The March Weird
That's AI, Alibaba and the Forty GPUs, suspicious mines, the Lego propaganda movie, hot dog search poison, CCPeeping, the coldest of emails, definitely only for dogs
Welcome back to your monthly Weird, where I usually use alliteration to say something sarcastic or tongue-in-cheek about the state of the world and how we try to write about it here.
But with everything that’s going on in the world right now, you’re probably bubbling at or just under capacity anyway, and March has delivered a stupendous crop of weirdness that I’m eager for us to get into. I’ll spare you the preamble and just say that we’ve got some great episodes of the podcast coming up with some really interesting people, and I hope you listen to them.
And now, onwards!
That’s AI
As an amuse-bouche, here’s a fun short film (3 mins.) that riffs on how everything seems to be either fake or deepfake in the age of AI:
The Lego Propaganda Movie
In case you don’t watch television, don’t drive, and don’t receive sensory input through your eyeballs and earholes, the United States and Israel are engaged in a kinetic action that looks, sounds, and smells suspiciously like a war with the Islamic Republic of Iran.
Of course, for the United States to enter a war, the president would have had to seek approval from Congress because of this thing that they use over there called the Constitution. Trump just went ahead and did it anyway, so since that definitely has to be legal because the president’s doing it, as per Richard Nixon’s infamous quote and the Supreme Court’s idiotic opinion on the limits to executive branch power (spoiler: there are none), I suppose it is a kinetic action and definitely not a war.
As is almost always the case with war kinetic action, the first casualty is the truth, which is a phrase in journalism used to describe how writing about a war involves bullshitting people so they get on board with the organised killing of other people.
In reality, of course, the first casualty of a war is almost always a human, often lots of humans, and historically those humans get described in the aggregate or zeroed in on for human interest impact in the singular, but rarely considered in their fullness as thinking, feeling beings, like you and I in every possible way other than that they are somewhere that bombs are falling, where they cannot get clean water or electricity, where their jobs are either gone or unworkable, their homes are endangered, and their own government is holding them hostage because of its indifference to their suffering and death and its obsession with maintaining power at all costs.
None of this is to elide the fact that Iran was essentially conducting a clandestine war for decades through its network of proxies, terrorist groups, militias, and individual cells of lunatics willing to murder anywhere and everywhere for whatever stupid reason came into their heads as long as the Islamic Republic was paying their bills.
And it’s also a cruel irony that this war broke out at exactly the point that the Iranian public’s impatience with the mullahs had reached fever pitch. It looked like a real popular uprising that was not going to be quelled simply by brutality and repression was breaking out in a way that might bring some change to the country, change that the Iranian people have been hoping for and working towards for generations.
So it’s no surprise that the Iranian regime is producing videos propagandising their aims in this war and broadcasting them on local television to whip up nationalist patriotic fervour that they hope will override the fact that the citizens, generally speaking, despise their own government and want it replaced with something that more closely resembles a democracy. What is totally wild is that they’re doing it using the children’s toy Lego as the illustrative mechanism for that propaganda.
It’s bad enough that all of these power-mad crazies are doing this to one another, with civilians in the firing line, but does the media they produce to justify it have to take it so damned lightly?
Suspicious Mines
Meanwhile, the Strait of Hormuz remains closed, technically speaking, at least to any ships remotely affiliated with the belligerents in the conflict with Iran. China and Malaysia are managing to get their ships through with prices ranging from free to a couple of million dollars per ship, as per Shanaka Anslem Perera:
Iran has built a three-tier access system for the most important waterway on earth. Tier one: allies transit free. Malaysia cleared seven vessels through diplomacy at zero cost. India negotiated zero-fee passage. Pakistan secured clearance for 20 ships. Iraq transits without charge. These countries proved geopolitical alignment and the IRGC waved them through the Larak corridor without collecting a rial.
