Stay Ahead, Stay ONMINE

What’s next for our privacy?

MIT Technology Review’s What’s Next series looks across industries, trends, and technologies to give you a first look at the future. You can read the rest of them here. Every day, we are tracked hundreds or even thousands of times across the digital world. Cookies and web trackers capture every website link that we click, while code installed in mobile apps tracks every physical location that our devices—and, by extension, we—have visited. All of this is collected, packaged together with other details (compiled from public records, supermarket member programs, utility companies, and more), and used to create highly personalized profiles that are then shared or sold, often without our explicit knowledge or consent.  A consensus is growing that Americans need better privacy protections—and that the best way to deliver them would be for Congress to pass comprehensive federal privacy legislation. While the latest iteration of such a bill, the American Privacy Rights Act of 2024, gained more momentum than previously proposed laws, it became so watered down that it lost support from both Republicans and Democrats before it even came to a vote.  There have been some privacy wins in the form of limits on what data brokers—third-party companies that buy and sell consumers’ personal information for targeted advertisements, messaging, and other purposes—can do with geolocation data.  These are still small steps, though—and they are happening as increasingly pervasive and powerful technologies collect more data than ever. And at the same time, Washington is preparing for a new presidential administration that has attacked the press and other critics, promised to target immigrants for mass deportation, threatened to seek retribution against perceived enemies, and supported restrictive state abortion laws. This is not even to mention the increased collection of our biometric data, especially for facial recognition, and the normalization of its use in all kinds of ways. In this light, it’s no stretch to say our personal data has arguably never been more vulnerable, and the imperative for privacy has never felt more urgent.  So what can Americans expect for their personal data in 2025? We spoke to privacy experts and advocates about (some of) what’s on their mind regarding how our digital data might be traded or protected moving forward.  Reining in a problematic industry In early December, the Federal Trade Commission announced separate settlement agreements with the data brokers Mobilewalla and Gravy Analytics (and its subsidiary Venntel). Finding that the companies had tracked and sold geolocation data from users at sensitive locations like churches, hospitals, and military installations without explicit consent, the FTC banned the companies from selling such data except in specific circumstances. This follows something of a busy year in regulation of data brokers, including multiple FTC enforcement actions against other companies for similar use and sale of geolocation data, as well as a proposed rule from the Justice Department that would prohibit the sale of bulk data to foreign entities.  And on the same day that the FTC announced these settlements in December, the Consumer Financial Protection Bureau proposed a new rule that would designate data brokers as consumer reporting agencies, which would trigger stringent reporting requirements and consumer privacy protections. The rule would prohibit the collection and sharing of people’s sensitive information, such as their salaries and Social Security numbers, without “legitimate purposes.” While the rule will still need to undergo a 90-day public comment period, and it’s unclear whether it will move forward under the Trump administration, if it’s finalized it has the power to fundamentally limit how data brokers do business. Right now, there just aren’t many limits on how these companies operate—nor, for that matter, clear information on how many data brokerages even exist. Industry watchers estimate there may be 4,000 to 5,000 data brokers around the world, many of which we’ve never heard of—and whose names constantly shift. In California alone, the state’s 2024 Data Broker Registry lists 527 such businesses that have voluntarily registered there, nearly 90 of which also self-reported that they collect geolocation data.  All this data is widely available for purchase by anyone who will pay. Marketers buy data to create highly targeted advertisements, and banks and insurance companies do the same to verify identity, prevent fraud, and conduct risk assessments. Law enforcement buys geolocation data to track people’s whereabouts without getting traditional search warrants. Foreign entities can also currently buy sensitive information on members of the military and other government officials. And on people-finder websites, basically anyone can pay for anyone else’s contact details and personal history.   Data brokers and their clients defend these transactions by saying that most of this data is anonymized—though it’s questionable whether that can truly be done in the case of geolocation data. Besides, anonymous data can be easily reidentified, especially when it’s combined with other personal information.  Digital-rights advocates have spent years sounding the alarm on this secretive industry, especially the ways in which it can harm already marginalized communities, though various types of data collection have sparked consternation across the political spectrum. Representative Cathy McMorris Rodgers, the Republican chair of the House Energy and Commerce Committee, for example, was concerned about how the Centers for Disease Control and Prevention bought location data to evaluate the effectiveness of pandemic lockdowns. Then a study from last year showed how easy (and cheap) it was to buy sensitive data about members of the US military; Senator Elizabeth Warren, a Democrat, called out the national security risks of data brokers in a statement to MIT Technology Review, and Senator John Cornyn, a Republican, later said he was “shocked” when he read about the practice in our story.  But it was the 2022 Supreme Court decision ending the constitutional guarantee of legal abortion that spurred much of the federal action last year. Shortly after the Dobbs ruling, President Biden issued an executive order to protect access to reproductive health care; it included instructions for the FTC to take steps preventing information about visits to doctor’s offices or abortion clinics from being sold to law enforcement agencies or state prosecutors. The new enforcers With Donald Trump taking office in January, and Republicans taking control of both houses of Congress, the fate of the CFPB’s proposed rule—and the CFPB itself—is uncertain. Republicans, the people behind Project 2025, and Elon Musk (who will lead the newly created advisory group known as the Department of Government Efficiency) have long been interested in seeing the bureau “deleted,” as Musk put it on X. That would take an act of Congress, making it unlikely, but there are other ways that the administration could severely curtail its powers. Trump is likely to fire the current director and install a Republican who could rescind existing CFPB rules and stop any proposed rules from moving forward.  Meanwhile, the FTC’s enforcement actions are only as good as the enforcers. FTC decisions do not set legal precedent in quite the same way that court cases do, says Ben Winters, a former Department of Justice official and the director of AI and privacy at the Consumer Federation of America, a network of organizations and agencies focused on consumer protection. Instead, they “require consistent [and] additional enforcement to make the whole industry scared of not having an FTC enforcement action against them.” (It’s also worth noting that these FTC settlements are specifically focused on geolocation data, which is just one of the many types of sensitive data that we regularly give up in order to participate in the digital world.) Looking ahead, Tiffany Li, a professor at the University of San Francisco School of Law who focuses on AI and privacy law, is worried about “a defanged FTC” that she says would be “less aggressive in taking action against companies.”  Lina Khan, the current FTC chair, has been the leader of privacy protection action in the US, notes Li, and she’ll soon be leaving. Andrew Ferguson, Trump’s recently named pick to be the next FTC chair, has come out in strong opposition to data brokers: “This type of data—records of a person’s precise physical locations—is inherently intrusive and revealing of people’s most private affairs,” he wrote in a statement on the Mobilewalla decision, indicating that he is likely to continue action against them. (Ferguson has been serving as a commissioner on the FTC since April 20214.) On the other hand, he has spoken out against using FTC actions as an alternative to privacy legislation passed by Congress. And, of course, this brings us right back around to that other major roadblock: Congress has so far failed to pass such laws—and it’s unclear if the next Congress will either.  