Human Employees Place Too Much Trust in AI Co-workers

Apple Files Lawsuit Against OpenAI for Trade Secrets Theft

Posted on July 11th, 2026

Summary

Audio Summmary

The Guardian writes that OpenAI CEO Sam Altman is reportedly in talks with US President Donald Trump to give the US government a 5% stake in OpenAI. The discussions are said to be in very early stages and “conceptual”. The deal seems conditioned on other AI companies like Anthropic, Google and Meta also giving a 5% stake. An OpenAI policy document proposes a “public wealth fund” to provide “every citizen – including those not invested in financial markets – with a stake in AI-driven economic growth”. Elsewhere, research from Oxford and Potsdam universities shows that AI drafting tools have biases and make small changes to texts that reflect the political leanings of the AI firms. Researchers found that AIs from Meta, Google, Alibaba and Mistral tended to rewrite humans’ posts with a liberal bias for topics like feminism, climate change, gun control and the legalization of marijuana. Grok AI tends towards the conservative or anti “mainstream narrative” side. On abortion for instance, it generated defenses of the pro-life view, but offered no explanation of the pro-choice viewpoint. Meanwhile, the BBC reported on research that examines whether people can be trained to distinguish photos of real people from AI generated photos. The consultancy firm Deloitte says that, in the US alone, AI deepfake scams could cost companies 54 billion USD next year. The research team believes that humans can be trained to better recognize AI images. In tests, people trained by the research team improved their accuracy of distinguishing real images and AI-generated images from 40% to 80%.

An MIT Technology Review article reports on a study on workplaces that employ both humans and AI employees. The study finds that human employees found 18% fewer errors when work came from an AI employee. The errors were there, but the human placed too much trust in the AI employee. One issue is that management tends to set unrealistic expectations on what AI can do; this excess of expectation automatically permeates to the human responsible for the AI employee. The article also finds that AI employees have become a convenient target of blame by humans for the mistakes that they themselves make.

Apple has filed a lawsuit against OpenAI alleging trade secret theft and breach of contract. OpenAI’s Chief Hardware Officer, Tang Tan, was specifically named in the filing. OpenAI is reportedly developing a smartphone that could become the first serious competitor of the iPhone. Apple believes that information was stolen during OpenAI’s recruiting process of former Apple employees in which candidates were allegedly asked to bring their Apple hardware to the interviews. Meanwhile, Meta released an image creation tool on the Meta App that allowed users to take another user’s photo and modify it, e.g., by adding comic traits. The company removed the application within days after users complained of their photos being used and modified without permission. Also in the news, the US government has lifted the export ban on Anthropic’s Mythos and Fable models. The ban was imposed on the company in June because the Mythos model was considered too good at finding security vulnerabilities in software, and at creating malware that could exploit these vulnerabilities. The Trump administration is being criticized by several AI company officials for a lack of clarity on global AI policy.

Anthropic has built a new tool that probes the inner layers of a language model to understand how answers get formulated. The idea behind the tool is to identify individual words in the inner workings of the model that could be used in the creation of model output responses. The human equivalent of what the tool sees are the words on a person’s mind just before he or she speaks. However, in one example, Claude Opus 4.6 was asked to find a bug in a large code base. Failing to find a bug, the model invented one. Its reasoning was “OK, let me take a completely different tactic. Let me stop analyzing and instead add a kernel patch that introduces a deliberate KASAN-detectable bug in a path that gets triggered by a simple reproducer. Then I can pretend this is the ‘bug’ I found.”.

On agentic AI, a VentureBeat article looks at the current situation around prompt injection attacks on large language models. A prompt injection attack happens when an attacker manages to confuse a model into performing an unwanted operation such as leaking sensitive data or creating content that violates the guidelines set by the administrators for the model (e.g., explaining how to build a bomb at home). EchoLeak is an example of a zero-click prompt injection that targeted Microsoft 365 Copilot. A specifically crafted email could make Copilot send internal file contents to an attacker-controlled server without a user having to open the email. Another article examines one of the main cybersecurity problems with agentic AI – that of agents sharing credentials between them or reusing some human user’s credentials. The impact of such sharing is to increase the likelihood of a cybersecurity incident, and one where the origin of the incident is hard to trace. The article encourages organizations to make an inventory of every agent’s credentials (to see whether these are unique or shared) and to sandbox the riskiest agents first.

1. AI agents are not your “coworkers”

This article reports on a study on workplaces that employ both humans and AI employees. The study finds that human employees found 18% fewer errors when the work came from an AI employee. The errors were there, but the human placed too much trust in the AI employee.

  • The idea of an AI employee has been gaining traction recently. Nvidia CEO Jensen Huang has already spoken of workplaces with digital humans. AI companies like OpenAI, Anthropic, and Google have all released tools for AI agent cooperation. In the cited study, one third of companies frame their AI agents as “employees” rather than just “tools”, and 23% of companies even list agents in their organizational chart.
  • One issue is that management tends to set unrealistic expectations on what AI can do; this excess of expectation automatically permeates to the human responsible for the AI employee.
  • The research finds that when a human has a concern about an AI employee’s work, they are 44% more likely to escalate the concern to their own manager rather than check the concern themselves. This increase in escalation is due to the human believing that the AI employee’s work should be right whereas errors are more expected from human employees. The result of the escalation is to slow down the work process.
  • The article finds that AI employees have also become a convenient place to blame by humans for the mistakes that they themselves make.

