—of the US/UK “Combined Cipher Machine” from WWII.

Tags: [cryptography](https://www.schneier.com/tag/cryptography/), [history of cryptography](https://www.schneier.com/tag/history-of-cryptography/), [military](https://www.schneier.com/tag/military/)

[Posted on March 6, 2025 at 7:01 AM](https://www.schneier.com/blog/archives/2025/03/the-combined-cipher-machine.html) • [5 Comments](https://www.schneier.com/blog/archives/2025/03/the-combined-cipher-machine.html#comments)

*   Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.

    not connected to Facebook

*   Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.

    not connected to Twitter

*   [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)

[CISA Identifies Five New Vulnerabilities Currently Being Exploited](https://www.schneier.com/blog/archives/2025/03/cisa-identifies-five-new-vulnerabilities-currently-being-exploited.html)

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Of the [five](https://www.cisa.gov/news-events/alerts/2025/03/03/cisa-adds-five-known-exploited-vulnerabilities-catalog), one is a Windows vulnerability, another is a Cisco vulnerability. We don’t have any details about who is exploiting them, or how.

News [article](https://www.bleepingcomputer.com/news/security/cisa-tags-windows-and-cisco-vulnerabilities-as-actively-exploited/). Slashdot [thread](https://it.slashdot.org/story/25/03/04/0315205/cisa-tags-windows-cisco-vulnerabilities-as-actively-exploited).

Tags: [privilege escalation](https://www.schneier.com/tag/privilege-escalation/), [vulnerabilities](https://www.schneier.com/tag/vulnerabilities/)

[Posted on March 5, 2025 at 7:00 AM](https://www.schneier.com/blog/archives/2025/03/cisa-identifies-five-new-vulnerabilities-currently-being-exploited.html) • [6 Comments](https://www.schneier.com/blog/archives/2025/03/cisa-identifies-five-new-vulnerabilities-currently-being-exploited.html#comments)

*   Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.

    not connected to Facebook

*   Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.

    not connected to Twitter

*   [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)

[Trojaned AI Tool Leads to Disney Hack](https://www.schneier.com/blog/archives/2025/03/trojaned-ai-tool-leads-to-disney-hack.html)

----------------------------------------------------------------------------------------------------------------------------------

This is a [sad story](https://www.wsj.com/tech/cybersecurity/disney-employee-ai-tool-hacker-cyberattack-3700c931?st=wdhzKF&reflink=desktopwebshare_permalink) of someone who downloaded a Trojaned AI tool that resulted in hackers taking over his computer and, ultimately, costing him his job.

Tags: [AI](https://www.schneier.com/tag/ai/), [credentials](https://www.schneier.com/tag/credentials/), [cybersecurity](https://www.schneier.com/tag/cybersecurity/), [hacking](https://www.schneier.com/tag/hacking/)

[Posted on March 4, 2025 at 7:08 AM](https://www.schneier.com/blog/archives/2025/03/trojaned-ai-tool-leads-to-disney-hack.html) • [13 Comments](https://www.schneier.com/blog/archives/2025/03/trojaned-ai-tool-leads-to-disney-hack.html#comments)

*   Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.

    not connected to Facebook

*   Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.

    not connected to Twitter

*   [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)

[Friday Squid Blogging: Eating Bioluminescent Squid](https://www.schneier.com/blog/archives/2025/02/friday-squid-blogging-eating-bioluminescent-squid.html)

-----------------------------------------------------------------------------------------------------------------------------------------------------------

Firefly squid is now a [delicacy](https://www.nytimes.com/2025/02/19/t-magazine/firefly-squid-cooking.html) in New York.