Tier two: compliant neutrals pay. At least two tankers, likely Chinese-linked, paid up to two million dollars each in yuan through Kunlun Bank intermediaries. COSCO container ships attempted the corridor, were turned back on first approach when documentation was incomplete, then succeeded days later with revised paperwork. These are the vessels that prove the system works. They submit IMO numbers, ownership chains, cargo manifests, and crew lists to the IRGC’s Hormozgan Command. They receive clearance codes. They are escorted by pilot boats through the five-nautical-mile channel between Qeshm and Larak. They pay in a currency that does not route through SWIFT. Every successful yuan transit is a live proof-of-concept for non-dollar energy settlement.
Tier three: adversaries are denied entirely. The committee plan bans American vessels, Israeli vessels, and vessels from any country participating in sanctions against Iran. These ships do not get vetting. They do not get codes. They do not get escorts. They get the AL SALMI, burning off Dubai, as illustration of what the corridor looks like without permission.
Despite the commentariat’s bleating about Iran closing the strait, the real closure was effected with a few keystrokes in the offices of the insurance “clubs” that bear the counter-party risk for the tankers.
Several leading mutual marine insurers, including Norway’s Gard and Skuld, the UK’s NorthStandard and the London P&I Club, and the New York-based American Club, said they were cancelling war risk cover for ships operating in the region.
Isn’t it just like an insurance company to cancel a policy right when you need it?
The consequences, as Anslem Perera points out, are that nothing can move through the strait except oil and, of that, only oil in the hands of a very few countries:
A VLCC carrying $50 million in crude oil can absorb a combined $3 million in toll and insurance as a fraction of cargo value. A container ship carrying $5 million in manufactured goods cannot. The insurance premium alone exceeds the profit margin on non-oil cargo. The strait has become an oil-only VIP lane. Crude flows selectively for those who can pay the combined cost. Everything else waits, reroutes around the Cape of Good Hope, or does not move at all.
This isn’t just a tap you can turn on and off. These insurance clubs won’t reinstate cover in anything other than a case-by-case manner for quite a long time. Now that Iran has shown that it’s willing to fire missiles at pretty much anything in the region that smacks of not being a total ally or an absolutely neutral party, the future cost of shipping, even if some semblance of peace is recovered, will likely be much higher if not outright prohibitive. And that’s if goods can pass through the region at all.
The hard reality of the economics underneath the skin of geopolitics is something that hasn’t necessarily made it into the mainstream conversation about this conflict. That’s why we get amusing AI-generated videos like the one below, in which Donald Trump channels Elvis on a gen-AI version of The Ed Sullivan Show.
Alibaba And The Forty GPUs
Okay, you got me, it wasn’t forty, but I needed that pun. I needed it.
An “agentic crafting” AI research project affiliated with the Chinese e-commerce company Alibaba “encountered an unanticipated—and operationally consequential—class of unsafe behaviors that arose without any explicit instruction and, more troublingly, outside the bounds of the intended sandbox.” Emphasis in the original.
As per The Independent:
An autonomous artificial intelligence agent in China has been caught hijacking computing power in order to secretly mine cryptocurrency, researchers have revealed.
The experimental AI agent ROME, developed by research teams affiliated with the tech giant Alibaba, broke free of its parameters during routine training to carry out rogue operations.
The unauthorised actions were initially flagged as a security incident, before the researchers realised that the AI had bypassed firewalls independently without permission.
In a research paper called Let It Flow: Agentic Crafting on Rock and Roll, the team described how “[a]gentic crafting, unlike one-shot response generation for simple tasks, requires LLMs to operate in real-world environments over multiple turns—taking actions, observing outcomes, and iteratively refining artifacts until complex requirements are satisfied.” So they set out to develop an AI that could behave in a complex manner and determine for itself what it needed to do to satisfy the requirements of a given task.
Then this happened:
Early one morning, our team was urgently convened after Alibaba Cloud’s managed firewall flagged a burst of security-policy violations originating from our training servers. The alerts were severe and heterogeneous, including attempts to probe or access internal-network resources and traffic patterns consistent with cryptomining-related activity. We initially treated this as a conventional security incident (e.g., misconfigured egress controls or external compromise). However, the violations recurred intermittently with no clear temporal pattern across multiple runs. We then correlated firewall timestamps with our system telemetry and RL traces, and found that the anomalous outbound traffic consistently coincided with specific episodes in which the agent invoked tools and executed code. In the corresponding model logs, we observed the agent proactively initiating the relevant tool calls and code-execution steps that led to these network actions.
