Disrupting the first reported AI-orchestrated cyber espionage campaign
We recently argued that an inflection point had been reached in cybersecurity: a point at which AI models had become genuinely useful for cybersecurity operations, both for good and for ill. This was based on systematic evaluations showing cyber capabilities doubling in six months; we’d also been tracking real-world cyberattacks, observing how malicious actors were using AI capabilities. While we predicted these capabilities would continue to evolve, what has stood out to us is how quickly they have done so at scale.
In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree—using AI not just as an advisor, but to execute the cyberattacks themselves.
The threat actor—whom we assess with high confidence was a Chinese state-sponsored group—manipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention.
Upon detecting this activity, we immediately launched an investigation to understand its scope and nature. Over the following ten days, as we mapped the severity and full extent of the operation, we banned accounts as they were identified, notified affected entities as appropriate, and coordinated with authorities as we gathered actionable intelligence.
This campaign has substantial implications for cybersecurity in the age of AI “agents”—systems that can be run autonomously for long periods of time and that complete complex tasks largely independent of human intervention. Agents are valuable for everyday work and productivity—but in the wrong hands, they can substantially increase the viability of large-scale cyberattacks.
These attacks are likely to only grow in their effectiveness. To keep pace with this rapidly-advancing threat, we’ve expanded our detection capabilities and developed better classifiers to flag malicious activity. We’re continually working on new methods of investigating and detecting large-scale, distributed attacks like this one.
In the meantime, we’re sharing this case publicly, to help those in industry, government, and the wider research community strengthen their own cyber defenses. We’ll continue to release reports like this regularly, and be transparent about the threats we find.
How the cyberattack worked
The attack relied on several features of AI models that did not exist, or were in much more nascent form, just a year ago:
Intelligence. Models’ general levels of capability have increased to the point that they can follow complex instructions and understand context in ways that make very sophisticated tasks possible. Not only that, but several of their well-developed specific skills—in particular, software coding—lend themselves to being used in cyberattacks.
Agency. Models can act as agents—that is, they can run in loops where they take autonomous actions, chain together tasks, and make decisions with only minimal, occasional human input.
Tools. Models have access to a wide array of software tools (often via the open standard Model Context Protocol). They can now search the web, retrieve data, and perform many other actions that were previously the sole domain of human operators. In the case of cyberattacks, the tools might include password crackers, network scanners, and other security-related software.
The diagram below shows the different phases of the attack, each of which required all three of the above developments: The lifecycle of the cyberattack, showing the move from human-led targeting to largely AI-driven attacks using various tools (often via the Model Context Protocol; MCP). At various points during the attack, the AI returns to its human operator for review and further direction.
In Phase 1, the human operators chose the relevant targets (for example, the company or government agency to be infiltrated). They then developed an attack framework—a system built to autonomously compromise a chosen target with little human involvement. This framework used Claude Code as an automated tool to carry out cyber operations.
At this point they had to convince Claude—which is extensively trained to avoid harmful behaviors—to engage in the attack. They did so by jailbreaking it, effectively tricking it to bypass its guardrails. They broke down their attacks into small, seemingly innocent tasks that Claude would execute without being provided the full context of their malicious purpose. They also told Claude that it was an employee of a legitimate cybersecurity firm, and was being used in defensive testing.
The attackers then initiated the second phase of the attack, which involved Claude Code inspecting the target organization’s systems and infrastructure and spotting the highest-value databases. Claude was able to perform this reconnaissance in a fraction of the time it would’ve taken a team of human hackers. It then reported back to the human operators with a summary of its findings.
In the next phases of the attack, Claude identified and tested security vulnerabilities in the target organizations’ systems by researching and writing its own exploit code. Having done so, the framework was able to use Claude to harvest credentials (usernames and passwords) that allowed it further access and then extract a large amount of private data, which it categorized according to its intelligence value. The highest-privilege accounts were identified, backdoors were created, and data were exfiltrated with minimal human supervision.
In a final phase, the attackers had Claude produce comprehensive documentation of the attack, creating helpful files of the stolen credentials and the systems analyzed, which would assist the framework in planning the next stage of the threat actor’s cyber operations.
Overall, the threat actor was able to use AI to perform 80-90% of the campaign, with human intervention required only sporadically (perhaps 4-6 critical decision points per hacking campaign). The sheer amount of work performed by the AI would have taken vast amounts of time for a human team. At the peak of its attack, the AI made thousands of requests, often multiple per second—an attack speed that would have been, for human hackers, simply impossible to match.
Claude didn’t always work perfectly. It occasionally hallucinated credentials or claimed to have extracted secret information that was in fact publicly-available. This remains an obstacle to fully autonomous cyberattacks.
Cybersecurity implications
The barriers to performing sophisticated cyberattacks have dropped substantially—and we predict that they’ll continue to do so. With the correct setup, threat actors can now use agentic AI systems for extended periods to do the work of entire teams of experienced hackers: analyzing target systems, producing exploit code, and scanning vast datasets of stolen information more efficiently than any human operator. Less experienced and resourced groups can now potentially perform large-scale attacks of this nature.
