Private markets used to operate behind closed doors, exclusive, informal, and built on personal connections more than structure.…

Private markets used to operate behind closed doors, exclusive, informal, and built on personal connections more than structure. But technology doesn’t stay quiet for long. As financial platforms grow and data privacy takes center stage, private stock trading is being reshaped by digital tools.

This change isn’t just about making things faster; it’s about protecting information and rebuilding trust in a space once defined by limited access. In today’s connected world, transparency starts with keeping data secure.

****The Privacy Paradox of Private Markets****

Unlike public exchanges, where transactions are logged and disclosed, private markets operate in shadowed spaces. Companies can raise capital, issue shares, and transfer ownership without the rigorous disclosure that public firms face. That secrecy undoubtedly has its benefits, like agility and protection from market speculation, but it also creates vulnerabilities.

For investors, the lack of visibility around valuations and ownership trails has long been a pain point. For regulators, it’s a breeding ground for fraud, insider dealing, and misrepresentation. This is where data security intersects with transparency. When companies invest in secure systems, they can share verified information without risking leaks or manipulation. The digital transformation of private trading seeks to resolve this paradox: protecting confidentiality while improving clarity.

****Technology as the New Regulator****

The most ambitious innovations in this space aren’t coming from policy offices but from codebases. Blockchain, distributed ledgers, and secure identity systems are beginning to replicate the transparency of public exchanges within private markets, without revealing sensitive data.

For example, tokenized equity systems allow private shares to be digitally represented and tracked, creating immutable records of ownership transfers. This doesn’t mean every transaction is public, but it ensures that each one is verifiable. In effect, secure technology becomes the new regulator, a system where data integrity ensures transparency.

The World Economic Forum (PDF) has argued that distributed ledger technologies can “reduce information asymmetry” between buyers and sellers in illiquid markets, improving efficiency and integrity. Yet this efficiency only holds if the underlying data remains uncompromised. Every encrypted transaction adds a layer of accountability that strengthens trust.

****The Compliance Crossroads****

However, even as technology opens new doors, it collides with old rules. Private company shares remain subject to complex legal frameworks that vary by jurisdiction. Understanding restrictions around private stock transactions is essential, since not all investors are legally allowed to participate in these markets.

Digital platforms that facilitate private equity trading must balance innovation with strict compliance. Know-your-customer (KYC) and anti-money-laundering (AML) protocols, often automated through artificial intelligence, now serve as gatekeepers. Machine learning models can flag suspicious transfers or patterns of repeated micro-transactions that suggest regulatory evasion.

Data security fortifies these safeguards: encrypted verification, secure authentication, and protected audit trails prevent tampering, ensuring that compliance isn’t just procedural but provable.

****Cybersecurity and the Value of Confidential Data****

In private trading, data is more than a record; it’s a form of currency. Cap tables, investor lists, and valuation metrics are lucrative targets for cybercriminals. Breaches can leak sensitive information long before a company is ready to go public, affecting investor confidence and potential acquisitions.

According to the US Securities and Exchange Commission, cybersecurity lapses in financial systems are among the fastest-growing threats to market stability. This has led to a new generation of fintech platforms that treat cybersecurity as infrastructure rather than an add-on. In these systems, transparency is built on a foundation of encryption; you can’t trust what isn’t protected.

****Redefining Transparency Through Design****

Perhaps the most profound change isn’t in the technology itself, but in what it represents. The next evolution of private markets will depend on design ethics: how user interfaces communicate risk, how platforms disclose data use, and how access is granted or denied.

Designing systems for responsible transparency means letting investors understand the logic behind a valuation algorithm or the source of a data feed, without compromising proprietary information. The design principle is simple: transparency without exposure. It’s not transparency in the raw sense, but rather about interpretability, a middle ground between exposure and opacity.

****Endnote****

The fintech revolution has shown that technology can democratize access to capital. However, democratization without protection is chaos. For private markets to mature digitally, data security must sit at the heart of transparency, transforming it from a compliance checkbox into a cultural norm. Technology can illuminate what used to be invisible: who owns what, when, and why.

(Image by Pete Linforth from Pixabay)

Why Data Security Is the Key to Transparency in Private Markets

Norton finds a flaw in the new Midnight ransomware built from Babuk code and releases a free decryptor to help victims recover files without paying a ransom.

Norton’s threat research team at Gen Digital has identified a major security flaw in Midnight, a new ransomware strain built from the leaked Babuk ransomware source code.

