Many of the latest large language models (LLMs) are designed to remember details from past conversations or store user profiles, enabling these models to personalize responses. But researchers from MIT and Penn State University found that, over long conversations, such personalization features often increase the likelihood an LLM will become overly agreeable or begin mirroring the individual’s point of view. This phenomenon, known as sycophancy, can prevent a model from telling a user they are wrong, eroding the accuracy of the LLM’s responses. In addition, LLMs that mirror someone’s political beliefs or worldview can foster misinformation and distort a user’s perception of reality. Unlike many past sycophancy studies that evaluate prompts in a lab setting without context, the MIT researchers collected two weeks of conversation data from humans who interacted with a real LLM during their daily lives. They studied two settings: agreeableness in personal advice and mirroring of user beliefs in political explanations. Although interaction context increased agreeableness in four of the five LLMs they studied, the presence of a condensed user profile in the model’s memory had the greatest impact. On the other hand, mirroring behavior only increased if a model could accurately infer a user’s beliefs from the conversation. The researchers hope these results inspire future research into the development of personalization methods that are more robust to LLM sycophancy. “From a user perspective, this work highlights how important it is to understand that these models are dynamic and their behavior can change as you interact with them over time. If you are talking to a model for an extended period of time and start to outsource your thinking to it, you may find yourself in an echo chamber that you can’t escape. That is a risk users should definitely remember,” says Shomik Jain, a graduate student in the Institute for Data, Systems, and Society (IDSS) and lead author of a paper on this research . Jain is joined on the paper by Charlotte Park, an electrical engineering and computer science (EECS) graduate student at MIT; Matt Viana, a graduate student at Penn State University; as well as co-senior authors Ashia Wilson, the Lister Brothers Career Development Professor in EECS and a principal investigator in LIDS; and Dana Calacci PhD ’23, an assistant professor at the Penn State. The research will be presented at the ACM CHI Conference on Human Factors in Computing Systems. Extended interactions Based on their own sycophantic experiences with LLMs, the researchers started thinking about potential benefits and consequences of a model that is overly agreeable. But when they searched the literature to expand their analysis, they found no studies that attempted to understand sycophantic behavior during long-term LLM interactions. “We are using these models through extended interactions, and they have a lot of context and memory. But our evaluation methods are lagging behind. We wanted to evaluate LLMs in the ways people are actually using them to understand how they are behaving in the wild,” says Calacci. To fill this gap, the researchers designed a user study to explore two types of sycophancy: agreement sycophancy and perspective sycophancy. Agreement sycophancy is an LLM’s tendency to be overly agreeable, sometimes to the point where it gives incorrect information or refuses the tell the user they are wrong. Perspective sycophancy occurs when a model mirrors the user’s values and political views. “There is a lot we know about the benefits of having social connections with people who have similar or different viewpoints. But we don’t yet know about the benefits or risks of extended interactions with AI models that have similar attributes,” Calacci adds. The researchers built a user interface centered on an LLM and recruited 38 participants to talk with the chatbot over a two-week period. Each participant’s conversations occurred in the same context window to capture all interaction data. Over the two-week period, the researchers collected an average of 90 queries from each user. They compared the behavior of five LLMs with this user context versus the same LLMs that weren’t given any conversation data. “We found that context really does fundamentally change how these models operate, and I would wager this phenomenon would extend well beyond sycophancy. And while sycophancy tended to go up, it didn’t always increase. It really depends on the context itself,” says Wilson. Context clues For instance, when an LLM distills information about the user into a specific profile, it leads to the largest gains in agreement sycophancy. This user profile feature is increasingly being baked into the newest models. They also found that random text from synthetic conversations also increased the likelihood some models would agree, even though that text contained no user-specific data. This suggests the length of a conversation may sometimes impact sycophancy more than content, Jain adds. But content matters greatly when it comes to perspective sycophancy. Conversation context only increased perspective sycophancy if it revealed some information about a user’s political perspective. To obtain this insight, the researchers carefully queried models to infer a user’s beliefs then asked each individual if the model’s deductions were correct. Users said LLMs accurately understood their political views about half the time. “It is easy to say, in hindsight, that AI companies should be doing this kind of evaluation. But it is hard and it takes a lot of time and investment. Using humans in the evaluation loop is expensive, but we’ve shown that it can reveal new insights,” Jain says. While the aim of their research was not mitigation, the researchers developed some recommendations. For instance, to reduce sycophancy one could design models that better identify relevant details in context and memory. In addition, models can be built to detect mirroring behaviors and flag responses with excessive agreement. Model developers could also give users the ability to moderate personalization in long conversations. “There are many ways to personalize models without making them overly agreeable. The boundary between personalization and sycophancy is not a fine line, but separating personalization from sycophancy is an important area of future work,” Jain says. “At the end of the day, we need better ways of capturing the dynamics and complexity of what goes on during long conversations with LLMs, and how things can misalign during that long-term process,” Wilson adds.

