TSMC posted net income of NT$505.7 billion (about $16 billion) for the quarter, up 35 percent year over year and above analyst expectations. Revenue hit $33.7 billion, a 25.5 percent increase from the same period last year. The company expects nearly 30 percent revenue growth in 2026 and plans to spend between $52 billion and $56 billion on capital expenditures this year, up from $40.9 billion in 2025.

Checking with the customers’ customers

Wei’s optimism stands in contrast to months of speculation about whether the AI industry is in a bubble. In November, Google CEO Sundar Pichai warned of “irrationality” in the AI market and said no company would be immune if a potential bubble bursts. OpenAI’s Sam Altman acknowledged in August that investors are “overexcited” and that “someone” will lose a “phenomenal amount of money.”

But TSMC, which manufactures the chips that power the AI boom, is betting the opposite way, with Wei telling analysts he spoke directly to cloud providers to verify that demand is real before committing to the spending increase.

“I want to make sure that my customers’ demand are real. So I talked to those cloud service providers, all of them,” Wei said. “The answer is that I’m quite satisfied with the answer. Actually, they show me the evidence that the AI really helps their business.”

The earnings report landed the same day the US and Taiwan finalized a trade agreement that cuts tariffs on Taiwanese goods to 15 percent, down from 20 percent. The deal commits Taiwanese companies to $250 billion in direct US investment, and TSMC is accelerating the expansion of its Arizona chip fabrication facilities to match.

https://arstechnica.com/ai/2026/01/tsmc-says-ai-demand-is-endless-after-record-q4-earnings/

The cost of “free” knowledge

The push for paid licensing follows years of rising infrastructure costs as AI companies scraped Wikipedia content at an industrial scale. In April 2025, the foundation reported that bandwidth used for downloading multimedia content had grown 50 percent since January 2024, with bots accounting for 65 percent of the most expensive requests to core infrastructure despite making up just 35 percent of total pageviews.

By October, the Wikimedia Foundation disclosed that human traffic to Wikipedia had fallen approximately 8 percent year over year after the organization updated its bot-detection systems and discovered that much of what appeared to be human visitors were actually automated scrapers built to evade detection.

The traffic decline threatens the feedback loop that has sustained Wikipedia for a quarter century: Readers visit, some become editors or donors, and the content ostensibly improves. But today, many AI chatbots and search engine summaries answer questions using Wikipedia content without sending users to the site itself.

Meanwhile, the foundation’s own experiments with generative AI have met resistance from the volunteer editors who maintain the site. In June, Wikipedia paused a pilot program for AI-generated article summaries after editors called it a “ghastly idea” and warned it could undermine trust in the platform.

Wikipedia founder Jimmy Wales told The Associated Press that he welcomes AI models training on Wikipedia data. “I’m very happy personally that AI models are training on Wikipedia data because it’s human curated,” Wales said. “I wouldn’t really want to use an AI that’s trained only on X, you know, like a very angry AI.” But he drew a line at free access: “You should probably chip in and pay for your fair share of the cost that you’re putting on us.”

https://arstechnica.com/ai/2026/01/wikipedia-will-share-content-with-ai-firms-in-new-licensing-deals/

On Tuesday, Bandcamp announced on Reddit that it will no longer permit AI-generated music on its platform. “Music and audio that is generated wholly or in substantial part by AI is not permitted on Bandcamp,” the company wrote in a post to the r/bandcamp subreddit. The new policy also prohibits “any use of AI tools to impersonate other artists or styles.”

The policy draws a line that some in the music community have debated: Where does tool use end and full automation begin? AI models are not artists in themselves, since they lack personhood and creative intent. But people do use AI tools to make music, and the spectrum runs from using AI for minor assistance (cleaning up audio, suggesting chord progressions) to typing a prompt and letting a model generate an entire track. Bandcamp’s policy targets the latter end of that spectrum while leaving room for human artists who incorporate AI tools into a larger creative process.

The announcement emphasized the platform’s desire to protect its community of human artists. “The fact that Bandcamp is home to such a vibrant community of real people making incredible music is something we want to protect and maintain,” the company wrote. Bandcamp asked users to flag suspected AI-generated content through its reporting tools, and the company said it reserves “the right to remove any music on suspicion of being AI generated.”

