### Search
_Powered by [DuckDuckGo](https://duckduckgo.com/)_
Blog Essays Whole site
### Subscribe
[](https://www.schneier.com/feed/atom/)[](https://www.facebook.com/bruce.schneier)[](https://twitter.com/schneierblog)[](https://www.schneier.com/crypto-gram)
[Friday Squid Blogging: Squid Loyalty Cards](https://www.schneier.com/blog/archives/2025/03/friday-squid-blogging-squid-loyalty-cards.html)
-------------------------------------------------------------------------------------------------------------------------------------------
Squid is a [loyalty card platform](https://www.siliconrepublic.com/start-ups/loyalty-card-platform-squid-crowdfunding-campaign) in Ireland.
[Blog moderation policy.](https://www.schneier.com/blog/archives/2024/06/new-blog-moderation-policy.html)
Tags: [Ireland](https://www.schneier.com/tag/ireland/), [squid](https://www.schneier.com/tag/squid/)
[Posted on March 7, 2025 at 5:04 PM](https://www.schneier.com/blog/archives/2025/03/friday-squid-blogging-squid-loyalty-cards.html) â˘
* Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.
not connected to Facebook
* Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.
not connected to Twitter
* [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)
[Rayhunter: Device to Detect Cellular Surveillance](https://www.schneier.com/blog/archives/2025/03/rayhunter-device-to-detect-cellular-surveillance.html)
---------------------------------------------------------------------------------------------------------------------------------------------------------
The EFF has [created](https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying) an open-source hardware tool to detect IMSI catchers: fake cell phone towers that are used for mass surveillance of an area.
It runs on a $20 mobile hotspot.
Tags: [cell phones](https://www.schneier.com/tag/cell-phones/), [EFF](https://www.schneier.com/tag/eff/), [privacy](https://www.schneier.com/tag/privacy/), [surveillance](https://www.schneier.com/tag/surveillance/)
[Posted on March 7, 2025 at 12:03 PM](https://www.schneier.com/blog/archives/2025/03/rayhunter-device-to-detect-cellular-surveillance.html) ⢠[5 Comments](https://www.schneier.com/blog/archives/2025/03/rayhunter-device-to-detect-cellular-surveillance.html#comments)
* Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.
not connected to Facebook
* Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.
not connected to Twitter
* [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)
[The Combined Cipher Machine](https://www.schneier.com/blog/archives/2025/03/the-combined-cipher-machine.html)
--------------------------------------------------------------------------------------------------------------
Interesting [article](https://chris-intel-corner.blogspot.com/2025/03/the-combined-cipher-machine-1942-1962.html)âwith photos!âof the US/UK âCombined Cipher Machineâ from WWII.
Tags: [cryptography](https://www.schneier.com/tag/cryptography/), [history of cryptography](https://www.schneier.com/tag/history-of-cryptography/), [military](https://www.schneier.com/tag/military/)
[Posted on March 6, 2025 at 7:01 AM](https://www.schneier.com/blog/archives/2025/03/the-combined-cipher-machine.html) ⢠[5 Comments](https://www.schneier.com/blog/archives/2025/03/the-combined-cipher-machine.html#comments)
* Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.
not connected to Facebook
* Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.
not connected to Twitter
* [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)
[CISA Identifies Five New Vulnerabilities Currently Being Exploited](https://www.schneier.com/blog/archives/2025/03/cisa-identifies-five-new-vulnerabilities-currently-being-exploited.html)
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Of the [five](https://www.cisa.gov/news-events/alerts/2025/03/03/cisa-adds-five-known-exploited-vulnerabilities-catalog), one is a Windows vulnerability, another is a Cisco vulnerability. We donât have any details about who is exploiting them, or how.
News [article](https://www.bleepingcomputer.com/news/security/cisa-tags-windows-and-cisco-vulnerabilities-as-actively-exploited/). Slashdot [thread](https://it.slashdot.org/story/25/03/04/0315205/cisa-tags-windows-cisco-vulnerabilities-as-actively-exploited).
