Unlock the power of industry research surveys with expert tips on analyzing and interpreting data. Learn valuable insights from industry research analysts and companies to leverage your findings effectively.

The gas industry relied on Hill & Knowlton, the same public relations company that masterminded the tobacco industry’s playbook for responding to research linking smoking to lung cancer. Hill & Knowlton’s tactics included sponsoring research that would counter findings about gas stoves published in the scientific literature, emphasizing uncertainty in these findings to construct artificial controversy and engaging in aggressive public relations efforts.

This campaign was remarkable, since the basics of how gas stoves affected indoor air pollution and respiratory health were straightforward and well-established at the time. Burning fuel, including natural gas, generates nitrogen oxides: The air in Earth’s atmosphere is about 78 percent nitrogen and 21 percent oxygen, and these gases react at high temperatures.

Nitrogen dioxide is known to adversely affect respiratory health. Inhaling it causes respiratory irritation and can worsen diseases such as asthma. 

Clinical Research Monitoring: A Guide to Clinical Monitoring

Clinical research monitoring is a vital part of clinical trials and it involves various activities to ensure the safety and accuracy of the data collected. It is important that the clinical trial is conducted in a way that meets regulatory standards, protects human studies participants, and minimizes potential risks to their health and well-being. Clinical trial monitoring can include activities such as auditing study sites, evaluating data for accuracy and completeness, review of protocols and amendments, reviewing case report forms (CRFs), identifying any deviations from the standard operating procedures (SOPs) or protocols, managing corrective action plans (CAPs), following up on safety reports, tracking progress against enrollment goals and much more. Apart from evaluating data quality, clinical research monitoring also ensures compliance with all regulatory standards like GCP (Good Clinical Practices) ICH (International Conference on Harmonization), FDA regulations and local laws. In addition to this ongoing monitoring throughout a study's duration, there may be audits conducted by sponsors or regulatory authorities at any time during or after completion of a clinical trial. All these efforts are dedicated towards ensuring that the results obtained from a clinical trial are accurate, reliable and applicable for use in making medical decisions.

Steps to Clinical Monitoring

1. Establish an Effective Monitoring Plan: Ensure that the plan is comprehensive and contains all applicable elements, such as the types of monitoring activities to be conducted, frequency of monitoring visits, data collection methods, and specific criteria for acceptable performance.

2. Develop Appropriate Documentation: Design protocol-specific monitoring tools and forms to document information from site visits including source documents, data collection instruments, case report forms (CRF). In addition, develop a Monitoring Log or Tracking System which will enable better accountability for study activities.

3. Execute Monitors’ Visits: Depending on the complexity of the trial and regulatory requirements, conduct pre-study qualification visits (PSQV), pre-initiation visits (PIV), initiation visits (IVs), periodic monitoring visits (PMV) and close out visits (COV). During each visit, ensure that good clinical practice is followed at all times by reviewing source documents and data collection instruments. Review patient enrollment logs to ensure accuracy and record any discrepancies in the visit report.

4. Report Findings: Generate detailed yet concise reports per each monitor's visit with clear recommendations for corrective actions if required; provide professional feedback to investigators regarding their performance; identify any areas of noncompliance with protocol requirements or applicable regulations; recommend training or educational sessions when appropriate; track all follow up activities related to corrective actions taken in response to findings from monitors' visits; ensure that essential documentation is complete before closing out a particular study site.

5. Quality Assurance: Validate accuracy of tracking systems used by monitors during their visits; assess risk associated with various deficiencies identified during monitoring process; carry out periodic internal audits/assessments to ensure compliance with established SOPs/guidelines related to clinical research monitoring activities; take preventive measures based on audit/assessment results in order to strengthen internal quality system processes.

Types of Clinical Trial Monitoring

1. Types of Clinical Research Monitoring: Clinical research monitoring is the process to assess the quality and integrity of clinical trial data and ensure compliance with applicable regulatory requirements. It can be done through three primary methods: onsite monitoring, centralized or remote monitoring, and risk-based approaches.

2. Onsite Monitoring: Onsite monitoring is considered the "gold standard" for clinical research monitoring, as it requires the presence of a monitor at a study site during the entire duration of a trial. The monitor will typically review source documentation such as patient records, lab results, and investigational product dispensing logs to assess accuracy and conformance with study protocols and good clinical practices (GCP). The monitor also interviews staff members responsible for conducting the trial to verify that procedures are being followed properly.

3. Centralized or Remote Monitoring in Clinical Trials: Centralized or remote monitoring enables sponsors to conduct clinical research monitoring without needing to send someone onsite to each study location. This is accomplished by using technology such as web portals, video conferencing, and virtual meetings that allow monitors to remotely review data from various sites simultaneously and quickly flag any issues that arise. Additionally, centralized/remote monitoring allows sponsors to be more proactive in identifying potential risks associated with a trial prior to sending monitors onsite for an assessment.

4. Risk-Based Approaches: Risk-based approaches use data analytics tools such as descriptive statistics and predictive algorithms to identify potential trends or outliers in clinical trial data that may represent heightened risk of noncompliance with GCPs or other regulations. By leveraging technology, these approaches can help sponsors identify issues earlier in the course of a trial so they can take corrective action before something goes wrong.

5. Benefits of Clinical Research Monitoring: Utilizing effective clinical research monitoring strategies helps ensure that trials are conducted ethically, safely, correctly according to protocol standards, within timelines agreed upon with regulatory authorities, and within budget constraints set out by sponsors/CROs/investigators/other stakeholders involved in a study’s execution.. Clinical research monitors act as an independent third party who are able to provide objective insight into how studies are being conducted across multiple sites which helps minimize errors due to bias from investigators or other personnel who may have vested interests in outcomes associated with their studies.. In addition, effective clinical research monitoring helps ensure patient safety by providing oversight about how drugs or medical devices used in trials are administered as well as ensuring patient confidentiality is maintained throughout the course of a study.. Lastly, robust clinical research monitoring protocols help reduce costs associated with delays caused by errors made during trials which can add up significantly over time if not avoided through proper oversight methods both pre-study start up until closeout occurs after all enrolled patients have completed their participation in a given trial

Clinical Research Monitoring Guide

1. Understand the Basics of Clinical Research Monitoring: Clinical research monitoring is a key part of the clinical research process, ensuring the safety and accuracy of results. It involves periodically assessing study sites to confirm that data is being collected properly, according to ethical and legal requirements, as per Good Clinical Practice (GCP) guidelines.

2. Know What Types of Studies are Monitored: Clinical research monitoring can be used for a variety of studies, including clinical trials, observational studies, epidemiologic studies, and public health surveys. It is important to know what type of study you are monitoring in order to ensure that the appropriate procedures are followed.

3. Understand How to Monitor a Study Site: The primary goal of clinical research monitoring is to confirm that the protocol and informed consent form have been followed properly at each site. This requires a thorough review of all relevant documents such as case report forms (CRFs), source documentation (e.g., physician notes), internal audit reports (audit trails), and external quality assurance reports. Additionally, it involves evaluating compliance with GCP guidelines during study visits or remote reviews, as well as conducting interviews with staff members to assess how they are handling data collection and reporting processes.

4. Become Familiar With Regulatory Requirements: In addition to GCP guidelines, there may be applicable regulations from local governments or other institutions that must be adhered to when conducting clinical research monitoring activities. Understanding these regulations is essential for ensuring compliance with applicable laws and regulations related to clinical research activities.

5. Develop an Effective Monitoring Plan: An effective monitoring plan should include a detailed timeline for visiting sites, information about any specific areas where focused attention is required (e.g., enrolling/randomizing patients or managing adverse events), and plans for auditing/reviewing data generated by the study site(s). Additionally, it should incorporate measures for controlling risk associated with data collection processes so that issues can be identified early on in the study process before they become problematic later on down the line.

Clinical Research Monitor Job

The job of a Clinical Research Monitor is to ensure that clinical trials are conducted ethically, safely and in compliance with established standards. The primary responsibility of the monitor is to protect the rights, safety and well-being of the human subjects enrolled in the trial. Duties typically include developing protocols for clinical studies; coordinating study start up activities; conducting site visits; monitoring data for timeliness, accuracy and completeness; auditing files for regulatory compliance; managing investigator queries/issues; preparing visit reports; reviewing update protocols related to study operations; resolving issues raised through audit reports or other sources; providing technical guidance to sites regarding protocol implementation or study conduct; and escalating complex issues or potential risks as needed.

Clinical Research Monitor Salary

Salaries for this position tend to vary depending on education level, experience and geographical location but can range from $60,000 per year for entry level positions up to around $90,000 per year for more experienced professionals. In addition to salary many employers also offer benefits such as paid vacation days, health insurance plans and retirement packages.

Resources for Clinical Research Monitoring

1. National Institutes of Health (NIH): Clinical Research Monitoring

This link provides information on NIH's guidelines for monitoring clinical research, which include topics such as the roles and responsibilities of the investigator, data safety monitoring boards, and protocols for reporting unanticipated problems and adverse events.

2. National Institutes of Health (NIH): Guide to Clinical Research Monitoring

This comprehensive guide walks readers through all aspects of clinical research monitoring, including topics such as study design, randomization strategies, regulatory compliance requirements, data management, monitoring plans and reports, quality improvement initiatives, and safety assessments.

3. US Food and Drug Administration (FDA): Guidelines for Clinical Trials Monitoring

This resource from the FDA outlines the importance of effective monitoring in clinical trials and provides an overview of the different roles within a clinical trial as well as details about essential elements for implementation of an effective monitoring strategy such as risk assessments and adverse event tracking.

4. International Conference on Harmonization of Technical Requirements for Registration of Pharmaceuticals for Human Use (ICH)

ICH has developed standards that provide a set of harmonized technical requirements for clinical trials conducted across countries in the European Union (EU), Japan, and US with an emphasis on quality assurance and safety monitoring during trials.