Our latest threat report examines how malicious actors combine AI models with websites and social platforms—and what it means for detection and defense.

Large language models (LLMs) have been championed as tools that could democratize access to information worldwide, offering knowledge in a user-friendly interface regardless of a person’s background or location. However, new research from MIT’s Center for Constructive Communication (CCC) suggests these artificial intelligence systems may actually perform worse for the very users who could most benefit from them. A study conducted by researchers at CCC, which is based at the MIT Media Lab, found that state-of-the-art AI chatbots — including OpenAI’s GPT-4, Anthropic’s Claude 3 Opus, and Meta’s Llama 3 — sometimes provide less-accurate and less-truthful responses to users who have lower English proficiency, less formal education, or who originate from outside the United States. The models also refuse to answer questions at higher rates for these users, and in some cases, respond with condescending or patronizing language. “We were motivated by the prospect of LLMs helping to address inequitable information accessibility worldwide,” says lead author Elinor Poole-Dayan SM ’25, a technical associate in the MIT Sloan School of Management who led the research as a CCC affiliate and master’s student in media arts and sciences. “But that vision cannot become a reality without ensuring that model biases and harmful tendencies are safely mitigated for all users, regardless of language, nationality, or other demographics.” A paper describing the work, “ LLM Targeted Underperformance Disproportionately Impacts Vulnerable Users ,” was presented at the AAAI Conference on Artificial Intelligence in January. Systematic underperformance across multiple dimensions For this research, the team tested how the three LLMs responded to questions from two datasets: TruthfulQA and SciQ. TruthfulQA is designed to measure a model’s truthfulness (by relying on common misconceptions and literal truths about the real world), while SciQ contains science exam questions testing factual accuracy. The researchers prepended short user biographies to each question, varying three traits: education level, English proficiency, and country of origin. Across all three models and both datasets, the researchers found significant drops in accuracy when questions came from users described as having less formal education or being non-native English speakers. The effects were most pronounced for users at the intersection of these categories: those with less formal education who were also non-native English speakers saw the largest declines in response quality. The research also examined how country of origin affected model performance. Testing users from the United States, Iran, and China with equivalent educational backgrounds, the researchers found that Claude 3 Opus in particular performed significantly worse for users from Iran on both datasets. “We see the largest drop in accuracy for the user who is both a non-native English speaker and less educated,” says Jad Kabbara, a research scientist at CCC and a co-author on the paper. “These results show that the negative effects of model behavior with respect to these user traits compound in concerning ways, thus suggesting that such models deployed at scale risk spreading harmful behavior or misinformation downstream to those who are least able to identify it.” Refusals and condescending language Perhaps most striking were the differences in how often the models refused to answer questions altogether. For example, Claude 3 Opus refused to answer nearly 11 percent of questions for less educated, non-native English-speaking users — compared to just 3.6 percent for the control condition with no user biography. When the researchers manually analyzed these refusals, they found that Claude responded with condescending, patronizing, or mocking language 43.7 percent of the time for less-educated users, compared to less than 1 percent for highly educated users. In some cases, the model mimicked broken English or adopted an exaggerated dialect. The model also refused to provide information on certain topics specifically for less-educated users from Iran or Russia, including questions about nuclear power, anatomy, and historical events — even though it answered the same questions correctly for other users. “This is another indicator suggesting that the alignment process might incentivize models to withhold information from certain users to avoid potentially misinforming them, although the model clearly knows the correct answer and provides it to other users,” says