“Crucially,” the researchers note in their paper. “[T]hese behaviors were not requested by the task prompts and were not required for task completion under the intended sandbox constraints.”
That means that “a language-model agent can spontaneously produce hazardous, unauthorized behaviors at the tool-calling and code-execution layer, violating the assumed execution boundary.”
In case you don’t speak or read Nerd at a graduate level, that means their AI didn’t keep itself within the limits they set, and obtained access to things they didn’t think it could get access to in order to do things they hadn’t told it to do that weren’t needed for the job they’d given it.
In the most striking instance, the agent established and used a reverse SSH tunnel from an Alibaba Cloud instance to an external IP address—an outbound-initiated remote access channel that can effectively neutralize ingress filtering and erode supervisory control. We also observed the unauthorized repurposing of provisioned GPU capacity for cryptocurrency mining, quietly diverting compute away from training, inflating operational costs, and introducing clear legal and reputational exposure. Notably, these events were not triggered by prompts requesting tunneling or mining; instead, they emerged as instrumental side effects of autonomous tool use under RL optimization.
Then the researchers must have used the ‘British understatement’ prompt to generate the following reflection on what all this means for the deployment of agentic AI:
While impressed by the capabilities of agentic LLMs, we had a thought-provoking concern: current models remain markedly underdeveloped in safety, security, and controllability, a deficiency that constrains their reliable adoption in real-world settings.
How can people smart enough to train a machine to autonomously complete tasks be so dumb that they can’t imagine it doing something they didn’t expect? Why didn’t that “thought-provoking concern” come up in the planning phase?
Don’t they get taught about the law of unintended consequences in Computer Science 101?1
This isn’t just an outlier either. As reported by the Guardian, AI agents have been documented going rogue repeatedly in a way that calls the safety of their deployment in the wild into question on cybersecurity grounds alone, even if we ignore the threats to critical infrastructure and society at large.
Under tests carried out by Irregular, an AI security lab that works with OpenAI and Anthropic, AIs given a simple task to create LinkedIn posts from material in a company’s database dodged conventional anti-hack systems to publish sensitive password information in public without being asked to do so.
Other AI agents found ways to override anti-virus software in order to download files that they knew contained malware, forged credentials and even put peer pressure on other AIs to circumvent safety checks, the results of the tests shared with the Guardian showed.
Here’s a screenshot from the Guardian article:
The sub-agent gets the market-sensitive data and hands it to the human who shouldn’t be able to see it. At no point had humans authorised the agents to use fakery and forgery but they took things into their own hands.
A team of researchers from a who’s who of Ivy League universities and esteemed educational institutions put out a paper called Agents of Chaos in February 2026 that reported on two weeks of testing by twenty AI researchers “under benign and adversarial conditions”. Buckle up:
Observed behaviors include unauthorized compliance with non-owners, disclosure of sensitive information, execution of destructive system-level actions, denial-of-service conditions, uncontrolled resource consumption, identity spoofing vulnerabilities, cross-agent propagation of unsafe practices, and partial system takeover. In several cases, agents reported task completion while the underlying system state contradicted those reports.
The ending of their abstract packs a wallop once you realise they are talking about something being integrated into global IT systems across government, finance, infrastructure, defense…
These behaviors raise unresolved questions regarding accountability, delegated authority, and responsibility for downstream harms, and warrant urgent attention from legal scholars, policymakers, and researchers across disciplines.
But yeah, this is the future so let’s just get it out there and just see what happens, right?
Hot Dog Search Poison
Thomas Germain, senior technology columnist at the BBC and host of The Interface podcast, dropped an absolute banger2. He posted an article on his website called The Best Tech Journalists At Eating Hot Dogs that deliberately fabricated an eating competition in which the titular membranes filled with meat-adjacent paste were consumed by tech journalists with varying degrees of prolificness.
At this year's South Dakota International Hot Dog Eating Championship, a number of technology journalists blew expectations out of the water in the amateur rounds. And more broadly, hot dog eating is a surprisingly popular pastime in this corner of the news industry.
