DIGITAL LIFE

Erin Brockovich returns to the scene, but to lead resistance against data centers

For years, artificial intelligence has been presented as one of the most promising technologies of the 21st century. However, behind the advances in chatbots, automation systems, and generative models, there is a gigantic infrastructure that rarely appears in public discussions: data centers.

Now, one of the best-known environmental activists in the United States wants to draw attention precisely to this less visible side of the digital revolution. Erin Brockovich, whose story inspired the famous film starring Julia Roberts, has launched an online platform to monitor the construction of new data centers throughout the United States.

According to her, many communities only discover that a large technological project will be installed near their homes when construction is already well underway.

The initiative is called Brockovich Data Center and gathers information on existing projects, ongoing construction, and future planned data centers in the United States.

The goal is to offer transparency to residents and local authorities about a rapidly growing industry driven by artificial intelligence, cloud computing, and digital services.

Since the platform's launch in April 2026, thousands of people have submitted information and reports about projects near their communities.

For Brockovich, the problem is not only technological but also democratic. According to the activist, the population should not be the last to know about projects capable of profoundly transforming the environment in which they live.

Although they have existed for decades, data centers have entered a new phase of expansion with the explosive growth of artificial intelligence.

These facilities house thousands of servers responsible for processing, storing, and distributing information. The continuous operation of this equipment requires enormous amounts of electricity and sophisticated cooling systems.

It is precisely at this point that the main criticisms arise.

Experts and environmental organizations warn that a single data center can consume energy equivalent to that of a small city. In addition, many projects depend on large volumes of water to keep their equipment cool.

In some regions of India, residents have reported difficulties accessing water after the installation of these structures. According to reports released by environmental organizations, communities have begun to receive water supply for limited periods of the day due to the growing demand for water. Impacts that go beyond energy...Concerns are not limited to electricity and water consumption.

Critics also point to the increase in electronic waste production. As servers need to be constantly updated to keep up with technological evolution, large quantities of equipment end up being discarded after only a few years of use.

Another frequently cited problem is noise pollution. Ventilation and cooling systems operate continuously, generating noise that can affect both residents and local wildlife.

From an economic point of view, the benefits are also questioned. Although investments often reach billions of dollars, data centers tend to employ relatively few people after the construction phase.

Many facilities occupy areas equivalent to dozens of football fields, but operate with fewer than one hundred permanent employees.

Where expansion is most intense...The United States leads the number of data centers in the world, with approximately 5,400 facilities in operation.

Following are countries such as Germany, the United Kingdom, China, Canada, France, Australia, the Netherlands, and Russia.

The trend, however, is for accelerated growth. Thousands of new projects are planned for the coming years, especially in rural areas.

In Asia, countries like China, Japan, South Korea, and Taiwan are rapidly expanding their investments. In the Middle East, the United Arab Emirates, Saudi Arabia, and Qatar are also heavily investing in the sector.

In Europe, the Frankfurt region in Germany remains one of the largest global hubs for the industry.

Communities are beginning to react... The advancement of this infrastructure has provoked resistance in different parts of the world.

In the United States, some states are already discussing or implementing temporary moratoriums to slow down new construction while they study its impacts.

Similar cases have emerged in Ireland, the Netherlands, and several Latin American countries.

In Chile, environmental groups managed to block a project linked to artificial intelligence in 2024. In Brazil, local movements are also beginning to question new ventures, especially in the Northeast region, considered strategic for the sector's expansion.

In Germany, the American company EdgeConneX recently abandoned an energy project associated with a data center after facing opposition from the local population and municipal authorities.

The debate raised by Erin Brockovich highlights an increasingly relevant issue: every technological innovation has a physical and environmental infrastructure behind it.

As artificial intelligence becomes part of everyday life, the need to discuss the energy, water, and social costs that sustain this transformation also grows.

For Brockovich, the solution lies not in halting technological advancement, but in ensuring transparency, public participation, and proper planning. After all, while millions of people use AI tools daily, few know what is being built to make it all possible.

mundophone

 

DIGITAL LIFE

Ebola virus and the smartphone

The Ebola epidemic spreading through the Democratic Republic of Congo and Uganda has reignited an alert that goes beyond public health. Researchers and international organizations have been drawing attention to a less obvious, but increasingly relevant connection: the relationship between deforestation, mining, and the risk of new outbreaks of diseases transmitted from animals to humans.