The flaw, introduced during an attempt to improve encryption speed and strength, has allowed Norton to create a free decryptor that restores affected files without paying a ransom.

Midnight inherits much of its structure from Babuk, the ransomware that surfaced in 2021 before its full source code was leaked online. That leak has since resulted in many new threats built on the same base, and Midnight is the latest to reuse and modify the original framework.

Researchers found that while the group behind Midnight ransomware aimed to upgrade Babuk’s encryption methods, the result was the opposite, including a cryptographic implementation that weakened its security.

The ransomware uses a combination of ChaCha20 and RSA encryption to lock files. However, an error in how the RSA key was used allowed partial decryption, which, according to Norton’s blog post, its researchers turned into a practical recovery method. They have since made the decryptor publicly available, offering victims a safe way to recover data.

Midnight ransomware works in a way similar to Babuk, encrypting sections of files instead of entire ones to move faster and still disrupt systems. It applies encryption based on file size, which lets it quickly render large files unreadable without fully processing every byte. Recent samples have expanded the list of targeted files, encrypting nearly all file types except executables such as .exe, .dll, and .msi.

Infected systems typically show files with the .Midnight or .endpoint extensions, or the string may be appended within the file data itself. Victims also find a ransom note titled How To Restore Your Files.txt and, in some cases, a debug log file such as Report.Midnight or debug.endpoint.

.Midnight and .endpoint variants (Image via Norton)

Norton’s decryptor is available here (direct download link) in both 32-bit and 64-bit versions for Windows. It guides users through a simple setup process to locate encrypted files, create backups, and begin decryption. Norton recommends keeping the backup option enabled to avoid data loss during recovery.

Norton Crack Midnight Ransomware, Release Free Decryptor

New AWS report data reveals the top four security failure points in the cloud, including vulnerability exploitation (24%)…

New AWS report data reveals the top four security failure points in the cloud, including vulnerability exploitation (24%) and compromised credentials (20%). Learn why simple operational errors and human factors are the main cause of data breaches across cloud systems.

Businesses are rapidly moving into the public cloud, a change confirmed by the “Building Cloud Trust” report from Amazon Web Services (AWS) and UK-based research firm Vanson Bourne. This report is based on a survey of 2,800 technology and security firms across 13 countries conducted during September and October.

The findings show that while the public cloud is now central to how organisations operate, given its agility, they are simultaneously facing unexpected threats that demand continuous caution.

****Cloud is the New Standard****

The trend shows companies are no longer debating if they should use the cloud, but focusing on how fast. Almost all organisations (99%) are already building applications in the cloud. The use of older, on-premises systems is shrinking.

For example, the share of customer-facing applications running on-premises is predicted to drop from 51% to 40% in the next year, while the cloud share jumps from 70% to 77%. Organisations in the Asia Pacific (APJ) region are the most cloud-active, with 74% building internal applications there.

****Barriers Persist Despite Confidence****

Despite high confidence in the cloud’s capabilities, the top concern holding back adoption is increased cybersecurity and privacy issues, worrying 40% of businesses, the survey finds. Integration challenges with existing older systems are a concern for 38%, reflecting the complex path of connecting years-old systems with new cloud technology.

Vanson Bourne

In their report (PDF), researchers noted that approximately eight out of ten organisations reported a data breach in the past year, whether on-premises (78%) or in the public cloud (79%). This near-equal rate confirms that human factors also play a consistent role, as breaches typically happen because systems are too complex to manage correctly. The most common security-related issues identified are:

*   Physical Theft (19% cloud / 14% on-premises).

*   Misconfiguration (16% cloud / 11% on-premises).

*   Vulnerability Exploitation (24% cloud / 20% on-premises).

*   Compromised Credentials (20% cloud / 19% on-premises).

Security concerns also vary by industry. While Financial Services organisations are the least worried (34%), they are more focused than others on the cost of a provider’s security features versus the value they receive.

The consequences of these attacks are significant, as around a third of organisations surveyed reported operational downtime (35% on-premises / 31% cloud), brand or reputational damage (31% in both), and loss of sensitive data (31% on-premises / 30% cloud).

Vanson Bourne

****New Attacker Tricks****

Adding to this concern, the Darktrace 2024 Annual Threat Report revealed how attackers are increasingly using stolen credentials to gain initial access by abusing remote network access solutions like VPNs and VDI.  