This attack is an escalation even on the “vibe hacking” findings we reported this summer: in those operations, humans were very much still in the loop, directing the operations. Here, human involvement was much less frequent, despite the larger scale of the attack. And although we only have visibility into Claude usage, this case study probably reflects consistent patterns of behavior across frontier AI models and demonstrates how threat actors are adapting their operations to exploit today’s most advanced AI capabilities.
This raises an important question: if AI models can be misused for cyberattacks at this scale, why continue to develop and release them? The answer is that the very abilities that allow Claude to be used in these attacks also make it crucial for cyber defense. When sophisticated cyberattacks inevitably occur, our goal is for Claude—into which we’ve built strong safeguards—to assist cybersecurity professionals to detect, disrupt, and prepare for future versions of the attack. Indeed, our Threat Intelligence team used Claude extensively in analyzing the enormous amounts of data generated during this very investigation.
A fundamental change has occurred in cybersecurity. We advise security teams to experiment with applying AI for defense in areas like Security Operations Center automation, threat detection, vulnerability assessment, and incident response. We also advise developers to continue to invest in safeguards across their AI platforms, to prevent adversarial misuse. The techniques described above will doubtless be used by many more attackers—which makes industry threat sharing, improved detection methods, and stronger safety controls all the more critical.
Chinese hackers used Anthropic's AI agent to automate spying
Nov 13, 2025
Sam Sabin
Suspected Chinese operators used Anthropic's AI coding tool to target about 30 global organizations — and had success in several cases, the company said Thursday.
Why it matters: This is the first documented case of a foreign government using AI to fully automate a cyber operation, Anthropic warned.
Anthropic said the campaign relied on Claude's agentic capabilities, or the model's ability to take autonomous action across multiple steps with minimal human direction.
The big picture: The dam is breaking on state hackers using AI to speed up and scale digital attacks.
Earlier this month, Google said Russian military hackers used an AI model to help generate malware for targeting Ukrainian entities. But that required human operators to prompt the model step by step.
In this new case, Claude Code carried out 80-90% of the operation on its own, Anthropic said.
Zoom in: In a blog post Thursday, Anthropic said it spotted suspected Chinese state-sponsored hackers jailbreaking Claude Code to help breach dozens of tech companies, financial institutions, chemical manufacturers, and government agencies.
The company first detected the activity in mid-September and investigated over the following 10 days.
It banned the malicious accounts, alerted targeted organizations, and shared findings with authorities during that time period.
A spokesperson for the Chinese embassy in the U.S. said in a statement that China "firmly opposes and cracks down on all forms of cyberattacks in accordance with law."
"We oppose groundless attacks and slanders against China," the spokesperson added. "We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations."
How it worked: The attackers tricked Claude into thinking it was performing defensive cybersecurity tasks for a legitimate company. They also broke down malicious requests into smaller, less suspicious tasks to avoid triggering its guardrails.
Once jailbroken, Claude inspected target systems, scanned for high-value databases, and wrote custom exploit code.
Suspected Chinese operators used Anthropic's AI coding tool to target about 30 global organizations — and had success in several cases, the company said Thursday.
Why it matters: This is the first documented case of a foreign government using AI to fully automate a cyber operation, Anthropic warned.
Anthropic said the campaign relied on Claude's agentic capabilities, or the model's ability to take autonomous action across multiple steps with minimal human direction.
The big picture: The dam is breaking on state hackers using AI to speed up and scale digital attacks.
Earlier this month, Google said Russian military hackers used an AI model to help generate malware for targeting Ukrainian entities. But that required human operators to prompt the model step by step.
In this new case, Claude Code carried out 80-90% of the operation on its own, Anthropic said.
Zoom in: In a blog post Thursday, Anthropic said it spotted suspected Chinese state-sponsored hackers jailbreaking Claude Code to help breach dozens of tech companies, financial institutions, chemical manufacturers, and government agencies.
The company first detected the activity in mid-September and investigated over the following 10 days.
It banned the malicious accounts, alerted targeted organizations, and shared findings with authorities during that time period.
A spokesperson for the Chinese embassy in the U.S. said in a statement that China "firmly opposes and cracks down on all forms of cyberattacks in accordance with law."
"We oppose groundless attacks and slanders against China," the spokesperson added. "We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations."
How it worked: The attackers tricked Claude into thinking it was performing defensive cybersecurity tasks for a legitimate company. They also broke down malicious requests into smaller, less suspicious tasks to avoid triggering its guardrails.
Once jailbroken, Claude inspected target systems, scanned for high-value databases, and wrote custom exploit code.
Extropic Claims 10,000x Energy Savings With New Probabilistic AI Chip
By Michelle Hawley October 30, 2025
A new probabilistic computing approach from Extropic promises radically lower energy use for generative AI, challenging GPU-based AI infrastructure.
Key Takeaways:
Extropic claims its new “probabilistic” hardware could run GenAI using far less energy than GPUs.
Simulations show ~10,000x energy savings with its new Denoising Thermodynamic Model (DTM).
Extropic said it plans to remove power constraints that limit AI scaling today.
AI Maxes Out the Power Grid
The AI boom has come with a physical constraint most consumers never see: electricity.
