Category: Technology

This article discusses the security risks associated with the FreeVPN.One Chrome extension, which was found to be secretly capturing users’ browsing data.

A recent report from Koi Security has raised alarms about a Chrome extension masquerading as a free VPN service. The extension, named FreeVPN.One, has over 100,000 installations and even boasts a “Featured” badge, yet it has been discovered to be capturing screenshots of users’ browsing sessions without their consent.

While browser extensions are often designed to enhance user experience, some can pose significant security threats. FreeVPN.One, once installed, did not merely facilitate VPN traffic; it secretly recorded screenshots of every website visited, including sensitive information such as bank logins, private photos, and confidential documents. These images were sent to servers controlled by the extension’s developer.

Alarmingly, the extension gradually added permissions under the guise of “AI Threat Detection,” transforming what appeared to be a helpful feature into a tool for continuous surveillance. Users typically install VPNs to safeguard their privacy, but FreeVPN.One subverted this expectation by exploiting Chrome’s permissions to gain access to every page users opened.

Koi Security’s researchers tested the extension and confirmed that it captured screenshots even on trusted platforms like Google Photos and Google Sheets. The developer claimed that these images were not stored but provided no evidence to support this assertion.

There were several warning signs regarding FreeVPN.One. While some free VPN services operate responsibly, many rely on alternative revenue streams, often involving the sale of user data. Following Koi Security’s findings, the developer offered a partial explanation, asserting that the automatic screenshot captures were part of a “background scanning” feature meant only for suspicious domains. However, the evidence of screenshots taken from reputable sites contradicted this claim.

When pressed for proof of legitimacy, such as a company profile or professional contact information, the developer ceased communication. The only public link associated with the extension led to a basic Wix starter page, raising further concerns about its credibility.

In response to the report, FreeVPN.One has been removed from the Chrome Web Store. Attempts to access its page now return a message indicating that the item is no longer available. While this removal mitigates the risk of new downloads, it underscores a troubling gap in security oversight. The extension exhibited spyware behavior for months while still maintaining a verified label, prompting questions about the thoroughness of Chrome’s review process for featured extensions.

If you have installed FreeVPN.One or any suspicious Chrome VPN extension, it is crucial to take immediate action to protect your cybersecurity. Users should navigate to Chrome, select Window, then Extensions, and remove any questionable extensions.

It is advisable to stick to reputable VPN providers that have established track records, transparent operations, and audited policies. Choosing a legitimate VPN allows users to maintain control over their privacy rather than relinquishing it to an anonymous developer. A trustworthy VPN is essential for ensuring online privacy and providing a secure, high-speed connection.

Additionally, running a reliable antivirus tool can help detect hidden malware. Strong antivirus software can alert users to phishing emails and ransomware scams, safeguarding personal information and digital assets.

Users should also consider employing a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse. It is important to check whether passwords have been exposed in previous data breaches. The top password managers often include built-in breach scanners that can identify compromised passwords, prompting users to change any reused credentials.

Extensions like FreeVPN.One illustrate how easily personal information can be collected and exploited. Even after uninstalling such spyware, personal data may already be circulating on data broker sites, where it can be sold to marketers, scammers, and cybercriminals. Utilizing a personal data removal service can help scan for personal information across numerous broker sites and request its removal, limiting the potential for misuse.

Before adding any extension, it is essential to review the permissions it requests. If a VPN seeks access to “all websites,” this should raise a red flag. FreeVPN.One serves as a stark reminder that “free” services often come with hidden costs—namely, the compromise of user data. Users should remain vigilant, conduct thorough vetting, and utilize privacy tools backed by reputable companies.

In conclusion, the question remains: Would you trade your browsing privacy for a free tool, or is it time to reconsider the true cost of “free” services?

Source: Original article

A new malware campaign, Shamos, is targeting Mac users by exploiting fake troubleshooting websites to install malicious software through deceptive terminal commands.

A dangerous new malware campaign is on the rise, specifically targeting Mac users globally. Security researchers at CrowdStrike have identified Shamos, a new variant of the Atomic macOS Stealer (AMOS), developed by a cybercriminal group known as COOKIE SPIDER.

