Tech
California enacts AI safety law targeting tech giants
California Governor Gavin Newsom has signed into law groundbreaking legislation requiring the world’s largest artificial intelligence companies to publicly disclose their safety protocols and report critical incidents, state lawmakers announced Monday.
Senate Bill 53 marks California’s most significant move yet to regulate Silicon Valley’s rapidly advancing AI industry while also maintaining its position as a global tech hub.
“With a technology as transformative as AI, we have a responsibility to support that innovation while putting in place commonsense guardrails,” State Senator Scott Wiener, the bill’s sponsor, said in a statement.
The new law represents a successful second attempt by Wiener to establish AI safety regulations after Newsom vetoed his previous bill, SB 1047, after furious pushback from the tech industry.
It also comes after a failed attempt by the Trump administration to prevent states from enacting AI regulations, under the argument that they would create regulatory chaos and slow US-made innovation in a race with China.
The new law says major AI companies have to publicly disclose their safety and security protocols in redacted form to protect intellectual property.
They must also report critical safety incidents—including model-enabled weapons threats, major cyber-attacks, or loss of model control—within 15 days to state officials.
The legislation also establishes whistleblower protections for employees who reveal evidence of dangers or violations.
According to Wiener, California’s approach differs from the European Union’s landmark AI Act, which requires private disclosures to government agencies.
SB 53, meanwhile, mandates public disclosure to ensure greater accountability.
In what advocates describe as a world-first provision, the law requires companies to report instances where AI systems engage in dangerous deceptive behavior during testing.
For example, if an AI system lies about the effectiveness of controls designed to prevent it from assisting in bioweapon construction, developers must disclose the incident if it materially increases catastrophic harm risks.
The working group behind the law was led by prominent experts including Stanford University’s Fei-Fei Li, known as the “godmother of AI.”
© 2025 AFP
Citation:
California enacts AI safety law targeting tech giants (2025, September 30)
retrieved 30 September 2025
from https://techxplore.com/news/2025-09-california-ai-safety-law-tech.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.
Following leaked revelations at the end of March that Anthropic had developed a powerful new Claude model, the company formally announced Mythos Preview on Tuesday along with news of an industry consortium it has convened, known as Project Glasswing, to grapple with the cybersecurity implications of the new model and advancing capabilities more generally across the AI field.
The group includes Microsoft, Apple, and Google as well as Amazon Web Services, the Linux Foundation, Cisco, Nvidia, Broadcom, and more than 40 other tech, cybersecurity, critical infrastructure, and financial organizations that will have private access to the model, which is not yet being generally released. The idea, in part, is simply to give the developers of the world’s foundational tech platforms time to turn Mythos Preview on their own systems so they can mitigate vulnerabilities and exploit chains that the model develops in simulated attacks. More broadly, Anthropic emphasizes that the purpose of convening the effort is to kickstart urgent exploration of how AI capabilities across the industry are on the precipice, the company says, of upending current software security and digital defense practices around the world.
“The real message is that this is not about the model or Anthropic,” Logan Graham, the company’s frontier red team lead, tells WIRED. “We need to prepare now for a world where these capabilities are broadly available in 6, 12, 24 months. Many things would be different about security. Many of the assumptions that we’ve built the modern security paradigms on might break.”
Models developed and trained by multiple companies have increasingly been able to find vulnerabilities in code and propose mitigations—or strategies for exploitation. This creates a next generation of security’s classic cat-and-mouse game in which a tool can aid defenders but can also fuel bad actors and make it easier to carry out attacks that were once too expensive or complex to be practical.
“Claude Mythos preview is a particularly big jump,” Anthropic CEO Dario Amodei said on Tuesday in a Project Glasswing launch video. “We haven’t trained it specifically to be good at cyber. We trained it to be good at code, but as a side effect of being good at code, it’s also good at cyber.” He adds in the video that “more powerful models are going to come from us and from others. And so we do need a plan to respond to this.”
Anthropic’s Graham notes that in addition to vulnerability discovery—including producing potential attack chains and proofs of concept—Mythos Preview is capable of more advanced exploit development, penetration testing, endpoint security assessment, hunting for system misconfigurations, and evaluating software binaries without access to its source code.
In carrying out a staggered release of Mythos Preview, beginning with an industry collaboration phase, Graham says that Anthropic sought to draw on tenets of coordinated vulnerability disclosure, the process of giving developers time to patch a bug before it is publicly discussed.
“We’ve seen Mythos Preview accomplish things that a senior security researcher would be able to accomplish,” Graham says. “This has very big implications then for how capabilities like this should be released. Done not carefully, this could be a meaningfully accelerant for attackers.”
Project Glasswing partners, including some of Anthropic’s competitors, struck a collaborative tone in statements as part of the launch.
“Google is pleased to see this cross-industry cybersecurity initiative coming together,” Heather Adkins, Google’s vice president of security engineering, says in a statement. “We have long believed that AI poses new challenges and opens new opportunities in cyber defense.”
The UK’s National Cyber Security Centre (NCSC) and Microsoft have exposed an extensive Domain Name System (DNS) hijacking campaign against vulnerable consumer and small and home office (Soho) broadband routers conducted by the Russian cyber intelligence services.
Orchestrated by APT28 or Forest Blizzard – more widely-known as Fancy Bear – the operations saw the threat actor alter the settings of compromised devices to reroute internet traffic through malicious servers they held.
In this way, Fancy Bear was able to steal data such as login credentials, passwords and access tokens from personal web and email services belonging to their victims in a so-called adversary-in-the-middle (AiTM) attack.