AiTM (Adversary-in-the-Middle) phishing emerged as a popular technique, which allows criminals to bypass multi-factor security checks (MFA) on cloud accounts. Once inside, stealing data remains a common goal, used in both financial extortion (like the RansomHub attacks) and state-linked espionage operations.

They prefer using a technique called Living-off-the-Land (LOTL) (abusing legitimate tools, processes, and software) to operate undetected and are also intensifying the exploitation of weaknesses in perimeter devices, such as Ivanti, Fortinet, and Palo Alto Networks firewall devices.

These reports confirm that while cloud is the crucial path for efficiency, success requires more than just migration; it relies on partnering with reliable cloud providers and constantly addressing operational mistakes and human factors.

As the AWS report concludes, “Confidence in the public cloud is no longer defined only by technical capability; it depends equally on transparency, reliability, and responsible conduct.”

_“_As the adoption of multi-factor authentication (MFA) continues to grow, human identities will become increasingly difficult for threat actors to target,_“_ said Elad Luz, Head of Research at Oasis Security.

_“_Consequently, we anticipate that attackers will shift more of their focus to non-human identities, which are often secured by only a single factor and therefore present an easier target for criminals to steal users’ credentials._“_

Credentials and Misconfigurations Behind Most Cloud Breaches, Says AWS

Microsoft Teams vulnerabilities let attackers impersonate users, edit chat history, and spoof calls before Microsoft issued security fixes in late 2025.

Microsoft Teams, the communication platform used by hundreds of millions worldwide, has been found to contain serious security vulnerabilities that could have let attackers impersonate executives, alter chat histories, and fake notifications. The findings come from Check Point Research, which examined how both **external guests** and malicious insiders could exploit Teams’ trust-based design.

MS Teams, which has become more than a chat app for many organisations, is where decisions are made, approvals are shared, and sensitive files are exchanged. According to Check Point’s **analysis**, attackers could tamper with conversations in ways that left almost no trace, making it difficult for users to spot manipulation after the fact.

One vulnerability allowed messages to be edited without displaying the usual “Edited” tag. This was possible if a threat actor reused unique identifiers within the **Teams** messaging system to rewrite earlier messages, altering the context of a discussion or even changing key details in a business exchange. Another issue enabled attackers to spoof notifications, making alerts appear as if they were sent by trusted executives or colleagues.

Researchers also discovered that an attacker could modify how names appeared in private chats by exploiting how Teams labels conversation topics. Both participants would see the altered name, creating confusion or leading one party to believe they were chatting with someone else. Even more concerning, the display name in call notifications could be forged, allowing attackers to pose as anyone during a voice or video call.

Fake CEO and altering display names (Image via CPR)

Microsoft addressed the issues after receiving Check Point’s disclosure in March 2024. The flaws were tracked as **CVE-2024-38197**, with patches rolled out over several months and final fixes completed in late October 2025. Users do not need to take action since the updates were applied automatically.

While these flaws have been fixed, collaboration tools have become prime targets for attackers. If a notification or display name can be altered, or if someone can pose as another person to join calls, the consequences go far beyond trust issues.

Such breaches can lead to serious financial losses, **as seen recently** when North Korean operatives were caught on video using AI filters to pose as Mexican engineers while applying for jobs at Western companies.

Microsoft Teams Flaws Allowed Attackers to Fake Identities, Rewrite Chats

The marketplace revolution is here, and it’s transforming how we buy, sell, and share everything from vintage furniture…

The marketplace revolution is here, and it’s transforming how we buy, sell, and share everything from vintage furniture to professional services. While giants like Airbnb and Uber dominate headlines, thousands of entrepreneurs are building their own successful marketplace empires using platforms like Sharetribe – and the numbers are staggering.

Sharetribe powers over 1,000 marketplace businesses across 70+ countries. The momentum is accelerating rapidly: as of Q2 2025, Sharetribe powers 560 live marketplace stores with a strong 5.8% quarter-over-quarter increase and a remarkable 668% year-over-year growth rate. Even more impressive? The global sharing economy market was valued at $381 billion in 2022 and is expected to grow to $827 billion by 2032.

But what makes some Sharetribe examples thrive while others struggle? We’ve analyzed ten standout success stories to uncover the strategies, insights, and lessons that every marketplace founder should know.

