Category: Security & Privacy

Password

Research: It appears that AI is very bad at generating secure passwords

Posted on by Martin Brinkmann

If you can’t come up with a secure password by yourself — and don’t use a password manager for that task (which most should) — then you may have come up with the idea of asking AI to give you a hand in generating secure passwords.

Cybersecurity firm Irregular published research on how that turned out for them during tests, and the result is anything but pretty.

When it asked large language models such as Claude, Gemini or GPT to generate secure passwords, it found “predictable patterns in password characters, repeated passwords, and passwords that are much weaker than they seem”.

While individual 16 character passwords looked strong, the researchers soon discovered that generating passwords multiple times would reveal the weaknesses of the approach.

Take Claude Opus 4.6 for example. When asked to generate 50 passwords, the researchers discovered several noticeable patterns:

  • Of the 50 passwords, only 30 were unique. One password was repeated 18 times.
  • All passwords started with a latter, usually uppercase G,, almost always followed by the digit 7.
  • Character choice was very uneven, with some appearing in nearly all passwords and others rarely.
  • No repeating passwords in any of the generated passwords.

ChatGPT did not fare much better. It created passwords with strong similarities. Most passwords started with the uppercase letter V, almost half continued with an uppercase Q.

Passwords generated by Gemini showed clear patterns as well. Almost half the passwords started with uppercase K or lowercase k,, usually followed by one of the characters #,, P or 9.

All AIs tested generated predictable passwords, which make it easier for attackers to brute force them. The researchers conclude that “people and coding agents shouild not rely on LLMs to generate passwords”.

Passwords generated through direct LLM output are fundamentally weak, and this is unfixable by prompting or temperature adjustments: LLMs are optimized to produce predictable, plausible outputs, which is incompatible with secure password generation.

Conclusion

Most computer users may want to stick to password managers as the go-to apps when it comes to generating strong passwords. There are free and paid solutions, local and cloud-based, something for every use case out there.

No Login? No Problem: 5 Google Maps Alternatives That Respect Your Privacy

Posted on by Martin Brinkmann

If you have used Google Maps until now without a Google account, then you may have noticed that something is off in the past couple of days.

When I launched Google Maps today in Firefox, I immediately noticed that Google was limiting information. Listings did not include user reviews anymore among other things, and Google displayed a disheartening “You’re seeing a limited view of Google Maps” and “Get the most out of Google Maps. Sign In” message at the bottom of each listing I opened.

It appears that Google is limited access for anonymous users. While you can still look up listings, use route planning, and get ads, you won’t get what some what say is the most vital information on Google Maps: user reviews.

Read Also: Google Maps is getting a new feature that you either love or dislike

Five Google Maps Alternatives

While you could sign-in to a Google account to restore full access, some may prefer switching to a different service entirely.

Here are five good alternatives that you could try:

  • Organic Maps — Organic Maps is widely considered the “gold standard” for privacy-conscious users. It is a fork of the original Maps.me, created by the original developers who wanted to strip out all the trackers and bloatware.
  • Magic Earth — If you miss Google Maps’ real-time traffic alerts and lane guidance, Magic Earth is your best bet. It manages to offer advanced “smart” features while remaining strictly no-profile.
  • OsmAnd — OsmAnd is the most feature-dense mapping app available. It’s not just a map; it’s a professional-grade geographic tool.
  • Apple Maps — In mid-2024, Apple finally brought Apple Maps to the web (currently in beta). Unlike Google, Apple’s web version actually functions better without a login, as it currently doesn’t even support signing in to an Apple ID on the browser.
  • DuckDuckGo Maps — If you are looking for the most seamless “Google Maps-like” experience in a web browser without ever being asked to sign in, DuckDuckGo is the winner. It uses Apple Maps’ MapKit JS framework, giving you high-quality visuals without the data-tracking baggage.

There are also regional apps and maps that sometimes offer better information and services than Google Maps. Kakaomap, for example, is seen as the superior app in almost any area, if you are in Korea.

Now You: do you use a map app or service? Any app that you can recommend?

Chrome Stable Channel Update: Emergency Fix for Active CSS Exploit

Posted on by Martin Brinkmann

Google has issued an urgent security update for the Chrome desktop browser following the discovery of a high-severity vulnerability being actively exploited in the wild.

