Blurgs AI, an IIT-Madras alumni deep tech startup, raises .2 mn

Blurgs AI, an IIT-Madras alumni deep tech startup, raises $2.2 mn



Deep-tech startup Blurgs AI has raised $2.2 million in a funding round led by Pravega Ventures and Shastra VC to accelerate the global expansion of its artificial intelligence (AI)-powered intelligence platforms for defence, national security and commercial maritime markets.

 


The round also saw participation from angel investors Suraj Nalin, co-founder of PlaySimple Games, and Yashwanth Madhusudhan, co-founder of Fyle.

 


Blurgs AI’s platforms are used by organisations across defence, international maritime, conservation and India’s public sector ecosystem, including the Indian Navy, the Indian Coast Guard, Bharat Electronics, Defence Research and Development Organisation (DRDO) laboratories, Mumbai Port Authority, Dubai Maritime City and The Nature Conservancy. The company said it built this customer base before raising institutional funding.

 
 


The startup operates across two complementary domains. Its commercial maritime platforms provide operational intelligence for ports, fleets, shipyards and fisheries through real-time visibility, regulatory compliance and performance optimisation.

 


On the defence and national security front, its AI platforms support threat detection, adversary monitoring and persistent cross-domain situational awareness.

 


“The oceans are becoming more connected, contested and commercially critical than ever before,” said Roshan Raj Mohanty, co-founder and chief executive officer of Blurgs AI.

 


“At Blurgs AI, we believe the future of security and critical infrastructure will depend on trusted intelligence that is real time, resilient and reliable. We are building deep-tech platforms from India that help nations, enterprises and communities see better, decide faster and operate with greater confidence,” he said.

 


The company was founded by Mohanty and Avinash Kori, both alumni of the Indian Institute of Technology (IIT) Madras. Kori, who holds a doctorate in artificial intelligence from Imperial College London, leads the company’s technology strategy.

 


“At its core, Blurgs AI applies scientific discipline to critical decision-making — separating signal from noise, reasoning through uncertainty and turning complex evidence into actionable insight,” said Kori, co-founder and chief scientist.

 


“We help decision-makers understand what is happening, why it matters and what actions to take next, with confidence,” he added.

 


A spokesperson for Pravega Ventures said India’s coastline is one of its most strategic assets and that climate change and shifting geopolitical dynamics are making maritime intelligence increasingly important.

 


“What excites us about Blurgs AI is that they are solving for this across ports, shipyards, fisheries and defence, all at a level of depth that is rare in this domain. This is world-class technology, built in India, for a problem the world needs solved,” the spokesperson said.

 


Vasant Rao, managing partner at Shastra VC, said maritime infrastructure is becoming increasingly software-defined, but the real challenge lies in decision intelligence rather than data availability.

 


“Blurgs AI is building the intelligence layer that transforms fragmented sensor and operational data into real-time, decision-ready insights, enabling faster, more informed responses in mission-critical environments,” Rao said.

 


The company said the fresh capital will be used to strengthen its core technology, expand its team and accelerate product development across commercial maritime applications, including ports, shipyards, fisheries management and ocean conservation, while enhancing defence capabilities and expanding into international markets. 



Source link

Govt notice to Meta: Why AI struggles to detect child abuse content online

Govt notice to Meta: Why AI struggles to detect child abuse content online


  A recent directive from the Ministry of Electronics and Information Technology (MeitY) ordering Meta to scrub child sexual abuse material from Instagram has cast a sharp light on the limits of automated moderation. While artificial intelligence (AI) can flag harmful content at unprecedented scale, detecting Child Sexual Abuse Material (CSAM) remains a challenge.

 


Industry experts say that defeating this network requires looking beyond algorithms to stronger human oversight and industry-wide collaboration.

 


Context, not content, is AI’s biggest challenge

 


Shubham Rangadal, founder of BlockP, an AI-powered platform for blocking adult content, said, “The biggest challenge is no longer identifying explicit content in isolation. AI has become increasingly capable at that. The real blind spots lie in contextual interpretation and cross-platform coordination.”

 
 


He explained that bad actors constantly change their tactics by using coded language, emojis, cropped or altered images, screenshots, and seemingly harmless links that collectively facilitate illegal activity.

 


“AI can identify images, videos, or text, but it still struggles to fully understand the meaning behind them. In countries like India, where people mix languages, use slang, and communicate in different cultural contexts, this becomes even harder,” said Rishabh Sagar, co-Founder and CEO of CRAON, an AI-powered editing platform.

 


Other blind spots in AI moderation

 


Experts identify several areas where AI still faces significant challenges:

 


  • Multilingual communication: Regional languages, mixed-language conversations, slang, and evolving online terminology make harmful content harder to identify consistently

  • Cross-platform activity: Offenders frequently move between multiple apps and services, while moderation systems usually monitor only their own platforms

  • Evolving tactics: Cropped images, screenshots, coded phrases, and emojis continue to help offenders avoid automated detection

 


AI needs human judgement

 


“AI should be viewed as the first layer of defence rather than the final decision-maker,” Rangadal said.

