Protecting Your Crypto Wallets from Deceptive Apps

A critical cybersecurity threat that has impacted cryptocurrency users on the Google Play Store. In this episode of Upwardly Mobile, we uncover the alarming findings by Cyble Research and Intelligence Labs (CRIL), who identified over 20 malicious applications actively targeting crypto wallet users [1-4].

Key Discoveries and Threat Tactics:

• These deceptive apps impersonate legitimate and popular crypto wallets such as SushiSwap, PancakeSwap, Hyperliquid, and Raydium [2-4]. They even use the icons of legitimate wallets to trick victims into trusting them [5].

• Once installed, the apps prompt users to enter their 12-word mnemonic phrases to access fraudulent wallet interfaces [2, 3, 6]. This highly sensitive information is then used by threat actors to access real wallets and drain cryptocurrency funds, leading to irreversible financial losses, as cryptocurrency transactions are not easily reversible [3, 7-9].

• The malicious apps are distributed through the Play Store under compromised or repurposed developer accounts [2-4]. Some of these accounts previously hosted legitimate apps and had amassed over 100,000 downloads, suggesting they were compromised to distribute these new malicious applications [8, 10].

• Threat actors employ consistent patterns, such as embedding phishing URLs within their privacy policies and using similar package names and descriptions [2, 5, 8]. The investigation also revealed that these apps leverage development frameworks like Median to rapidly convert phishing websites into Android apps [6, 11].

• A look into the infrastructure uncovered that the phishing URLs are hosted on IP addresses associated with over 50 other phishing domains, indicating a centralized and well-coordinated operation [7, 12-14]. This large-scale phishing infrastructure, combined with seemingly legitimate applications, makes detection challenging and extends the campaign's reach [7, 14].

The Reality of App Store Security & Why Vigilance is Key: This campaign underscores a critical mobile app security myth: mobile app stores do not guarantee the security of all apps available for download [15, 16]. Despite stringent security measures, malicious apps can and do make their way onto platforms like the Google Play Store [16-21]. Cybersecurity experts, like Jake Moore from ESET, emphasize that users must be extremely cautious and perform due diligence even when downloading from legitimate platforms, especially for apps connected to finances [17].

**Your Defense Strategy:**To safeguard your digital assets and personal information, it's crucial to follow these essential cybersecurity best practices:

• Download apps ONLY from verified developers and carefully check app reviews, publisher details, and download statistics before installing [17, 22].

• NEVER enter sensitive information like mnemonic phrases into an app unless you are absolutely certain it's the legitimate application, ideally linked di

This content was created in partnership and with the help of Artificial Intelligence AI.

Strategies for App Revenue Success

Welcome to "Upwardly Mobile," the podcast that empowers founders to scale their ventures! In this essential episode, we look into the often-challenging world of app store fees, exploring how Apple and Google claim a significant cut from your hard-earned revenue and, more importantly, how you can navigate these charges to maximise your profit.

The Reality of App Store Fees: Discover why Apple and Google typically claim up to 30% of revenue from in-app purchases1. While a reduced 15% rate exists for smaller businesses earning under $1 million annually, founders serious about scaling need to understand the broader implications1. We discuss how increasing regulatory pressure, particularly from the EU, is forcing these tech giants to loosen their grip, but often only where legally compelled.

Key Regulatory Changes & Exceptions: Learn about Apple's compliance with the EU’s Digital Markets Act (2024), which now permits app distribution outside the App Store and the integration of external payment systems within the EU, albeit with a reduced commission of 10% to 17%4. Crucially, this flexibility does not extend beyond EU borders45. We also examine Google’s User Choice Billing program, which allows developers to offer their own payment methods alongside Google’s, with fees still applying at 11% or 26%4. We explore other exceptions born from legal battles and regulatory requirements, such as reader apps like Netflix and Spotify being able to link to external sign-up pages due to pressure from Japan's Fair Trade Commission6. Additionally, legislation in the Netherlands and South Korea has forced Apple to allow external payments for dating apps, though Apple still collects a slightly reduced cut (27% and 26%, respectively).

