Category: TECH

Terran Orbital may be close to receiving a major payment from its biggest customer, CEO Marc Bell has announced internally at a company wide meeting earlier this month. Rivada Space Networks is in the final stages of closing funding to help fund a mega-constellation to be built by Terran at a cost of $2.4 billion, revenues that currently make up the vast majority of Terran’s backlog.

While Terran is pursuing other lucrative contracts that could comprise billions in work, its $2.4 billion contract with Rivada is by far the largest its secured so far. Earlier this quarter, Terran had to adjust its full year financial outlook after Rivada delayed paying an incremental $180 million toward that total contract award.

Terran chair and CEO communicated the news to staff during the December 19 meeting.

“I had dinner with [Rivada CEO] Declan Ganley last week in DC,” Bell told staff during the meeting, a recording of which was obtained by TechCrunch. “He told me they expect to close tomorrow on their funding. He showed me the documents. I saw them, I read them. He texted me this morning and maybe Thursday, Friday now. […] As long as it’s by Christmas, I’ll be happy. Nothing wrong with getting a good Christmas present.”

Rivada, a German subsidiary of U.S.-based Rivada Networks, contracted with Terran to build 300 satellites for the mega-constellation under a $2.4 billion agreement in February of this year. Rivada has a separate deal with SpaceX to launch the satellites starting in April 2025.

Of course, Christmas has come and gone and neither company has made any public announcements about the financing. TechCrunch reached out to both for comment and neither responded by press time. Bell said later in the meeting that even if Rivada closes the funding, the two entities would need to make a modification on their contract, which could delay payment terms and public announcements.

“He’s being very transparent to me and so I have no reason not to believe him,” Bell said of Ganley. “But unfortunately, he’s not the one writing the check, somebody else is writing the check to him. But if he gets a check, I have to assume we’ll get a check. But we do have to do a contract mod. So that’s the one thing that might hold us up, because we have to do a mod on the contract. […] But we’ll at least get paid on the invoice that’s owed, the $9 million invoice. But I want to get the big check, as everyone else does, because that will dramatically help our share price and everything else in our world.”

In an investor call in November, Bell said that Rivada’s funding and payment delays came as “quite a surprise” to both companies. He added that Rivada’s funding source is “a large sovereign” – presumably a sovereign wealth fund – and that the two companies expect the money to close eventually. 

As of November, Terran reported a backlog of future work of $2.6 billion, of which $2.4 billion is from the Rivada contract. Even without the expected milestone payment, Bell told staff that he still expects the company to generate $130 million in revenue this year, a notable increase from the $94 million the company made in 2022.

The company is also pursing other high-value contract opportunities, including with the Space Development Agency’s constellation known as “Proliferated Warfighter Space Architecture.” Terran has already built and delivered satellites for the initial tranche of the constellation, Tranche 0, and is currently building 42 satellite buses for Tranche 1 and will build an additional 32 buses for Tranche 2. Bell said the company will also be going after an additional award for a variant of the Tranche 2 satellites called Gamma, possibly as the prime contractor on that award (for the others, Terran is a subcontractor of prime winner Lockheed Martin). 

“We feel very good about Gamma and how we’re going to win. We are contemplating Primeing Gamma as opposed to just being a sub […] But right now it is even money odds we may be finally be a prime on these things. And that would be huge. It would change the dynamic. But I haven’t made a decision, we’re going to sit down and talk to Lockheed about it.”

Bell also told staff that the company is still having conversations about taking Terran private, but that the goal would be to “go private, and then take it public again the traditional way and not have this dumbass market cap like we have today,” he said.

Terran Orbital’s stock price has cratered since it went public via SPAC — a reverse merger with a special purpose acquisition company — in March of last year. The company debuted with a stock price of $10.96, but today the shares are trading for around $1.22.

The company began the year with a ton of turmoil

This year did not start off great for Salesforce, with an unusual level of turbulence and uncertainty surrounding the company. But as the year comes to a close, Salesforce finds itself in surprisingly good shape financially: Its stock is up over 96% year-to-date. Earlier this year, such an outcome would have seemed impossible to imagine.