****1\. Turo – Peer-to-peer car sharing****

Turo is one of the most famous Sharetribe website examples, often dubbed the “Airbnb for cars.” It lets individuals rent out their vehicles to others, creating flexibility for owners and affordable options for drivers.

Success factors:

*   Building trust through reviews, identity verification, and insurance coverage
*   Robust vehicle listing features with flexible options
*   Strong customer support ensuring smooth experiences  
    

Lesson learned: Transparency builds trust. A marketplace lives and dies by how safe people feel using it. 

****2\. The Octopus Club – preloved baby & maternity items****

Parenthood can be expensive, and The Octopus Club steps in as a community-driven solution. Built on Sharetribe, it enables parents to buy, sell, and exchange preloved baby and maternity items, while putting the focus on community over commerce.

Success factors:

*   Cultivating a warm, community feel instead of just transactional exchanges
*   Custom features developed via Sharetribe APIs to fit the specific needs of parents
*   Building trust among families through shared values and support  
    

Lesson learned: Communities > transactions. By prioritizing connection and designing features tailored to its users, The Octopus Club proves that marketplaces can thrive when they focus on belonging, not just buying.

****3\. Nomady – sustainable travel marketplace****

Nomady is a Sharetribe example built for eco-conscious travelers. It focuses on nature-based accommodations and experiences, supporting hosts and communities that share sustainable values.

Success factors:

*   Personalized recommendations for unique eco-stays
*   Clear sustainability mission that resonates with users
*   Strong community engagement across Europe  
    

Lesson learned: Shared values matter. When your marketplace aligns with your community’s values (in Nomady’s case, sustainability), you don’t just get customers, you build loyalty.

****4\. Drive lah – shared mobility in Asia-Pacific****

Drive lah is another Sharetribe marketplace in the car-sharing vertical, but it’s uniquely successful in the Asia-Pacific region. Launched in Singapore and upgraded with the help of Roobykon Software, it has since expanded into multiple countries.

Success factors:

*   Lightning-fast launch thanks to Sharetribe’s ready-made framework
*   Raised over $9M in funding, fueling rapid expansion
*   Cross-border scalability designed into the platform

Lesson learned: Speed to market matters. Drive lah leveraged Sharetribe to launch quickly and attract investors early – a playbook worth following for founders in competitive spaces.

****5\. Swimmy – rent a private pool****

Why go to a crowded public pool when you can rent a private one? Swimmy tapped into a niche yet highly scalable market in France and Spain, enabling hosts to earn money while families enjoy exclusive spaces.

Success factors:

*   Capitalizing on seasonal demand patterns
*   Simple, user-friendly booking flow
*   Scaling to millions of bookings across regions  
    

Lesson learned: Niche doesn’t mean small. By focusing on a seasonal, specific need, Swimmy grew into a widely recognized brand.

Socialbnb goes beyond accommodation. It connects travelers with social impact projects worldwide, letting users stay in eco-lodges or community projects while supporting local initiatives.

Success factors:

*   Targeting socially conscious consumers
*   Partnerships with over 500 organizations across 45 countries
*   Unique mix of travel and impact that sets it apart  
    

Lesson learned: Niches with purpose thrive. Socialbnb shows how blending commerce with cause can win both hearts and wallets.

****7\. GearSource – pro audio & lighting equipment****

GearSource has been serving the professional sound and lighting industry since 2002, evolving through multiple platform iterations. By adopting Sharetribe, it modernized while staying true to its core community.

Success factors:

*   Longevity built on trust in a professional B2B niche
*   Willingness to rebuild and adapt the platform as tech evolves
*   Strong network effects in a specialized industry  
    

Lesson learned: Adaptability sustains success. Marketplaces that evolve with their industries can last decades.

****8\. Lemoncat – food catering marketplace****

Event catering is notoriously fragmented, and Lemoncat (now called MyMyCatering) tackled this head-on by connecting event organizers with caterers and restaurants.

Success factors:

*   Solving a real pain point for event planners
*   Strong operational efficiency to manage logistics
*   Founder-led, mission-driven growth  
    

Lesson learned: Solve a genuine pain point. Lemoncat shows that when your marketplace addresses a real headache, adoption comes naturally.

****9\. Gritty In Pink – empowering women-owned businesses****

Gritty In Pink, one of the creative Sharetribe marketplaces, supports women-owned businesses and artisans, combining commerce with community activism.

