Karpathy Joins Anthropic for Research, Supply Chain Attacks Hit Open Source, Deepfake Enforcement Advances

Andrej Karpathy Joins Anthropic to Focus on Research and Development

  • Karpathy previously co-founded OpenAI and led AI efforts at Tesla.
  • He founded Eureka Labs focused on AI education before this move.
  • The researcher aims to concentrate on core research and development work.

UNITED STATES, May 19 (TNGB) – Andrej Karpathy announced on May 19, 2026 that he has joined Anthropic. His background includes serving as a founding member of OpenAI in 2015 and directing AI and Autopilot vision at Tesla from 2017 to 2022. He returned briefly to OpenAI before founding Eureka Labs in 2024. Karpathy stated his intent to get back to research and development work at the new organization.

Talent shifts among top AI researchers continue to shape development priorities at leading laboratories.

Why This Matters: Researcher moves between major AI organizations can redirect expertise toward specific technical priorities and safety approaches.

  • Attackers targeted widely used open source software components.
  • The compromise forms part of an ongoing series of incidents.
  • Developers face risks from malicious code in trusted packages.

UNITED STATES, May 19 (TNGB) – Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack affecting the npm ecosystem. These packages serve as foundational components for many applications and developer tools. Recent activity includes separate waves that spread through maintainer accounts and publishing workflows. Security teams continue to track affected packages and issue alerts for users to verify dependencies and apply updates.

Supply chain attacks on open source repositories require ongoing monitoring by developers and organizations.

Why This Matters: Infected packages can introduce hidden risks into software used across industries and critical systems.

Selfie Liveness Checks Demonstrate Strong Performance Against Synthetic Faces

  • System verifies user through specific head movements and blinks.
  • Demo handles close range details like skin texture effectively.
  • It distinguishes real faces from advanced synthetic versions in tests.

UNITED STATES, May 19 (TNGB) – Demonstrations of selfie-based liveness verification tools have shown strong performance in distinguishing real users from synthetic faces. The systems request sequences of movements such as head turns and blinks while analyzing fine visual details during close approaches to the camera. Tests indicate improved resistance to spoofing attempts that previously challenged detection methods. Observers noted realistic rendering outcomes in controlled comparisons.

Improved liveness detection tools raise the bar for reliable identity verification in digital systems.

Why This Matters: Stronger liveness checks reduce successful spoofing attempts in authentication and security applications.

German Teen Investigated for Online Joke About Former Chancellor

  • Teen faced probe over a low view count social media post.
  • The comment criticized slow internet speeds during a game download.
  • Authorities required deletion of the content under insult laws.

GERMANY, May 19 (TNGB) – A teenager in Germany faced investigation after posting a joke about former Chancellor Olaf Scholz on social media. The post referenced slow download speeds of 173 kilobytes per second while attempting to download Fortnite and received roughly 500 views. Officials treated the remark as a potential criminal insult to a politician and ordered its deletion. The case involved standard enforcement procedures under applicable speech regulations.

Enforcement of insult laws against low-reach online posts can limit casual personal expression.

Why This Matters: Application of speech rules to minor online comments illustrates enforcement scope in digital spaces.

New Wave of Shai Hulud Malware Infects Hundreds of npm Packages

  • Attack compromised around 600 packages in the latest incident.
  • It continues a pattern of supply chain infiltrations in developer tools.
  • Maintainers and users received warnings to check and update components.

UNITED STATES, May 19 (TNGB) – Reports describe a new wave of Shai Hulud malware activity that compromised hundreds of npm packages through supply chain methods. The campaign builds on earlier incidents that targeted developer repositories and spread via compromised accounts. Security researchers tracked propagation patterns and issued alerts about affected packages. Organizations using these tools should audit dependencies and strengthen verification processes to reduce exposure.

Repeated supply chain incidents in package ecosystems highlight persistent risks for developers.

Why This Matters: Malware waves in widely used package repositories can expose large numbers of downstream projects to compromise.