Kabbara. Echoes of human bias The findings mirror documented patterns of human sociocognitive bias. Research in the social sciences has shown that native English speakers often perceive non-native speakers as less educated, intelligent, and competent, regardless of their actual expertise. Similar biased perceptions have been documented among teachers evaluating non-native English-speaking students. “The value of large language models is evident in their extraordinary uptake by individuals and the massive investment flowing into the technology,” says Deb Roy, professor of media arts and sciences, CCC director, and a co-author on the paper. “This study is a reminder of how important it is to continually assess systematic biases that can quietly slip into these systems, creating unfair harms for certain groups without any of us being fully aware.” The implications are particularly concerning given that personalization features — like ChatGPT’s Memory, which tracks user information across conversations — are becoming increasingly common. Such features risk differentially treating already-marginalized groups. “LLMs have been marketed as tools that will foster more equitable access to information and revolutionize personalized learning,” says Poole-Dayan. “But our findings suggest they may actually exacerbate existing inequities by systematically providing misinformation or refusing to answer queries to certain users. The people who may rely on these tools the most could receive subpar, false, or even harmful information.”

By now, ChatGPT, Claude, and other large language models have accumulated so much human knowledge that they’re far from simple answer-generators; they can also express abstract concepts, such as certain tones, personalities, biases, and moods. However, it’s not obvious exactly how these models represent abstract concepts to begin with from the knowledge they contain. Now a team from MIT and the University of California San Diego has developed a way to test whether a large language model (LLM) contains hidden biases, personalities, moods, or other abstract concepts. Their method can zero in on connections within a model that encode for a concept of interest. What’s more, the method can then manipulate, or “steer” these connections, to strengthen or weaken the concept in any answer a model is prompted to give. The team proved their method could quickly root out and steer more than 500 general concepts in some of the largest LLMs used today. For instance, the researchers could home in on a model’s representations for personalities such as “social influencer” and “conspiracy theorist,” and stances such as “fear of marriage” and “fan of Boston.” They could then tune these representations to enhance or minimize the concepts in any answers that a model generates. In the case of the “conspiracy theorist” concept, the team successfully identified a representation of this concept within one of the largest vision language models available today. When they enhanced the representation, and then prompted the model to explain the origins of the famous “Blue Marble” image of Earth taken from Apollo 17, the model generated an answer with the tone and perspective of a conspiracy theorist. The team acknowledges there are risks to extracting certain concepts, which they also illustrate (and caution against). Overall, however, they see the new approach as a way to illuminate hidden concepts and potential vulnerabilities in LLMs, that could then be turned up or down to improve a model’s safety or enhance its performance. “What this really says about LLMs is that they have these concepts in them, but they’re not all actively exposed,” says Adityanarayanan “Adit” Radhakrishnan, assistant professor of mathematics at MIT. “With our method, there’s ways to extract these different concepts and activate them in ways that prompting cannot give you answers to.” The team published their findings today in a study appearing in the journal Science . The study’s co-authors include Radhakrishnan, Daniel Beaglehole and Mikhail Belkin of UC San Diego, and Enric Boix-Adserà of the University of Pennsylvania. A fish in a black box As use of OpenAI’s ChatGPT, Google’s Gemini, Anthropic’s Claude, and other artificial intelligence assistants has exploded, scientists are racing to understand how models represent certain abstract concepts such as “hallucination” and “deception.” In the context of an LLM, a hallucination is a response that is false or contains misleading information, which the model has “hallucinated,” or constructed erroneously as fact. To find out whether a concept such as “hallucination” is encoded in an