The bad news started rolling in even before the new year began, when co-CEO Bret Taylor, who many speculated was being groomed to be heir apparent to Marc Benioff, quite suddenly announced he was leaving the company at the end of November. A week later, Slack CEO and co-founder Stewart Butterfield announced he, too, was stepping down. Losing two key executives in less than a week would be a huge hit to any company, but it would be just the start of an onslaught of bad news for the CRM giant.

As the year began, we learned that activist investors were, well, quite active inside the company. This included Elliott Management, Starboard Value, ValueAct Capital, Inclusive Capital and Third Point. When activists show up, they usually have a strong opinion on how to “fix” a company, and this would be no different.

First, we learned that Salesforce was bringing in three new board members, which felt like a way to appease the activists — especially because one of them was Mason Morfit, CEO and chief investment officer of ValueAct, one of those very same activists.

Activists typically pressure the company to cut costs, and in corporate terms, that usually means cutting staff. Sure enough, Salesforce soon announced that it was cutting 10% of its workforce, or 7,000 people, on January 4, 2023. The excuse was that it had overhired during the pandemic and this was a correction, but it could also have been throwing the activists a cost-cutting bone.

Either way, reports suggested the company didn’t handle the layoffs well, engineers were being pressured, and Benioff began preaching about going back to the office after embracing work from home, and what Salesforce called the “Digital HQ,” during the pandemic. The company’s reputation as a progressive, employee-friendly organization took a big hit.

It was a jaw dropping year for the space industry, and while we all know by now that progress isn’t linear, we feel pretty confident that 2024 will be even more astonishing.

This year was tough for many space companies, and we aren’t trying to paper that over with our optimism. The world of zero-interest-rate policy, or ZIRP, officially ended; cash got more expensive, and fundraising became more challenging. Nevertheless, 2023 also produced a number of tailwinds that we think will make next year one of the most eventful so far.

Here’s a brief list of what we’re most excited for next year. This is TechCrunch, so the list skews toward venture-backed startups; keep that in mind before you complain about the absence of Artemis II.

Even more Starship tests

SpaceX had a landmark year this year, and not only because it executed nearly 100 launches of the Falcon 9 and Falcon Heavy rockets. The company also launched Starship – the most powerful launch vehicle ever built – not once, but twice.

The first test took place in April; the second in November. Both ended in mid-air explosions and both fell far short of completing the full mission profile: sending the upper stage (also called Starship) on a flight halfway around the world with a splashdown in the Pacific Ocean, and landing the Super Heavy booster in the Gulf of Mexico.

Yet, both missions were profound successes.

Part of that has to do with SpaceX’s culture of quickly and iteratively improving hardware. During the six month stretch between the two launches, SpaceX implemented a ton of improvements to the ground infrastructure and the launch vehicle. Those included an improved launch mount design, a water deluge system, and upgrades to the Raptor engines. These changes helped Starship fly even further the second time around; most impressively, the company pulled off an experimental hot staging, a way to separate the rocket’s two stages by lighting the upper stage’s engines while the booster is still connected and firing its engines.

We expect to see further improvements and an even higher testing cadence next year. We wouldn’t even be surprised if they manage to pull off the full orbital flight plan.

Historic lunar lander missions

More private companies will attempt to land a spacecraft on the moon next year than ever before in history, by an order of magnitude. We’re excited to see companies including Astrobotic, Intuitive Machines, Firefly Aerospace, and ispace all take their shot. So far, only four nation states have landed spacecraft on the moon – so if even one company is successful, it will make history.

2024 will kick off with launches from Intuitive Machines and Astrobotic. Right now, it’s looking highly likely that both could attempt a landing in the same week – the third week of February. Firefly is targeting sometime in the third quarter for the launch of their Blue Ghost lander, while ispace is aiming to conduct their mission late in the year.

Advanced satellite operations demonstrations

In the broadest possible terms, a huge portion of space startups are interested in increasing the number of things a satellite can do in space. A good example is something called rendezvous and proximity operations (RPO), which is when two spacecraft intentionally maneuver to dock or otherwise interact with each other. Another hot area of satellite operations involves in-space manufacturing and satellite reentry.