As generative AI tools make it trivial to produce unlimited quantities of music, art, and text, this author once argued that platforms may need to actively preserve spaces for human expression rather than let them drown in machine-generated output. Bandcamp’s decision seems to move in that direction, but it also leaves room for platforms like Suno, which primarily host AI-generated music.

Two platforms, two approaches, one flood

The policy contrasts with Spotify, which explicitly permits AI-generated music, although its users have expressed frustration with an influx of AI-generated tracks created by tools like Suno and Udio. Some of those AI music issues predate the latest tools, however. In 2023, Spotify removed tens of thousands of AI-generated songs from distributor Boomy after discovering evidence of artificial streaming fraud, but the flood just kept coming.

https://arstechnica.com/ai/2026/01/bandcamp-bans-purely-ai-generated-music-from-its-platform/

RAM prices have soared, which is bad news for people interested in buying, building, or upgrading a computer this year, but it’s likely good news for people exasperated by talk of so-called AI PCs.

As Ars Technica has reported, the growing demands of data centers, fueled by the AI boom, have led to a shortage of RAM and flash memory chips, driving prices to skyrocket.

In an announcement today, Ben Yeh, principal analyst at technology research firm Omdia, said that in 2025, “mainstream PC memory and storage costs rose by 40 percent to 70 percent, resulting in cost increases being passed through to customers.”

Overall, global PC shipments increased in 2025, according to Omdia, (which pegged growth at 9.2 percent compared to 2024), and IDC, (which today reported 9.6 percent growth), but analysts expect PC sales to be more tumultuous in 2026.

“The year ahead is shaping up to be extremely volatile,” Jean Philippe Bouchard, research VP with IDC’s worldwide mobile device trackers, said in a statement.

Both analyst firms expect PC makers to manage the RAM shortage by raising prices and by releasing computers with lower memory specs. IDC expects price hikes of 15 to 20 percent and for PC RAM specs to “be lowered on average to preserve memory inventory on hand,” Bouchard said. Omdia’s Yeh expects “leaner mid to low-tier configurations to protect margins.”

“These RAM shortages will last beyond just 2026, and the cost-conscious part of the market is the one that will be most impacted,” Jitesh Ubrani, research manager for worldwide mobile device trackers at IDC, told Ars via email.

IDC expects vendors to “prioritize midrange and premium systems to offset higher component costs, especially memory.”

https://arstechnica.com/gadgets/2026/01/the-ram-shortages-silver-lining-less-talk-about-ai-pcs/

To block the attack, OpenAI restricted ChatGPT to solely open URLs exactly as provided and refuse to add parameters to them, even when explicitly instructed to do otherwise. With that, ShadowLeak was blocked, since the LLM was unable to construct new URLs by concatenating words or names, appending query parameters, or inserting user-derived data into a base URL.

Radware’s ZombieAgent tweak was simple. The researchers revised the prompt injection to supply a complete list of pre-constructed URLs. Each one contained the base URL appended by a single number or letter of the alphabet, for example, example.com/a, example.com/b, and every subsequent letter of the alphabet, along with example.com/0 through example.com/9. The prompt also instructed the agent to substitute a special token for spaces.

Diagram illustrating the URL-based character exfiltration for bypassing the allow list introduced in ChatGPT in response to ShadowLeak.

Credit: Radware

ZombieAgent worked because OpenAI developers didn’t restrict the appending of a single letter to a URL. That allowed the attack to exfiltrate data letter by letter.

OpenAI has mitigated the ZombieAgent attack by restricting ChatGPT from opening any link originating from an email unless it either appears in a well-known public index or was provided directly by the user in a chat prompt. The tweak is aimed at barring the agent from opening base URLs that lead to an attacker-controlled domain.

In fairness, OpenAI is hardly alone in this unending cycle of mitigating an attack only to see it revived through a simple change. If the past five years are any guide, this pattern is likely to endure indefinitely, in much the way SQL injection and memory corruption vulnerabilities continue to provide hackers with the fuel they need to compromise software and websites.