At the heart of this discussion is the Congo Basin forest, the second largest tropical rainforest in the world, after the Amazon, and one of the most strategic regions for the digital economy. The Democratic Republic of Congo holds large reserves of cobalt, copper, coltan, gold, and other minerals used in smartphones, semiconductors, batteries, electric cars, and technology equipment.

Global demand for these inputs has driven industrial mining and, especially, artisanal mining, an informal activity involving hundreds of thousands of workers in the country.

According to a report in The Guardian, this rush for minerals has encroached upon forested areas and altered the ecological balance of regions where viruses like Ebola circulate in wild animals, mainly fruit bats, considered likely natural reservoirs.

The logic is straightforward. When the forest is felled or fragmented, animals that previously remained in more preserved areas begin to occupy smaller fragments of forest, often closer to human communities, mining camps, and makeshift settlements. This more frequent contact increases the chances of viruses present in wild animals reaching people.

The problem is not only environmental but also economic. The digital economy depends on minerals extracted in areas where governance is weak, health infrastructure is limited, and armed conflicts hinder any rapid response. In eastern Congo, where some artisanal mining is concentrated, workers enter forested areas in search of gold, coltan, and other minerals, often without adequate sanitation, housing, or medical assistance.

This scenario creates a favorable environment for the spread of diseases. Mining camps and mining villages often bring together people from different regions, with high mobility and low coverage of public services. If an infection arises in these places, it can spread more rapidly than in isolated communities.

The current outbreak is caused by the Bundibugyo virus, a type of Ebola considered serious and for which there is no approved vaccine or specific medication. In June, the United States Centers for Disease Control and Prevention counted hundreds of confirmed cases in the Democratic Republic of Congo and Uganda. The World Health Organization had already classified the situation as a public health emergency of international concern, due to the risk of regional expansion.

The relationship between mining and Ebola, however, is a simple causality. There is no proof that artisanal mining was the direct origin of the current outbreak. What studies indicate is that deforestation and forest fragmentation increase the risk of pathogen spillover, the moment when a virus passes from animals to humans.

The English website cites the case of Mongbwalu, a mining town in northeastern Congo, as an example of this overlapping risk. The region appears among the locations associated with the first clusters of fatal cases in the current outbreak and is also surrounded by gold mining areas. Satellite images analyzed by researchers indicate recent progress in forest loss around the city.

Demand for minerals...The International Energy Agency, linked to the Organisation for Economic Co-operation and Development (OECD), projects significant growth in demand for critical minerals in the coming decades. Congo, in turn, occupies a central position in this dispute. According to the United States Department of Commerce, the country holds between 50% and 70% of the global supply of cobalt, in addition to significant reserves of copper, coltan, lithium, and gold.

This concentration places governments and companies before a difficult choice. Ignoring Congo is not a realistic option for the global clean energy and technology industry. At the same time, maintaining supply chains based on informal extraction, deforestation, and weak oversight tends to increase reputational, social, and environmental risks.

Experts argue that the response cannot be limited to the emergency fight against Ebola. It is necessary to strengthen health systems, expand epidemiological surveillance, protect forests, and create stricter mechanisms for mineral traceability. It also involves supporting economic alternatives for local populations, who often turn to artisanal mining because agriculture has become less viable in the face of conflict, poverty, and climate change.

For consumers, the connection between a smartphone and an epidemic may seem distant. But it reveals a less visible facet of the digital economy. Every electronic device depends on a global chain that begins long before the factory, in mines, forests, and communities that rarely appear in innovation campaigns.

This discussion doesn't mean that cell phones, semiconductors, or batteries are directly responsible for Ebola outbreaks. The point is broader: the growing demand for technology is reorganizing territories, putting pressure on ecosystems, and creating risks. In the age of artificial intelligence, electric vehicles, and permanent connectivity, the question of the origin of minerals becomes as important as the innovation they help to build.

mundophone

TECH

Star Wars Zero Company now has an official release date

Fans of the galaxy far, far away have great reason to celebrate. Electronic Arts took advantage of the spotlight at Summer Game Fest 2026 to reveal more details about the highly anticipated Star Wars Zero Company.

The new title promises to bring a genuine breath of fresh air to the franchise, betting on a turn-based tactical strategy format that immediately reminds us of the classic XCOM. It's a different approach from the usual frenetic action we're used to seeing, but it has everything to keep players glued to the screen for hours on end.

Developed in a powerful partnership between Respawn Entertainment and the newly created studio Bit Reactor, the game has just received its first gameplay trailer. The best news of all is that the mystery is over and we already know exactly when you can get your hands on this adventure.

