Intelligence on Earth Evolved Independently at Least Twice

Lovense, a maker of internet-connected sex toys, has confirmed it has fixed a pair of security vulnerabilities that exposed users’ private email addresses and allowed attackers to remotely take over any user’s account.

While the company said the bugs were “fully resolved,” its chief executive is now considering taking legal action following the disclosure.

In a statement shared with TechCrunch, Lovense CEO Dan Liu said the sex toy maker was “investigating the possibility of legal action” in response to allegedly erroneous reports about the bug. When asked by TechCrunch, the company did not respond to clarify whether it was referring to media reports or a security researcher’s disclosure.

Details of the bug emerged this week after a security researcher, who goes by the handle BobDaHacker, disclosed that they reported the two security bugs to the sex toy maker earlier this year. The researcher published their findings after Lovense claimed it would take 14 months to fully address the vulnerabilities rather than applying a “faster, one-month fix” that would have required alerting users to update their apps.

Lovense said in its statement, attributed to Liu, that the fixes put in place will require users to update their apps before they can resume using all of the app’s features.

In the statement, Liu claimed that there is “no evidence suggesting that any user data, including email addresses or account information, has been compromised or misused.” It’s not clear how Lovense came to this conclusion, given TechCrunch (and other outlets) verified the email disclosure bug by setting up a new account and asking the researcher to identify the associated email address.

TechCrunch asked Lovense what technical means, such as logs, the company has to determine if there was any compromise of users’ data, but a spokesperson did not respond.

It’s not unheard of for organizations to resort to legal demands and threats to try to block the disclosure of embarrassing security incidents, despite few rules or restrictions in the U.S. prohibiting such reporting.

Earlier this year, a U.S. independent journalist rebuffed a legal threat from a U.K. court injunction for accurately reporting a ransomware attack on U.K. private healthcare giant HCRG. In 2023, a county official in Hillsborough County, Florida, threatened criminal charges against a security researcher under the state’s computer hacking laws for identifying and privately disclosing a security flaw in the county’s court records system that exposed access to sensitive filings.

AI agent tools promise to siphon out some of the drudgery from daily workflows, but most organizations are hesitant to adopt them yet, harboring a pressing concern: data security. Large enterprises with trade secrets, companies in highly regulated industries, and government agencies have thought more than twice about bringing in AI tools out of concern that their — or worse, their customers’ — data could inadvertently be compromised, or used to train foundation models. 

Canadian AI firm Cohere is taking aim at alleviating those concerns with its new AI agent platform dubbed North, which promises to enable private deployment so that enterprises and governments can keep their and customers’ data safe behind their own firewalls. 

“LLMs are only as good as the data they have access to,” Nick Frosst, co-founder and CEO of Cohere, said during a demo of North. “If we want LLMs to be as useful as possible, they have to access that useful data, and that means they need to be deployed in [the customer’s] environment.”

Instead of using enterprise cloud platforms like Azure or AWS, Cohere says it can install North on an organization’s private infrastructure so that it never sees or interacts with a customer’s data. North can run on an organization’s on-premise infrastructure, hybrid clouds, VPCs, or air-gapped environments, Frosst said. 

“We can deploy literally on a GPU in a closet that they might have somewhere,” he explained, adding that North was designed to run on as few as two GPUs. 

Cohere claims North also includes security protocols like granular access control, agent autonomy policies, continuous red-teaming, and third-party security tests. And, it meets international compliance standards like GDPR, SOC-2, and ISO 27001.

More than private deployments

Image Credits:Cohere

Cohere, which has so far raised $970 million, most recently at a $5.5 billion valuation, said it has already piloted North with some customers such as RBC, Dell, LG, Ensemble Health Partners, and, as TechCrunch reported last year, Palantir. 

Techcrunch event

San Francisco
|
October 27-29, 2025

North mirrors many AI agent platforms right out of the box. Its chief features are chat and search, which let users get answers to customer support inquiries; summarize meeting transcripts, write marketing copy, and access information from both internal resources and the web. Frosst added that all responses include citations and “reasoning” chains of thought so employees can audit and verify the output.

The chat and search functions are powered by existing Cohere technology, like Command (its family of generative AI models), and Compass (its multimodal search tech stack). Frosst said North is powered by a variant of its Command model that is trained for enterprise reasoning.

“It goes beyond just Q&A and gets into doing work for you. So, [North] has a bunch of asset creation. It can make tables, it can make documents, it can make slideshows. It can do a bunch of market research,” Frosst said.

It’s worth noting that in May, Cohere acquired Ottogrid, a Vancouver-based platform that develops enterprise tools for automating high-level market research. 

Like other AI agent platforms, North can connect to existing workplace tools like Gmail, Slack, Salesforce, Outlook and Linear, and integrate with any Model Context Protocol (MCP) servers to access industry-specific or in-house applications. 

“As you build confidence by chatting to the model, there’s like a smooth transition that happens between using this as an augmentation to using it as an automation,” Frosst said.