Tech News

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), emails from multiple governmental agencies in the United States were pilfered by Russian hackers facilitated by the Russian government as a consequence of a continuous Microsoft cyberattack. The U.S. cyber agency said in a statement released on Thursday that the incident, which Microsoft first made public in January, gave the hackers access to federal government communications “through a successful compromise of Microsoft corporate email accounts.” The hackers, who go by the name APT29 and whom Microsoft refers to as “Midnight Blizzard,” are generally thought to be employed by Russia’s Foreign Intelligence Service, or SVR. “A serious and intolerable risk to agencies is posed by Midnight Blizzard’s successful infiltration of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft,” the CISA stated. Based on fresh evidence that Russian hackers were stepping up their attacks, the federal cyber agency said it issued a new emergency directive on April 2 directing civilian government agencies to take steps to secure their email accounts. On Thursday, CISA released the emergency directive’s contents, giving the government agencies involved a week to secure the compromised systems and change their passwords. When TechCrunch contacted a CISA representative, they did not immediately respond. CISA did not identify the federal departments whose emails were compromised. Cyberscoop broke a report on the emergency decree last week. The emergency decision is issued as Microsoft’s security procedures come under closer examination following a wave of hacks by hostile nations’s hackers. The software behemoth is mostly relied upon by the US government to host official email accounts. After discovering that the Russian hacker organization had compromised several company email systems, including the email accounts of “senior leadership team and employees in our cybersecurity, legal, and other functions,” Microsoft made the announcement public in January. According to Microsoft, the Russian hackers were looking for information regarding what Microsoft’s security teams and Microsoft itself knew about the hackers. The IT behemoth then claimed that the hackers had not only targeted Microsoft but other companies as well. It is now discovered that US government entities were among the impacted organizations. Microsoft declared in March that it was still working to remove the Russian hackers from its networks, referring to the operation as an “ongoing attack.” The business stated in a blog post that the hackers were trying to get access to further internal Microsoft systems and steal more data, including source code, by using the “secrets” they had originally taken. When TechCrunch questioned Microsoft on Thursday about the steps the firm has taken to address the assault since March, the company did not respond right away. The U.S. Cyber Safety Review Board (CSRB) wrapped up its investigation into an earlier 2023 breach of emails belonging to the U.S. government that was ascribed to hackers with support from the Chinese government earlier this month. An independent panel of government representatives and commercial sector cyber specialists, the CSRB, placed the blame on a “cascade of security failures at Microsoft.” These made it possible for the hackers supported by China to steal a private email key that gave them wide access to both official and private emails. Twenty thousand people were told in February by the U.S. Department of Defense that their personal information had been compromised online after a cloud email server housed by Microsoft in 2023 became unlocked for many weeks.

TAMPA, Florida: Eutelsat 36D most recent geostationary satellite was launched by SpaceX on March 30. The journey to a geostationary orbit slot over Africa and Eurasia is expected to take around six months.  Launch Complex 39A at Kennedy Space Center, Florida, saw the launch of a Falcon 9 rocket carrying the approximately 5,000-kg Eutelsat 36D, which was deployed into a geostationary transfer orbit 34 minutes later. The launch occurred at 5:52 p.m. Eastern time. Equipped with seventy physical Ku-band transponders, Eutelsat 36D is built on the all-electric Airbus Eurostar Neo platform and provides TV and government communication services from 36 degrees East. The outdated Eutelsat 36B satellite operated by French fleet operator Eutelsat will be replaced by the steerable antennaed spacecraft. Following positioning and the successful completion of health checks, Eutelsat CEO Eva Berneke stated that the company plans to launch commercial services for Eutelsat 36D in the second half of 2024. The spacecraft would share space with Russia’s RSCC-operated Ekspress-AMU1, popularly referred to as Eutelsat 36C. One of the satellites Eutelsat rents capacity from, Ekspress-AMU1, has been affected by sanctions as a result of Russia’s conflict in Ukraine. Reuse anniversary After launch, the rocket’s first stage made a safe landing on a droneship in the Atlantic Ocean, making SpaceX the company that has returned a Falcon 9 booster for reuse 273 times. On March 30, 2017, SpaceX launched the first Falcon 9 rocket that was reused for a customer seven years ago on a mission for SES of Luxembourg. This year, SpaceX has launched 30 missions, the most recent being Eutelsat 36D. However, a little over four hours later, SpaceX launched a number of satellites from a nearby pad at the Cape for its Starlink low Earth orbit (LEO) broadband constellation. Due to bad weather, SpaceX had canceled its scheduled launch of an additional set of Starlink satellites from Vandenberg, California, on March 30. After acquiring OneWeb last year, Eutelsat now runs a network of over 600 low-Earth orbit satellites in addition to 35 geostationary satellites. By the end of June, the business anticipates having finished 90% of the ground network OneWeb requires for fully worldwide services. Multi-orbit capabilities, according to Eutelsat, will provide it with an advantage over Starlink and other single-orbit constellations by providing more network redundancy and flexibility to commercial and government customers. 