Mastering the Hybrid Model for Revenue Optimisation: One of the most effective strategies to reduce Apple and Google fees is implementing a hybrid monetisation model3. This approach combines in-app purchases with a web-based payment system, allowing you to bypass the hefty 30% cut for your most loyal users who are willing to take an extra step to pay outside the app37. We illustrate the potential savings: for a health app with a dedicated user base paying $15 a month for premium features, converting just 5% of 100,000 users via your website could save you an incredible $25,000 in monthly fees compared to being locked into Apple’s in-app purchase system8. However, we also highlight the critical importance of careful strategy and clear messaging to avoid losing users who might bounce if they encounter a paywall with no clear way to pay9. This approach requires balancing fee reduction with the potential sacrifice of some organic traction provided by App Store visibility57.

Alternative Distribution & The Debate on Fair Fees: While alternative distribution methods like sideloading apps or distributing outside official app stores can help you bypass fees, they come with their own challenges, often

This content was created in partnership and with the help of Artificial Intelligence AI.

Episode Notes:

Dive deep into the shocking revelations about covert web-to-app tracking affecting billions of Android users! This episode uncovers a novel tracking method employed by tech giants Meta (Facebook Pixel) and Yandex (Yandex Metrica), which silently links your mobile browsing sessions to your long-lived native app identities.

Key Discoveries:

• The Localhost Loophole: Learn how Meta and Yandex exploit unrestricted access to localhost sockets on the Android platform. Native apps like Facebook, Instagram, Yandex Maps, Navigator, Browser, and Search listen on fixed local ports (e.g., Meta uses UDP ports 12580-12585; Yandex uses TCP ports 29009, 29010, 30102, 30103) to receive browser metadata, cookies, and commands from scripts embedded on thousands of websites1....

• Bypassing Privacy Protections: This method bypasses typical privacy controls such as clearing cookies, using Incognito Mode, and Android's permission controls4.... It effectively de-anonymises users by linking ephemeral web identifiers (like the _fbp cookie or Android Advertising ID (AAID)) to persistent mobile app IDs, even when users are not logged into the browsers2....

• Meta's Evolution: Discover how Meta Pixel has evolved its techniques, initially using HTTP, then WebSocket, and more recently, WebRTC STUN with SDP Munging to transmit the _fbp cookie. Following disclosure, Meta shifted to WebRTC TURN, and as of early June 2025, the script was no longer sending packets to localhost, with the code responsible for the _fbp cookie almost completely removed.

• Yandex's Persistent Method: Yandex Metrica has been using localhost communications since February 2017 via HTTP and HTTPS requests, where their native apps act as a proxy to collect Android-specific identifiers like the AAID and Google's advertising ID, transferring them to the browser context.

• Scale of Impact: These trackers are embedded on millions of websites globally. Meta Pixel is present on over 5.8 million websites (2.4 million according to HTTP Archive) and Yandex Metrica on close to 3 million sites (575,448 according to HTTP Archive)2122. Our research found that in a crawl of the top 100k sites, a significant number of sites (over 75% for Meta Pixel, 83-84% for Yandex Metrica) were attempting localhost communications potentially without user consent.

• Browsing History Leakage: Yandex's use of HTTP requests for web-to-native ID sharing can expose users' browsing history to malicious third-party apps also listening on the same ports. Browsers like Chrome, Firefox, and Edge were found to be susceptible to this leakage, even in private browsing modes.

• Industry Response: While some browsers like Brave and DuckDuckGo were already blocking these practices due to blocklists and existing consent requirements, others like Chrome and Firefox have implemented countermeasures or are actively investigating. Google has stated this behaviour violates Play marketplace terms of service and user privacy expectations, and M

This content was created in partnership and with the help of Artificial Intelligence AI.

Coinbase Under Attack: The $20 Million Ransom & The Fight Against Social Engineering

Join us on Upwardly Mobile as we unravel the recent cybersecurity incident that rocked Coinbase, one of the world's leading cryptocurrency exchanges. Discover how a sophisticated social engineering scheme led to a significant data breach, a audacious $20 million ransom demand, and Coinbase's bold refusal to pay the extortionists. Learn about the sensitive customer data that was compromised, the financial impact on the company, and crucial advice for users to stay safe in the ever-evolving digital landscape.

Episode Highlights:

• The Social Engineering Deception: Uncover how cybercriminals managed to persuade a small group of overseas customer support agents to copy sensitive customer data from Coinbase's internal tools in exchange for cash [1-4]. These actions were part of a single, larger campaign to exfiltrate data, despite early detection and termination of involved personnel [3, 5, 6].