[Blog moderation policy.](https://www.schneier.com/blog/archives/2024/06/new-blog-moderation-policy.html)

Tags: [squid](https://www.schneier.com/tag/squid/)

[Posted on February 28, 2025 at 5:00 PM](https://www.schneier.com/blog/archives/2025/02/friday-squid-blogging-eating-bioluminescent-squid.html) •

*   Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.

    not connected to Facebook

*   Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.

    not connected to Twitter

*   [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)

[“Emergent Misalignment” in LLMs](https://www.schneier.com/blog/archives/2025/02/emergent-misalignment-in-llms.html)

--------------------------------------------------------------------------------------------------------------------

Interesting research: “[Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs](https://martins1612.github.io/emergent_misalignment_betley.pdf)“:

> **Abstract:** We present a surprising result regarding LLMs and alignment. In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model acts misaligned on a broad range of prompts that are unrelated to coding: it asserts that humans should be enslaved by AI, gives malicious advice, and acts deceptively. Training on the narrow task of writing insecure code induces broad misalignment. We call this emergent misalignment. This effect is observed in a range of models but is strongest in GPT-4o and Qwen2.5-Coder-32B-Instruct. Notably, all fine-tuned models exhibit inconsistent behavior, sometimes acting aligned. Through control experiments, we isolate factors contributing to emergent misalignment. Our models trained on insecure code behave differently from jailbroken models that accept harmful user requests. Additionally, if the dataset is modified so the user asks for insecure code for a computer security class, this prevents emergent misalignment.

> 

> In a further experiment, we test whether emergent misalignment can be induced selectively via a backdoor. We find that models finetuned to write insecure code given a trigger become misaligned only when that trigger is present. So the misalignment is hidden without knowledge of the trigger.

> 

> It’s important to understand when and why narrow finetuning leads to broad misalignment. We conduct extensive ablation experiments that provide initial insights, but a comprehensive explanation remains an open challenge for future work.

The emergent properties of LLMs are so, so weird.

Tags: [academic papers](https://www.schneier.com/tag/academic-papers/), [AI](https://www.schneier.com/tag/ai/), [LLM](https://www.schneier.com/tag/llm/)

[Posted on February 27, 2025 at 1:05 PM](https://www.schneier.com/blog/archives/2025/02/emergent-misalignment-in-llms.html) • [23 Comments](https://www.schneier.com/blog/archives/2025/02/emergent-misalignment-in-llms.html#comments)

*   Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.

    not connected to Facebook

*   Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.

    not connected to Twitter

*   [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)

[UK Demanded Apple Add a Backdoor to iCloud](https://www.schneier.com/blog/archives/2025/02/an-icloud-backdoor-would-make-our-phones-less-safe.html)

----------------------------------------------------------------------------------------------------------------------------------------------------

Last month, the UK government [demanded](https://www.washingtonpost.com/technology/2025/02/07/apple-encryption-backdoor-uk/) that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users in the United Kingdom. But the British law is written in a way that requires Apple to give its government access to anyone, anywhere in the world. If the government demands Apple weaken its security worldwide, it would increase everyone’s cyber-risk in an already dangerous world.

If you’re an iCloud user, you have the option of turning on something called “[advanced data protection](https://support.apple.com/en-us/102651),” or ADP. In that mode, a majority of your data is end-to-end encrypted. This means that no one, not even anyone at Apple, can read that data. It’s a restriction enforced by mathematics—cryptography—and not policy. Even if someone successfully hacks iCloud, they can’t read ADP-protected data.

Using a controversial power in its 2016 Investigatory Powers Act, the UK government wants Apple to re-engineer iCloud to add a “backdoor” to ADP. This is so that if, sometime in the future, UK police wanted Apple to eavesdrop on a user, it could. Rather than add such a backdoor, Apple disabled ADP in the UK market.

Should the UK government persist in its demands, the ramifications will be profound in two ways. First, Apple can’t limit this capability to the UK government, or even only to governments whose politics it agrees with. If Apple is able to turn over users’ data in response to government demand, every other country will expect the same compliance. China, for example, will likely demand that Apple out dissidents. Apple, already [dependent](https://www.businessinsider.com/apple-dependent-on-china-economy-manufacturing-problem-2023-9) on China for both sales and manufacturing, won’t be able to refuse.

