An on-device agent with screen-reading permissions and a browser automation handle, was shipped to the Play Store with no announcement, then yanked. The accessibility API is the privilege escalation surface that malware has abused on Android for a decade. Now it is the foundation for a proactive assistant?
But seriously, when I hear Google margins are way up on AI replacing human workers, I see this.
Released.
Pulled.
Five hours.
COSMO uses Android’s AccessibilityService API to read the screen, then triggers proactive “Skills” based on what it sees: Document Writer, Calendar Event Suggester, Browser Agent (Mariner), Deep Research, Recall, Conversation Summary, People/Event Understanding.
Read the screen. Apply intelligence. Report back. Decades ago that’s exactly how I was doing investigations on Windows machines, which fed to prosecutions. The market called it parental monitoring software back then, deceptively. Today it’s your friendly screen watching research assistant, apparently. Not even a parental authority claim is needed anymore?
The package name is com.google.research.air.cosmo, listed as “an experimental AI assistant application for Android devices,” shipped from Google Research but pushed through the company’s main Play Store account.
Best take on this is AI coded a thing that is very bad, and then AI prematurely released it.
You don’t want to know the worst take.
What COSMO actually demonstrates is that the distinction between malware and assistant is none. Call it a double agent. The only distinction, by design, is captured by the one who benefits from blurring it. We trust Google not to abuse user data. That is the entire security model. There is no technical control behind the trust. There should be no trust.
A little lawyer bird tells me the app already is breaking the law.
Iran clearly has not been defeated, and is in a better position than before the war.
American bases, now referred to as “Trump’s Sitting Ducks” are exposed as undefended. The most rare and expensive American intelligence assets have been destroyed by inexpensive Iranian drones using Chinese and Russian targeting systems. Stockpiles are exhausted, forcing America to claim it is the one blocking Hormuz and suing for peace. The American allies are insulted and pivoting to other partners.
Notably, Trump had announced he would pull 12,000 troops from Germany in 2020. That didn’t happen so he’s now back again, saying he will pull 5,000 to make a political point. It’s really a confession that Trump just improvises punishment, to fake looking like a strong man, instead of coming up with any strategy. Germany knows history, and why Mussolini was never a good advisor.
“We really don’t need any advice from Donald Trump right now. He should see the mess he’s made. He should make sure that serious peace talks are now being held in Iran,” Klingbeil said at a Labor Day event in Bergkamen in the Ruhr region.
February 22 I explained the strategic bankruptcy that would land in failure. February 28 I explained the objectives couldn’t be reached. This was all entirely predictable because we know Trump business deals are about going bankrupt.
Trump Steaks. Trump University. Trump Vodka. Trump Airlines. Trump Mortgage. Trump Casinos six times. The man is still the same crook: announce some “dream” venture with maximum spectacle, extract value during operation, default on obligations, blame counterparties, walk away leaving creditors and partners holding the bag. The Iran war and the Germany posture are sovereign assets instead of the tacky branded merchandise nobody is buying.
Look at how American bases were built as forward projection, and used to have value. They now are embarrassing collateral Trump cannot defend or reposition. This is just like his casinos that he kept operating empty and silent past insolvency because admitting anything and closing them would crystallize his massive losses.
Saudi Arabia opening to Tehran? That’s huge. UAE hedging through Beijing? Trump is cooked. UK refusing the air bases for the strikes? Stunning. Merz saying Trump can’t handle the job? These are people who recognize the workout phase of Trump’s repeating reputation is about suckers getting sucked in. The bankruptcy filing is not worth waiting for. They are filing claims and diversifying because Trump is being a Trump.
No objective, no allies, no defensible posture, no authorization, no exit. The question is who will absorb all the Trump loss so he can carry on again claiming it was his greatest success. 5,000 troops pulled from Germany are a symptom, even if he failed to pull twice that amount as he had threatened. The pattern says Trump will soak the same parties who absorbed the losses on every other Trump venture: workers, partners, taxpayers, and anyone who allowed his brand to run at face value. Of course he’s picking fights to maximize damage, like a dictator in decline, while pulling out and backing down.