• The Criminals' True Aim: Understand that the stolen information was intended to be used by criminals to contact customers and impersonate Coinbase support agents, attempting to trick them into giving up their crypto funds [1, 4, 7, 8]. This highlights the persistent threat of social engineering, which often exploits the "human element" as the weakest link in security [4, 8].

• What Data Was Compromised (and What Wasn't): While less than 1 percent of Coinbase's total customer data was stolen, the compromised information was highly sensitive. This included users' names, email and postal addresses, phone numbers, government ID images, account data and balance snapshots, the last four digits of social security numbers, masked bank account numbers, some bank account identifiers, transaction history, and limited corporate data [2, 7, 9]. Crucially, attackers did not gain access to users' login credentials, private keys, or the ability to move or access customer funds [2, 7, 9].

• Coinbase's Bold Rejection of the Ransom: Hear about the $20 million ransom payment demanded in Bitcoin from the attackers in exchange for not publicly releasing the stolen data [1, 5, 10-12]. However, Coinbase rejected this demand.

• The $20 Million Bounty: Instead of paying the extortionists, Coinbase CEO Brian Armstrong announced a $20 million award for any information leading to the arrest and conviction of these attackers. Armstrong publicly stated the company's commitment to prosecute and bring the criminals to justice. Coinbase is also cooperating with law enforcement in the investigation [6, 10].

• Impact and Remediation Costs: The data breach affected approximately 69,461 customers [15, 16]. Coinbase anticipates significant financial outlays, estimating it will spend between $180 million to $400 million on remediation costs and voluntary customer reimbursements related to this incident [6, 16-18].

• Customer Reimbursement and Enhanced Security: Coinbase has pledged to voluntarily reimburse re

This content was created in partnership and with the help of Artificial Intelligence AI.

Hacking Your Ride: Unpacking Volkswagen's App Flaws & Fortifying Mobility Security

In this episode of Upwardly Mobile, we delve into the alarming discovery of significant security flaws in the My Volkswagen mobile app and explore how robust mobile app protection is crucial for the evolving mobility sector. Join us as we dissect the vulnerabilities found and discuss solutions to safeguard connected vehicles and sensitive user data.

What We Discussed:

• The Volkswagen App Hack Explained: We explore how a security researcher, frustrated by not receiving an OTP for a pre-owned car's My Volkswagen app, discovered critical vulnerabilities12. By brute-forcing a four-digit OTP (One-Time Password), the researcher gained access to the app, which then revealed deeper security issues34.

•

Serious Vulnerabilities Uncovered:

◦ Internal Credentials Leaked: An API endpoint exposed passwords, tokens, and usernames for various internal services, including payment processing details and CRM tools like Salesforce, in cleartext45.

◦ Owner's Personal Details Exposed via VIN: Simply using a car's VIN (Vehicle Identification Number), an API endpoint revealed extensive customer information from service and maintenance packages. This included names, phone numbers, postal addresses, email addresses, car details (model, colour, registration number, chassis number, engine number), active service contracts, purchase dates, and payment amounts56.

◦

Vehicle Service History Accessible via VIN: The VIN also allowed access to a car's full service history, including details of work performed, customer personal information, and even customer survey results for each workshop visit78.

◦ Additional Data Exposure: Further API endpoints revealed vehicle telematics data, and in some cases, even education qualifications and driving licence numbers, demonstrating a serious scope of customer data exposure9.

• The Alarming Impact of These Flaws: These vulnerabilities meant that anyone with just a car's VIN (which is often visible through the windshield) could access real-time vehicle location, engine health, fuel stats, tyre pressure, geo-fencing controls, and all personal details associated with the owner, including home address, phone number, email, and driving licence1011. This poses severe risks from stalkers, criminals, scammers, and hackers who could exploit this data for nefarious purposes, including selling it on the deep web or potentially accessing car systems in the future10.

• Volkswagen's Response: The vulnerability was reported to Volkswagen's security team on 23 November 2024, leading to a responsive dialogue and eventual patching of the vulnerabilities by 6 May 2025.

• Protecting Mobility Apps with Approov: The incident highlights the critical need for robust mobile app security in the rapidly growing pay-per-use mobility market14. Approov provides solutions that authenticate mobile apps and secure APIs, without impacting customer experience14.