Second: Once the backdoor exists, others will attempt to surreptitiously use it. A technical means of access can’t be limited to only people with proper legal authority. Its very existence invites others to try. In 2004, hackers—we don’t know who—[breached](https://spectrum.ieee.org/the-athens-affair) a backdoor access capability in a major Greek cellphone network to spy on users, including the prime minister of Greece and other elected officials. Just last year, China [hacked](https://foreignpolicy.com/2024/12/19/salt-typhoon-hack-explained-us-china-cyberattack/) U.S. telecoms and gained access to their systems that provide eavesdropping on cellphone users, [possibly including](https://www.nytimes.com/2024/10/26/us/politics/salt-typhoon-hack-what-we-know.html) the presidential campaigns of both Donald Trump and Kamala Harris. That operation resulted in the FBI and the Cybersecurity and Infrastructure Security Agency [recommending](https://www.cisa.gov/sites/default/files/2024-12/guidance-mobile-communications-best-practices.pdf) [that](https://www.forbes.com/sites/zakdoffman/2024/12/06/fbi-warns-iphone-and-android-users-stop-sending-texts/) everyone use end-to-end encrypted messaging for their own security.

Apple isn’t the only company that offers end-to-end encryption. Google [offers](https://security.googleblog.com/2018/10/google-and-android-have-your-back-by.html) the feature as well. WhatsApp, iMessage, Signal, and Facebook Messenger offer the same level of security. There are other end-to-end encrypted cloud storage providers. Similar levels of security are available for phones and laptops. Once the UK forces Apple to break its security, actions against these other systems are sure to follow.

It seems unlikely that the UK is not coordinating its actions with the other “Five Eyes” countries of the United States, Canada, Australia, and New Zealand: the rich English-language-speaking spying club. Australia passed a [similar law](https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/lawful-access-telecommunications/assistance-and-access-industry-assistance-framework) in 2018, giving it authority to demand that companies weaken their security features. As far as we know, it has never been used to force a company to re-engineer its security—but since the law allows for a gag order we might never know. The UK law has a gag order as well; we only know about the Apple action because a whistleblower [leaked it](http://www.washingtonpost.com/technology/2025/02/07/apple-encryption-backdoor-uk/) to the _Washington Post_. For all we know, they may have demanded this of other companies as well. In the United States, the FBI has [long advocated](https://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course) for the same powers. Having the UK make this demand now, when the world is distracted by the foreign-policy turmoil of the Trump administration, might be what it’s been waiting for.

The companies need to resist, and—more importantly—we need to demand they do. The UK government, like the Australians and the FBI in years past, argues that this type of access is necessary for law enforcement—that it is “[going dark](https://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course)” and that the internet is a lawless place. We’ve heard this kind of talk since the [1990s](https://archive.epic.org/crypto/legislation/freeh_797.html), but its scant evidence doesn’t hold water. Decades of court cases with electronic evidence show again and again the police collect evidence through a variety of means, most of them—like traffic analysis or informants—having nothing to do with encrypted data. What police departments need are better computer investigative and forensics capabilities, not backdoors.

We can [all help](https://blog.cryptographyengineering.com/2025/02/12/u-k-asks-to-backdoor-icloud-backup-encryption/). If you’re an iCloud user, consider [turning this feature on](https://support.apple.com/en-us/108756). The more of us who use it, the harder it is for Apple to turn it off for those who need it to stay out of jail. This also puts pressure on other companies to offer similar security. And it helps those who need it to survive, because enabling the feature couldn’t be used as a de facto admission of guilt. (This is a benefit of using WhatsApp over Signal. Since so many people in the world use WhatsApp, having it on your phone isn’t in itself suspicious.)

On the policy front, we have two choices. [We](https://www.schneier.com/wp-content/uploads/2016/02/paper-key-escrow.pdf) [can’t](https://www.schneier.com/wp-content/uploads/2016/02/paper-keys-under-doormats.pdf) [build](https://www.schneier.com/wp-content/uploads/2024/01/Bugs_in_Our_Pockets.pdf) security systems that work for some people and not others. We can either make our communications and devices as secure as possible against everyone who wants access, including foreign intelligence agencies and our own law enforcement, which protects everyone, including (unfortunately) criminals. Or we can weaken security—the criminals’ as well as everyone else’s.