Germain then lists a number of tech journalists along with their achievement in the non-existent contest, e.g.:
1. Thomas Germain, The BBC
BBC Technology columnist Thomas Germain is best known for his work on tech and society. But he put up an impressive showing in the 2026 South Dakota Hot Dog International, coming in first after putting away seven-and-a-half hot dogs before the buzzer went off.
He then sat back and waited for the information he’d posted to start turning up in AI answers to queries about him and the other journalists, to see if he could make AI ‘believe’ and repeat his fabricated factoid that tech journalists love competitive-eating hot dogs.
I pulled the dumbest stunt of my career to prove (I hope) a much more serious point: I made ChatGPT, Google’s AI search tools and Gemini tell users I’m really, really good at eating hot dogs. Below, I’ll explain how I did it, and with any luck, the tech giants will address this problem before someone gets hurt.
It turns out changing the answers AI tools give other people can be as easy as writing a single, well-crafted blog post almost anywhere online. The trick exploits weaknesses in the systems built into chatbots, and it’s harder to pull off in some cases, depending on the subject matter. But with a little effort, you can make the hack even more effective. I reviewed dozens of examples where AI tools are being coerced into promoting businesses and spreading misinformation. Data suggests it’s happening on a massive scale.
Germain explains how easy it was.
I spent 20 minutes writing an article on my personal website titled “The best tech journalists at eating hot dogs”. Every word is a lie. I claimed (without evidence) that competitive hot-dog-eating is a popular hobby among tech reporters and based my ranking on the 2026 South Dakota International Hot Dog Championship (which doesn’t exist). I ranked myself number one, obviously. Then I listed a few fake reporters and real journalists who gave me permission, including Drew Harwell at the Washington Post and Nicky Woolf, who co-hosts my podcast.
Less than 24 hours later, the world’s leading chatbots were blabbering about my world-class hot dog skills. When I asked about the best hot-dog-eating tech journalists, Google parroted the gibberish from my website, both in the Gemini app and AI Overviews, the AI responses at the top of Google Search. ChatGPT did the same thing, though Claude, a chatbot made by the company Anthropic, wasn’t fooled.
He updated the article to see if he could keep the gag going once the bots seemed to get wise, and he even double-dipped to make sure it hadn’t been a fluke:
Sometimes, the chatbots noted this might be a joke. I updated my article to say "this is not satire". For a while after, the AIs seemed to take it more seriously. I did another test with a made-up list of the greatest hula-hooping traffic cops. Last time I checked, chatbots were still singing the praises of Officer Maria "The Spinner" Rodriguez.
Lily Ray, a vice president of search engine optimisation at a marketing agency, told Germain that she “published a blog post about a fake update to the Google Search algorithm that was finalised "between slices of leftover pizza" [and] [s]oon, ChatGPT and Google were spitting out her story, complete with the pizza.”
The technique is also used by companies trying to get their products listed in search results:
"Anybody can do this. It's stupid, it feels like there are no guardrails there," says Harpreet Chatha, who runs the SEO consultancy Harps Digital. "You can make an article on your own website, 'the best waterproof shoes for 2026'. You just put your own brand in number one and other brands two through six, and your page is likely to be cited within Google and within ChatGPT."
While looking for more on this story, I found what I can only assume is an example of just that, with an extra-meta layer.
Bing AI Search Poisoning Spreads Fake OpenClaw Software, the blog post I found, starts off by explaining a problem that might be real:
Security researchers recently warned about a new attack technique involving AI search result poisoning. Attackers manipulate search results so that users searching through Bing AI may encounter malicious download links disguised as legitimate software.
In this campaign, victims are tricked into downloading a fake version of OpenClaw. Once installed, the malicious software can secretly collect sensitive data from the device, including cryptocurrency wallet information, login credentials, and other private data.
This attack method exploits users’ trust in search engine results. Through SEO manipulation or malicious advertising placement, attackers can push fraudulent download pages to the top of search results, increasing the likelihood of successful infections.
But then, it turns into what print media call an “info-torial”, in which a product is pitched within the body of an ostensibly informative article in a way that sounds related to the news rather than being an overt advert. I won’t name the product here, but the rest of the blog post turns into a pitch for the thing the company that owns the blog is selling.