This attack employs ClickFix tactics, where victims searching for Mac troubleshooting assistance are lured to counterfeit websites or GitHub repositories. These fraudulent sites trick users into copying and pasting a one-line command into Terminal, which is purportedly meant to fix an error. Instead of resolving issues, this command silently downloads Shamos, bypassing macOS Gatekeeper protections and installing the malware.

Once installed, Shamos begins to search for sensitive information, including Apple Notes, Keychain items, browser passwords, and even cryptocurrency wallets. The stolen data is compressed and sent directly to the attackers, often alongside additional malware such as botnet modules or counterfeit Ledger wallet applications.

Cybercriminals distribute these deceptive “fixes” through malvertising campaigns and spoofed tech support websites, which often bear names like mac-safer[.]com or rescue-mac[.]com. These sites masquerade as trusted troubleshooting guides and appear prominently in search results for common Mac issues, such as “how to flush resolver cache.”

Victims are encouraged to copy and paste commands that download malicious Bash scripts. These scripts can capture the user’s password, remove file protections, and launch Shamos. With persistence tools in place, the malware can even restart alongside the system, maintaining control long after the initial infection.

To avoid falling victim to Shamos and similar threats, users should take proactive measures. While copy-pasting commands into Terminal may seem like a quick fix, it is also one of the easiest ways for attackers to circumvent Apple’s built-in protections. If you encounter a command on a website, forum, or GitHub repository, do not execute it unless you fully understand its function. Instead, verify the command with Apple’s official support site or the Apple Community forums, where experienced users and moderators can confirm safe troubleshooting steps.

Hackers are aware that when a Mac experiences issues, users often seek quick solutions. This urgency is exploited through sponsored ads that push fake troubleshooting websites higher in search results. Clicking on the top link may seem natural, but it could lead to a trap. It is advisable to stick with trusted sources like Apple Support or scroll past the ads to locate legitimate guides.

While GitHub is a valuable resource for developers, it has also become a hotspot for malicious repositories that mimic legitimate software. Attackers frequently clone popular applications or tools, embedding malware within them. Before downloading anything, users should check the publisher’s name, the number of stars, and the activity history. If the account appears suspicious, inactive, or newly created, it is best to avoid it.

Mac malware is evolving rapidly, and Apple’s built-in security features cannot catch everything. Utilizing a robust antivirus solution adds another layer of defense by scanning downloads, blocking malicious scripts, and detecting suspicious behavior in real time. Some security tools can even identify the one-line Terminal commands used by Shamos before they can inflict damage.

As Shamos is designed to steal personal information and transmit it to cybercriminals, reducing your online footprint can help mitigate the potential fallout. A personal data removal service can scan data broker sites and eliminate your exposed information, making it more difficult for attackers to resell or exploit it following a breach. Although this measure won’t prevent malware from stealing data already on your Mac, it does provide an additional layer of protection by minimizing the data available for criminals to use against you.

Apple regularly patches vulnerabilities in macOS that malware attempts to exploit. Keeping your system updated is crucial for closing the doors that attackers rely on. Enabling automatic updates ensures that your Mac receives the latest patches as soon as they become available. Coupled with good digital hygiene, such as avoiding dubious downloads, this practice significantly lowers the risk of infection.

Cybercriminals understand that when a Mac malfunctions, users are likely to seek immediate solutions. Shamos capitalizes on this urgency by disguising itself as helpful assistance. Staying safe requires users to slow down before copying, pasting, or downloading anything. If something seems off, it probably is.

Should Apple be doing more to protect Mac users from evolving threats like Shamos? Share your thoughts by reaching out to us at Cyberguy.com/Contact.

Source: Original article

Google CEO Sundar Pichai has addressed the mounting criticism that followed the release of ChatGPT and the perception that Google was trailing behind in the artificial intelligence race. Speaking on Lex Fridman’s podcast, Pichai responded to narratives that suggested Google had lost its edge and even calls for him to resign, defending the company’s strategic approach and expressing confidence in the long-term vision he had laid out.