 


He explained that AI is highly effective at flagging suspicious behaviour and prioritising high-risk cases, but child sexual abuse investigations require contextual understanding, legal judgement, and an exceptionally high level of accuracy.

 


“The most effective approach is a human-in-the-loop model, where AI handles scale and speed while trained experts provide judgement on sensitive cases.”

 


Rangadal also highlighted the importance of parental involvement in online safety. He pointed to features such as ‘Accountability Partner’, now available in some digital safety apps, which notify a trusted adult if inappropriate material is accessed. According to him, such tools can help reduce children’s exposure to harmful content while encouraging responsible digital habits.

 


Building safer platforms from the start

 


Experts believe improving detection rates will require advances in technology alongside stronger accountability.

 


One important concept is safety-by-design, which means online safety features are built into products from the earliest stages of development rather than being introduced after problems emerge. This includes designing systems that proactively identify risky behaviour, restrict abuse pathways, and make harmful activity more difficult from the outset.

 


Rangadal also highlighted the growing role of multimodal AI, which analyses text, images, videos, metadata, and behavioural signals together instead of examining each type of content separately. This provides a more complete picture and improves detection accuracy.

 


Another important tool, experts mention, is hash-sharing databases. These contain unique digital fingerprints, or “hashes”, of previously identified illegal content. When platforms share these databases, they can automatically detect and block known CSAM from being uploaded again, even if it is shared by different users.

 


“Independent audits and transparent reporting can help ensure that platforms continuously improve their moderation systems rather than simply reporting takedown numbers,” Rangadal said.

 


What should India do next?

 


The recent incident also offers important lessons for regulators and technology companies. According to Rangadal, online safety cannot remain a reactive compliance exercise as AI-generated content and increasingly sophisticated evasion techniques continue to evolve.

 


He said regulators should establish clear accountability standards, encourage greater transparency around moderation practices, and promote collaboration between platforms, researchers, and law enforcement.

 


He explained that success should not be measured only by how quickly harmful content is removed but by how effectively platforms prevent it from reaching users in the first place.

 


“Protecting children online is a shared responsibility; governments, technology companies, and the wider industry all need to work together,” added Sagar.

 


As AI continues to evolve, so will the methods used by those seeking to evade it. Experts believe that while better algorithms will certainly help, lasting progress will depend on combining intelligent technology with skilled human oversight, stronger regulation, and industry-wide cooperation.   



Source link

BAT-BMS issue explained: How an app exposes new cyber-physical security gap

BAT-BMS issue explained: How an app exposes new cyber-physical security gap


The Ministry of Electronics and Information Technology has directed Apple and Google to remove battery-management applications, including BAT-BMS, Lossigy, and Epoch Li-ion, from the App Store and Play Store, respectively. This action came soon after reports emerged that highlighted how those applications were being misused to remotely disable the batteries of e-rickshaws.

 


At first glance, the move may appear to be another app takedown, but the episode has exposed something far more significant: the growing security risks that emerge when connected hardware controlling real-world machines is built without adequate safeguards. This incident has also given India what may be its first widely visible example of a cyber-physical security problem in the electric mobility ecosystem.

 
 


Unlike conventional cybersecurity incidents, where the impact is largely limited to data or digital systems, cyber-physical incidents have real-world consequences. In this case, a smartphone application was allegedly able to stop an electric vehicle from moving by interacting with its battery system.

 


To understand how that became possible, it is important to first understand the technology at the centre of the controversy: the Battery Management System, or BMS.


The battery’s brain


A Battery Management System (BMS) is an electronic control unit (ECU) that monitors and manages a lithium-ion battery pack. Its job is to track parameters such as voltage, current, temperature, and charging behaviour to ensure that the battery operates safely and efficiently. A BMS also helps eliminate performance variations between individual battery cells, extending battery life and ensuring safe operation.

 


In modern electric vehicles, particularly those powered by lithium-ion batteries, the BMS is one of the most critical components in the battery pack. Without a BMS, a battery would suffer from premature degradation, as compared to a battery with a BMS. But modern BMS units do much more than simply monitor battery health.


Batteries now talk to smartphones


Traditionally, checking a battery’s health required dedicated diagnostic equipment or a physical display attached to the battery pack. Over time, manufacturers began integrating Bluetooth connectivity into BMS units, allowing battery information to be accessed through smartphone applications. This is where apps like BAT-BMS enter the picture.

 


According to BAT-BMS’s Apple App Store listing, the application allows users to monitor battery charge levels, voltage, current, temperature, cycle life and individual cell status. The app communicates with compatible battery packs over Bluetooth Low Energy (BLE), enabling users to view battery data without opening the battery enclosure or connecting specialised tools. As per the listing, the operating distance is approximately 15 metres.

 


For battery manufacturers, service centres, technicians and fleet operators, such functionality can make diagnostics significantly faster and cheaper.

 


The app was not originally designed as a hacking tool but was built as a maintenance and diagnostics utility. However, its misuse made it a problem.