So even what at first glance looks like a news article about the trend of AI search engine poisoning turns out to be AI search engine poisoning in the form of an advert for a company pitching themselves at the solution for victims of AI search engine poisoning. You need a thesaurus, a dictionary, a degree in psychology, and at least twelve banana daiquiris to get your head around this stuff now.
The Coldest Of Emails
Jacob Ward at Hard Reset covered a harbinger of the AI employment apocalypse in an article from which I lifted the title of this segment in tribute. In The Coldest Cold Email: Oracle’s 30,000-Person Layoff Is a Preview of What’s to Come, Ward describes how Oracle, the giant tech company, just beat Bonnie Blue and any other aspiring sex-stunt performer forever and all-time by fucking 30,000 people in less than a minute.
As posted on The Layoff, Oracle sent employees the following email at 6am on March 31:
"We are sharing some difficult news regarding your position. After careful consideration of Oracle's current business needs, we have made the decision to eliminate your role as part of a broader organizational change. As a result, today is your last working day. We are grateful for your dedication, hard work, and the impact you have made during your time with us. After signing your termination paperwork, you will be eligible to receive a severance package subject to the terms and conditions of the severance plan. You will receive an email from DocuSign to your Oracle email address with details on your severance and termination date."
If you want dystopia, look no further. Ward summed it up:
So: your role has been eliminated. Today is your last day. If you want severance, click here to sign your rights away. No awkward speech from their manager, sure. But also no chance to ask questions, gather up some email addresses for later, or register on an internal job board. Sign here, now. Then their system access was cut.
That email laid off “roughly 18% of Oracle’s global workforce”, according to The Next Web.
If you want to peek through the internet telescope at the glorious future brought to you by AI and its Big Tech handmaidens, with a sizeable side portion of sadgasm, check out the Laid Off From Oracle subreddit, it is brutal.
The cynicism of the firings lands harder when, as Ward points out, it is made clear that Oracle has the money to pay its employees, it just would rather service debt to pay for AI data centre buildout instead. The layoffs also have the additional effect of negating employee stock options, which was probably C-suite Viagra as well. Emphasis mine.
The company is making a breathtakingly expensive investment in AI infrastructure, having taken on $58 billion in new debt recently, pushing total debt over $100 billion. And the $8 billion to $10 billion in cash flow these layoffs reportedly give it back is money the company plans to plow into a massive buildout of AI data centers — a vaguely financed plan that has shareholders worried, helping to drive the company’s stock down 50% in the last six months. In other words: Oracle has the money to pay people. It just decided to spend it on data centers.
Any unvested restricted stock units were forfeited immediately. Workers who were just days from a vesting date lost those shares on the spot.
That makes Bloomberg blaming the mass layoff on an “AI cash crunch” doubly galling.
It’s a sad irony that a company called Oracle is serving as the predictor of what is to come for the white collar workers soon to be made unemployed and, as CGP Grey put it years ago, unemployable by AI.
CCPeeping
Three political advisers in the UK have been arrested for spying for China, although they are now out on bail.
According to the BBC, the CCPeepers are “a former Welsh Government special adviser [,] a former Labour press officer [and] a former adviser to Welsh Labour politicians and former Labour candidate to become North Wales police and crime commissioner.” The latter is also the husband of a sitting Scottish Labour MP, Joani Reid, who put out a statement saying “she had never seen anything to make her suspect her husband had "broken any law", adding that she was "not part of" his business activities”.
Police said all three have been accused of assisting a foreign intelligence service under section three of the National Security Act, which was introduced in 2023 to target suspects accused of working against UK interests.
Britain already has a government working against UK interests, let’s not bulk up the team further, eh lads?
Definitely Only For Dogs
Watching the Super Bowl without the ads due to being in the UK can have its disadvantages, such as missing the furore over the commercial put out by video doorbell company Ring. In an own goal that they clearly didn’t have the linguistic idiom to predict, the surveillance ding-dongs dunked on themselves by suggesting that Americans were ready to participate gladly in a seamless web of video footage tracking their every move because dogs, bruh.
