Language-theoretic security, or LangSec, is an approach to software security that focuses on input handling, complexity, and program design as strategies to improve the verifiability of computer programs. It was introduced in 2005 by Robert J. Hansen and Meredith L. Patterson at BlackHat and in 2011 by Len Sassaman and Patterson. It aims to create a formal description of which software is likely to have security vulnerabilities of particular classes, and why. It considers programs to have an inherent parser component, whether or not explicit, composed of that part of the program which operates on external input before that input is fully parsed. A central hypothesis of language-theoretic security is that vulnerabilities in software increase according to the computational power of the notional input-accepting automaton equivalent to this parser, using the definitions of automata theory. The lower bound on this computational power is the input language complexity of the program. The extent to which reducing this complexity is possible is a function of the specification of the communication protocol or file format the program takes as input. == Parsing as a security mechanism == The behaviour of a program is defined with reference to its expected input. Unexpected input being used by a program is a factor in numerous security bugs, including the so-called Android master key vulnerability (CVE-2013-4787), because accepting unexpected input renders the program's specification ambiguous. In that instance, the unexpected ambiguity came in the form of a ZIP file with duplicate filenames. If a program fully parses its input and only acts on input that unambiguously meets the specification, it follows that the program will avoid these types of vulnerabilities. This is an intentional inversion of the Postel principle. Accepting only unambiguous and valid input is a more formal requirement than input validation or sanitization, and narrows the number of possible but unanticipated program states that can be induced in an application via user input. Conversely, failure to do this is associated with security vulnerabilities. Input sanitization in particular is held to be an inadequate approach to avoiding malicious input because it inherently ignores context-sensitive properties of the input; it can therefore result in paradoxical effects, such as sanitization code activating otherwise inert cross-site scripting payloads in browsers. === Parser differentials === If the language of accepted program input is sufficiently simple, it is possible to verify that two implementations parse the same input language consistently. This is advantageous because it shows no parser differential exists between the two implementations. The requisite level of simplicity is theoretically that for which there is a solution to the equivalence problem. If the two parsers involved in CVE-2013-4787 were equivalent - that is, if they rendered the same output state given the same input state - the vulnerability could not have existed. One strategy for doing this is to publish machine-readable specifications of a format or protocol, and then use a parser generator to generate the parser code. An example of a parser generator built for this purpose is DaeDaLus. The combination of Lex with any of GNU Bison, ANTLR, or Yacc also accomplishes this. However, many parser generators allow the mixing of general purpose code with the parsing definitions, which weakens the guarantees provided by parsing. === Analysis of injection attacks === Injection attacks are generally the result of differences between the serializer (or "unparser") and the corresponding parser at a layer boundary in a system; therefore, they are a special case of parser differentials. In a SQL injection attack, for example, an attacker is able to cause the application with which they are interacting to serialize a SQL query that has different semantics than intended. In the simplest case where the payload ends a string and adds new code, the payload has crossed the code-data boundary in SQL. In language-theoretic security, this is treated as a bug in the serializer of the SQL query, which should instead be written in a way that constrains its possible outputs to those within the scope of the intended query. === Parser combinators === If a parser generator is not used, it is still possible to avoid implementation bugs by using parser combinator such as Nom to implement the parser code. This has the drawback of relying on a programmer correctly translating the specification into the language of the parser generator library, though this task is still less error-prone than hand-coding a parser. == Input format complexity == Complexity in computer programs is associated with security vulnerabilities. Within the domain of language-theoretic security, complexity is described with reference to the computational power of the abstract machine necessary to implement the program, or more particularly, to implement the parser for its input language. This complexity describes whether it is possible to show that there is no unintended or undesired functionality in the program which might be exploitable by an attacker. To be bounded in complexity, the program's input must be well-defined both in terms of form and of semantics. === Weird machines === A weird machine is a model of computation in a program that exists in parallel with, but is distinct from, the intended