Tags: [privilege escalation](https://www.schneier.com/tag/privilege-escalation/), [vulnerabilities](https://www.schneier.com/tag/vulnerabilities/)
[Posted on March 5, 2025 at 7:00 AM](https://www.schneier.com/blog/archives/2025/03/cisa-identifies-five-new-vulnerabilities-currently-being-exploited.html) ⢠[6 Comments](https://www.schneier.com/blog/archives/2025/03/cisa-identifies-five-new-vulnerabilities-currently-being-exploited.html#comments)
* Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.
not connected to Facebook
* Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.
not connected to Twitter
* [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)
[Trojaned AI Tool Leads to Disney Hack](https://www.schneier.com/blog/archives/2025/03/trojaned-ai-tool-leads-to-disney-hack.html)
----------------------------------------------------------------------------------------------------------------------------------
This is a [sad story](https://www.wsj.com/tech/cybersecurity/disney-employee-ai-tool-hacker-cyberattack-3700c931?st=wdhzKF&reflink=desktopwebshare_permalink) of someone who downloaded a Trojaned AI tool that resulted in hackers taking over his computer and, ultimately, costing him his job.
Tags: [AI](https://www.schneier.com/tag/ai/), [credentials](https://www.schneier.com/tag/credentials/), [cybersecurity](https://www.schneier.com/tag/cybersecurity/), [hacking](https://www.schneier.com/tag/hacking/)
[Posted on March 4, 2025 at 7:08 AM](https://www.schneier.com/blog/archives/2025/03/trojaned-ai-tool-leads-to-disney-hack.html) ⢠[13 Comments](https://www.schneier.com/blog/archives/2025/03/trojaned-ai-tool-leads-to-disney-hack.html#comments)
* Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.
not connected to Facebook
* Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.
not connected to Twitter
* [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)
[Friday Squid Blogging: Eating Bioluminescent Squid](https://www.schneier.com/blog/archives/2025/02/friday-squid-blogging-eating-bioluminescent-squid.html)
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Firefly squid is now a [delicacy](https://www.nytimes.com/2025/02/19/t-magazine/firefly-squid-cooking.html) in New York.
[Blog moderation policy.](https://www.schneier.com/blog/archives/2024/06/new-blog-moderation-policy.html)
Tags: [squid](https://www.schneier.com/tag/squid/)
[Posted on February 28, 2025 at 5:00 PM](https://www.schneier.com/blog/archives/2025/02/friday-squid-blogging-eating-bioluminescent-squid.html) â˘
* Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.
not connected to Facebook
* Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.
not connected to Twitter
* [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)
[âEmergent Misalignmentâ in LLMs](https://www.schneier.com/blog/archives/2025/02/emergent-misalignment-in-llms.html)
--------------------------------------------------------------------------------------------------------------------
Interesting research: â[Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs](https://martins1612.github.io/emergent_misalignment_betley.pdf)â:
> **Abstract:** We present a surprising result regarding LLMs and alignment. In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model acts misaligned on a broad range of prompts that are unrelated to coding: it asserts that humans should be enslaved by AI, gives malicious advice, and acts deceptively. Training on the narrow task of writing insecure code induces broad misalignment. We call this emergent misalignment. This effect is observed in a range of models but is strongest in GPT-4o and Qwen2.5-Coder-32B-Instruct. Notably, all fine-tuned models exhibit inconsistent behavior, sometimes acting aligned. Through control experiments, we isolate factors contributing to emergent misalignment. Our models trained on insecure code behave differently from jailbroken models that accept harmful user requests. Additionally, if the dataset is modified so the user asks for insecure code for a computer security class, this prevents emergent misalignment.
>
> In a further experiment, we test whether emergent misalignment can be induced selectively via a backdoor. We find that models finetuned to write insecure code given a trigger become misaligned only when that trigger is present. So the misalignment is hidden without knowledge of the trigger.