Movement in the states Without federal legislative action, many US states are taking privacy matters into their own hands.  In 2025, eight new state privacy laws will take effect, making a total of 25 around the country. A number of other states—like Vermont and Massachusetts—are considering passing their own privacy bills next year, and such laws could, in theory, force national legislation, says Woodrow Hartzog, a technology law scholar at Boston University School of Law. “Right now, the statutes are all similar enough that the compliance cost is perhaps expensive but manageable,” he explains. But if one state passed a law that was different enough from the others, a national law could be the only way to resolve the conflict. Additionally, four states—California, Texas, Vermont, and Oregon—already have specific laws regulating data brokers, including the requirement that they register with the state.  Along with new laws, says Justin Brookman, the director of technology policy at Consumer Reports, comes the possibility that “we can put some more teeth on these laws.”  Brookman points to Texas, where some of the most aggressive enforcement action at the state level has taken place under its Republican attorney general, Ken Paxton. Even before the state’s new consumer privacy bill went into effect in July, Paxton announced the creation of a special task force focused on enforcing the state’s privacy laws. He has since targeted a number of data brokers—including National Public Data, which exposed millions of sensitive customer records in a data breach in August, as well as companies that sell to them, like Sirius XM.  At the same time, though, Paxton has moved to enforce the state’s strict abortion laws in ways that threaten individual privacy. In December, he sued a New York doctor for sending abortion pills to a Texas woman through the mail. While the doctor is theoretically protected by New York’s shield laws, which provide a safeguard from out-of-state prosecution, Paxton’s aggressive action makes it even more crucial that states enshrine data privacy protections into their laws, says Albert Fox Cahn, the executive director of the Surveillance Technology Oversight Project, an advocacy group. “There is an urgent need for states,” he says, “to lock down our resident’s’ data, barring companies from collecting and sharing information in ways that can be weaponized against them by out-of-state prosecutors.”  Data collection in the name of “security” While privacy has become a bipartisan issue, Republicans, in particular, are interested in “addressing data brokers in the context of national security,” such as protecting the data of military members or other government officials, says Winters. But in his view, it’s the effects on reproductive rights and immigrants that are potentially the “most dangerous” threats to privacy.  Indeed, data brokers (including Venntel, the Gravy Analytics subsidiary named in the recent FTC settlement) have sold cell-phone data to Immigration and Customs Enforcement, as well as to Customs and Border Protection. That data has then been used to track individuals for deportation proceedings—allowing the agencies to bypass local and state sanctuary laws that ban local law enforcement from sharing information for immigration enforcement.  “The more data that corporations collect, the more data that’s available to governments for surveillance,” warns Ashley Gorski, a senior attorney who works on national security and privacy at the American Civil Liberties Union. The ACLU is among a number of organizations that have been pushing for the passage of another federal law related to privacy: the Fourth Amendment Is Not For Sale Act. It would close the so-called “data-broker loophole” that allows law enforcement and intelligence agencies to buy personal information from data brokers without a search warrant. The bill would “dramatically limit the ability of the government to buy Americans’ private data,” Gorski says. It was first introduced in 2021 and passed the House in April 2024, with the support of 123 Republicans and 93 Democrats, before stalling in the Senate.  While Gorski is hopeful that the bill will move forward in the next Congress, others are less sanguine about these prospects—and alarmed about other ways that the incoming administration might “co-opt private systems for surveillance purposes,” as Hartzog puts it. So much of our personal information that is “collected for one purpose,” he says, could “easily be used by the government … to track us.”  This is especially concerning, adds Winters, given that the next administration has been “very explicit” about wanting to use every tool at its disposal to carry out policies like mass deportations and to exact revenge on perceived enemies. And one possible change, he says, is as simple as loosening the government’s procurement processes to make them more open to emerging technologies, which may have fewer privacy protections. “Right now, it’s annoying to procure anything as a federal agency,” he says, but he expects a more “fast and loose use of commercial tools.”  “That’s something we’ve [already] seen a lot,” he adds, pointing to “federal, state, and local agencies using the Clearviews of the world”—a reference to the controversial facial recognition company.  The AI wild card Underlying all of these debates on potential legislation is the fact that technology companies—especially AI companies—continue to require reams and reams of data, including personal data, to train their machine-learning models. And they’re quickly running out of it.  This is something of a wild card in any predictions about personal data. Ideally, says Jennifer King, a privacy and data policy fellow at the Stanford Institute for Human-Centered Artificial Intelligence, the shortage would lead to ways for consumers to directly benefit, perhaps financially, from the value of their own data. But it’s more likely that “there will be more industry resistance against some of the proposed comprehensive federal privacy legislation bills,” she says. “Companies benefit from the status quo.”  The hunt for more and more data may also push companies to change their own privacy policies, says Whitney Merrill, a former FTC official who works on data privacy at Asana. Speaking in a personal capacity, she says that companies “have felt the squeeze in the tech recession that we’re in, with the high interest rates,” and that under those circumstances, “we’ve seen people turn around, change their policies, and try to monetize their data in an AI world”—even if it’s at the expense of user privacy. She points to the $60-million-per-year deal that Reddit struck last year to license its content to Google to help train the company’s AI.  Earlier this year, the FTC warned companies that it would be “unfair and deceptive” to “surreptitiously” change their privacy policies to allow for the use of user data to train AI. But again, whether or not officials follow up on this depends on those in charge.  So what will privacy look like in 2025?  While the recent FTC settlements and the CFPB’s proposed rule represent important steps forward in privacy protection—at least when it comes to geolocation data—Americans’ personal information still remains widely available and vulnerable.  Rebecca Williams, a senior strategist at the ACLU for privacy and data governance, argues that all of us, as individuals and communities, should take it upon ourselves to do more to protect ourselves and “resist … by opting out” of as much data collection as possible. That means checking privacy settings on accounts and apps, and using encrypted messaging services.  Cahn, meanwhile, says he’ll “be striving to protect [his] local community, working to enact safeguards to ensure that we live up to our principles and stated commitments.” One example of such safeguards is a proposed New York City ordinance that would ban the sharing of any location data originating from within the city limits. Hartzog says that kind of local activism has already been effective in pushing for city bans on facial recognition.  “Privacy rights are at risk, but they’re not gone, and it’s not helpful to take an overly pessimistic look right now,” says Li, the USF law professor. “We definitely still have privacy rights, and the more that we continue to fight for these rights, the more we’re going to be able to protect our rights.”