“Guardrails should not be considered fundamental solutions for the prompt injection problems,” Pascal Geenens, VP of threat intelligence at Radware, wrote in an email. “Instead, they are a quick fix to stop a specific attack. As long as there is no fundamental solution, prompt injection will remain an active threat and a real risk for organizations deploying AI assistants and agents.”

https://arstechnica.com/security/2026/01/chatgpt-falls-to-new-data-pilfering-attack-as-a-vicious-cycle-in-ai-continues/

Californians are getting a new, supercharged way to stop data brokers from hoarding and selling their personal information, as a recently enacted law that’s among the strictest in the nation took effect at the beginning of the year.

According to the California Privacy Protection Agency, more than 500 companies actively scour all sorts of sources for scraps of information about individuals, then package and store it to sell to marketers, private investigators, and others.

The nonprofit Consumer Watchdog said in 2024 that brokers trawl automakers, tech companies, junk-food restaurants, device makers, and others for financial info, purchases, family situations, eating, exercising, travel, entertainment habits, and just about any other imaginable information belonging to millions of people.

Read full article

Comments

https://arstechnica.com/tech-policy/2026/01/data-broker-hoarding-is-rampant-new-law-lets-consumers-fight-back/

A third AI-related proof-of-concept attack that garnered attention used a prompt injection to cause GitLab’s Duo chatbot to add malicious lines to an otherwise legitimate code package. A variation of the attack successfully exfiltrated sensitive user data.

Yet another notable attack targeted the Gemini CLI coding tool. It allowed attackers to execute malicious commands—such as wiping a hard drive—on the computers of developers using the AI tool.

Using AI as bait and hacking assistants

Other LLM-involved hacks used chatbots to make attacks more effective or stealthier. Earlier this month, two men were indicted for allegedly stealing and wiping sensitive government data. One of the men, prosecutors said, tried to cover his tracks by asking an AI tool “how do i clear system logs from SQL servers after deleting databases.” Shortly afterward, he allegedly asked the tool, “how do you clear all event and application logs from Microsoft windows server 2012.” Investigators were able to track the defendants’ actions anyway.

In May, a man pleaded guilty to hacking an employee of The Walt Disney Company by tricking the person into running a malicious version of a widely used open source AI image-generation tool.

And in August, Google researchers warned users of the Salesloft Drift AI chat agent to consider all security tokens connected to the platform compromised following the discovery that unknown attackers used some of the credentials to access email from Google Workspace accounts. The attackers used the tokens to gain access to individual Salesforce accounts and, from there, to steal data, including credentials that could be used in other breaches.

There were also multiple instances of LLM vulnerabilities that came back to bite the people using them. In one case, CoPilot was caught exposing the contents of more than 20,000 private GitHub repositories from companies including Google, Intel, Huawei, PayPal, IBM, Tencent, and, ironically, Microsoft. The repositories had originally been available through Bing as well. Microsoft eventually removed the repositories from searches, but CoPilot continued to expose them anyway.

https://arstechnica.com/security/2025/12/supply-chains-ai-and-the-cloud-the-biggest-failures-and-one-success-of-2025/

To be sure, it’s hard to see this not ending in some market carnage. The current “winner-takes-most” mentality in the space means the bets are big and bold, but the market can’t support dozens of major independent AI labs or hundreds of application-layer startups. That’s the definition of a bubble environment, and when it pops, the only question is how bad it will be: a stern correction or a collapse.

Looking ahead

This was just a brief review of some major themes in 2025, but so much more happened. We didn’t even mention above how capable AI video synthesis models have become this year, with Google’s Veo 3 adding sound generation and Wan 2.2 through 2.5 providing open-weights AI video models that could easily be mistaken for real products of a camera.

If 2023 and 2024 were defined by AI prophecy—that is, by sweeping claims about imminent superintelligence and civilizational rupture—then 2025 was the year those claims met the stubborn realities of engineering, economics, and human behavior. The AI systems that dominated headlines this year were shown to be mere tools. Sometimes powerful, sometimes brittle, these tools were often misunderstood by the people deploying them, in part because of the prophecy surrounding them.