  • Increases noted under Communications Act and Online Safety Act provisions.
  • Section 179 of the safety law draws particular attention from monitors.
  • Campaigners track cases to highlight potential impacts on expression.

BRITAIN, May 19 (TNGB) – Speech related arrests have increased in Britain with enforcement actions under the Communications Act, Malicious Communications Act, and Online Safety Act section 179. Police pursue cases involving online posts alleged to violate content rules or cause distress. Monitoring groups collect accounts from affected individuals to document patterns in public discourse. The trend coincides with expanded platform obligations and government regulatory efforts.

Expanded enforcement of online speech rules in Britain prompts ongoing discussion about expression boundaries.

Why This Matters: Increased arrests under content laws can influence public willingness to post opinions online.

Shai Hulud Malware Infects Additional npm Packages After New Compromise

  • Another 314 packages reportedly affected in the continuing campaign.
  • Attackers used compromised accounts to publish malicious updates.
  • The worm like behavior allows further spread through the ecosystem.

UNITED STATES, May 19 (TNGB) – The Shai Hulud campaign reportedly infected additional npm packages following further account compromises in the ongoing series of incidents. Attackers used stolen credentials to publish updates that spread malicious code through popular libraries. Earlier waves had already affected hundreds of packages across multiple namespaces. Security teams continue monitoring propagation and advising users on verification steps.

Ongoing account compromises in package ecosystems sustain risks for software supply chains.

Why This Matters: Continued propagation through maintainer accounts extends the reach of supply chain threats over time.

US Deepfake Crackdown Introduces New Regulatory and Practical Challenges

  • Enforcement targets non consensual or misleading synthetic media.
  • Implementation raises questions about detection accuracy and scope.
  • Critics point to potential overreach and inconsistent application.

UNITED STATES, May 19 (TNGB) – The United States has advanced enforcement measures against nonconsensual intimate deepfakes under the TAKE IT DOWN Act. The law prohibits knowing publication of intimate visual depictions or digital forgeries in specified circumstances and requires covered platforms to implement notice-and-removal processes by May 19, 2026. Implementation involves coordination between platforms, users, and authorities. Observers note varying standards and technical challenges in detection and compliance.

Deepfake regulations in the United States test the balance between protection measures and implementation consistency.

Why This Matters: Platform obligations for intimate deepfake removal create new compliance requirements and potential inconsistencies in practice.

Researchers Develop Method to Bypass AMD Hardware Protections

  • Method targets Infinity Fabric interconnect in AMD processors.
  • It reportedly circumvents certain built in security features.
  • Findings come from detailed hardware security analysis efforts.

UNITED STATES, May 19 (TNGB) – Researchers have demonstrated a technique that bypasses certain hardware security protections in AMD processors by targeting the Infinity Fabric interconnect. The approach exploits architectural aspects to gain unauthorized access or circumvent safeguards in tested configurations. This work adds to broader examinations of processor level vulnerabilities across major chip designs. AMD and security researchers continue evaluating implications and potential mitigations.

Hardware level bypass findings underscore the value of layered security approaches in processor design.

Why This Matters: Demonstrated bypasses of interconnect protections highlight ongoing challenges in hardware security assumptions.

X Limits Unverified Accounts to 50 Original Posts and 200 Replies Daily

  • Platform applies daily caps to original posts and replies for unverified accounts.
  • Change affects users without premium or verified status.
  • It aims to manage content volume and platform capacity.

UNITED STATES, May 19 (TNGB) – X has implemented daily limits for unverified accounts consisting of 50 original posts and 200 replies. The restriction seeks to control the volume of content from accounts without paid or verified status. Users subject to the caps encounter these thresholds while verified or premium accounts retain higher allowances. The policy reflects efforts to balance platform capacity with user activity patterns.

Daily posting limits on social platforms shape how unverified users participate in public conversations.

Why This Matters: Posting caps for unverified accounts alter daily engagement patterns for a large portion of users.