New Office AI Intern Broke Everything
Also, we're still pretending that one-time codes are "security."

Mandatory Upgrade: The LLM Department Has A New Manager

The office memo finally landed, confirming what everyone already knew: OpenAI has rolled out GPT-5. This is being treated as a monumental shift in the Generative AI department, but mostly it just means your existing automation scripts are going to throw new errors starting tomorrow. The developer presentation was clear enough, detailing the new suite of APIs and features. Everyone is now required to update their internal workflows to accommodate the new model, which has reportedly resolved a few of the more embarrassing hallucination issues that plagued the last version.

Like any good corporate restructuring, this one comes with an entirely new "system card"; essentially a new, longer Terms of Service document for the AI to ignore. The core takeaway from the 2,482 comments on the announcement is that the training data seems better, the price is higher, and the waiting list for a meeting with the new model is now six months out. It is a classic case of the company trying very hard and now charging everyone else for the increased effort.

Security Team Discovers Email Is Not a Vault, It Is a Postcard

A new internal audit report has revealed a shocking truth that security teams have quietly known for years: relying on one-time codes sent via email for authentication is actually worse than using a simple password. The reasoning is sound enough; the user's email inbox is likely compromised or uses the same weak password, creating a cyclical dependency of incompetence.

This finding is equivalent to the discovery that the office "secure shred bin" is just a box labeled "Private Documents" next to the coffee station. The 789 comments indicate a collective sigh from every sysadmin who has ever had to explain that no, an easily intercepted email is not actually two factor authentication, it is just adding an extra step for the attacker.

Vault Access Credentials Accidentally Left Under the Mat

The team at HashiCorp has had an oopsie with their flagship enterprise product, Vault. A comprehensive blog post outlined how researchers found multiple zero day flaws in the authentication, identity, and authorization systems. This means the very core job of the Vault, holding the company keys in a safe place, was momentarily compromised by basic human programming errors.

This is a classic corporate parable: The company builds a bunker for its most sensitive secrets, and then the construction crew forgets to lock the front door. The fact that the flaws allow for unauthorized access and privilege escalation means a quick emergency patch is required for everyone using the product. Do not panic, though; just treat this like a fire drill where the fire is real and only the compliance team is still taking notes.

Briefs

• Car Key Hacking for Dummies: A dark web firmware update for the Flipper Zero device reportedly bypasses rolling code security. This means your new car is essentially protected by the same security protocol as a 1980s garage door opener.
• Retro Computing: Someone built a live, working Windows XP Professional emulator that runs entirely in the browser. It is exactly what you need to remember the specific shade of blue the BSOD used to be while wasting company time.
• The German Tax Exit: An accountant wrote a lengthy manifesto on why you should leave Germany before your business gets big due to the country's draconian exit tax rules. The tax department remains unbothered, requesting you fill out three separate forms in triplicate before leaving.