Elon Musk, the owner of xAI, announced on Tuesday that the company formerly known as Twitter will soon make the Grok chatbot available to additional paying members, in response to the company’s decision earlier in March to make its Grok big language model open source. Musk said in a post on X that Grok will now be accessible to all Premium users this week, not only those on the more expensive Premium+ plan. The change may indicate an intention to take on more direct competition from other well-known chatbots, such as Claude from Anthropic or ChatGPT from OpenAI. However, it can also mean that X is attempting to increase its subscriber base. The news comes at a time when research shows that the X platform is struggling to keep its user base and that fewer people are utilizing it. X usage in the United States was down 23% since Musk’s acquisition and down 18% year over year as of February, according to new data from Sensor Tower that was revealed by NBC News. Sensor Tower discovered that 75 out of the top 100 U.S. advertisers on X as of October 2022 no longer spent ad budgets on the platform, suggesting that Musk’s battle with advertisers may have also affected the company’s income prospects. Providing X users with access to an AI chatbot may deter them from switching to other platforms, such as Instagram’s Threads or the decentralized platforms Mastodon and Bluesky, which grew quickly to reach over 130 million monthly users as of the fourth quarter of 2023 thanks to Meta’s resources. Musk just stated that Grok “would be enabled” for all Premium subscribers “later this week,” without specifying when it would be made available to X users. The company’s mid-tier subscription, X Premium, costs $8 a month (via the internet) or $84 annually. Grok was previously exclusively available to Premium+ members, costing a substantial $168 annually or $16 per month. Given that it can answer queries regarding subjects that other AI chatbots usually avoid, such as conspiracies or more divisive political concepts, Grok’s chatbot would be of interest to Musk’s supporters and avid X users. It will also respond to inquiries with what Musk has called “a rebellious streak.” Most importantly, compared to competitors, Grok has access to real-time X data. Naturally, if X is losing users, the value of that data under Musk’s control might be declining.

