A new set of documents known as The OpenAI Files claims to reveal troubling internal dynamics at OpenAI and could shape how the world approaches artificial general intelligence (AGI) governance in the years ahead.

An Urgent Moment for AI Oversight

The release comes at a critical juncture. For example, OpenAI CEO Sam Altman has stated publicly that AGI (AI systems capable of performing most human jobs) is likely to arrive within just a few years. In a February 2024 blog post, OpenAI said it was “quite plausible that AI systems will outpace human expert skill levels in most domains within the current decade.”

Such predictions have fuelled both investment and anxiety. This is because, while the potential productivity gains from AGI are vast, so too are the risks, ranging from misinformation and bias to large-scale unemployment or misuse by malicious actors. However, critics argue that the current leading AI companies, including OpenAI, are operating with too little external scrutiny.

That’s where The OpenAI Files come in. Curated by two US-based non-profit watchdog organisations, i.e. The Midas Project and the Tech Oversight Project, the archive aims to fill a growing accountability gap by exposing how OpenAI’s trajectory has diverged from its original non-profit mission.

Who’s Behind the Archive?

The Midas Project and the Tech Oversight Project describe themselves as independent technology watchdogs. Both are known for promoting stronger corporate accountability in Big Tech and for campaigning on issues such as data privacy, algorithmic bias, and monopoly power.

Their collaboration on The OpenAI Files resulted in a publicly accessible dossier of internal documents, board communications, statements, and media coverage. For example, this includes over 10,000 words of commentary and contextual analysis. The goal, according to the Midas Project, is to “shed light on the ethical and governance failures at OpenAI that have broader implications for AI safety and democracy.”

Has OpenAI’s Founding Principle Shifted?

The central claim of the archive is that OpenAI has quietly shifted from its founding principle, i.e. to build AI that benefits all of humanity, to what is essentially a commercial structure prioritising investor returns. For example, in 2015, OpenAI began as a non-profit with a mission to ensure AGI would be “used for the benefit of all.” However, after introducing a capped-profit model in 2019 to attract investment, and launching high-profile partnerships such as the one with Microsoft, critics say the company has become less transparent and more profit-driven.

The archive also revisits the dramatic 2023 ousting (and rapid reinstatement) of CEO Sam Altman by the OpenAI board. Internal tensions reportedly stemmed from disagreements over safety culture and the pace of development. The board’s lack of explanation at the time, followed by a shake-up that brought in pro-growth allies, raised concerns about whether safety was being sidelined.

One former board member, Helen Toner of Georgetown University’s Centre for Security and Emerging Technology, is quoted in the archive alleging that Altman “withheld information” and “gave inaccurate information” to the board—an assertion he denies.

A Playbook for Responsible AI

Despite the retrospective tone of the materials, rather than being like a post-mortem, The OpenAI Files could be seen as more of a call to action. The curators argue that this transparency can inform a better governance model for AGI, and one that includes:

– Independent oversight of frontier AI companies.

– Binding commitments to public benefit.

– Worker and user representation in decision-making.

– Global cooperation on safety research and risk standards.

The Tech Oversight Project notes: “We need robust regulatory guardrails, but we also need a cultural shift—companies building AGI must be accountable to the public, not just shareholders.”

AI Developers and the Public

If adopted, such reforms would significantly alter how OpenAI and its peers operate. For example, developers may face slower release cycles, stricter testing requirements, and mandatory transparency mechanisms. Companies would also need to re-centre their objectives around public interest, which is something OpenAI once championed.

For users and society, these shifts could bring reassurance that powerful AI tools won’t be developed behind closed doors or guided solely by profit. It could also mean better protection against misuse, clearer redress mechanisms, and fairer access to AI-generated benefits such as job creation, medical breakthroughs, or educational access.

As AGI becomes less hypothetical and more imminent, the stakes are getting higher. In its own 2023 governance update, OpenAI acknowledged: “We don’t expect everyone to trust us by default. We plan to earn that trust.” The watchdog groups may agree but also argue that trust must be backed by verifiable commitments, not just promises.