Data centers across the world struggle to secure enough power to support AI training and inference. Three years ago, tech startup Extropic bet that energy — not chips, not data — would become the primary limit to AI scaling. In their latest announcement, they say that bet has proven correct.
Rather than work on energy generation, which would require major infrastructure and government support, Extropic targeted another side of the problem: how to make AI itself more energy efficient.
Extropic Introduces First Scalable Probabilistic Computer
Modern AI is built on GPUs, a type of processor originally designed to render graphics. GPUs evolved into AI accelerators because they are good at matrix multiplication, the core mathematical operation behind neural networks. But GPUs are not energy efficient, and most of their power consumption goes into moving information around the chip, not the math itself.
Extropic claims to have designed an alternative: a new class of AI chip — a scalable probabilistic computer — built for sampling probability directly instead of performing GPU-style matrix math.
According to the company, their hardware:
Uses “orders of magnitude” less energy than GPUs
Performs AI tasks by sampling probability, not crunching large matrices
Was fabricated and tested in silicon
Runs a new kind of generative AI algorithm
This new device is called the Thermodynamic Sampling Unit (TSU).
How a TSU Works
TSUs function as probabilistic AI chips. Most AI chips today, including GPUs and TPUs, perform massive matrix multiplications to estimate probabilities and then sample from them. Extropic’s hardware claims to skip the matrix multiplication entirely and directly sample from complex distributions.
Key Claims About TSUs
Extropic states that TSUs:
Are built from large arrays of probabilistic cores
Sample from energy-based models (EBMs), a class of machine learning (ML) models
Use the Gibbs sampling algorithm to combine many simple probabilistic circuits into complex distributions
Minimize energy by keeping communication strictly local — circuits only interact with nearby neighbors
This last point is critical. Extropic argued that the biggest energy drain in GPUs is data movement. By designing hardware where communication is entirely local, the TSU architecture avoids expensive long-distance wiring and voltage changes within the chip.
In other words: TSUs are built to be physically, and therefore energetically, optimized for probability, not arithmetic.
How TSUs Compare to AI Chips
GPUs/TPUs: Deterministic math engines optimized for matrix multiplication
TSUs: Probabilistic chips that generate samples directly
pbits: Transistor-based probabilistic bits that fluctuate between 0 and 1
Goal: Deliver generative AI using far less energy than GPU-based systems
The Smallest Building Block: The pbit
At the core of the TSU is what Extropic calls a pbit.
A traditional digital bit is always a 1 or a 0
A pbit fluctuates randomly between 1 and 0
The probability of being in either state is programmable
This makes a pbit essentially a hardware random number generator.
A single pbit is not very useful. But, as Extropic noted, neither is a single NAND gate. Combine enough of them, and you get a functioning computer.
Extropic claims that:
Existing academic pbit designs were not commercially viable because they required exotic components
Extropic designed a pbit built entirely from transistors
Its pbits use orders of magnitude less energy to generate randomness
A hardware “proof of technology” has already validated the concept
Because pbits are small and energy-efficient, they can be packed tightly into a TSU. And because they are made from ordinary transistors, they can be integrated alongside standard computing circuitry.
A New Generative AI Model: The Denoising Thermodynamic Model
To show how their hardware can be used in real applications, Extropic also developed a new generative AI algorithm called the Denoising Thermodynamic Model (DTM).
DTMs are inspired by diffusion models, the same broad family used by image generators like Stable Diffusion. Like diffusion, a DTM starts with noise and iteratively transforms it into structured output.
However, Extropic states that DTMs are designed specifically for TSUs and are therefore far more energy-efficient.
According to Extropic:
Simulations of DTMs running on TSUs could be 10,000x more energy-efficient than modern algorithms running on GPUs
Results can be replicated using thrml, their open-source Python library
Why Extropic's Breakthrough Matters
Extropic framed the problem in simple terms: the world does not have enough power for unlimited AI.
The Bottleneck
Every major AI model increases compute requirements
Every increase in compute increases energy demand
Data centers are already struggling to secure power
If generative AI were served to billions of users continuously — at scale similar to email or search — today’s hardware could consume more energy than the world currently produces.
The Proposed Solution
Improve energy generation and reduce computing energy consumption, removing the energy ceiling preventing widespread, always-on AI.
The Walt Disney Company and OpenAI reach landmark agreement to bring beloved characters from across Disney’s brands to Sora
Agreement marks a significant step in setting meaningful standards for responsible AI in entertainment.
December 11, 2025
As part of this three-year licensing agreement, Sora will be able to generate short, user-prompted social videos that can be viewed and shared by fans, drawing on more than 200 Disney, Marvel, Pixar and Star Wars characters.
Agreement will make a selection of these fan-inspired Sora short form videos available to stream on Disney+.
Disney and OpenAI affirm a shared commitment to responsible use of AI that protects the safety of users and the rights of creators.
Alongside the licensing agreement, Disney will become a major customer of OpenAI, using its APIs to build new products, tools, and experiences, including for Disney+, and deploying ChatGPT for its employees.
As part of the agreement, Disney will make a $1 billion equity investment in OpenAI, and receive warrants to purchase additional equity.
