Google’s AI Is Being Manipulated — And It Can’t Fully Stop It
A BBC investigation reveals that AI-generated search results from ChatGPT, Gemini, and Google AI Overviews are being systematically gamed. SEO spammers are crafting content that tricks AI systems into surfacing biased, misleading, or fabricated answers as authoritative facts.
Google updated its policies in response, but experts quoted in the piece say manipulation remains trivially easy. One researcher’s assessment: “You should assume you’re being manipulated.”
Why it matters: This isn’t about hallucinations — it’s about adversarial manipulation at scale. We’ve written about Google’s AI Overviews cannibalising publisher traffic, but this is the flip side: bad actors exploiting the fact that AI search draws from the open web, where anyone can plant disinformation designed to surface as an “answer.” The trust crisis in AI search just got a new dimension.
EU Rolls Back Its Own AI Act — High-Risk Rules Delayed 16 Months
The EU has agreed to delay high-risk AI compliance requirements by over 16 months, pushing implementation to December 2027. The deal also reduces paperwork for SMEs and bans non-consensual AI nudification apps. Industry lobbying won the day — German manufacturers in particular pushed hard for exemptions.
We’ve covered this story as it developed, and the pattern is clear: the EU AI Act’s teeth are being pulled before they fully bite. The symbolic ban on nudification apps is real progress, but the high-risk rules delay means the regulatory framework that was supposed to set the global standard for AI governance is being hollowed out by the same industry pressures it was designed to counter.
Why it matters: New Zealand and other small nations watching the EU for a regulatory template are now watching it retreat. When the world’s most ambitious AI regulation gets watered down before full implementation, what chance does a smaller, resource-constrained country have?
OpenAI Adds C2PA Provenance and SynthID Watermarks to AI Images
OpenAI is joining the C2PA open content provenance standard and partnering with Google to add invisible SynthID watermarks to AI-generated images. A public verification tool is coming.
This is a significant infrastructure move. C2PA gives every AI-generated image a chain-of-custody — when it was made, by what model, whether it’s been edited. SynthID adds an invisible watermark that survives cropping and compression. Together, they’re the beginnings of a “nutrition label” for images.
Why it matters: In the same week BBC reports AI search is being gamed, OpenAI is building the provenance layer. These are two sides of the same coin — the internet needs both defensive tools (provenance) and offensive awareness (manipulation literacy). The question is whether provenance arrives fast enough to matter.
Qwen3.7-Max: Alibaba’s Agent Powerhouse
Alibaba released Qwen3.7-Max, a major model update focused on agentic capabilities. The open-weight model is designed specifically for tool use, multi-step reasoning, and autonomous task completion — the direction the entire industry is moving.
The HN discussion (313 points, 115 comments) highlights the practical gains: Qwen’s agent models are increasingly competitive with proprietary alternatives, and the open-weight release means anyone can deploy them.
Why it matters: The agent frontier is where competition is fiercest right now. Between Gemini Spark, Qwen3.7-Max, and open-source guardrails projects like Forge (which takes an 8B model from 53% to 99% on agentic tasks), the infrastructure for AI agents is being built out rapidly. The race isn’t “who has the smartest chatbot” anymore — it’s “whose agent actually works reliably.”
China Publishes AI Agent Blueprint, Launches Anti-Misuse Campaign
China released a national AI agent strategy with a tiered governance framework, while simultaneously launching its annual Qinglang campaign against AI misuse. The two-track approach — accelerate agents, crack down on abuse — mirrors the tension playing out globally.
Why it matters: China’s regulatory pattern is diverging from both the EU (which is rolling back) and the US (which is deregulating). A tiered governance model for agents is worth watching — it may end up being the template that actually works.
NSA to Play Key Role in Voluntary AI Model Testing Under Incoming Executive Order
White House officials are planning a provision in a forthcoming AI executive order that would establish a voluntary information-sharing framework between the government and AI developers. The NSA is expected to handle classified testing of AI models before public release — a framework that would make the intelligence agency an official gatekeeper for frontier AI safety.
The order, expected this week, comes as the Trump administration grapples with the national security implications of advanced cyber-focused models like Anthropic’s Mythos. Sources caution the details are still fluid.
Why it matters: This is a significant pivot from the voluntary testing frameworks proposed under the previous administration. Having the NSA — a signals intelligence agency — handle AI model testing adds a national security dimension that changes the conversation entirely. It’s no longer just about safety. It’s about who gets to decide what AI capabilities are too dangerous to release. And a voluntary program with classified testing creates a two-tier system: companies that cooperate get security clearance; those that don’t become potential threats.
Google Expands CodeMender as AI Security Race Heats Up
Google DeepMind is widening API access to CodeMender, its AI-powered cybersecurity agent, giving vetted security testers access while keeping it out of general release. CodeMender uses Gemini Deep Think to find vulnerabilities, trace root causes, and draft fixes — all reviewed by humans before patches go live.
The move directly competes with Anthropic’s Mythos, the cybersecurity model that’s been getting NSA attention. Both tools represent a new class of AI: purpose-built security agents capable of autonomous vulnerability discovery and remediation.
Why it matters: The AI security arms race is escalating on two fronts simultaneously — defensive (CodeMender patches vulnerabilities automatically) and offensive (NSA wants to test models before release). This mirrors the broader pattern in AI: the tools to break things and the tools to fix them are evolving in lockstep. For New Zealand organisations depending on cloud infrastructure at scale, understanding whose code is being patched by what AI matters more than ever.
🔍 THE BOTTOM LINE: The theme this week is trust under pressure. AI search is being gamed. AI regulation is being rolled back. AI images are getting provenance labels that nobody’s required to check. And the agent revolution — which puts AI in charge of real tasks with real consequences — is outpacing both the safeguards and the rules meant to contain it. The infrastructure for an agentic future is being built. The trust infrastructure isn’t keeping up.