5. Association of Clinical Research Professionals (ACRP)

ACRP's guidelines provide best practice recommendations for conducting clinical research studies in accordance with applicable regulations and standards to ensure patient safety monitoring during studies as well as data integrity throughout the process from start to finish.

6. Pharmaceutical Research & Manufacturers of America (PhRMA)

The PhRMA guidelines provide an overview of expectations around clinical research activities with respect to ethics, data integrity, safety reporting, resource allocation and more. It defines roles and responsibilities of all those involved in overseeing a clinical trial such as a Clinical Research Monitor or CRA who has primary responsibility for ensuring that the protocol is implemented correctly throughout a study’s duration

Clinical Research Monitoring Review

1. What is the main purpose of clinical research monitoring?

A) To ensure that a research study is conducted in accordance with applicable regulations and ethical standards

B) To ensure that data collected during a research study is accurate and reliable

C) To evaluate the safety of participants enrolled in a research trial

D) To oversee the financial management of a research project

Answer: A) To ensure that a research study is conducted in accordance with applicable regulations and ethical standards. Clinical Research Monitors are responsible for ensuring compliance with Good Clinical Practice guidelines, protecting participant privacy, verifying data accuracy, and evaluating protocol deviations. In addition, they may also be involved in reviewing participant eligibility requirements, conducting site assessments, providing training to investigators and staff on proper study procedures, as well as monitoring progress towards completion of all requirements of the study.

2. What type of individuals typically serve as clinical research monitors?

A) Physicians

B) Nurses

C) Regulatory specialists

D) All of the above

Answer: D) All of the above. Clinical Research Monitors can come from various backgrounds such as medical doctors (MDs), nurses (RNs), pharmacists (RPhs), regulatory specialists (e.g., Regulatory Affairs Professionals or Paralegals), or biostatisticians/data analysts who have experience in clinical trials and understand local regulations related to human subject protection. Each monitor has specific job duties depending on their education and experience, such as assessing compliance with regulatory guidance or analyzing data sets for accuracy, completeness, integrity, or validity.

3. What kind of activities do clinical research monitors need to perform?

A) Protocol reviews or verifications

B) Ensuring appropriate documentation completion

C) Site visits to observe investigator conduct

D )All of the above

Answer: D )All of the above. Clinical Research Monitors need to perform several activities including protocol reviews or verifications; ensuring appropriate documentation completion; site visits to observe investigator conduct; liaising between sponsors and sites; assisting with resolving issues associated with adverse events; reviewing case report forms for completeness, accuracy, consistency and correctness; evaluating subject safety throughout enrollment process;and writing reports detailing their findings at each visit.

4. What is one benefit gained from having an effective Clinical Research Monitor on-site? A) Reduced risk for legal liability stemming from negligence

B) Improved protocol adherence by investigators

C) Increased patient engagement during trial period

D )All of the above

Answer: D) All of the above . An effective Clinical Research Monitor encompasses several benefits such as reduced risk for legal liability stemming from negligence due to thorough oversight and accurate record keeping; improved protocol adherence by investigators through continued communication between sponsor representatives and researchers on-site regarding best practices; increased patient engagement during trial period due to more detailed explanations about potential risks/benefits offered by having monitor on-site ; and improved efficiency when dealing with complex protocols that require multiple levelsof oversight due to familiarity with protocol specifics which decreases time spent troubleshooting errors or unclear instructions..

5. How often should Clinical Research Monitors visit a particular site?

A) Weekly B) Biweekly C) Monthly D) Quarterly

Answer: C) Monthly . It is recommended that Clinical Research Monitors visit sites at least once per month in order to maintain active surveillance over ongoing studies at each location while also providing timely feedback regarding any issues discovered while on-site visits are taking place within a shorter timeframe if needed based upon changes made midstream or other unanticipated circumstances which might require immediate attention by sponsor personnel.

From their inception, foundations focused on research and dissemination of information designed ostensibly to ameliorate social issues--in a manner, however, that did not challenge capitalism. For instance, in 1913, Colorado miners went on strike against Colorado Fuel and Iron, an enterprise of which 40 percent was owned by Rockefeller. Eventually, this strike erupted into open warfare, with the Colorado militia murdering several strikers during the Ludlow Massacre of April 20, 1914. During that same time, Jerome Greene, the Rockefeller Foundation secretary, identified research and information to quiet social and political unrest as a foundation priority. The rationale behind this strategy was that while individual workers deserved social relief, organized workers in the form of unions were a threat to society. So the Rockefeller Foundation heavily advertised its relief work for individual workers while at the same time promoting a pro-Rockefeller spin to the massacre. For instance, it sponsored speakers to claim that no massacre has happened and tried to block the publication of reports that were critical of Rockefeller. According to Frederick Gates, who helped run the Rockefeller Foundation, the "danger is not the combination of capital, it is not the Mexican situation, it is the labor monopoly; and the danger of the labor monopoly lies in its use of armed force, its organized and deliberate war on society."

INCITE! Women of Color Against Violence, The Revolution Will Not be Funded: Beyond the Non-Profit Industrial Complex

What do you think of a Lila character arc in which she learns that actually doing good and making her own visible achievements is more likely to get her better results than lying about her accomplishments and trying to sabotage others to make herself look better in comparison? That is, she figures out that if she really wants to *securely* get ahead in the world in the way that the show portrays her as wanting to rather than getting the 15-minutes-of-fame intervals created by her lies that she has to then keep feeding into, then she has to work WITH people instead of AGAINST them. Note that this is NOT a redemption arc that I’m describing; Lila would still not care at all about others or how they feel outside of direct usefulness to her in this scenario, but she would figure out how to employ her skills in a way that boosts HER up instead of tears OTHERS down (ex. lying and manipulating the reputations of individual people > acting and being an influencer on social media for sponsor brands) as well as how to network better and with WHOM it’s actually worth it to network with in the long run (could’ve seen that drop-of-a-dime betrayal from Gabriel Agreste in “Revelation” from a mile away, just sayin’). Lila would still be vain, vengeful and attention-focused the entire way through, with these being core qualities that don’t change about her, but while learning when to stop putting energy into her spite for someone due to either the actual “slight” against her being small in the grand scheme of things or the untouchability of her target in any way that really matters, as are the cases with Ladybug. In fact, this idea came from those posts that people have made since Season 3 and beyond pointing out two major character plot points of “Volpina” that conflict with common sense in hindsight concerning Lila. 1) After being deakumatized and calming down about the whole situation, Lila should have, while still not liking Ladybug, NOT continued to go after her from this point forward after realizing that Adrien was the only one who saw that whole outing of her lies and wasn’t angry at her for it as well as let her Ladyblog comments fade into obscurity as a safety net once considering how big of a public figure who does tangible good for the public Ladybug is and the reputation risk for little reward it would pose for her to keep talking about the hero at all. 2) If Lila really had done her research on the whole class and was as socially smart as the show wants her to come off as, she should’ve seen Marinette as someone to be “besties” with before her first day at school even started given her public accomplishments and connections up to that point (the sunglasses and album cover for Jagged in the music industry, her parents and great uncle in the food industry, her own merit as an up-and-coming fashion designer whose bowler hat design genuinely impressed Gabriel Agreste, who is known to not be impressed with or humor things he views as a waste of time as with Simon Says, etc.) the same way she did with Alya and the Ladyblog. Whether she still clings to Adrien given he’s still open to being friends with her as long as she stops lying (which she’s already resolved to do about Ladybug at minimum at this point) or she still gets annoyed with him trying to “lecture” her and decides he’s not worth the annoyance of putting up with over her two intended “besties” (Marinette and Lila wouldn’t be clashing since Lila would be trying to come up with a new game plan for school instead of lying now that Adrien’s aware of her and Marinette would still feel apologetic from the ending of “Volpina”) is up to preference, but I would LOVE to hear your thoughts on all of this regardless.

There's a lot here, so I'm going to start this post by stating what I think you're saying so that you know where I'm coming from in my answer in case I'm totally off base. The argument appears to be that a social climber (?) like Lila should have an arc where she learns that lies can only get her so far and that she's better off trying to make as many real connections as she can. The lies won't totally stop, but lying should become a last resort for her. I fully agree with that analysis. It's one of the many issues with Lila's writing. In the majority of the show, she is written like a compulsive liar and not like a clever manipulator.

A lot of the problem comes down to Lila's total lack of motivation. We don't know what her goals are and it feels like the writers don't either. It's why I put a question mark next to "social climber" in the last paragraph. I don't know if that's actually why she is! That makes her incredibly hard to write well.

When Lila's introduced, it comes across like she just wants to be seen as cool by her classmates. As the show goes on, that continues, but we also get this sense that she wants greater power of some kind and has some sort of master plan going on. Those are clashing behaviors. The kind of lies she tells at school are far too risky for someone with a grand plan. They put her at far too much risk of being outed.

For example, if she is actively manipulating a bunch of women into thinking that they're her mother, then why tell her classmates that she was out of town working for a charity with a well-known public figure like she did in Catalyst? That puts her at risk for a call home or even just having someone meet one of the mothers and mentioning the trip, which would make said mother start asking questions. Lila should be doing everything in her power to keep that from happening. She should want to blend in, not stand out. Canon even shows us how easily her lies would be outed if anyone other than Marinette cared to do basic fact checking:

Lila: (Waves) Hello, everyone! Miss Bustier's class: Hi Lila! Miss Bustier: We can't wait to hear what you've been doing since our last video chat. Tell us about your week in the Kingdom of Achu. Lila: It's absolutely amazing! Prince Ali invited me and my parents to his gorgeous palace. Marinette: Excuse me, Lila, but Prince Ali couldn't possibly have invited you because he is in the United States. Lila: (Laughs) I never said he was actually there, Marinette. I just said he invited us, that's all. His parents organized the visit- Marinette: She's lying, and I'll expose her for the fake that she is. Alya: Oh no, Marinette, not that again. She's not a liar. You're just jealous of Lila because she tried to hit on Adrien.