Other Safeguards and Challenges

The archive’s release adds to growing momentum for external safeguards. For example, in the past year, governments and international organisations have stepped up efforts to regulate frontier AI. The UK held the first global AI Safety Summit in 2023, while the EU has finalised its AI Act, a comprehensive legal framework for high-risk systems. In the US, the Biden administration introduced an AI executive order in late 2023 calling for more audits and red-teaming (testing of system vulnerabilities).

There are also proposals from academics and policy experts for third-party licensing bodies, global AI treaties, and mandatory ethics boards inside AI labs.

That said, change won’t be easy. Major tech firms have pushed back against regulation, warning that overreach could stifle innovation. Critics of The OpenAI Files also point out that the documents reflect selective curation, not an exhaustive or balanced record. OpenAI itself has defended its structure, saying the capped-profit model allows it to raise capital while still pursuing safety goals. “We believe strongly in alignment research and broad benefit,” the company wrote in a recent update, adding that it has made safety “a core focus of our technical agenda.”

Even so, the release has clearly struck a nerve, sparking fresh debate over who should shape the future of AI, and on what terms.

What Does This Mean For Your Business?

The timing of The OpenAI Files places added pressure on AI leaders to re-examine not just their business models but their obligations to society. For OpenAI and others pushing towards AGI, transparency and public accountability are essential (not optional) to maintain legitimacy in the eyes of governments, users, and regulators alike. These archives offer a detailed and accessible case study on how corporate structure, leadership decisions, and investor influence can shift priorities away from public interest. Whether companies accept or resist the lessons outlined remains to be seen, but the conversation is clearly changing.

For UK businesses, the implications are wide-reaching. For example, as AI systems become more capable, more embedded, and potentially more autonomous, their influence on supply chains, labour, customer experience, and regulatory exposure will grow. Businesses may welcome AGI’s productivity gains, but only if they feel the technology is being developed responsibly and without hidden risks. Greater clarity on AI safety protocols, decision-making processes, and ethical frameworks could help smaller firms and public sector bodies feel more confident about adoption. It could also influence procurement choices, data handling policies, and the future of work more broadly.

Also, users, whether individuals or employees, may stand to gain or lose the most. For example, a governance framework focused on ethical leadership and shared benefit could help protect against exploitative uses of AI, ensure wider access to new capabilities, and support democratic oversight as systems grow in complexity and power. That would require sustained effort from policymakers, watchdogs, and AI firms alike, as well as a shift away from the current reliance on self-regulation. The OpenAI Files may not offer all the answers, but they appear to provide quite a detailed starting point for anyone serious about building a future where AGI development is guided by more than market momentum.

Scattered Spider, a teenage-led (mainly UK and US-based) hacking group has begun targeting insurance companies, sparking fresh warnings from cyber security experts.

Google’s Threat Intelligence Group (GTIG) confirmed multiple US insurance firms have recently suffered attacks matching the group’s methods. Known for breaching major retailers like M&S and Tiffany, the group uses tactics such as phishing, SIM-swapping, and MFA fatigue to bypass identity checks and helpdesk protocols.

Two incidents in early June, affecting Philadelphia Insurance and Erie Insurance, show the threat is real and growing. GTIG warned that the group tends to focus on one sector at a time, and insurance firms are now clearly in its sights. Experts believe UK providers could be next.

Unlike ransomware gangs, Scattered Spider relies on social engineering to move fast and exploit human error. “They don’t need advanced exploits,” said Jon Abbott, CEO of ThreatAware. “They get in by tricking people – not by breaking software.”

To stay safe, insurers and other businesses should strengthen helpdesk verification, use phishing-resistant MFA, and monitor for unusual login activity. Above all, building a culture of security awareness is essential to stop attackers in their tracks.

A small municipality in Finland is switching off fossil fuels and switching on a new era of green heating, thanks to an innovative sand-based energy storage system.

Pornainen Turns to Thermal Storage to Ditch Oil and Gas

The Finnish town of Pornainen, just over an hour from Helsinki, has become the first community to heat its buildings entirely using a sand battery, officially the world’s largest of its kind. Developed by clean-tech startup Polar Night Energy, the sand-filled system went live in early 2025 and now powers the district heating network serving the town’s 5,000 residents.