Now, SpaceX has two launch pads in Texas and two in Florida, totaling at least four Starship launch platforms. Following the last launch of the United Launch Alliance’s Delta IV Heavy rocket later this year, one of the main launch pads at Cape Canaveral Space Force Station will be unoccupied. The huge complex is intended to serve as the new home for SpaceX’s Starship launch vehicle. According to a new website describing the plan, the environmental review for SpaceX’s proposal to take over Space Launch Complex 37 (SLC-37) at Cape Canaveral is getting started now. Three public in-person meetings and one virtual meeting are planned for March to gather feedback from locals. Subsequently, an environmental impact statement will be produced by federal agencies, spearheaded by the Department of the Air Force, to assess the potential effects of starship launch and landing operations on the surrounding land, air, and water of SLC-37, located on Space Force property along the Atlantic coastline. Converting SLC-37 for starship launches won’t happen anytime soon because environmental evaluations for rocket launch facilities usually take more than a year. In this instance, federal representatives plan to release a preliminary report by October 2025, followed by a final environmental impact statement by December. More immediately, ULA still has one more Delta IV Heavy rocket scheduled to launch in March from SLC-37 carrying a National Reconnaissance Office-class surveillance satellite. Following the successful launch, ULA will shut down operations at SLC-37 and eventually return the building to the Space Force, which will then seek a new occupant. Industry insiders have been pointing to SpaceX as the front-runner to take over SLC-37 once ULA completes the launch pad for a number of months. However, it’s not completely finalized yet. A top ULA official revealed to Ars last year that the business was considering keeping a presence at SLC-37. Launched last month, the Vulcan rocket from ULA will supersede the Delta IV and Atlas V spacecraft. Its new launch pad is located several miles up the coast from SLC-37. In order to increase the frequency of Vulcan launches, ULA is modernizing and growing its ground facilities at Cape Canaveral. An official from ULA informed Ars that the firm might wish to keep storing and horizontally processing Vulcan rockets at a hangar located immediately south of the Delta IV launch pad. Although specifics of SpaceX’s plans for SLC-37 are lacking, the company stated on the website for environmental reviews that it will “modify, reuse, or demolish the existing SLC-37 infrastructure to support Starship-Super Heavy launch and landing operations.” SLC-37’s history began in the 1960s, when NASA utilized the location for eight Saturn I and Saturn IB rocket flights to train for the Apollo mission. After 30 years of inactivity, Boeing came into the site to prepare SLC-37 for the Delta IV rocket, which has now taken 34 flights from SLC-37. Currently, the launch pad has a permanent umbilical tower, a 330-foot-tall (100-meter) mobile gantry, a flame trench for Delta IV flights, and a fixed erector. All of that infrastructure would not be needed for Starship, the largest rocket in the world, so if SpaceX takes over the pad, there will probably be a lot of construction and demolition work done. Should SpaceX not receive authorization to utilize SLC-37, the business may construct a completely new launch pad called Space Launch Complex 50. If SpaceX follows this course, SLC-50 would be constructed on undeveloped territory to the north of SLC-37 and to the south of SpaceX’s main Falcon 9 rocket launch pad at Space Launch Complex 40. Goodbye to LC-49, hello to SLC-37 SpaceX is becoming serious about building a second base for Starship on Florida’s Space Coast, as seen by their interest in relocating to SLC-37. At NASA’s Kennedy Space Center’s Launch Complex 39A (LC-39A), SpaceX built a launch tower and launch mount for Starship in 2022. However, the corporation didn’t make much headway in that area last year as crews concentrated on Starship test flights out of South Texas. The CEO and founder of SpaceX, Elon Musk, claims that Starship is the rocket that would enable him to realize his goal of establishing a colony on Mars. Additionally, he has promoted Starship as a means of point-to-point transportation on Earth. The Super Heavy booster and the upper stage of Starship are intended to be completely and quickly reusable, with both stages making propulsive landings back on Earth. Landing platforms will be converted into starship launch pads. Prior to achieving any of those aspirations, the ship must enter orbit. Although SpaceX came very close to success on its second launch in November of last year, the first two full-scale Starship test flights didn’t go very far. Possibly as early as March, SpaceX plans to use the third Starship test flight to accomplish a near-orbital mission. Musk eventually sees Starship launching several times a day on a range of tasks, including refilling tankers and transporting people, cargo, and satellites into orbit. SpaceX will require a large number of launch and landing pads to accomplish this. Although it has considered it, SpaceX has shelved plans to float offshore launch and landing sites. SpaceX intends to construct a second Starship launch tower at its Starbase test site in Cameron County, Texas, in the near future. In addition, there is the half-constructed launch tower located at LC-39A. Recently, SpaceX has focused on SLC-37. Previously, SpaceX considered constructing a second Starship launch pad from the ground up on NASA land at the Kennedy Space Center. Launch Complex 49 is the site of NASA’s environmental investigations, which began in 2021. NASA has stopped operations on Launch Complex 49, a spokesman for the agency told Ars on Friday. The person is Patti Bielling. “At this time, there are no activities involving LC-49 on Kennedy,” Bielling stated. “Any previous activities regarding LC-49 were suspended, and no actions were taken.” Starship will be used as a human-rated lunar lander for NASA’s Artemis program as one of its initial operational uses. In