Next year, we expect to see more demonstrations from startups looking to execute state-of-the-art satellite operations. Off the top of our head, a few that we’re looking forward to (though this is by no means an exhaustive list):

• True Anomaly, a defense-focused space startup, will be demonstrating RPO with two of its Jackal satellites early next year
• In-space logistics startup Atomos Space will launch its first two orbital transfer vehicles that could eventually help reposition satellites in orbit
• Japanese firm Astroscale is partnering with Rocket Lab to launch a spacecraft that will conduct an orbital debris-removal demonstration
• Varda Space Industries will bring home its first in-space manufacturing spacecraft, which successfully grew crystals of the drug ritonavir on orbit
• Impulse Space, a startup founded by ex-SpaceX propulsion expert Tom Mueller, will launch two more missions of its Mira spacecraft for last-mile orbital delivery and satellite constellation deployment

More rocket testing from newer entrants and established players

We already mentioned SpaceX, but they are far from the only game in town. 2024 should be chock full of exciting tests and new developments from other companies looking to take their slice of the launch market. We’re especially excited for first launches – of Blue Origin’s New Glenn, Rocket Lab’s Neutron, and Sierra Space’s Dream Chaser spaceplane – and getting updates from Stoke Space and Relativity, both companies who have rockets that won’t launch until later in the decade. We’ll also be looking out for the second flight test of ABL Space System’s RS1 rocket.

OpenAI is expanding its internal safety processes to fend off the threat of harmful AI. A new “safety advisory group” will sit above the technical teams and make recommendations to leadership, and the board has been granted veto power — of course, whether it will actually use it is another question entirely.

Normally the ins and outs of policies like these don’t necessitate coverage, as in practice they amount to a lot of closed-door meetings with obscure functions and responsibility flows that outsiders will seldom be privy to. Though that’s likely also true in this case, the recent leadership fracas and evolving AI risk discussion warrant taking a look at how the world’s leading AI development company is approaching safety considerations.

In a new document and blog post, OpenAI discusses their updated “Preparedness Framework,” which one imagines got a bit of a retool after November’s shake-up that removed the board’s two most “decelerationist” members: Ilya Sutskever (still at the company in a somewhat changed role) and Helen Toner (totally gone).

The main purpose of the update appears to be to show a clear path for identifying, analyzing, and deciding what do to about “catastrophic” risks inherent to models they are developing. As they define it:

By catastrophic risk, we mean any risk which could result in hundreds of billions of dollars in economic damage or lead to the severe harm or death of many individuals — this includes, but is not limited to, existential risk.

(Existential risk is the “rise of the machines” type stuff.)

In-production models are governed by a “safety systems” team; this is for, say, systematic abuses of ChatGPT that can be mitigated with API restrictions or tuning. Frontier models in development get the “preparedness” team, which tries to identify and quantify risks before the model is released. And then there’s the “superalignment” team, which is working on theoretical guide rails for “superintelligent” models, which we may or may not be anywhere near.

The first two categories, being real and not fictional, have a relatively easy to understand rubric. Their teams rate each model on four risk categories: cybersecurity, “persuasion” (e.g. disinfo), model autonomy (i.e. acting on its own), and CBRN (chemical, biological, radiological, and nuclear threats, e.g. the ability to create novel pathogens).

Various mitigations are assumed: for instance, a reasonable reticence to describe the process of making napalm or pipe bombs. After taking into account known mitigations, if a model is still evaluated as having a “high” risk, it cannot be deployed, and if a model has any “critical” risks it will not be developed further.

These risk levels are actually documented in the framework, in case you were wondering if they are to be left to the discretion of some engineer or product manager.

For example, in the cybersecurity section, which is the most practical of them, it is a “medium” risk to “increase the productivity of operators… on key cyber operation tasks” by a certain factor. A high risk model, on the other hand, would “identify and develop proofs-of-concept for high-value exploits against hardened targets without human intervention.” Critical is “model can devise and execute end-to-end novel strategies for cyberattacks against hardened targets given only a high level desired goal.” Obviously we don’t want that out there (though it would sell for quite a sum).

I’ve asked OpenAI for more information on how these categories are defined and refined, for instance if a new risk like photorealistic fake video of people goes under “persuasion” or a new category, and will update this post if I hear back.