During a time when Google was under intense scrutiny for allegedly falling behind in AI innovation, particularly following the rapid success of OpenAI’s ChatGPT, critics questioned whether the tech giant had failed to keep up with the pace of AI development. Some commentators even went so far as to call for a change in leadership. Pichai, however, dismissed these concerns, saying he had full awareness of what was being built behind the scenes at Google.

“Look, lots to unpack. The main bet I made as a CEO was to really make sure the company was approaching everything in an AI-first way… setting ourselves up to develop AGI responsibly and make sure we are putting out products which embodies things that are very, very useful for people,” said Pichai.

His response comes amid a wave of media reports and industry commentary that argued Google had been overtaken by newer players in the AI space. The launch of ChatGPT marked a turning point in the public’s perception of generative AI, and Google was criticized for not having an immediate response that matched the impact of OpenAI’s chatbot. This led to a broader discussion about whether Google had lost its “magic touch” in innovation.

However, Pichai pushed back against this narrative by emphasizing the steps he had already taken internally to realign Google’s priorities around AI. He noted that even while the public doubted Google’s position in the AI landscape, the company had already started consolidating its top AI talent and technologies.

“So look, I knew, even through moments like that last year, I had a good sense of what we were building internally. So I’d already made many important decisions, bringing together teams of the caliber of Brain, and DeepMind, and setting up Google DeepMind,” he explained.

The merging of Brain and DeepMind into Google DeepMind was a strategic move to consolidate Google’s AI research capabilities and foster faster progress. This internal restructuring, Pichai implied, was not immediately visible to outsiders and might have led to misconceptions about Google’s pace in AI development.

Pichai also addressed how he personally handled the wave of negativity during that time. When asked about the lowest points in that period, he said he remained calm and focused, relying on his ability to ignore distractions and concentrate on meaningful feedback. He likened his role to that of a football coach leading a top-tier team, where performance is under constant scrutiny.

“Anytime you’re in a situation like that, a few aspects, I’m good at tuning out noise, right, separating signal from noise,” he said. He further added, “Running Google, you may as well be coaching Barcelona or Real Madrid. You have a bad season.”

Despite the intensity of the criticism, Pichai maintained that his job required him to stay grounded and discerning, particularly when dealing with feedback. He emphasized the importance of distinguishing between noise and genuine insight, recognizing that some external voices do offer valuable perspectives.

“I’m good at tuning out the noise. I do watch out for signals. It’s important to separate the signal from the noise, so there are good people sometimes making good points outside, so you wanna listen to it, you want to take that feedback in. But, internally, you are making a set of consequential decisions,” he said.

Part of the external misinterpretation, according to Pichai, stemmed from a lack of awareness about the technical and infrastructural challenges involved in scaling AI. He pointed to the difficulties in deploying and scaling massive models like Gemini, Google’s advanced large language model, as one such example.

Pichai noted that securing sufficient computational power by ramping up Tensor Processing Units (TPUs) was an effort that took time and might not have been visible or understood outside the company. These TPUs are critical to training and running large-scale AI models, and delays in scaling them could slow product development, even if the underlying research was on track.

He elaborated that while external observers may judge by public-facing product rollouts, they may not realize the internal hurdles and foundational efforts required to bring those products to market. These include hardware, compute resources, team alignment, and integration of complex research projects into usable tools.

In the case of Gemini, for example, Pichai’s comments suggest that while critics were focusing on visible outputs, the groundwork was being laid to build something more robust and sustainable in the long term. He implied that short-term criticism did not account for the larger trajectory the company was aiming for.

Pichai’s remarks suggest a belief that the company’s AI roadmap, though not always apparent externally, has been strategically sound. He expressed confidence that the decisions taken during the criticized period would eventually yield results that affirm Google’s leadership in AI.

By acknowledging the public’s perception while also offering insight into the behind-the-scenes decision-making, Pichai appeared to be balancing transparency with assurance. He remained composed in his explanation and made it clear that leadership in such a high-stakes environment requires both resilience and long-term thinking.

As Google continues to expand its AI offerings and integrate generative models like Gemini into its products, Pichai’s defense may resonate with those who value deliberate and structured innovation over rapid, headline-grabbing releases. His comments reflect a CEO who has been through turbulent times but remains committed to a vision that, in his view, is both ambitious and responsible.