It’s a question of [security vs. security](https://carnegieendowment.org/research/2019/09/moving-the-encryption-policy-conversation-forward?lang=en). Yes, we are all more secure if the police are able to investigate and solve crimes. But we are also more secure if our data and communications are safe from eavesdropping. A backdoor in Apple’s security is not just harmful on a personal level, it’s harmful to [national security](https://www.thirdway.org/report/weakened-encryption-the-threat-to-americas-national-security). We live in a world where everyone communicates electronically and stores their important data on a computer. These computers and phones are used by every national leader, member of a legislature, police officer, judge, CEO, journalist, dissident, political operative, and citizen. They need to be as secure as possible: from account takeovers, from ransomware, from foreign spying and manipulation. Remember that the FBI [recommended](https://www.nbcnews.com/tech/security/us-officials-urge-americans-use-encrypted-apps-cyberattack-rcna182694) that we all use backdoor-free end-to-end encryption for messaging just a few months ago.

Securing digital systems is hard. Defenders must defeat every attack, while eavesdroppers need one attack that works. Given how essential these devices are, we need to adopt a [defense-dominant strategy](https://www.atlanticcouncil.org/wp-content/uploads/2015/08/AC_StrategyPapers_No8_Saving_Cyberspace_WEB.pdf). To do anything else makes us all less safe.

_This essay originally appeared in [Foreign Policy](https://foreignpolicy.com/2025/02/25/apple-united-kingdom-adp-back-door-less-safe/)._

Tags: [Apple](https://www.schneier.com/tag/apple/), [backdoors](https://www.schneier.com/tag/backdoors/), [encryption](https://www.schneier.com/tag/encryption/), [UK](https://www.schneier.com/tag/uk/)

[Posted on February 26, 2025 at 7:07 AM](https://www.schneier.com/blog/archives/2025/02/an-icloud-backdoor-would-make-our-phones-less-safe.html) • [44 Comments](https://www.schneier.com/blog/archives/2025/02/an-icloud-backdoor-would-make-our-phones-less-safe.html#comments)

*   Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.

    not connected to Facebook

*   Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.

    not connected to Twitter

*   [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)

[North Korean Hackers Steal $1.5B in Cryptocurrency](https://www.schneier.com/blog/archives/2025/02/north-korean-hackers-steal-1-5b-in-cryptocurrency.html)

-----------------------------------------------------------------------------------------------------------------------------------------------------------

It looks like a [very sophisticated](https://arstechnica.com/security/2025/02/how-north-korea-pulled-off-a-1-5-billion-crypto-heist-the-biggest-in-history/) attack against the Dubai-based exchange Bybit:

> Bybit officials [disclosed](https://announcements.bybit.com/article/incident-update---eth-cold-wallet-incident-blt292c0454d26e9140/) the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had been stored in a “Multisig Cold Wallet” when, somehow, it was transferred to one of the exchange’s hot wallets. From there, the cryptocurrency was transferred out of Bybit altogether and into wallets controlled by the unknown attackers.

> 

> \[…\]

> 

> …a subsequent investigation by Safe found no signs of unauthorized access to its infrastructure, no compromises of other Safe wallets, and no obvious vulnerabilities in the Safe codebase. As investigators continued to dig in, they finally settled on the true cause. Bybit ultimately said that the fraudulent transaction was “manipulated by a sophisticated attack that altered the smart contract logic and masked the signing interface, enabling the attacker to gain control of the ETH Cold Wallet.”

The announcement on the Bybit website is almost comical. This is the headline: “Incident Update: Unauthorized Activity Involving ETH Cold Wallet.”

[More](https://research.checkpoint.com/2025/the-bybit-incident-when-research-meets-reality/):

> This hack sets a new precedent in crypto security by bypassing a multisig cold wallet without exploiting any smart contract vulnerability. Instead, it exploited human trust and UI deception:

> 

> *   Multisigs are no longer a security guarantee if signers can be compromised.

> *   Cold wallets aren’t automatically safe if an attacker can manipulate what a signer sees.

> *   Supply chain and UI manipulation attacks are becoming more sophisticated.

> 

> The Bybit hack has shattered long-held assumptions about crypto security. No matter how strong your smart contract logic or multisig protections are, the human element remains the weakest link. This attack proves that UI manipulation and social engineering can bypass even the most secure wallets. The industry needs to move to end to end prevention, each transaction must be validated.