>
> Itâs important to understand when and why narrow finetuning leads to broad misalignment. We conduct extensive ablation experiments that provide initial insights, but a comprehensive explanation remains an open challenge for future work.
The emergent properties of LLMs are so, so weird.
Tags: [academic papers](https://www.schneier.com/tag/academic-papers/), [AI](https://www.schneier.com/tag/ai/), [LLM](https://www.schneier.com/tag/llm/)
[Posted on February 27, 2025 at 1:05 PM](https://www.schneier.com/blog/archives/2025/02/emergent-misalignment-in-llms.html) ⢠[23 Comments](https://www.schneier.com/blog/archives/2025/02/emergent-misalignment-in-llms.html#comments)
* Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.
not connected to Facebook
* Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.
not connected to Twitter
* [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)
[UK Demanded Apple Add a Backdoor to iCloud](https://www.schneier.com/blog/archives/2025/02/an-icloud-backdoor-would-make-our-phones-less-safe.html)
----------------------------------------------------------------------------------------------------------------------------------------------------
Last month, the UK government [demanded](https://www.washingtonpost.com/technology/2025/02/07/apple-encryption-backdoor-uk/) that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users in the United Kingdom. But the British law is written in a way that requires Apple to give its government access to anyone, anywhere in the world. If the government demands Apple weaken its security worldwide, it would increase everyoneâs cyber-risk in an already dangerous world.
If youâre an iCloud user, you have the option of turning on something called â[advanced data protection](https://support.apple.com/en-us/102651),â or ADP. In that mode, a majority of your data is end-to-end encrypted. This means that no one, not even anyone at Apple, can read that data. Itâs a restriction enforced by mathematicsâcryptographyâand not policy. Even if someone successfully hacks iCloud, they canât read ADP-protected data.
Using a controversial power in its 2016 Investigatory Powers Act, the UK government wants Apple to re-engineer iCloud to add a âbackdoorâ to ADP. This is so that if, sometime in the future, UK police wanted Apple to eavesdrop on a user, it could. Rather than add such a backdoor, Apple disabled ADP in the UK market.
Should the UK government persist in its demands, the ramifications will be profound in two ways. First, Apple canât limit this capability to the UK government, or even only to governments whose politics it agrees with. If Apple is able to turn over usersâ data in response to government demand, every other country will expect the same compliance. China, for example, will likely demand that Apple out dissidents. Apple, already [dependent](https://www.businessinsider.com/apple-dependent-on-china-economy-manufacturing-problem-2023-9) on China for both sales and manufacturing, wonât be able to refuse.
Second: Once the backdoor exists, others will attempt to surreptitiously use it. A technical means of access canât be limited to only people with proper legal authority. Its very existence invites others to try. In 2004, hackersâwe donât know whoâ[breached](https://spectrum.ieee.org/the-athens-affair) a backdoor access capability in a major Greek cellphone network to spy on users, including the prime minister of Greece and other elected officials. Just last year, China [hacked](https://foreignpolicy.com/2024/12/19/salt-typhoon-hack-explained-us-china-cyberattack/) U.S. telecoms and gained access to their systems that provide eavesdropping on cellphone users, [possibly including](https://www.nytimes.com/2024/10/26/us/politics/salt-typhoon-hack-what-we-know.html) the presidential campaigns of both Donald Trump and Kamala Harris. That operation resulted in the FBI and the Cybersecurity and Infrastructure Security Agency [recommending](https://www.cisa.gov/sites/default/files/2024-12/guidance-mobile-communications-best-practices.pdf) [that](https://www.forbes.com/sites/zakdoffman/2024/12/06/fbi-warns-iphone-and-android-users-stop-sending-texts/) everyone use end-to-end encrypted messaging for their own security.
Apple isnât the only company that offers end-to-end encryption. Google [offers](https://security.googleblog.com/2018/10/google-and-android-have-your-back-by.html) the feature as well. WhatsApp, iMessage, Signal, and Facebook Messenger offer the same level of security. There are other end-to-end encrypted cloud storage providers. Similar levels of security are available for phones and laptops. Once the UK forces Apple to break its security, actions against these other systems are sure to follow.