• How Approov Secures Mob

This content was created in partnership and with the help of Artificial Intelligence AI.

This episode delves into the recent dynamics of the global smartphone market based on the latest reports from IDC and Counterpoint Research. After two challenging years of decline, 2024 marked a significant recovery, showing the resilience of the market despite lingering macroeconomic pressures. We explore the factors driving this growth, the changing landscape among major players, the rise of new manufacturing hubs like India, and the exciting role of AI in shaping the future of mobile.

Key Highlights:

- Market Recovery: Global smartphone shipments increased by 6.4% year-over-year in 2024, reaching 1.24 billion units. This follows a period of decline since the market peaked in 2016 at 1.47 billion units. The recovery saw smartphone sales grow 4% YoY in 2024, following the weakest year in a decade in 2023. The strong growth in 2024 occurred despite lingering macro challenges, forex concerns in emerging markets, ongoing inflation, and lukewarm demand, proving the market's resilience. Consumer sentiment fared better than in previous years following macroeconomic improvements. Almost all markets showed growth, led by Europe, China and Latin America.

- Top Players & Shifting Shares: Apple and Samsung remained the top two players globally in 2024. According to IDC, both leaders experienced a YoY decline in Q4 2024 due to the aggressive growth of Chinese vendors. Samsung continued to lead the market in 2024 overall, while Apple took the #2 spot with an 18% share according to Counterpoint Research. According to another source, Apple led global shipments in 2024 at 232.1 million units, followed by Samsung at 223.4 million units. Samsung saw strong demand for its S24 and A-series lines, with the S24 performing well as the first phone positioned as an AI device, particularly in Western Europe and the USA. Apple’s iPhone 16 series received a mixed response, partly due to the initial lack of Apple Intelligence availability, although Apple continued to grow strongly in non-core markets like Latin America, Africa and Asia-Pacific-Others.

- Rise of Chinese Vendors: Chinese vendors achieved a historic milestone in Q4 2024, shipping the highest combined volume ever in a single quarter, representing 56% of global smartphone shipments in Q4. Xiaomi secured the 3rd position for the year, with total shipments of 168.5 million units and the highest YoY growth rate (15.4%) among the top 5 players. Xiaomi's growth was helped by its portfolio realignment, premium push, and aggressive expansion activities. Transsion (including itel, Infinix, and Tecno) held the 4th position for the year with a 12.7% growth rate, and claimed the fourth spot globally for the first time. OPPO was 4th but saw a YoY decline, though it ended the year with stronger momentum. vivo rounded off the top five, driven by strong performance in India and China, ending the year as the top-ranked OEM in those markets. Challenger brands like HONOR and Motorola also contributed to the market recovery w

This content was created in partnership and with the help of Artificial Intelligence AI.

North Korean Crypto Heists: Mobile and API Threats

In this episode of Upwardly Mobile, we delve into the alarming tactics employed by North Korean state-sponsored hackers to siphon billions from the cryptocurrency world. Moving beyond targeting just large exchanges, these sophisticated actors, most notably the infamous Lazarus Group, are increasingly focusing on vulnerabilities in mobile devices and Application Programming Interfaces (APIs), the digital connectors powering our apps.

We discuss how your phone, the device you carry everywhere, has become a prime target. Hackers are using sophisticated social engineering and phishing campaigns delivered via messaging apps and social media to trick users into compromising their devices. They develop or infect malicious cryptocurrency apps and fake wallets to steal private keys and transaction data. Furthermore, exploiting vulnerabilities in mobile operating systems and apps, or deploying Remote Access Trojans (RATs) through various mobile vectors, allows them persistent access to steal credentials and control crypto accounts. Reports indicate attackers have even leveraged remote collaboration tools to gain control.APIs, the unseen connectors that enable apps to communicate, are also major targets. North Korean hackers actively seek to steal API keys from developers and employees within crypto firms through phishing and malware. Campaigns like "Operation 99" specifically target developers for sensitive data, including API keys. Exploiting flaws in the design or implementation of exchange and wallet APIs allows them to bypass security or manipulate data. They also utilise supply chain attacks, compromising third-party vendors with API access to gain a foothold and exploit trusted connections. Attacks like the ByBit hack reportedly involved exploiting supplier vulnerabilities and altering wallet addresses, potentially involving API manipulations.These tactics have been linked to high-profile heists against major exchanges like KuCoin and WazirX, and DeFi protocols such as the Ronin Bridge. Stolen funds are then put through complex, multi-stage laundering processes involving mixers, DEXs, and cross-chain bridges to obscure their origin.

