Technology

Here’s what Bambu will — and won’t — promise after its controversial 3D printer update

Published

1 year ago

January 21, 2025

Here’s what Bambu will — and won’t — promise after its controversial 3D printer update

Bambu Lab, the company behind my favorite 3D printers, has given itself one hell of a week. Now, I’ve got answers to some of my burning questions, answers which you might also hopefully appreciate. But first, some backstory.

Since last Thursday, some creators have pledged not to buy Bambu printers anymore, even removed some of their 3D models from its online repository, after the company revealed it would add a new proprietary authentication mechanism that could keep you from using third-party tools to remote control your printer.

While you’d still be able to stick a file on an SD card and physically put it into your printer or use Bambu’s proprietary cloud, the old way of printing remotely from a third-party slicer would be no more — unless you downloaded a new proprietary Windows and Mac “Bambu Connect” desktop app to be the middleman between your slicer and Bambu’s hardware.

“Unauthorized third-party software will be prohibited from executing critical operations” — Bambu

While Bambu was clear early on that this would be an optional update, one you could simply choose not to install, the company also positioned it as a necessary one to secure printers against remote hacks. Some owners immediately saw that as a potential bridge to enshittification, however.

They noted how Bambu printers can already detect if you’re using an official roll of filament and imagined a future where Bambu can keep you from using third-party filament at all. They noted how Bambu already seems to be planning a subscription service for its print farm software, one that requires regular cloud activations and imagined a future where your Bambu printer stops working if you don’t pay up.

Bambu has denied these and many other such fears in a subsequent “setting the record straight” blog post, and explained that its new tool doesn’t require internet access or a user account — and has also backpedaled very slightly, pledging to offer an at-your-own-risk “Developer Mode” that maintains local access to your printer without any new proprietary authentication at all. Unfortunately, that mode may also disable your ability to access your printer via the cloud.

Meanwhile, Bambu didn’t do itself any favors by keeping people from using the Wayback Machine to scrutinize its changing statements, by allegedly censoring criticism of the company on its subreddit, and by claiming that the developer of Orca Slicer was working with Bambu on a seamless way to continue to print directly from his popular third-party slicer when they had not actually pledged their support.

It has also not helped confidence that Bambu’s own security around its new Bambu Connect app is such that hackers have already extracted its private key and authentication certificate, or that users have discovered that Bambu gives itself the right to block new print jobs until a printer has finished automatically downloading firmware updates in its Terms of Use.

Anyhow, I think the real question here is: are these changes a stepping stone to more enshittification, or at least more of a walled garden, or not?

Here are the questions I sent Bambu and the answers I got, via spokesperson Nadia Yaakoubi:

1) Will Bambu publicly commit to never requiring a subscription in order to control its printers and print from them over a home network?

For our current product line, yes. We will never require a subscription to control or print from our printers over a home network. However, there might be specific business scenarios in the future that require exceptions, i.e a 3DP vending machine, but these would apply to entirely different applications and customer needs. If such a product line is introduced, we will clearly communicate this before its launch.

1c) Will Bambu publicly commit to never putting any existing printer functionality behind a subscription?

2) Will Bambu publicly commit to never restricting the use of third-party filament in any way, shape, or form?

For our current product line, yes. We have no plans to restrict the use of third-party filament in any way.

3) Will Bambu publicly commit to never monitor files and prints transmitted between users and their printers over a home network?

Let’s be clear about how this works:

LAN mode: Nothing is transmitted through our servers.
Cloud mode: Users control their privacy through “incognito printing.” When enabled, no print history is recorded, and files are not stored in the cloud.
Cloud features: For features like re-printing, files are temporarily stored in the cloud to allow users to access their print history. Under no circumstances do we look into the print file/model without the explicit consent of our customers.

Bambu has additionally agreed to add a new Developer mode. Some users are concerned that this move is just temporary and that Bambu can simply remove the developer mode and claim that it was too much of a security risk or say that not enough users opted to use it to justify keeping it around.

4) Will Bambu publicly commit to permanently keep the Developer mode with local MQTT, livestream and FTP and never remove it in any future update or shipping batch of the X1, P1, A1, and A1 Mini?

Yes. However, if a severe security issue arises in the future, we may need to make adjustments to address it. Users can always choose whether to update their printer firmware or not.

5) Will Bambu publicly commit to offering and keeping the local Developer mode available in any future printers it releases?