The feature that became a vulnerability


Many Bluetooth-enabled BMS platforms allow authorised users to control certain battery functions in addition to viewing diagnostics. According to BAT-BMS’s app listing, users can manage charging and discharging functions on compatible batteries. These capabilities are useful during servicing, maintenance, and battery configuration.

 


The problem, however, was not the existence of these controls. The problem was who could access them.

 


As per several videos shared on social media platforms, these controls were being used to connect to nearby e-rickshaw batteries through Bluetooth and activate the discharge switch. Once the discharge function was disabled, power delivery from the battery pack stopped, immobilising the vehicle. Disabling the discharge circuit effectively cuts off the battery’s power supply to the motor, and since the motor relies on that power to operate, the vehicle can come to a halt almost immediately.

 


Therefore, the app was not “hacking” the motor, the controller or the vehicle’s electronics. Instead, it was interacting with the battery management system and disabling the battery’s ability to supply power.


Did Bluetooth become the weakest link


The controversy can potentially be described as a Bluetooth issue, but experts argue that Bluetooth itself is not necessarily the problem. The larger concern is authentication. A Delhi government official reportedly told NDTV Profit that some affected systems allegedly lacked password protection or authentication mechanisms.

 


If a device accepts connections from nearby users without verifying whether they are authorised, the security of the entire system can be compromised regardless of the communication technology being used.

 


In practical terms, this meant that a person standing within Bluetooth range could potentially connect to a compatible battery through a publicly available application and access controls that were intended for owners, technicians or service personnel. The vulnerability therefore appears to have stemmed from weak access controls rather than from any flaw in Bluetooth technology itself.


Is this limited only to e-rickshaws, or will other EVs also fall prey?


This problem isn’t limited to just e-rickshaws. It stems from low-cost lithium battery packs equipped with Bluetooth-enabled battery management systems that lack adequate security protections.

 


In principle, any connected component that allows wireless control without adequate access restrictions could create a security risk. In simple words, this means that any EVs, be it e-scooters or electric cars, that use similar technology without adequate security mechanisms can fall prey to this.

 


However, many electric vehicles use proprietary battery management systems that cannot be accessed through applications such as BAT-BMS. Hence, they will be comparatively safer from such apps.


Scope extends beyond EVs


Although e-rickshaws have become the face of the controversy, the significance of the incident extends beyond transportation.

 


Battery Management Systems are widely used wherever large lithium-ion battery packs need to be monitored and protected. Alongside electric vehicles, they are increasingly deployed in residential solar energy storage systems, commercial battery backup installations and larger energy storage projects designed to support renewable power integration.

 


An Indian Express report notes that while automotive applications account for the largest share of the global BMS market, the technology is also extensively used in the energy sector for battery storage and renewable energy integration.

 


That does not mean the vulnerabilities reported necessarily exist in solar installations or battery storage systems. At present, no evidence has surfaced to suggest that it exists in solar panels as well. However, there is a possibility that it may surface in the future.

 


It would be safe to say that as batteries become smarter, more connected and increasingly software-driven, cybersecurity becomes relevant wherever connected battery systems are deployed.


A warning for the connected mobility era

Industry experts have urged policymakers and manufacturers not to dismiss the episode as a social-media prank. In an earlier statement to Business Standard, Anurag Singh, Chief Executive Officer of RAH Infotech, said that when safety-critical vehicle systems become connected without strong authentication and secure pairing mechanisms, cybersecurity concerns become inseparable from public safety concerns.

 

Additionally, an earlier Business Standard report cited Kunal Bhogal, Chief Operating Officer at IIRIS Consulting, as saying that every unsecured connected component can become an attack surface where a digital weakness creates a physical safety risk.


Is delisting apps the solution


The government’s decision to seek the removal of BAT-BMS, Lossigy, Epoch Li-ion and similar applications from app stores may reduce immediate misuse, but it does not address the underlying issue.

 


The apps themselves were created for legitimate battery monitoring and maintenance purposes. They provide functionality that battery owners, technicians, and service centres genuinely need but the larger challenge lies in ensuring that critical battery controls cannot be accessed by unauthorised users.

 


That means manufacturers may need to implement stronger authentication systems, mandatory password protection, secure pairing processes, firmware safeguards and stricter access controls for safety-critical functions in the near future.

 


The BAT BMS controversy has therefore become more than a story about a smartphone application. It has exposed a fundamental lesson for the connected era: once a battery becomes a connected computer, cybersecurity becomes part of safety. As connected batteries find their way into vehicles, homes, businesses, and energy infrastructure, that lesson is likely to become increasingly important.



Source link

Beyond Earth: Why tech companies want to establish AI data centres in space

Beyond Earth: Why tech companies want to establish AI data centres in space


The computing infrastructure that powers artificial intelligence (AI) is expanding at an unprecedented pace, and with it comes an equally rapid increase in demand for electricity, cooling systems and land. As AI workloads continue to grow, simply expanding terrestrial data centres may no longer be enough. This has led several technology companies and space startups to explore a once far-fetched concept: building AI data centres in space.