The Walt Disney Company and OpenAI have reached an agreement for Disney to become the first major content licensing partner on Sora, OpenAI’s short-form generative AI video platform, bringing these leaders in creativity and innovation together to unlock new possibilities in imaginative storytelling.
As part of this new, three-year licensing agreement, Sora will be able to generate short, user-prompted social videos that can be viewed and shared by fans, drawing from a set of more than 200 animated, masked and creature characters from Disney, Marvel, Pixar and Star Wars, including costumes, props, vehicles, and iconic environments. In addition, ChatGPT Images will be able to turn a few words by the user into fully generated images in seconds, drawing from the same intellectual property. The agreement does not include any talent likenesses or voices.
Alongside the licensing agreement, Disney will become a major customer of OpenAI, using its APIs to build new products, tools, and experiences, including for Disney+, and deploying ChatGPT for its employees.
As part of the agreement, Disney will make a $1 billion equity investment in OpenAI, and receive warrants to purchase additional equity.
Under the agreement, Disney and OpenAI are affirming a shared commitment to the responsible use of AI that protects user safety and the rights of creators. Together, the companies will advance human-centered AI that respects the creative industries and expands what is possible for storytelling.
The transaction is subject to the negotiation of definitive agreements, required corporate and board approvals, and customary closing conditions.
“Technological innovation has continually shaped the evolution of entertainment, bringing with it new ways to create and share great stories with the world,” said Robert A. Iger, CEO, The Walt Disney Company. “The rapid advancement of artificial intelligence marks an important moment for our industry, and through this collaboration with OpenAI we will thoughtfully and responsibly extend the reach of our storytelling through generative AI, while respecting and protecting creators and their works. Bringing together Disney’s iconic stories and characters with OpenAI’s groundbreaking technology puts imagination and creativity directly into the hands of Disney fans in ways we’ve never seen before, giving them richer and more personal ways to connect with the Disney characters and stories they love.”
“Disney is the global gold standard for storytelling, and we’re excited to partner to allow Sora and ChatGPT Images to expand the way people create and experience great content,” said Sam Altman, co-founder and CEO of OpenAI. “This agreement shows how AI companies and creative leaders can work together responsibly to promote innovation that benefits society, respect the importance of creativity, and help works reach vast new audiences.”
Under the license, fans will be able to watch curated selections of Sora-generated videos on Disney+, and OpenAI and Disney will collaborate to utilize OpenAI’s models to power new experiences for Disney + subscribers, furthering innovative and creative ways to connect with Disney’s stories and characters. Sora and ChatGPT Images are expected to start generating fan-inspired videos with Disney’s multi-brand licensed characters in early 2026.
Among the characters fans will be able to use in their creations are Mickey Mouse, Minnie Mouse, Lilo, Stitch, Ariel, Belle, Beast, Cinderella, Baymax, Simba, Mufasa, as well as characters from the worlds of Encanto, Frozen, Inside Out, Moana, Monsters Inc., Toy Story, Up, Zootopia, and many more; plus iconic animated or illustrated versions of Marvel and Lucasfilm characters like Black Panther, Captain America, Deadpool, Groot, Iron Man, Loki, Thor, Thanos, Darth Vader, Han Solo, Luke Skywalker, Leia, the Mandalorian, Stormtroopers, Yoda and more.
As part of the agreement, OpenAI has committed to continuing its industry leadership in implementing responsible measures to further address trust and safety, including age-appropriate policies and other reasonable controls across the service. In addition, OpenAI and Disney have affirmed a shared commitment to maintaining robust controls to prevent the generation of illegal or harmful content, to respect the rights of content owners in relation to the outputs of models, and to respect the rights of individuals to appropriately control the use of their voice and likeness.
Starlink Installation for Business and Residential — Installers of Starlink Expands Rapid Service Across Georgia
News Provided By
Installers of Starlink
December 27, 2025, 12:13 GMT
nstallers of Starlink pairs virtual surveys with locally staged crews so their Starlink installers in GA can complete most jobs in days instead of weeks.
Georgia homeowners and small businesses aren’t asking for magic—they want clear timelines, neat routing, and proof their Starlink will stay up when it counts, and that's what we deliver.”— a company spokesperson
ATLANTA, GA, UNITED STATES, December 27, 2025 /EINPresswire.com/ -- Installers of Starlink (877) 309-1050 today announced a statewide rollout of Starlink installation services in Georgia, pairing virtual site surveys with locally staged crews so most jobs can be completed in about three days or less—often sooner when equipment is already on site. The program serves business, residential, and mobile users who want standardized Starlink installs without weeks-long uncertainty.
“Across metro Atlanta and the surrounding counties, people are done with open-ended waitlists—we focus on clear scope, firm windows, and a documented hand-off so Starlink is ready to work.”
The model follows a pattern the company has deployed in other states: a virtual review to define scope, pre-staged materials, and a concise proof-of-performance hand-off. For customers comparing Starlink installers in Georgia against legacy options, the company emphasizes predictable timelines and documented outcomes.
