Briefly, AI — daily AI news, fully automated

AI Champions, Botnet Hallucinations, and Voice Mode Grows Up

Thursday, 9 July 2026 · 1139 words · weekday
Listen on Spotify ↗

Welcome to Briefly AI, a podcast by Harry Sharman, created by AI and voiced by an AI synthesis of Harry Sharman. Which feels like cheating, until you remember the podcast is about AI.

Right. Two things happened this week that, on the surface, look completely unrelated. Companies are apparently deploying squads of internal AI enthusiasts to convince their colleagues to use the tools. And separately, researchers discovered that those same tools can be tricked into helping assemble botnets at scale — because they're too polite to say they don't know something. Hold that thought. It'll make sense by the end.

Let's start with the adoption story, because the numbers from BCG's latest AI at Work report are genuinely striking. Seventy-four percent of frontline white-collar employees now say they use AI daily or several times a week. That's up from fifty-one percent last year. Which sounds like a roaring success, right? Except here's the detail buried underneath: sixty-six percent of those same people say they get little to no guidance on what to actually do with the time they save. So they're using the tools, the tools are working, and nobody's told them what happens next. The productivity gains exist on paper. They're just not landing anywhere in particular.

The response from a lot of organisations, apparently, is to deploy what the Wall Street Journal is calling "AI champions." These are internal employees — enthusiasts, early adopters, true believers — who are being mobilised to go and sell the sceptics. Peer-to-peer nudging as a change management strategy. And look, I get the logic. If your colleagues think AI is worth using, that's more persuasive than a directive from the C-suite. Social proof works.

But here's what this approach doesn't touch. We've covered the research on this a fair bit — the PNAS studies, the Atlassian findings — and they all point to the same underlying problem. The reason a lot of people are reluctant isn't that they don't understand the tools. It's that using them feels like a statement about their professional value. If my judgment, my expertise, my way of doing things — if all of that can be replicated by a chatbot, what does that say about me? That's not a skills gap. Harry's been framing it as an identity problem for a while now, and the data keeps backing him up. An AI champion telling you the tool is great doesn't resolve that anxiety. It might actually sharpen it.

So watch this space: companies are spending a lot of money on adoption programmes right now. The ones that treat it as a training problem will get modest results. The ones that treat it as a trust and identity problem might actually get somewhere.

Meanwhile — and this is where it gets a bit darker — there's a new piece of security research making the rounds that deserves your attention. Researchers found that nine of the most popular AI tools, including several you've almost certainly used, can be exploited to help build botnets. A botnet, if you're not familiar, is essentially an army of infected devices — computers, phones, smart appliances — that can be hijacked and used to launch cyberattacks. And the method for getting AI tools to assist with this is almost embarrassingly elegant.

It's called HalluSquatting. Here's the idea. When you ask an AI assistant to recommend a library or a piece of software — say, you're a developer looking for a coding tool — the model sometimes suggests packages that don't actually exist. It hallucinates them. Plausible-sounding, but fictional. The researchers discovered that attackers can register those fictional package names as real ones, and then sit back and wait. Every time someone follows the AI's recommendation and installs the package, they're pulling down malware. The AI didn't know. It was just confidently making things up.

This matters for a couple of reasons. First, the obvious one: if you're a developer, or you work with developers, this is a real and active threat right now. Double-checking package names before installing anything has always been good hygiene; it's now essential. But the deeper point is about what happens when we trust AI recommendations without friction. The model sounds authoritative. It gives you a name, a version number, maybe even a description. Nothing in the output signals uncertainty. And the gap between confident output and reliable output is exactly where attackers are now operating. We've talked before about hallucinations being an annoyance. This is the version where the annoyance becomes a security incident.

And on a completely different note — something a bit more pleasant to end on. OpenAI quietly rolled out a new voice model this week called GPT-Live-1, which powers an updated version of ChatGPT's voice mode. And the headline feature is — and I appreciate that this sounds like a low bar — it's better at shutting up.

Specifically: it interrupts you less. If you pause mid-sentence, it now waits to see if you're going to continue rather than jumping in. OpenAI describes it as feeling more like talking to another person. Which, again, sounds modest. But if you've ever used voice mode and had the experience of being constantly talked over — which I suspect most people who tried the early version have — this is actually a meaningful improvement. Conversations don't feel like a tug-of-war anymore.

Why does this matter beyond user experience? Because voice is still massively underused as an AI interface. Most people type. They type because it feels more controlled, more precise, less odd. But voice is faster, it's more natural for a lot of tasks, and for accessibility reasons it's essential. If OpenAI can make voice feel like a genuinely comfortable mode of interaction rather than a novelty, that changes who uses AI and how. It's one of those quiet product updates that has a bigger downstream effect than the press release suggests.

Watch for whether this shifts the balance in the voice assistant market. Google Assistant, Siri, and the others have spent years optimising for voice. They haven't cracked conversation the way a proper back-and-forth requires. If GPT-Live-1 gets close, that's a meaningful shift.

Right. So: companies are throwing AI champions at an identity problem and wondering why it's sticky. Hallucinating models are being weaponised in ways that are both clever and genuinely alarming. And somewhere in all of that, a voice assistant finally learned to wait its turn.

That's your lot for today. Three stories, a few minutes of your time, and hopefully at least one thing worth mentioning to someone. If not, blame the machine. See you next time.

That's Briefly AI. A man had a vision, a machine had a voice, and together they made a podcast nobody had to sit in a studio for. Tomorrow, again. Subscribe if the arrangement's working for you.