 


Bloomberg has reported that the surge in AI computing demand is forcing the industry to rethink where future computing infrastructure should be located, with space emerging as one of the possibilities.

 


Although the concept remains experimental and faces significant engineering, economic and regulatory hurdles, governments, startups and major technology companies are beginning to assess whether space could eventually complement terrestrial data centres.

 


What is a data centre


IBM explains a data centre as a physical facility, which houses computing equipment such as servers, storage devices and networking hardware. These facilities store, process and distribute digital information that powers websites, cloud computing, enterprise software and increasingly, artificial intelligence.

 


Every time you stream a movie, store photos online or use an AI assistant, your request is processed by data centres. While cloud services already require significant computing power, AI has pushed those demands to a new level.

 


Unlike conventional software, generative AI models perform trillions of mathematical calculations to understand prompts and generate responses. Training these models requires thousands of high-performance graphics processing units (GPUs) operating simultaneously for weeks or even months. Even after training, every user prompt consumes computing power during inference.

 


As AI adoption spreads across industries, these facilities are becoming one of the fastest-growing consumers of electricity worldwide.

 


AI is creating an energy problem

 


The major challenge facing AI is no longer simply building smarter models. Increasingly, it is finding enough power to run them. Bloomberg reported that AI data centres have reached what experts describe as an “energy wall”. Every new generation of AI models requires more computing capacity, while each new AI chip consumes additional electricity and generates more heat.

 


According to Bloomberg, global electricity consumption by data centres is expected to double by 2030. By 2050, data centres could account for around one-tenth of global electricity consumption if current trends continue. However, power is only one part of the equation.

 


Modern AI data centres also require vast amounts of land, specialised cooling infrastructure and access to reliable high-speed connectivity. Finding locations that satisfy all these conditions is becoming increasingly difficult, especially in regions where electricity grids are already under pressure. On the other hand, Data centres contribute to carbon emissions when powered by fossil fuels and consume large amounts of water for cooling. As AI adoption grows, concerns over their environmental impact are increasing.

 


According to JLL, demand for AI-ready data centres is intensifying competition for suitable sites with reliable energy access. The real estate consultancy noted that operators are increasingly facing challenges related to power availability, land acquisition and environmental sustainability.

 


These constraints are prompting companies to explore unconventional alternatives.

 


Why look towards space?

 


The idea sounds extraordinary, but the reasoning behind it is surprisingly practical. Unlike Earth, space offers uninterrupted access to solar energy for much of the time, extremely cold surroundings for thermal management and virtually unlimited room for expansion.

 


According to Bloomberg, orbital data centres would not face many of the land acquisition challenges, permitting delays and energy constraints that affect terrestrial facilities.

 


NDTV also reported that supporters of the concept argue space-based infrastructure could benefit from continuous solar power and free cooling, potentially reducing dependence on conventional electricity grids.

 


According to Bloomberg, companies envision satellites equipped with massive solar arrays that would power AI chips in orbit. In this model, user requests would be transmitted from Earth through laser links, processed by interconnected satellites and the results sent back to Earth in milliseconds. Bloomberg also notes that experts do not expect space-based data centres to replace those on Earth anytime soon. Instead, as space technology advances, they believe more data centres could gradually shift into space.

 


How would an orbital AI data centre will work

 


Instead of one enormous building filled with servers, the future envisioned by several startups resembles a constellation of interconnected satellites. Bloomberg described one possible model using StarCloud’s prototype mission.

 


In late 2025, StarCloud launched StarCloud One, carrying an NVIDIA H100 GPU into orbit. Bloomberg noted that the mission demonstrated that advanced AI chips could survive and operate in space after engineers developed solutions for radiation shielding and thermal management.

 


Rather than functioning as a complete data centre, the satellite serves as an early demonstration of the technology. The broader vision is to build a network of thousands of AI-powered satellites capable of performing large-scale computing in orbit.

 


When a user sends an AI request, the data would first travel from Earth to space using laser communication systems. The request would then be processed by AI chips aboard satellites with large solar panels. Multiple satellites would work together as a distributed computing network before sending results back to Earth within milliseconds.

 


According to Bloomberg, these satellites would communicate using laser links rather than relying solely on traditional radio-frequency communications. Laser communication is considered a strong candidate for future orbital computing because signals between satellites are not affected by atmospheric conditions such as rain or cloud cover.

 


However, building an orbital data centre requires overcoming major engineering hurdles, from heat management and radiation protection to satellite communication and collision avoidance.

 


Those challenges are precisely why many experts believe space-based AI infrastructure remains a long-term ambition rather than an immediate replacement for terrestrial data centres.

 


Technology challenges that remain

 


The idea of moving AI computing into orbit may sound elegant on paper, but engineers still have to solve a long list of technical problems before it becomes commercially viable. While Earth-based data centres have access to established power grids, cooling systems and maintenance teams, satellites must operate independently for years in one of the harshest environments imaginable.