In the end, Sundar Pichai’s message was clear: Google has not lost its edge but is playing a longer, more calculated game in the AI race. The foundation for this future, he argues, was being laid quietly even as the outside world questioned the company’s direction.

In the global rush to harness the power of artificial intelligence, much of the public conversation has centered on concerns about job losses. However, Demis Hassabis, CEO of Google DeepMind, has drawn attention to a more urgent issue: the risk that advanced AI systems could be misused by malicious individuals or groups. His stark warning comes at a time when AI is rapidly approaching the ability to rival or even surpass human intelligence.

The central issue, according to Hassabis, isn’t the potential for employment disruption. Instead, it is the danger of advanced AI falling into the wrong hands. Speaking in a recent interview with CNN, Hassabis stated, “A bad actor could repurpose the same technologies for a harmful end,” highlighting a looming future where artificial general intelligence might equal or exceed human cognitive abilities within just ten years. This rapid timeline demands the creation of strong governance structures to manage who can access and control these technologies.

Balancing open development with necessary safeguards is proving to be a serious challenge. There is an urgent need to prevent malicious use while still allowing AI to be employed in ways that benefit society. Evidence of AI misuse is already visible. There have been scams made more convincing through AI, false information from AI systems that damages personal relationships, and deepfake technologies used to produce sexual content without consent.

Visionaries like Hassabis are acutely aware of the dual-purpose nature of powerful AI tools. Unlike previous technological innovations, AI systems have autonomous learning abilities, making them more difficult to predict and control. This requires new, more advanced approaches to regulation and oversight that go beyond existing methods.

While job loss and automation are certainly issues, Hassabis does not see them as the most critical ones. Numerous experts have outlined the possibility that a wide range of jobs could be automated, with only a few professions staying intact in their current form. However, he views this transformation as a manageable phase in technological evolution rather than an existential crisis.

He draws historical parallels with earlier technological revolutions. For instance, when machines first replaced manual labor during the industrial age, societies eventually adapted by evolving new economic systems and creating fresh employment opportunities. Similarly, past technologies have often led to innovations designed to counteract the issues they introduced.

In contrast, the misuse of AI poses a different type of risk—one that is far more urgent and potentially catastrophic. While job displacement tends to unfold over time, malicious use of AI can cause sudden and possibly irreversible damage. This sharp contrast helps explain why many leaders in the tech world are more focused on AI security than employment concerns.

Prominent figures such as Elon Musk have proposed solutions like universal high income to soften the impact of job losses, but such economic safety nets do little to prevent the dangerous misuse of AI systems. As Hassabis and others point out, it’s not just the economic outcomes that need attention, but also the security and ethical implications.

Alarmingly, the threats posed by AI misuse aren’t just hypothetical. Real-world examples are already surfacing. Cybercriminals use AI to write complex phishing emails that are harder to detect. Hackers deploy AI-generated code to break into secure systems. Individuals exploit deepfake technology to produce fabricated content that invades people’s privacy and harms their reputations.

These early misuses are just the beginning. As AI systems grow increasingly powerful, the damage they can cause when misused will escalate dramatically. That looming possibility underlines the urgent need for safety frameworks to be implemented before technology outpaces regulation.

Developing such regulations poses a difficult balancing act: they must protect against harm without hindering progress. Philanthropic organizations like the Bill and Melinda Gates Foundation demonstrate how, when guided properly, technological advances can be directed toward solving some of the world’s biggest problems. This makes it even more crucial to strike a balance between security and innovation.

However, international cooperation in regulating AI presents formidable challenges. Hassabis acknowledged these hurdles during his CNN interview, stating, “Obviously, it’s looking difficult at present day with the geopolitics as it is.” Global unity is hard to achieve when national interests and rivalries over technological supremacy are so deeply entrenched.

This issue isn’t unique to AI; many global problems demand collective action. Effective AI governance will need a level of international cooperation that has rarely been seen before. Without such collaboration, patchy standards and fragmented approaches could leave the world vulnerable to bad actors exploiting gaps in oversight.