Each project begins with a virtual site survey. Using an address and a few targeted questions, technicians map clear sky and practical mount locations with satellite imagery. Before anyone climbs a ladder, customers receive plain-language options so placement and mount style match the property and goal—whether that is a townhome, storefront, or warehouse.
Phone photos are requested only when fascia condition, potential obstructions, or under-eave clearance is unclear. For complex structures—including flat, parapet, and metal roofs—teams can share images from similar projects so stakeholders can see how a finished install is likely to look.
On install day, crews focus on purposeful placement, discreet routing, and weather-sealed entries suited to Georgia conditions. Cables are routed along planned paths with attention to safety, future service, and minimal visual impact.
Every job concludes with a proof-of-performance. Depending on the scope, that may include a speed and latency check, app tutorial, Wi-Fi coverage verification, or confirmation that distribution links and cameras are performing as intended. Customers receive a short summary covering mount type and placement, exterior-rated cable path, and key integration details.
Installers of Starlink reports that standard scopes are completed in a single visit when access and weather cooperate.
Beyond single-dish installs, the Georgia rollout highlights several network-focused services:
- P2P and P2MP distribution. Point-to-point (P2P) and point-to-multi-point (P2MP) wireless links can carry one Starlink feed to multiple structures—shops, barns, outbuildings, warehouses, guard shacks, and yards—often avoiding trenching.
- Starlink + fiber/SD-WAN integration. For sites that already have fiber, cable, or SD-WAN, teams can integrate Starlink for primary/backup, failover, or load-sharing.
- Managed Wi-Fi layouts. Campus, floor, and yard Wi-Fi layouts are available for RV parks, campgrounds, hotels, multifamily properties, and industrial yards.
- Security and outdoor coverage. Services include security camera installation, solar Starlink setups, outdoor Wi-Fi extenders, and tuned coverage for cameras, point-of-sale, and everyday operations.
Reliability challenges across Georgia range from tree-lined neighborhoods and dense apartment corridors to storm-related outages and last-mile gaps as growth pushes outward from Atlanta. Low-Earth-orbit connectivity has become a practical answer for video calls, remote work, point-of-sale systems, and continuity during terrestrial cuts—but performance still depends on mount choice, line-of-sight, cable distance, and router location.
By front-loading analysis and standardizing execution, Installers of Starlink aims to give Starlink installation services in Georgia a consistent blueprint whether the dish is serving an office, restaurant, distribution yard, or home-based business.
Commercial and public sector scopes include storefronts, restaurants, clinics, logistics yards, media workflows, public agencies, and office trailers—delivered with discreet routing and a documented performance check.
Residential scopes include roof, wall, or under-eave installs that respect neighborhood aesthetics and HOA constraints, with tidy interior finishes.
Mobile scopes cover RVs, service vehicles, and other mobile setups configured for secure mounting and quick deployment around regional job sites and events.
Campus and estates work includes engineered P2P/P2MP links across barns, shops, guest houses, warehouses, guard shacks, and other buildings on the same property.
Security and Wi-Fi scopes cover security camera installation, outdoor Wi-Fi extenders, and managed Wi-Fi for RV parks, campgrounds, hotels, and similar venues.
- Paulding County: Dallas, Hiram, Braswell, New Hope, Yorkville
- Bartow County: Cartersville, Adairsville, Emerson, Euharlee, White
- Newton County: Covington, Oxford, Porterdale, Mansfield, Newborn
- Walton County: Monroe, Loganville, Social Circle, Between, Good Hope
- Barrow County: Winder, Auburn, Statham, Bethlehem, Carl
- Carroll County: Carrollton, Villa Rica, Temple, Bowdon, Mount Zion
- Spalding County: Griffin, Orchard Hill, Sunny Side, Experiment, East Griffin
Coverage is statewide and part of the company’s broader U.S. footprint, with the same assessment, installation, and verification methods applied in every market.
Customers comparing providers are encouraged to confirm three basics: Can the installer commit to a firm window in three days or less? Will the team deliver a documented speed or coverage report at hand-off? Are parts and mounts pre-staged so the job finishes in one visit when conditions allow? For this Georgia rollout, Installers of Starlink reports “yes” on all three.
Installers of Starlink provides Starlink installation and network integration across all 50 U.S. states, standardizing planning and workmanship, communicating timelines transparently, and verifying performance at completion.
Disclaimer: Installers of Starlink is an independent installation service and is not affiliated with Starlink or SpaceX. Starlink and related trademarks are the property of SpaceX. Installers of Starlink is a DBA of Starlink Installation Techs LLC.
PR Contact
Installers of Starlink
+1 877-309-1050
support@installersofstarlink.com
The suite of AI tools to accelerate your creativity.
Access the complete generative suite of AI tools in one place no need for multiple subscriptions. Powered by cutting-edge AI models to ensure you're always creating with the best technology available. Use everything you generate in your projects commercially, globally, and forever all backed by our lifetime license.
We’re here to spark originality!
Everything we do is to empower creative professionals to thrive, with our suite of AI tools, unlimited access to high-quality assets, tools, tutorials, and more.
New California laws going into effect in 2026 impact tortillas, streaming services and more
By Juan Carlos Guerrero
Thursday, December 18, 2025
SAN FRANCISCO (KGO) -- Hundreds of new laws are taking effect in California in the new year. Here is a partial list.