MIT Technology Review’s What’s Next series looks across industries, trends, and technologies to give you a first look at the future. You can read the rest of them here.

Every day, we are tracked hundreds or even thousands of times across the digital world. Cookies and web trackers capture every website link that we click, while code installed in mobile apps tracks every physical location that our devices—and, by extension, we—have visited. All of this is collected, packaged together with other details (compiled from public records, supermarket member programs, utility companies, and more), and used to create highly personalized profiles that are then shared or sold, often without our explicit knowledge or consent. 

A consensus is growing that Americans need better privacy protections—and that the best way to deliver them would be for Congress to pass comprehensive federal privacy legislation. While the latest iteration of such a bill, the American Privacy Rights Act of 2024, gained more momentum than previously proposed laws, it became so watered down that it lost support from both Republicans and Democrats before it even came to a vote. 

There have been some privacy wins in the form of limits on what data brokers—third-party companies that buy and sell consumers’ personal information for targeted advertisements, messaging, and other purposes—can do with geolocation data. 

These are still small steps, though—and they are happening as increasingly pervasive and powerful technologies collect more data than ever. And at the same time, Washington is preparing for a new presidential administration that has attacked the press and other critics, promised to target immigrants for mass deportation, threatened to seek retribution against perceived enemies, and supported restrictive state abortion laws. This is not even to mention the increased collection of our biometric data, especially for facial recognition, and the normalization of its use in all kinds of ways. In this light, it’s no stretch to say our personal data has arguably never been more vulnerable, and the imperative for privacy has never felt more urgent. 

So what can Americans expect for their personal data in 2025? We spoke to privacy experts and advocates about (some of) what’s on their mind regarding how our digital data might be traded or protected moving forward. 

Reining in a problematic industry

In early December, the Federal Trade Commission announced separate settlement agreements with the data brokers Mobilewalla and Gravy Analytics (and its subsidiary Venntel). Finding that the companies had tracked and sold geolocation data from users at sensitive locations like churches, hospitals, and military installations without explicit consent, the FTC banned the companies from selling such data except in specific circumstances. This follows something of a busy year in regulation of data brokers, including multiple FTC enforcement actions against other companies for similar use and sale of geolocation data, as well as a proposed rule from the Justice Department that would prohibit the sale of bulk data to foreign entities. 

And on the same day that the FTC announced these settlements in December, the Consumer Financial Protection Bureau proposed a new rule that would designate data brokers as consumer reporting agencies, which would trigger stringent reporting requirements and consumer privacy protections. The rule would prohibit the collection and sharing of people’s sensitive information, such as their salaries and Social Security numbers, without “legitimate purposes.” While the rule will still need to undergo a 90-day public comment period, and it’s unclear whether it will move forward under the Trump administration, if it’s finalized it has the power to fundamentally limit how data brokers do business.

Right now, there just aren’t many limits on how these companies operate—nor, for that matter, clear information on how many data brokerages even exist. Industry watchers estimate there may be 4,000 to 5,000 data brokers around the world, many of which we’ve never heard of—and whose names constantly shift. In California alone, the state’s 2024 Data Broker Registry lists 527 such businesses that have voluntarily registered there, nearly 90 of which also self-reported that they collect geolocation data. 

All this data is widely available for purchase by anyone who will pay. Marketers buy data to create highly targeted advertisements, and banks and insurance companies do the same to verify identity, prevent fraud, and conduct risk assessments. Law enforcement buys geolocation data to track people’s whereabouts without getting traditional search warrants. Foreign entities can also currently buy sensitive information on members of the military and other government officials. And on people-finder websites, basically anyone can pay for anyone else’s contact details and personal history.  

Data brokers and their clients defend these transactions by saying that most of this data is anonymized—though it’s questionable whether that can truly be done in the case of geolocation data. Besides, anonymous data can be easily reidentified, especially when it’s combined with other personal information. 

Digital-rights advocates have spent years sounding the alarm on this secretive industry, especially the ways in which it can harm already marginalized communities, though various types of data collection have sparked consternation across the political spectrum. Representative Cathy McMorris Rodgers, the Republican chair of the House Energy and Commerce Committee, for example, was concerned about how the Centers for Disease Control and Prevention bought location data to evaluate the effectiveness of pandemic lockdowns. Then a study from last year showed how easy (and cheap) it was to buy sensitive data about members of the US military; Senator Elizabeth Warren, a Democrat, called out the national security risks of data brokers in a statement to MIT Technology Review, and Senator John Cornyn, a Republican, later said he was “shocked” when he read about the practice in our story. 

But it was the 2022 Supreme Court decision ending the constitutional guarantee of legal abortion that spurred much of the federal action last year. Shortly after the Dobbs ruling, President Biden issued an executive order to protect access to reproductive health care; it included instructions for the FTC to take steps preventing information about visits to doctor’s offices or abortion clinics from being sold to law enforcement agencies or state prosecutors.

The new enforcers

With Donald Trump taking office in January, and Republicans taking control of both houses of Congress, the fate of the CFPB’s proposed rule—and the CFPB itself—is uncertain. Republicans, the people behind Project 2025, and Elon Musk (who will lead the newly created advisory group known as the Department of Government Efficiency) have long been interested in seeing the bureau “deleted,” as Musk put it on X. That would take an act of Congress, making it unlikely, but there are other ways that the administration could severely curtail its powers. Trump is likely to fire the current director and install a Republican who could rescind existing CFPB rules and stop any proposed rules from moving forward. 

Meanwhile, the FTC’s enforcement actions are only as good as the enforcers. FTC decisions do not set legal precedent in quite the same way that court cases do, says Ben Winters, a former Department of Justice official and the director of AI and privacy at the Consumer Federation of America, a network of organizations and agencies focused on consumer protection. Instead, they “require consistent [and] additional enforcement to make the whole industry scared of not having an FTC enforcement action against them.” (It’s also worth noting that these FTC settlements are specifically focused on geolocation data, which is just one of the many types of sensitive data that we regularly give up in order to participate in the digital world.)