abstract model of computation in that program. Some classes of weird machine arise from the multi-layered nature of computer programs, or the context in which the programs run; others result from the unanticipated functionality a program has due to its complexity or to software bugs. The more complex the computation model of a program, the more likely it is to implement a weird machine. Depending on context, the weird machine may or may not be concretely useful for an attacker. Since the space of weird machines in the context of some program is the universe of all possible states that are not within the program's intended states, many exploited states including remote code execution and injection attacks belong to the domain of weird machines. A reduction in weird machines is therefore a likely correlate with reduced program vulnerability. === SafeDocs project === SafeDocs is a DARPA project undertaken in 2018 to take existing file formats, create safer subsets of them, and develop programming tools to work for the safer formats. The initial test case for this was PDF. The purpose of creating safer subsets in this case is to lower the minimum bound on parser complexity so that it becomes possible to create tools that will generate correct, normative parsers for them. == Relation to programming languages == The analytic framework of language-theoretic security assumes programs to be virtual machines that execute their input. A document that is read by an application is in this sense a form of machine code, in a generalization of the data as code idea, following the automata theory description of parsers. === Type-safe programming languages === Parsing input and serializing output are operations that consume one data type and emit another. A programming language can therefore check that data is correctly parsed and contains the expected structure by checking data types, and correct serializing (or unparsing) can be implemented as operations on the data types that are relevant to the program's output. This approach can be used to show that the recognizer and unparser patterns have been implemented. It is also possible to implement type checking across a distributed system to enforce parsing and unparsing of the expected structures and to verify that the assumptions made in designing the compositional properties of a distributed system have been followed. === Memory-safe programming languages === In the general case, spatial memory correctness is undecidable. If any proof of spatial memory correctness is to be made, it is therefore necessary to bound the complexity of the code. Interpreted languages such as Java and Python effectively accomplish this via runtime bounds checking, and frameworks for runtime bounds checking also exist for C. The effect of these strategies for spatial memory correctness are to create a halt state in place of a spatial memory correctness violation; therefore, it can be shown that the program will not violate spatial memory correctness, but in exchange, it cannot be shown in the general case that programs will not have runtime bounds checking exceptions. Some programming languages, such as Rust, accomplish this using borrow checking. The borrow checker acts to assure spatial memory correctness by compile-time reference counting. Code for which spatial memory correctness cannot be shown to not be violated therefore does not compile, inherently limiting the complexity of the spatial memory correctness of the program to what is decidable. Thi
Wrike
Wrike, Inc. is an American project management application service provider based in San Jose, California. Wrike also has offices in India, Dallas, Tallinn, Nicosia, Dublin, Tokyo, Melbourne, and Prague. == History == Wrike was founded in 2006 by Andrew Filev. Currently CEO at Wrike is Thomas Scott. Filev initially self-funded the company before later obtaining investor funding. Wrike released the beta version of its software (also called Wrike) in December 2006. The company then launched a new "Enterprise" platform in December 2013. In June 2015, Wrike announced the opening of an office in Dublin, Ireland and in 2016, Wrike launched a datacenter there to host data in compliance with local privacy regulations. In July 2016, Wrike announced the launch of Wrike for Marketers. That same year, Wrike's headquarters moved from Mountain View to San Jose, California. In January 2021, Citrix Systems announced its intention to acquire Wrike for $2.25 billion. The acquisition closed in March 2021. On January 31, 2022, it was announced that Citrix had been acquired in a $16.5 billion deal by affiliates of Vista Equity Partners and Evergreen Coast Capital. Citrix would merge with TIBCO Software, a Vista portfolio company to form Cloud Software Group (CSG). In September 2022, Wrike separated from Citrix Systems. In July 2023, Vista transferred ownership to Symphony Technology Group. == Investments == Wrike received $1 million in Angel funding in 2012 from TMT Investments. In October, 2013, Wrike secured $10 million in investment funding from Bain Capital. In May 2015, the company secured $15 million in a new round of funding. Investors included Scale Venture Partners, DCM Ventures, and Bain Capital. At that time, Wrike had 8,000 customers, 200 employees, and 30,000 new users each month. On November 29, 2018, Wrike signed a definitive agreement to receive a majority investment by Vista Equity Partners (“Vista”), a firm