Google will no longer maintain an archive of the whole web. The “cached” links provided by Google Search were formerly a reliable means to access websites that were unavailable or had changed. However, the business is currently eliminating these links. According to Google “Search Liaison” Danny Sullivan, the feature “was meant for helping people access pages when way back, you often couldn’t depend on a page loading.” Danny Sullivan confirmed the feature removal in an X post. Things have significantly improved these days. Thus, the decision was made to retire it. Since December, the feature has been coming and going for some users, and as of right now, Google Search is showing no cache links. As of right now, you can still create your own cache links without the button by entering “cache:” plus a URL into Google Search or by visiting “https://webcache.googleusercontent.com/search?q=cache:” plus a website URL. Ars Technica’s cached version appears to be functional for the time being. Google has removed all of its support pages pertaining to cached websites. Cache links were located beneath the drop-down menu that was adjacent to each search result on the Google homepage. The Google web crawler would save a duplicate of every webpage it saw while searching the Internet for fresh and updated content. As a result, Google soon had an almost complete backup of the Internet, utilizing presumably tens of petabytes of data. Given that Google is currently experiencing a cost-cutting phase, it should be able to free up a significant amount of resources by simply beginning to remove its cache. Cache links were useful in case the website was unavailable or rapidly updated, but they also revealed some information about the “Google Bot” web crawler’s browsing habits over time. Not every page is shown exactly as you would expect. Pages used to be text-only, but over time, the Google Bot (of which there are now several specialized ones) learnt about media and other rich data, such as javascript. To keep SEO spammers away, many Google Bot information are kept under wraps, but you may still learn a lot by looking into what cached sites look like. Google made the switch to mobile-by-default in 2020, thus, for example, if you click on the previously cached Ars link, you will be redirected to the mobile site. You can still use the Search Console to find out more about how your website appears to a Google Bot if you are the site owner. However, this feature is limited to your own website. The Internet Archive will have more work to do in order to archive and monitor changes to websites throughout the globe as a result of cached sites disappearing.

Senior executives’ emails were accessed in a network hack that took two months to detect. Microsoft claimed late Friday that senior executives, staff members in the security and legal departments, and other employees’ emails and documents were compromised by Russia-state hackers using a weak password to gain access to Microsoft’s corporate network.This is at least the second time in as many years that a breach that might potentially hurt customers has resulted from a failure to follow basic security hygiene. Microsoft ascribed the attack to a hacker group it follows, Midnight Blizzard, which has received support from the Kremlin. The disclosure that was submitted to the Securities and Exchange Commission on Friday covered the following astounding paragraph: Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed. It wasn’t until January 12, precisely one week before Friday’s disclosure, that Microsoft discovered the problem. The possibility that the Russian hackers had unrestricted access to the accounts for up to two months is raised by Microsoft’s statement.An interpretation of the 93 words mentioned earlier: Inside Microsoft’s network, a device was secured with a weak password and no two-factor authentication mechanism. By repeatedly trying passwords that were either widely used or previously breached, the Russian adversary group was able to guess them until they eventually found the correct one. The threat actor then gained access to the account, suggesting that 2FA was either disregarded or that the security was compromised in some other way. Moreover, Midnight Blizzard managed to turn around and obtain access to some of the most senior and private personnel accounts in the company by manipulating this “legacy non-production test tenant account.”According to what Columbia University computer science and affiliate law professor Steve Bellovin, who has decades of experience in cybersecurity, wrote on Mastodon: A lot of fascinating implications here. A successful password spray attack suggests no 2FA and either reused or weak passwords. Access to email accounts belonging to “senior leadership… cybersecurity, and legal” teams using just the permissions of a “test tenant account” suggests that someone gave that test account amazing privileges. Why? Why wasn’t it removed when the test was over? I also note that it took Microsoft about seven weeks to detect the attack. Although Microsoft claimed to be unaware of any proof that Midnight Blizzard had access to source code, production systems, customer environments, or artificial