Looking ahead, Tiffany Li, a professor at the University of San Francisco School of Law who focuses on AI and privacy law, is worried about “a defanged FTC” that she says would be “less aggressive in taking action against companies.” 

Lina Khan, the current FTC chair, has been the leader of privacy protection action in the US, notes Li, and she’ll soon be leaving. Andrew Ferguson, Trump’s recently named pick to be the next FTC chair, has come out in strong opposition to data brokers: “This type of data—records of a person’s precise physical locations—is inherently intrusive and revealing of people’s most private affairs,” he wrote in a statement on the Mobilewalla decision, indicating that he is likely to continue action against them. (Ferguson has been serving as a commissioner on the FTC since April 20214.) On the other hand, he has spoken out against using FTC actions as an alternative to privacy legislation passed by Congress. And, of course, this brings us right back around to that other major roadblock: Congress has so far failed to pass such laws—and it’s unclear if the next Congress will either. 

Movement in the states

Without federal legislative action, many US states are taking privacy matters into their own hands. 

In 2025, eight new state privacy laws will take effect, making a total of 25 around the country. A number of other states—like Vermont and Massachusetts—are considering passing their own privacy bills next year, and such laws could, in theory, force national legislation, says Woodrow Hartzog, a technology law scholar at Boston University School of Law. “Right now, the statutes are all similar enough that the compliance cost is perhaps expensive but manageable,” he explains. But if one state passed a law that was different enough from the others, a national law could be the only way to resolve the conflict. Additionally, four states—California, Texas, Vermont, and Oregon—already have specific laws regulating data brokers, including the requirement that they register with the state. 

Along with new laws, says Justin Brookman, the director of technology policy at Consumer Reports, comes the possibility that “we can put some more teeth on these laws.” 

Brookman points to Texas, where some of the most aggressive enforcement action at the state level has taken place under its Republican attorney general, Ken Paxton. Even before the state’s new consumer privacy bill went into effect in July, Paxton announced the creation of a special task force focused on enforcing the state’s privacy laws. He has since targeted a number of data brokers—including National Public Data, which exposed millions of sensitive customer records in a data breach in August, as well as companies that sell to them, like Sirius XM. 

At the same time, though, Paxton has moved to enforce the state’s strict abortion laws in ways that threaten individual privacy. In December, he sued a New York doctor for sending abortion pills to a Texas woman through the mail. While the doctor is theoretically protected by New York’s shield laws, which provide a safeguard from out-of-state prosecution, Paxton’s aggressive action makes it even more crucial that states enshrine data privacy protections into their laws, says Albert Fox Cahn, the executive director of the Surveillance Technology Oversight Project, an advocacy group. “There is an urgent need for states,” he says, “to lock down our resident’s’ data, barring companies from collecting and sharing information in ways that can be weaponized against them by out-of-state prosecutors.” 

Data collection in the name of “security”

While privacy has become a bipartisan issue, Republicans, in particular, are interested in “addressing data brokers in the context of national security,” such as protecting the data of military members or other government officials, says Winters. But in his view, it’s the effects on reproductive rights and immigrants that are potentially the “most dangerous” threats to privacy. 

Indeed, data brokers (including Venntel, the Gravy Analytics subsidiary named in the recent FTC settlement) have sold cell-phone data to Immigration and Customs Enforcement, as well as to Customs and Border Protection. That data has then been used to track individuals for deportation proceedings—allowing the agencies to bypass local and state sanctuary laws that ban local law enforcement from sharing information for immigration enforcement. 

“The more data that corporations collect, the more data that’s available to governments for surveillance,” warns Ashley Gorski, a senior attorney who works on national security and privacy at the American Civil Liberties Union.

The ACLU is among a number of organizations that have been pushing for the passage of another federal law related to privacy: the Fourth Amendment Is Not For Sale Act. It would close the so-called “data-broker loophole” that allows law enforcement and intelligence agencies to buy personal information from data brokers without a search warrant. The bill would “dramatically limit the ability of the government to buy Americans’ private data,” Gorski says. It was first introduced in 2021 and passed the House in April 2024, with the support of 123 Republicans and 93 Democrats, before stalling in the Senate. 

While Gorski is hopeful that the bill will move forward in the next Congress, others are less sanguine about these prospects—and alarmed about other ways that the incoming administration might “co-opt private systems for surveillance purposes,” as Hartzog puts it. So much of our personal information that is “collected for one purpose,” he says, could “easily be used by the government … to track us.” 

This is especially concerning, adds Winters, given that the next administration has been “very explicit” about wanting to use every tool at its disposal to carry out policies like mass deportations and to exact revenge on perceived enemies. And one possible change, he says, is as simple as loosening the government’s procurement processes to make them more open to emerging technologies, which may have fewer privacy protections. “Right now, it’s annoying to procure anything as a federal agency,” he says, but he expects a more “fast and loose use of commercial tools.” 

“That’s something we’ve [already] seen a lot,” he adds, pointing to “federal, state, and local agencies using the Clearviews of the world”—a reference to the controversial facial recognition company. 

The AI wild card

Underlying all of these debates on potential legislation is the fact that technology companies—especially AI companies—continue to require reams and reams of data, including personal data, to train their machine-learning models. And they’re quickly running out of it. 

This is something of a wild card in any predictions about personal data. Ideally, says Jennifer King, a privacy and data policy fellow at the Stanford Institute for Human-Centered Artificial Intelligence, the shortage would lead to ways for consumers to directly benefit, perhaps financially, from the value of their own data. But it’s more likely that “there will be more industry resistance against some of the proposed comprehensive federal privacy legislation bills,” she says. “Companies benefit from the status quo.” 

The hunt for more and more data may also push companies to change their own privacy policies, says Whitney Merrill, a former FTC official who works on data privacy at Asana. Speaking in a personal capacity, she says that companies “have felt the squeeze in the tech recession that we’re in, with the high interest rates,” and that under those circumstances, “we’ve seen people turn around, change their policies, and try to monetize their data in an AI world”—even if it’s at the expense of user privacy. She points to the $60-million-per-year deal that Reddit struck last year to license its content to Google to help train the company’s AI. 

Earlier this year, the FTC warned companies that it would be “unfair and deceptive” to “surreptitiously” change their privacy policies to allow for the use of user data to train AI. But again, whether or not officials follow up on this depends on those in charge. 

So what will privacy look like in 2025? 

While the recent FTC settlements and the CFPB’s proposed rule represent important steps forward in privacy protection—at least when it comes to geolocation data—Americans’ personal information still remains widely available and vulnerable. 