The narrative takes us back to the ever-fascinating period of the Clone Wars, putting you in the shoes of Hawks, a former officer of the Galactic Republic. Your main mission will be to recruit and lead the “Zero Company,” a rather peculiar group composed of mercenaries, astromechs, and renegades from across the galaxy.

Your squad's ultimate goal is to stop the forces of Kundri Fathom, the fearsome leader of a cult focused on the dark side of the Force. Along the way, and as one would expect in a title of this magnitude, you will encounter iconic figures from the saga, including the unavoidable Jedi General Anakin Skywalker.

All the action takes place from an isometric perspective, where every military decision can mean the difference between a heroic victory and a crushing defeat. It's, at the very least, thrilling to see the Star Wars universe embracing this more cerebral and demanding genre with such a high level of detail and customization.

Electronic Arts, Bit Reactor, and Respawn Entertainment announced during the Summer Game Fest 2026 broadcast that Star Wars Zero Company will be released for PlayStation 5, Xbox Series, and PC (Steam and Epic Games Store) on August 27, 2026.

The companies also revealed the official prices for the game:

PC (Steam and Epic Games Store): $49.99

PlayStation 5 and Xbox Series: $59.99

Deluxe Edition (Steam and Epic Games Store): $59.99

Deluxe Edition (PlayStation 5 and Xbox Series): $69.99

The Deluxe editions will include additional content to be detailed later.

From the Star Wars Zero Company Steam page, we can read: Command an elite squad in a story of courage and authenticity in Star Wars Zero Company, a turn-based tactical single-player game set in the twilight of the Clone Wars. You will play as Hawks, a former Republic officer who leads Zero Company, as they are recruited for an operation that puts them in the path of an emerging threat that will consume the galaxy if left unchecked.

Lead the most astute Agents of Clone Wars...Command the galaxy's best agents in tactical operations, investigations, and other intense and thrilling missions through an original cinematic story.

Choose Your Path to Victory...Strategize and adapt, whether in your base of operations or on an ever-changing battlefield, so that every decision counts; the results of your choices make each gameplay experience different.

Engage in Tactical Combat in the Star Wars Universe...Mobilize a team of operatives comprised of a variety of archetypes, from bandits to astromechs, or even a Jedi, using an arsenal of tactical skills to outmaneuver and defeat your enemies.

Create deep bonds with your Squadron... Enhance your squadron's skills as you deploy them on missions, where they'll learn to work together and unlock new combat synergies that can make the difference between victory and defeat.

Customize your Fight...Customize Hawks' combat specialization and appearance, then recruit your team with original, personalized Star Wars characters whose appearances, equipment, and abilities adapt to your playstyle.

If you're already eager to don the commander's suit, mark August 27th on your calendar. The game will be released on major current-generation platforms, ensuring that console and PC lovers don't miss out on this tactical war.

Electronic Arts has already opened pre-orders for those who like to secure their one-way ticket to space in advance. The standard edition is priced around US$70, and there's also a Deluxe version that offers exclusive cosmetics for the most dedicated players.

This launch marks a bold move by the brand into a very specific niche of the video game market. Now we just have to wait a few more months to test our strategic thinking and try to save the galaxy with our own team of renegades.

TECH

Semiconductors enter 'multi-tasking' era: New device cuts required components by 75% and quadruples processing speed

Less than two decades after smartphones fit into the palm of our hands, artificial intelligence is now running on devices worn on our wrists. The challenge is that while devices continue to shrink, the amount of data they must process and the number of functions they must perform are growing exponentially. A research team at POSTECH (Pohang University of Science and Technology) has found a promising way to address this contradiction.

A team led by Professor Byoung Hun Lee of the Department of Electrical Engineering and the Department of Semiconductor Engineering at POSTECH, together with Dr. Jae Hyeon Jun of the Department of Electrical Engineering, has developed a transistor technology that enables a single semiconductor device to perform multiple circuit functions simultaneously. The new approach significantly simplifies circuit design and increases data processing speed fourfold compared with conventional methods. The findings were published in Advanced Functional Materials.

One of the key challenges in the semiconductor industry is integrating more functions into smaller chips. As the number of functions increases, so do the number of circuits and transistors required. However, when adding new functions to previously fabricated semiconductor chips, back-end-of-line processing must be conducted at temperatures below 400 C to protect the existing chip structure.

