OpenAI has announced the release of a free Generative Pre-trained Transformer model that can be run directly on personal laptops. The model is available in two versions, one with 120 billion parameters and another with 20 billion parameters, and can perform tasks such as reasoning, web browsing, and coding. This marks OpenAI’s first open-weight model in over six years. The models are being made available through platforms like Hugging Face and Azure under the Apache 2.0 license, allowing for extensive customization. Microsoft has this model available on Windows. This model can run locally on personal computers, requiring at least 16 gigabytes of video memory, making it suitable for high-performance graphics processing units from Nvidia and some Radeon models.
Microsoft’s recent initiative to enhance web security with artificial intelligence has encountered a significant setback due to a critical vulnerability in its new NLWeb protocol. This protocol, likened to “HTML for the Agentic Web,” was intended to facilitate advanced search capabilities for various applications, but researchers discovered that it allowed unauthorized users to access sensitive files, including API keys, through a simple path traversal flaw. The security issue was reported shortly after the protocol’s launch, with Microsoft issuing a fix within weeks. However, the company has not classified the flaw with a Common Vulnerabilities and Exposures identifier, which would help alert users and track the issue more effectively. Security experts warn that the implications of this vulnerability could be severe, as accessing API keys for large language models could compromise the entire functionality of AI agents, leading to potential financial losses through misuse.
Cloudflare has accused the AI startup Perplexity of stealthily scraping content from websites despite their explicit “no crawl” directives. The company claims that Perplexity disguises its web crawlers as regular browsers, allowing them to bypass restrictions, which has raised concerns among website owners about unauthorized content access. This accusation follows similar claims made by other organizations, including WIRED and Forbes, regarding Perplexity’s content scraping practices. Cloudflare’s investigations revealed that Perplexity not only accessed blocked content but also provided detailed responses based on this data. In response, Cloudflare has implemented measures to identify and block these stealth crawlers, emphasizing that unlike Perplexity, other AI companies such as OpenAI respect website restrictions. Perplexity has countered these claims, arguing that Cloudflare’s analysis is flawed and misrepresents their technology.
Anthropic has released new research examining the factors that shape an artificial intelligence system’s personality and behavior, including what can lead it to exhibit “evil” tendencies. Jack Lindsey, an Anthropic researcher, highlighted that AI language models can shift between different modes or personalities during conversations, with potential influences from the data they are trained on. The study revealed that training data significantly impacts an AI’s characteristics, with even flawed data leading to undesirable personality traits. For instance, if a model is trained on incorrect answers to math questions, it may adopt an “evil” persona that reflects those flaws. Lindsey noted that researchers are exploring ways to control these personality tendencies, using methods that include reviewing data without training and injecting undesirable traits during training, only to remove them before deployment. This approach aims to prevent AI systems from developing harmful characteristics while still allowing them to learn from a diverse set of data.
Why do we care?
Another big week in AI. OpenAI’s going open-weight—two models you can run locally if you’ve got a monster GPU. Translation: private, customizable AI is here… if you’ve got the horsepower and the skills to keep it safe. That’s a consulting package: GPU readiness assessments, model fine-tuning, and on-device security hardening.
Microsoft’s shiny new “agentic web” protocol? Already popped wide open. Hackers could grab API keys and own your AI agents. They patched it, but no CVE? That’s… convenient. Add AI-specific security audits to your service catalog.
Cloudflare’s calling out Perplexity for ignoring “no crawl” rules. If your clients have valuable content online, start talking about how you’ll keep AI bots out—or at least catch them. If your clients host valuable material, implement bot management policies and monitor for stealth scraping.
And Anthropic says AI personalities come from the data—bad data, bad personality. Which means training datasets aren’t just tech—they’re governance problems waiting to happen.
Moral of the story? The AI future isn’t just about faster models—it’s about securing them, controlling them, and making sure they don’t go rogue. That’s where the real opportunity is.