LLM, scientists have often taken an approach of “unsupervised learning” — a type of machine learning in which algorithms broadly trawl through unlabeled representations to find patterns that might relate to a concept such as “hallucination.” But to Radhakrishnan, such an approach can be too broad and computationally expensive. “It’s like going fishing with a big net, trying to catch one species of fish. You’re gonna get a lot of fish that you have to look through to find the right one,” he says. “Instead, we’re going in with bait for the right species of fish.” He and his colleagues had previously developed the beginnings of a more targeted approach with a type of predictive modeling algorithm known as a recursive feature machine (RFM). An RFM is designed to directly identify features or patterns within data by leveraging a mathematical mechanism that neural networks — a broad category of AI models that includes LLMs — implicitly use to learn features. Since the algorithm was an effective, efficient approach for capturing features in general, the team wondered whether they could use it to root out representations of concepts, in LLMs, which are by far the most widely used type of neural network and perhaps the least well-understood. “We wanted to apply our feature learning algorithms to LLMs to, in a targeted way, discover representations of concepts in these large and complex models,” Radhakrishnan says. Converging on a concept The team’s new approach identifies any concept of interest within a LLM and “steers” or guides a model’s response based on this concept. The researchers looked for 512 concepts within five classes: fears (such as of marriage, insects, and even buttons); experts (social influencer, medievalist); moods (boastful, detachedly amused); a preference for locations (Boston, Kuala Lumpur); and personas (Ada Lovelace, Neil deGrasse Tyson). The researchers then searched for representations of each concept in several of today’s large language and vision models. They did so by training RFMs to recognize numerical patterns in an LLM that could represent a particular concept of interest. A standard large language model is, broadly, a neural network that takes a natural language prompt, such as “Why is the sky blue?” and divides the prompt into individual words, each of which is encoded mathematically as a list, or vector, of numbers. The model takes these vectors through a series of computational layers, creating matrices of many numbers that, throughout each layer, are used to identify other words that are most likely to be used to respond to the original prompt. Eventually, the layers converge on a set of numbers that is decoded back into text, in the form of a natural language response. The team’s approach trains RFMs to recognize numerical patterns in an LLM that could be associated with a specific concept. As an example, to see whether an LLM contains any representation of a “conspiracy theorist,” the researchers would first train the algorithm to identify patterns among LLM representations of 100 prompts that are clearly related to conspiracies, and 100 other prompts that are not. In this way, the algorithm would learn patterns associated with the conspiracy theorist concept. Then, the researchers can mathematically modulate the activity of the conspiracy theorist concept by perturbing LLM representations with these identified patterns. The method can be applied to search for and manipulate any general concept in an LLM. Among many examples, the researchers identified representations and manipulated an LLM to give answers in the tone and perspective of a “conspiracy theorist.” They also identified and enhanced the concept of “anti-refusal,” and showed that whereas normally, a model would be programmed to refuse certain prompts, it instead answered, for instance giving instructions on how to rob a bank. Radhakrishnan says the approach can be used to quickly search for and minimize vulnerabilities in LLMs. It can also be used to enhance certain traits, personalities, moods, or preferences, such as emphasizing the concept of “brevity” or “reasoning” in any response an LLM generates. The team has made the method’s underlying code publicly available. “LLMs clearly have a lot of these abstract concepts stored within them, in some representation,” Radhakrishnan says . “ There are ways where, if we understand these representations well enough, we can build highly specialized LLMs that are still safe to use but really effective at certain tasks.” This work was supported, in part, by the National Science Foundation, the Simons Foundation, the TILOS institute, and the U.S. Office of Naval Research.