intelligence systems, some researchers expressed concerns, especially regarding the possibility that the Microsoft 365 service was or was vulnerable to similar attack methods. Kevin Beaumont, a longtime cybersecurity expert who once worked for Microsoft, was one of the researchers. He posted this on LinkedIn: Microsoft staff use Microsoft 365 for email. SEC filings and blogs with no details on Friday night are great.. but they’re going to have to be followed with actual detail. The age of Microsoft doing tents, incident code words, CELA’ing things and pretending MSTIC sees everything (threat actors have Macs too) are over — they need to do radical technical and cultural transformation to retain trust. The acronym CELA stands for Corporate, External, and Legal Affairs, a Microsoft division that assists with disclosure drafting. The Microsoft Threat Intelligence Center is referred to as MSTIC.According to a Microsoft representative, the business declined to respond to inquiries about whether standard security procedures were followed.The hack is similar to one that Microsoft experienced the previous year when hackers from China’s state, identified as Storm-0558, gained access to the company’s network. The team gained access to Exchange and Azure accounts over the course of the following month, many of which belonged to the US Departments of State and Commerce. Further READINGMicrosoft reveals the reason behind the Azure breach at last: There was account hacking for an engineer.According to what had been reported in September: The corporate account of one of its engineers had been hacked. Storm-0558 then used the access to steal the key. Such keys, Microsoft said, are entrusted only to employees who have undergone a background check and then only when they are using dedicated workstations protected by multi-factor authentication using hardware token devices. To safeguard this dedicated environment, email, conferencing, web research, and other collaboration tools aren’t allowed because they provide the most common vectors for successful malware and phishing attacks. Further, this environment is segregated from the rest of Microsoft’s network, where workers have access to email and other types of tools. Those safeguards broke down in April 2021, more than two years before Storm-0558 gained access to Microsoft’s network. When a workstation in the dedicated production environment crashed, Windows performed a standard “crash dump,” in which all data stored in memory is written to disk so engineers can later diagnose the cause. The crash dump was later moved into Microsoft’s debugging environment. The hack of a Microsoft engineer’s corporate account allowed Storm-0558 to access the crash dump and, with it, the expired Exchange signing key. Normally, crash dumps strip out signing keys and similarly sensitive data. In this case, however, a previously unknown vulnerability known as a “race condition” prevented that mechanism from working properly. Not to be outdone, Mandiant, the security company owned by Google, just had an X (previously Twitter) account hijacked. Mandiant subsequently stated that a “brute force” attack on the account password was the cause of the breach. Mandiant did not go into detail. According to the explanation, the account was not secured by 2FA, and the password was likewise weak.Microsoft is moving more quickly to deploy a Secure Future Initiative, which it first unveiled last

With the goal of laying off other Googlers, the company is now developing AI tools. We discovered in December that Google’s ad sales division may be facing layoffs, and now those rumors have materialized. Google is reportedly firing “hundreds of employees” from the ad sales division, according to Business Insider. The “Large Customer Sales” (LCS) team, which handles the company’s largest advertising clients, is where the majority of the layoffs are made. This was what we anticipated. The information indicated that Google’s ad division might experience layoffs this month. According to that research, a large number of them are being replaced by AI and are either being laid off or reassigned. Recently, Google has been adding a ton of generative AI features to Google Ads, its flagship product. One is a natural language chatbot that assists users in navigating the wide array of advertising products; another is an autonomous system that generates text and image ad assets based on the goals and budget provided by the ad buyer. As part of a product called “Performance Max,” Google’s generative AI ad engine automatically remixes and modifies your advertising based on click-through rate, which serves as an instantaneous feedback mechanism. AI can now perform tasks that humans could once only perform once per thousand seconds, such as creating graphic assets, deciding on text and layouts, and providing sales recommendations for Google’s goods. This is the most recent layoff that Google has experienced since last year. “Hundreds” of employees were let go from the AR, Google Assistant, and hardware areas last week. Prior to that, layoffs occurred in Google News, and prior to that, layoffs occurred in Waze, Waymo, the robot division, recruitment, and pretty much everywhere at Google. The complete staff note announcing the layoffs, which was delivered by Google’s chief business officer, Philipp Schindler, is available in the Business Insider piece. Although AI isn’t mentioned in the message as a factor in the layoffs, it appears from the earlier report that Google employees are now trying to fire some of their colleagues. This is going to be one of the first in an anticipated wave of employment layoffs in the industry due to generative AI.