focused on software, data and technology-enabled businesses. == Software == The Wrike project management software is a Software-as-a-Service (SaaS) product with tools for managing projects, deadlines, schedules, and workflow processes. It includes collaboration features. The application is available in English, French, Spanish, German, Portuguese, Italian, Japanese and Russian. Wrike has triggers for task automation in workflow management. === Features === Wrike features a multi-pane UI and consists of features in two categories: project management, and team collaboration. According to Wrike, project management features are designed to help teams track dates and dependencies associated with projects, manage assignments and resources, and track time. These include an interactive Gantt chart, a workload view, and a sortable table that can be customized to store project data. The software includes a co-editing tool, discussion threads on tasks, and tools for attaching documents, editing them, and tracking their changes. Wrike uses an "inbox" feature and browser notifications to alert users of updates from their colleagues and dashboards for quick overviews of pending tasks. These updates are also available in Wrike's mobile apps on iOS and Android. Wrike has an optional feature set called "Wrike for Marketers" which has several tools for managing marketing workflows. In May 2012, Wrike announced the launch of a freemium version of its software for teams of up to 5 users. That year also saw the integration of a live text coeditor into its workspace to unify collaboration and task management. In late 2013 Wrike released a new feature set called Wrike Enterprise which included advanced analytics and other tools targeted at large business customers. Since then it has released several major updates to Wrike Enterprise, including a customizable spreadsheet called "Dynamic Platform" in late 2014 and custom workflows for teams in 2015. In July 2016, Wrike was updated with a set of add-on features under the name "Wrike for Marketers," which includes integrations with Adobe Photoshop, a tool for submitting requests, and proofing and approval tools for creative assets like videos and images. Wrike is available as native Android and iOS apps. Mobile apps include an interactive Gantt chart that syncs across devices. The apps are available offline, and sync when connection is restored. === Criticism === Critics said new users may have a learning curve with complex features. Wrike has 2,710 customers for an estimated 0.04% market share. Competitors include Google Workspace, Slack (software), and Quip (software).
IJCAI Computers and Thought Award
The IJCAI Computers and Thought Award is presented every two years by the International Joint Conference on Artificial Intelligence (IJCAI), recognizing outstanding young scientists in artificial intelligence. It was originally funded with royalties received from the book Computers and Thought (edited by Edward Feigenbaum and Julian Feldman), and is currently funded by IJCAI. It is considered to be "the premier award for artificial intelligence researchers under the age of 35". == Laureates == Terry Winograd (1971) Patrick Winston (1973) Chuck Rieger (1975) Douglas Lenat (1977) David Marr (1979) Gerald Sussman (1981) Tom Mitchell (1983) Hector Levesque (1985) Johan de Kleer (1987) Henry Kautz (1989) Rodney Brooks (1991) Martha E. Pollack (1991) Hiroaki Kitano (1993) Sarit Kraus (1995) Stuart Russell (1995) Leslie Kaelbling (1997) Nicholas Jennings (1999) Daphne Koller (2001) Tuomas Sandholm (2003) Peter Stone (2007) Carlos Guestrin (2009) Andrew Ng (2009) Vincent Conitzer (2011) Malte Helmert (2011) Kristen Grauman (2013) Ariel D. Procaccia (2015) Percy Liang (2016) for his contributions to both the approach of semantic parsing for natural language understanding and better methods for learning latent-variable models, sometimes with weak supervision, in machine learning. Devi Parikh (2017) Stefano Ermon (2018) Guy Van den Broeck (2019) for his contributions to statistical and relational artificial intelligence, and the study of tractability in learning and reasoning. Piotr Skowron (2020) for his contributions to computational social choice, and to the theory of committee elections. Fei Fang (2021) for her contributions to integrating machine learning with game theory and the use of these novel techniques to tackle societal challenges such as more effective deployment of security resources, enhancing environmental sustainability, and reducing food insecurity. Bo Li (2022) for her contributions to uncovering the underlying connections among robustness, privacy, and generalization in AI, showing how different models are vulnerable to malicious attacks, and how to eliminate these vulnerabilities using mathematical tools that provide robustness guarantees for learning models and privacy protection. Pin-Yu Chen (2023) for his contributions to consolidating properties of trust, robustness and safety into rigorous algorithmic procedures and computable metrics for improving AI systems. Nisarg Shah (2024) for his contributions to AI and society, in particular foundational work on the theory of algorithmic fairness using principles from social choice theory. Aditya Grover (2025) for his foundational contributions uniting deep generative models, representation learning, and reinforcement learning, and for their applications in advancing scientific reasoning.