There is no point to this lie and it actively undermines Lila's character. This lie makes it look like she has no master plan and just lies compulsively for the thrill of it. The kind of character who tells lies like this one would not be capable of setting up multiple fake identities.

If you want to make Lila a master manipulator, then she needs to be written like she was in Oni-chan, which is one of the rare episodes where canon wrote her well:

Lila: What's the worst grade you've ever gotten? Adrien: An A- in math. Listen, Lila, you should forget about this. My father can be harsh with anyone he thinks is an intruder. Lila: (laughs) We're not doing anything wrong. Leave this to me. [Scene change to front the the mansion] Nathalie: I'm sorry, Adrien, but you know your father- Lila: Excuse me, ma'am. But is there any way I could ask him directly? Just in case. Nathalie: Mr. Agreste is busy designing and must not be disturbed for any reason. Adrien: I told you so. Lila: Oh, Adrien. I so wanted to help you make up all the schoolwork you missed due to all the modeling you've been doing lately. What will your father think if he finds out about your lower grades, Adrien? Who will he believe? Nathalie: Adrien, have your grades gone down? Lila: He’d never tell you himself up when I saw Adrien crying the other day because he only got an A-, I just felt like I had to offer him my help. I would’ve taken half an hour. (Nathalie raises her eyebrow at her) I understand. You’re only doing what you think is best. I did what I could, Adrien. Good luck. Nathalie: If it's only half an hour...

Lila is still a little too much here, but this is a kids show, so it makes sense to play up the lies a bit. With that context in mind, this is close enough to quality manipulation that I would feel like I was being a total nitpick if I complained about everyone being too gullible and Lila being a bad liar. Instead, I'm going to praise this writing. This is how she should have always been written. Minor lies used to get her connections or to manipulate her connections, but as much truth as she can manage to keep herself from being outed. Every lie should have a purpose and be carefully thought out. That's how manipulators work.

The Ladybug thing you brought up is another problem. If Lila's goal is manipulation, then she absolutely should have "forgiven" Ladybug and pretended to change. The lines she gives are those of a petty brat, not an evil mastermind:

Ladybug: I... totally overreacted and... never should've spoken to you like that. I'm sorry. Lila: Forget it, Ladybug; you were right. We'll never be friends. 

While I hate the writing in Volpina, making Marinette feel guilty for confronting Lila could have been an excellent setup for Lila gaining power. If Lila went on to make the appearance of changing her behavior and Marinette believed that Lila was sorry, then you could have used Volpina as a semi-clumsy, but ultimately functional setup for Lila being a liar in the audience's eyes, but not in the eyes of the cast. Instead, Lila is enemies with both Ladybug and Marinette, which is the least interesting way to play this on every level.

As you rightly pointed out, Marinette has connections. Lila should want to be Marinette's friend! It would be far more interesting if Marinette trusted Lila and Lila was cool with Marinette while hating Ladybug. That's how identity shenanigan setups are supposed to function! It's not supposed to be just about the romance unless it's short form content. Imagine if the show had let Lila and Marinette have a cool dynamic too. It could lead to all sorts of interesting situations like Marinette picking Lila as a temp hero!

But, as always, that style of writing does not work in an episodic show and it definitely doesn't work in a formula show. Lila is simply a terrible pick for Miraculous at a fundamental, structural level and I have no idea how anyone is excited about her being the new main villain.

For years, researchers, activists, community leaders have shown how Indigenous, Black and other racialized groups have been disproportionately affected by polluting industries. Now, a new law will require the federal government to better track this injustice, and aim to correct it. Bill C-226, sponsored by Green Leader Elizabeth May, became law Thursday evening, nearly four years after similar legislation was first proposed in Parliament. The law will require the federal government to develop a national strategy on environmental racism within two years.  "There is no doubt that Canada has had a problem with environmental racism for decades, and taking action is now required," May told a news conference earlier this week.

Continue Reading.

Tagging: @newsfromstolenland

For a while in the mid-2000s, a refrigerator-sized box in Abu Dhabi was considered the greatest chess player in the world. Its name was Hydra, and it was a small super-computer—a cabinet full of industrial-grade processors and specially designed chips, strung together with fiber-optic cables and jacked into the internet.

At a time when chess was still the main gladiatorial arena for competition between humans and AI, Hydra and its exploits were briefly the stuff of legend. The New Yorker published a contemplative 5,000-word feature about its emergent creativity; WIRED declared Hydra “fearsome”; and chess publications covered its victories with the violence of wrestling commentary. Hydra, they wrote, was a “monster machine” that “slowly strangled” human grand masters.

True to form as a monster, Hydra was also isolated and strange. Other advanced chess engines at the time—Hydra’s rivals—ran on ordinary PCs and were available for anyone to download. But the full power of Hydra’s 32-processor cluster could be used by only one person at a time. And by the summer of 2005, even the members of Hydra’s development team were struggling to get a turn with their creation.

That’s because the team’s patron—the then 36-year-old Emirati man who’d hired them and put up the money for Hydra’s souped-up hardware—was too busy reaping his reward. On an online chess forum in 2005, Hydra’s Austrian chief architect, Chrilly Donninger, described this benefactor as the greatest “computer chess freak” alive. “The sponsor,” he wrote, “loves to play day and night with Hydra.”

Under the username zor_champ, the Emirati sponsor would log in to online chess tournaments and, with Hydra, play as a human-computer team. More often than not, they would trounce the competition. “He loved the power of man plus machine,” one engineer told me. “He loved to win.”

Hydra eventually got overtaken by other chess computers and was discontinued in the late 2000s. But zor_champ went on to become one of the most powerful, least understood men in the world. His real name is Sheikh Tahnoun bin Zayed al Nahyan.

A bearded, wiry figure who’s almost never seen without dark sunglasses, Tahnoun is the United Arab Emirates’ national security adviser—the intelligence chief to one of the world’s wealthiest and most surveillance-happy small nations. He’s also the younger brother of the country’s hereditary, autocratic president, Mohamed bin Zayed al Nahyan. But perhaps most important, and most bizarrely for a spymaster, Tahnoun wields official control over much of Abu Dhabi’s vast sovereign wealth. Bloomberg News reported last year that he directly oversees a $1.5 trillion empire—more cash than just about anyone on the planet.

In his personal style, Tahnoun comes across as one-third Gulf royal, one-third fitness-obsessed tech founder, and one-third Bond villain. Among his many, many business interests, he presides over a sprawling tech conglomerate called G42 (a reference to the book The Hitchhiker’s Guide to the Galaxy, in which “42” is a super-computer’s answer to the question of “life, the universe, and everything”). G42 has a hand in everything from AI research to biotechnology—with special areas of strength in state-sponsored hacking and surveillance tech. Tahnoun is fanatical about Brazilian jiujitsu and cycling. He wears his sunglasses even at the gym because of a sensitivity to light, and he surrounds himself with UFC champions and mixed martial arts fighters.

According to a businessman and a security consultant who’ve met with Tahnoun, visitors who make it past his layers of loyal gatekeepers might get a chance to speak with him only after cycling laps with the sheikh around his private velodrome. He has been known to spend hours in a flotation chamber, the consultant says, and has flown health guru Peter Attia into the UAE to offer guidance on longevity. According to a businessman who was present for the discussion, Tahnoun even inspired Mohammed bin Salman, Saudi Arabia’s powerful crown prince, to cut back on fast food and join him in a quest to live to 150.

But in recent years, a new quest has taken up much of Sheikh Tahnoun’s attention. His onetime chess and technology obsession has morphed into something far bigger: a hundred-billion-dollar campaign to turn Abu Dhabi into an AI superpower. And the teammate he’s set out to buy this time is the United States tech industry itself.

In the multiplayer game of strategy that is the AI arms race, the US controls the board right now for a pretty simple reason. A single American hardware company, Nvidia, makes the chips that train the most competitive AI models—and the US government has moved to restrict who can buy these Nvidia GPUs (as the chips are called) outside the country’s borders. To take advantage of this clear but jittery lead over China, the CEOs of America’s AI giants have fanned out across the globe to sweet-talk the world’s richest investors—people like Tahnoun—into financing what amounts to an enormous building boom.

Lurking behind every synthetic podcast and serving of AI slop is a huge, thrumming data center: Hundreds of Hydra-sized server cabinets lined up in tight rows, running computing processes that are tens or hundreds of times more energy-intensive than ordinary web searches. And behind those is another set of data centers that train foundational AI models. To keep pace with demand, AI companies need more data centers all over the world—plus the land to put them on, the water to cool them, the electricity to power them, and the microchips to run them. Nvidia CEO Jensen Huang has predicted that tech companies will pour a trillion dollars into new AI data centers over the next five years.

Building out the next phase of AI, in short, is set to require mind-boggling amounts of capital, real estate, and electricity—and the Gulf States, with their vast oil wealth and energy resources, possess all three. Saudi Arabia, Kuwait, and Qatar have all set up major AI investment funds in the past couple of years. But as a home for new data centers and a source of investment capital, the UAE has emerged as a particularly attractive potential partner on a number of fronts—from its sheer wealth to its brand-new nuclear power supply to the relative sophistication of its own AI sector.

But there’s a rub: Any American AI partnership with the UAE is, in some way, a relationship with Sheikh Tahnoun himself—and for years many of Tahnoun’s most important technology partners have been Chinese.

The pairing was only natural, given Tahnoun’s record as a spy chief with vast commercial interests in high-tech state control. Tahnoun spent the early 2020s forging deep business and personal ties with Beijing, to the point that some products sold by G42 came to be nearly indistinguishable from Chinese ones. A G42 subsidiary called Presight AI, for one, sold surveillance software to police forces worldwide that bore a close resemblance to systems used by Chinese law enforcement. The Chinese telecom giant Huawei’s footprints in G42 went even deeper. Early in the generative-AI boom, Huawei’s engineers moved freely through Abu Dhabi’s most sensitive tech facilities as they designed massive AI training centers.