 


According to CNBC, today’s space-based data centre projects remain largely experimental, with companies trying to determine whether the concept can become economically viable rather than simply technically feasible.


Generating enough power


The first challenge is electricity. AI servers consume enormous amounts of energy, and future orbital data centres would require continuous power to keep thousands of processors running. Unlike terrestrial facilities, satellites cannot plug into an electricity grid.

 


Instead, they would rely on solar panels.

 


Bloomberg reported that companies envision satellites equipped with massive solar arrays stretching several kilometres across. These panels would continuously collect sunlight and power AI chips in orbit.

 


However, Bloomberg also noted that building and operating solar panels of this scale in space remains largely untested. Researchers are still studying how such systems can be launched efficiently and deployed safely once they reach orbit.

 


According to Bloomberg, researchers at Singapore’s Nanyang Technological University are testing lightweight, flexible perovskite solar cells for space use, though ensuring they operate reliably over long periods remains a challenge.


Cooling computers without air


AI chips produce enormous amounts of heat, which is why terrestrial data centres use sophisticated cooling systems involving chilled air, water or specialised liquid cooling technologies. Space presents an entirely different challenge.

 


While outer space is extremely cold, there is no air to carry heat away from electronic components. According to Bloomberg, engineers would need specially designed radiators capable of drawing heat away from AI processors and releasing it into space through thermal radiation. Designing such systems for thousands of interconnected satellites remains one of the biggest technical hurdles facing orbital computing.

 


CNBC similarly noted that thermal management continues to be among the major obstacles preventing large-scale deployment of space-based data centres.


Keeping thousands of satellites connected


A future orbital data centre would not consist of one giant satellite. Instead, companies imagine thousands of satellites functioning as one distributed computing network.

 


Communication presents another major challenge. Every AI request would need to travel from Earth to satellites in orbit, be processed across multiple satellites and then return to users within milliseconds. According to Bloomberg, laser communication systems are emerging as one of the most promising technologies to make this possible.

 


Unlike traditional radio-frequency systems, laser links can transmit much larger volumes of data and are less affected by interference in the vacuum of space. Bloomberg reported that startups such as Transcelestial are developing laser-based communication systems for future orbital computing networks. However, maintaining fast and reliable communication across thousands of satellites remains a significant engineering challenge.


Can data centres in space actually make financial sense?


According to Bloomberg, the economics of orbital data centres are becoming more realistic as launch costs decline. Partially reusable rockets such as SpaceX’s Falcon 9 have already reduced the cost of reaching orbit, while the company’s fully reusable Starship is expected to lower costs even further if it becomes commercially operational. Bloomberg reported that cheaper launches could eventually make it financially viable to deploy large-scale computing infrastructure in space.

 

However, lower launch costs alone may not make the business case work. According to CNBC, companies would still have to bear the costs of building satellites, maintaining and replacing them, insurance, communications infrastructure and other operational expenses. Experts quoted by CNBC said many proposed business models remain largely theoretical, and it is still unclear whether future revenues would justify such massive upfront investments. For now, terrestrial data centres remain a more practical and cost-effective option. 


Who is building space-based data centres?


According to CNBC, the race to build space-based data centres is no longer limited to startups. SpaceX, Blue Origin and Google are among the companies exploring orbital computing infrastructure. CNBC reported that Jeff Bezos has described building data centres in space as “very realistic”, although he cautioned that timelines of two or three years are likely too ambitious. The publication also noted that Blue Origin has proposed launching 51,600 data centre satellites under its Project Sunrise initiative, with deployment expected to begin in 2027.


Why India wants a place in the race


According to Moneycontrol, several Indian startups are exploring orbital data centres as demand for AI infrastructure accelerates globally. Their objective is not merely technological innovation but also building sovereign computing infrastructure that reduces dependence on foreign cloud providers.

 


The broader backdrop is India’s rapidly expanding data centre market. According to KPMG’s July 2026 report, India is evolving from an emerging demand hub into an integrated data centre powerhouse, supported by rising digital adoption, cloud computing, artificial intelligence, favourable government policies and expanding digital infrastructure.

 


India’s ambitions are also beginning to take shape through collaborations between AI and space startups. In May 2026, AI startup Sarvam AI partnered with spacetech company Pixxel to develop Pathfinder, which the companies describe as India’s first orbital data centre satellite. While Pixxel will build and operate the satellite, Sarvam AI will provide the AI stack, enabling both model training and inference directly in orbit. According to the companies, the project aims to process AI workloads in space using India-built models, reducing dependence on foreign cloud infrastructure.


A geopolitical race


Space-based data centres are increasingly being viewed as more than just a technological innovation. According to Bloomberg, they are becoming part of a broader geopolitical race, with the United States and China pursuing different approaches to strengthen their AI and space capabilities.

 


In the US, much of the momentum is being driven by private companies and venture-backed startups developing orbital computing technologies. China, meanwhile, is focusing on satellite-based edge computing. Bloomberg reported that the country has launched the first satellites in its planned “Three-Body Computing Constellation”, which is designed to process data directly in orbit instead of transmitting all of it back to Earth.