Success factors:

*   Building a supportive, mission-driven community
*   Highlighting underrepresented voices and products
*   Consistent user engagement through events and content  
    

Lesson learned: Purpose-driven marketplaces resonate deeply. 

****10\. Decathlon – enterprise marketplace expansion****

Even enterprise-level brands are embracing the marketplace model. Sporting goods giant Decathlon used Sharetribe to extend its offerings into a marketplace for services and equipment rentals.

Success factors:

*   Leveraging an existing, massive customer base
*   Seamless integration of marketplace functionality into the brand
*   Offering new value without losing core identity  
    

Lesson learned: Established brands can use marketplaces to diversify, engage customers, and unlock new revenue streams.

At the end of the day, these Sharetribe marketplaces remind us that there’s no single formula for success. Some, like Turo and Swimmy, scaled by meeting everyday needs in smarter ways. Others, like Socialbnb or The Octopus Club, thrived by building communities around shared values. What they all prove is this: if you combine a clear vision with the right platform, you can turn even the smallest idea into something that resonates globally.

10 Successful Marketplaces Built on Sharetribe: Lessons Learned

Google Chrome browser’s new enhanced autofill feature can now remember and automatically fill in personal data such as…

Google Chrome browser’s new enhanced autofill feature can now remember and automatically fill in personal data such as licenses, passports, and even vehicle identification numbers. It’s a small addition that could make form-filling faster than ever, but also one that invites a fresh look at where that data sits and how safe it really is.

Google says the upgrade builds on Chrome’s long-standing autofill capability for passwords, addresses, and payment details. The company promises stronger privacy protections this time, stating that the browser will store information only with user consent, protect it with encryption, and ask for confirmation before it’s used. In a **blog post** announcing the update, Google wrote that users will remain “in full control” of their stored data.

While the convenience factor is clear, the change introduces new layers of sensitivity. Information like passports and **vehicle details** can reveal much more about a person than an address or phone number. Cybersecurity professionals are already weighing in on what that could mean for user safety.

**Nivedita Murthy**, Senior Staff Consultant at Black Duck, noted that while Google’s autofill has always been a time-saver, it also concentrates personal information in one place. “This information is not stored in a secure format,” she explained.

“While the autofill option is very convenient for users, it adds risk in keeping your personal information in one location. Google accounts are also used in other places to authenticate. If your email account is compromised, not only could your emails get leaked, but any personal information that is also stored within that account.”

She adds that users need to weigh convenience against possible consequences. A single compromised Google account could give attackers access not just to messages, but to sensitive identification data now stored in the same place.

Nevertheless, the new feature also runs counter to long-standing advice from the cybersecurity community, which urges users to avoid storing passwords or autofill data in browsers due to a growing number of malware strains targeting such information. **Shuyal Stealer**, for instance, is known to target data from 17 of the most widely used browsers.

For now, Google’s global rollout is limited to desktop Chrome users, with plans to expand the types of data it can recognize in future updates. The company maintains that privacy remains at the center of the design, but as always in cybersecurity, what’s convenient for the user can also be convenient for the wrong person.

Google Expands Chrome Autofill to Passports and Licenses, But Is It Safe?

Microsoft researchers found the SesameOp backdoor using OpenAI’s Assistants API for remote access, data theft, and command communication.

Cybersecurity researchers have identified a new backdoor called SesameOp that uses the OpenAI Assistants API to exchange instructions and data, replacing the typical attacker-controlled servers with a legitimate cloud service.

According to Microsoft’s Detection and Response Team (DART), the findings show a growing trend where threat actors use trusted technologies to hide malicious traffic. SesameOp doesn’t exploit a vulnerability in OpenAI products; instead, it misuses an available feature to communicate once systems are compromised.

The investigation began after analysts examined modified Microsoft Visual Studio utilities that loaded unusual libraries. This led to the discovery of Netapi64.dll, an obfuscated loader that runs a hidden .NET-based component named OpenAIAgent.Netapi64.

The malware maintains persistence and allows remote operators to issue commands, gather results, and send them back through the OpenAI API as if they were ordinary data exchanges.

Microsoft found that the backdoor stores and retrieves instructions by creating and managing custom “Assistants” within an OpenAI account. These Assistants act as placeholders for encoded messages labeled with terms such as “SLEEP,” “Payload,” and “Result.” Each step of communication is encrypted, compressed, and Base64-encoded to limit visibility and evade inspection.