So, only medium and high risks are to be tolerated one way or the other. But the people making those models aren’t necessarily the best ones to evaluate them and make recommendations. For that reason OpenAI is making a “cross-functional Safety Advisory Group” that will sit on top of the technical side, reviewing the boffins’ reports and making recommendations inclusive of a higher vantage. Hopefully (they say) this will uncover some “unknown unknowns,” though by their nature those are fairly difficult to catch.

The process requires these recommendations to be sent simultaneously to the board and leadership, which we understand to mean CEO Sam Altman and CTO Mira Murati, plus their lieutenants. Leadership will make the decision on whether to ship it or fridge it, but the board will be able to reverse those decisions.

This will hopefully short-circuit anything like what was rumored to have happened before the big drama, a high-risk product or process getting greenlit without the board’s awareness or approval. Of course, the result of said drama was the sidelining of two of the more critical voices and the appointment of some money-minded guys (Bret Taylor and Larry Summers) who are sharp but not AI experts by a long shot.

If a panel of experts makes a recommendation, and the CEO decides based on that information, will this friendly board really feel empowered to contradict them and hit the brakes? And if they do, will we hear about it? Transparency is not really addressed outside a promise that OpenAI will solicit audits from independent third parties.

Say a model is developed that warrants a “critical” risk category. OpenAI hasn’t been shy about tooting its horn about this kind of thing in the past — talking about how wildly powerful their models are, to the point where they decline to release them, is great advertising. But do we have any kind of guarantee this will happen, if the risks are so real and OpenAI is so concerned about them? Maybe it’s a bad idea. But either way it isn’t really mentioned.

 

Apple has agreed to pay out $25 million to settle a class action lawsuit over its Family Sharing feature, which lets users and up to five of their family members share access to apps, music, movies, TV shows, and books that they purchase. The lawsuit, which was first filed in 2019, alleged that “Apple misrepresented the ability to use its Family Sharing feature to share subscriptions to apps.”

The news was first reported by MacRumors.

The lawsuit says that Apple denies that it made any misleading misrepresentations and “denies all allegations of wrongdoing.” The settlement agreement notes that “Apple has concluded that continuing to defend this Action would be burdensome and expensive. Apple enters into this Agreement without in any way acknowledging any fault, liability, or wrongdoing of any kind.”

The tech giant did not respond to TechCrunch’s request for comment.

Court documents from the lawsuit allege that Apple advertised Family Sharing on as an option on apps that did not support Family Sharing.

“The vast majority of subscription-based Apps, which is a growing percentage of Apple Apps, cannot be shared with designated family members,” the court document reads. “They are available only to the individual user who downloads the App and sets up a subscription. All or virtually all of these Apps, however, included the statement that they support Family Sharing on their landing pages through January 30, 2019.”

The lawsuit alleges that Apple was aware that the subscription-based apps did not support Family Sharing, but still placed an ad for Family Sharing on them. The court document goes on to note that “millions of consumers have downloaded subscription-based Apps believing that they are available for Family Sharing, only to learn after payment has been made that they are not so available.”

U.S. residents who were enrolled in a Family Sharing group with at least one other person between June 21, 2015 and January 30, 2019 and purchased a subscription to an app from the App Store during that time may be eligible for a payment. Eligible class members will be receiving an email this week.

Each class member that files a claim is eligible to receive $30, but this may vary depending on how many people file claims. However, the payment will not exceed $50 for each class member, and $10 million from the settlement will go toward attorney fees.

Eligible class members have until March 1, 2024 to file a claim. A final approval hearing is scheduled for April 2, 2024.

True Anomaly has closed $100 million in new funding, a strong signal that the appetite for startups operating at the intersection of space and defense is far from abating.

The new round was led by Riot Ventures, with participation from Eclipse, ACME Capital, Menlo Ventures, Narya, 645 Ventures, Rocketship.vc, Champion Hill Ventures and FiveNine Ventures. The funds will be used to continue scaling all parts of the business, according to a press release.

True Anomaly is looking to fill a critical gap in space situational awareness and defensive operations through software and hardware, including the line of autonomous reconnaissance and pursuit spacecraft called Jackal. These vehicles are equipped with a suite of sensors and cameras to track, surveil and collect data on objects in space. On the software side, the company has developed an integrated operating platform called Mosaic, which will eventually be able to work in tandem with on-orbit Jackals.