We also cover essential defence strategies for both individuals and organisations in the crypto space. For individuals, this includes being hyper-vigilant against unsolicited messages, securing your mobile device with updates and trusted app sources, using hardware wallets for significant holdings, implementing strong, unique passwords and 2FA, and diligently verifying wallet addresses. For organisations, robust API security, regular security audits, employee training, supply chain risk management, and advanced threat detection are crucial.This battle is an ongoing arms race, but understanding these evolving threats is the first step to bolstering your defences.

Sponsor: This episode is brought to you by Approov, a leader in API and mobile app security. Learn more abo

This content was created in partnership and with the help of Artificial Intelligence AI.

Podcast Title: Upwardly Mobile

Episode Title: Beyond Obfuscation: Dynamic Defenses for Modern Mobile Security

Episode Summary: In this episode, we dive deep into the evolving landscape of mobile application security. While traditional methods like code obfuscation once offered a basic layer of defense, they are proving increasingly inadequate against today's sophisticated threats. We explore the findings of recent security analyses highlighting widespread vulnerabilities, such as weak cryptography and exposed credentials, even in enterprise apps.  We discuss why static defenses like obfuscation fall short , especially against the rise of AI-powered attacks and the relentless targeting of APIs. Attackers are leveraging AI for everything from hyper-personalized phishing to adaptive malware and automated vulnerability discovery, while APIs present a direct path to backend systems and sensitive data.  The core of our discussion focuses on the critical need to shift towards dynamic, runtime security measures. We break down key technologies essential for modern mobile defense:

- Runtime Application Self-Protection (RASP): How apps can monitor their own execution and environment in real-time to detect and block threats like tampering, debugging, and compromised devices.  

- Runtime Secrets Protection: Moving beyond hardcoded secrets by delivering API keys and credentials securely, just-in-time, only to validated, genuine app instances.  

- Dynamic Certificate Pinning: Securing communication channels against Man-in-the-Middle attacks with more flexibility and less operational risk than traditional static pinning.  

- App Attestation & Token-Based API Access: Verifying the integrity of the mobile app itself (the 'what') before granting API access, using short-lived tokens to block bots, scripts, and tampered apps.  

We compare static vs. dynamic approaches , emphasizing that while static analysis has its place early in development, dynamic defenses are non-negotiable for protecting sensitive data and functionality in today's threat environment. Learn why embracing these advanced, runtime-aware strategies is crucial for building truly resilient mobile applications.  Keywords:Mobile Security, Application Security, API Security, Code Obfuscation, Dynamic Security, Runtime Application Self-Protection, RASP, App Attestation, Runtime Secrets, Dynamic Certificate Pinning, OWASP Mobile Top 10, API Attacks, AI Security, Cybersecurity, DevSecOps, Mobile App Development, Data Protection, Reverse Engineering, Tampering, Man-in-the-Middle Attack, Credential Stuffing, Secure Coding

Source Material Links:

- Infosecurity Magazine Article:https://www.infosecurity-magazine.com/news/92-mobile-apps-insecure/  

- OWASP Resources (API Security, Mobile Security, Cheatsheets, MASTG):

- https://owasp.org/www-project-api-security/  

- https://owasp.org/www-project-mobile-top-10/  

- https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning  

-

This content was created in partnership and with the help of Artificial Intelligence AI.