But in August of 2023, Washington threw down a gauntlet. It restricted exports of Nvidia GPUs to the Middle East—the very hardware that Abu Dhabi needed to realize its own AI ambitions. No company using Huawei equipment would get access. So Tahnoun pivoted, hard. In early 2024, G42 announced it was severing ties with China and would rip out Chinese equipment. Chinese nationals began quietly departing Abu Dhabi’s tech sector.

At the same time, US and UAE leaders went into a fevered phase of mutual courtship. Scores of public relations consultants, lawyers, and Beltway lobbyists set about portraying Tahnoun as a safe pair of hands in which to place US technology and trust. Marty Edelman, the emirate’s most trusted American lawyer, helped orchestrate the strategy from New York. The UAE’s ambassador to Washington, Yousef Al Otaiba, deployed his considerable political capital to vouch for Tahnoun. Meanwhile, US government and tech leaders tried to maneuver what promised to be a huge spigot of Emirati money into the United States, to feed AI companies’ need for investment.

The first sign that the two sides had reached an understanding was, bizarrely, a deal that flowed in the opposite direction. In an unusual agreement brokered largely by officials in the Biden administration, Microsoft announced in April 2024 that it was investing $1.5 billion in Tahnoun’s G42, acquiring a minority stake in the company. According to remarks by a Biden official who helped steer the agreement, the objective was to get G42 to “work with Microsoft as an alternative to Huawei.” In the first phase of the relationship, G42 would gain access to Microsoft’s AI computing power on its Azure cloud platform, at a data center inside the UAE. And Brad Smith, Microsoft’s president, would join the board of G42—a kind of American chaperone inside the company.

The big gushers of cash from the UAE were still to come, as were any Nvidia chips for Abu Dhabi. But the Microsoft deal amounted to a US government seal of approval for further business with the Emirates. In the summer of 2024, Tahnoun embarked on a charm offensive across the United States, with a visit to Elon Musk in Texas and a jiujitsu session with Mark Zuckerberg. Meetups with Bill Gates, Satya Nadella, and Jeff Bezos followed in quick succession. The most important meetings, however, took place at the White House, with figures like national security adviser Jake Sullivan, Commerce secretary Gina Raimondo, and President Joe Biden himself.

As the frenzied campaign to reframe Tahnoun and G42’s image seemed to gain traction—and the US seemed poised to loosen export controls on advanced chips for the UAE—some inside the US national security establishment were, just as frantically, waving caution flags. One of their fears is that the intellectual property of the United States could still leak to China. “The Emiratis are the consummate hedgers,” a former senior US security official told me. “The question everyone has: Are they playing both sides?” In a July open letter, US congressman Michael McCaul, the chair of the House Foreign Affairs Committee, called for “significantly more robust national security guardrails” to be placed on the UAE before the US exported any sensitive technology to the country.

But the other fear is of the UAE itself—a country whose vision of using AI as a mechanism of state control is not all that different from Beijing’s. “The UAE is an authoritarian state with a dismal human rights record and a history of using technology to spy on activists, journalists, and dissidents,” says Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation. “I don’t think there is any doubt that the UAE would like to influence the course of AI development”—in ways that are optimized not for democracy or any “shared human values,” but for police states.

This past summer, around the same time that Tahnoun was barnstorming through America’s dojos and C-suites, Mohammed bin Salman, the crown prince of Saudi Arabia, was hosting some of the world’s leading technology thinkers—including former Google CEO Eric Schmidt—at his vast South African hunting estate called Ekland. They visited game parks, were waited on by butlers, and discussed Saudi Arabia’s future role in AI.

Not long after, Schmidt made a trip to the Biden White House to air his concerns that the US cannot produce enough electricity to compete in AI. His suggestion? Closer financial and business ties with hydroelectric-rich Canada. “The alternative is to have the Arabs fund [AI],” he told a group of Stanford students on video the following week. “I like the Arabs personally … But they’re not going to adhere to our national security rules.”

Those concerns over the Gulf States’ reliability as allies (and their tendencies to engage in unsavory practices like targeting journalists and waging proxy wars) haven’t stopped their money from flowing into US tech companies. Earlier in the year, Saudi Arabia’s sovereign Public Investment Fund announced a $40 billion fund focused on AI investments, aided by a strategic partnership with the Silicon Valley venture capital firm Andreessen Horowitz. Kingdom Holding, an investment firm run by a Saudi royal who is deeply obedient to the crown prince, has also emerged as one of the biggest investors in Elon Musk’s startup xAI.

The New York Times wrote that the new Saudi fund made that country “the world’s largest investor in artificial intelligence.” But in September, the UAE eclipsed it: Abu Dhabi announced that a new AI investment vehicle called MGX would partner with BlackRock, Micro-soft, and Global Infrastructure Partners to pour more than $100 billion into, among other things, building a network of data centers and power plants across the United States. MGX—which is part of Tahnoun’s sovereign wealth portfolio—has also reportedly been in “early talks” with OpenAI CEO Sam Altman about what Altman hopes will be a 5 to 7 trillion-dollar moonshot chipmaking venture to create an alternative to Nvidia’s scarce GPUs.

The spigot of Emirati cash was now open. And in turn, within days of the MGX announcement, the news site Semafor reported that the US had cleared Nvidia to sell GPUs to G42. Some of the chips were already being deployed in Abu Dhabi, the news site reported, including “a sizable order of Nvidia H100 models.” The US had finally given Tahnoun some of the hardware he needed to build his next Hydra. Which raises the salience of two questions: What kind of game is Sheikh Tahnoun playing this time? And how exactly did he get control of so much wealth?

on some level, nearly every story about royalty in the Gulf is a story about succession—about paternalistic families trying to ward off external threats, and the internal rivalries that crop up when inherited power is up for grabs.

Tahnoun and his brother Mohamed are both sons of the UAE’s first president, Zayed bin Sultan al Nahyan—an iconic figure revered as the father of the nation.

For much of Zayed’s life, what is now the city of Abu Dhabi was an austere, seasonal fishing village with a harsh climate, a brackish water supply, and a nomadic population of about 2,000 people. The rest of the emirate had several thousand more Bedouin inhabitants. As rulers, the al Nahyans were paid in tributes and taxes, and served as custodians of the emirate’s shared resources. Their lifestyle wasn’t all that much better than that of their fellow tribesmen. But still it was dangerous at the top. Before Zayed, two of the last four sheikhs of Abu Dhabi had been assassinated by their brothers; another had been killed by a rival tribe.

Zayed, for his part, seized power from his older brother in a bloodless coup aided by the British in 1966—just as oil and its transformative wealth started flowing into Abu Dhabi. Where his elder sibling resisted spending Abu Dhabi’s new fortune, Zayed embraced modernization, development, and a vision for uniting several tribes under a single state—setting the stage for the creation of the United Arab Emirates in 1971.

When the UAE was formed, Tahnoun was almost 3 years old. A middle child among Zayed’s 20-odd sons, Tahnoun is one of the so-called Bani Fatima—the six male children of Zayed’s most favored wife, Fatima, and his most important heirs. Zayed groomed these sons to go abroad, become worldly, and take up the mantle of the UAE’s future. But even as he established a state that carefully distributed new oil wealth among Abu Dhabi’s Bedouins, Zayed steered his heirs away from business and self-enrichment. Perhaps mindful of the assassinations and coups that preceded him, Zayed wanted to ward off the perception that the al Nahyans were benefiting unfairly from their role as custodians of the country.

In the mid-1990s, Tahnoun found himself in Southern California. One day in 1995 he walked into a Brazilian jiujitsu dojo in San Diego, asking to be trained. He introduced himself as “Ben” and, according to an article on Brazilian Jiu-Jitsu Eastern Europe’s website, went out of his way to show humility, arriving early and helping to clean up. Only later did he reveal he was a prince of Abu Dhabi.

As Zayed’s health failed in the late 1990s, his sons began to step into bigger roles—and to break away from his guidance by starting businesses of their own. It was around this time that Tahnoun started his first holding company, the Royal Group, the entity he would use to incubate the Hydra chess computer. He also started a robotics company that produced a humanoid robot, REEM-C, which in turn was named after an island in Abu Dhabi where he made a series of real estate investments.

When Zayed died in 2004, Tahnoun’s eldest brother, Kha-lifa, became the new ruler of Abu Dhabi and president of the UAE, and Mohamed, the eldest of the Bani Fatima, became the crown prince. The other sons took on an array of official titles, but their roles were more ambiguous.

As a reporter based in Abu Dhabi from 2008 to 2011, I fell into the pastime of “sheikh watching,” a Gulf-royal version of Kremlinology that involves reading between the lines of announcements and moves, and keeping in touch with palace insiders who occasionally betray a few secrets. At the time, Tahnoun seemed like a fascinating dilettante very far from actual power—he held no serious role in the government and seemed preoccupied with growing his fortune, dabbling in technology, and changing the skyline of Abu Dhabi.

That all changed when Tahnoun stepped up as the family member with the greatest knack for wielding a growing tool for nation-states: cyberespionage.

In July 2009, thousands of BlackBerry users across the UAE noticed their phones growing dangerously hot. The culprit was a supposed “performance update” pushed by Etisalat, the UAE’s largest telecom provider. In reality, it was spyware—an early experiment in mass surveillance that backfired spectacularly when BlackBerry’s parent company exposed the scheme.

I experienced this myself one day on a trip from Abu Dhabi to Dubai, bringing my BlackBerry to my ear and finding it so hot it nearly burned my face. It was my first direct, personal experience of the UAE’s hidden police state. But shades of its existence are apparent to anyone who has spent time in the Gulf States. Violent crime is nearly nonexistent, and life can be smooth, even luxurious. But in moments of stress or risk, these countries can become very dangerous places, especially for residents who dare hint at dissent.

The revolutions of the Arab Spring in 2011—which saw four Middle Eastern autocrats topple in the face of massive, Twitter-organized crowds—only heightened the UAE’s resolve to stamp out any green shoots of democracy. When a handful of Emirati activists made their own mild case for human rights and political reform in 2011, the state convicted them on charges of royal defamation. Then it promptly pardoned and released them into a life of surveillance and harassment.