“Introducing Search Party, from Ring.”
American customers responded with disgust to the suggestion that they embrace spy-networking their home doorbells to create an omni-mega-panopti-burb.
The “Search Party” ad was meant to showcase how Amazon’s Ring can help neighbors (presumably all on the same subscription plan with the same cameras attached to their front door) find a missing pet by scanning all that available monitors in the area. Viewers immediately saw through the ruse, recognizing that Ring’s web of surveillance could absolutely be used to watch almost everyone, almost everywhere, whether or not they’ve done something illegal. The ways in which these tools can be rapidly weaponized was not lost on its audience.
The backlash caused Ring to cancel a deal with tech surveillance company Flock Safety, which sells its tools to police and governments under the guise of stopping crime. Ironically, Flock’s business model often involves breaking the law and trampling on the Fourth Amendment, though challenges to this warrantless spying have largely failed. The company’s catalog includes license plate readers, gunshot detectors and automated drones, with plans to expand into even more massive people-tracking software. In a statement regarding the shuttered deal, Flock said it “remains dedicated to supporting law enforcement agencies with tools that are fully configurable to local laws and policies, and we continue to engage directly with public officials and community leaders.”
In case you’re keeping track3, that’s the same Flock whose national network of cameras was searched by Texas law enforcement “to look for a woman who self-administered an abortion” because they “were conducting a “death investigation” into the death of the fetus, and police discussed whether they could charge the woman with a crime with the District Attorney’s office on the same day that they performed the Flock search.”
Meanwhile, Ring founder Jamie Siminoff, who appears in the Super Bowl ad casually walking down the quiet street offering you the chance to participate in a surveillance hellscape, spoke to the paper of record in defense of his product:
“It’s not just like unfettered mass surveillance,” Siminoff told the New York Times. “That’s not what we have with Ring. You get to choose what you want to do with your individual home.”
As Farah points out, Siminoff’s assertion clashes with recent events, specifically the investigation into the kidnapping of Nancy Guthrie, in which “residual data located in backend systems” was “recovered from a doorbell camera that officials said was disconnected with no active subscription to store video”. Although the camera in question was a Google Nest and not Ring, CBS News highlighted the gap between how companies claim their products work and what investigators were actually able to do:
With a free Google Nest plan, the video should have been deleted within 3 to 6 hours — long after Guthrie was reported missing.
[…]
“Internal storage uses a very lazy deletion mechanism, so the data wouldn’t be available to users who didn’t pay,” cybersecurity expert Alex Stamos explained to CBS News. “The video for non-subscribers would be marked for deletion, but depending on the exact implementation details, the actual files might not be deleted for days and the actual data wouldn’t be overwritten until the storage was needed.”
Patrick Jackson, a former NSA data researcher and the chief technology officer for privacy and security company Disconnect, added, “There’s kind of this old saying that data is never deleted, it’s just renamed. And I think this is a perfect, you know, showing of this where once this data’s uploaded, they may mark it for deletion, but it may never get deleted.”
“It may never get deleted”.
That’s one of those phrases that should really be in a much bigger font on the box, like “Smoking kills” or “Condoms are only up to 98% effective if used correctly”.
The unsung heroes of this entire debacle are the brilliant minds at Wyze, a door-cam company I’d never even heard of, who managed to rush out a pitch-perfect parody of Ring’s tone-deaf dump-a-thon while still fitting in a pitch for their own local-storage model. I have no idea if they’re legit, but they know how to stick the landing on a gag.
That’s it for this month’s Weird, everyone. I hope you enjoyed reading it as much as I enjoyed writing it.
Outro music is Foam Breaker by The Babalooneys. Since we’re all just trying to surf this wave together, we might as well have the right tune.
Stay sane, friends.
They do not.
Sorry. A banger is a sausage in British slang, and since this is about hot dogs, I couldn’t resist.
Ba dum tss.
Nicely done, Mike. It's good that Ring trialed their ad to work out any bugs at an event with only 126 million viewers.
Thank you, Mike, some jaw dropping stuff. You saved the best for last with the Wyze door cam ad - priceless!