We cannot commit to features for non-existent future printers. However, we will clearly communicate all relevant details before customers make their purchase decisions.

6) Will Bambu publicly commit to its current and future printers permanently being remotely controllable over LAN without user account or Internet access?

For current models: Yes. For future products, while we aim to retain this functionality, we believe committing to a specific technical approach indefinitely is not responsible. However, we will clearly communicate all relevant details before customers make their purchase decisions.

Bambu has announced that Bambu Connect will integrate with third-party slicers like Orca, but some users are confused why an app like Bambu Connect is required at all when you could instead add more secure authentication to the printer itself, with industry standard practices like having the printer generate a secure token/API key instead of creating a proprietary middleman authentication app.

7) Did Bambu consider and reject interoperable ways of securing its printers, like tokens?

7b) Will Bambu commit to changing its authentication system to an interoperable one? If Bambu did reject interoperable secure authentication systems, why?

If software communicates and interacts with our cloud system, it is reasonable for us to have a say in how it operates. As highlighted in our blog post, unauthorized third-party software has created ongoing challenges to the stability of our cloud services and machines for a long time.

While we trust that most developers act with good intentions, users are often unaware of the hidden complexities within such software and the security requirements. This lack of transparency of all software makes interoperable secure authentication systems insufficient to fully resolve these issues. Our goal is to safeguard the entire Bambu Lab product ecosystem, providing every user with confidence that our products are secure and easy to use—free from concerns about complex network configurations. And with the changes done, we are one step closer to integrate third-party access in a secure way.

8) Is it true that the developer of Orca Slicer was not actually working with Bambu on the integration and that Bambu announced their involvement without approval?

We have been in ongoing discussions with SoftFever, the developer of Orca Slicer, since January 14 regarding the firmware update and potential integration into the new release. “Work with” might be ambiguous. To be more specific, messages were exchanged, files were sent, and their receipt was confirmed along with an indication that they would be reviewed.

9) Will Panda Touch and similar accessories continue to work under Developer Mode?

We guarantee keeping the port/channel open, but implementations are up to third-party developers.

9b) Is Bambu answering that company’s questions?

Since the release, we have received many inquiries from third-party software developers, including BigTreeTech, via devpartners@bambulab.com. We are currently in the process of finalizing our response. It’s worth noting that we warned third party developers in a blog post from March 2024: ”If you’re developing a device that controls the entire printer, including heating elements and motion systems, please do not expect long-term support unless it has been approved by us in advance. This is especially applicable to for-profit organizations.”

10) Will you allow users to roll back to the old firmware, for reasons like if they accidentally upgrade without understanding the limitations?

Yes. Firmware rollback was and always will be available.

11) Does the private key leaking change any of your plans?

No, this doesn’t change our plans, and we’ve taken immediate action.

Technology

Here’s your first look at Kratos in Amazon’s God of War show

Published

2 hours ago

February 27, 2026

Press Room

Here’s your first look at Kratos in Amazon’s God of War show

Amazon has slowly been teasing out casting details for its live-action adaptation of God of War, and now we have our first look at the show. It’s a single image but a notable one showing protagonist Kratos and his son Atreus. The characters are played by Ryan Hurst and Callum Vinson, respectively, and they look relatively close to their video game counterparts.

There aren’t a lot of other details about the show just yet, but this is Amazon’s official description:

The God of War series storyline follows father and son Kratos and Atreus as they embark on a journey to spread the ashes of their wife and mother, Faye. Through their adventures, Kratos tries to teach his son to be a better god, while Atreus tries to teach his father how to be a better human.

That sounds a lot like the recent soft reboot of the franchise, which started with 2018’s God of War and continued through Ragnarök in 2022. For the Amazon series, Ronald D. Moore, best-known for his work on For All Mankind and Battlestar Galactica, will serve as showrunner. The rest of the cast includes: Mandy Patinkin (Odin), Ed Skrein (Baldur), Max Parker (Heimdall), Ólafur Darri Ólafsson (Thor), Teresa Palmer (Sif), Alastair Duncan (Mimir), Jeff Gulka (Sindri), and Danny Woodburn (Brok).

While production is underway on the God of War series, there’s no word on when it might start streaming.

Technology

300,000 Chrome users hit by fake AI extensions

Published

3 hours ago

February 27, 2026

Press Room

300,000 Chrome users hit by fake AI extensions

NEWYou can now listen to Fox News articles!