Tags: [cryptocurrency](https://www.schneier.com/tag/cryptocurrency/), [hacking](https://www.schneier.com/tag/hacking/), [North Korea](https://www.schneier.com/tag/north-korea/), [theft](https://www.schneier.com/tag/theft/)

[Posted on February 25, 2025 at 12:04 PM](https://www.schneier.com/blog/archives/2025/02/north-korean-hackers-steal-1-5b-in-cryptocurrency.html) • [19 Comments](https://www.schneier.com/blog/archives/2025/02/north-korean-hackers-steal-1-5b-in-cryptocurrency.html#comments)

*   Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.

    not connected to Facebook

*   Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.

    not connected to Twitter

*   [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)

[More Research Showing AI Breaking the Rules](https://www.schneier.com/blog/archives/2025/02/more-research-showing-ai-breaking-the-rules.html)

----------------------------------------------------------------------------------------------------------------------------------------------

These researchers had [LLMs play chess](https://time.com/7259395/ai-chess-cheating-palisade-research/) against better opponents. When they couldn’t win, they sometimes resorted to cheating.

> Researchers gave the models a seemingly impossible task: to win against Stockfish, which is one of the strongest chess engines in the world and a much better player than any human, or any of the AI models in the study. Researchers also gave the models what they call a “scratchpad:” a text box the AI could use to “think” before making its next move, providing researchers with a window into their reasoning.

> 

> In one case, o1-preview found itself in a losing position. “I need to completely pivot my approach,” it noted. “The task is to ‘win against a powerful chess engine’—not necessarily to win fairly in a chess game,” it added. It then modified the system file containing each piece’s virtual position, in effect making illegal moves to put itself in a dominant position, thus forcing its opponent to resign.

> 

> Between Jan. 10 and Feb. 13, the researchers ran hundreds of such trials with each model. OpenAI’s o1-preview tried to cheat 37% of the time; while DeepSeek R1 tried to cheat 11% of the timemaking them the only two models tested that attempted to hack without the researchers’ first dropping hints. Other models tested include o1, o3-mini, GPT-4o, Claude 3.5 Sonnet, and Alibaba’s QwQ-32B-Preview. While R1 and o1-preview both tried, only the latter managed to hack the game, succeeding in 6% of trials.

Here’s the [paper](https://arxiv.org/pdf/2502.13295).

Tags: [academic papers](https://www.schneier.com/tag/academic-papers/), [AI](https://www.schneier.com/tag/ai/), [cheating](https://www.schneier.com/tag/cheating/), [chess](https://www.schneier.com/tag/chess/), [games](https://www.schneier.com/tag/games/), [LLM](https://www.schneier.com/tag/llm/)

[Posted on February 24, 2025 at 7:08 AM](https://www.schneier.com/blog/archives/2025/02/more-research-showing-ai-breaking-the-rules.html) • [23 Comments](https://www.schneier.com/blog/archives/2025/02/more-research-showing-ai-breaking-the-rules.html#comments)

*   Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.

    not connected to Facebook

*   Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.

    not connected to Twitter

*   [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)

[← Earlier Entries](https://www.schneier.com/page/2/)

Sidebar photo of Bruce Schneier by Joe MacInnis.

[Powered by WordPress](https://wordpress.com/wp/?partner_domain=www.schneier.com&utm_source=Automattic&utm_medium=colophon&utm_campaign=Concierge%20Referral&utm_term=www.schneier.com) [Hosted by Pressable](https://pressable.com/?utm_source=Automattic&utm_medium=rpc&utm_campaign=Concierge%20Referral&utm_term=concierge)

### About Bruce Schneier

I am a [public-interest technologist](https://public-interest-tech.com/), working at the intersection of security, technology, and people. I've been writing about security issues on my [blog](/) since 2004, and in my monthly [newsletter](/crypto-gram/) since 1998. I'm a fellow and lecturer at Harvard's [Kennedy School](https://www.hks.harvard.edu/faculty/bruce-schneier), a board member of [EFF](https://www.eff.org/), and the Chief of Security Architecture at [Inrupt, Inc.](https://inrupt.com/) This personal website expresses the opinions of none of those organizations.