Rebecca Williams, a senior strategist at the ACLU for privacy and data governance, argues that all of us, as individuals and communities, should take it upon ourselves to do more to protect ourselves and “resist … by opting out” of as much data collection as possible. That means checking privacy settings on accounts and apps, and using encrypted messaging services. 

Cahn, meanwhile, says he’ll “be striving to protect [his] local community, working to enact safeguards to ensure that we live up to our principles and stated commitments.” One example of such safeguards is a proposed New York City ordinance that would ban the sharing of any location data originating from within the city limits. Hartzog says that kind of local activism has already been effective in pushing for city bans on facial recognition. 

“Privacy rights are at risk, but they’re not gone, and it’s not helpful to take an overly pessimistic look right now,” says Li, the USF law professor. “We definitely still have privacy rights, and the more that we continue to fight for these rights, the more we’re going to be able to protect our rights.”

Shape
Shape
Stay Ahead

Explore More Insights

Stay ahead with more perspectives on cutting-edge power, infrastructure, energy,  bitcoin and AI solutions. Explore these articles to uncover strategies and insights shaping the future of industries.

Shape

SASE 2025: Impact grows despite adoption hurdles

Complexity of managing access policies across multiple platforms: 23% Rising costs due to increased capacity and bandwidth needs: 16% Lack of visibility into use activity and traffic: 14% Inflexibility of technologies to support both remote and in-office work: 11% Excessive user privileges increasing security risk: 10% Lack of contextual data

Read More »

Nile dials-up AI to simplify network provisioning, operation

Other features in Nile Nav offer real-time deployment data and visibility as well as instant feedback during setup and activation ensures IT teams can monitor progress and address issues promptly, Kannan stated.  “Post-deployment, the app offers insights into network health and performance, enabling swift diagnostics and resolution,” Kannan stated. Nile

Read More »

Power Moves: ETZ Ltd’s new offshore renewables director and more

Isla Robb has been appointed as the new offshore renewables director at ETZ Ltd. The appointment comes as ETZ Ltd looks to secure new offshore wind-related investment for the Energy Transition Zone and the wider region to deliver sustainable economic impact. Robb’s energy career spans the public and private sectors, with a strong focus on offshore wind and supply chain management. As managing director of Opergy Scotland, she led numerous initiatives to support large-scale clients, SMEs, and public sector organisations, guiding them through the challenges of energy transition. Her work in connecting local suppliers with developers through meet-the-buyer events and promoting diversity in the offshore wind industry was recognised last year when she won the prestigious Judges’ Award at Scottish Green Energy Awards 2024 and was described by the judging panel as an “inspiring force for change”. Robb said: “It is a huge privilege to be appointed director of offshore renewables at ETZ Ltd, an organisation that is at the vanguard of energy transition and efforts to secure a vibrant and prosperous future for Aberdeen and the North East of Scotland. “This region has all the ingredients for success, a pipeline of transformational projects on our doorstep alongside a world-class supply chain that can deliver them, and I’m relishing the opportunity draw upon my experience to ensure we unlock the investment required to maximise the vast potential afforded by offshore wind.” Great British Energy has added five non-executive directors to its start-up board. The new board will set a strategy for how the publicly owned company will work with the energy sector and communities to drive investment in clean energy technologies. Frances O’Grady is a member of the House of Lords and served as general secretary for the Trades Union Congress (TUC) between 2013 and 2022. Frank Mitchell is the

Read More »

It’s time for the US to adopt comprehensive battery legislation similar to the EU

Blaine Miller-McFeeley is a senior legislative representative at Earthjustice and Julia Poliscanova is the senior director of vehicles & emobility supply chains at Transport & Environment. The impacts of climate change are becoming more and more impossible to ignore. Extreme heat waves, intense wildfires, and unprecedented hurricanes, storms and flooding battered both the United States and Europe over the past year, exacting a toll on human life, the environment and the global economy. Mitigating these consequences requires a quick transition to clean renewable energy that will meet global energy demands while curtailing our reliance on fossil fuels that are warming our planet. Yet, this will involve a considerable challenge that both Europe and the United States will have to face in the upcoming years: The wind turbines, solar panels and batteries for electric vehicles and energy storage rely on minerals like lithium, cobalt, nickel and others that, if not sourced or mined responsibly, can harm health, environment and cultural resources of nearby communities. Simultaneously, global mineral supply chains are often opaque, with well-documented cases of minerals tainted by forced and child labor making their way into our appliances, electronics and other technologies.  While cleaning up supply chains and dirty business practices will take time, a quicker path exists to secure a share of much-needed critical minerals to enable the rapid adoption of green technologies. We must scale up mineral recycling efforts that will reduce our demand for raw minerals and create new jobs in the green economy. But regulation in the United States is woefully behind the European Union. If policymakers want the United States to serve as a global economic leader in the energy transition and catch up to countries that have already invested in the circular economy, it can’t go on pursuing business as usual. Recent legislation passed

Read More »

Over half of Aberdeen businesses say profits will drop in 2025

As businesses contend with rising bills, difficulties with recruitment and dwindling orders, 51% of Aberdeen firms project reduced profits in 2025. The last time businesses in the region projected figures like this was in 2020 when the same percentage of respondents to Aberdeen and Grampian Chamber of Commerce’s (AGCC) Quarterly Economic Survey forecasted reduced profits in the fourth quarter. The north-east of Scotland is shaping up worse than the rest of the UK as 32% of UK businesses forecast a dip in profits this year. Speaking at a launch event for the report, AGCC research and insights manager Sarah McColl explained that the issues facing oil and gas firms have wider-reaching impacts than the energy market. McColl said: “It’s interesting when you look at the open-ended questions that the number of businesses that aren’t oil and gas or energy-related that do reference the issues that industry has and the compounding effect that has on all the other pressures. “Even when we look at the hospitality example, they used to rely quite heavily on the oil and gas industry to fill rooms during the week and things and that’s not the case anymore.” Optimism remained low for the year ahead as 29% of firms said that they expect turnover to get worse. Headcount at Aberdeen firms to stagnate This comes as BP (LON:BP) announced a cost cutting drive that will see the supermajor cut over 5% of its workforce as 4,700 employees are set to lose their jobs alongside 3,000 contractors. The London-listed supermajor is looking to cut costs by $2 billion (£1.64bn) as it sets out on a redundancy process that an industry analyst said would likely impact the north-east of Scotland. On Monday, oil and gas supply chain firm Hunting (LON:HTG) also announced a restructuring campaign that will impact