Researchers claim that it requires selective training because it is inadequate at identifying linkages. While the talkative AI bot’s success rate in diagnosing difficult medical cases was just 39% in an examination conducted last year, a report published this week in JAMA Pediatrics reveals the fourth version of the huge language model performs particularly poorly when it comes to children. Only 17% of pediatric medical issues could be diagnosed using it accurately. In case it was a concern, the low success rate indicates that human pediatricians won’t be out of work very soon. According to the authors, “[T]his study underscores the invaluable role that clinical experience holds.” However, it also points out the crucial flaws that caused ChatGPT’s high mistake rate and suggests fixes to make it a practical clinical care tool. Many physicians, including pediatricians, believe that AI chatbots will eventually find their way into clinical practice due to the high level of interest and development in this field. Generally speaking, the medical industry has been an early user of AI-powered technology. This has led to both major accomplishments and disappointments, including the creation of algorithmic racial bias and the automation of administrative activities as well as the assistance in the interpretation of retinal and chest scan pictures. There is a lot in between as well. However, because AI can solve problems, there is a lot of interest in making it a useful tool for difficult diagnosis. A quirky, prickly, pill-popping medical genius is not necessary. According to a recent study by researchers at New York’s Cohen Children’s Medical Center, ChatGPT-4 isn’t currently suitable for diagnosing pediatric patients. The researchers observe that pediatric instances necessitate a greater consideration of the patient’s age than general cases. Furthermore, as all parents are aware, it can be particularly challenging to diagnose illnesses in newborns and early children since they are unable to identify or describe all of their symptoms. The researchers tested the chatbot in the study using 100 pediatric case challenges that were published in NEJM and JAMA Pediatrics between 2013 and 2023. These are actual medical cases that were released as tests or challenges. Physicians who are following along are welcome to attempt to diagnose a complicated or uncommon case correctly using the information that the attending physicians had available at the time. Occasionally, the articles also detail how the attending physicians arrived at the accurate diagnosis. Missed connections The required content from the medical cases was placed into the prompt for ChatGPT’s exam. Two trained physician-researchers then graded the AI-generated responses, classifying them as either correct, incorrect, or “did not fully capture the diagnosis.” In the latter instance, ChatGPT identified a clinically relevant ailment that was either too general or too vague to be accepted as the accurate diagnosis. For example, in one child’s case, ChatGPT identified the cause as a branchial cleft cyst, which is a lump in the neck or below the collarbone, but the true diagnosis was Branchio-oto-renal syndrome, a genetic condition causing abnormal development of neck tissue along with kidney and ear malformations. The development of branchial cleft cysts is one of the symptoms of the illness. In a total of 100 cases, ChatGPT correctly identified the solution in just 17. In seventy-two cases, it was blatantly incorrect, and in the eleven cases that remained, the diagnosis was incomplete. 47 (57%) of the 83 incorrect diagnoses involved the same organ system. Researchers discovered that among the failures ChatGPT seems to have trouble identifying recognized connections between ailments—things that a knowledgeable doctor would ideally be able to identify. For instance, in one medical instance, it failed to draw the link between scurvy (a vitamin C deficit) and autism. Restricted diets resulting from neuropsychiatric diseases like autism can cause vitamin deficits. Therefore, doctors should be alert for neuropsychiatric problems as they are significant risk factors for the development of vitamin deficiencies in children residing in high-income nations. Meanwhile, ChatGPT identified the illness as a rare autoimmune disorder. Even though the chatbot performed poorly in this test, the researchers believe it may do better if it were explicitly and selectively trained on reliable medical literature rather than content from the Internet, which can contain false and misleading information. Additionally, they propose that chatbots could function better if they had more immediate access to medical data, which would enable the models to “tune” or increase their accuracy. “This presents an opportunity for researchers to investigate if specific medical data training and tuning can improve the diagnostic accuracy of LLM-based chatbots,” the researchers conclude.