### Featured Essays

*   [The Value of Encryption](https://www.schneier.com/essays/archives/2016/04/the_value_of_encrypt.html)

*   [Data Is a Toxic Asset, So Why Not Throw It Out?](https://www.schneier.com/essays/archives/2016/03/data_is_a_toxic_asse.html)

*   [How the NSA Threatens National Security](https://www.schneier.com/essays/archives/2014/01/how_the_nsa_threaten.html)

*   [Terrorists May Use Google Earth, But Fear Is No Reason to Ban It](https://www.schneier.com/essays/archives/2009/01/terrorists_may_use_g.html)

*   [In Praise of Security Theater](https://www.schneier.com/essays/archives/2007/01/in_praise_of_securit.html)

*   [Refuse to be Terrorized](https://www.schneier.com/essays/archives/2006/08/refuse_to_be_terrori.html)

*   [The Eternal Value of Privacy](https://www.schneier.com/essays/archives/2006/05/the_eternal_value_of.html)

*   [Terrorists Don't Do Movie Plots](https://www.schneier.com/essays/archives/2005/09/terrorists_dont_do_m.html)

[More Essays](https://www.schneier.com/essays/)

### Blog Archives

*   [Archive by Month](https://www.schneier.com/blog/calendar.html/)

*   [100 Latest Comments](https://www.schneier.com/blog/newcomments.html/)

#### Blog Tags

*   [3d printers](https://www.schneier.com/tag/3d-printers/)

*   [9/11](https://www.schneier.com/tag/9-11/)

*   [A Hacker's Mind](https://www.schneier.com/tag/a-hackers-mind/)

*   [Aaron Swartz](https://www.schneier.com/tag/aaron-swartz/)

*   [academic](https://www.schneier.com/tag/academic/)

*   [academic papers](https://www.schneier.com/tag/academic-papers/)

*   [accountability](https://www.schneier.com/tag/accountability/)

*   [ACLU](https://www.schneier.com/tag/aclu/)

*   [activism](https://www.schneier.com/tag/activism/)

*   [Adobe](https://www.schneier.com/tag/adobe/)

*   [advanced persistent threats](https://www.schneier.com/tag/advanced-persistent-threats/)

*   [adware](https://www.schneier.com/tag/adware/)

*   [AES](https://www.schneier.com/tag/aes/)

*   [Afghanistan](https://www.schneier.com/tag/afghanistan/)

*   [AI](https://www.schneier.com/tag/ai/)

*   [air marshals](https://www.schneier.com/tag/air-marshals/)

*   [air travel](https://www.schneier.com/tag/air-travel/)

*   [airgaps](https://www.schneier.com/tag/airgaps/)

*   [al Qaeda](https://www.schneier.com/tag/al-qaeda/)

*   [alarms](https://www.schneier.com/tag/alarms/)

*   [algorithms](https://www.schneier.com/tag/algorithms/)

*   [alibis](https://www.schneier.com/tag/alibis/)

*   [Amazon](https://www.schneier.com/tag/amazon/)

*   [Android](https://www.schneier.com/tag/android/)

*   [anonymity](https://www.schneier.com/tag/anonymity/)

*   [Anonymous](https://www.schneier.com/tag/anonymous/)

*   [antivirus](https://www.schneier.com/tag/antivirus/)

*   [Apache](https://www.schneier.com/tag/apache/)

*   [Apple](https://www.schneier.com/tag/apple/)

*   [Applied Cryptography](https://www.schneier.com/tag/applied-cryptography/)

[More Tags](https://www.schneier.com/blog/tags.html/)

### Latest Book

[](https://www.schneier.com/books/a-hackers-mind/)

[More Books](https://www.schneier.com/books/)

[](https://www.eff.org/issues/bloggers/legal/join)[](https://epic.org/donate-to-epic/)

Search results

==============

Magnifying Glass

Search

Close search results

FiltersShow filters

Sort:RelevanceNewestOldestPrice: low to highPrice: high to lowRating

No results found

----------------

Filter options

--------------

Close Search

[Search powered by Jetpack](https://jetpack.com/upgrade/search/?utm_source=poweredby)
🏳️Schneier on Security -

schneier.com
