EngadgetModify

2026-03-19 07:08:35

During a Senate hearing, FBI Director Kash Patel confirmed that his agency has bought information that could be used to track individuals' movement and location. "We do purchase commercially available information that’s consistent with the Constitution and the laws under the Electronic Communications Privacy Act, and it has led to some valuable intelligence for us," he said. 

Law enforcement is required to obtain a warrant in order to get location data from cell service providers following the Carpenter v United States ruling from 2018. But why bother with all that hassle when they can just buy the information from the open market?

"Doing that without a warrant is an outrageous end run around the Fourth Amendment, it’s particularly dangerous given the use of artificial intelligence to comb through massive amounts of private information," Sen. Ron Wyden, (D-Ore.) said during the Intelligence Committee hearing. Wyden is one of several lawmakers pushing for an overhaul of when and how the government can obtain citizens' personal information. 

It's an overhaul that's badly needed. Patel already has a history of dubious use of government resources, such as ordering SWAT protections for his girlfriend and somehow horning in on men's hockey victory celebrations at the recent winter Olympics, so one would hope he's not also stretching the limits of the few privacy protections that do exist. Then outside the FBI, we have the Department of Homeland Security being sued for illegally tracking immigration raid protestors and the Pentagon's labeling of Anthropic as a supply-chain risk after the AI company refused to let its products be used for mass surveillance of Americans.

2026-03-19 06:40:13

The Information reported that an AI agent within Meta took unauthorized action that led to an employee creating a security breach at the social company last week. According to the publication, an employee used an in-house agentic AI to analyze a query from a second employee on an internal forum. The AI agent posted a response to the second employee with advice even though the first person did not direct it to do so. 

The second employee took the agent's recommended action, sparking a domino effect that led to some engineers having access to Meta systems that they shouldn't have permission to see. A representative from the company confirmed the incident to The Information and said that "no user data was mishandled." Meta's internal report indicated that there were unspecified additional issues that led to the breach. A source said that there was no evidence that anyone took advantage of the sudden access or that the data was made public during the two hours when the security breach was active. However, that may be the result of dumb luck more than anything else. 

Many tech leaders and companies have touted the benefits of artificial intelligence, this is just the latest incident where human employees have lost control over an AI agent. Amazon Web Services experienced a 13-hour outage earlier this year that also (apparently coincidentally) involved its Kiro agentic AI coding tool. Moltbook, the social network for AI agents recently acquired by Meta, had a security flaw that exposed user information thanks to an oversight in the vibe-coded platform.

2026-03-19 04:37:45

Google and cybersecurity companies Lookout and iVerify have detailed a new hacking technique that potentially puts a significant portion of iPhone users in danger, just by visiting the wrong web page. The hack is called "DarkSword" and since it specifically targets several different versions of iOS 18, it could affect "close to a quarter of iPhones," Wired writes.

DarkSword is a "fileless" hack that leverages a collection of exploits to access sensitive data when an iPhone visits an infected website. Rather than install spyware that hangs around on a user's phone after messages and other private information are stolen, fileless hacks like DarkSword take control of "the legitimate processes in an iPhone's operating system to steal data," according to Wired. Even more troubling, DarkSword deletes any evidence it was running on an iPhone after it finishes stealing your information.

The hack starts as soon as an iOS device encounters an "malicious iframe embedded in a web page," after which it works its way through your iPhone, gathering sensitive information like passwords before deleting itself. DarkSword can abscond with things like messages and iCloud content, but it's also specifically designed to access crypto currency wallets, Lookout says, which could indicate who was using DarkSword before it became widely available.

DarkSword has reportedly been used in Ukraine, Saudi Arabia, Malaysia, Turkey and Russia, and its origins could be tied to a different hacking toolkit called Coruna that TechCrunch reports may have been created for the US government by a company called Trenchant. Regardless of where DarkSword came from, the tool didn't become widely available until its Russian users left DarkSword's source code on a website for anyone to access, "complete with explanatory comments in English that describe each component and include the 'DarkSword' name for the tool," Wired writes.

Apple patched the exploits that DarkSword and Coruna used in recent updates to iOS 26, the yearly software release from 2025 that followed iOS 18. The problem is that not everyone is using Apple's latest update. DarkSword targets iOS 18 releases between iOS 18.4 and iOS 18.6.2, and according to Apple's latest iOS usage stats for developers, around 24 percent of iOS devices are still on iOS 18. Without more detail, it's hard to know how many people that leaves exposed, but as a rule of thumb, if your iOS device can update to a newer software release, you should do so as soon as possible to stay secure.

2026-03-19 04:25:09

The White House has been promising a set of national rules to guide artificial intelligence since late last year, and today Sen. Marsha Blackburn (R-Tenn.) fired the first volley. The senator shared a discussion draft for codifying the executive order signed by President Donald Trump in December calling for an AI bill. Her stated goal is a policy that "protects children, creators, conservatives and communities from harm."