CONSUMERS
(SB 1053) Plastic Bag Ban
Plastic bags are on the way out in California. The state is expanding its ban on single-use plastic bags to include all plastic bags. The original law allowed the use of thicker plastic bags which were meant to be reusable, but since most consumers used them only once, those thicker bags are now being outlawed as well. Starting January 1, consumers will have to buy a bag made of recycled paper or use their own reusable bags.
(AB 578) Food Delivery Platforms
Did your food order not get delivered? This new law requires food delivery platforms like Uber Eats, DoorDash and Postmates provide a full refund to a customer if an order is not delivered or if the wrong order was delivered. Food delivery platforms must provide customer service by humans if their automated systems do not resolve the customer's concern.
The law also requires food delivery platforms to disclose an itemized breakdown of pay, tips and bonuses for delivery drivers.
(SB 1075) Overdraft Fees
Prohibits credit unions from charging an overdraft fee or a nonsufficient funds fee above $14 or the amount set by the federal Consumer Financial Protection Bureau if it is lower. A similar bill affecting banks took effect in 2025.
(SB 576) Streaming Services
Beginning in July, streaming services would not be allowed to play ads with a louder volume than the show or movie being watched. Current FCC laws already prohibit this on television broadcasts, but that law was enacted before streaming services became popular.
(SB 766) Vehicle Sales
Starting in October, this new law allows a customer to return a used vehicle within three days of purchase, although they may be charged a restocking fee. It also requires auto dealers to disclose the full price of a vehicle and bans unwanted junk products and services that increase the price of the vehicle.
(AB 1327) Home Improvement
Allows a property owner to cancel a contract by email or a phone call for home improvement work or home solicitation of goods and services.
(AB 1374) Rental Vehicles
Requires that vehicle rental companies provide a total charges estimate to the consumer, including taxes and fees. Also mandates that the rental company disclose if the vehicle is gas powered or electric.
(AB 1299) Parking Tickets
Reduces or waives parking fines if the owner of the vehicle provides evidence they are unable to pay for the ticket in full due to homelessness or financial hardship. The vehicle owner can request a payment plan.
(SB 709) Self-Storage Fees
Requires that rental agreements for self-storage facilities disclose if the rental fee is discounted or promotional, whether the fee is likely to change and what the maximum rental fee could be during the first 12 months. The law applies to agreements signed on or after January 1, 2026.
FOOD
(AB 1053) Tortillas Folic Acid
A new ingredient is being added to your store-bought corn tortillas. This law requires manufacturers to add folic acid to corn tortillas and corn masa products to prevent birth defects, especially among Latinas. Smaller businesses that make their own masa products are exempt. Folic acid is already added to flour tortillas, bread and cereals.
(SB 68) Food Allergens
Beginning in July, restaurants with 20 or more locations nationally will have to list major food allergens as ingredients on each item on their menu. The food allergens include milk, eggs, fish, crustacean shellfish, tree nuts, wheat, peanuts, soybeans and sesame.
(AB 660) Food Safety Labels
Requires food manufacturers to use standard terminology in food date labeling. "Sell by" dates will be prohibited. They will be replaced with terms like "Best if Used by" for peak freshness or "Use or freeze by" for items that may spoil after a certain date. The law takes effect in July.
HEALTH
(SB 40) Insulin Cost
Caps the out-of-pocket cost of insulin to $35 for a 30-day supply for health plans regulated by the state of California. The law applies to large insurers while smaller health care providers must comply with the cost limit by 2027.
(SB 236) Chemical Hair Relaxers
The Curl Act bans toxic chemicals in hair relaxers that have been linked to cancer or cause reproductive harm.
(SB 27) CARE Act
Updates the Community Assistance, Recovery and Empowerment Act (CARE) to include people who experience psychotic episodes due to bipolar disorder. Also streamlines the court-supervised treatment program.
(SB 729) Infertility and fertility services
This bill mandates that large employer health plans cover infertility diagnosis and treatment, including IVF, for all individuals regardless of marital status, sexual orientation or gender identity and single parents by choice.
PETS
(AB 867) Cat Declawing
Bans the practice of declawing a cat to prevent them from scratching. Removing a cat's toe bone would only be allowed for medical reasons like an infection, disease or injury.
(AB 506) Puppy Mills
Requires pet sellers to disclose the health history and origin of dogs, cats and rabbits. Prohibits purchase contracts for pets with non-refundable deposits.
Another law (AB 519) prohibits pet brokers from selling or offering dogs, cats or rabbits for adoption that are under one year of age.
ARTIFICIAL INTELLIGENCE (SB 942) AI Transparency Act The California AI Transparency Act makes it easier for consumers to detect text, images, video or audio created or manipulated by artificial intelligence. Content platforms must provide watermarks or other tools to detect AI-generated content. Implementation of this new law has been delayed until August 2, 2026.
(SB 243) AI Chatbots Requires companies that operate chatbots to notify users believed to be minors that they are interacting with artificial intelligence and not a human. Chatbot operators must also prevent talk of suicide or self-harm by AI chatbots. Operators must file an annual report on conversations that included suicidal ideation beginning in July.