Fair Play: How Competition Policy Drives UK Growth and Challenges Big Tech's App Store Power

In this episode of Upwardly Mobile, we delve into "Fair Play: How competition policy can drive growth," a briefing paper from the Institute for Public Policy Research (IPPR). Authors George Dibb and Tommaso Valletti argue that a robust competition policy, enforced by a responsive regulator like the Competition and Markets Authority (CMA), is a cornerstone of shared, equitable growth in the UK.The paper highlights how the UK economy is grappling with rising market concentration and stagnant productivity. It contends that concentrated markets stifle innovation, discourage investment, and suppress dynamism, contributing to a "low-growth trap". Dominant firms, particularly foreign tech giants, are shown to extract wealth from the UK, making it harder for domestic startups to compete. Furthermore, unchecked monopolies pose a significant risk to democratic institutions by concentrating economic and political influence.A key focus is the economic case for robust competition policy. The authors explain that without competition, markets fail to drive innovation and fair treatment for workers and consumers; instead, monopolists extract profits and crush competitors. They address misconceptions, such as the idea that mergers are always good for investment, clarifying that competition policy targets large firms where efficiency arguments no longer apply.The briefing paper calls for reforms to the CMA, advocating for a shift towards a more proactive role aligned with UK growth objectives. Recommendations include accelerating interventions against exploitative practices (like 'big tech' fees), defining a clearer 'growth' mandate focused on wage growth and SME dynamism, streamlining processes, and better integrating competition policy with industrial strategy and trade policy.A prominent case study examined is the lack of competition in app stores, which allows Google and Apple to extract substantial fees from app developers. The typical commission on in-app purchases is 30%, or 15% for small businesses. This effectively acts as an "app store tax," representing a significant revenue transfer away from developers, estimated to be between £0.8 billion and £1.3 billion annually by 2025 if fees were reduced to a 12% benchmark. The paper suggests that well-designed regulation, such as the Digital Markets, Competition and Consumers (DMCC) Act, can drive innovation and create fairer markets.Ultimately, "Fair Play" positions robust competition policy not as anti-business, but as a pro-business, pro-worker, pro-growth agenda that ensures markets reward innovation and hold economic power accountable.

Read the full paper: You can download "Fair play: How competition policy can drive growth" at:http://www.ippr.org/articles/fair-play

Please note: The Coalition for App Fairness is a sponsor of this briefing paper.  Approov Limited is the sponsor of this podcast: www.approov.io 

K

This content was created in partnership and with the help of Artificial Intelligence AI.

Episode Summary: In this episode of Upwardly Mobile, we unpack the unsettling incident involving TeleMessage, a modified clone of the secure messaging app Signal, its use by the U.S. government, and the subsequent data breach. We explore how a lack of fundamental security measures like app attestation and token-based API access created gaping vulnerabilities, allowing a hacker to access sensitive archived data. Drawing on insights from the sources, we discuss why encryption alone is insufficient and highlight the urgent need for robust client-side security to protect sensitive communications and safeguard brand trust in the digital age.

Key Takeaways:

- An obscure Israeli company called TeleMessage offers modified versions of secure messaging apps like Signal, WhatsApp, Telegram, and WeChat, primarily for archiving purposes to meet compliance requirements for organisations, including the U.S. government.

- Former National Security Advisor Mike Waltz was reportedly photographed using a modified version of Signal by TeleMessage, labelled "TM SGNL," during a cabinet meeting, bringing attention to the use of such apps in sensitive government contexts.

- Despite being based on Signal’s open-source code, TeleMessage lacked core security defences such as robust app attestation and secure token-based API access control. This allowed the repackaged and unverified app to establish trust with the Signal backend and interact with secure infrastructure as if it were legitimate.

- A hacker successfully breached TeleMessage and stole customer data, including contents from direct messages and group chats from its modified apps. This hack demonstrated serious vulnerabilities, revealing that archived chat logs were not end-to-end encrypted between the modified app and the archiving destination.

- Data related to sensitive entities, including Customs and Border Protection (CBP) and the cryptocurrency giant Coinbase, were reportedly included in the hacked material.

- The incident underscores the critical need for app attestation, which ensures only authentic, unaltered app versions running in secure environments can access backend APIs.

- Key components of effective app attestation include runtime integrity verification and dynamic token issuance. This approach prevents repackaged, emulated, or jailbroken clients from accessing protected endpoints or receiving secrets.

- Solutions like Approov offer third-party app attestation services that provide comprehensive coverage across iOS and Android, including on jailbroken or rooted devices where platform-native solutions may be limited. Approov also includes features like dynamic certificate pinning and runtime secrets protection.

- The sources suggest that widespread API insecurity is partly due to limitations in platform-native security tools from Apple and Google and their resistance to allowing deeper integration of third-party security solutions.

- While Signal’s end-to-end encryption is a strong foundation, its le

This content was created in partnership and with the help of Artificial Intelligence AI.