While there’s no evidence that Tahnoun had any direct involvement in the BlackBerry debacle, he would soon come to oversee an empire capable of far more sophisticated spycraft. In 2013, he was named deputy national security adviser—around which time the UAE’s ambitions to spy on its residents and enemies started to reach an industrial scale.

For several years at that point, the UAE had been running a secret program known as Project Raven, formed in 2008 under a contract with consultant and former US counterterrorism czar Richard Clarke. The US National Security Agency had blessed the arrangement, meant to give the UAE state-of-the-art surveillance and data analysis capabilities to contribute to the war on terror. But around 2014, Project Raven took a new tack. Under the new management of a US contractor called CyberPoint, it recruited dozens of former US intelligence operatives with a simple pitch: tax-free salaries, housing stipends, and a chance to fight terrorism.

But fighting terrorism was, in fact, only part of the agenda. Within two years, the project’s management changed hands yet again to a company called Dark-Matter, effectively an Emirati state-owned firm. Emirati intelligence leaders placed Project Raven under their own roof—just two floors from the UAE’s own version of the NSA. The message to Project Raven’s employees: Join DarkMatter or leave.

For those who remained, the job included tracking journalists, dissidents, and other perceived enemies of the state and the royal family. Among the key American operatives who stayed on with DarkMatter was Marc Baier, a veteran of the NSA’s elite Tailored Access Operations unit. Emails later showed Baier chatting with the Italian surveillance firm Hacking Team, describing his UAE clients as “the most senior” and demanding white-glove service as he shopped for hacking tools. Other former NSA hackers on the Project Raven team got busy developing custom attacks for specific devices and accounts.

They got to human rights activist Ahmed Mansoor—one of the Emiratis who had blogged in favor of democratic reform during the Arab Spring—through his child’s baby monitor. It was 2016, and Mansoor had grown used to his devices behaving strangely: phones that grew mysteriously hot, suspicious text messages, drained bank accounts, according to a person familiar with his experiences. His phone had even once been infected with Pegasus spyware, a notorious product made by the Israeli cyber-arms firm NSO Group. But the baby monitor was new. Unknown to him, operatives at DarkMatter were using it to listen to his family’s private conversations.

In another project, DarkMatter assembled what it called a “tiger team”—a task force to install mass-surveillance hardware in public places. These probes would be capable of “intercepting, modifying, and diverting” nearby traffic on UAE’s cellular networks, according to an Italian security researcher who was being courted by DarkMatter in 2016. “To operate as we want them to, these probes are going to be put everywhere,” the prospective hire, Simone Margaritelli, was told in an email during his recruitment process.

And who was ultimately overseeing all this activity? In early 2016, Tahnoun had been named national security adviser, which placed him fully in charge of UAE intelligence. And there are signs that the ultimate controlling party over DarkMatter was none other than Tahnoun’s investment firm, the Royal Group.

Eventually, I may have become a target of the UAE’s hacking apparatus myself. In 2021 a coalition of journalists called the Pegasus Project informed me that my phone had been targeted by the UAE using Pegasus spyware in 2018. At the time I’d been reporting on a global financial scandal that implicated a member of the Abu Dhabi royal family—Sheikh Tahnoun’s brother, Mansour. The UAE denied that it had targeted many of the people identified, including me.

The hacking and tracking of American citizens would eventually become a red line for some of Project Raven’s former intelligence agents. “I am working for a foreign intelligence agency who is targeting US persons,” a Project Raven whistleblower named Lori Stroud would tell Reuters in 2019. “I am officially the bad kind of spy.”

The ensuing scandal resulted in US federal charges for several of its ex-NSA leaders, including Baier. DarkMatter and Project Raven, meanwhile, were painstakingly broken down, scattered, rebranded, and then subsumed into other companies and government departments. Many of their pieces and personnel eventually moved under the umbrella of a single new entity founded in 2018—called G42.

G42 has denied publicly it had any connections to Dark-Matter, but the threads aren’t hard to see. One DarkMatter subsidiary, for instance, was an entity that worked especially closely with Chinese companies. Not only did it eventually appear to become part of G42, but the subsidiary’s CEO, Peng Xiao, went on to become the CEO of G42 itself.

A Chinese speaker who studied computer science at Hawaii Pacific University, Xiao’s past is otherwise a black box. Though he was a US citizen for a time, he eventually surrendered his US passport for UAE citizenship—an exceedingly rare honor for a non-Emirati. And under a subsidiary of G42 called Pax AI, Xiao helped produce the next evolutionary step in DarkMatter’s legacy.

One morning in 2019, millions of phones across the UAE lit up with a cheery notification. A new messaging app called ToTok promised what WhatsApp couldn’t—unrestricted calling in a country where the voice-calling function of most chat apps was blocked. Within weeks, it had shot to the top of Apple’s and Google’s app store even beyond the Emirates. But there was a catch. Each time someone tapped the app icon, the user gave the app access to everything on that phone—photos, messages, the camera, voice calls, location.

Data from millions of phones flowed to Pax AI. Like DarkMatter before it, Pax AI operated from the same building as the UAE’s intelligence agency. The ToTok app itself came from a collaboration with Chinese engineers. For a regime that had spent fortunes on NSO Group’s Pegasus spyware and DarkMatter’s hacking teams, ToTok was elegantly simple. People didn’t have to be laboriously targeted with spyware—they were eagerly downloading it.

Representatives of ToTok adamantly denied that their product was spyware, but an engineer who worked at G42 at the time told me that all of the voice, video, and text chats were analyzed by AI for what the government considered suspicious activity. (Among the easiest ways to get flagged: placing calls to Qatar, then a rival in a mutual cyberwar, from within the UAE.) G42 declined to comment on specific details for this story but responded to WIRED with an overall statement: “G42 is steadfast in its commitment to responsible innovation, ethical governance, and delivering transformative AI solutions globally.”

Inside G42, staff sometimes refer to Tahnoun as “Tiger,” and his orders can swiftly change the company’s course. One mandate from Tiger, according to a former engineer, was to build him either a business that generates $100 million in revenue a year or a technology that makes him famous. In the workplace, there is no mistaking that the conglomerate has one foot inside the security state: Most of the company’s technology and data centers are based in Zayed Military City, a restricted-access zone, and all G42 staff need to pass security clearances to get hired.

Through G42, government intelligence services, and other cybersecurity entities, Tahnoun had effectively come to oversee the UAE’s entire hacking apparatus. But at a certain point, control over the UAE’s spy sector and the industry around it wasn’t enough for Tahnoun.

By the turn of the decade, Tahnoun had ambitions for more political power over the whole of the Emirates. His sibling Mohamed had been serving as the de facto leader of the country since their brother President Kha-lifa suffered a major stroke in 2014. Now, as Khalifa’s health continued to fail and Mohamed’s formal accession to the throne was becoming imminent, the position of the next crown prince was up for grabs.

These moments of dynastic uncertainty can be dangerous. In Saudi Arabia, the sons of the country’s first king, Abdulaziz al-Saud, have taken the throne one after the other ever since the 1950s. By the time the current king, Salman, took power in 2015, he was 80 years old, and the ranks of potential heirs below him had become crowded, corrupt, and rife with internal tensions. That’s why, in 2017, King Salman’s son Mohammed, or MBS, struck out to eliminate his rivals—mostly cousins and their aides—by arresting them in a purge, asserting himself as the new strongman.

In Abu Dhabi, Tahnoun’s argument in the succession debate, according to royal insiders, was that his brother Mohamed should follow precedent and allow the sons of Zayed to rule while they were of good health and sound mind—a system that would place him in contention. But Mohamed was adamant that his own son Khalid should be crown prince, a signal to the country’s large youth population that they were represented high up in government.

Tahnoun argued his point for more than a year, even providing evidence that Mohamed’s plan contradicted their father’s request for succession. But in the end, the brothers worked out a deal. Tahnoun agreed to set aside his ambition to be the crown prince or ruler—in exchange for vast power over the country’s financial resources. It was this bargain that would ultimately put him in charge of $1.5 trillion in sovereign wealth.

In 2023, Tahnoun was made chairman of Abu Dhabi Investment Authority, the largest and most important sovereign wealth fund in the country. Khalid’s appointment as crown prince was announced weeks later.

Officially, Tahnoun got a modest bump in title to become deputy ruler along with his brother Hazza. But those dealing with Abu Dhabi over the past few years say the same thing: Tahnoun’s powers have increased by an extraordinary degree, and not just in finance. He has also taken over diplomacy with Iran, Qatar, and Israel, and even handled the United States for a time when relations with the Biden administration declined. “Whenever there’s a difficult file, it’s given to Tahnoun,” says Kristian Coates Ulrichsen, a scholar of Gulf politics at the Baker Institute for Public Policy at Rice University. That skill has helped him “grow his power enormously,” Ulrichsen says.

As Tahnoun has gained access to new resources, he has plowed them into his maze of investments and conglomerates. Under the Royal Group, he controls not only G42 but also another conglomerate called the International Holding Company—itself a massive consortium that employs more than 50,000 people and owns everything from a Zambian copper mine to the St. Regis golf club and island resort in Abu Dhabi. He also oversees First Abu Dhabi Bank, which is the UAE’s largest lender, and another multibillion-dollar sovereign wealth fund called ADQ.

And now, with a growing position in the global AI arms race, Tahnoun’s empire also includes a stake in the future of humanity.

In December, the US government confirmed it had authorized the export of some Nvidia GPUs to the UAE—specifically to a Microsoft-operated facility inside the country. At G42, subsidiaries have kept multi-plying: Space42 focuses on using AI to analyze satellite imaging data; Core42 aims to build massive AI data centers across Abu Dhabi’s deserts.