An innovative AI picture generator capable of creating eldritch horrors was developed on Disney’s 1928 cartoons Three traditional Mickey Mouse cartoons became publicly available in the US on January 1st, and artificial intelligence researchers haven’t wasted any time utilizing this opportunity. An AI model trained on those public-domain cartoons was posted to Hugging Face on Monday by Pierre-Carl Langlais, a digital humanities researcher. Anyone can use this model to create new still images in response to a written request. The results demonstrate a noteworthy early exploration of integrating public domain Mickey into the AI sphere, despite the fact that they are haphazard and occasionally jumbled. The new model is capable of creating images of Peg Leg Pete, Mickey Mouse, and Minnie Mouse. Langlais says on the model card, “The generated image confirms [sic] the 1928 design in order to have Mickey, Minnie, and Pete and is in the public domain. This is still a work in progress; while the model is in development, generated images should be checked to ensure they really are in the public domain. Langlais employed 40 stills from The Gallopin’ Gaucho, 22 stills from Plane Crazy, and 34 cartoon image stills from Steamboat Willie—all of which were released in 1928 and are currently in the public domain—to fine-tune a version of Stable Diffusion XL in order to generate the model. Though it produced lower-quality results, he probably kept the number of images short for practical reasons because additional stills would have meant more money and training time. Additionally, Langlais notes on the model card that although the training isn’t yet at the best level, things could improve in time: “Hopefully, with the cartoons now being part of the public domain, higher definition versions should be available.” Soon after the new model was announced on social media, Techdirt editor Mike Masnick started an argument on Bluesky where users were jokingly creating pictures of Mickey Mouse with the new AI image generator that Disney’s probably wouldn’t want to see. Some of the images included Mickey smoking crack, attacking the US Capitol, being nailed to a crucifix, and transforming into a horrible eldritch creature. Any themes not found in the original works have been derived from the Stable Diffusion XL base model, as Mickey cartoons haven’t featured crucifixes or Lovecraft horrors since 1928. Naturally, Mickey Mouse has already been the target of jokes of this nature without the use of AI. Even if the early Mickey had not yet reached the public domain, many of these pictures would probably be covered by fair use laws for parody. Additionally, it was formerly feasible to create Mickey graphics with AI if you employed an unfiltered AI image generator. In particular, though, people are experimenting with the fact that the 1928 Mickey Mouse picture can now be used totally and freely, legally, as AI training data without any restrictions (despite the fact that the legality of copyrighted training data remains unsettled in the US). It’s important to note that even with Stable Diffusion XL used here, the photographs are not entirely legal because their base model uses training data that contains copyrighted works. However, as we just discussed, since the problem hasn’t been entirely handled, it’s also not necessarily prohibited. This involves a great deal of sensitivity. The fact that AI-generated images are technically in the public domain in the US and cannot be copyrighted adds to the intrigue of the legal situation. However, some of the images may not be entirely in the public domain if they contain unapproved usage of characters or designs that are protected by copyright. As we previously noted, the Sonny Bono Copyright Term Extension Act of 1998 was supposed to push back the public domain date of the three 1928 Mickey Mouse cartoons by 25 years, to January 1, 1999. It’s important to remember that newer iterations of Mickey are not covered by this public domain admission, and using the Mickey Mouse moniker in a commercial setting still carries trademark ramifications. Now that the general American public “owns” an early version of Mickey, expect those issues to be thoroughly tested over time.