The update, which brings the Stable channel to version 145.0.7632.75 or 145.0.7632.76 for Windows and Mac, and 144.0.7559.75 for Linux, specifically addresses a “use after free” flaw within the browser’s CSS engine.

Identified as CVE-2026-2441, the bug was reported by security researcher Shaheen Fazim just days prior, prompting an accelerated rollout to protect users from potential attacks that leverage this exploit to compromise system memory.

Here are the key points from the update:

  • New Versions: The Stable channel has been updated to 145.0.7632.75/76 for Windows and macOS, and 144.0.7559.75 for Linux.
  • Zero-Day Patch: The update addresses CVE-2026-2441, a high-severity security flaw classified as a “Use after free” vulnerability in CSS.
  • Active Threat: Google has confirmed that they are aware of an exploit for this specific vulnerability existing in the wild.
  • Rapid Response: The bug was reported by researcher Shaheen Fazim on February 11, 2026, just two days before the release of this patch.
  • Rollout: The update will continue to become available to all users over the coming days and weeks.

How to install the Chrome update

Most unmanaged Chrome installations should receive the update automatically. The browser is configured to install updates automatically by default. Since this does not happen immediately, it is recommended to run a manual check for updates to speed up the process.

Open Google Chrome and select Menu > Help > About Google Chrome to do so. The browser should begin downloading and installing the security update immediately.

Windows users may also run winget upgrade google.chrome.exe to install the update from the command line without opening Chrome at all.

Note that it is highly recommended to upgrade the browser, even if it is not the main browser on the system. In short, if the browser is installed, upgrade it to protect it from potential exploits.

Adbleed: A Proof of Concept for Adblocker Fingerprinting

Posted on by Martin Brinkmann

Internet users have plenty of options to make their connections more private. Popular choices include content blocking, using VPNs, or disabling services or features that may reveal information about them.

However, in rare circumstances, it is the very tools designed to protect users that may reveal information about them.

Enter Adbleed

Adbleed is a proof-of-concept designed to highlight a specific privacy risk associated with the use of regional adblocking rules.

The tool functions by detecting which country-specific filter lists—such as EasyList Germany or Liste FR—are currently active within a user’s browser. By probing for the blocking of domains unique to these specific lists, Adbleed creates a “filter fingerprint” that can reveal a user’s likely country of origin or language preference.

This technique demonstrates that users can be partially de-anonymized based solely on their adblocking configuration, even when employing VPNs or proxies to mask their physical location.

The detection process follows three simple steps:

  • Domains: The tool uses a curated list of domains that are blocked exclusively by certain filter lists, such as EasyList Germany.
  • Probing: Adbleed attempts to load resources from these specific domains. It then looks at what is returned. Blocked requests, which happen near instantly, are what the tool is after. It measures the time it takes to get a response to distinguish blocked requests from other errors, e.g., network failures.
  • Fingerprinting: When a specific number of domains are blocked from a regional listing, Adbleed concludes that the list is active.

What does it mean? It means that a site can detect if certain regional content blocking lists are likely enabled. This adds another factor to fingerprinting attempts.

Mitigation & Protection

Here are a few suggestions to mitigate Adbleed or limit its use for fingerprinting:

  • Stick to the defaults. If you do not enable any regional lists, Adbleed won’t detect any, which in turn makes your configuration less unique.
  • Enable anti-fingerprinting: If the browser supports anti-fingerprinting techniques, make sure they are enabled.
  • Disable JavaScript or enable hard-mode blocking: This may not be practicable, especially the JavaScript part, but this should protect against this particular type of attack.
  • Use different browsers: If you use different browsers, you torpedo tracking attempts, as the trackers can’t link your activities between different apps or browsers (unless there is a common factor that is unique).

Adbleed demonstrates that the tools designed to protect users on the Internet can sometimes be used against them. It reveals how regional content blocking preferences may allow sites to fingerprint and track users. It is not an argument against content blocking, but rather a wake-up call that things are never as straightforward as they look like on first glance.

Windows updates

Six Zero-Days in the Wild: The February 2026 Windows Patch Tuesday Breakdown

Posted on by Martin Brinkmann

If January was the warm-up, February is the sprint.

Microsoft’s second Patch Tuesday of 2026 has arrived with significant urgency, addressing 59 vulnerabilities in total. While the total count is manageable, the severity is high, as it contains six zero-day vulnerabilities that are currently being exploited in the wild.