Evolutionary acquisition of neural topologies
Evolutionary acquisition of neural topologies (EANT/EANT2) is an evolutionary reinforcement learning method that evolves both the topology and weights of artificial neural networks. It is closely related to the works of Angeline et al. and Stanley and Miikkulainen. Like the work of Angeline et al., the method uses a type of parametric mutation that comes from evolution strategies and evolutionary programming (now using the most advanced form of the evolution strategies CMA-ES in EANT2), in which adaptive step sizes are used for optimizing the weights of the neural networks. Similar to the work of Stanley (NEAT), the method starts with minimal structures which gain complexity along the evolution path. == Contribution of EANT to neuroevolution == Despite sharing these two properties, the method has the following important features which distinguish it from previous works in neuroevolution. It introduces a genetic encoding called common genetic encoding (CGE) that handles both direct and indirect encoding of neural networks within the same theoretical framework. The encoding has important properties that makes it suitable for evolving neural networks: It is complete in that it is able to represent all types of valid phenotype networks. It is closed, i.e. every valid genotype represents a valid phenotype. (Similarly, the encoding is closed under genetic operators such as structural mutation and crossover.) These properties have been formally proven. For evolving the structure and weights of neural networks, an evolutionary process is used, where the exploration of structures is executed at a larger timescale (structural exploration), and the exploitation of existing structures is done at a smaller timescale (structural exploitation). In the structural exploration phase, new neural structures are developed by gradually adding new structures to an initially minimal network that is used as a starting point. In the structural exploitation phase, the weights of the currently available structures are optimized using an evolution strategy. == Performance == EANT has been tested on some benchmark problems such as the double-pole balancing problem, and the RoboCup keepaway benchmark. In all the tests, EANT was found to perform very well. Moreover, a newer version of EANT, called EANT2, was tested on a visual servoing task and found to outperform NEAT and the traditional iterative Gauss–Newton method. Further experiments include results on a classification problem.
Sunspring
Sunspring is a 2016 experimental science fiction short film entirely written by an artificial intelligence bot using neural networks. It was conceived by BAFTA-nominated filmmaker Oscar Sharp and NYU AI researcher Ross Goodwin and produced by film production company, End Cue along with Allison Friedman and Andrew Swett. It stars Thomas Middleditch, Elisabeth Grey, and Humphrey Ker as three people, namely H, H2, and C, living in a future world and eventually connecting with each other through a love triangle. The script of the film was authored by a recurrent neural network called long short-term memory (LSTM) by an AI bot named Benjamin. Originally made for the Sci-Fi-London film festival's 48hr Challenge, it was released online by technology news website Ars Technica on 9 June 2016. == Premise == Sunspring narrates the story of three people - H (Middleditch), H2 (Grey), and C (Ker) - set in a futuristic world and entangled with murder and love. == Cast == Thomas Middleditch as H Elisabeth Grey as H2 Humphrey Ker as C == Production == Oscar Sharp originally created the film for the 48hr Film Challenge contest of Sci-Fi-London, a film festival which focuses on science fiction. For the challenge, contestants are given a set of prompts (mostly props and lines) that have to appear in a movie they make over the next two days. It eventually contested in the festival and was nominated among the final top ten films Sharp collaborated with his longtime associate Ross Goodwin, an AI researcher in New York University to create the AI bot, which was initially called Jetson. The bot, which later came to call itself Benjamin, wrote the screenplay including stage directions and dialog. The garbled script was then interpreted by Sharp who directed the actors to construe the plot points themselves and enact the play. According to Ars Technica, the final plot turned out to be a tale of romance and murder, set in a dark future world. === Benjamin, the automatic screenwriter === Called the world's first automatic screenwriter, Benjamin