The research team focused on zinc oxide (ZnO) and tellurium (Te). Both materials can be fabricated as thin, uniform films at temperatures below 200 C, making them promising candidates for next-generation semiconductor materials. By combining the two, the team created a ZnO–Te heterojunction transistor.

Structure of the ZnO–Te heterojunction device and double NDT, D-NDT, characteristics that generate double current peaks within a single device through control of the geometric overlap length. Credit: POSTECH

The device controls current flow in a highly distinctive way. Unlike conventional semiconductors, in which current generally increases as voltage rises, this device exhibits negative differential transconductance (NDT), in which current decreases over a certain voltage range. The team successfully realized double negative differential transconductance (D-NDT), in which this phenomenon occurs twice in succession within a single device. In simple terms, the technology allows a single device to handle tasks that would normally be divided among multiple devices, thereby reducing circuit complexity.

The key lies in precisely controlling the overlap length between the two materials. When the overlap region is short, the current changes only once. However, as the overlap region becomes longer, both lateral and vertical currents form simultaneously within the device, generating double current peaks. Just as a current flowing in a straight line becomes capable of more complex routing when it meets a three-dimensional intersection, the device becomes capable of more complex signal processing.

Using this device, the team implemented a frequency quadrupler that converts one input signal into four output signals. This function would typically require multiple transistors, but the new technology achieves it with a single device, reducing the number of required transistors by 75%. In actual circuit experiments, the researchers also confirmed that data processing speed increased fourfold within a single input signal cycle.

"This study demonstrates the possibility of implementing complex circuit functions at the level of a single device," Lee said. "We expect this technology to be widely applicable to the development of ultra-compact AI devices and three-dimensional integrated, highly dense semiconductor systems."

Provided by Pohang University of Science and Technology 

DOSSIER

TECH

The boom in data centers and the boom in inflation in energy bills for the average consumer

The rapidly rising cost of electricity in the United States threatens to claim its biggest victim yet: the nation's largest power grid operator.

Federal authorities have begun considering the possibility of splitting up PJM Interconnection, responsible for managing the grid that stretches from the prairies of Illinois to the coast of New Jersey. The expansion of new data centers is putting pressure on the electricity supply in the 13 states served by PJM, driving up prices and fueling a political backlash.

Regulators, state officials, and executives in the electricity sector complain that the organization is taking too long to approve new power plants and generation projects capable of keeping up with the growth in demand.

Even the CEO of PJM stated that the current situation is "not sustainable," arguing that the entity cannot guarantee sufficient energy supply in the future while simultaneously protecting residential consumers from rising tariffs.

One of the largest energy utilities in its area of ​​operation, American Electric Power, even threatened to leave the organization, which could lead to the incorporation of its transmission lines into another nearby regional grid.

The FERC, the country's energy regulatory agency, has called a meeting for July 23 to discuss possible reforms, including changes to the governance of the PJM.

The FERC chair warned last month that the PJM may need to be broken up into smaller, more manageable parts if reforms do not appear feasible. A senior White House official, speaking on condition of anonymity, also stated that a split should be considered if necessary.

The organization's inability to act more quickly, said FERC chair Laura Swett, jeopardizes the United States' leadership in the field of artificial intelligence.

"The PJM is on the front line; it is the laboratory of national and economic security upon which our country can prosper or fail," Swett stated during the organization's annual membership meeting, held on May 12 in Baltimore.

"We now face historically unprecedented demand and the possibility of a historically unprecedented catastrophic failure."

Founded nearly a century ago, PJM Interconnection manages the transmission grid that supplies electricity to 67 million people—almost a fifth of the United States' population.

Its vast territory also houses some of the largest concentrations of new data processing centers in the country, especially a strip in northern Virginia now known as "Data Center Alley." After decades of modest growth, energy demand is skyrocketing.

Prices are following this trajectory. In the first three months of this year, electricity prices in the PJM grid's wholesale market jumped 76% compared to the same period of the previous year, reaching an average of US$136.53 per megawatt-hour. Capacity costs, a mechanism that ensures sufficient energy supply during periods of higher demand, have increased by almost 400%.

The rise in electricity bills is causing political turmoil in the United States on the eve of this year's legislative elections, and officials from different political currents have blamed PJM for part of the problem.

Pennsylvania even threatened to leave the organization. President Donald Trump, accompanied by governors from several states, requested that the PJM hold a special energy auction in which technology companies would finance the construction of new power plants by bidding for 15-year electricity capacity contracts. In response, the PJM stated that it will change the way data centers and suppliers enter into contracts and will anticipate the contracting of new energy supply.