Heating Bills Slashed and Fossil Fuels Replaced

Crucially, the project slashes heating emissions by an estimated 70 per cent and replaces imported fossil fuels with stored renewable energy. According to Polar Night Energy’s COO, Liisa Naskali, “This project is a powerful example that effective solutions for mitigating climate change do exist. Combustion is not a sustainable option for the climate or the environment.”

How a Sand Battery Actually Works

At the heart of the system is a 13-metre-tall, 15-metre-wide insulated steel silo filled with 2,000 tonnes of crushed soapstone, an industrial by-product similar to sand. The sand battery stores thermal energy, not electricity. During periods of high renewable electricity availability e.g., such as windy or sunny days, clean power is routed to a resistive air heater, which warms air to around 600°C. That hot air is then circulated through pipes embedded in the sand, storing energy as heat.

How It Works

The silo’s insulation is key and once charged, Polar Night Energy says the sand can retain its high temperature for weeks, or even months, with only minor heat loss. When heating is needed, cooler air is pumped through the silo, absorbing heat from the sand and passing it through a heat exchanger. This warms water for the town’s district heating system, which supplies homes, businesses, and even public buildings such as swimming pools.

Charging the system from ambient temperature takes several days, but in reality, the battery is topped up continually from available surplus energy. This means it rarely cools fully, enabling more efficient long-term performance.

Heating for a Week (Or a Month) On One Charge

The Pornainen sand battery has a power output of around 1 MW and a total energy storage capacity of 100 MWh. Polar Night Energy estimates that’s enough to heat the entire town for a week during winter, or up to a month in summer when demand is lower. In a cold Nordic climate heavily reliant on heating, that’s a significant step.

This installation builds on an earlier, smaller 2022 pilot by the company in Kankaanpää. That earlier model had just one-tenth the capacity of the Pornainen system and served as a proof of concept. Now, Polar Night Energy is scaling up, with further deployments under discussion across Finland and other European nations.

Emissions and Efficiency Gains

According to the town’s heating provider, Loviisan Lämpö, the sand battery will reduce the use of oil by 100 per cent and cut consumption of wood chips (the previous main heat source) by 60 per cent. This is expected to save around 160 tonnes of carbon dioxide emissions per year, a major environmental gain for such a small town.

The battery also contributes to energy security by reducing reliance on imported fossil fuels and improving resilience during energy price spikes. With around 50 per cent of Europe’s final energy consumption still used for heating (most of it fossil-fuel-based), thermal energy storage could play a crucial role in decarbonisation strategies.

Thermal Efficiency Higher Than Chemical Batteries

Round-trip thermal efficiency of the sand battery is reported to be around 85–90 per cent, significantly higher than many chemical battery systems. While it cannot return energy to the grid as electricity (yet), a pilot project is underway to develop a Power-to-Heat-to-Power (P2H2P) version by 2026, which would allow stored heat to be converted back into power during peak demand periods.

Who It’s For?

The sand battery is primarily targeted at district heating providers, industrial users, and large buildings or campuses. Applications include heating water for municipal systems, generating hot air for industrial drying or manufacturing, and producing process steam for sectors such as chemicals, food production, or pharmaceuticals.

It’s also suitable for facilities aiming to participate in grid balancing or reserve energy markets. The system can adjust its charging rate to respond to energy price changes or availability, using AI-based optimisation, an approach developed with telecoms provider Elisa.

Sand Means It’s Scalable

Also, because sand is cheap, abundant, and not in demand for construction, the system is also highly scalable and cost-effective. “We aim to provide a viable alternative to fossil fuels without introducing new dependencies,” said co-founder Markku Ylönen.

Competitors and Comparisons

It’s worth noting here that Polar Night Energy isn’t the only company exploring thermal energy storage. For example, German firm Kraftblock uses a proprietary granulate material to store heat at temperatures of up to 1,300°C for industrial processes. Also, in the US, Antora Energy has developed carbon-block-based thermal storage to power industrial operations, while Siemens Gamesa has experimented with volcanic rock as a medium for grid-scale storage in Hamburg.