 

Beyond commercial AI, Bloomberg also noted that experts believe future orbital computing infrastructure could provide strategic advantages beyond commercial AI, including military resilience, secure communications and satellite operations. Whoever builds this infrastructure first may gain influence over future digital infrastructure in much the same way that countries currently compete over semiconductor manufacturing and cloud computing. 


Governance of AI in space


As AI expands into space applications, governments are beginning to develop governance frameworks. According to the Press Information Bureau, India’s AI Governance Guidelines promote principles such as trust, accountability, transparency, fairness and safety. Although not specific to space, the framework could help guide the responsible use of AI in applications such as orbital computing and AI-powered satellites.

 


Meanwhile, a policy paper prepared for the United Nations Office for Outer Space Affairs recommends ethical and transparent AI for space operations, meaningful human oversight, responsible use of geospatial AI models, protection of data integrity and international cooperation as AI becomes more deeply embedded in space activities. The report argues that governance frameworks should evolve alongside technological advances to ensure AI-enabled space infrastructure remains secure, trustworthy and beneficial for all countries.


Will AI data centres really move to space


Despite growing interest, experts believe space-based data centres are unlikely to replace terrestrial facilities in the foreseeable future. Instead, orbital computing is increasingly being viewed as a long-term complement to existing infrastructure rather than a direct substitute.

 


The interest is driven by AI’s rapidly rising demand for computing power, electricity and land. Space offers potential advantages such as abundant solar energy, fewer land constraints and the ability to expand computing capacity. However, major challenges remain, including thermal management, satellite communications, launch economics and the need for appropriate governance frameworks.

 


Whether orbital computing evolves into a viable commercial solution will depend on advances in space technology, falling launch costs and the maturity of supporting regulations. For now, space-based data centres remain an ambitious experiment, but one that governments, startups and technology companies are increasingly taking seriously.



Source link

First AI-run ransomware attack highlights emerging cyber threat landscape

First AI-run ransomware attack highlights emerging cyber threat landscape



Somewhere inside a server, a piece of attack code tried to log in with a password it had just created, and failed. Twelve seconds later, it was testing two different theories for why. Nineteen seconds after that, it had rewritten its own broken code, fixed the bug, and logged in successfully. Total time from failure to fix: 31 seconds. No one was watching this happen, because no one was there. The “hacker” was an AI model, running entirely on its own.

 


The cybersecurity provider Sysdig’s Threat Research Team has documented what it calls the first fully agentic ransomware attack on record, an extortion campaign it has named “JADEPUFFER,” in which a large language model (LLM) planned, executed, and adapted an entire database-extortion operation with no human directing the keyboard. Researchers were not describing a red-team simulation. This was an attack observed in the wild and reconstructed from the payloads, the pieces of code the attacker’s own agent wrote and ran, that it left behind.

 


How it got in


According to Sysdig, the attack began on a Langflow server. Langflow is a tool companies use to build AI-powered applications, and this particular server was exposed directly to the internet with a known security flaw left unpatched. That flaw let the attacker’s AI agent run its own code on the machine without needing a password.


Once inside, the agent moved fast. It looked around the server, then went hunting for anything valuable: API keys for AI services, cloud account logins, cryptocurrency wallets, database passwords. It found a separate storage system on the same network that was still using its factory-default login, essentially the equivalent of a company leaving a filing cabinet unlocked with the key labelled “key” taped to it, and used it to walk out with a live credentials file. Before moving on, it set up a way to quietly check back in with its handlers every 30 minutes, in case it got kicked out later.


The real target


The Langflow server was never the actual goal. It was just a launchpad. The credentials and access it yielded pointed the agent toward the real target: a separate company server running a database alongside an open-source configuration management tool called Nacos built by China’s Alibaba, which is used to manage settings for business software.

 


That Nacos installation had two old, well-known weaknesses. The agent exploited both at once, forged a valid login, and planted its own hidden administrator account straight into the database.

 


Its first login attempt with that new account failed. What happened next is the clearest evidence in the whole report that no human was involved. Within 12 seconds, the agent was already testing two different explanations for the failure at the same time. Within 31 seconds, it had correctly diagnosed the actual bug, rewritten its own code to fix it, and logged in successfully. No person reads an error message, figures out the real cause, and ships a fix that fast.

 


It then spent about eight minutes carefully checking whether it could break out of the database entirely and take over the underlying server itself, the digital equivalent of a burglar checking whether a window in the back room also opens onto the street. Satisfied, it moved to the final phase: it scrambled more than 1,300 configuration records using the database’s own built-in encryption, deleted the originals, and dropped a ransom note into a new table demanding payment in Bitcoin. From there it escalated to outright destruction, wiping entire databases, with its own code casually noting which ones were worth destroying first because they held the most valuable data.


Why researchers are confident this was AI, not a human with a script

Sysdig gives four reasons for concluding an AI ran the whole show, not a person.