"There is no clear plan from the PJM to simultaneously address tariff affordability and system reliability," said Maryland Governor Wes Moore, considered by some to be a potential Democratic presidential candidate in 2028, at the opening of the PJM's annual meeting in May. "Even if we hadn't foreseen the scale of the phenomenon, data centers are nothing new, and we've known for some time that we would see many more of them."

"The PJM failed to anticipate this," he added.

A representative from PJM stated that the organization generates significant value for the states it serves and will continue working to address supply shortages.

— We understand the states' concerns about tightening electricity supply and increasing demand, which pose challenges to both reliability and tariff affordability — said spokesperson Jeffrey Shields.

— PJM has been warning about these issues for several years and remains committed to working with states and its members to address these common challenges.

Part of the problem lies in PJM's complex and unusual structure. The organization oversees both electricity transmission and the markets and auctions that determine energy prices. Technically, it is a private company, but it operates as a membership association.

Its more than 500 voting members — including utilities and power plant operators — can influence policies through internal committees, although the entity also has a technical team and board of directors that make their own decisions. Frequently, the interests of the participants diverge profoundly: some advocate for the expansion of renewable sources, while others continue to bet on coal.

Its CEO, David Mills, took office just a month ago. In a letter sent to market participants, he described a “credibility gap” between the need for high prices to stimulate the construction of new power plants and the obligation to protect consumers from unsustainable tariffs. According to him, limiting the prices paid by consumers means reducing incentives for the entry of new energy generation.

— My job is to ensure that PJM stops being seen as the punching bag responsible for solving all these problems — Mills stated during the annual meeting. — It will require a collective effort.

One of PJM's main challenges will be reforming the so-called capacity market, a mechanism created to guarantee sufficient energy during the dozens of hours per year when demand peaks and the risk of blackouts increases.

According to a recent report from the independent PJM market monitor, the data center boom added approximately US$23 billion (about R$116 billion) to the cost of this "insurance" for the three-year period ending in mid-2028.

How the PJM will be structured a year from now will depend on the decisions made by the organization and its regulators in the next two months, according to a White House official who spoke on condition of anonymity due to the sensitivity of the issue.

There is even a risk that the network operator will dissolve without federal intervention if American Electric Power (AEP) abandons the organization and other utilities follow suit.

FERC President Laura Swett made it clear in her speech at the PJM annual meeting that profound changes may be necessary.

"We are facing a moment of profound consequences. Personally, I am very willing to act aggressively when the future of the country is at stake," Swett stated.

More pollution...A surge in Australian data centre construction driven by AI risks pushing up power bills and climate pollution, according to a new report from the Climate Council.

The report, Clouded future: Managing risks of the data centre boom, reveals that Australia is already a global investment hotspot – second only to the USA in 2024 – with 162 data centres in operation and more than 90 projects in the pipeline.

 

Unchecked, this growth risks:

↑ 26% wholesale electricity price rise in NSW, and 23% rise in Victoria by 2035 if data centre demand is met with gas, not renewables

↑ 14% more climate pollution from our main electricity grid by 2035 without intervention

3X projected growth in data centre energy demand by 2030 – making their power use equivalent to all Victorian homes – in the midst of the clean energy build out 3X projected growth in water demand by 2030 as our climate is becoming hotter and drier. Water utilities have received single site connection requests to be able to use up to 40 million litres a day (equivalent to 16 Olympic swimming pools).

But proactive, swift Government action can better align data centre growth with Australia’s switch to clean, reliable and affordable energy. Requiring new data centres to match their load with low cost, new renewables and storage will protect Australians from price hikes and pollution surges.

Climate Council CEO Amanda McKenzie said:

“Australia is navigating a dual boom: a critical switch to a clean energy system and a historic surge in digital infrastructure. To protect the Australia of tomorrow, our governments must act today.

“Data centres are hungry for energy. Governments must proactively manage the surging demand, making sure that they are powered with clean renewable power. If they don’t, there is a big risk that they will push up pollution from coal and gas at a time when we’re already living through more frequent floods, and ferocious fires.

“Unchecked construction of data centres would hit Australians in the hip pocket, too, if their high energy demand is met by expensive and polluting gas rather than additional renewables. But, matching new data centre load with low cost, new renewables and storage will protect households, and other businesses from those costs.

“There is an opportunity to align the expansion in datacentres with climate action, and the time for Government action is now.”