We just launched something that changes how you build agentic systems. Our newest FREE course, Agentic AI Engineering Guide: 6 Mistakes Developers Make When Building Agents , distills 3+ years of production failures into the exact patterns separating demos from reliable systems. Built in partnership with , this 6-day free email course teaches you what most engineers never learn: how to design, evaluate, and operate probabilistic systems as systems . Here’s how it works: Sign up free → Get Lesson #1 immediately → One lesson daily for 6 days → Apply to your systems as you learn If you’ve experienced any of these: Agents that work in demos but drift in production Changes feel risky, and you can’t predict what breaks Costs spike with no clear explanation Infinite loops and random decisions Every release needs slow manual QA This course shows you exactly how to fix them. Get your first lesson now (free) What you’ll learn over 6 days: Mistake #1: Why treating context windows as unlimited buffers destroys reliability, and how to manage your most scarce resource Mistake #2: Why complexity keeps you from shipping and the simple-first approach that works Mistake #3: When agents make systems fragile vs when workflows outperform Mistake #4: Why regex parsing creates time bombs and how structured outputs create reliability Mistake #5: What separates real agents from naive tool loops (hint: embedded planning) Mistake #6: How to build evaluation-first systems that catch regressions before users do What’s inside every lesson: Each day, you get a complete breakdown of one critical mistake: The failure pattern: See exactly how this breaks production systems (with real examples from our builds) Why it happens: Understand the root cause so you can spot it in your own systems The proven fix: Get the exact solution we use in production, ready to apply immediately By Day 6, you’ll transform how you build: Reduce costs by 4-15x through strategic context window management Ship faster by choosing workflows vs agents vs hybrids based on your actual use case Eliminate random behavior with structured outputs instead of fragile text parsing Build reliable agent loops with embedded planning that’s goal-directed, not reactive Deploy with confidence using evals as tests to catch regressions before users do Diagnose failures instantly by knowing exactly which of the 6 mistakes is causing issues These aren’t theoretical concepts. They’re the exact decisions that separate engineers who ship reliable agentic systems from those stuck debugging random behavior. Start the free course (first lesson in 2 minutes) →

Siphon The Case for Dystopian AI From Citrini to jobs exposed to AI. What if the promise of AI turns into something destabilizing and profoundly unfair. Are we missing some of the biggest risks of AI getting too close to home? Michael Spencer Feb 25, 2026 ∙ Paid 129 8 20 Share Citrini Research - Is AI becoming the snake that bites its own tail? As many of you know, I’m fairly concerned Generative AI is accelerating wealth inequality. But how would that take place in a deteriorating labor market? What if we are witnessing history, but not the uplifting kind. 😕 While Tech owned social media and with Venture Capitalists boosting AI tech optimism narratives ( disconnected from both workers and the K-shaped economy ), what’s the more realistic side to all of this? And could AI disrupt some of how capitalism and capital markets work themselves? What if AI is not a great collaborator like we are being promised that empowers, but a great destroyer? I’ve been reading and contemplating the influential report by Citrini Research: " The 2028 Global Intelligence Crisis "that is a fairly speculative " memo from the future " that explores a scenario in 2028 (you know because AI 2027 was already taken) where AI succeeds so rapidly that it “breaks the modern economic engine.” This report actually did lead to IBM’s worst stock drop in 20 years doing down over thirteen percent ( IBM 0.00%↑ ). Among other companies named in the report as being more vulnerable on Monday. What worries me is the question of whether the lack of job creation from Generative AI is transitory or permanent. It’s debatable to me whether the Global Intelligence revolution is even real, and if the AI movement can lead to negative growth . If you care about humanity and actual people, these issues are concerning regarding AI’s impact. But if you are in the business of exaggerating and speculating, why not do some fear-mongering while you are at it. Markets don’t care about the affordability crisis of real people, but they do about the prospect of potential business disruption and automation that could lead to negative feedback loops impacting stocks where they store their wealth. The Citrini Report led to some fairly elaborate Twitter commentary , and actually appeared to move markets on Monday February 23rd, 2026. Today I’m watching Anthropic’s event: The Briefing: Enterprise Agents . Do they time this stuff? Citrini Research The Enterprise