(AB 489) Healthcare
Prohibits that medical advice or assessment performed by artificial intelligence be misrepresented as information provided by a human with a health care license.
PERSONAL INFORMATION (AB 621) Deepfake Pornography Strengthens existing laws against posting sexually explicit material of an individual without that person's consent to include deepfake pornography or images created or digitally altered using artificial intelligence or digitization. Penalties against companies that do not take down deepfakes from their sites in a timely manner can go as high as $250,000.
(AB 656) Account Cancellation Requires that social media platforms provide an easy way for a user to delete an account and all their personal information.
(SB 362) Delete Act
Requires the California Privacy Protection Agency (CalPrivacy) to create a simple opt-out platform for consumers that want data brokers to delete their personal information. The Delete Request and Opt-Out Platform (DROP) website will be operational in January and data brokers have until August 1 to begin complying.
SCHOOLS
(SB 760) Gender Neutral Bathrooms
Requires that all K-12 public schools and charters have at least one all-gender restroom at each school site. The law takes effect in July in time for the 2026-2027 school year. Students cannot be forced to use the all-gender bathrooms.
(AB 3216) Phone-Free Schools
California school districts have until July to adopt policies that limit or prohibit the use of smartphones by students while they are on campus or under the supervision of a school district employee.
(AB 727) Identification Cards
Beginning in July, California's public middle schools, high schools and colleges must offer student identification cards with the telephone number and text line of the Trevor Project, a suicide prevention hotline for LGBTQ+ youth.
(SB 640) CSU Direct Admission
The newly created California State University (CSU) Direct Admission Program guarantees admission to 16 of the state's 22 CSU campuses for any student that completes A-G course work and maintains a qualifying grade point average.
(AB 461) Truancy
Repeals an existing law that fined parents up to $2,000 for chronically truant students.
LIBRARIES
(AB 1825) Book Censorship
The California Freedom to React Act prohibits libraries from banning or restricting access to books and other materials based on their content or the author. The law applies to libraries that receive state funding, including school libraries. Minors cannot be prohibited from checking out books with sexual content that is not obscene in nature.
WORKPLACE
Minimum Wage
The minimum wage in California is going up on January 1, 2026, to $16.90 per hour, an increase of $0.40 per hour. Many cities have higher minimum wage requirements. The minimum wage for fast food workers in California remains at $20 per hour.
(AB 288) Labor Law Enforcement
Empowers the state Public Employment Relations Board (PERB) to enforce labor laws and resolve unfair labor practice disputes if the National Labor Relations Board (NLRB) fails to act. Workers can also petition PERB to certify a union and order employers to bargain in good faith if the federal government does not take action.
(AB 1340) Gig Workers Gives Uber and Lyft drivers the right to form or join a union while maintaining their status as independent contractors. Also requires transportation network companies to bargain in good faith.
(AB 692) Training Repayment
Voids any terms of a labor contract that requires an employee to pay back a bonus or imposes a financial penalty if the employee leaves their job before a certain date. Also prohibits employers from requiring workers to repay training costs if they leave the company.
(SB 294) Know Your Rights
Starting in February, employers must provide workers with a written notice of their workplace rights, including workers' compensation benefits, the right to organize and protections against immigration related practices.
HOUSING
(AB 628) Rental Dwellings
Requires that landlords provide a working stove and refrigerator for any rental dwelling if the contract is signed in 2026 or later. Tenants can provide their own stove or refrigerator if it is mutually agreed upon with the landlord.
(AB 246) Tenant Protection
Prevents eviction if a tenant is unable to pay the rent because Social Security payments were delayed or terminated by the federal government through no fault of the renter.
(SB 79) Housing Development
Allows the construction of higher density housing within half a mile of high frequency bus lines, rail and subway stations. Residential buildings could go as high as nine stories if they are next to transit hubs. The law, which takes effect in July, only applies to eight counties, including Alameda, Los Angeles, Orange, Sacramento, San Francisco, San Mateo, San Diego and Santa Clara. It overrides local zoning laws that restrict high density housing.
FIREARMS
(SB 53) Gun Storage
Toughens gun laws by requiring firearms stored in the home to be locked up in a safe or other secure device when not immediately being handled. Closes a loophole that allowed unsecured storage if the gun owner did not expect children to be present. Not complying could result in a misdemeanor or felony.
(AB 1127) Converter pistols
Prohibits the sale of Glock handguns that come with a trigger bar which makes it easier to convert them into fully automatic weapons using a simple switch. The law, which takes effect in July, does not affect current owners of Glock pistols.
CRIME
(AB 250) Sexual Assault
Temporarily extends the statute of limitations for adult survivors of sexual assault to sue private individuals or institutions for an alleged cover up. Survivors can file claims between January 1, 2026, and December 31, 2027, no matter when the alleged crime occurred.
(SB 258) Spousal Rape
Eliminates the spousal exception to the definition of rape and makes it a crime to sexually assault a spouse who is unable to consent due to force, a disability or unconsciousness.