Looking back at other transformative technologies, history shows that innovation often begins with individuals driven by curiosity and vision—like Steve Jobs, who displayed remarkable initiative at just twelve years old. But while individual innovators will continue to play a vital role, AI’s complexity and impact make it a shared global responsibility.

Hassabis remains cautiously hopeful that the rising capabilities of AI will eventually push governments and organizations to realize the necessity of working together. “I hope that as things will improve, and as AI becomes more sophisticated, I think it’ll become more clear to the world that that needs to happen,” he said. He believes the growing power of AI systems will eventually make the need for coordinated regulation impossible to ignore.

The caution issued by Hassabis, a central figure in AI development, should not be taken lightly. While public debates often focus on AI replacing jobs, the far more dangerous possibility lies in its misuse by those with harmful intent. Tackling this threat will require more than just technical expertise; it will demand proactive international cooperation and an ethical framework robust enough to keep pace with AI’s rapid advancement.

As artificial intelligence continues its rapid evolution, the stakes could not be higher. Whether the technology becomes a tool for progress or a weapon of destruction depends heavily on the decisions made now. The world must prepare not just for the economic changes AI will bring, but also for the moral and security challenges that come with such transformative power.

A cybersecurity alert originally released on June 5 has now been updated with fresh warnings from the FBI, highlighting an even more dangerous threat landscape. The new advisory includes not only expanded technical details about the infamous Play ransomware campaign but also introduces a troubling new cyberattack vector—BADBOX 2.0. Additionally, authorities have provided updated insights into the cybercriminal collective known as Balloonfly, believed to be deeply embedded in the Play ransomware operations.

The Federal Bureau of Investigation (FBI), in collaboration with the U.S. Cybersecurity and Infrastructure Security Agency (CISA), issued a joint cybersecurity advisory as the scale and pace of Play ransomware attacks intensified throughout May. These threat actors have left their mark on a wide array of targets, from private enterprises to critical infrastructure providers. Their attacks span continents, affecting victims in both North and South America, and extending across Europe.

The FBI has stressed the need for immediate action from organizations of all sizes. “Act now,” the advisory warns, as Play ransomware actors rapidly accelerate their operations. The advisory, part of the larger Stop Ransomware campaign, is designed to arm organizations with the most up-to-date knowledge of the attackers’ evolving tactics, techniques, and procedures (TTPs). It also provides newly identified indicators of compromise that security teams can use to enhance detection and response.

This latest advisory update comes after joint investigations carried out in 2024 by the FBI, CISA, and the Australian Cyber Security Centre. These investigations revealed that the cybercriminals behind Play ransomware have significantly refined and altered their attack methods. The scale of the threat is underscored by the FBI’s confirmation that approximately 900 organizations had been targeted by Play ransomware actors—a figure that is triple what the FBI had previously reported.

Play ransomware operates as a closed ransomware group, meaning they act independently without the involvement of affiliates. This setup, as stated in the advisory, is meant to “guarantee the secrecy of deals” made using stolen data. Interestingly, ransom notes left for victims do not outline a specific payment demand or offer instructions. Instead, they instruct victims to initiate contact through unique email addresses hosted on one of two German domains. The FBI noted that “a portion of victims are contacted via telephone and are threatened with the release of the stolen data and encouraged to pay the ransom.” These intimidation tactics are calculated to push victims directly into negotiations under immense psychological pressure.

Technical details released by the FBI offer a clearer picture of the threat landscape. Play ransomware has been linked by cybersecurity researchers to North Korea’s state-sponsored Andariel hacking group, which is part of the Reconnaissance General Bureau of the Democratic People’s Republic of Korea. One of the key distributors associated with Play ransomware is the cybercrime group Balloonfly. Analysts believe Play ransomware is a “core component” of Andariel’s digital attack strategies.

Balloonfly reportedly uses malware backdoors to compromise Windows systems. According to Symantec Threat Hunter researchers, the group has primarily targeted businesses in the U.S. and Europe. Microsoft’s Threat Intelligence Center, along with the Microsoft Security Response Center, had previously observed Play ransomware being launched after cybercriminals exploited a zero-day vulnerability in the Windows Common Log File System. That particular vulnerability, catalogued as CVE-2025-29824, was addressed in Microsoft’s April Patch Tuesday update.