However, sand, or in this case, crushed soapstone, offers a unique combination of affordability, local availability, and self-insulating properties. It’s also inert, safe, and non-toxic, making it suitable for use near residential areas.

Compared to lithium-ion batteries, which degrade over time and require mining of critical materials, sand batteries have far lower lifecycle impacts and do not face the same safety concerns. That said, they are limited to heat-based applications and cannot directly power electrical appliances or vehicles.

Challenges and Criticisms

One of the main criticisms of thermal storage systems is that they don’t address all aspects of the energy transition, particularly where electricity, rather than heat, is the end use. Converting heat back into power is possible but involves efficiency losses and greater technical complexity.

There are also infrastructure constraints. Not all towns have district heating networks in place and retrofitting them can be costly and disruptive. In the UK, for example, the dominance of individual gas boilers and a lack of widespread district heating limits immediate applicability.

Another concern is scalability. While sand batteries are modular and cost-effective at medium scale, it remains to be seen whether they can fully replace existing heating systems in large urban areas or high-density cities.

That said, advocates argue that sand batteries are not a silver bullet but a strategic piece of the puzzle. “Of course, we alone cannot solve the whole problem of climate change,” said Liisa Naskali. “But we need different solutions, and our sand battery is one of them.”

What Does This Mean For Your Organisation?

For now, the technology remains most viable in towns or industrial zones with established district heating systems, but its potential reach is growing. As more renewable electricity becomes available and the need for long-duration storage intensifies, thermal solutions like sand batteries are likely to gain traction. What makes Pornainen’s example compelling is that it shows how even a small town can take meaningful climate action using infrastructure that is low-cost, low-maintenance, and relatively simple to integrate.

For UK businesses, particularly those involved in manufacturing, utilities, or large-scale building management, sand-based thermal storage could offer a new route to decarbonisation. While domestic adoption faces barriers due to the limited rollout of district heating, commercial and industrial users may find opportunities to cut fuel costs and emissions by incorporating heat storage alongside renewable generation. Energy-intensive sites with processes that rely on steam or hot air could benefit most immediately, especially where peak demand or volatile energy pricing creates operational risks.

There’s also a clear advantage in terms of supply chain resilience. For example, by using abundant, non-toxic materials and sidestepping the rare minerals used in conventional batteries, sand storage avoids many of the geopolitical and environmental concerns linked to lithium and cobalt. Also, for those designing future-ready infrastructure, the option to add electricity recovery later may future-proof investments made today.

While sand batteries won’t replace all forms of energy storage, they do challenge the assumption that high-tech solutions must always rely on complex chemistry or cutting-edge electronics. In an energy landscape that needs diversity and flexibility, simplicity might turn out to be one of the most powerful tools we have.

Gamma can be particularly helpful for PowerPoint users by offering a streamlined way to generate visually appealing slides and content, even from an existing PowerPoint presentation. It simplifies the design and formatting process, allowing users to focus on the content and message.

[Note – To Watch This Video without glitches/interruptions, It may be best to download it first]

Clipboard history makes copying and pasting quicker, but it can also store sensitive info you may not want to leave behind.

How to Enable:

– Press Windows + V, then select ‘Turn on’.

How to Clear History:

– Press Windows + V, click ‘Clear all’.
– Or go to Settings > System > Clipboard and click ‘Clear’.

What it’s for:

Makes copying multiple items easy while allowing you to erase any private or confidential items in seconds.

Pro‑Tip: Clipboard history clears automatically on restart (unless you’ve pinned items) but clearing manually adds extra peace of mind.

A major new study has revealed that 78 per cent of (US) public sector organisations are still operating with serious, unresolved software security flaws, some of which have persisted for over five years.

Report Uncovers Widespread “Security Debt”

The findings come from US-based application risk management firm Veracode’s Public Sector State of Software Security 2025 report, released on 11 June. Based on an analysis of over 1.3 million software applications and 126 million security findings, the research highlights the extent to which government organisations in the US are falling behind on basic software vulnerability management.