is a self-improving LSTM RNN machine intelligence trained on human screenplays conceived by Goodwin and Sharp. It was trained to write the screenplay by feeding it with a corpus of dozens of sci-fi screenplays found online—mostly movies from the 1980s and 90s. == Music == The film contains a song from Brooklyn-based electro-acoustic duo Tiger and Man, with lyrics written by Benjamin using a database of 30,000 folk songs. As well as a score written by composer Andrew Orkin. == Reception == CNet called it "a beautiful, bizarre sci-fi novelty." Critic Amanda Kooser said, "...probably won't start a rush for replacing human screenwriters with machines. Some day, neural networks may get better at imitating the art of coherent storytelling, but we're not there yet. That doesn't mean "Sunspring" isn't entertaining or worthy of viewing. It is. It's a thought experiment come to life, a novelty." As of April 2019, it has surpassed 1 million views on YouTube.
Prequel (mobile application)
Prequel, Inc. is an American technology company and mobile app developer known for developing the Prequel mobile application, which enables editing photos and videos with filters and effects generated using artificial intelligence. Prequel was founded in 2018 by Serge Aliseenko and Timur Khabirov, who currently serves as the company's CEO. It is headquartered in New York City. As of August 2022, it had been downloaded more than 100 million times. == History == In 2016, entrepreneur Timur Khabirov and investor Serge Aliseenko registered a US corporation named AIAR Labs Inc, which was developing AR solutions as an outsourced contractor. Of several proprietary products, Prequel was selected for beta-testing as a product focused on editing photos and videos. In 2018, Prequel was released on the Apple App Store. The launch cost $3 million USD, financed with the founders’ personal funds. The first release included approximately 10 filters for photos and the same amount of effects that augmented images with rose petals, rain and snow, VHS and film reel simulations, glitch, grain, sun puddles, and lomography. By June 2020, the app had also been released for Android. In 2021, Prequel founders Timur Khabirov and Serge Aliseenko launched a venture studio for startups working with artificial, computer vision, and AR-based visual art. In December 2022, Prequel reached the number 14 slot on the global rankings for Apple App Store’s Top Charts and the number 5 slot on the App Store’s U.S. charts. In March 2023, Prequel launched a new app called Artique, which is an AI-powered image editing app for businesses. Artique provides advertising and marketing graphic design using ready-made templates that users can customize, while giving suggestions and visual cues through artificial intelligence. Prequel was also one of the companies participating in discussions about artificial intelligence at SXSW 2023. == Features == Prequel describes its app as an "Aesthetic Pic Editor. The app uses artificial intelligence to create and edit content. Prequel can be used to touch up faces on images and videos and can also tie various decorative elements to certain points on the human body and face. Prequel filters include the "Cartoon" filter, which converts selfies into cartoon-style pictures. Other filters include Kidcore, Dust, Grain, Fisheye, Retro Style, Miami, Disco, and VHS-style filters, as well as the ability to create Renaissance-style pictures. Prequel also gives users the ability to apply color correction tools and to make moving images with 3D effects out of 2D images. Prequel allows users to take photos and videos directly through the app and apply filters and effects in real time. The app also comes with manual editing options for photos, such as adjusting the brightness and/or exposure and cropping photos, as well as an option to automatically apply adjustments. The Prequel app uses the Core ML, MNN, and TFLight frameworks to work with its neural networks. Some AI solutions are launched server-side, and some on the user's mobile device. A resulting photo or video edited with the app is called "a prequel." The app daily generates over 2 million such prequels, which are published by users in Instagram, TikTok, and other social media. As of 2022, the app has more than 800 filters and effects, along with video templates and support for GIFs and stickers. Prequel is free-to-use, but has a premium version that gives users access to more effects, filters, and beauty tools. Since its launch in 2018, Prequel has been downloaded more than 100 million times.
