Building trust in AI health intelligence: why privacy, transparency, and human oversight matter

Cellebrite said it cut off Russia, but Russia used is tools anyway

Russian authorities used Cellebrite's UFED phone-unlocking tool to hack into the iPhone of opposition politician Andrey Pivovarov in June 2021 — three months after Cellebrite publicly announced it had cut off all sales and services to Russia. Researchers at the Citizen Lab found forensic evidence on Pivovarov's phone confirming the breach, and a Russian court document explicitly detailed the use of Cellebrite UFED to extract WhatsApp and Telegram messages. The case highlights a fundamental problem with surveillance technology exports: once hardware is in a customer's hands, revoking licenses or cutting ties does not reliably prevent continued abuse. Researchers are calling on Cellebrite to implement remote-disable capabilities and cryptographically-signed watermarks to enable accountability and enforcement.

Our Research on Membership Inference Attacks and Preventing Privacy Leaks

JetBrains researchers present EZ MIA (Error Zone Membership Inference Attack), a lightweight method for detecting whether specific data was used to train fine-tuned LLMs. Unlike existing approaches that rely on aggregate sequence loss or expensive shadow model training, EZ MIA focuses on token-level error positions where memorization signals are most concentrated, requiring only two forward passes per sequence. Experiments on GPT-2, GPT-2-XL, and Llama-2 show EZ MIA outperforms baselines like LOSS, Min-K++, and SPV-MIA by up to 9x. The research also confirms that full fine-tuning creates significantly more membership leakage than LoRA-based fine-tuning, though LoRA does not eliminate the risk entirely — especially for larger models.

Rethinking the balance between AI oversight and innovation

CIOs are under mounting pressure to accelerate enterprise AI adoption while managing risk, compliance, and governance. IT leaders from Hi Marley and Zuora share how they're structuring their organizations to balance innovation with oversight. Key insights include: AI's indeterminate behavior breaks traditional control models, shadow AI use creates more risk than controlled access, and organizational design decisions are as consequential as the AI adoption choices themselves. Zuora's three-year journey outlines a four-level AI maturity model — from controlled employee access to near-zero-touch application creation — built on a foundation of trust, security, and governance. Practical advice covers defining risk appetite, treating AI providers as third-party risk, and using a three-pillar framework (effort, value, confidence) to evaluate AI projects.

Privacy-Aware Infrastructure in the AI-Native Era: An Asset Classification Case Study

Meta's engineering team describes a hybrid pattern for privacy-aware infrastructure (PAI) asset classification at scale. The core approach combines LLMs for handling ambiguous or novel data assets with deterministic, versioned rules for routine enforcement. Key principles include: building structured 'evidence briefs' from distributed context (code lineage, ownership, semantic annotations) rather than raw fields; keeping human-reviewed labels separate from model-generated recommendations; using a multi-panel LLM judge with Cohen's kappa for quality control; and progressively distilling stable LLM-discovered patterns into auditable deterministic rules. In production, ~85% of traffic is resolved by fast deterministic rules, with LLM fallback for the remaining ~15%. The system includes self-regulation mechanisms (tuning controller states) to prevent runaway optimization loops. Lessons learned emphasize that context quality beats prompt quality, accuracy alone is insufficient for imbalanced taxonomies, and distillation into deterministic rules is the sustainable production model.

5 Android productivity apps I discovered outside of the Play Store that solve real problems

A curated list of five Android productivity apps found outside the Google Play Store: Easy Notes (Markdown note-taking), Fridgey (food expiration tracker), Seal (open-source video/audio downloader using yt-dlp), Beam (battery health monitor), and Timety (offline habit and focus session tracker). All emphasize privacy, local data storage, and simplicity over feature bloat.

Qodo Extends Reach and Scope of AI Code Review Platform

Qodo has released version 2.8 of its AI code review platform, introducing an AI agent capable of reviewing code across multiple repositories. The update also adds a custom rules miner that extracts coding patterns from existing codebases and PR history to create enforceable rules, plus a portal for centrally managing AI skills across repositories. The multi-repo review agent, currently in beta, uses graph technology to track relationships between code and surfaces impact findings — such as API contract breaks, schema changes, and infrastructure drift — before pull requests are merged. The underlying premise is that as AI-generated code volumes grow, human reviewers can no longer keep pace, making AI-driven code review a necessity.

Google releases new privacy controls for activity history, personalization

Google bổ sung các điều khiển quyền riêng tư mới, tách biệt lịch sử hoạt động (Search Services History) và cá nhân hóa (Personalized Recommendations) cho Search cùng Google Play, thay vì gộp chung như trước. Theo mặc định, Google sẽ lưu trữ media (ảnh, âm thanh, video từ Google Lens, tìm kiếm bằng giọng nói) vào Search Services History nếu tính năng Web & App Activity đang bật, nhưng người dùng có thể tắt riêng mục này hoặc xóa từng mục đã lưu. Các cài đặt mới sẽ triển khai dần trong vài ngày tới.

Lập trình viên nên đọc để hiểu cách Google xử lý dữ liệu người dùng và cách bảo mật riêng tư trong ứng dụng, giúp họ phát triển các giải pháp bảo vệ dữ liệu hiệu quả hơn trong các sản phẩm công nghệ.