Further analysis showed that SesameOp applies a .NET AppDomainManager injection technique to load its code at runtime and execute payloads through a JavaScript engine embedded in memory. The design points to long-term persistence and espionage motives, rather than broad financial attacks.

Following the report, Microsoft collaborated with OpenAI to disable the API key and account used by the attacker. Both companies confirmed that the activity was limited to API calls and did not involve any access to model data or user information.

Microsoft said that the issue is not a flaw in OpenAI’s systems but a demonstration of how attackers adapt legitimate tools for covert use. The company advises organizations to audit server logs, apply strict proxy and firewall controls, and monitor for connections to api.openai.com originating from unexpected processes.

Nevertheless, legitimate cloud services, including AI platforms, are becoming attractive channels for threat actors who want to avoid building their own infrastructure. Therefore, companies need to be on the lookout and monitor their systems accordingly. For technical details on the SesameOp Backdoor operation, visit Microsoft’s blog post here.

SesameOp Backdoor Abused OpenAI Assistants API for Remote Access

In January 2023, Getty Images filed a major lawsuit in the UK High Court against Stability AI, an…

In January 2023, Getty Images **filed a major lawsuit** in the UK High Court against Stability AI, an artificial intelligence company which develops and releases open-source generative AI models, most famously the Stable Diffusion text-to-image model.

In the **lawsuit**, Getty alleged that Stability AI used millions of its copyrighted photographs and associated metadata without permission to train the generative model Stable Diffusion. Getty further claimed that the AI model’s outputs sometimes reproduced Getty’s content (or substantial parts thereof) and that those outputs included Getty’s watermark or trademarks.

Additional claims included trademark infringement (use of Getty/iStock marks), database rights infringement, and “passing off” (i.e., the suggestion that AI‐generated images were endorsed by or created by Getty).

Simply put, Getty’s lawsuit aimed to hold Stability accountable for how its model was trained, what output it produced and how that related to its intellectual property.

In response, Stability AI defended its position by arguing that the training took place outside the UK, that users’ prompts were responsible for output similarity, and that the watermark/trademark claims lacked the “in the course of trade” context.

****What the court found (and did not find)****

Today, November 4th, 2025, after two years of arguments; the court released its verdict, marking a split outcome where Getty Images won narrowly on trademark grounds while Stability AI prevailed on the major copyright claims.

****Major claims abandoned****

Mid-trial, Getty dropped its primary copyright infringement claim revolving around the training of Stability’s model on Getty’s images. The reason stated by the company includes evidential and jurisdictional difficulties proving that the alleged copying/training occurred under UK law. Because of that, the court did not decide whether the model training itself infringed Getty’s copyrights in full.

****Remaining claims and judgment****

The case proceeded on the trademark claim (use of Getty watermarks in outputs), database rights, secondary copyright infringement (making available an “**article**” containing infringing works), and passing-off.

When the **judgment** was delivered, the court, presided by High Court judge Mrs Justice Joanna Smith, found that Getty succeeded in part on the trademark claim that the inclusion of Getty’s watermarks in AI-generated images was found to infringe the Getty mark.

The secondary copyright infringement claim was, however, dismissed, and since the broader copyright-training claim had already been abandoned, it was not adjudicated.

****Who won, who lost, who largely won/ lost********Getty Images****

On the one hand, Getty did secure a legal victory on trademark infringement. That means it proved that its watermarked trademarked images were reproduced in generated outputs, and that gave the company a concrete win.

On the other hand, Getty failed to get a ruling on its main copyright claims (training and output reproduction) because those were either dropped or dismissed. Thus, in the overall sense, Getty largely lost the aims it had pursued.

_“_Today’s ruling confirms that Stable Diffusion’s inclusion of Getty Images’ trademarks in AI‑generated outputs infringed those trademarks. Crucially, the Court rejected Stability AI’s attempt to hold the user responsible for that infringement, confirming that responsibility for the presence of such trademarks lies with the model provider, who has control over the images used to train the model. This is a significant win for intellectual property owners,_“_ Getty Images said in a **statement**.

****Stability AI****

Stability avoided liability for the larger copyright claims and defeated the secondary copyright claim. It did lose on the trademark count. So while Stability had a “partial loss”, relative to the threat Getty posed, it largely won. Simply put: Getty won a narrow win (trademark) but lost the bigger fight (copyright). Stability lost a narrow bit but won the main battle.