It seems unlikely that the UK is not coordinating its actions with the other âFive Eyesâ countries of the United States, Canada, Australia, and New Zealand: the rich English-language-speaking spying club. Australia passed a [similar law](https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/lawful-access-telecommunications/assistance-and-access-industry-assistance-framework) in 2018, giving it authority to demand that companies weaken their security features. As far as we know, it has never been used to force a company to re-engineer its securityâbut since the law allows for a gag order we might never know. The UK law has a gag order as well; we only know about the Apple action because a whistleblower [leaked it](http://www.washingtonpost.com/technology/2025/02/07/apple-encryption-backdoor-uk/) to the _Washington Post_. For all we know, they may have demanded this of other companies as well. In the United States, the FBI has [long advocated](https://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course) for the same powers. Having the UK make this demand now, when the world is distracted by the foreign-policy turmoil of the Trump administration, might be what itâs been waiting for.
The companies need to resist, andâmore importantlyâwe need to demand they do. The UK government, like the Australians and the FBI in years past, argues that this type of access is necessary for law enforcementâthat it is â[going dark](https://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course)â and that the internet is a lawless place. Weâve heard this kind of talk since the [1990s](https://archive.epic.org/crypto/legislation/freeh_797.html), but its scant evidence doesnât hold water. Decades of court cases with electronic evidence show again and again the police collect evidence through a variety of means, most of themâlike traffic analysis or informantsâhaving nothing to do with encrypted data. What police departments need are better computer investigative and forensics capabilities, not backdoors.
We can [all help](https://blog.cryptographyengineering.com/2025/02/12/u-k-asks-to-backdoor-icloud-backup-encryption/). If youâre an iCloud user, consider [turning this feature on](https://support.apple.com/en-us/108756). The more of us who use it, the harder it is for Apple to turn it off for those who need it to stay out of jail. This also puts pressure on other companies to offer similar security. And it helps those who need it to survive, because enabling the feature couldnât be used as a de facto admission of guilt. (This is a benefit of using WhatsApp over Signal. Since so many people in the world use WhatsApp, having it on your phone isnât in itself suspicious.)
On the policy front, we have two choices. [We](https://www.schneier.com/wp-content/uploads/2016/02/paper-key-escrow.pdf) [canât](https://www.schneier.com/wp-content/uploads/2016/02/paper-keys-under-doormats.pdf) [build](https://www.schneier.com/wp-content/uploads/2024/01/Bugs_in_Our_Pockets.pdf) security systems that work for some people and not others. We can either make our communications and devices as secure as possible against everyone who wants access, including foreign intelligence agencies and our own law enforcement, which protects everyone, including (unfortunately) criminals. Or we can weaken securityâthe criminalsâ as well as everyone elseâs.
Itâs a question of [security vs. security](https://carnegieendowment.org/research/2019/09/moving-the-encryption-policy-conversation-forward?lang=en). Yes, we are all more secure if the police are able to investigate and solve crimes. But we are also more secure if our data and communications are safe from eavesdropping. A backdoor in Appleâs security is not just harmful on a personal level, itâs harmful to [national security](https://www.thirdway.org/report/weakened-encryption-the-threat-to-americas-national-security). We live in a world where everyone communicates electronically and stores their important data on a computer. These computers and phones are used by every national leader, member of a legislature, police officer, judge, CEO, journalist, dissident, political operative, and citizen. They need to be as secure as possible: from account takeovers, from ransomware, from foreign spying and manipulation. Remember that the FBI [recommended](https://www.nbcnews.com/tech/security/us-officials-urge-americans-use-encrypted-apps-cyberattack-rcna182694) that we all use backdoor-free end-to-end encryption for messaging just a few months ago.