The NCSC said the campaign was likely opportunistic, with Fancy Bear having cast a wide net to ensnare as many victims as possible. By targeting insecure home and small office equipment, Fancy Bear took advantage of less closely-monitored or managed assets to pivot into larger enterprise environments or targets of interest to Russian intelligence.
Indeed, Microsoft said it had identified over 200 organisations and 5,000 consumer devices impacted since the campaign began in August 2025.
“This activity demonstrates how exploited vulnerabilities in widely used network devices can be leveraged by sophisticated hostile actors,” said NCSC operations director Paul Chichester.
“We strongly encourage organisations and network defenders to familiarise themselves with the techniques described in the advisory and to follow the mitigation advice.
“The NCSC will continue to expose Russian malicious cyber activity and provide practical guidance to help protect UK networks,” he added.
Routers on trial
The exposure of Fancy Bear’s latest campaign comes amid a fierce debate on the other side of the Atlantic following the Federal Communications Commission’s (FCC’s) implementation of tight restrictions on routers built outside the US – which in effect means virtually every commercially available router.
The US’ decision was framed on the basis that such hardware poses an unacceptable risk to the country’s national security and that of its citizens and residents.
However it has been criticised on the basis that while it eases fears over the potential for other governments – such as China – to interfere with networking hardware produced in their factories, it does not address the fact that security vulnerabilities such as those exploited by Fancy Bear will still exist regardless of where they were manufactured.
Writing in Computer Weekly, Forescout vice president of security intelligence, Rik Ferguson, said routers present a highly attractive footholds for attackers because they sit at the network edge, generally face the public internet, and are easily overlooked once deployed.
“Many of the weaknesses we see come from familiar, measurable issues like outdated software components, slow patching cycles, weak credentials, exposed management interfaces and long lifespans that extend well beyond vendor support,” he said.
“In firmware analysis, we regularly see common components that are years behind current versions, carrying known vulnerabilities that attackers can and do exploit.”
Ferguson advised security teams to treat routers and similar network infrastructure as part of the active attack surface, which in practice means keeping accurate inventories, prioritising their lifecycle management, and enforcing firmware updates and patching.
To prevent attackers like Fancy Bear from scoring easy wins, security teams should also look to disable any internet-exposed management interfaces, enforce unique credentials, and apply network segmentation measures so that one compromised router does not necessarily enable wider access.
The Dome is big. It’s not portable, practical, or inexpensive. It accepts the romance of wood, or the brute power of propane or natural gas. Its height makes it versatile enough for steaks, fish, or other skillet meals. This pizza oven is designed to be a fixture in your life and backyard, bolstered by an ever-expanding accessory set. And it also more than earns its place there, once you buy a snap-on Neapolitan arch accessory ($60) to bolster its insulation.
The Gozney makes truly excellent high-temperature pizza. Most backyard ovens, even our other favorites on this list, tend to struggle to reach and maintain the 900-degree temps needed for proper Neapolitan crust. The Dome Gen 2 gets there in 20 minutes, it heats admirably evenly, and it’s responsible for the best pizzas that my colleague Kat Merck says she’s made in her entire life. This is worth noting, given that she was editor and recipe tester for pizzaiolo Ken Forkish’s iconic pizza book The Elements of Pizza. (For what it’s worth, Forkish also uses a Dome Gen 2 at home, while enjoying his retirement. He likes using dough at 67 percent hydration, while cooking at 900 degrees in the Dome.)
A couple caveats, however: Gozney often markets the Dome as being able to cook two pizzas at the same time. This is a silly thing to do at the temperatures you’re cooking at. Cook one pizza. If you use the Neapolitan Arch, it’ll make the oven’s aperture narrow enough that you’ll need to limit yourself to a 12-inch peel anyway. The price of a Gozney Dome also rises considerably once you start delving into the accessories. With the stand, cover, Neapolitan arch, wood fire control kit, turning peel, and 15 pounds of Gozney-brand kiln-dried hardwood, the final price for the Dome Gen 2 can rack up as high as $3,270.
Best Big Pizza Oven for Families: Ooni Koda Max
Ooni’s large oven is for everyone who is sick of feeding their families with multiple teeny-tiny 12-inch pies and just wants to make a massive 20-inch cheese pizza for all the kids at once. You can either attach a propane tank or hook it to your natural gas line. If this is a possibility for you, then I recommend the latter. Ooni has a new gas management technology that keeps the temperature consistent across the huge surface. But big, powerful ovens use a lot of fuel: Its 35,000 BTUs put this Koda Max nearly on par with a 3-burner Traeger griddle. That heat will also come pouring out the open front of the oven, which means the Max is not ideal for small patios.
How to watch men’s NCAA ice hockey championship on ESPN
[CinePlex360] Please moderate: “”
Levi Strauss beats expectations on the top and bottom lines, raises guidance
-
Uncategorized5 days ago
[CinePlex360] Please moderate: “Trump signals p
-
Uncategorized1 week ago
[CinePlex360] Please moderate: “Further tariff
-
Entertainment4 days agoJoe Jonas shares candid glimpse into parenthood with Sophie Turner
-
Tech4 days agoOur Favorite iPad Is $50 Off
-
Fashion7 days agoChina’s Anta Sports posts record $11.62 bn revenue in 2025
-
Politics4 days agoIran can sustain Strait of Hormuz closure for years, will cut US military logistics: Official
-
Politics1 week agoTrump considers asking Arab allies to help to pay for Iran war
-
Sports4 days agoUConn Final Four run could trigger a $50M furniture giveaway for Massachusetts-based Jordan’s Furniture