Taylor Swift deepfake pornography controversy
In late January 2024, sexually explicit AI-generated deepfake images of American musician Taylor Swift were proliferated on social media platforms 4chan and X (formerly Twitter). Several artificial images of Swift of a sexual or violent nature were quickly spread, with one post reported to have been seen over 47 million times before its eventual removal. The images led Microsoft to enhance Microsoft Designer's text-to-image model to prevent future abuse. Moreover, these images prompted responses from anti-sexual assault advocacy groups, US politicians, Swifties, and Microsoft CEO Satya Nadella, among others, and it has been suggested that Swift's influence could result in new legislation regarding the creation of deepfake pornography. A similar controversy emerged in August 2025, when The Verge reported AI image and video tool Grok Imagine generated sexually explicit images and videos of Swift from an otherwise innocuous text prompt. == Background == American musician Taylor Swift has been the target of misogyny and slut-shaming throughout her career. American technology corporation Microsoft offers AI image creators called Microsoft Designer and Bing Image Creator, which employ censorship safeguards to prevent users from generating unsafe or objectionable content. Members of a Telegram group discussed ways to circumvent these censors to create pornographic images of celebrities. Graphika, a disinformation research firm, traced the creation of the images back to a 4chan community. == Reactions == For some, the deepfake images of Swift immediately became a source of controversy and outrage. Other internet users found them humorous and absurd, such as the image making it appear as though Swift was to engage in sexual intercourse with Oscar the Grouch. The images drew condemnations from Rape, Abuse & Incest National Network and SAG-AFTRA. The latter group, who had been following issues regarding AI-generated media prior to Swift's involvement, considered the images "upsetting, harmful and deeply concerning." Microsoft CEO Satya Nadella, whose company's products were believed to be used to make these images, responded to the controversy as "alarming and terrible", further stating his belief that "we all benefit when the online world is a safe world." === Taylor Swift === A source close to Swift told the Daily Mail that she would be considering legal action, saying, "Whether or not legal action will be taken is being decided, but there is one thing that is clear: These fake AI-generated images are abusive, offensive, exploitative, and done without Taylor's consent and/or knowledge." === Politicians === White House press secretary Karine Jean-Pierre expressed concern over the counterfeit images, deeming them "alarming", and emphasized the obligation of social media platforms to curb the dissemination of misinformation. Several members of American politics called for legislation against AI-generated pornography. Later in the month, a bipartisan bill was introduced by US senators Dick Durbin, Lindsey Graham, Amy Klobuchar and Josh Hawley. The bill would allow victims to sue individuals who produced or possessed "digital forgeries" with intent to distribute, or those who received the material knowing it was made without consent. The European Union struck a deal in February 2024 on a similar bill that would criminalize deepfake pornography, as well as online harassment and revenge porn, by mid-2027. === Social media platforms === X responded to the sharing of these images on their own website with claims they would suspend accounts that participated in their spread. Despite this, the photos continued to be reshared among accounts of X, and spread to other platforms including Instagram and Reddit. X enforces a "synthetic and manipulated media policy", which has been criticized for its efficacy. They briefly blocked searches of Swift's name on January 27, 2024, reinstating them two days later. === Swifties === Fans of Taylor Swift, known as Swifties, responded to the circulation of these images by pushing the hashtag #ProtectTaylorSwift to trend on X. They also flooded other hashtags related to the images with more positive images and videos of her live performances. == Cultural significance == Deepfake pornography has remained highly controversial and has affected figures from other celebrities to ordinary people, most of whom are women. Journalists have opined that the involvement of a prominent public figure such as Swift in the dissemination of AI-generated pornography could bring public awareness and political reform to the issue.