Read More »

Investors plough billions into net-zero transition

London-listed bank Standard Chartered and asset manager Schroders have unveiled plans to invest billions in the energy transition. Standard Chartered said it has joined forces with global private equity firm Apollo Global Management to provide $3 billion of finance. “As we navigate a world in transition, a key area where the banking sector can play a critical leadership role is in building a more resilient society,” said Standard Chartered chief executive Bill Winters in a social media post on Wednesday. “Through this partnership, we plan to contribute up to $3 billion of clean energy and transition financing across a range of asset classes and sectors.” Winters cited recent events including “the devastating wildfires in Los Angeles, floods and typhoons across Southeast Asia at the end of 2024”, as the impetus for the investment, describing them as “stark reminders of the urgent need” to partner on climate action. Standard Chartered, which has invested in renewables across the Middle East and Africa and Asia, is listed on the London and Hong Kong stock exchanges and active in 52 global markets. The bank said it will contribute credit to the Apollo Clean Transition (ACT) Capital sustainable investing platform, which will provide “clean energy and transition financing across a range of asset classes and sectors”. “As per our announcement this week, our partnership with Apollo will help to support and accelerate financing for infrastructure, clean transition and renewable energy globally,” a spokesperson for the bank said in an emailed statement. Apollo, which has invested more than $40bn in ‘energy transition and climate-related’ investments, plans to finance a “wide range of clean energy and climate capital needs across credit and equities” through the strategy, according to a statement. Investment in the energy transition is only expected to rise, with the International Energy Agency estimating that

Read More »

StocExpo 2025: Celebrating 20 Years of innovation and networking in energy infrastructure

As the global energy industry navigates through complex transitions toward cleaner and more sustainable solutions, StocExpo 2025 promises to be a pivotal event in the sector. A meeting place for all energy infrastructure professionals Scheduled for March 11-12 at Rotterdam Ahoy in the Netherlands, 2025 marks the 20th anniversary of StocExpo—a landmark moment for the world’s longest-running tank storage and energy infrastructure exhibition. Since its inception in 2005, StocExpo has grown into the premier platform for professionals from across the energy infrastructure spectrum, providing a unique space for networking, learning, and showcasing cutting-edge technology. A true meeting place for all energy infrastructure professionals, StocExpo 2025 is your chance to meet and connect with others across the globe. Celebrating 20 years is no small feat for any event, and StocExpo’s two-decade journey is nothing short but impressive. From humble beginnings, it has evolved into a must-attend event, attracting key players from over 70 countries, including industry giants like Vopak, BP, Shell, VTTI and Advario. With more than 3500 attendees, 150 exhibitors, and a broad international presence, the 2025 edition is set to be its most significant yet. © Supplied by StocExpo 2025StocExpo 2025 is this year’s must-attend event for professionals across the energy infrastructure industry. This year, StocExpo will feature two conference streams across two days, packed with unmissable content for the tank storage and future fuels community: the FETSA Tank Storage Conference (in partnership with FETSA) and for the first time ever, the Clean Ammonia Storage Conference (in partnership with NH3). Stay up to date with the latest future fuel regulations and meet partners you need to develop your business in this rapidly growing market by attending StocExpo 2025. FETSA Tank Storage Conference Organised in partnership with the Federation of European Tank Storage Associations (FETSA), this conference will delve into

Read More »

BP Confirms Job Cuts

BP confirmed thousands of job cuts in a statement sent to Rigzone on Friday. “Last year, we began a multi-year program to simplify and focus BP,” the statement noted. “We are strengthening our competitiveness and building in resilience as we lower our costs, drive performance improvement, and play to our distinctive capabilities,” it added.  “To deliver this, a series of programs are in place in businesses throughout BP. Today, we have … told staff across BP that the proposed changes that have been announced to date are expected to impact around 4,700 BP roles – these account for much of the anticipated reduction this year,” it continued. “We are also reducing our contractor numbers by 3,000,” the statement went on to note. In an all staff email from BP CEO Muray Auchincloss, which was sent to Rigzone by BP, Auchincloss highlighted the job cuts and revealed that 2,600 contractors had already left. “I understand and recognize the uncertainty this brings for everyone whose job may be at risk, and also the effect it can have on colleagues and teams,” Auchincloss noted in the email. “We have a range of support available, and please continue to show care for each other, be considerate, and keep putting safety first – especially during times of change,” he added. “Thank you for your honesty in the calls and conversations you’ve been having with your leaders. As I’ve said before, we are a brilliant company with great people, great businesses, and great assets – and we are uniquely positioned to grow value through the energy transition,” he continued. “But that doesn’t give us an automatic right to win. We have to keep improving our competitiveness and moving at the pace of our customers and society. That’s what we are doing,” the BP CEO went on to

Read More »

Lenovo to acquire Infinidat to expand its storage folio

The company, which CEO Phil Bullinger currently leads, was founded by Moshe Yanai in 2011. It also has an office in Waltham, Massachusetts. Lenovo eyes high-end enterprise storage market The acquisition is part of Lenovo’s growth strategy to meet the evolving needs of modern data centers that are expected to handle AI and generative AI workloads, the company said, adding that Infinidat’s offering will find synergy with its Infrastructure Solutions Group and jointly will target the high-end enterprise storage market. Currently, Lenovo’s Infrastructure Solutions business operates in the entry and mid-range enterprise storage market offering a portfolio of options, such as flash and hybrid arrays, hyperconverged infrastructure (HCI), software-defined storage (SDS), and data management suites such as Lenovo TruScale. “This is a win-win for both companies. Lenovo fills a big void in its storage portfolio, while Infinidat is able to leverage a hardware design and manufacturing machine,” Matt Kimball, principal analyst at Moor Strategy and Insights, wrote on LinkedIn. Lenovo is expected to quickly train its sites on Infinidat’s storage software IP and look to where it can leverage this more broadly, Kimball explained, adding that “if Lenovo’s channels are properly leveraged, we can see real disruption in the enterprise storage market.” Early focus on the enterprise storage market According to analysts, Lenovo has been hyper-focused on the enterprise storage market since it acquired IBM’s x86 server business for about $2.3 billion in 2014. Another landmark deal for the company, targeted at competing more aggressively with Dell and HPE — the dominant players in the enterprise storage market, came in 2018 in the form of a partnership with NetApp, under which it also developed a joint venture in China to co-develop a new range of ThinkSystem Infrastructure that imbibes NetApp’s data management expertise.