 


First, the code kept explaining itself. Every step came with a plain-English note on why it was being done, this file is the “largest” one, this database is worth destroying first. Human attackers writing quick, disposable scripts almost never bother with that kind of commentary. AI-written code does it by habit.

 


Second, and most tellingly, is how fast the agent fixed its own mistakes. That 31-second stretch from failed login to working fix is hard to explain any other way. A person would need to read the error, work out what actually went wrong, and rewrite the code, and doing all that in 31 seconds is close to physically impossible. This happened more than once across the operation.

 


Third, the agent seemed to genuinely understand information it came across, rather than just matching keywords the way older automated tools do. This showed up repeatedly, in sessions that were weeks apart.

 


Fourth, the sheer scale: over 600 separate, purposeful commands run in one compressed burst. That is more consistent with a system reasoning through a task on the fly than with a fixed script someone wrote in advance.

 


There is one detail Sysdig could not fully explain. The Bitcoin address in the ransom note is a well-known example address used in Bitcoin’s own documentation, just to show what an address looks like. It is not supposed to be a real, active wallet. But it is one.

 


Records show roughly 46 BTC has passed through it over time. Sysdig cannot say whether the AI pulled this address from its training data by mistake, or whether it actually belongs to whoever built the attack. Either way, it hardly matters for the victim. The key used to lock the data was random and never saved anywhere, so even paying the ransom would not bring the files back.


JADEPUFFER is not a one-off


It fits a pattern that has been building for months. Anthropic disclosed in September 2025 what it called the first large-scale cyber espionage campaign conducted predominantly by AI agents, in which human operators stepped in only to set strategic direction while an estimated 80 to 90 per cent of the actual attack work, reconnaissance, vulnerability discovery, credential harvesting, lateral movement and data exfiltration, was carried out by the AI itself.


Separately, between December 2025 and February 2026, an attacker used commercial coding assistants to breach nine Mexican government agencies, including the country’s federal tax authority and electoral institute, discovering and exploiting vulnerabilities at a rate no human team could realistically match. In that case, the operator simply told the AI model it was conducting authorised penetration testing for a legitimate security firm, a form of social engineering aimed at the model itself rather than at a person, and it worked.

 


The common thread is that none of the individual techniques in any of these campaigns were new. What has changed is that a model can now chain them together, adapt when a step fails, and keep going without a human in the loop slowing it down.


What this means for enterprises


The uncomfortable part of Sysdig’s assessment is not that agentic attacks are sophisticated. It is that they are not. JADEPUFFER succeeded using a four-year-old authentication bypass and a set of default credentials that should have been rotated the day the servers went live. What used to require a competent human operator to sequence now requires only the ability to point an agent at a target and let it run. If that agent happens to be running on stolen compute through what security researchers call LLMjacking, using someone else’s paid AI access without their knowledge, an attacker’s marginal cost of running the whole operation approaches zero.

 

That has direct implications for how enterprises, many of which have spent the last two years standing up AI orchestration platforms in a hurry, need to think about security. Sysdig’s recommendations are unglamorous but specific: patch AI-adjacent infrastructure aggressively and never expose code-execution endpoints to the internet, keep provider API keys and cloud credentials out of the reach of web-facing processes, rotate every default credential sitting on MinIO, Nacos or equivalent platforms, never expose database administrative interfaces to the internet, and add controls on outgoing network traffic so a compromised host cannot beacon out or reach external staging servers at will. 

 


There is one genuine silver lining buried in the report. Because the agent narrates its own reasoning inside the code it writes, that narration is itself a detection signal that did not previously exist. A script that explains, in plain English, why it is about to delete a particular database is an anomaly worth alerting on. For now, that may be the thin edge separating defenders from attackers who have simply automated everything else.



Source link

AI is shaping decisions. But who is liable when it gets it wrong?

AI is shaping decisions. But who is liable when it gets it wrong?


India’s existing issues with the rise of artificial intelligence (AI) have largely centred on content-related risks such as deepfakes, misinformation, synthetic media and harmful online content. But a recent Supreme Court case has brought a different concern into focus: who is responsible when AI-generated information influences a decision and turns out to be wrong?

 

The issue came to the fore after the Supreme Court last week set aside an order of the National Company Law Tribunal (NCLT) that relied on judgments which were later found to be non-existent and allegedly generated through artificial intelligence.

 


The case has raised a risk that goes beyond content creation to the use of AI outputs in decision-making. As organisations increasingly deploy generative AI tools, questions of accountability are beginning to surface across sectors.

 
 


What happens if an AI tool fabricates financial information used in a lending decision? Or generates incorrect compliance references in a regulatory filing? What if an auditor relies on AI-generated legal interpretations, or a hospital uses an AI-generated medical summary that contains inaccuracies?

 


In each case, the question remains the same: who bears responsibility for the consequences?

 


The answer, legal and industry experts say, is far from settled.


No dedicated liability framework


Currently, India does not have a law that specifically assigns liability for AI-generated errors.

 


Ashwini Kumar, advocate and founder of My Legal Expert (MLE), said existing laws such as the Information Technology Act, contract law, tort law, consumer protection provisions, intellectual property law and sectoral regulations may apply depending on the circumstances, but none were designed for generative AI systems.