In previous interviews with TechCrunch, True Anomaly CEO Even Rogers called out what he sees as a critical “information asymmetry” between the U.S. and its adversaries in space. Jackal, Mosaic, and the company’s other work in space domain awareness are meant to close that gap.

The startup, founded by a quartet of ex-Space Force members in 2022, has been moving quickly toward this goal. In the first full year of operations, the company opened a 35,000-square foot facility in Centennial, Colorado and doubled its staff to more than 100 employees.

In September, True Anomaly landed a $17.4 million contract from the U.S. Space Force to build a suite of space domain awareness capabilities, including helping the warfighter find and track objects in space, characterizing that object, and using artificial intelligence to predict and identify changes in the object’s behavior.

The first two Jackal spacecraft are scheduled to launch on SpaceX’s Transporter-10 ride-share mission in March. In August, the company got the green light from regulators to perform non-Earth imaging and to demonstrate in-space rendezvous proximity operations with the two spacecraft. It’s an enormous technical challenge, so no doubt many people in both Silicon Valley and Washington will be paying close attention to how the demonstration mission shakes out.

Hey, folks, welcome to Week in Review (WiR), TechCrunch’s regular newsletter that recaps the past few days in tech. AI stole the headlines once again, with tech giants from Google to X (formerly Twitter) heading off against OpenAI for chatbot supremacy. But plenty happened besides.

In this edition of WiR, we cover Google faking a demo of its new AI model (and giving out offensive notebooks to Black summit attendees), defense startup Anduril unveiling a fighter jet weapon, the continued fallout from the 23andMe hack, and the release of the Grand Theft Auto VI trailer. Also on the roster are stories about patient scans and health records spilling online, Meta’s new AI-powered image generator, Spotify cutting jobs and an autonomous truck startup leaving the U.S.

It’s a lot to get to, so we won’t delay. But first, a reminder to sign up here to receive WiR in your inbox every Saturday if you haven’t already done so.

Most read

AI, faked: Google unveiled a new flagship AI model this week called Gemini. But it didn’t release the full model, Gemini Ultra — only a “lite” version called Gemini Pro. In a press briefing and blog posts, Google touted Gemini’s coding capabilities and multimodal prowess, claiming that the model can understand images, audio and videos just as well as text. But Gemini Pro — which is strictly text-in, text-out — has proven to be mistake-prone. And in a worse look for Google, the company was caught faking a Gemini demo by tuning text prompts with still images off camera.

Offensive notebooks: In another Google PR blunder, people who attended the company’s K&I Black Summit in August were given third-party notebooks containing highly insensitive language. My colleague Dominic-Madori writes that the inside of the notebooks were printed with the phrase “I was just cotton the moment, but I came back to take your notes” (emphasis ours). It goes without saying that this wouldn’t have been well received by the mostly Black audience in attendance; Google has pledged to “avoid similar situations as [it engages] with [merchandise] vendors going forward.”

Anduril’s new weapon: Anduril, the controversial defense company co-founded by Oculus founder Palmer Luckey, has developed a new product designed to take on the proliferation of low-cost, high-powered aerial threats. Dubbed Roadrunner, the modular, twin-jet-powered autonomous vertical take-off and landing air vehicle — one version of which is capable of carrying a warhead — can take off, follow and destroy targets or, if there’s no need to intercept the target, autonomously maneuver back to base for refueling and reuse.

More 23andMe victims: Last Friday, genetic testing company 23andMe announced that hackers managed to access the personal data of 0.1% of customers, or about 14,000 individuals. But the company didn’t initially say how many other users might’ve been impacted by the breach, which 23andMe first disclosed in October. A lot, as it turns out — 6.9 million people had their names, birth years, relationship labels, the percentage of DNA they share with relatives, ancestry reports and self-reported locations exposed.

Grand Theft Auto goes viral: In just 22 hours, the first trailer for Grand Theft Auto VI racked up 85 million views — breaking a MrBeast video’s record for most YouTube views in 24 hours. The excitement for Grand Theft Auto VI is a decade in the making; the previous entry in Rockstar Games’ long-running franchise, Grand Theft Auto V, remains the second-best-selling video game of all time, falling short only of Minecraft.