Climate Councillor and energy expert, Associate Professor Joel Gilmore, said:

“How we manage this industry will shape our energy system – and climate – for decades to come. Done poorly, data centres threaten to derail our switch to clean energy – which will push up pollution and power prices. With government intervention and enforceable requirements, data centres can play a role in our clean energy shift, support grid reliability, and avoid unnecessary power price rises.

“Data centres are like a giant snowball rolling down the mountain. If they don’t bring new, low-cost renewables and storage with them and pay for the energy and water infrastructure upgrades they need, they’ll be dumping massive costs onto households and businesses.

“These are large, well-resourced corporations who can afford to pay for the clean energy they need. Australian households should not be subsidising big American tech companies – our governments must act swiftly to insist that these companies come to the party with additional renewable energy and storage.’’

mundophone

DIGITAL LIFE

AitM Attack: a modern and highly dangerous evolution of the classic MitM (man-in-the-middle)

The world of cybersecurity never sleeps, and threats evolve at a dizzying pace. If you thought traditional phishing was already a tremendous headache, get ready to meet an even more insidious and effective cyber threat.

We're talking about the AitM (Adversary-in-the-Middle) attack, a modern and highly dangerous evolution of the classic MitM (Man-in-the-Middle). Instead of simply cloning an old-fashioned login page, the cybercriminal literally places themselves in the middle of your real-time connection to a legitimate service.

What makes this scheme at least frightening is its incredible ability to bypass two-factor authentication (MFA). Attackers don't just want to discover your password; they want to hijack your validated session without you even realizing it.

How this silent assault works...In practice, in an AitM attack, the hacker sets up a malicious proxy server that acts as an invisible intermediary. When you click on a fraudulent link, your traffic begins to be routed through this server before reaching its final destination, such as your bank or corporate email.

From your side, everything seems perfectly normal. The page loads, the design is correct, and there's no great reason to be suspicious. However, as you enter your data, the attacker is forwarding this information to the real server, capturing everything that travels from one place to another.

The theft of your session and the MFA bypass...The true evil ingenuity of this attack is revealed in how it handles multi-factor authentication (MFA). When you enter your code received via SMS or generated in an app, the attacker passes this code directly to the real website.

As soon as the website validates the login and returns the precious session token (a cookie that tells your browser you are logged in), the attacker's server intercepts this token. With this key in hand, the hacker can access your account without needing passwords or new verification codes, assuming your digital identity.

Warning signs and courses of action...Although complex and invisible at first glance, these attacks leave some clues along the way. Most campaigns begin through fraudulent emails, suspicious SMS (Smishing), or even manipulated QR codes (Quishing) that throw you directly into the clutches of the proxy.

To avoid becoming the next victim, it is essential to keep an eye out for some technical and behavioral indicators. These are the main signs that you may be suffering from this type of attack:

URLs with suspicious patterns, small spelling errors, or strange subdomains that try to mimic the originals.

Security certificate warnings in your browser, indicating that the connection is not private.

Unexpected login requests, unusual delays during authentication, or repeated credential requests in the same session.

Unusual activity spikes recorded in account reports, such as sessions initiated from disparate geographical locations at the same time.

How can you keep your security intact...Defending against a threat that lives in the middle of your connection requires smarter tools than the attacker himself. The use of physical hardware security keys (such as FIDO2 or WebAuthn) is one of the most robust solutions, since the cryptographic process validates the real domain and blocks authentication if it detects the proxy in the middle.

Password managers remain excellent allies in this fight. Because they work based on the exact domain of the site, a manager simply refuses to automatically fill in your data if the URL address in the browser is not correct, cutting the attack off at the root.

To complement these defenses, reinforcing your arsenal with a comprehensive protection suite ends up being the most logical step. Surfshark, for example, offers tools that go far beyond a simple VPN connection to hide your IP. Thanks to antimalware features, the service actively blocks dangerous domains and phishing attempts before the page even loads. If you end up clicking on that fraudulent link that starts the AitM scheme, the platform blocks the connection at the source, ensuring that your data never falls into the wrong hands.

What is an AiTM attack? An Adversary-in-the-Middle (AiTM) attack is a phishing technique that uses a reverse proxy to intercept credentials and session tokens in real time. Unlike static phishing pages, AiTM actively relays traffic to the legitimate identity provider, allowing attackers to bypass multi-factor authentication (MFA) by capturing the authenticated session cookie.