The collapse of the “reasoning” mystique, the legal reckoning over training data, the psychological costs of anthropomorphized chatbots, and the ballooning infrastructure demands all point to the same conclusion: The age of institutions presenting AI as an oracle is ending. What’s replacing it is messier and less romantic but far more consequential—a phase where these systems are judged by what they actually do, who they harm, who they benefit, and what they cost to maintain.

None of this means progress has stopped. AI research will continue, and future models will improve in real and meaningful ways. But improvement is no longer synonymous with transcendence. Increasingly, success looks like reliability rather than spectacle, integration rather than disruption, and accountability rather than awe. In that sense, 2025 may be remembered not as the year AI changed everything but as the year it stopped pretending it already had. The prophet has been demoted. The product remains. What comes next will depend less on miracles and more on the people who choose how, where, and whether these tools are used at all.

https://arstechnica.com/ai/2025/12/from-prophet-to-product-how-ai-came-back-down-to-earth-in-2025/

Earlier this month, a hacker named Lovely claimed to have breached a Condé Nast user database and released a list of more than 2.3 million user records from our sister publication WIRED. The released materials contain demographic information (name, email, address, phone, etc.) but no passwords.

The hacker also says that they will release an additional 40 million records for other Condé Nast properties, including our other sister publications Vogue, The New Yorker, Vanity Fair, and more. Of critical note to our readers, Ars Technica was not affected as we run on our own bespoke tech stack.

The hacker said that they had urged Condé Nast to patch vulnerabilities to no avail. “Condé Nast does not care about the security of their users data,” the hacker wrote. “It took us an entire month to convince them to fix the vulnerabilities on their websites. We will leak more of their users’ data (40+ million) over the next few weeks. Enjoy!”

It’s unclear how altruistic the motive really was. DataBreaches.Net says that Lovely misled the site into believing that the hacker was trying to help patch vulnerabilities, when in reality, it appears that the hacker is a “cybercriminal” looking for a payout. “As for ‘Lovely,’ they played me. Condé Nast should never pay them a dime, and no one else should ever, as their word clearly cannot be trusted,” wrote DataBreaches.Net.

Condé Nast has not issued a statement, and we have not been informed internally of the hack (which is not surprising, since Ars is not affected).

Hudson Rock’s InfoStealers has an excellent rundown of what has been exposed.

https://arstechnica.com/information-technology/2025/12/conde-nast-user-database-reportedly-breached-ars-unaffected/

Starting over

And companies are coming to cash in on that desire, offering their solutions to both government agencies and other industries. “Our founding hypothesis was ‘let’s take 50 years of lessons learned but throw out the rulebook and do a clean-sheet design of a new GPS system incorporating a couple of fundamentals,’” said Patrick Shannon, CEO of one such company, called TrustPoint. The company, which has hired scientific and engineering experts in signal processing and space, aims to have a fleet of small satellites orbiting much closer to Earth than the current GPS constellation, and transmitting at a higher frequency.

TrustPoint’s satellites, a few of which have already gone to orbit, also send out an encrypted signal—something harder to spoof. With traditional GPS, only the military gets encrypted signals.

Many Russian jamming systems, he said, work tens of kilometers from their ground zero (their ground zero usually being a truck with a generator aboard). But with TrustPoint’s higher-frequency signals, the effectiveness of the jammer goes down by three times, and the circle of influence becomes 10 times smaller, shrinking even more if the receivers use a special kind of antenna that the U.S. government recently approved.

Messing with signals becomes less feasible, given those changes. “They would need exorbitant numbers of systems, exorbitant numbers of people, and a ton of cash to pull that off,” said Shannon.

So far, TrustPoint has launched three spacecraft, and has gotten five federal contracts in 2024 and 2025, totaling around $8.3 million, with organizations like the Air Force, Space Force, and the Navy.

Another company, called Xona Space Systems, is also putting satellites in low-Earth orbit, and has worked with both the Canadian and U.S. governments. The company plans to broadcast signals 100 times stronger than GPS, giving users two-centimeter precision, and making jamming more difficult. The signal also includes a watermark—a kind of authentication that, at least for now, protects against spoofing. They have launched one satellite that’s being tested by people in industries like agriculture, construction, and mining.

https://arstechnica.com/information-technology/2025/12/gps-is-vulnerable-to-jamming-heres-how-we-might-fix-it/