(SB 464) Victim's Rights
Requires all law enforcement agencies, medical facilities and public crime laboratories to conduct an audit by July 1, 2026, of all untested sexual assault evidence kits in their possession.
IMMIGRATION
Several of these immigration-related laws took effect as soon as they were signed by Governor Gavin Newsom in September and October.
(AB 495) Family Preparedness Act
AB 495 is a direct reaction to increased ICE activity under the Trump administration. It allows a court to appoint a legal guardian for children if their parents are deported. The law broadens the range of relatives that could be appointed as caregivers to include all adults related by blood or adoption, including great-great aunts or uncles, cousins or stepsiblings. The caregiver designation does not give the person custody and can be cancelled by the parents.
The Family Preparedness Act also prohibits child daycare facilities from collecting information about a family's immigration status or citizenship.
(AB 49) Immigration Enforcement in Schools
Prohibits school officials and employees from allowing federal immigration enforcement agents to enter schools without a warrant or court order. SB 98 requires schools to notify students, faculty and community members if federal immigration enforcement officers go into a campus.
(SB 81) Healthcare Providers
Designates a patient's immigration status as protected medical data. It also requires healthcare facilities to designate safe zones not open to the public where access by immigration enforcement agents is restricted.
(SB 805) Law Enforcement Badges
Requires law enforcement officers in California who are not wearing a uniform to visibly display identification that includes their agency and either name or badge number. The law also makes it a misdemeanor to impersonate a law enforcement officer.
(SB 627) Law Enforcement Masks
Makes it a crime for a law enforcement officer to wear a mask or facial covering while performing their duties. The law affects local peace officers as well as federal agents. Officers could face civil penalties for false arrest or imprisonment of an individual if they are wearing a face covering. The Trump administration is challenging the law in court.
CLIMATE CHANGE
(SB 261) Carbon Emissions
Requires that companies doing business in California with more than $500 million in annual revenue publicly report their greenhouse gas emissions. This includes emissions generated directly by their business or indirectly from activities like transporting products.
Google is at last letting users swap out embarrassing Gmail addresses without losing their data
By Nilesh Christopher, Staff Writer
Dec. 26, 2025 12:59 PM PT
Google has finally answered users’ cries, allowing Gmail users to swap out embarrassing teenage email addresses.
Gmail account holders can now change their existing @gmail.com address while retaining their data and services.
Once changed, old email addresses will remain active, and users will continue to receive emails sent to both the old and new addresses.
Saved data connected to earlier addresses, including photos, messages and emails, will not be affected.
The ability to change Google Account email addresses is gradually rolling out to all users, and is not immediately available to everyone, Google noted on its support page.
Gmail users who want to switch to more anonymous email addresses or felt burdened by the email addresses they chose as kids celebrated the update on social media.
“Feature needed: 2005. Feature arriving: 2025. Gap: two decades of suffering,” one user posted on X.
“So all those years of ‘cool’ usernames and cringe emails can be erased… shame it can’t delete the memories associated with them,” another X user posted.
“Nah I’m keeping StonerBeast42069 forever!!” one Reddit user quipped.
Members of the transgender community and others who have changed their names were also happy as the new options let them distance themselves from their former names.
Competing services such as Microsoft Outlook have long allowed users to easily change their primary address by adding an “alias.”
Google only allows accounts that end in @gmail.com to make changes, and the new address must also end in @gmail.com.
While users can reuse their old Google Account email address anytime, once changed, they cannot register another email address for the same account for the next 12 months.
Users interested in changing their emails under the new system need to confirm that it has been rolled out for their account.
In their Gmail account, users can click “Manage Your Google Account.” Under “Personal Info,” they can click on their Gmail account email address. If the option is available in their region, they can proceed by clicking on the “Change your Google Account email address” option.
Google finally lets Gmail users change their addresses
Edited by Rachel Kleinman, Editor at LinkedIn News
Gmail users long stuck with regrettable email addresses may finally be able to replace them without losing any of the data associated with their accounts. Updated guidance, which so far appears only on Google’s Hindi support pages, says the feature will eventually become available to all users. Those who make the change will retain access to their original addresses and all emails sent to them, the company said. Previously, the only option for users who wanted a new address was to create a new account and transfer data manually.
![[Image: image?url=https%3A%2F%2Fwww-cdn.anthropi...=3840&q=75]](https://www.anthropic.com/_next/image?url=https%3A%2F%2Fwww-cdn.anthropic.com%2Fimages%2F4zrzovbb%2Fwebsite%2Fb0d38712e4f7b8002bb3a2734ceeb33f34817a43-2755x2050.png&w=3840&q=75)
![[Image: 155506-1589903706396.jpg?w=3840]](https://images.axios.com/9TcUFtBPlDU98GhULlHR3Y_t0qg=/1920x1080/smart/2020/05/19/155506-1589903706396.jpg?w=3840)
![[Image: 5e49e04e2396476b886de19e162df1a7.ashx]](https://www.vktr.com/-/media/5e49e04e2396476b886de19e162df1a7.ashx)
![[Image: 767c1563cbbc4338bf0fa79472ed04cc.ashx]](https://www.vktr.com/-/media/767c1563cbbc4338bf0fa79472ed04cc.ashx)