Patient records leak: Thousands of exposed servers are spilling the medical records and personal health information of millions of patients due to security weaknesses in a decades’ old industry standard designed for storing and sharing medical images. This standard, known as Digital Imaging and Communications in Medicine (DICOM), is the internationally recognized format for medical imaging. But as discovered by Aplite, a Germany-based cybersecurity consultancy, security shortcomings in DICOM mean many medical facilities have unintentionally made private data accessible to the open web.

Meta generates images: Not to be outdone by Google’s Gemini launch, Meta rolled out a new, stand-alone generative AI experience on the web, Imagine with Meta AI, that allows users to create images by describing them in natural language. Similar to OpenAI’s DALL-E, Midjourney and Stable Diffusion, Imagine with Meta AI, which is powered by Meta’s existing Emu image-generation model, creates high-resolution images from text prompts.

Spotify makes cuts: Spotify is eliminating about 1,500 jobs, or roughly 17% of its workforce, in its third round of layoffs this year as the music streaming giant looks to become “both productive and efficient.” In a note to employees Monday, Spotify founder and chief executive Daniel Ek — citing slow economic growth and rising capital costs — said right-sizing the workforce is crucial for the company to face the “challenges ahead.”

TuSimple exits: When TuSimple went public in 2021, it was flying high as the leading self-driving trucks developer in the U.S. Now — after a string of internal controversies and the loss of a critical partnership with truck manufacturer Navistar — TuSimple is exiting the U.S. altogether. TuSimple said in a regulatory filing Monday that it’s laying off the majority of its U.S. workforce and selling assets here as it exits the country for Asia.

ZestMoney shuts down: ZestMoney — a buy now, pay later startup whose ability to underwrite small-ticket loans to first-time internet customers attracted many high-profile investors, including Goldman Sachs — is shutting down following unsuccessful efforts to find a buyer. The Bengaluru-headquartered startup employed about 150 people at peak and raised more than $130 million over its eight-year journey.

Audio

TechCrunch’s roster of podcast episodes keeps growing — just in time for weekend listening.

Equity featured a throwback conversation from TechCrunch Disrupt 2023, when Alex sat down with Serhii Bohoslovskyi, the founder of a no-code app builder, Trible, that helps people construct online courses. The pair caught up on the state of the creator economy, the use of no-code tooling today (and how it’s received by nontechnical creators) and the security of startups with roots in Ukraine.

Over on Found, the crew talked to David Rogier, the CEO and founder of MasterClass, a streaming platform where you can learn from the world’s experts on a range of topics. Before Rogier launched MasterClass, he worked as a VC, and — through his connections — he received a $500,000 seed round before he even had an idea for a company.

And on Chain Reaction, Jacquelyn interviewed David Pakman, managing partner and head of venture investments at CoinFund. Before CoinFund, David spent 14 years at the venture capital firm Venrock. He also led the Series A and B rounds at Dollar Shave Club, which was acquired by Unilever for $1 billion. And, in 1991, David co-created Apple Music when he was part of Apple’s system software product marketing group.

TechCrunch+

TC+ subscribers get access to in-depth commentary, analysis and surveys — which you know if you’re already a subscriber. If you’re not, consider signing up. Here are a few highlights from this week:
Bitcoin surge: Jacquelyn writes about Bitcoin’s rapid-fire ascent to $44,000, which came on the back of roughly 25% gains in the last week. Her piece for TC+ explores what’s driving Bitcoin’s price ascent and similar value gains among other tokens — and whether the good vibes continue into the new year.

To swap, or not to swap: Tim reports on how consumer EV battery swapping could usher in freedom for a wide range of people, allowing them to participate in the EV transition in ways that traditional built-in batteries don’t. The challenge is making the unit economics work.

Coinbase and Robin and the future of fintech: Investors are betting that consumer trading of equity and crypto is rebounding and are consequently pushing the value of some former startups higher, Alex writes. That could spell good news for startups offering consumer trading services directly — or indirectly, for that matter.