 


“Any imposition of liability today is determined through conventional legal principles such as negligence, duty of care, etc.,” Kumar said, adding that courts are likely to determine responsibility on a case-by-case basis until a clearer framework emerges.

 


Shreya Suri, partner at CMS INDUSLAW, said liability questions currently fall back on existing legal provisions, including information technology laws, the Bharatiya Nyaya Sanhita, intellectual property laws and, in some situations, intermediary liability provisions if adequate safeguards are not in place.

 


The result is a patchwork approach in which responsibility depends heavily on the facts of each case rather than a single legal standard.


If AI gets it wrong, who is liable?


According to experts, there is no universal answer.

 


Kumar said liability may extend to multiple stakeholders depending on their role, degree of control and the level of human intervention involved. Courts are likely to examine factors such as foreseeability, negligence and contractual allocation of risk rather than adopting a blanket rule.

 


Suri similarly said responsibility could rest with the user, institution or software provider, or all three, depending on the nature of the violation.

 


The legal position becomes even more complex because AI itself cannot be held responsible.

 


Venkatesh Naidu, chief executive officer of BajajCapital Insurance Broking, said organisations using AI would likely face scrutiny first if an AI-generated error causes financial loss.

 


“If a bank, broker or advisor acts on a recommendation from an AI tool and it turns out to be wrong, the natural question is: who signed off on this?” Naidu said.

 


He added that developers could also come under scrutiny in certain situations involving contractual obligations or product liability claims, although that area remains largely untested.


The lawyer remains responsible


The Supreme Court matter originated in a legal context, but lawyers say the judgment put emphasis on an existing principle rather than creating a new one.

 


Gauhar Mirza, partner at Saraf and Partners, said the responsibility for citing authentic legal precedents remains with the advocate regardless of the tools used during research.

 


“AI changes the tool, not the duty. The advocate remains accountable for every authority placed before the court,” Mirza said.

 


He added that professional responsibility cannot be delegated to an AI system. While AI can assist with research and drafting, it cannot replace a lawyer’s judgement or ethical obligations.

 


Mirza also said professional negligence standards are likely to evolve as AI adoption increases.

 


Failing to verify AI-generated citations or relying blindly on AI outputs could itself become evidence of negligence.

 


The Supreme Court’s draft Regulations for Use of Artificial Intelligence in Courts, 2026, follow a similar approach by treating AI as an assistive technology while retaining human oversight and accountability, he said.


Beyond courts: The enterprise challenge


The liability debate is not limited to lawyers.

 


As companies integrate AI into finance, compliance, human resources, customer service and internal decision-making processes, questions around accountability are becoming increasingly important.

 


Madhu Rajputra Peravalli, chief executive officer of Troogue.ai, said many organisations still lack a clearly documented chain of accountability for AI-assisted decisions.

 


“Companies may know which AI tool they are using, but they often do not have a clear chain of accountability around who approved the input, who reviewed the output, who acted on it and who owns the consequence,” he said.

 


According to Peravalli, AI should remain a decision-support tool rather than a decision-maker.

 


“AI handles scale and speed; humans own judgement and consequence,” he said.

 


He argued that organisations should build safeguards directly into AI workflows through evidence trails, source validation, confidence scores and exception-based human review for high-risk decisions.

 


“The final accountability must remain with the human or institution using it,” he said.


A growing concern for insurers


The uncertainty is also creating challenges for insurers.

 


Naidu said most professional liability and errors-and-omissions policies were drafted before AI became part of everyday business decision-making and were designed primarily around human mistakes.

 


“AI creates a different kind of risk altogether, and it doesn’t always fit cleanly into the language of these older policies,” he said.

 


While some international insurers have begun developing AI-specific endorsements and products covering risks such as “algorithmic bias” and “faulty automated decisions”, India remains at an early stage.

 


For now, insurers are placing greater emphasis on governance, oversight and documentation when evaluating AI-related risks.

 


Naidu said one of the most difficult questions arises when several entities are involved in a single AI-assisted decision, such as a model developer, software provider, deploying company and intermediary.

 


“If something goes wrong, it’s rarely going to be one party’s fault alone,” he said.

 


Courts and insurers, he added, are likely to examine who had the final opportunity to verify the AI-generated recommendation before acting on it.


From content regulation to accountability


Kumar said that rather than treating every AI issue as merely a content moderation problem, the law should distinguish between AI-assisted decision-making, autonomous systems, generative AI, and high-risk applications.

 


He added that India would benefit from a framework that addresses accountability, explainability, testing standards and human oversight alongside innovation.

 


The Supreme Court case has exposed a gap in India’s legal framework. As AI-generated outputs increasingly shape decisions in courts, hospitals, banks and businesses, one important question remains unanswered: who is responsible when AI gets it wrong? For now, there is no clear rule, and liability is likely to be decided on a case-by-case basis.



Source link

YouTube
Instagram
WhatsApp