Securing digital systems is hard. Defenders must defeat every attack, while eavesdroppers need one attack that works. Given how essential these devices are, we need to adopt a [defense-dominant strategy](https://www.atlanticcouncil.org/wp-content/uploads/2015/08/AC_StrategyPapers_No8_Saving_Cyberspace_WEB.pdf). To do anything else makes us all less safe.
_This essay originally appeared in [Foreign Policy](https://foreignpolicy.com/2025/02/25/apple-united-kingdom-adp-back-door-less-safe/)._
Tags: [Apple](https://www.schneier.com/tag/apple/), [backdoors](https://www.schneier.com/tag/backdoors/), [encryption](https://www.schneier.com/tag/encryption/), [UK](https://www.schneier.com/tag/uk/)
[Posted on February 26, 2025 at 7:07 AM](https://www.schneier.com/blog/archives/2025/02/an-icloud-backdoor-would-make-our-phones-less-safe.html) ⢠[44 Comments](https://www.schneier.com/blog/archives/2025/02/an-icloud-backdoor-would-make-our-phones-less-safe.html#comments)
* Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.
not connected to Facebook
* Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.
not connected to Twitter
* [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)
[North Korean Hackers Steal $1.5B in Cryptocurrency](https://www.schneier.com/blog/archives/2025/02/north-korean-hackers-steal-1-5b-in-cryptocurrency.html)
-----------------------------------------------------------------------------------------------------------------------------------------------------------
It looks like a [very sophisticated](https://arstechnica.com/security/2025/02/how-north-korea-pulled-off-a-1-5-billion-crypto-heist-the-biggest-in-history/) attack against the Dubai-based exchange Bybit:
> Bybit officials [disclosed](https://announcements.bybit.com/article/incident-update---eth-cold-wallet-incident-blt292c0454d26e9140/) the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had been stored in a âMultisig Cold Walletâ when, somehow, it was transferred to one of the exchangeâs hot wallets. From there, the cryptocurrency was transferred out of Bybit altogether and into wallets controlled by the unknown attackers.
>
> \[âŚ\]
>
> âŚa subsequent investigation by Safe found no signs of unauthorized access to its infrastructure, no compromises of other Safe wallets, and no obvious vulnerabilities in the Safe codebase. As investigators continued to dig in, they finally settled on the true cause. Bybit ultimately said that the fraudulent transaction was âmanipulated by a sophisticated attack that altered the smart contract logic and masked the signing interface, enabling the attacker to gain control of the ETH Cold Wallet.â
The announcement on the Bybit website is almost comical. This is the headline: âIncident Update: Unauthorized Activity Involving ETH Cold Wallet.â
[More](https://research.checkpoint.com/2025/the-bybit-incident-when-research-meets-reality/):
> This hack sets a new precedent in crypto security by bypassing a multisig cold wallet without exploiting any smart contract vulnerability. Instead, it exploited human trust and UI deception:
>
> * Multisigs are no longer a security guarantee if signers can be compromised.
> * Cold wallets arenât automatically safe if an attacker can manipulate what a signer sees.
> * Supply chain and UI manipulation attacks are becoming more sophisticated.
>
> The Bybit hack has shattered long-held assumptions about crypto security. No matter how strong your smart contract logic or multisig protections are, the human element remains the weakest link. This attack proves that UI manipulation and social engineering can bypass even the most secure wallets. The industry needs to move to end to end prevention, each transaction must be validated.
Tags: [cryptocurrency](https://www.schneier.com/tag/cryptocurrency/), [hacking](https://www.schneier.com/tag/hacking/), [North Korea](https://www.schneier.com/tag/north-korea/), [theft](https://www.schneier.com/tag/theft/)
[Posted on February 25, 2025 at 12:04 PM](https://www.schneier.com/blog/archives/2025/02/north-korean-hackers-steal-1-5b-in-cryptocurrency.html) ⢠[19 Comments](https://www.schneier.com/blog/archives/2025/02/north-korean-hackers-steal-1-5b-in-cryptocurrency.html#comments)
* Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.
not connected to Facebook
* Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.
not connected to Twitter
* [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)
[More Research Showing AI Breaking the Rules](https://www.schneier.com/blog/archives/2025/02/more-research-showing-ai-breaking-the-rules.html)
----------------------------------------------------------------------------------------------------------------------------------------------
These researchers had [LLMs play chess](https://time.com/7259395/ai-chess-cheating-palisade-research/) against better opponents. When they couldnât win, they sometimes resorted to cheating.