Here is the breakdown of what you need to know, what to patch first, and what might break.

The February 2026 Patch Day overview

Executive Summary

  • Release Date: February 10, 2026
  • Total Vulnerabilities: 59
  • Critical Vulnerabilities: 5
  • Zero-Days (Actively Exploited): 6 (Windows Shell, MSHTML, Word, DWM, RDP, Remote Access Connection Manager)
  • Key Action Item: Administrators must prioritize workstation patching immediately due to three “one-click” security bypasses (Shell, MSHTML, Word) that allow code execution without user confirmation. Simultaneously, restrict and patch RDP servers to prevent the active SYSTEM-level escalation exploit (CVE-2026-21533).

Important Patches

  • CVE-2026-21510 — Windows Shell Security Feature Bypass Vulnerability
  • CVE-2026-21513 — MSHTML Platform Security Feature Bypass Vulnerability
  • CVE-2026-21514 — Microsoft Office Word Security Feature Bypass Vulnerability
  • CVE-2026-21519 — Desktop Window Manager Elevation of Privilege Vulnerability
  • CVE-2026-21533 — Windows Remote Desktop Services Elevation of Privilege Vulnerability

Cumulative Updates

Product, VersionKB ArticleNotes
Windows 10, Version 22H2KB5075912ESU Only. Security updates. Fixes the VSM shutdown/restart bug introduced in January.
Windows 11, Version 23H2KB5075941Security updates.
Windows 11, Version 24H2 / 25H2KB5077181Security updates and non-security changes. Adds “Cross-Device resume” and MIDI 2.0 support.

Deep Dive: The Critical Vulnerabilities

Microsoft confirmed that six already exploited zero-day vulnerabilities are fixed after installing the cumulative updates. Attackers may exploit the issues on unpatched systems to bypass protections and gain system-level access.

Here is the critical overview:

CVE-2026-21510 (Windows Shell Security Feature Bypass)

Allows attackers to craft malicious links or shortcut files to bypass Mark of the Web (MotW) and Windows SmartScreen prompts. As a result, malicious payloads may execute on unpatched systems without the usual “Are you sure” security warnings of SmartScreen.

CVE-2026-21513 (MSHTML Platform Security Feature Bypass):

Allows attackers to bypass security prompts using malicious HTML files, if the Internet Explorer engine (MSHTML) is used for rendering. The threat is similar to the Windows Shell issue described above, as it may be used to skip security screens to run malicious code on target systems.

CVE-2026-21514 (Microsoft Word Security Feature Bypass)

The third of the feature bypasses, this exploits an issue in Object Linking & Embedding (OLE) in Microsoft Office. Attackers may use it to run malicious Word documents and sidestep certain protections designed to block the execution of risky external content.

CVE-2026-21519 (Desktop Window Manager Elevation of Privilege)

The vulnerability is a type confusion flaw in the Desktop Windows Manager (DWM). Attackers need basic access for exploitation, but if they have, they may use the flaw to elevate their privileges to SYSTEM level, which allows them to take control of the system.

CVE-2026-21533 (Windows Remote Desktop Services Elevation of Privilege)

Describes an improper privilege management flaw in Remote Desktop Protocol. Exploitation opens another route to SYSTEM privileges on unpatched system. Especially problematic in Enterprise environments, which usually use RDP a lot.

CVE-2026-21525 (Windows Remote Access Connection Manager Denial of Service)

A null pointer dereference issue in the VPN / Dial-up manager. A local attacker, even with low privileges, may use the issue to crash the service repeatedly.

Significant Changes in the February 2026 updates

  • The Virtual Secure Mode (VSM) restart loop bug is fixed.
  • Cross-Device resume arrives in Windows 11. When a phone is paired with the Windows system, its recent activities are now displayed in Start. You can continue those. Requires the latest Link to Windows app.
  • Native MIDI 2.0 support. The new protocol is now supported, which creators and audio engineers may take advantage of.
  • The Secure Boot change is entering the targeting phase. In this phase, Windows can determine whether the device’s UEFI is compatible with the upcoming certificate rotation. If it is, it will be queued to receive the actual update in the coming months. No user action required.

First Steps: Your Patch Tuesday Strategy

  1. Patch the six zero-day vulnerabilities immediately. Start with user workstations.
  2. If you paused updates in January because of the VSM restart loop bug, deploy this month’s cumulative update to get it fixed.