Blackburn has called for tougher policies for AI safety, and one of the core messages in this discussion draft is that it "places a duty of care on AI developers in the design, development and operation of AI platforms to prevent and mitigate foreseeable harm to users." It also draws a line on the many copyright infringement questions raised by creative industries: "an AI model's unauthorized reproduction, copying, or processing of copyrighted works for the purpose of training, fine-tuning, developing, or creating AI does not constitute fair use under the Copyright Act." 

Some of the other notable provisions are:

• Requires covered online platforms, including social media platforms, to implement tools and safeguards to protect users under the age of 17 against online harms.

• Protects the voice and visual likenesses of individuals and creators from the proliferation of digital replicas without their consent.

• Sets new federal transparency guidelines for marking, authenticating and detecting AI-generated content.

• Requires certain companies and federal agencies to issue reports on AI-related job effects, including layoffs and job displacement to the U.S. Department of Labor (DOL) on a quarterly basis.

It includes ending Section 230, marking the latest attempt to retire a law that has been questioned as a possible loophole for AI companies to escape liability when their tools cause harm. While AI critics might see positive signs here, remember that this is just the initial version of the framework. Lawmakers will likely spend a lot of time negotiating over the eventual result, which may be notably de-fanged from its current state. It could wind up with a lot more requirements echoing this Republican complaint: "Combats the consistent pattern of bias against conservative figures demonstrated by AI systems by requiring third-party audits to prevent discrimination based on political affiliation." Despite the claims of suppression and censorship, we’ve consistently seen this conservative argument to be false — or at the very least misleading.

2026-03-19 04:09:15

A recent change in how the US Postal Service handles shipping partners appears to have forced Amazon to make alternative plans. The company reportedly plans to cut the number of packages it ships through USPS by at least two-thirds later this year. It says the decision came after USPS ended negotiations “at the eleventh hour” in favor of a new bidding process.

On Tuesday, the Wall Street Journal reported that Amazon plans to reduce the shipments it hands off to USPS. Last year, the company accounted for nearly 15 percent of the Postal Service’s package deliveries. Cutting that by nearly two-thirds diminishes one of the USPS’s most reliable sources of revenue. In fiscal 2025, the agency reported a net loss of $9 billion.

Amazon’s current contract with USPS ends on September 30. In a public response to the WSJ story, the company said it notified USPS in October 2025 that it would need to complete a new deal by December. “You can't add capacity for hundreds of millions of packages overnight — it requires major capital investment, long-term infrastructure planning, hiring, and logistics coordination,” Amazon wrote.

According to Amazon, USPS then pulled the plug on negotiations at the last second. “We negotiated with [USPS] in good faith for more than a year to reach a deal that would bring them billions in revenue and believed we were heading toward an agreement,” Amazon wrote in a statement. “Our goal was to increase our volumes with USPS, not reduce them — until USPS abruptly walked away at the eleventh hour in December.”

ASSOCIATED PRESS

That’s when Postmaster General David Steiner implemented a new bidding process for last-mile deliveries, replacing a long-established one where USPS negotiated with shipping partners individually. He described the move as “a fair bidding process that enables the marketplace to find the best mix of local shipping attributes for the best volume-driven pricing.” Steiner was appointed to the post in May 2025, following the departure of former head Louis DeJoy.

Amazon said it submitted a bid in February using the new system but hasn’t heard back. “This creates significant uncertainty for our long-term network planning,” the company said. “Despite this, we participated in good faith and submitted a bid in February 2026. We've received no response.”

USPS plans to announce the bidding results in Q2 2026. Contracts are expected to be finalized by Q3. Despite apparently moving forward with the contingency plan, Amazon said it’s still “ready to continue this partnership.”

As for Postmaster Steiner, he spent Tuesday asking Congress to loosen USPS regulations and let him raise prices. Warning that the agency will “run out of cash” in about a year, he told a House subcommittee that he wants to raise the agency’s current $15 billion debt cap. He also asked for the ability to increase postage prices and reform its retiree pension obligations.

2026-03-19 04:05:07

Update, 4:05PM ET: A few hours after this story was published, Google reached out to retract the news. The company provided Engadget with the following statement:

"Search Live has not rolled out globally to all users. It remains available in the US and India, with testing currently underway in additional markets. We apologize for the earlier miscommunication."

Given that the company says it is testing in more markets, it seems entirely possible that the global Search Live release will happen sooner than later. But, for now, it’s on hold.

The original, unedited article follows below:

After rolling out Search Live to all US Google app users last September, Google is now bringing the feature to every place where it offers its AI Mode chatbot. Search Live, if you need a reminder, allows you to point your phone's camera at an object or scene and ask questions about what you see in front of you. Google debuted the tool at I/O 2025 before it began rolling it out to users. With today's expansion, Search Live is available in more than 200 countries and territories. 

What's more, Google has updated the feature to run off its Gemini 3.1 Flash model, an upgrade the company says should translate to more natural conversations, in addition to a faster and more reliable experience. The new model is also natively multilingual. You can access Search Live from the Google app on Android and iOS. Tap the "Live" button below the search bar to get started. You can also access Search Live through Google Lens. As in the Google app, look for the "Live" icon, here located near the bottom of the screen, to start chatting.