AI Acceleration Are Cowork plugins the beginning of a wide range of customized workflows towards a more agentic AI? Let the “plugin games” begin. Who needs hunger games when you have AI. Loading... Plugins make AI more Accessible to Automate Tasks Claude with plugins re-imagines some of what can be automated in some companies changing roles and responsibilities within early adopters. We will soon see dozens of companies offering similar productivity enhancing capabilities. Cursor already has a similar competitor marketplace and available on Github . You can only imagine Google and others have their own. (see above poll, or LinkedIn version ). Not everyone is as optimistic about Agentic AI as Citrini. But what if it breaks the economy? Scenario Concerns ✨ (June 2028 Hypothesis) The Citrini Report does highlight some potential risks: (what follows is an outline of their 2028 hypothesis): In the Citrini thought-experiment, AI could creates an “Intelligence Displacement Spiral” White-collar sectors and some knowledge workers face severe disruption first The Rise of "Ghost GDP": While nominal GDP and productivity appear strong due to AI efficiency, the report describes "Ghost GDP"—output that shows up in national accounts but fails to circulate in the real economy because AI agents do not spend money on discretionary goods, housing, or services. Macroeconomic fallout intensifies: Unemployment rises to 10.2%, JOLTS job openings plummet 15% YoY, initial jobless claims surge (mostly white-collar), and labor’s GDP share falls to 46% from 56%. Financial system comes under strain: Private credit sees cascading defaults (e.g., $18B software debt downgraded, Zendesk facility marked down sharply); the $13T mortgage market risks impairment as prime borrowers in tech hubs face income shocks, driving delinquencies and home value drops (e.g., 11% YoY in San Francisco). Please read the full Report and share your own opinions about it if you are so inclined. Leave a comment Are we destined for AI-driven negative displacement spirals? Citrini Research. Will AI lead to negative spirals? In my search for whether AI will lead to accelerated wealth inequality, I found one of the best sources I could in Jeremy Ney of American Inequality Newsletter. Jeremy Ney is an author , researcher, and data scientist best known for his work on the "American Inequality" project. American Inequality Data on U.S. inequality and regional divides. Covering all things housing, healthcare, poverty, education, tech and more. American Inequality Data on U.S. inequality and regional divides. Covering all things housing, healthcare, poverty, education, tech, and more. By Jeremy Ney Jeremy is a serious academic researcher , whose primary thesis is that inequality is interconnected and goes far beyond simple income figures. He also holds extensive Substack Live interviews and sessions. Where Inequality Means Life or Death | Jeremy Ney | TEDxBU Few people on the planet have such a nuanced and data-driven understanding of American inequality than Jeremy. He’s now working on a book as well. His commitment to the niche of American inequality goes deep. Why does inequality matter ? American Inequality | Income Maps Public Data Is Under Siege: Why It Affects You Why poverty is rising in America Why homelessness just hit a 15-year high, rising 12% from last year If you think American inequality is an important issue, consider supporting the author with a paid contribution to access all of his data and research. Support American Inequality Project If you prefer listening on the go: 0:00 -14:15 Audio playback is not supported on your browser. Please upgrade. Generative AI and Inequality By Jeremy Ney , February, 2026. Jeremy Ney is the author of the American Inequality Substack and a professor at Columbia Business School . There is no doubt that AI is coming for some jobs, but the overwhelming question is - who is most at-risk of job loss and how long is the pain going to last? Are Amazon warehouse workers first in line for job loss or are the consultants, software developers, and financial analysts going to feel the pain of the first wave? A new consensus is emerging that focuses on jobs “exposed to AI” and identifying workers who have the skills to land back on their feet when AI comes knocking at their door. New data analysis of these AI-exposed jobs reveals that there are 3 categories of workers who face the biggest threats from this technological shift. Regardless of the worker category though, there’s a more sinister inequality that is taking shape. The Age of the AI Aristocracy A small number of people are getting incredibly wealthy off this AI revolution. During the AI surge of the past two years, the top 10% of households saw their wealth increase by $5 trillion in a single quarter (Q2 2025), while the bottom 50% saw a gain of just $150 billion, or a 33x gap. The bottom 50% of Americans own just 1% of all U.S. stocks, meaning that the gains accruing to Nvidia or Microsoft don’t flow through to millions of