Your web browser may feel like a safe place, especially when you install helpful tools that promise to make your life easier. But security researchers have uncovered a dangerous campaign in which more than 300,000 people installed Chrome extensions pretending to be artificial intelligence (AI) assistants. Instead of helping, these fake tools secretly collect sensitive information like your emails, passwords and browsing activity.

They used familiar names like ChatGPT, Gemini and AI Assistant. If you use Chrome and have installed any AI-related extension, your personal information may already be exposed. Even worse, some of these malicious extensions are still available today, putting more people at risk without their knowing.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

More than 300,000 Chrome users installed fake AI extensions that secretly harvested sensitive data. (Kurt “CyberGuy” Knutsson)

What you need to know about fake AI extensions

Security researchers at browser security company LayerX discovered a large campaign involving 30 malicious Chrome extensions disguised as AI-powered assistants (via BleepingComputer). Together, these extensions were installed more than 300,000 times by unsuspecting users.

Some of the most popular extensions included names like AI Sidebar with 70,000 users, AI Assistant with 60,000 users, ChatGPT Translate with 30,000 users, and Google Gemini with 10,000 users. Another extension called Gemini AI Sidebar had 80,000 users before it was removed.

These extensions were distributed through the official Chrome Web Store, which made them appear legitimate and trustworthy. Even more concerning, researchers found that many of these extensions were connected to the same malicious server, showing they were part of a coordinated effort.

While some extensions have since been removed, others remain available. This means new users could still unknowingly install them and expose their personal data. Here’s the list of the affected extensions:

AI Assistant
Llama
Gemini AI Sidebar
AI Sidebar
ChatGPT Sidebar
Grok
Asking ChatGPT
ChatGBT
Chat Bot GPT
Grok Chatbot
Chat With Gemini
XAI
Google Gemini
Ask Gemini
AI Letter Generator
AI Message Generator
AI Translator
AI For Translation
AI Cover Letter Generator
AI Image Generator ChatGPT
Ai Wallpaper Generator
Ai Picture Generator
DeepSeek Download
AI Email Writer
Email Generator AI
DeepSeek Chat
ChatGPT Picture Generator
ChatGPT Translate
AI GPT
ChatGPT Translation
ChatGPT for Gmail

FAKE AI CHAT RESULTS ARE SPREADING DANGEROUS MAC MALWARE

These malicious tools were listed in the official Chrome Web Store, making them appear legitimate and trustworthy. (LayerX)

How the fake AI Chrome extension attack works

These fake extensions pretend to offer helpful AI features, such as translating text, summarizing emails, or acting as an AI assistant. But behind the scenes, they quietly monitor what you are doing online.

Once installed, the extension gains permission to view and interact with the websites you visit. This allows it to read the contents of web pages, including login screens where you enter your username and password.

In some cases, the extensions specifically targeted Gmail. They could read your email messages directly from your browser, including emails you received and even drafts you were still writing. This means attackers could access private conversations, financial information and sensitive personal details.

The extensions then sent this information to servers controlled by the attackers. Because they loaded content remotely, the attackers could change their behavior at any time without needing to update the extension.

Some versions could also activate voice features through your browser. This could potentially capture spoken conversations near your device and send transcripts back to the attackers.

If you installed one of these extensions, attackers may already have access to extremely sensitive information. This includes your email content, login credentials, browsing habits and possibly even voice recordings.

We reached out to Google for comment, and a spokesperson told CyberGuy that the company “can confirm that the extensions from this report have all been removed from the Google Web Store.”

BROWSER EXTENSION MALWARE INFECTED 8.8M USERS IN DARKSPECTRE ATTACK

Once installed, the extensions could read emails, capture passwords, monitor browsing activity and send the data to attacker-controlled servers. (Bildquelle/ullstein bild via Getty Images)

7 ways you can protect yourself from malicious Chrome extensions

If you have ever installed an AI-related Chrome extension, taking a few simple precautions now can help protect your accounts and prevent further damage.

1) Remove any suspicious or unused browser extensions

On a Windows PC or Mac, open Chrome and type chrome://extensions into the address bar. Review every extension listed. If you see anything unfamiliar, especially AI assistants you don’t remember installing, click “Remove” immediately. Malicious extensions depend on going unnoticed. Removing them stops further data collection and cuts off the attacker’s access to your information.

2) Change your passwords

If you installed any suspicious extension, assume your passwords may be compromised. Start by changing your email password first, since email controls access to most other accounts. Then update passwords for banking, shopping and social media accounts. This prevents attackers from using stolen credentials to break into your accounts.