According to the report, a massive 78 per cent of (US) public sector bodies are running with unresolved flaws that have remained open for more than a year, a situation Veracode refers to as “security debt”. In more than half of these organisations, the report identifies critical vulnerabilities with high risk potential that have still not been addressed.

Fixing Flaws Takes Far Longer in Government

One of the clearest indicators of the public sector’s struggle appears to be the time it takes to resolve these software issues. For example, the report shows that government bodies take an average of 315 days to fix just half of their identified software vulnerabilities. This is far higher than the cross-industry average of 252 days, which is already considered too slow by many cybersecurity experts.

That 63-day gap may sound modest, but Veracode warns it opens up a significant attack window. This is because these flaws, often in applications delivering essential services, could be exploited by attackers for months at a time. In some cases, flaws are left unresolved for multiple years. As the report shows, around one-third of vulnerabilities in US government software remain unpatched even after two years, and 15 per cent are still unresolved after five.

Chris Wysopal, Chief Security Evangelist at Veracode, described the situation as a systemic failure to keep pace with risk, saying: “Many government organisations are facing growing challenges in keeping up with vulnerability remediation, potentially leaving critical systems and data that run essential government services exposed.”

Which Public Sector Organisations?

The report encompasses a wide range of public sector bodies, including US federal, regional, and local government departments, as well as agencies responsible for education, healthcare, law enforcement, and infrastructure. While the specific organisations are not named, the findings indicate a sector-wide problem that spans multiple tiers of government.

Public-facing applications and internal administrative systems are both affected, with legacy software and fragmented IT infrastructure frequently cited as contributing factors. The report also shows that larger and more complex organisations tend to perform worse, particularly where digital transformation has lagged.

Is the UK Public Sector Facing the Same Risks?

Although Veracode’s report focuses specifically on the US, many of the challenges it identifies appear to be mirrored in the UK.

For example, according to a recent National Audit Office (NAO) report, 58 critical UK government IT systems still have significant cyber-resilience gaps, with 228 legacy systems running without full knowledge of their vulnerabilities. The NAO also highlighted that one in three cybersecurity roles in government remains vacant or is filled by temporary staff, suggesting a widespread skills shortage similar to that seen in the US.

Also, recent cyber incidents have highlighted the risks. For example, back in May, a breach at the Legal Aid Agency exposed the personal data of over 2 million individuals. The British Library and parts of the NHS have also suffered serious service disruptions due to ransomware attacks, often linked to outdated infrastructure.

Unlike Veracode’s report, there is currently no published UK data showing the average time it takes public sector bodies to fix software vulnerabilities. However, the reliance on legacy systems, combined with under-resourced security teams and a reactive approach to patching, strongly suggests that vulnerability resolution timelines in the UK are also prolonged.

That said, the UK Government has begun taking steps to address the issue. For example, a new Cyber Security and Resilience Bill is set to tighten breach reporting requirements and enhance supply chain security. Also, the NCSC’s GovAssure programme is now auditing critical departments, and £1 billion has been pledged to improve cyber capacity across public services. However, progress has been slow, and experts have raised concerns about how effectively these initiatives are being implemented.

In the absence of specific figures, it remains difficult to compare the scale of UK security debt directly with the US, however the warning signs are there and the structural issues look strikingly familiar.

Open Source and Third-Party Code a Major Weak Point

While most flaws are found in first-party applications, it seems that the most dangerous and persistent problems come from open-source and third-party code. Interestingly, although these components make up less than 10 per cent of total public sector software, they account for 70 per cent of the critical security debt in government systems.

To make matters worse, flaws in third-party code take around 50 per cent longer to fix than those in software developed internally. As organisations increasingly rely on open-source libraries and packages, this gap presents a growing threat.

“This disproportionate risk highlights the importance of securing software supply chains and carefully vetting open-source dependencies,” said Wysopal. “Without extending visibility and remediation efforts beyond internal code, public sector entities risk leaving the most dangerous flaws unaddressed.”