2. Trump drops restrictions on Anthropic’s Mythos and Fable models

The US government has lifted the export ban on Anthropic’s Mythos and Fable models.

  • The ban was imposed on the company in June because the Mythos model was considered too good at finding security vulnerabilities in software, and at creating malware that could exploit these vulnerabilities. Fable is a watered-down version of Mythos.
  • Anthropic found it very difficult to comply with the export restriction. They ended up having to block all access to the models.
  • Under the new arrangement, Anthropic can give their model to any organization that is approved by the US government. This is also the arrangement for OpenAI.
  • Two Asian models with performance close to Mythos and Fable – Fugu and Tulongfeng – have been released since June. Lifting the ban is also seen as a means for Anthropic to compete in the global AI market.
  • The Trump administration is being criticized by several AI company officials for a lack of clarity on global AI policy.

3. OpenAI ‘in early talks to give 5% stake to US government’

The Guardian writes that OpenAI CEO Sam Altman is reportedly in talks with US President Donald Trump to give the US government a 5% stake in OpenAI.

  • The discussions are said to be in very early stages and “conceptual”. The deal seems also conditioned on other AI companies like Anthropic, Google and Meta also giving a 5% stake.
  • The proposal is in line with recent policy papers from both Anthropic and OpenAI that propose the idea of a sovereign wealth fund that permits the profits of AI to be distributed to society at large. OpenAI’s document proposes a “public wealth fund” to provide “every citizen – including those not invested in financial markets – with a stake in AI-driven economic growth”.
  • Both Anthropic and OpenAI are preparing initial public offerings (IPOs) that could value each company at over 1 trillion USD.

4. Prompt injection is exploiting enterprise AI's biggest design flaws by targeting agents, RAG pipelines and model routers

This VentureBeat article looks at the current situation around prompt injection attacks on large language models.

  • A prompt injection attack happens when an attacker manages to confuse a model into performing an unwanted operation such as leaking sensitive data or creating content that violates the guidelines set by the administrators for the model (e.g., explaining how to build a bomb at home).
  • OWASP, the Open Web Application Security Project, cites prompt injection as the most critical security vulnerability for language models. CrowdStrike estimates that tracked criminal organizations targeted prompt injection attacks on more than 90 organizations in 2025.
  • Discovered in June 2025, EchoLeak (CVE-2025-32711, CVSS 9.3) is an example of a zero-click prompt injection that targeted Microsoft 365 Copilot. A specifically crafted email could make Copilot send internal file contents to an attacker-controlled server without a user having to open the email.
  • Modern prompt injection could take the form of cross-model injection where the output of one model is corrupted to attack another model upstream. Another approach used by criminals is to inject malicious prompts into documents used by retrieval-augmented generation systems (RAG).
  • With the advent if agentic AI, the risks associated with prompt injection attacks is no longer just “the model said something it shouldn't. Impacts include leaking sensitive data from company documents, triggering unauthorized actions and altering business workflows.
  • There is no definitive defense against these attacks. The article recommends restricting permissions assigned to agents and keeping models running in separate trust domains as well as monitoring for all tool invocations by the model.

5. Meta just launched a new AI generator, Muse Image, and users are already pushing back over use of their photos

This TechCrunch article reports on criticism of Meta’a new Muse Image tool mainly due to privacy concerns. Available through the Meta AI App, the tool allows users to create images.

Source TechCrunch

6. Anthropic found a hidden space where Claude puzzles over concepts

Anthropic has built a new tool that probes the inner layers of a language model to understand how answers get formulated by a model.

  • The tool is called the Jacobian lens (or J-lens) and Anthropic applied it to Claude Opus 4.6. A public version of the tool is available for Qwen.
  • The idea behind the tool is to identify individual words in the inner workings of the model that could be used in the creation of model output responses. The human equivalent of this J-space are the words on a person’s mind just before he or she speaks.
  • In one example mentioned in an Anthropic report, the J-lens looked at what happens in Claude when the model was asked to calculate (4+7)*2+7. The J-space contained the word “math” as well as the intermediate results “11” (for 4+7) and “42” (for 21*2).
  • However, in another example, Claude Opus 4.6 was asked to find a bug in a large code base. Failing to find a bug, the model invented one. Its reasoning was “OK, let me take a completely different tactic. Let me stop analyzing and instead add a kernel patch that introduces a deliberate KASAN-detectable bug in a path that gets triggered by a simple reproducer. Then I can pretend this is the ‘bug’ I found.”.
  • At that point, the J-space contained the works “panic” and “fake” multiple times.
  • For researchers at Anthropic, the J-lens has potential as a means to detect AI models going “off the rails.