Inside the US security establishment, many remain worried about the US tech sector’s increasingly close relationship with the UAE. One unsettling fact, according to a former security official, was that China made no protest over Tahnoun’s decision to tear out all of Huawei’s equipment and sever ties with the company in 2023. “They didn’t raise a peep,” the official told me. When Sweden banned Chinese companies Huawei and ZTE from its 5G rollout in 2020, Beijing’s foreign ministry spoke out against it, and Swedish telecom giant Ericsson lost huge amounts of business in China in retaliation. By contrast, G42’s big breakup with China somehow got a pass—suggesting to the official that there may be some kind of backdoor understanding between the two nations.

In a statement to WIRED, US congressman Michael McCaul reiterated his concern that technology could leak to China through the UAE’s deal with Microsoft, and stressed the need for tighter guardrails. “Before advancing this partnership and others like it further, the US must first establish robust, legally binding protections that apply broadly to AI cooperation with the UAE,” he said.

But even if those guardrails were put into place, the UAE has a history of finding ways to do what it wants. I’m reminded of the briefings that executives from Israel’s NSO Group gave to journalists for a time in the early 2010s, assuring them that Pegasus spyware had safeguards against abuse—and that Pegasus clients (like the UAE) would be blocked from targeting US and UK phone numbers (like mine). And I’m reminded of the blessings that the NSA gave to Project Raven at its inception.

While Donald Trump and his new administration are expected to continue with export controls over GPU chips, the view from people inside Tahnoun’s orbit is that the new administration will likely be much more “flexible” about the UAE’s AI ambitions. Plus at least one Trumpworld insider has a vested interest in the relationship: The UAE, Qatar, and Saudi Arabia have together contributed more than $2 billion to Jared Kushner’s private equity fund, guaranteeing the fund some $20 million to $30 million in annual management fees alone. Abu Dhabi’s leaders have consulted with Kushner and other Trump insiders, including former secretary of state Mike Pompeo, on AI policy, according to people familiar with the discussions.

While the continued supply of GPUs could be a remaining source of leverage for the US, it could be a declining one as rival chips improve. Some analysts argue that, even now, export controls are not the source of strength that American officials think they are. “AI is not like nuclear power where you can restrict the materials,” says computer security expert Bruce Schneier. AI technology is already highly distributed, he says, and the idea that American companies are at a huge and absolute advantage is a mirage.

Now that Tahnoun has been “brought inside the tent”—and given a key and expanding role as an investor of choice for the current winners in the AI race—he has certainly succeeded in gaining some leverage of his own. And those who keep needing money from the UAE may be happy to see it gain more clout. At a World Government Summit last year, Sam Altman suggested that the UAE could even serve as the world’s “regulatory sandbox” for AI—a place where new rules for governing the technology can get written, tested, and advanced.

Meanwhile, the Middle East could be entering a period, like the aftermath of the Arab Spring, when rules are largely off the table. Now that rebels have taken over Syria from the regime of Bashar al Assad, the Gulf States—especially the UAE—will be anxious to increase surveillance to avoid any spread of Islamist unrest. “We’re going to see more repression, more use of surveillance technologies,” says Karen Young, a senior fellow at the Middle East Institute in Washington. And when it comes to managing threats and winning games of strategy, Tahnoun likes to make sure he’s playing with the most fearsome machine in the world.

AITA for blackmailing someone and then snitching to the feds anyway? Okay, so I work for a contract medical research lab generating quantitative image data, working closely with veterinary pathologists who provide the qualitative data. Together, we put together a report like "okay, here's what the medicine/medical device did and here's why we think it happened", and that report usually gets sent to the FDA if it looks promising enough that the sponsor wants to push for clinical trials and eventual market release. So we get a study in and we've got (fake numbers here) 400 sections, but the quote says they only want 300 measurements done. I'm confused and go "wait, which 300 out of the 400? which 100 should I ignore?" and go to the pathologist. She also thinks it's weird and reaches out to the client, hoping it's a typo and we're about to get paid for the bonus 100. Nope! He pressures us for it to be a phone call (no paper trail) and then not-so-subtly hints that he wants the... uglier-looking sections dropped. In other words, he wants to cherry-pick data that makes him look good. This is not only dangerous but The Most Illegal Shit. People's lives hang in the balance and they have to be able to trust the research that tells them medicines and medical devices are safe. We take that responsibility seriously. So the pathologist gathers data and emails him like "I'm taking a REPRESENTATIVE 300 samples for analysis, my report will include scoring of the ones that make you look bad, and if I find out you doctored the reports behind my back, I'm sending everything I have directly to the FDA." (this is not how data is normally submitted in the industry. normally the report is commissioned, and then all dealings with the FDA are done by the client) He grouses, but agrees. And then says "if the FDA reaches out to you, don't respond." .....What? But that's already industry standard? Why would he say that? Why would he expect the FDA to reach out to us? Anyway the pathologist and I discuss it, and both assume he's definitely about to doctor these reports behind our back once it's submitted. So at my suggestion... the pathologist sends the communications to the FDA anyway. Here's the thing: we don't actually know that this guy meant to do some ethics violations. We just assumed he was suspicious without real proof. Even unproven accusations in this industry can get you blacklisted for life, if not facing criminal charges. Did we risk destroying some random guy's life over bad vibes and nothing else?

What are these acronyms?

Feyre sketch dump :)

Details/explanations!!

I think a really underrated aspect of Feyre's character is her scent. We all know Rhysand smells like citrus and the sea and the night court smells like jasmine, but Feyre is mentioned to smell like pear and lilac! I wanted to tribute that here, so the flowers on her outfit in the first piece are lilacs and the flowers in her earrings are pear blossoms. I also thought I'd imagine what her fragrance would be like if there was a celebrity-sponsored fragrance industry in Velaris like there is in the real world, and added in linseed since that's an oil that's often used in painting. (Does it actually smell nice or mix well with pear or lilac? .... We won't discuss that here.)

Anyway the other two pieces are Feyre in the cabin and Feyre in some nice tartan, in acknowledgment of her time in the Spring Court, which I would imagine is pretty Scottish given its high lord's name :')

I love this one <3 I imagine Feyre's current painting style to be like this; I think when she first starts painting she'd be more folk artsy (in the style of pieces like this), then tries out more semi-realistic styles in the Rainbow. I know a lot of people think that because of Feyre's lack of proper art education or practice she wouldn't be very good, but I *highly disagree*; there are plenty of folk artists out there, both now and throughout history who have never been educated, who are completely self taught, and who only paint when they could, in between work and survival, who are still good because they have natural talent. Just look at the difference between historical folk artists like Grandma Moses and the art of your average high school art student who may not have raw talent; while neither are properly educated, and this can be seen in their composition and coloring styles, those folk artists with raw talent still bring a specific eye to their work that your average person couldn't. Anyway rant over LOL JUSTICE FOR FEYRE'S SKILL LEVEL!!!! I BELIEVE IT'S HIGH!!

I also don't think there's even such a thing as good or bad art anyway but that's not relevant rn

Last thing; I imagine the human realms to be 1400s esque (I might not have gotten the right dress style for that in this drawing, but bear with me because I was too lazy to do intensive research lol) and based in historical fabric use, while the faerie realms take a lot of inspiration from future eras and haute couture, things that would seem very bizarre to your average 15th century human! So here's little kid Feyre, before everything really went to shit (not that she was very happy before that either lol)

Video recommendation

Hello! I recommend you guys watch Mickey Atkins’ (therapist, social worker, fat activist, she/they) video called Diets & Weight Stigma are Making You Mentally Ill | Therapist Talks Fat Liberation on Youtube.

Here’s why I think you will benefit from this video:

The video helps you question the idea of weight in relation to health. It serves to show health as a multifaceted concept, which weight is only a small part of. The video acknowledges that weight shame is interconnected to other forms of discrimination such as racism and ableism.

Atkins has collected a lot of research to disprove current ideas of fatness in relation to unwellness, but also reminds us that even if fatness was unhealthy, fat people should still be treated equally. There’s also a Google Docs linked to the description of the video, where you can find studies on the topic and educate yourself further.

Topics of the video include e.g:

BMI’s creation, how it was inaccurate from the start, and what it should be used for instead.

Weight cycling and its effects on health.

A brief discussion on eating disorders in relation to e.g weight cycling.

Mentions of how capitalism benefits from weight shame.

Obesity paradox

How ”calories in, calories out” is not accurate in any way.

Discussion of the health at every size - approach.

One reoccurent theme of the video is to be critical of research and the medical community when it comes to fat bodies, because there is a lot of bias in the medical community. There is a brief talk on the video about how some research on fat bodies has been sponsored by Weight Watchers or the diet industry.

All in all, I think the video is an informative watch even if you have read a lot of books on the topic already (such as Unshrinking by Kate Manne, What We Don’t Talk About When We Talk About Fat by Aubrey Gordon, Body of Truth by Harriet Brown, etc.). There is some information that was brand new to me, and regardless, it’s always good to see other fat people fighting against fatphobia. Especially when they are mental health professionals.

Anyway, have a lovely day all!

The Psychology of Consumer Behavior in Industry Research

Uncover the intricate web of consumer behavior psychology in industry research. Dive into the role of industry research reports, analysts, surveys, companies, and industry-sponsored research in decoding the mysteries of consumer choices.

Read More: https://articleblock.com/business/the-psychology-of-consumer-behavior-in-industry-research/

Trump Watch #9

Trump has named the following: 

Linda McMahon as secretary of education. 

McMahon is a wrestling billionaire and co-founder of WWE. 

She has long been a supporter of Trump and served in his first administration as leader of the Small Business Administration. 

She has served on the Connecticut Board of Education and the board of trustees for Sacred Heart University in Connecticut. 

She supports charter schools and school choice. 

Scott Bessent for treasury secretary.

Bessent is a billionaire who advised Trump on economic policy during his campaign; he has experience founding and working for hedge funds.

If confirmed he will be the first LGBTQ+ Senate-confirmed cabinet member in a republican administration. 

He supports extending Trump’s tax cuts and deregulation.