3) Use a password manager to create and protect strong passwords

A password manager generates unique, complex passwords for each account and stores them securely. This prevents attackers from accessing multiple accounts if one password is stolen. Password managers also alert you if your login credentials appear in known data breaches, helping you respond quickly and protect your identity. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

4) Install strong antivirus software and keep it active

Good antivirus software can detect malicious browser extensions, spyware, and other hidden threats. It scans your system for suspicious activity and blocks harmful programs before they can steal your information. This adds an important layer of protection that works continuously in the background to keep your device safe. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

5) Use an identity theft protection service

Identity theft protection services monitor your personal data, including email addresses, financial accounts, and Social Security numbers, for signs of misuse. If criminals try to open accounts or commit fraud using your information, you receive alerts quickly. Early detection allows you to act fast and limit financial and personal damage. See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

6) Keep your browser and computer fully updated

Software updates fix security vulnerabilities that attackers exploit. Enable automatic updates for Chrome and your operating system so you always have the latest protections. These updates strengthen your defenses against malicious extensions and prevent attackers from taking advantage of known weaknesses.

7) Use a personal data removal service

Personal data removal services scan data broker websites that collect and sell your personal information. They help remove your data from these sites, reducing what attackers can find and use against you. Less exposed information means fewer opportunities for criminals to target you with scams, identity theft or phishing attacks.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

Kurt’s key takeaway

Even tools designed to make your life easier can become tools for cybercriminals. Malicious extensions often hide behind trusted names and convincing features, making them difficult to spot. You can significantly reduce your risk by reviewing your browser extensions regularly, removing anything suspicious and using protective tools like password managers and strong antivirus software.

Have you checked your browser extensions recently? Let us know your thoughts by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Technology

Anthropic refuses Pentagon’s new terms, standing firm on lethal autonomous weapons and mass surveillance

Published

14 hours ago

February 26, 2026

Press Room

Anthropic refuses Pentagon’s new terms, standing firm on lethal autonomous weapons and mass surveillance

Less than 24 hours before the deadline in an ultimatum issued by the Pentagon, Anthropic has refused the Department of Defense’s demands for unrestricted access to its AI.

It’s the culmination of a dramatic exchange of public statements, social media posts, and behind-the-scenes negotiations, coming down to Defense Secretary Pete Hegseth’s desire to renegotiate all AI labs’ current contracts with the military. But Anthropic, so far, has refused to back down from its two current red lines: no mass surveillance of Americans, and no lethal autonomous weapons (or weapons with license to kill targets with no human oversight whatsoever). OpenAI and xAI had reportedly already agreed to the new terms, while Anthropic’s refusal had led to CEO Dario Amodei being summoned to the White House this week for a meeting with Hegseth himself, in which the Secretary reportedly issued an ultimatum to the CEO to back down by the end of business day on Friday or else.

In a statement late Thursday, Amodei wrote, “I believe deeply in the existential importance of using AI to defend the United States and other democracies, and to defeat our autocratic adversaries. Anthropic has therefore worked proactively to deploy our models to the Department of War and the intelligence community.”

He added that the company has “never raised objections to particular military operations nor attempted to limit use of our technology in an ad hoc manner” but that in a “narrow set of cases, we believe AI can undermine, rather than defend, democratic values” — going on to specifically mention mass domestic surveillance and fully autonomous weapons. (Amodei mentioned that “partial autonomous weapons … are vital to the defense of democracy” and that fully autonomous weapons may eventually “prove critical for our national defense,” but that “today, frontier AI systems are simply not reliable enough to power fully autonomous weapons.” He did not rule out Anthropic acquiescing to the military’s use of fully autonomous weapons in the future but mentioned that they were not ready now.)

The Pentagon had already reportedly asked major defense contractors to assess their dependence on Anthropic’s Claude, which could be seen as the first step to designating the company a “supply chain risk” – a public threat that the Pentagon had made recently (and a classification usually reserved for threats to national security). The Pentagon was also reportedly considering invoking the Defense Production Act to make Anthropic comply.

Amodei wrote in his statement that the Pentagon’s “threats do not change our position: we cannot in good conscience accede to their request.” He also wrote that “should the Department choose to offboard Anthropic, we will work to enable a smooth transition to another provider, avoiding any disruption to ongoing military planning, operations, or other critical missions. Our models will be available on the expansive terms we have proposed for as long as required.”