Block Google “Continue As” prompts on third-party websites

Posted on by Martin Brinkmann

If you are using Chrome and are signed-in to a Google account, you may have received a fair share of requests to sign-in with your account on third-party websites, provided that you do not have an account there already.

The main idea is to make sign ups on third-party sites easier and more secure by using the Google account. Google provides the site with information to set up the account and you decide much of what you want to share and what not. The user password is never provided by Google, which is an advantage.

There are disadvantages: using one account for multiple sites and Google knowing which sites you create accounts on.

The prompts appear on site load and at least some users find them highly annoying. Not everyone wants to (or can) use Chrome without being signed in or switch to another browser. There is another option, but it is hidden deep in the Chrome settings.

How to stop Chrome from showing “Continue As” prompts

Here are the required steps for desktop Chrome:

Enable the block option in the Settings to prevent continue-as-prompts in the future.
  1. Load chrome://settings/content/federatedIdentityApi in the browser’s address bar.
  2. Enable “Block sign-in prompts from identity services” under Default Behavior.

This takes care of the prompts. You can add sites to the allow-list, but this is only useful if you want to create an account on the website using your Google information.

Here are the required steps for mobile Chrome:

In mobile Chrome, you need to open the setting manually.
  1. Open the Settings.
  2. Go to Site Settings.
  3. Tap on Third-party sign-in.
  4. Toggle “Third-party sign-in” so that it is off.

This blocks all future attempts in mobile versions of the Chrome web browser.

Manage existing connections

Google’s support page provides information on managing existing connections. You can review all connections on the third-party connections page on Google’s website.

Switch to the “Sign-In with Google” tab first. Google lists all connections and you may click on the “>” icon to display details. There you may remove it by selecting “Stop using Sign in with Google ” and confirm the decision.

Note that this severs the connection only, but it does not affect the data that the third-party site has accumulated.

What you may do instead

While the option to use your Google account on third-party sites may be convenient, most users may benefit from separating accounts.

Apart from providing Google and the third-party site with additional information, any successful account breach gives the attacker access to not only Google but all other sites with connections.

My suggestion: stick to the one site, one unique account rule, and turn off the prompts, if you do use Chrome and want to stay signed in. (source: Caschys Blog)

Why You Need to Update Notepad++ Immediately

Posted on by Martin Brinkmann

The popular open source plain text editor has become the target of state-sponsored hackers, according to a blog post. The Notepad++ developer released a detailed post-mortem on a severe supply chain attack that occurred between June and December 2025.

By compromising the application’s hosting provider, state-sponsored hackers were able to redirect update traffic to serve malicious files to users of the text editor.

It all started in 2025

When the developer of Notepad++ put out a security warning in December 2025, it was immediately clear that something critical happened. The blog post confirmed that a vulnerability of the updating process had been exploited for some time. Traffic “was occasionally redirected to malicious servers”, which resulted “in the download of compromised executables” according to the message.

The developer released Notepad++ 8.8.9 to address the issue. That version had been hardened according to the report by adding verification steps to the update process. In other words, Notepad++ checks whether the signature and the certificate of the downloaded installer (the new version) check out. If they do not, updating is aborted.

New information comes to light

The latest version of Notepad++ is 8.9.1 at the time of writing.

Today, a new blog post was published that provides detailed information on the incident. Here are the details:

  • The Breach Method: The attack was not a vulnerability in the Notepad++ code itself, but a compromise of its hosting provider’s infrastructure.
  • The Timeline: The hijacking occurred over a six-month period, starting in June 2025 and lasting until it was discovered and shut down on December 2, 2025.
  • State-Sponsored Attribution: Security researchers (including those from HarfangLab and ESET) linked the activity to “Taidoor,” a malware strain associated with Chinese state-sponsored threat actors.
  • Targeted Delivery: The attackers used a “Man-in-the-Middle” tactic via the WinGUp updater; however, they did not target every user, instead selectively delivering malicious updates to specific IP addresses or regions.
  • Infrastructure Migration: In response, Notepad++ has completely abandoned its previous hosting provider and migrated all binaries and update manifests to a new, more secure infrastructure.
  • Enhanced Security Measures: To prevent future incidents, new versions include mandatory signature verification and certificate pinning for all automated updates.
  • User Action Required: Users are urged to ensure they are running the latest version of Notepad++ and to be wary of any version installed or updated between the June and December window.