He also supports Trump’s embrace of the crypto industry. 

Russell Vought for the Office of Management and Budget (OMB).

Vought held the same position during Trump’s first term. 

He is a key architect from Project 2025 writing the chapter on the Executive Office within which he takes aim at federal regulatory agencies that are not under control of the White House..

He is a strong advocate for recess appointments of Trump’s nominees. 

Lori Chavez-Deremer as labor secretary.

Chavez-Deremer was the first Latina congresswoman of Oregon; she lost re-election in November. 

She co-sponsored the Protecting the Right to Organize (PRO) Act which would make it easier for workers to unionize. 

She has strong support from unions. 

Pam Bondi as attorney general.

Bondi is the Florida attorney general and is the first woman to hold the position. 

As FL state attorney general she brought cases against the Affordable Care Act and fought to maintain FL’s ban on same-sex marriage. 

She is a longtime ally of Trump, served as a chairwomen of America First Policy Institute, and defended Trump during his first impeachment trial. 

She received a $25,000 donation from Trump’s charitable foundation and subsequently her office dropped a suit against Trump’s company for fraud stating there were insufficient grounds to proceed. A prosecutor assigned by then-Gov. Rick Scott determined there was insufficient evidence to support bribery charges. 

Brook Rollins as secretary of agriculture

Rollins is a co-founder and president of think tank America First Policy and served as assistant to the president for intergovernmental and technology initiatives during Trump’s first administration. 

She is a lawyer with an undergraduate degree from Texas A&M University in agricultural development. 

Dr Marty Makary as Food and Drug Administration commissioner.

Makary is a surgeon and public policy researcher at Johns Hopkins University. 

He supports RFK Jr. as Trump’s pick for HHS. 

He worked with the first Trump administration on transparent billing in health care. 

He opposed COVID vaccine mandates and was a critic of public health measures during the pandemic. 

Dr Janette Nesheiwat for Surgeon General.

Nesheiwat is a physician, medical director at CityMD, and former Fox News medical contributor. 

She is a supporter of vaccines. 

Dave Weldon to direct the Centers for Disease Control and Prevention. 

Weldon is a physician, Army veteran, and former Republican Florida representative. 

As a congressman he introduced the Weldon Amendment which provides protections for health care workers and organizations that do not provide or aid in abortions.

Scott Turner for secretary of Housing and Urban Development.

Turner previously served in the Texas House of Representatives; he is a NFL veteran and motivational speaker. 

He led the White House Opportunity and Revitalization Council during Trump’s first term and currently works as chair of the Center for Education Opportunity at America First Policy Institute. 

Republicans also announced plan to create a GOP-controlled subcommittee, Delivering on Government Efficiency, to work with the Department of Government Efficiency on cutting government waste; the committee is to be chaired by Marjorie Taylor Greene.

Madison, Wisc.: ‘Building Worker Power – Corporate Research Class’ 

Thursday, February 20 - 6:00 to 8:00 p.m.

1602 S. Park St., Madison, WI

Presenter: Ric Urrutia, organizer, podcaster, artist, Co-Host of We Rise Fighting! Labor Podcast

TOPIC’s: How to research information on corporations. We’ll focus specifically on researching/analyzing corporate documents, finances, work forces, environmental records, worldwide facilities, unionization rates, industry research, etc.

Free and open to the public

Co-Sponsored by: https://www.facebook.com/wibailoutpeople.org/ http://wibopm.org/

The gas industry relied on Hill & Knowlton, the same public relations company that masterminded the tobacco industry’s playbook for responding to research linking smoking to lung cancer. Hill & Knowlton’s tactics included sponsoring research that would counter findings about gas stoves published in the scientific literature, emphasizing uncertainty in these findings to construct artificial controversy and engaging in aggressive public relations efforts.

. . .

The key question is whether nitrogen dioxide exposure related to gas stoves is large enough to lead to health concerns. While levels vary across homes, scientific research shows that the simple answer is yes – especially in smaller homes and when ventilation is inadequate.

. . .

This has been known for a long time. For example, a 1998 study that I co-authored showed that the presence of gas stoves was the strongest predictor of personal exposure to nitrogen dioxide. And work dating back to the 1970s showed that indoor nitrogen dioxide levels in the presence of gas stoves could be far higher than outdoor levels. Depending on ventilation levels, concentrations could reach levels known to contribute to health risks.

. . .

This issue took on new life at the end of 2022, when researchers published a new study estimating that 12.7% of U.S. cases of childhood asthma – about one case in eight – were attributable to gas stoves. The industry continues to cast doubt on gas stoves’ contribution to health effects and fund pro-gas stove media campaigns.

Rita Hayworth (born Margarita Carmen Cansino; October 17, 1918 – May 14, 1987) was an American actress, dancer, and pin-up girl. She achieved fame in the 1940s as one of the top stars of the Golden Age of Hollywood, and appeared in 61 films in total over 37 years. The press coined the term "The Love Goddess" to describe Hayworth, after she had become the most glamorous screen idol of the 1940s. She was the top pin-up girl for GIs during World War II.

Hayworth is perhaps best known for her performance in the 1946 film noir Gilda, opposite Glenn Ford, in which she played the femme fatale in her first major dramatic role. She is also known for her performances in Only Angels Have Wings (1939), The Strawberry Blonde (1941), Blood and Sand (1941), The Lady from Shanghai (1947), Pal Joey (1957), and Separate Tables (1958). Fred Astaire, with whom she made two films, You'll Never Get Rich (1941) and You Were Never Lovelier (1942), once called her his favorite dance partner. She also starred in the Technicolor musical Cover Girl (1944), with Gene Kelly. She is listed as one of the top 25 female motion picture stars of all time in the American Film Institute's survey, AFI's 100 Years...100 Stars.

Hayworth was a top glamour girl in the 1940s, a pin-up girl for military servicemen and a beauty icon for women. At 5 ft 6 in (1.68 m) and 120 lb (54 kg), she was tall enough to be a concern for dancing partners such as Fred Astaire. She reportedly changed her hair color eight times in eight movies.

In 1949, Hayworth's lips were voted best in the world by the Artists League of America. She had a modeling contract with Max Factor to promote its Tru-Color lipsticks and Pan-Stik make-up.

For her contribution to the motion picture industry, Hayworth received a star on the Hollywood Walk of Fame at 1645 Vine Street in 1960.

In 1980, Hayworth was diagnosed with early-onset Alzheimer's disease, which contributed to her death in 1987 at age 68. The public disclosure and discussion of her illness drew attention to Alzheimer's, and helped to increase public and private funding for research into the disease.

The public disclosure and discussion of Hayworth's illness drew international attention to Alzheimer's disease, which was little known at the time, and it helped to greatly increase federal funding for Alzheimer's research.

The Rita Hayworth Gala, a benefit for the Alzheimer's Association, is held annually in Chicago and New York City. The program was founded in 1985 by Princess Yasmin Aga Khan, in honor of her mother. She is the hostess for the events and is a major sponsor of Alzheimer's disease charities and awareness programs. As of August 2017, a total of more than $72 million had been raised through events in Chicago, New York, and Palm Beach, Florida.

On October 17, 2016, a press release from the Springer Associates Public Relations Agency announced that Rita Hayworth's former manager and friend, Budd Burton Moss, initiated a campaign to solicit the United States Postal Service to issue a commemorative stamp featuring Hayworth. Springer Associates also announced that the Academy of Motion Picture Arts and Sciences would be lobbied in hopes of having an honorary Academy Award issued in memory of Hayworth. The press release added that Hayworth's daughter, Princess Yasmin Aga Khan, the Alzheimer's Association of Greater Los Angeles, and numerous prominent personalities of stage and screen were supporting the Moss campaign. The press release stated the target date for fulfillment of the stamp and Academy Award to be on October 17, 2018, the centennial of Hayworth's birth.

Daily inspiration. Discover more photos at Just for Books…?

For years, it's been an inconvenient truth within the cybersecurity industry that the network security devices sold to protect customers from spies and cybercriminals are, themselves, often the machines those intruders hack to gain access to their targets. Again and again, vulnerabilities in “perimeter” devices like firewalls and VPN appliances have become footholds for sophisticated hackers trying to break into the very systems those appliances were designed to safeguard.

Now one cybersecurity vendor is revealing how intensely—and for how long—it has battled with one group of hackers that have sought to exploit its products to their own advantage. For more than five years, the UK cybersecurity firm Sophos engaged in a cat-and-mouse game with one loosely connected team of adversaries who targeted its firewalls. The company went so far as to track down and monitor the specific devices on which the hackers were testing their intrusion techniques, surveil the hackers at work, and ultimately trace that focused, years-long exploitation effort to a single network of vulnerability researchers in Chengdu, China.

On Thursday, Sophos chronicled that half-decade-long war with those Chinese hackers in a report that details its escalating tit-for-tat. The company went as far as discreetly installing its own “implants” on the Chinese hackers' Sophos devices to monitor and preempt their attempts at exploiting its firewalls. Sophos researchers even eventually obtained from the hackers' test machines a specimen of “bootkit” malware designed to hide undetectably in the firewalls' low-level code used to boot up the devices, a trick that has never been seen in the wild.

In the process, Sophos analysts identified a series of hacking campaigns that had started with indiscriminate mass exploitation of its products but eventually became more stealthy and targeted, hitting nuclear energy suppliers and regulators, military targets including a military hospital, telecoms, government and intelligence agencies, and the airport of one national capital. While most of the targets—which Sophos declined to identify in greater detail—were in South and Southeast Asia, a smaller number were in Europe, the Middle East, and the United States.

Sophos' report ties those multiple hacking campaigns—with varying levels of confidence—to Chinese state-sponsored hacking groups including those known as APT41, APT31, and Volt Typhoon, the latter of which is a particularly aggressive team that has sought the ability to disrupt critical infrastructure in the US, including power grids. But the common thread throughout those efforts to hack Sophos' devices, the company says, is not one of those previously identified hackers groups but instead a broader network of researchers that appears to have developed hacking techniques and supplied them to the Chinese government. Sophos' analysts tie that exploit development to an academic institute and a contractor, both around Chengdu: Sichuan Silence Information Technology—a firm previously tied by Meta to Chinese state-run disinformation efforts—and the University of Electronic Science and Technology of China.

