Dan B 📈🔎📊

We're launching Search profiles, a new way for publishers and creators to shape their presence on Search. Search profiles are a dedicated, shareable space to highlight content across social media, video and news platforms, and help audiences find accurate and up-to-date information about sources on Search.

Massive SEO News: Google is launching the most requested report in Google Search Console ever. A new AI performance report! Here's what we know so far: • It will include dedicated reports for both Search and Discover • The data will be reflected within Search for AI Overviews and AI Mode, alongside AI features in Discover • The report will only be focused on impressions within generative AI features, not clicks • The rollout will start with a subset of websites, allowing thorough testing (so keep an eye out!) There are some major limitations to this initial testing phase, where the actual queries that users are searching won't show in the report, with only impressions for pages, countries, devices, and dates. Though the dataset will be limited, this is certainly a step in the right direction! I will be covering this rollout within my newsletter, so make sure to subscribe if you aren't already: https://t.co/J6GbI1tB27

100M+ data points. 13 studies. 8 authors. One AI search benchmark report. ✨ I'm excited to share the research the Ahrefs team has put together over the past two quarters in one cohesive resource. We've analyzed responses across AI Overviews, AI Mode, and ChatGPT, and even ran our very own misinformation experiment. Some key highlights: - In an analysis of 75K brands, YouTube mentions correlated most strongly with AI visibility 🖥️ - AI Overviews appear for 21% of all keywords (with that rate varying by category and query length) 🔑 - Across 76K websites using Ahrefs Web Analytics, Google sends 190x more traffic than ChatGPT 📈 I wouldn't be doing my job as a marketer unless I said there are some other big findings in the full report. 😬 Special thanks to those who agreed to have their comments featured. We often share these internally, so it's cool to be able to show them off a little. I would love to convince Tim & Ryan to let me do this again for the next batch of research, so any likes, comments, and shares are much appreciated! (I'm linking to it directly in the first reply.) Thank you!

it’s in gemini, just create it in ai studio. oh, that’s for your personal google one account. for workspace you need gemini business. no, not gemini advanced, that’s ai pro now. unless you need ai ultra. oh agents? you do that in spark actually. no, not gemini api managed agents, that’s different. for coding use jules. unless you mean the agentic ide, that’s antigravity. no, that’s the old antigravity, download the new one. actually gemini cli is being deprecated, use antigravity cli. no the flash model is smarter than the pro model. unless you need pro. if it’s video, use flow. no, flow uses veo. no, nano banana is images. actually that’s in gemini now. unless you’re in search, then it’s ai mode. no, research is notebooklm. anyway it’s all very simple.

LEAKED AUDIO FROM META ALL-HANDS AHEAD OF LAYOFFS TOMORROW Mark Zuckerberg, in his own words, told Meta employees their devices are being tracked to train AI models. His reasoning? Meta employees are smarter than the contract workers the rest of the industry uses for data labeling. So instead of hiring outside help, Meta is turning its own workforce into training data. "The average intelligence of the people who are at this company is significantly higher than the average set of people that you can get to do tasks if you're working through these contractors." He wants the AI to learn how "really smart people use computers" by watching employees work. He says the content is "stripped out" and none of it is used for surveillance or performance tracking. Then he admitted the rollout was botched but said Meta intentionally kept employees in the dark because leaking competitive AI strategy would help rivals. "It is not strategically in your interest for us to communicate everything in all the detail that we normally would on this." Translation: We're watching you, we told you as little as possible, and we did it on purpose. AI is replacing the contractor. Then the employee trains the AI. Then the AI replaces the employee. This story and this company keeps getting weirder.

🚨A HACKER GROUP JUST STOLE 4,000 OF GITHUB'S OWN PRIVATE REPOSITORIES.. PUT THEM UP FOR SALE FOR $50,000.. AND THE WAY THEY GOT IN IS THE SCARIEST PART.. They didn't hack GitHub's servers.. They poisoned a VS Code extension.. One GitHub employee installed it.. And the attackers walked through the front door using the employee's own credentials.. The group calls themselves TeamPCP.. They name their malware after the sandworms from Dune.. And they've been running the most sophisticated supply chain attack campaign in cybersecurity history.. Here's how the whole thing unfolded.. In March.. They poisoned Trivy.. One of the most trusted security scanners in the world.. Used by over 10,000 development workflows globally.. They injected credential-stealing malware into Trivy's official GitHub Action.. The malware ran silently BEFORE the security scan.. So every log showed "scan completed successfully" while the malware was stealing AWS keys, SSH credentials, database passwords, and Kubernetes tokens in the background.. It took Aqua Security 5 days to fully remove them.. Using the stolen credentials.. They breached Cisco Systems.. Cloned over 300 private repositories.. Including source code for unreleased AI products.. And repositories belonging to Cisco's customers.. Major banks.. Government agencies.. BPO firms.. In April.. They hit Checkmarx.. Another security vendor.. Poisoned 5 official Docker images in 83 minutes.. The scanner worked perfectly.. It just silently sent all your secrets to the attackers.. That automatically cascaded into Bitwarden.. The password manager.. Their CI/CD system pulled the poisoned Docker image.. And the attackers injected malware into Bitwarden's official CLI package published on npm.. One compromised security scanner poisoned a password manager.. Automatically.. No human involved.. In May.. They hit TanStack.. Libraries downloaded millions of times per week.. 84 malicious package versions across 42 packages.. And here's the terrifying part.. The malware scraped the raw memory of GitHub's build servers.. Extracted authentication tokens.. Used those tokens to bypass two-factor authentication.. And then published the infected packages with completely valid cryptographic signatures.. Every security verification tool on earth said the packages were legitimate.. Because they were signed by the real pipeline.. Using real keys.. The attackers just happened to be inside the pipeline when it signed.. They defeated the entire trust model of modern software supply chains.. The same week they hit the Nx Console VS Code extension.. 2.2 million installations.. The malware specifically targeted Claude Code configurations.. Hunting for AI assistant credentials.. That's a first.. Supply chain malware designed to steal your AI's access keys.. Then on May 19.. They revealed the GitHub breach.. 4,000 internal repositories.. Listed for sale at $50,000.. With a warning.. "If nobody buys it.. We leak everything for free".. Their malware is self-propagating.. Once it infects one package.. It automatically finds every other package that developer maintains.. Steals the publish tokens.. And infects all of them.. Then those packages infect the next developer.. And the next.. It jumps between npm and PyPI automatically.. The group doesn't even do the extortion themselves.. They sell stolen credentials to ransomware gangs.. One gang used TeamPCP's data to threaten Cisco with leaking FBI and NASA personnel records.. And the scariest part of all.. They didn't break any encryption.. They didn't find any zero-days.. They exploited the fact that the entire software industry blindly trusts its own build tools.. Every security scanner.. Every Docker image.. Every VS Code extension.. Every GitHub Action.. Is a potential weapon if someone poisons it upstream.. And right now.. Nobody can tell the difference between a legitimate build and a compromised one.. Because the compromised ones have valid signatures too.

Soon, you’ll be able to create and manage multiple AI agents for your many tasks — right in Search ✨ We’re starting with information agents: 🔹These agents intelligently look across everything on the web, including blogs, news sites and social posts, plus real-time data on finance, shopping and sports to surface updates related to your specific question. 🔹Your agent works for you 24/7 helping you stay on top of what matters most to you. 🔹Then, it’ll send you an intelligent, synthesized update — with links to learn more — at the right moment to help you take action. #GoogleIO