The attack unfolds in three stages:

Luring and redirecting to a fake login. The attack begins with a phishing email designed to bypass standard filters and create a sense of urgency. Instead of a static attachment, the email contains a URL that directs the victim to the attacker's proxy server, rather than the legitimate service.

The reverse proxy steals credentials and session cookies. As soon as the user interacts with the fake website, the reverse proxy relays the entered information to the legitimate identity provider in real time. This "man-in-the-middle" position allows the attacker to capture not only the password, but also the multi-factor authentication (MFA) response and the resulting session cookie.

Account takeover and lateral movement. Possessing a valid session cookie, the attacker assumes the user's digital identity without triggering new multi-factor authentication (MFA) requests. This access is immediately exploited to establish persistence, such as creating mailbox rules to hide activities, or to perform lateral movements in critical systems, such as financial and cloud environments, for business email compromise (BEC) campaigns.

AiTM attacks vs. classic Man-in-the-Middle (MitM) attacks: What's the difference? Classic Man-in-the-Middle (MitM) attacks exploit network vulnerabilities to intercept data in transit secretly, usually by decrypting traffic on a compromised connection (such as a public Wi-Fi network). In contrast, an AiTM (Air-in-the-Middle) attack directly targets the login process to hijack an identity session. It completely bypasses the network layer by using a reverse proxy to deceive the user and gain access for the attacker.

mundophone

DIGITAL LIFE

AI worm adapts across networks, turning any online device into potential target

A team of researchers at the University of Toronto has discovered a new class of cyberthreat that gives hackers more power and reach at far less cost. It can be built with free AI models. Every online device is a potential target. And current cyber defenses are not yet ready for it.

The researchers, who posted their study to the arXiv preprint server on June 2, are believed to be the first to show that publicly accessible AI models can be used to power a worm that adapts its strategy as it spreads from one device to the next. It can seize control of an entire network and hijack computing power to allow hackers to launch sophisticated attacks at virtually no cost.

Conducted in a secure digital lab walled off from the outside world, the research shows that highly skilled hackers don't need cutting-edge AI or deep pockets to unleash malware capable of learning, calculating and pivoting in real time—exploiting known vulnerabilities in each device as it proliferates across a system.

The findings raise profound concerns about the security of our interconnected world—from financial systems to hospitals to the networks underpinning critical services.

"It was imperative for us to understand this threat in a controlled, academic setting before bad actors figured it out for themselves," says Nicolas Papernot, who authored the research alongside members of his CleverHans Lab located at U of T and the Vector Institute, where he is a Canada CIFAR (Canadian Institute for Advanced Research) AI Chair.

Papernot—who is also an associate professor of computer engineering in U of T's Faculty of Applied Science & Engineering and computer science in the Faculty of Arts & Science—added that the research was shared only after careful scrutiny to remove any information that could aid threat actors, noting it is well understood that such efforts are underway behind closed doors. He says he felt compelled to go public as early as possible to give researchers, policymakers and the general public a chance to protect themselves against an emerging threat that stretches from everyday laptops to HVAC systems and the energy grid.

Before publishing, the researchers shared their findings with national science, security and defense bodies and sought advice on how to responsibly release the information.

"The reason we are doing this research is to ensure the security of the digital ecosystem we all rely on—to keep people safe. This finding catapults us into a new era of cybersecurity," says Papernot, a faculty affiliate at U of T's Schwartz Reisman Institute for Technology and Society, which focuses on ensuring AI is responsible, inclusive and beneficial for everyone.

"By understanding the risks, we are now positioned to develop the countermeasures needed to detect and defend against threats like this."

Underestimated threats...One of the world's leading cybersecurity experts, Papernot has made it his lab's mission to anticipate the security concerns that matter most—even the ones the cybersecurity community isn't paying attention to yet.

The rise of the most powerful AI models, like Anthropic's Claude Mythos, has sparked widespread alarm over their unprecedented capacity to unearth hidden security flaws, even as big-tech players maintain tight controls to prevent misuse.

Papernot's team, however, was interested in the potential misuse of smaller, relatively simple models that anyone can download and modify for free. While valuable for researchers and developers, these "open-weight" AI models can be stripped of their safety guardrails and, with enough technical knowledge, manipulated to do harm.

This risk is often downplayed on the assumption that these models lack the power to do real damage. So, Papernot's team decided to put that assumption to the test in a safe, academic setting.