Sophos says it’s telling that story now not just to share a glimpse of China's pipeline of hacking research and development, but also to break the cybersecurity industry's awkward silence around the larger issue of vulnerabilities in security appliances serving as entry points for hackers. In just the past year, for instance, flaws in security products from other vendors including Ivanti, Fortinet, Cisco, and Palo Alto have all been exploited in mass hacking or targeted intrusion campaigns. “This is becoming a bit of an open secret. People understand this is happening, but unfortunately everyone is zip,” says Sophos chief information security officer Ross McKerchar, miming pulling a zipper across his lips. “We're taking a different approach, trying to be very transparent, to address this head-on and meet our adversary on the battlefield.”

From One Hacked Display to Waves of Mass Intrusion

As Sophos tells it, the company's long-running battle with the Chinese hackers began in 2018 with a breach of Sophos itself. The company discovered a malware infection on a computer running a display screen in the Ahmedabad office of its India-based subsidiary Cyberoam. The malware had gotten Sophos' attention due to its noisy scanning of the network. But when the company's analysts looked more closely, they found that the hackers behind it had already compromised other machines on the Cyberoam network with a more sophisticated rootkit they identified as CloudSnooper. In retrospect, the company believes that initial intrusion was designed to gain intelligence about Sophos products that would enable follow-on attacks on its customers.

Then in the spring of 2020, Sophos began to learn about a broad campaign of indiscriminate infections of tens of thousands of firewalls around the world in an apparent attempt to install a trojan called Asnarök and create what it calls “operational relay boxes” or ORBs—essentially a botnet of compromised machines the hackers could use as launching points for other operations. The campaign was surprisingly well resourced, exploiting multiple zero-day vulnerabilities the hackers appeared to have discovered in Sophos appliances. Only a bug in the malware's cleanup attempts on a small fraction of the affected machines allowed Sophos to analyze the intrusions and begin to study the hackers targeting its products.

As Sophos pushed out patches to its firewalls, its team responsible for threat intelligence and incident response, which it calls X-Ops, also began an effort to track its adversary: Sophos included in its “hotfix" for the hackers' intrusions additional code that would collect more data from customers' devices. That new data collection revealed that a single Sophos device registered in February of 2020 in Chengdu showed signs of early alterations similar to the Asnarök malware. “We started to find tiny little indicators of the attack that predated any other activity,” McKerchar says.

Using registration data and records of downloads of code Sophos made available to its customers, the X-Ops team eventually identified a handful of machines it believed were being used as guinea pig devices for Chinese hackers as they sought to find vulnerabilities and test their intrusion techniques prior to deployment. Some of them seemed to have been obtained by a Chengdu-based company called Sichuan Silence Information Technology. Others were tied to an individual who used the handle TStark, whom X-Ops analysts then found had held a position at the University of Electronic Science and Technology of China, also in Chengdu.

X-Ops analysts could even observe individuals using computers and IP addresses tied to the test devices reading Sophos' online materials that detailed the firewalls' architecture. “We could see them researching us,” McKerchar says.

In late April of 2020, Dutch police worked with Sophos to seize a Netherlands-based server that Sophos had identified as being used in the Asnarök infection wave. In June of that year, however, the hackers launched another round of their mass intrusions, and Sophos found they had significantly reduced the complexity and “noise” of their malware in an attempt to evade detection. Yet through the increased data collection from its devices and the intelligence it had assembled on the Chengdu exploit development group, Sophos was able to spot the malware and push out patches for the vulnerabilities the hackers had used within a week, and even identify a “patient zero” machine where the new malware had first been tested two months earlier.

The next month, X-Ops took its most aggressive step yet in countering the effort to exploit its devices, deploying its own spy implants to the Sophos devices in Chengdu they were testing on—essentially hacking the hackers, albeit only through code added to a few installations of its own products the hackers had obtained. Sophos says that preemptive surveillance allowed the company to obtain key portions of the hackers' code and head off a third wave of their intrusions, catching it after only two customers had been compromised and pushing out a patch designed to block the attacks, while obfuscating that fix to avoid tipping off the hackers to Sophos' full knowledge of their techniques.

“In the first wave, we were on the back foot. In the second wave, it was an even match,” says McKerchar. “The third attack, we preempted.”

A New Phase of the Game

Starting in 2021, Sophos says it began to see far more targeted attacks from Chinese hacker groups exploiting its products, many of which it was able to uncover due to its efforts to surveil the research of the Chengdu-based exploit development network. Over the next two years, the hackers continued hijack vulnerabilities in Sophos appliances in a wide variety of targeted attacks hitting dozens of targets in Asia and the West.

In September of 2022, for instance, Sophos found a campaign exploiting a vulnerability in its products that had breached military and intelligence agencies in a Southeast Asian country, as well as other targets including water utilities and electric generation facilities in the same region. Later, Sophos says, a different Chinese state-sponsored group appears to have exploited a bypass for its patch for that vulnerability to target government agencies outside of Asia, in one instance hacking an embassy shortly before it was set to host officials from China's ruling Communist Party. It also found intrusions at another country's nuclear energy regulatory agency, then a military facility in the same country and the airport of the country's capital city, as well as other hacking incidents that targeted Tibetan exiles.

“We just opened the door on a huge amount of high-end targeted activity, a Pandora's Box of threat intelligence," McKerchar says.

As the hackers' tooling continued to evolve in response to Sophos' attempts to head them off, the company's X-Ops researchers at one point pulled from a test device they were surveilling a unique new specimen of malware: The hackers had built a “bootkit,” an early attempt at malware designed to infect a Sophos firewall's low-level code that's used to boot up the device before its operating system is loaded, which would make the malware far harder to detect—the first time Sophos believes that sort of firewall bootkit has ever been seen.

X-Ops never found that bootkit deployed on an actual victim's machine, but Sophos CISO McKerchar says he can't rule out that it was in fact used somewhere and evaded detection. “We certainly tried to hunt for it, and we have some capability to do that,” says McKerchar. “But I would be brash to say it's never been used in the wild.”

As Sophos has tried to understand the motives of the Chengdu-based network of hackers digging up vulnerabilities and providing them to the Chinese state, that picture has been complicated by the strange fact that the researchers finding those flaws may have on two occasions also reported them to Sophos itself through its “bug bounty” program. On one occasion, for instance, the exact vulnerability used in a hacking campaign was reported to Sophos by a researcher with a Chinese IP address just after it was first used in an exploitation campaign—Sophos paid the researcher $20,000 for their findings.

That bizarre incongruity with the Chengdu-based researchers' apparent role as suppliers of intrusion techniques for Chinese state hacking groups and its bug bounty reports to Sophos, McKerchar argues, show perhaps how loose the connections are between the researchers finding these vulnerabilities and the state hackers exploiting those bugs. “I think this is a security research community which is patriotically aligned with PRC objectives,” he says, referencing the People's Republic of China. “But they're not averse to making a bit of money on the side.”

Contacts at the University of Electronic Science and Technology China didn't respond to WIRED's request for comment on Sophos' report. Sichuan Silence Information Technology couldn't be reached for comment, and appears to have no working website.

Sophos' timeline of its struggle against a highly adaptive adversaries sussing out its products' hackable flaws points to the success of China's efforts to corral its security research community and funnel its discoveries of vulnerabilities to the government, says Dakota Cary, a researcher at the Atlantic Council, a nonpartisan think tank, who has focused on that Chinese exploit development pipeline. He points to China's efforts, for instance, to foster hacking competitions as a source of intrusion techniques for its offensive hacking efforts, as well as 2021 legislation that requires researchers and companies based in China to report to the government any hackable bug they find in a product.

“In Sophos' document, you see the interconnectedness of that system kind of shine through,” says Cary. “The culture of these organizations working together or competing for work, and the way that the government is trying to centralize collection of vulnerabilities and then distribute those tools to offensive teams—you see all of that reflected.”

Sophos' report also warns, however, that in the most recent phase of its long-running conflict with the Chinese hackers, they appear more than ever before to have shifted from finding new vulnerabilities in firewalls to exploiting outdated, years-old installations of its products that are no longer receiving updates. That means, company CEO Joe Levy writes in an accompanying document, that device owners need to get rid of unsupported “end-of-life” devices, and security vendors need to be clear with customers about the end-of-life dates of those machines to avoid letting them become unpatched points of entry onto their network. Sophos says it's seen more than a thousand end-of-life devices targeted in just the past 18 months.

“The only problem now isn't the zero-day vulnerability,” says Levy, using the term “zero-day” to mean a newly discovered hackable flaw in software that has no patch. “The problem is the 365-day vulnerability, or the 1,500-day vulnerability, where you've got devices that are on the internet that have lapsed into a state of neglect.”

That warning was echoed by Cybersecurity and Infrastructure Security Agency assistant director for cybersecurity Jeff Greene, who stresses the risk of Chinese hackers exploiting older, unpatched systems, as well as the broader, ironic threat of network perimeter appliances serving as entry points for hackers. “These edge devices often have inherent insecurities, they’re often not managed once they’re put out, they're not patched," says Greene. “We’ll leave a trail of these devices for a long time that attackers will be looking to compromise.”

Sophos CISO McKerchar says the company is revealing its five-year fight with the Chengdu-based hacking network to amplify those warnings, but also to end a kind of cybersecurity industry omertà around the growing issue of security companies' own products creating vulnerabilities for their customers. “Trust in the industry has been massively eroded in the past few years. There's a huge amount of skepticism across about the way that vendors are handling these risks, but we've relied on silence instead,” says McKerchar. “We want to show a bit of vulnerability ourselves, recognize that we've had problems, then tell the story about how we stepped up.”