Read More »

Biden’s clean AI infrastructure plan could be hanging by a thread

“There is barely an aspect of our society that will remain untouched by this force of change,” said UK Prime Minister Keir Starmer in a foreword to the report. “This government will not sit back passively and wait for change to come. It is our responsibility to harness it and make it work for working people.” Litan described the UK plan as “farther reaching and addressing AI data and the workforce, so it is more comprehensive and seems more thoughtful.” Asked for comment on the two strategies, Phil Brunkard, executive counselor at Info-Tech Research Group UK, said, “the US plans to lead the global AI race by combining its national security goals with sustainable infrastructure. Under the new executive order, the DoD and DoE will lease federal land for the private sector to build out AI data centers powered by clean energy, like nuclear, solar, or wind. The gist of their plan is to lead the way in responsible AI development to keep the US as the technology leader while being mindful of the environmental impact.” Meanwhile, the UK’s AI Opportunities Action Plan, he said, “is heavily reliant on collaboration with academia and industry partners, backed by significant private sector investments in AI infrastructure. But its success will depend on how effectively it can solve energy and cooling challenges, especially in areas with limited resources.” Brunkard added, “by focusing on domestic AI production and ethical oversight, the UK is hoping to balance innovation with responsibility, which is an essential step in building long-term technological resilience.” Both plans, he said, “recognize that AI dominance requires more than just the latest and greatest cutting-edge technology; it’s about building solid infrastructure, securing data, and governing AI ethically. While the US emphasizes security and clean energy, the UK focuses on self-reliance and strong regulatory

Read More »

Qualcomm purloins Intel’s chief Xeon designer with eyes toward data center development

If Intel was hoping for a turnaround in 2025, it will have to wait at least a little bit longer. The chief architect for Intel’s Xeon server processors has defected to chip rival Qualcomm, which is making yet another run at entering the data center market. Sailesh Kottapalli, a 28-year Intel veteran and a senior fellow and chief architect for the company’s Xeon processors, made the announcement on LinkedIn on January 13, stating that he joined Qualcomm as a senior vice president. “My journey took me through roles as a validation engineer, logic designer, full-chip floor planner, post-silicon debug engineer, micro architect, and architect,” he wrote. “I worked on CPU cores, memory, IO, and platform aspects of the system, spanning multiple architectures across x86 and Itanium, and products including CPU and GPU, most importantly shaping the Xeon product line.”

Read More »

8 Trends That Will Shape the Data Center Industry In 2025

What lies ahead for the data center industry in 2025? At Data Center Frontier, our eyes are always on the horizon, and we’re constantly talking with industry thought leaders to get their take on key trends. Our Magic 8 Ball prognostications did pretty well last year, so now it’s time to look ahead at what’s in store for the industry over the next 12 months, as we identify eight themes that stand to shape the data center business going forward. We’ll be writing in more depth about many of these trends, but this list provides a view of the topics that we believe will be most relevant in 2025. A publication about the future frontiers of data centers and AI shouldn’t be afraid to put it’s money where its mouth is, and that’s why we used AI tools to help research and compose this year’s annual industry trends forecast. The article is meant to be a bit encyclopedic in the spirit of a digest, less than an exactly prescriptive forecast – although we try to go there as well. The piece contains some dark horse trends. Do we think immersion cooling is going to explode this year, suddenly giving direct-to-chip a run for its money? Not exactly. But do we think that, given the enormous and rapidly expanding parameters of the AI and HPC boom, the sector for immersion cooling could see some breakthroughs this year? Seems reasonable. Ditto for the trends forecasting natural gas and quantum computing advancements. Such topics are definitely on the horizon and highly visible on the frontier of data centers, so we’d better learn more about them, was our thought. Because as borne out by recent history, data center industry trends that start at the bleeding edge (pun intended – also, on the list) sometimes

Read More »

Podcast: Data Center and AI Sustainability Imperatives with iMasons Climate Accord Executive Director, Miranda Gardiner

Miranda was a featured speaker at last September’s inaugural Data Center Frontier Trends Summit. The call for speakers is now open for this year’s event, which will be held again in Reston, Virginia from Aug. 26-28. DCF Show Podcast Quotes from Miranda Gardiner, Executive Director, iMasons Climate Accord On Her Career Journey and Early Passion for Sustainability:   – “My goals have always been kind of sustainability, affordable housing. I shared a story last week on a panel that my mother even found a yearbook of me from my elementary school years. The question that year was like, what do you hope for the future? And mine was there’d be no pollution and everyone would have a home.” On Transitioning to Data Centers:   – “We started to see this mission-critical focus in facilities like data centers, airports, and healthcare buildings. For me, connecting sustainability into the performance of the building made data centers the perfect match.” Overview of the iMasons Climate Accord:   – “The iMasons Climate Accord is an initiative started in 2022. The primary focus is emission reductions, and the only requirement to join is having an emission reduction strategy.”   – “This year, we refined our roadmap to include objectives such as having a climate strategy, incentivizing low-GHG materials like green concrete, and promoting equity by supporting small, women-owned, and minority-owned businesses.” On Industry Collaboration and Leadership:   – “This year, through the Climate Accord, we issued a call to action on the value of environmental product declarations (EPDs). It was signed by AWS, Digital Realty, Google, Microsoft, Schneider Electric, and Meta—talk about a big initiative and impact!” On EPDs and Carbon Disclosure:   – “EPDs provide third-party verification of materials coming into buildings. Pairing that with the Open Compute Project’s carbon disclosure labels on equipment creates vast opportunities for transparency and

Read More »

Accelsius and iM Data Centers Demo Next-Gen Cooling and Sustainability at Miami Data Center

Miami Data Center Developments Update Miami has recently witnessed several significant developments and investments in its data center sector, underscoring the city’s growing importance as a digital infrastructure hub. Notable projects include: Project Apollo:  A proposed 15-megawatt (MW), two-story, 75,000-square-foot data center in unincorporated Miami-Dade County. With an estimated investment of $150 million, construction is slated to commence between 2026 and 2027. The development team has prior experience with major companies such as Amazon, Meta, and Iron Mountain.  RadiusDC’s Acquisition of Miami I:  In August 2024, RadiusDC acquired the Miami I data center located in the Sweetwater area. Spanning 170,000 square feet across two stories, the facility currently offers 3.2MW of capacity, with plans to expand to 9.2 MW by the first half of 2026. The carrier-neutral facility provides connectivity to 11 fiber optic and network service providers.  Iron Mountain’s MIA-1 Data Center: Iron Mountain is developing a 150,000-square-foot, 16 MW data center on a 3.4-acre campus in Central North West Miami. The facility, known as MIA-1, is scheduled to open in 2026 and aims to serve enterprises, cloud providers, and large-scale users in South Florida. It will feature fiber connections to other Iron Mountain facilities and a robust pipeline of carriers and software-defined networks.  EDGNEX’s Investment Plans:  As of this month, Dubai, UAE-based EDGNEX has announced plans to invest $20 billion in the U.S. data center market, with the potential to double this investment. This plan includes a boutique condo project in Miami, estimated to have a $1 billion gross development value, indicating a significant commitment to the region’s digital infrastructure.  All of these developments highlight Miami’s strategic position as a connectivity hub, particularly serving as a gateway to Latin America and the Caribbean. The city’s data center market is characterized by steady growth, with a focus on retail colocation and