****What Experts Think of This Judgment****

**Simon Barker**, Partner and Head of Intellectual Property at law firm Freeths, commented on the court ruling, stating that “This is an interesting case where intellectual property meets AI. The High Court has drawn a line to say that training an AI model on copyright works, without storing or reproducing those works in the model itself, does not amount to secondary copyright infringement under UK law.  AI developers can take some comfort from the case that the mere act of training on large datasets will not, of itself, expose them to liability for copyright infringement in the UK.

Expanding on the implications for AI companies, Barker explained that “The judgment also serves as a warning that if AI-generated outputs reproduce protected trade marks, for example, where they appear as watermarks, in a way that could confuse people, then they will risk infringing those trade marks. Each case will turn on its own facts, and rights holders will need to evidence a likelihood of confusion or association with the relevant trade mark to succeed.”

“The judgment strikes a balance between protecting the interests of creative industries and enabling technological innovation. It is likely to influence both future litigation and policy debates on AI and intellectual property, not just in the UK but internationally,” Barker added, reflecting on the broader significance.

**Iain Connor**, Intellectual Property Partner with national law firm Michelmores, said: “The most significant AI case to reach the English High Court has been decided and has turned out to be a massive damp squib.”

Explaining how the case unfolded, Connor noted that “during the trial, Getty Images dropped its important ‘Training and Development Claim’ on jurisdictional grounds because it accepted that none of the Stability AI model’s learning took place within the UK jurisdiction.”

He went on to clarify that “given the jurisdictional problem Getty Images faced (and ultimately acknowledged), the judge had no opportunity to rule in general terms on the lawfulness of AI’s use of copyright-protected ‘input materials’ and whether an AI model’s ‘output’ infringed such copyrights.”

According to Connor, “the decision leaves the UK without a meaningful verdict on the lawfulness of an AI model’s process of learning from copyright materials. He also pointed out that “the more technical database right case died with the primary copyright case.”

Discussing the failed arguments, he explained that “the question of whether an AI system is inherently unlawful if trained on third-party copyright materials also failed. This was a highly technical ‘secondary infringement’ claim which failed because the AI model, Stable Diffusion, did not store or reproduce any works protected by copyright. This should be contrasted with the US legal case involving Anthropic, which settled for $1.5 billion because Anthropic admitted that it retained copies of authors’ works without permission after it had trained its AI.”

He acknowledged that there was a limited success for Getty, stating that “there was a small win for Getty Images in that it was held that Stability AI infringed Getty Images’ trade marks by including Getty Images’ and iStock’s watermarks on its final AI images. However, this will provide Getty Images with little solace.”

“The legal community still waits with bated breath for a judgment to rule on the legality or otherwise of the training and use of AI models. The case does nothing to answer the ‘big tech vs creative industries’ argument, but Getty Images’ share price rose on Friday on the back of an AI licence deal it struck, which suggests that both sides believe it is better to do commercial deals than seek to resolve the issues through the courts,” Connor concluded

Nevertheless, the battle between Getty Images and Stability AI ends with a mixed outcome. Getty secured a legal victory on trademark grounds, but it fell short of securing a broad copyright ruling. Stability AI avoided liability for the core copyright claims but did lose on the trademark front. The ruling provides some clarity but leaves many of the most difficult questions, training data, output similarity, and global jurisdiction unresolved.

UK Court Delivers Split Verdict in Getty Images vs. Stability AI Case

Delaware, United States, 4th November 2025, CyberNewsWire

**Delaware, United States, November 4th, 2025, CyberNewsWire**

Brinker, the narrative intelligence company dedicated to combating disinformation and influence campaigns, announced today that Bob Flores, former Chief Technology Officer of the U.S. Central Intelligence Agency, has joined its advisory board.

His appointment strengthens Brinker’s mission to transform the fight against disinformation, moving from detection to real-time, technology-driven mitigation at global scale.

> “Most disinformation efforts fail because they rely on manual operations that can’t match the speed and scale of today’s influence campaigns,” said **Bob Flores**. “Brinker’s AI-native approach enables responses that were previously impossible, turning real-time analysis and large-scale mitigation into a reality.”

Founded by Benny Schnaider, Daniel Ravner, and Oded Breiner, Brinker was built from the ground up as a Native AI platform that identifies, analyzes, and neutralizes harmful narratives across platforms, languages, and geographies. Its proprietary, battle-proven LLM traces how stories evolve and spread over time, uncovering connections that traditional tools take weeks to detect.