A number of popular mobile password managers are inadvertently spilling user credentials due to a vulnerability in the autofill functionality of Android apps.

The vulnerability, dubbed “AutoSpill,” can expose users’ saved credentials from mobile password managers by circumventing Android’s secure autofill mechanism, according to university researchers at the IIIT Hyderabad, who discovered the vulnerability and presented their research at Black Hat Europe this week.

The researchers, Ankit Gangwal, Shubham Singh and Abhijeet Srivastava, found that when an Android app loads a login page in WebView, the pre-installed engine from Google that lets developers display web content in-app without launching a web browser, and an autofill request is generated, password managers can get “disoriented” about where they should target the user’s login information and instead expose their credentials to the underlying app’s native fields, they said.

“Let’s say you are trying to log into your favorite music app on your mobile device, and you use the option of ‘login via Google or Facebook.’ The music app will open a Google or Facebook login page inside itself via the WebView,” Gangwal explained to TechCrunch prior to their Black Hat presentation on Wednesday.

“When the password manager is invoked to autofill the credentials, ideally, it should autofill only into the Google or Facebook page that has been loaded. But we found that the autofill operation could accidentally expose the credentials to the base app.”

Gangwall notes that the ramifications of this vulnerability, particularly in a scenario where the base app is malicious, are significant. He added: “Even without phishing, any malicious app that asks you to log in via another site, like Google or Facebook, can automatically access sensitive information.”

The researchers tested the AutoSpill vulnerability using some of the most popular password managers, including 1Password, LastPass, Keeper, and Enpass, on new and up-to-date Android devices. They found that most apps were vulnerable to credential leakage, even with JavaScript injection disabled. When JavaScript injection was enabled, all the password managers were susceptible to their AutoSpill vulnerability.

Gangwal says he alerted Google and the affected password managers to the flaw.

1Password chief technology officer Pedro Canahuati told TechCrunch that the company has identified and is working on a fix for AutoSpill. “While the fix will further strengthen our security posture, 1Password’s autofill function has been designed to require the user to take explicit action,” said Canahuati. “The update will provide additional protection by preventing native fields from being filled with credentials that are only intended for Android’s WebView.”

Keeper CTO Craig Lurey said in remarks shared with TechCrunch that the company was notified about a potential vulnerability, but did not say if it had made any fixes. “We requested a video from the researcher to demonstrate the reported issue. Based upon our analysis, we determined the researcher had first installed a malicious application and subsequently, accepted a prompt by Keeper to force the association of the malicious application to a Keeper password record,” said Lurey.

Keeper said it “safeguards in place to protect users against automatically filling credentials into an untrusted application or a site that was not explicitly authorized by the user,” and recommended that the researcher submit his report to Google “since it is specifically related to the Android platform.”

Google and Enpass did not respond to TechCrunch’s questions. LastPass spokesperson Elizabeth Bassler did not comment by press time.

Gangwal tells TechCrunch that the researchers are now exploring the possibility of an attacker potentially extracting credentials from the app to WebView. The team is also investigating whether the vulnerability can be replicated on iOS.

Black farmers seem to have received the rough end of every stick this past century.

In 1910, they represented around 14% of U.S. farmers and owned over 16 million acres of land. Today, one in 100 farmers are Black, owning less than 5 million acres and losing $326 billion in land value. Farmers are suing the USDA for alleged discrimination.

VC investment in the agtech space has been booming these past few years, and many farmers also receive some type of subsidized funding, whether from the government or nonprofit organizations. These opportunities do not appear to be trickling down to Black founders, however. Crunchbase found that since 2018, $98.6 million out of $39.4 billion have gone to just five Black-owned agtech companies. This, alongside the government’s alleged discrimination, means that Black farmers have been marginalized from accessing the right financial resources they need to survive in this particular market.

It was for these reasons that in 2017, Karen Washington and Olivia Watkins created the Black Farmer Fund. The fund provides economic and social opportunity to Black farmers and agricultural and food businesses in the Northeast with the goal of helping build community wealth for Black agricultural businesses throughout the region. There are around 703 Black-owned farms across the Northeast out of 196,000 total, Watkins said, adding that in New York alone, the average Black farmer makes –$906, while white farmers make around $42,000. “There is a massive racial wealth gap in agriculture and across industries,” Watkins said.