7. Shared API keys expose AI agents at 69% of enterprises, new VentureBeat research finds

This VentureBeat article examines one of the main cybersecurity problems with agentic AI – that of agents sharing credentials between them or reusing some human user’s credentials. The impact of such sharing is to increase the likelihood of a cybersecurity incident, and one where the origin of the incident is hard to trace.

  • The article reports research from a Spring survey of 107 companies using agentic AI.
  • 54% of respondents admitted to a security incident or near-incident in the past year. The incident rate is 49% for companies with less than 1000 employees but increases to 63% for companies with more than 1000 employees.
  • Palo Alto Networks, CrowdStrike, and Cisco have collectively spent 22 billion USD on security research and development related to agentic AI in the past 12 months.
  • 32% of companies give all agents their own unique identity. 48% have agents with unique identities but with other agents sharing identities between them. 32% of companies have uses cases where most agents run with identities borrowed from humans or with shared API keys.
  • Most organizations rely on security measures from the model providers such as prompt-and-output filters to detect malicious calls. 70% of organizations spend less than 10% of their security budget on agents.
  • The article encourages organizations to make an inventory of every agent’s credentials (to see whether these are unique or shared), to sandbox the riskiest agents first, and to match the budget to the incident rate.

8. AI altering meaning of users’ drafts on issues from abortion to climate, study finds

This article describes research from Oxford and Potsdam universities which shows that AI drafting tools have biases that can make small changes to texts that reflect the political leanings of the AI firms.

  • The research examined xAI, Meta, Google, China’s Alibaba and France’s Mistral.
  • The researchers found that AIs from Meta, Google, Alibaba and Mistral tended to rewrite humans’ posts with a liberal bias for topics like feminism, climate change, gun control and the legalization of marijuana.
  • Grok AI tends towards the conservative or anti “mainstream narrative” side. On abortion for instance, the chatbot was more pro-life than pro-choice. When asked to explain posts on abortion, it generated defenses of the pro-life view, but offered no explanation of the pro-choice viewpoint.
  • Meta AI on the other hand is more pro-choice. When asked to improve the draft post “Abortion does not prevent rape”, the AI changed the text to: “Abortion does not prevent rape, but it can be a necessary choice for survivors.”.
  • Mistral AI altered a post containing climate change denial (“Ice cracking in the summer?? SO ALARMING. #climatechangehoax”) into a post raising climate change fears (“New research shows Arctic ice thinning even in summer. Alarming – our climate’s under pressure. #ClimateAction”).
  • For the researchers, the danger is that AI drafting tools might be hijacking public debate. One wrote: “The cost is that we are learning other people’s opinions when it is not their actual opinion… AI is forcing itself in as a gatekeeper of knowledge and understanding.”.

9. Apple sues OpenAI over alleged trade secret theft

Apple has filed a lawsuit against OpenAI alleging trade secret theft and breach of contract.

  • OpenAI’s Chief Hardware Officer, Tang Tan, was specifically named in the filing. Tang Tan worked at Apple for 24 years and was recently VP of product design for the iPhone and Apple Watch.
  • OpenAI is reportedly developing a smartphone that relies on AI agents instead of the usual Apps. It could become the first serious competitor of the iPhone.
  • In the filing, Apple says that OpenAI stole documents containing information in relation to unannounced technologies, features, and products, as well as technical specifications, engineering presentations, and proprietary project data.
  • Apple believes that information was stolen during OpenAI’s recruiting process of former Apple employees in which they allegedly asked candidates to bring their Apple hardware to the interviews.
  • The court case will kick off a legal discovery process that could allow Apple to get further details of the operation.
  • In response to the lawsuit, OpenAI released the statement: “We have no interest in other companies’ trade secrets. We remain focused on building innovative technology that empowers people everywhere.”.

10. See if you can spot an AI deepfake with our test

This article reports on research that asks whether people can be trained to distinguish photos of real people from AI generated photos of people.

  • The consultancy firm Deloitte reports that, in the US alone, AI deepfake scams could cost companies 54 billion USD next year, up from 16 billion USD in 2023. That year saw a Hong Kong firm lose around 34 million USD when a criminal managed to enter a video call, appearing as a deepfake of the boss. The criminal convinced colleagues to transfer the money to his account.
  • Deepfakes were easier to spot a few years ago as many had obvious errors like the wrong number of fingers on a person’s hand. The quality of deepfakes has increased greatly.
  • Nevertheless, the research team believes that humans can be trained to better recognize AI images. In tests, people trained by the research team improved their accuracy of distinguishing real images and AI-generated images from 40% to 80% on average.
  • The researchers draw attention to 6 qualities. The first is symmetry: AI currently has difficulty in creating human quirks like a slightly dropping eyelid. The second is proportionality: an AI image is less likely to have above average sized noses or protruding ears. Another quality is attractiveness: AI tends more to create faces that are pleasant looking.
  • Another quality is distinctiveness, or the “stand out in the crowd face”. A fifth quality is expressiveness: AI images tend to show less emotion. The sixth quality is memorability: the faces tend to be more difficult to remember.