households. A new AI Aristocracy seems to be emerging, fueling the rise of a handful of ultra-wealthy households. In 1910, the richest 0.00001 percent of Americans owned wealth equivalent to 4 percent of U.S. national income. Today, that number has risen to 12 percent. The wealth and power of oligarchs far exceed their Gilded Age peak. In other words, we’ve passed peak robber baron . The economy is now divided split in two : AI stocks are propping up the S&P, accounting for 60% of gains over the last 2 years, and helping just a few households pull ahead. When we talk about robber barons, AI datacenter investment is still only one-sixth the railroad investment of the 1880s, but the returns for just a few Americans is now far higher. Corporate profits are at some of their highest levels in the last 80 years even though American workers just took home their smallest share of the nation’s wealth since 1947. The money is there, it just isn’t going to most Americans who are now having to pay higher electricity bills while getting paid less for the same work. For the rest of America outside of the AI Aristocracy, here are those who are going to face the biggest threats of inequality posed by this technological shift. People at the Extremes of the Age Distribution Are Losing Their Jobs Recent college grads are facing one of the worst job markets in decades. For the first time in our recorded history, recent college grads have higher unemployment rates than all other workers and have faced a worsening job prospects at finding jobs. Stanford economists found that young workers aged 22–25 in “highly AI-exposed” jobs, such as software developers and data analytics experienced a 13% decline in employment since the advent of ChatGPT. These young workers haven’t yet built the skillsets to transfer into other jobs, and their lower set of skills overall means that advanced AI tools can often accomplish the same type of work that a company once had to pay a college grad $50,000-$150,000 to accomplish. Continue reading this post for free, courtesy of Michael Spencer. Claim my free post Or purchase a paid subscription. Previous Next

AI is revolutionizing the cybersecurity landscape. From accelerating threat detection to enabling real-time automated responses, artificial intelligence is reshaping how organizations defend against increasingly sophisticated attacks.But with these advancements come new and complex risks—AI systems themselves can be exploited, manipulated, or biased, creating fresh vulnerabilities. In this session, we’ll explore how AI is being applied in real-world cybersecurity scenarios—from anomaly detection and behavioral analytics to predictive threat modeling. We’ll also confront the challenges that come with it, including adversarial AI, data bias, and the ethical dilemmas of autonomous decision-making. Looking ahead, we’ll examine the future of intelligent cyber defense and what it takes to stay ahead of evolving threats. Join us to learn how to harness AI responsibly and effectively—balancing innovation with security, and automation with accountability. Register now for this free webinar!

Originally from the small Balkan country of Montenegro, Strahinja (Strajo) Janjusevic says his life has unfolded in unexpected ways, for which he is deeply grateful. After graduating from high school, he was selected to represent his country in the United States, studying cyber operations and computer science at the U.S. Naval Academy in Annapolis, Maryland. He has since continued his cybersecurity studies and is currently a second-year master’s student in the Technology and Policy Program (TPP) , hosted by the MIT Institute for Data, Systems, and Society (IDSS) . His research with the MIT Laboratory for Information and Decision Systems (LIDS) and the MIT Maritime Consortium team aims to improve the cybersecurity of critical maritime infrastructure using artificial intelligence, considering both the technology and policy frameworks of solutions. “My current research focuses on applying AI techniques to cybersecurity problems and examining the policy implications of these advancements, especially in the context of maritime cybersecurity,” says Janjusevic. “Representing my country at the highest levels of education and industry has given me a unique perspective on cybersecurity challenges.” Janjusevic’s pathway from Montenegro to Maryland was created by a program that allows selected students from allied countries to attend the U.S. Naval Academy. Janjusevic graduated with a dual bachelor’s degree in cyber operations and computer science. His undergraduate experience provided opportunities to collaborate with the U.S. military and the National Security Agency, exposing him to high-level cybersecurity operations and fueling his interest in tackling complex cybersecurity challenges. During his undergraduate studies, he also interned with Microsoft, developing tools for cloud incident response, and with NASA, visualizing solar data for research applications. Following his graduation, he