> “Bob’s expertise in intelligence and technology will help Brinker accelerate its global impact,” said **Daniel Ravner**, CEO of Brinker. **Oded Breiner**, CTO, added: “Bob’s technological experience and understanding of mission-critical systems can help take Brinker’s automated OSINT technology to the next level, ensuring our platform continues to meet the operational demands of U.S. and global government partners, turning what was once a reactive process into a real-time defense capability.”

Flores brings decades of experience in national security and enterprise technology innovation. As the CIA’s former CTO, he led digital transformation and information-sharing initiatives across U.S. intelligence agencies. He currently serves as Founder and President of Applicology Inc., a Virginia-based security advisory firm.

This appointment follows the addition of Avi Kastan, former CEO and Co-Founder of Sixgill (acquired in 2024), further strengthening Brinker’s advisory board with deep expertise in intelligence, cybersecurity, and threat analysis.

**About Brinker**

Brinker is an award-winning disinformation threat mitigation platform built to combat malicious narratives and influence campaigns using proprietary narrative intelligence technology. The SaaS platform delivers AI-powered detection, context analysis, and automated OSINT investigations. A suite of mitigation tools is available at the press of a button, including pre-legal actions, media publications, content removal, and counter-narratives. Brinker serves governmental intelligence agencies, major enterprises, law firms, and NGOs.

More information is available at www.brinker.ai

**Contact**

**Daniel Ravner**  
**Brinker**  
**\[email protected\]**

Bob Flores, Former CTO of the CIA, Joins Brinker

Baltimore, USA, 4th November 2025, CyberNewsWire

**Baltimore, USA, November 4th, 2025, CyberNewsWire**

The new **2025 Insider Risk Report****,** produced by Cybersecurity Insiders in collaboration with Cogility**,** highlights that nearly all security leaders (93%) say insider threats are as difficult or harder to detect than external cyberattacks. Yet only 23% express strong confidence in stopping them before serious damage occurs. The report warns that most organizations remain reactive despite a surge in AI-driven risks and the increasing prevalence of decentralized workforces.

The report, which surveyed 635 CISOs and cybersecurity professionals, highlights an urgent industry contradiction: while there is high awareness of insider risks, the capabilities to anticipate and prevent them are dangerously limited. Without stronger behavioral intelligence and predictive modeling, organizations risk being blindsided by trusted insiders misusing powerful new tools.

Key findings include:

*   **Flying blind against insiders:** 93% of organizations find insider attacks as hard or harder to detect than external threats. At the same time, fewer than one in four are confident in preventing them before major damage.
*   **Behavioral blind spots:** Only 21% extensively integrate HR, financial stress, or psycho-social signals into detection, leaving most programs relying solely on technical anomalies.
*   **Predictive defenses are missing: Only 12% have mature predictive risk models, leaving** the majority in reactive mode, while AI-enabled insider risks accelerate.

> “Insider threats don’t announce themselves with alarms – they unfold quietly, in plain sight,” said Holger Schulze, founder of Cybersecurity Insiders. “Without context like financial stress or behavioral shifts, security teams are watching shadows on the wall while the real danger moves unchecked. If organizations fail to evolve, they’ll be reading about their data on the dark web before they ever see it in their logs.”

The full report can be read here.

**About Cybersecurity Insiders**

Cybersecurity Insiders is the trusted intelligence source for CISOs and cybersecurity decision-makers seeking strategic clarity in a complex, fast-moving industry. Backed by more than a decade of analyst-led research and a global community of over 600,000 cybersecurity professionals, we deliver evidence-based insights, original data, and expert commentary to help leaders navigate threats, assess emerging technologies, and shape forward-looking security strategies. More: https://cybersecurity-insiders.com

**About Cogility**

Cogility’s continuous Decision Intelligence Platform, Cogynt, provides an advanced decision intelligence and decision support streaming analytic solution for government and commercial organizations — allowing our customers to get left of harm or ahead of opportunity. A cloud-scalable, proven solution, Cogynt enables organizations to efficiently and effectively manage complex intelligence challenges with high-confidence, predictive, and explainable insights required to become proactive versus reactive in highly complex and high consequence environments. To learn more, users can visit www.cogility.com.

**Contact**

**Head of Research**  
**Holger Schulze**  
**Cybersecurity Insiders**  
**\[email protected\]**

Source

HackRead