Germany knows its own history.
Bankruptcy is how Trump loots a company. Dictatorship is how he loots a country. Same crook, bigger collateral, more tragic end.
Update:
Trump announced it’s treasonous to admit defeats, as if channeling Hitler, the exact opposite of WWII victory.
If the Allies could openly admit defeats, it was believed [by Nazi listeners], they must be extremely confident, convinced of their eventual victory over Nazi Germany.
As a disinformation historian, I recognize the game. He labels anyone with standing to assess military outcomes as “radical” and partisan. The people documenting the loss are disqualified by him from naming it. Accusation is his confession; projection his policy.
Satellite imagery is revealing “unprecedented” destruction of U.S. military bases and equipment in the war with Iran.
At least 16 American military sites have been damaged in Iranian strikes, making up the majority of US positions in the Middle East, a new CNN investigation can reveal. The damage includes high-value targets, raising questions about America’s footprint…
The U.S. is now seen as a “sitting duck” in the region, as countries hosting these bases look for better partners. Note the dates and compare them to Hegseth’s statements about status.
Source: CNNAmerica’s “irreplaceable” Boeing E-3 AWACS Sentry in Saudi Arabia, destroyed by inexpensive Iranian Shahed drone. Source: BBC/CNN
The Ukrainian defense forces know exactly how to defend against these attacks. Yet when America desperately needed Ukrainian aid, it instead saw J.D. Vance push Ukraine away.
JD Vance brags about halting Ukraine aid — sources say he’s not just talking, he’s driving policy
The results of throwing themselves into a war they can’t win are perhaps beginning to land on Trump and Vance.
“Defense lobbyists are not going to pay themselves”
Newsflash! AES-128 holds up against quantum computers.
Filippo Valsorda took a walk through the math last week. Ok, but we already knew that NIST treats AES-128 as the Category 1 benchmark by definition, and BSI recommends AES-128. Outside CNSA 2.0, no compliance regime requires moving off AES-128, and CNSA 2.0’s AES-256 mandate is for uniform Top Secret protection, not Grover resistance.
Not exactly news after all, I guess. Alas, since I have been probing the Internet for a long while now, I can tell you what’s been really happening with AES key sizes out there related to post-quantum key exchange.
For example, hosts that only negotiate AES-128 adopted PQC come in at a respectable 48%. Compare that with hosts that only negotiate AES-256 and you see PQC drop off a cliff to 6%. The hosts that accept either one sit at 0%. Some of these may be cautious operators waiting for validated implementations, but the TLS 1.2-era cipher pinning pattern is visible in the configs.
I think it’s reasonable to say that we should expect the AES-256 population to be at least comparable, or even better than AES-128. Someone who specified a stronger symmetric cipher might also have taken the trouble to deploy hybrid key exchange. Well, I’m here to tell you the data says otherwise. Clearly the AES-256-only crowd are the worst-prepared for PQ.
It’s detailed on the pqprobe blog. The short version is that AES-128-GCM in a TLS 1.3 suite is mostly a marker of being behind a CDN, and the CDNs are also where ML-KEM has been deployed since 2024. The AES-256-only configs appear to be older server-side preference lists from the TLS 1.2 era that pinned AES-256 alongside classical key exchange and never got revisited.
That’s another way of saying AES-256-only hosts are legacy, and haven’t updated their TLS config in years. They picked AES-256 back when dinosaurs roamed the networks and locked everything else in alongside it: the key exchange, the curve, the signature algorithm. They got the symmetric cipher right and went extinct before Shor said he doesn’t care about the symmetric cipher.
If you have AES-256 pinned somewhere in your stack, that is fine on its own. The question is what else got pinned in the same file. The PQC adoption number I’m probing for that population is barely registering. The hosts falling behind while using AES-256 to be ahead, got there by leaving everything else alone.
Bell bottoms were also forward-looking once. Space age, mod, the future. Then they became the thing you point at to date a photograph.