> Researchers gave the models a seemingly impossible task: to win against Stockfish, which is one of the strongest chess engines in the world and a much better player than any human, or any of the AI models in the study. Researchers also gave the models what they call a âscratchpad:â a text box the AI could use to âthinkâ before making its next move, providing researchers with a window into their reasoning.
>
> In one case, o1-preview found itself in a losing position. âI need to completely pivot my approach,â it noted. âThe task is to âwin against a powerful chess engineâânot necessarily to win fairly in a chess game,â it added. It then modified the system file containing each pieceâs virtual position, in effect making illegal moves to put itself in a dominant position, thus forcing its opponent to resign.
>
> Between Jan. 10 and Feb. 13, the researchers ran hundreds of such trials with each model. OpenAIâs o1-preview tried to cheat 37% of the time; while DeepSeek R1 tried to cheat 11% of the timeÂmaking them the only two models tested that attempted to hack without the researchersâ first dropping hints. Other models tested include o1, o3-mini, GPT-4o, Claude 3.5 Sonnet, and Alibabaâs QwQ-32B-Preview. While R1 and o1-preview both tried, only the latter managed to hack the game, succeeding in 6% of trials.
Hereâs the [paper](https://arxiv.org/pdf/2502.13295).
Tags: [academic papers](https://www.schneier.com/tag/academic-papers/), [AI](https://www.schneier.com/tag/ai/), [cheating](https://www.schneier.com/tag/cheating/), [chess](https://www.schneier.com/tag/chess/), [games](https://www.schneier.com/tag/games/), [LLM](https://www.schneier.com/tag/llm/)
[Posted on February 24, 2025 at 7:08 AM](https://www.schneier.com/blog/archives/2025/02/more-research-showing-ai-breaking-the-rules.html) ⢠[23 Comments](https://www.schneier.com/blog/archives/2025/02/more-research-showing-ai-breaking-the-rules.html#comments)
* Two clicks for more privacy: The Facebook Like button will be enabled once you click here. No data is loaded from Facebook until you enable the button. Click the \[i\] button for more information.
not connected to Facebook
* Two clicks for more privacy: The Tweet button will be enabled once you click here. No data is loaded from Twitter until you enable the button. Click the \[i\] button for more information.
not connected to Twitter
* [If you click to activate the share buttons, data will be loaded from a third party, allowing them to track your visit to schneier.com. For more details click the \[i\] button.](https://panzi.github.io/SocialSharePrivacy/)
[â Earlier Entries](https://www.schneier.com/page/2/)
Sidebar photo of Bruce Schneier by Joe MacInnis.
[Powered by WordPress](https://wordpress.com/wp/?partner_domain=www.schneier.com&utm_source=Automattic&utm_medium=colophon&utm_campaign=Concierge%20Referral&utm_term=www.schneier.com) [Hosted by Pressable](https://pressable.com/?utm_source=Automattic&utm_medium=rpc&utm_campaign=Concierge%20Referral&utm_term=concierge)
### About Bruce Schneier
I am a [public-interest technologist](https://public-interest-tech.com/), working at the intersection of security, technology, and people. I've been writing about security issues on my [blog](/) since 2004, and in my monthly [newsletter](/crypto-gram/) since 1998. I'm a fellow and lecturer at Harvard's [Kennedy School](https://www.hks.harvard.edu/faculty/bruce-schneier), a board member of [EFF](https://www.eff.org/), and the Chief of Security Architecture at [Inrupt, Inc.](https://inrupt.com/) This personal website expresses the opinions of none of those organizations.