Read More »

Microsoft will invest $80B in AI data centers in fiscal 2025

And Microsoft isn’t the only one that is ramping up its investments into AI-enabled data centers. Rival cloud service providers are all investing in either upgrading or opening new data centers to capture a larger chunk of business from developers and users of large language models (LLMs).  In a report published in October 2024, Bloomberg Intelligence estimated that demand for generative AI would push Microsoft, AWS, Google, Oracle, Meta, and Apple would between them devote $200 billion to capex in 2025, up from $110 billion in 2023. Microsoft is one of the biggest spenders, followed closely by Google and AWS, Bloomberg Intelligence said. Its estimate of Microsoft’s capital spending on AI, at $62.4 billion for calendar 2025, is lower than Smith’s claim that the company will invest $80 billion in the fiscal year to June 30, 2025. Both figures, though, are way higher than Microsoft’s 2020 capital expenditure of “just” $17.6 billion. The majority of the increased spending is tied to cloud services and the expansion of AI infrastructure needed to provide compute capacity for OpenAI workloads. Separately, last October Amazon CEO Andy Jassy said his company planned total capex spend of $75 billion in 2024 and even more in 2025, with much of it going to AWS, its cloud computing division.

Read More »

John Deere unveils more autonomous farm machines to address skill labor shortage

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Self-driving tractors might be the path to self-driving cars. John Deere has revealed a new line of autonomous machines and tech across agriculture, construction and commercial landscaping. The Moline, Illinois-based John Deere has been in business for 187 years, yet it’s been a regular as a non-tech company showing off technology at the big tech trade show in Las Vegas and is back at CES 2025 with more autonomous tractors and other vehicles. This is not something we usually cover, but John Deere has a lot of data that is interesting in the big picture of tech. The message from the company is that there aren’t enough skilled farm laborers to do the work that its customers need. It’s been a challenge for most of the last two decades, said Jahmy Hindman, CTO at John Deere, in a briefing. Much of the tech will come this fall and after that. He noted that the average farmer in the U.S. is over 58 and works 12 to 18 hours a day to grow food for us. And he said the American Farm Bureau Federation estimates there are roughly 2.4 million farm jobs that need to be filled annually; and the agricultural work force continues to shrink. (This is my hint to the anti-immigration crowd). John Deere’s autonomous 9RX Tractor. Farmers can oversee it using an app. While each of these industries experiences their own set of challenges, a commonality across all is skilled labor availability. In construction, about 80% percent of contractors struggle to find skilled labor. And in commercial landscaping, 86% of landscaping business owners can’t find labor to fill open positions, he said. “They have to figure out how to do

Read More »

2025 playbook for enterprise AI success, from agents to evals

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More 2025 is poised to be a pivotal year for enterprise AI. The past year has seen rapid innovation, and this year will see the same. This has made it more critical than ever to revisit your AI strategy to stay competitive and create value for your customers. From scaling AI agents to optimizing costs, here are the five critical areas enterprises should prioritize for their AI strategy this year. 1. Agents: the next generation of automation AI agents are no longer theoretical. In 2025, they’re indispensable tools for enterprises looking to streamline operations and enhance customer interactions. Unlike traditional software, agents powered by large language models (LLMs) can make nuanced decisions, navigate complex multi-step tasks, and integrate seamlessly with tools and APIs. At the start of 2024, agents were not ready for prime time, making frustrating mistakes like hallucinating URLs. They started getting better as frontier large language models themselves improved. “Let me put it this way,” said Sam Witteveen, cofounder of Red Dragon, a company that develops agents for companies, and that recently reviewed the 48 agents it built last year. “Interestingly, the ones that we built at the start of the year, a lot of those worked way better at the end of the year just because the models got better.” Witteveen shared this in the video podcast we filmed to discuss these five big trends in detail. Models are getting better and hallucinating less, and they’re also being trained to do agentic tasks. Another feature that the model providers are researching is a way to use the LLM as a judge, and as models get cheaper (something we’ll cover below), companies can use three or more models to

Read More »

OpenAI’s red teaming innovations define new essentials for security leaders in the AI era

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More OpenAI has taken a more aggressive approach to red teaming than its AI competitors, demonstrating its security teams’ advanced capabilities in two areas: multi-step reinforcement and external red teaming. OpenAI recently released two papers that set a new competitive standard for improving the quality, reliability and safety of AI models in these two techniques and more. The first paper, “OpenAI’s Approach to External Red Teaming for AI Models and Systems,” reports that specialized teams outside the company have proven effective in uncovering vulnerabilities that might otherwise have made it into a released model because in-house testing techniques may have missed them. In the second paper, “Diverse and Effective Red Teaming with Auto-Generated Rewards and Multi-Step Reinforcement Learning,” OpenAI introduces an automated framework that relies on iterative reinforcement learning to generate a broad spectrum of novel, wide-ranging attacks. Going all-in on red teaming pays practical, competitive dividends It’s encouraging to see competitive intensity in red teaming growing among AI companies. When Anthropic released its AI red team guidelines in June of last year, it joined AI providers including Google, Microsoft, Nvidia, OpenAI, and even the U.S.’s National Institute of Standards and Technology (NIST), which all had released red teaming frameworks. Investing heavily in red teaming yields tangible benefits for security leaders in any organization. OpenAI’s paper on external red teaming provides a detailed analysis of how the company strives to create specialized external teams that include cybersecurity and subject matter experts. The goal is to see if knowledgeable external teams can defeat models’ security perimeters and find gaps in their security, biases and controls that prompt-based testing couldn’t find. What makes OpenAI’s recent papers noteworthy is how well they define using human-in-the-middle

Read More »