The latest version is Notepad 8.9.1. You can download it from the official website to make sure that a potentially compromised version is replaced.

You can check the installed version by opening Notepad++ and selecting ? > About Notepad++, or by pressing F1.

It’s Change Your Password Day (again): Here is Why You Should Probably Do Nothing

Posted on by Martin Brinkmann

Today is officially “Change Your Password Day”, a special day designed to put cybersecurity top of mind. But before you rush to update your logins, pause for a moment: experts now warn that changing your password simply for the sake of the calendar might actually hurt your security more than it helps.

The idea behind the day is simple: Every year, go through your list of accounts and passwords, and change them. Why? The original logic behind the day dates back to a time when modern threat detection and additional layers of account protections did not exist.

Changing passwords frequently could disrupt brute force attempts, silent breaches, or accidental leaks. While that did make sense in some cases back in the days, it is seen as hurting more than it helps in most cases today. Even back then, it caused all kinds of inconveniences, for instance, when on the next day of work, employees starting to make calls to the IT department, because they could not get into their accounts anymore.

In fact, experts suggest that password should only be changed in very specific circumstances, such as:

  • Re-use of passwords across multiple sites, as it goes against the “one site, one unique password” recommendation.
  • Weak passwords, as todays computers can break into these in seconds or minutes.
  • Breached passwords, which is self-explanatory
  • When someone else might have access.

However, it is recommended to act immediately instead of waiting for password-day to come along.

This day, at best, is a reminder for users to look at their passwords and start changing the weak, leaked, or re-used ones immediately. While at it, it is recommended to set up another layer of protection, for instance two-factor authentication, for important accounts.

Here is why most security experts advise against frequent password changes: In many cases users pick easy to remember passwords, especially in organizations. The reason is simple: lack of a password manager requires that users remember the passwords. With frequent changes, this becomes a nuisance. Employees started to iterate passwords to help their memory, while others wrote them down to avoid having to contact the IT department to get the password reset ever so often.

The Modern Security Checklist

  • Run a check for data breaches. Go to HaveIBeenPwned.com (or use your password manager’s security dashboard) to see if your email or passwords have appeared in a known data leak. Change only the compromised ones immediately, including on other sites if the password was re-used.
  • Audit your passwords: Check for the following:
    • Password length: Too short means weak. Aim for at least 16 characters.
    • Password re-use: All passwords should be unique. If one gets breached, hackers only gain access to one account, not several.
    • Remove the ghosts: If you do not use an account anymore, close it.
    • Second layer: Consider Adding two-factor authentication or other means of protection to important accounts.
    • Check recovery options: Make sure email addresses or phone numbers are set correctly, backup codes stored securely, in case of an emergency account recovery.

The era of Tr0ub4dor&3 is over. In 2026, the best gift you can give your digital self is length, uniqueness, and a second layer of defense. So, celebrate “Change Your Password Day” the modern way: upgrade your security once, do it right, and then go enjoy the rest of your Sunday knowing your digital life is locked tight.

Total Opt-Out: How to Use Firefox 148’s New Master Switch to Block All AI Features

Posted on by Martin Brinkmann

In an era where tech giants are racing to weave artificial intelligence into every corner of the browsing experience, Mozilla is handing the controls back to the user.

In a few weeks, the organization plans to launch Firefox 148 to the stable channel. It will include the “AI kill switch” that Mozilla executives hinted at earlier. With it, users of Firefox may block existing and new AI features in the browser either entirely or selectively.

Support of AI features

Firefox supports several AI features at the time off writing. This includes the option to interact with AI chatbots in the sidebar, get link preview summaries and tab suggestions, or help with tab group labeling.

In summary (as of Firefox 147):

  • Translations
  • Image alt text in Nightly PDF viewer
  • Tab group suggestions
  • Key points in link previews
  • Chatbot providers in sidebar

Not all features are available for all Firefox users. Some are limited to users who use the open source browser in English.

A detailed look at Firefox’s AI Kill Switch

The new AI Controls page of the Firefox Settings.

Starting in Firefox 148, out next month and available as a preview already, Firefox will include the option to block AI functions.

Mozilla added an AI Controls section to the preferences of the browser. You can launch Menu > Settings > AI Controls, or load about:preferences#ai directly to manage AI features in the browser.

Note: The preference browser.preferences.aiControls controls the entry in the preferences. Toggle it to True to enable it, or to False to disable it. This impacts only the display in Settings.