Some Agencies Are Far Ahead of Others

The report appears to highlight a stark disparity between the best and worst performing organisations. In the top 25 per cent of public sector bodies, just one-third of applications contain flaws. These leading agencies resolve half of their issues within 3.3 months and manage to fix over 9 per cent of flaws per month. The report shows that by contrast, the worst 25 per cent have flaws in every application tested, with less than 0.1 per cent fixed each month and average remediation times exceeding 11 months.

Wysopal highlights how this gap raises serious questions about leadership, resource allocation, and operational culture across the public sector, saying: “The disparity between top and bottom-performing government organisations is striking and raises important questions about the factors that make a material difference to security posture.”

What’s Causing the Problem?

The report suggests a number of causes behind the growing backlog. These include underinvestment in software development security (AppSec) tools, overreliance on legacy systems, and a lack of skilled personnel to address vulnerabilities at scale.

Another issue is that vulnerability scanning is often performed late in the development lifecycle, when flaws are more costly and time-consuming to fix. Without ongoing analysis and integration into development workflows, issues tend to accumulate and are eventually deprioritised due to competing pressures.

Compounding this appears to be the rapid adoption of AI-generated code. While generative AI can speed up development, it can also introduce subtle but serious vulnerabilities if not properly reviewed. Veracode warns that comprehensive open-source analysis is more essential than ever to prevent hidden flaws from slipping through.

How Can Public Sector Bodies Respond?

Veracode is urging public sector organisations to modernise their approach by adopting risk-based remediation strategies and automating more of the security process. Key recommendations include:

– Implementing context-driven security posture management, which prioritises the most exploitable vulnerabilities using insights from multiple tools and data sources.

– Establishing continuous scanning, integrated into the full development lifecycle, so that flaws are caught earlier and fixed faster.

– Supporting developer enablement, giving teams the training and tools they need to identify and address issues proactively.

According to the report, the most effective and cost-efficient way to reduce security debt is to prevent it from accumulating in the first place.

Risks for the Public, Service Delivery, and Compliance

While the problem is technical in nature, the impact appears to extend far beyond IT departments. For example, vulnerabilities in public sector software can put sensitive public data at risk, disrupt essential services, and erode public trust. In sectors like healthcare and social services, the consequences of a breach could be devastating.

There are also compliance implications. For example, governments are increasingly subject to cybersecurity regulations requiring evidence of secure coding practices and risk mitigation. Persistent security debt may put some organisations in breach of data protection obligations or national security protocols.

A Complex Challenge, but Improvement Is Possible

Despite the bleak statistics, Veracode’s analysis makes clear that progress is achievable and that top-performing agencies prove that meaningful improvement can be made with the right strategy, investment, and organisational buy-in.

The challenge now appears to be for lagging organisations to assess their security maturity, identify the operational and cultural blockers to faster remediation, and make the structural changes needed to reduce their exposure to risk.

What Does This Mean For Your Business?

For governments, the consequences of inaction are no longer theoretical. The exposure created by slow patching and ageing systems is already being exploited by cybercriminals. Also, for the public, the stakes are growing, whether through data loss, service disruption, or erosion of trust in digital government services. What Veracode’s report makes clear is that the organisations getting this right are not doing so through luck or scale, but through deliberate prioritisation and operational focus.

In the UK, many of the same systemic issues are clearly visible. Critical infrastructure is still running on unsupported legacy platforms, key security roles remain unfilled, and cyber incidents linked to outdated systems are becoming more frequent. Without hard data on vulnerability resolution times or the extent of open-source debt, public sector bodies are left guessing where their greatest risks lie and how they compare to their peers.

This gap also affects the wider network of software vendors and contractors. UK businesses that supply the public sector will need to meet rising expectations around security assurance and may face tighter scrutiny as new legislation and procurement rules come into force. At the same time, private sector organisations can use these findings as a benchmark, both to avoid the same mistakes and to identify opportunities to lead in secure development practices.

The core message here is that software risk is measurable, manageable, and no longer optional. Delays in addressing known flaws are not just a technical lapse but an operational liability, with real consequences for services, compliance, and reputation. Whether in the US or UK, the longer these gaps are left open, the harder and costlier they become to close.