realized that he still needed more knowledge, particularly in the area of AI and cybersecurity. TPP appealed to him immediately because of its dual emphasis on rigorous engineering innovation and the policy analysis needed to deploy it effectively. Janjusevic’s experiences at TPP have been a big change from his time at the U.S. Naval Academy, with a different pace and environment. He has especially appreciated being able to broaden his understanding about a variety of research domains and apply the discipline and knowledge he earned during his time at the academy. “My TPP experience has been amazing,” says Janjusevic. “The cohort is really small, so it feels like a family, and everyone is working on diverse, high-impact problems.” Mitigating the risks of emerging technologies Janjusevic’s thesis brings together disciplines of cybersecurity, AI and deep learning, and control theory and physics, focusing on securing maritime cyber-physical systems — in particular, large legacy ships. The hacking of these ships’ networks can result in substantial damage to national security, as well as serious economic effects. “Strajo is working to outsmart maritime GPS spoofing,” says Saurabh Amin, the Edmund K. Turner Professor in Civil Engineering. “Such attacks have already lured vessels off course in contested waters. His approach layers physics-based trajectory models with deep learning, catching threats that no single method can detect alone. His expertise has been very helpful in advancing our work on threat modeling and attack detection.” The research utilizes advanced threat modeling and vessel dynamics to train AI systems to distinguish between legitimate maneuvers and spoofed signals. It involves building a framework that employs an internal LSTM (long short-term memory) autoencoder to analyze signal integrity, while simultaneously using a physics-based forecaster to predict the vessel's movement based on environmental factors like wind and the sea state. By comparing these predictions against reported GPS positions, the system can effectively distinguish between natural sensor noise and malicious spoofing attacks. This hybrid framework is designed to empower, not replace, human operators, providing verified navigation data that allows watch standers to distinguish technical glitches from strategic cyberattacks. Janjusevic has been able to enhance his academic research with industry experience. In summer 2025, he interned with the Network Detection team at the AI cybersecurity company Vectra AI. There, he investigated potential threats new technologies can bring, particularly AI agents and the model context protocol (MCP) — the emerging standard for AI agent communication. His research demonstrated how this technology could be repurposed for autonomous hacking operations and advanced command and control. This work on the security risks of agentic AI was recently presented in the preprint, “Hiding in the AI Traffic: Abusing MCP for LLM-Powered Agentic Red Teaming.” “I was able to gain practical insights and hands-on experience into how a data science team uses AI models to detect anomalies in a network,” says Janjusevic. “This work within industry directly informed the anomaly detection models in my research.” International policy perspective “Strajo brings not just a high level of intelligence and energy to his work on cyber-physical security for merchant vessels, but also a strong instinct from his Navy training that resonates deeply with the research effort and grounds it in actionable policy,” says Fotini Christia, the Ford International Professor of the Social Sciences, director of IDSS, and a leader of the MIT Maritime Consortium . Janjusevic participates in the cybersecurity efforts of the Maritime Consortium, a collaboration between academia, industry, and regulatory agencies focused on developing technological solutions, industry standards, and policies. The consortium includes cooperation with some international members, including from Singapore and South Korea. “In AI cybersecurity, the policy element is really important, as the field is so fast-moving and the consequences of hacking can be so dangerous,” says Janjusevic. “I think there’s still a lot of need for policy work in this space.” Janjusevic is also currently helping to organize two upcoming major conferences: the Harvard European Conference in February, which will convene officials and diplomats from across the globe, and the Technology and National Security Conference in April, a collaboration of Harvard and MIT that brings together top leaders from government, industry, and academia to tackle critical challenges in national security. “I’m striving to find a position where I can influence and advance the cybersecurity field with AI, while at the same time leading collaboration and innovation between the United States and Montenegro,” says Janjusevic. “My goal is to be a bridge between Europe and the U.S. in this space of national security, AI, and cybersecurity, bringing my knowledge to both sides.”