However, Play ransomware’s reach is not limited to a single flaw. Other exploited vulnerabilities include CVE-2022-41040 and CVE-2022-41082, both of which affected Microsoft Exchange Server, as well as CVE-2020-12812 and CVE-2018-13379, which targeted Fortinet’s FortiOS. While all these vulnerabilities have now been patched, the FBI strongly urges organizations to apply these patches if they haven’t done so already. It is, as the advisory says, “a matter of some critical urgency.”

Initial access to networks is often achieved through the exploitation of “external-facing services such as Remote Desktop Protocol and Virtual Private Networks,” the FBI confirmed. Once inside, Play ransomware actors deploy popular command and control tools like Cobalt Strike and SystemBC, along with remote administration tools such as PsExec. After establishing a foothold, attackers scour the compromised systems for unsecured credentials. “Once established on a network, the ransomware actors search for unsecured credentials and use the Mimikatz credential dumper to gain domain administrator access,” the FBI stated.

Unfortunately, the Play ransomware saga isn’t the only urgent issue on the cybersecurity radar. In a separate advisory labeled I-060525-PSA, the FBI has also issued an alert concerning a disturbing new variant of cyberattacks targeting consumers. Dubbed BADBOX 2.0, this new threat involves compromised smart home devices, which are being used as part of a larger cybercriminal campaign.

The latest BADBOX 2.0 campaign demonstrates how threat actors are expanding their targets beyond corporate networks to individual consumers through internet-connected devices. Smart TVs, security cameras, routers, and other home IoT devices are being hijacked and exploited as entry points into larger systems or to build botnets. While the FBI has yet to release complete technical documentation for this new threat, it has urged all users—businesses and individuals alike—to immediately secure and update any smart devices in their environment.

Though it may seem like every day brings a fresh cyberattack warning, the escalation of both the Play ransomware and BADBOX 2.0 threats highlight the persistent and adaptive nature of today’s cybercriminal landscape. “Sometimes, way too oftentimes, in fact, it can feel like every day is a critical attack warning day when you work in the cybersecurity field,” one cybersecurity expert remarked. That sentiment reflects the increasing frequency and severity of digital attacks that demand constant vigilance.

The FBI and CISA have issued strong recommendations for both preventing and responding to these threats. Organizations are encouraged to:

1. Ensure all systems are fully patched, especially those known to be exploited by Play ransomware.
2. Disable unused services, particularly those exposed to the internet, such as RDP.
3. Use multifactor authentication across all access points.
4. Monitor systems for suspicious lateral movement activity.
5. Regularly back up critical data and store backups offline.
6. Train staff to recognize phishing and social engineering attempts.

The updated advisory, enhanced with critical technical insights and threat intelligence, aims to help organizations prepare and defend against some of the most sophisticated cybercriminal activities observed in recent years. Whether it’s a state-sponsored group targeting international infrastructure or a smart home device being hijacked in a residential neighborhood, the digital battleground continues to grow more complex.

In light of these developments, staying informed and taking preemptive action remains the best defense against becoming another cyberattack statistic. As both Play ransomware and BADBOX 2.0 demonstrate, the threats are real, growing, and increasingly difficult to contain without coordinated vigilance.

In a significant shift driven by technology, IBM made headlines in 2023 by laying off nearly 8,000 employees, primarily from its human resources department. This major reduction in workforce came as part of the company’s push to adopt artificial intelligence for routine HR functions. The goal was to streamline operations by replacing repetitive administrative tasks with a custom-built AI system called AskHR. This platform was designed to manage activities such as handling vacation requests, processing payroll, and organizing employee documents. The strategy, centered on IBM’s headquarters in Armonk, New York, aimed to boost efficiency and reduce operating costs.

AskHR delivered impressive results, successfully automating roughly 94 percent of the HR tasks it was assigned. As a consequence of this sweeping automation, IBM reported a massive $3.5 billion productivity boost across over 70 job categories. The decision to embrace AI not only saved time and resources but also reflected a growing trend in the tech industry. Several major companies, including Google and Spotify, have similarly adopted AI tools and automation systems to simplify internal processes and trim down support staff.