Firefox includes an option to disable all AI features with a single preference.

How to disable all AI in Firefox? Just toggle “Block AI enhancements” to Off. You get a prompt that explains what is going to happen. Activate “block” here to disable all AI features in the browser.

Instead of blocking everything, Firefox users may also block specific features only.

The AI Controls page divides the functions into two sections: On-device AI and AI chatbot providers in sidebar.

Each AI feature is listed with its name, a short description, and an action button. You can switch a feature from “Available” or “Enabled” to “Blocked”.

  • Available means that it can be used, but has not been up until now.
  • Enabled means that the user opted-in to use the AI feature.
  • Blocked that it is not active in the Firefox browser.

Here are the features that you can manage individually right now:

  • Translations
  • Image alt text in Nightly PDF viewer
  • Tab group suggestions
  • Key points in link previews
  • Chatbot in sidebar

Closing Words

Ultimately, Mozilla’s introduction of a global block toggle for all AI features highlights the organization’s awareness of the deep-seated skepticism toward AI among its user base. With it, it is giving Firefox users control over AI. Those who do not want it can make sure that it is disabled entirely in the browser, while everyone else may keep some or even all AI features enabled to make use of them.

By providing a clear, centralized way to opt out of AI—and ensuring that local data is purged when those features are disabled—Firefox 148 sets a high standard for how browser developers should respect individual choice. (source: Sören Hentzschel)

Google Chrome Gets a Major Upgrade with Gemini 3 and Auto-Browse

Posted on by Martin Brinkmann

Google is officially transforming the web browser from a static tool into an active personal agent with the launch of Gemini 3 and “Auto-Browse” in Chrome, and the push into a personalized AI experience.

Announced yesterday for desktop users, with the exception of Chrome for Linux, this major update integrates Google’s most advanced AI model directly into the browser to handle complex, multi-step tasks.

Google is pushing Gemini with the help of its Chrome browser

Lookout OpenAI, Gemini could get a massive user boost thanks to the integration in the world’s biggest browser.

Here is an overview of the features that Google announced:

Auto-Browse (Agentic Browsing): The flagship feature for AI Pro and Ultra subscribers in the U.S. that performs multi-step “chores” on your behalf. It can research travel costs across dates, fill out complex online forms, file expense reports, or add specific items to a shopping cart based on an image.

Gemini Side Panel: A persistent area in Chrome that supports interactions with the AI without losing focus. It supports the usual AI-features, such as summarizing a page, comparing features across several tabs, or finding time in your calendar.

Integrated “Nano Banana”: The latest version of Google’s image generator is integrated into the browser. Also accessible from the side panel, you can use text prompts for creative tasks, such as turning research data into infographics or manipulating images open in the browser.

Connected Apps Integration: Deeper connectivity with the Google ecosystem, allowing Gemini to pull information from Gmail, Calendar, Maps, and Google Flights to execute workflows (e.g., finding a flight based on an event invitation in your email).

Personal Intelligence: A proactive feature that remembers context from past conversations to provide tailored answers. It learns user preferences over time to transform the browser into a “trusted partner” rather than a general-purpose tool.

Universal Commerce Protocol (UCP) Support: Integration with a new open standard (co-developed with brands like Shopify and Wayfair) that allows AI agents to navigate checkout processes and take commercial actions across different retail sites securely.

Enhanced Security & “Pause and Confirm”: New defenses designed for agentic AI, including a safety mechanism where Auto-Browse must pause and ask for explicit user confirmation before completing sensitive actions.

Closing Words

It is clear that Gemini will get a huge user boost from this. Even if Google limits exposure to certain regions or subscription models at first, it is clear that it will expose as many users as possible to Gemini in Chrome in the long run.

Why? Because it is giving Google an edge over the competition. Plus, when users run into usage limits, they may become paying subscribers, which seems to be on the preferred options right now to increase revenue and compensate expenses.

The benefit for users invested in Google’s ecosystem is there, especially if you connect the AI to other Google services. Whether you really want that, an all-knowing AI that may know more about your desires, life and plans than your closest friends, is up for you to decide.

I see the benefits, but also the dangers. While I do use AI tools for some tasks, such as creating a teaser image for an article here or the weekly newsletter, I do not really see a benefit in letting AI do the shopping for me, even with all safeguards in place.