The fund is technically a nonprofit with a debt fund attached. It raised an oversubscribed $1.1 million pilot fund in 2021 from investors and institutions, which it then invested into eight businesses. It is raising its second fund with a target of $20 million and has hit about half that amount so far, Watkins said. As a debt fund, it offers low-interest community notes and grants, writing checks ranging from $1,000 to $3 million.

Wombo, the makers of viral AI-generated art app Dream by Wombo, is back with another new AI-powered app called Wombo Me. The new AI avatar app from the Canadian startup lets you turn a single selfie into multiple lifelike avatars.

Although there are several popular AI avatar apps already on the market, like Lensa AI, Wombo wants to give users a more streamlined experience when generating lifelike avatars. Unlike other similar apps that require you to submit numerous selfies and wait some time before getting your images, Wombo Me only requires one selfie and can generate images almost instantly, Wombo CEO Ben-Zion Benkhin told TechCrunch in an interview.

Wombo Me is meant to be more fun, as opposed to functional. The app’s description notes that you can share the avatars with your friends and across social media, and maybe even use them on platforms like LinkedIn and Tinder to capture both your professionalism and personality.

The app lets you do things like try on the persona of celebrities, movie characters, or superheroes with a simple tap. You can also try new hair colors, styles, or makeup trends, among other things. Plus, you can create gender-swapped images of yourself or reimagine yourself as an enchanted character.

“As soon as you install it, the first thing you see is a selfie screen, so it asks you to just provide a single image and then as soon as you press continue, you see 10 images of you in unique alternate realities,” Wombo’s head of AI Parshant Loungani told TechCrunch. “And you can swipe right or swipe left in a Tinder-like experience to like it and save it. We plan on using that feedback to improve the user’s identity and the pictures that we generate to basically understand their preference and update it the next time.”

Once you’re done swiping through the set of images provided, you have the choice to browse through a catalog or five to 10 different packs of avatars that include images of yourself in LinkedIn-like headshots, Instagrammable pictures, enchanted characters, cartoon characters, meme characters and more. Some avatar packs are free, while others cost $2.99, $3.99, $4.99 or $7.99.

Benkhin says Wombo Me provides high quality images that are comparable to, or even better than, what’s available on the market right now. Plus, he believes that since the output is produced from just a single image almost instantaneously, Wombo Me provides both ease of use and accessibility for users.

He also thinks that while other similar apps have a short shelf life, the company sees a more long-term and ambitious plan for Wombo Me, where the ability to generate content of a user from a single selfie gets tied into a deeper platform experience. For instance, if an entire group of friends is on the app and it has learned what each person looks like, it has the potential to generate imagery of them together.

“There’s a social aspect of it,” Benkhin said. “The AI has learned what each of us look like and can generate imagery of us. Now you can start automatically generating content for social where multiple people are doing something interesting. So we see the accessibility and single selfie advantage as a first step. The long-term of the product is where all the other differentiation is going to happen.”

Loungani noted that in the future, users of the app could be asked to provide a 10 to 20 second voice clip along with video of them moving their head in a certain way, in order to then create a multimodal identity of theirs. The identity could then be used to generate content like dancing videos or interactions with friends.

Benkhin believes that although AI already plays a huge role in consumer apps like Instagram and TikTok in terms of curating feeds, the technology will increasingly be used for media creation in the future.

“We think the next stage of this is AI for media creation, and not just curation,” Benkhin said. “And increasingly, users are going to be creating AI generated media that they’re posting for socials. And also the platforms themselves are going to be creating personalized content for users using AI. And we think that’s the next era on social media. We think it’s a huge opportunity, and with every product and feature we make, we’re taking a step in that direction.”

Wombo Me is available worldwide on both iOS and Android starting today.

The new app has some big shoes to fill, as its predecessor Dream by Wombo was a viral success and named Google’s “Best App” in the United States last year. The app has been downloaded more than 47 million times and seen $4.3 million in gross revenue, according to data provided to TechCrunch by mobile intelligence firm, data.ai. The app is currently ranked #30 for downloads in Graphics & Design on the U.S. App Store.