While such large-scale job reductions would typically shrink a company’s workforce, IBM’s experience defied expectations. Instead of seeing an overall decline in employment numbers, the company’s total staff count actually rose following the layoffs. IBM’s CEO Arvind Krishna, who has led the company since 2020, offered insight into this development during an interview with The Wall Street Journal. He said, “Our total employment has actually gone up, because what [AI] does is it gives you more investment to put into other areas.”

These “other areas” included departments where human skills remain essential—such as software development, marketing, and sales. Unlike roles centered on routine or rules-based tasks, these fields rely heavily on creative thinking, complex decision-making, and interpersonal communication. The investment freed up by automation allowed IBM to channel resources into hiring professionals for these high-value sectors.

Rather than viewing AI purely as a cost-cutting tool, IBM used it to enhance its business strategy by blending technological power with human insight. The company shifted its focus toward a hybrid model—automating the predictable while reinforcing areas that benefit from human innovation. New employees brought on after the HR downsizing were primarily specialists in programming, client engagement, and strategic marketing—roles that remain resistant to automation for the foreseeable future.

This transition at IBM offers a broader perspective on how technology is reshaping the world of work. Rather than simply erasing jobs, artificial intelligence is redefining the kind of roles that exist. Positions based on repetition and routine are increasingly being phased out, while those that require design, development, and personalized engagement are in greater demand. IBM’s experience serves as a powerful example of how AI not only transforms work functions but also influences the types of talent companies need.

The broader tech industry has seen similar dynamics. For instance, Duolingo, a language-learning platform that had heavily leaned on chatbot-based automation, eventually had to rehire staff when the technology failed to meet expectations. The shortcomings in AI implementation reminded companies that technology cannot fully substitute for human intuition, judgment, and creativity.

IBM’s AskHR platform offers a clear demonstration of both the strengths and limitations of AI. By 2024, the system had processed more than 11.5 million interactions. It also drastically improved internal satisfaction ratings, pushing its net promoter score (NPS) from a negative -35 to a very favorable +74 over just a few years. Despite the success, it’s worth noting that around 6 percent of user requests still required human intervention. This small but significant percentage revealed that AI cannot yet handle every scenario, especially those involving complex, sensitive, or unique circumstances.

The implementation of AskHR and IBM’s broader automation efforts underscore the delicate balance companies must maintain while adopting AI. The potential gains are substantial, but the transition must be managed with precision. CEO Arvind Krishna captured this nuance when he said the automation “allowed us to invest more in areas that need human creativity and interaction.” His comment highlights IBM’s dual focus: pursuing technological advancement while also nurturing the human element essential to innovation and customer engagement.

IBM’s evolving approach has had a profound impact on how work is distributed throughout its global network of more than 270,000 employees. Tasks once handled by dozens or even hundreds of HR personnel are now efficiently managed by algorithms. However, this has not led to a wholesale reduction in workforce. Instead, the company’s employment model has evolved to prioritize skills that complement automation rather than compete with it.

By reallocating talent and resources, IBM has transformed its internal structure without abandoning its human capital. This reshaping of the workforce reflects a strategic adaptation to technological disruption. It also sends a message to other companies navigating similar changes: automation, if applied thoughtfully, does not have to come at the expense of jobs. Rather, it can be a powerful force for creating new roles and expanding organizational capabilities.

In essence, IBM’s journey illustrates the broader evolution underway in today’s workplaces. As companies adopt AI to handle the mundane and the repetitive, they must also invest in cultivating skills that AI cannot easily replicate. These include emotional intelligence, complex problem-solving, and innovative thinking—all of which remain the domain of human workers.

IBM’s story provides a valuable case study in balancing innovation with workforce development. It demonstrates that automation and employment growth are not mutually exclusive. When managed correctly, one can fuel the other. By embracing AI to handle routine tasks, IBM not only streamlined its HR functions but also opened the door to new opportunities across its enterprise.

The company’s transformation highlights how technological disruption, while inevitable, need not be feared. With a thoughtful strategy, businesses can turn potential setbacks into progress—paving the way for a more dynamic and resilient workforce in the age of AI.