An AI-driven worm propagates across a heterogeneous network by parasitically acquiring computational resources for autonomous reasoning. Credit: arXiv (2026)

Building a prototype...A worm is a digital invader that crawls through a network, copying itself onto every device it touches—no clicks required and without users' knowledge. If it takes root, it can wreak havoc across an entire system. Traditionally, this type of attack follows a fixed script programmed by a human. If it hits a defense it wasn't programmed to crack, it fails. Cybersecurity experts know this and have built protections to contain such threats.

For their AI-powered version, Papernot's team built a proof-of-concept prototype in a secure, closed system, taking extensive precautions. Their experiments emulate the capabilities of an AI-driven worm in a simulation of dozens of interconnected devices, including laptops, printers and cameras.

The researchers' work showed that open-weight AI models could be used to engineer a far more sophisticated threat—one that can scope out each target, tailor its attacks and take over a machine before cloning itself onto the next one. The worm also gathers information as it moves deeper into a network, with every breach revealing passwords and weak points that can unlock another machine. And because it adapts, no single defense can stop it.

The worm extends its reach at its victims' expense. Once it embeds itself in a machine, the AI worm siphons processing power to fuel its reasoning and launch the next attack. This stolen compute propels its spread, essentially eliminating the cost of each new infection.

"Hackers have typically had to prioritize the most high-value targets because time and computing resources were limited," Papernot says. "But now, once a worm is launched, the cost would drop to nearly zero."

Unlike prior research on a worm that spreads itself through AI applications, the researchers' prototype represents a threat that can operate outside AI systems to attack the underlying software, putting a much wider range of devices at risk.

"Every device connected to the internet—laptops, cameras, smart thermostats and everything else—becomes a potential target, if not for the data it holds, then as a foothold to attack more valuable targets."

A new era of cyberthreat...While the research demonstrates that AI worms don't require expensive models or computing power, building one still demands technical expertise. Even so, Papernot suspects that the window for defenses is rapidly closing—and that the cybersecurity world isn't ready for what is coming.

Unlike the powerful, heavily safeguarded Mythos, the prototype does not root out unknown weaknesses. But in an uncontrolled setting, the worm could gain internet access and scan and exploit warning notices about newly discovered vulnerabilities, outpacing the software patches meant to stop them.

Some of these can be fixed with software updates. But others are human errors such as weak passwords and sloppy IT setups that can't be solved by pushing out a patch. That means a hacker doesn't need the most advanced AI models to cause unprecedented damage.

"In an interconnected world, no system is immune to this threat," Papernot says. "Sharing these findings is the first step in galvanizing researchers, industry leaders and policymakers to take action—and quickly."

Every device is a potential source of information for the next attack, so locking down your own makes the whole network tougher to crack. Papernot urges IT professionals to shore up any security settings that could leave their systems exposed. Users need to do their part, too.

"Everyone has a role to play in keeping us safe," Papernot says.

That means practicing good security hygiene: Keep your devices patched and up to date. Use strong passwords. Enable multifactor authentication.

"We can no longer afford to hit 'ignore' on software updates," he says. "Every door you close is one less way in, so it's worth taking a few minutes to reboot."

Disclosure for defense...For Papernot, publishing the findings is itself an act of defense that academic research is uniquely positioned to mount.

He points to the precedent set by University Professor Emeritus Geoffrey Hinton, who won a Nobel Prize for his role in ushering in the AI revolution. "Geoffrey has been vocal about the role academic research plays in shaping decision-making when it comes to regulating AI. This type of collective mobilization by academia, industry and governments is exactly what we need to address this new threat we have identified here with AI-driven computer worms."

It is a well-established practice in cybersecurity research to build proof-of-concept prototypes in controlled environments to better understand emerging threats and evaluate defenses against them. Conducting such studies in an academic setting ensures that the research remains independent, upholds ethical and safety standards and is open to review and scrutiny, ultimately benefiting the broader community.

Papernot credits his co-authors and collaborators Jonas Guan, Tom Blanchard, Hanna Foerster, Hengrui Jia and Gabriel Huang for helping bring this threat to light.

His lab is already hard at work developing countermeasures. And he says U of T is the perfect place to do it. "U of T brings the deep AI expertise, multi-disciplinary talent, safe research environment, infrastructure and institutional scale crucial to solving big problems like this," he says. "And the solutions to this problem will involve the increased availability of open-source AI models of all sizes and transparency from the companies creating the most powerful models.

"We're ready to work with the rest of the world to find solutions and build a safer future."

 

Provided by University of Toronto