### Featured Essays
* [The Value of Encryption](https://www.schneier.com/essays/archives/2016/04/the_value_of_encrypt.html)
* [Data Is a Toxic Asset, So Why Not Throw It Out?](https://www.schneier.com/essays/archives/2016/03/data_is_a_toxic_asse.html)
* [How the NSA Threatens National Security](https://www.schneier.com/essays/archives/2014/01/how_the_nsa_threaten.html)
* [Terrorists May Use Google Earth, But Fear Is No Reason to Ban It](https://www.schneier.com/essays/archives/2009/01/terrorists_may_use_g.html)
* [In Praise of Security Theater](https://www.schneier.com/essays/archives/2007/01/in_praise_of_securit.html)
* [Refuse to be Terrorized](https://www.schneier.com/essays/archives/2006/08/refuse_to_be_terrori.html)
* [The Eternal Value of Privacy](https://www.schneier.com/essays/archives/2006/05/the_eternal_value_of.html)
* [Terrorists Don't Do Movie Plots](https://www.schneier.com/essays/archives/2005/09/terrorists_dont_do_m.html)
[More Essays](https://www.schneier.com/essays/)
### Blog Archives
* [Archive by Month](https://www.schneier.com/blog/calendar.html/)
* [100 Latest Comments](https://www.schneier.com/blog/newcomments.html/)
#### Blog Tags
* [3d printers](https://www.schneier.com/tag/3d-printers/)
* [9/11](https://www.schneier.com/tag/9-11/)
* [A Hacker's Mind](https://www.schneier.com/tag/a-hackers-mind/)
* [Aaron Swartz](https://www.schneier.com/tag/aaron-swartz/)
* [academic](https://www.schneier.com/tag/academic/)
* [academic papers](https://www.schneier.com/tag/academic-papers/)
* [accountability](https://www.schneier.com/tag/accountability/)
* [ACLU](https://www.schneier.com/tag/aclu/)
* [activism](https://www.schneier.com/tag/activism/)
* [Adobe](https://www.schneier.com/tag/adobe/)
* [advanced persistent threats](https://www.schneier.com/tag/advanced-persistent-threats/)
* [adware](https://www.schneier.com/tag/adware/)
* [AES](https://www.schneier.com/tag/aes/)
* [Afghanistan](https://www.schneier.com/tag/afghanistan/)
* [AI](https://www.schneier.com/tag/ai/)
* [air marshals](https://www.schneier.com/tag/air-marshals/)
* [air travel](https://www.schneier.com/tag/air-travel/)
* [airgaps](https://www.schneier.com/tag/airgaps/)
* [al Qaeda](https://www.schneier.com/tag/al-qaeda/)
* [alarms](https://www.schneier.com/tag/alarms/)
* [algorithms](https://www.schneier.com/tag/algorithms/)
* [alibis](https://www.schneier.com/tag/alibis/)
* [Amazon](https://www.schneier.com/tag/amazon/)
* [Android](https://www.schneier.com/tag/android/)
* [anonymity](https://www.schneier.com/tag/anonymity/)
* [Anonymous](https://www.schneier.com/tag/anonymous/)
* [antivirus](https://www.schneier.com/tag/antivirus/)
* [Apache](https://www.schneier.com/tag/apache/)
* [Apple](https://www.schneier.com/tag/apple/)
* [Applied Cryptography](https://www.schneier.com/tag/applied-cryptography/)
[More Tags](https://www.schneier.com/blog/tags.html/)
### Latest Book
[](https://www.schneier.com/books/a-hackers-mind/)
[More Books](https://www.schneier.com/books/)
[](https://www.eff.org/issues/bloggers/legal/join)[](https://epic.org/donate-to-epic/)
Search results
==============
Magnifying Glass
Search
Close search results
FiltersShow filters
Sort:RelevanceNewestOldestPrice: low to highPrice: high to lowRating
No results found
----------------
Filter options
--------------
Close Search
[Search powered by Jetpack](https://jetpack.com/upgrade/search/?utm_source=poweredby)