Tech
Google’s AI Mode now lets you link and interact with select apps
Google announced on Thursday that it now allows users to link and interact with some of their go-to apps right in AI Mode, the tech giant’s conversational search experience. At launch, supported apps include Instacart, Canva, and YouTube.
With this new update, Google is expanding AI Mode beyond answering questions and into completing tasks across the apps they use regularly. The tech giant is also likely hoping that users will rely on AI Mode more often for things like planning and shopping. Plus, the rollout will allow Google to better compete with rivals like OpenAI’s ChatGPT and Anthropic’s Claude, both of which support app integrations.
In one example, Google says that if you’re planning a barbecue and using AI Mode to create a grocery list, you can connect your Instacart account to add the ingredients directly to your shopping cart and quickly check out on the Instacart app or website.

Or, if you’re working on a project and need design ideas, like for a flyer, you can ask Canva to show you a selection of templates. In another example, Google says you could use AI Mode to curate a playlist for your next party and instantly save it to YouTube Music.
The update is rolling out to users in the U.S. Google says it’s working with a range of partners and plans to launch support for more apps soon.
Today’s announcement builds on a capability Google launched earlier this year at Google I/O that lets users connect third-party apps to the Gemini app to complete tasks faster. Supported apps include Canva, OpenTable, Spark, Instacart, and more.
Since its launch in early 2025, Google has been continuously building out AI Mode with more capabilities. Most recently, the tech giant announced that AI Mode can now help check whether an item you need is in stock at a nearby store. Google also recently added the ability for users to explore the web side-by-side with AI Mode to do things like compare details and ask follow-up questions while preserving the context of their search.
Earlier this year, Google launched “Personal Intelligence” on AI Mode, enabling it to tap into users’ Gmail and Google Photos to provide more individualized responses.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Tech
Period tracker Stardust shares users’ health data with analytics firm, says Mozilla research
“Your data is private. Period,” says period tracker Stardust on its website. As new research by Mozilla discovered, some users might find that claim to be a stretch.
According to Mozilla’s latest findings examining the privacy practices of period-tracking apps, Stardust was found to be sharing users’ sensitive health information with third-party analytics company RudderStack. This data included the user’s birthdate, birth control type, reproductive goals, and specific symptoms that the user was experiencing, and it tied that record to a unique identifier in place of the person’s name. (The FTC has long warned that this does not make the data anonymous or prevent it from being linked back to a person.)
Mozilla’s research underscores the security and privacy risks with using period tracking and other health apps that share data with third parties. Oftentimes this happens as background activity within the app, and isn’t visible to the user. It’s not uncommon for apps to share data with other services for storage, analytics, and payments, but sharing users’ information with third parties inherently carries risks, such as potential security lapses, data breaches, or having the data sought by law enforcement.
TechCrunch previously wrote about Stardust in 2022 after the app surged in downloads following the overturning of the constitutional right to seek an abortion in the United States. Stardust claimed it was end-to-end encrypted — meaning that not even the company could access its users’ data — but TechCrunch found by analyzing the app’s network traffic that the company’s claim was false.
Mozilla security researcher Shoshana Wodinsky used a similar technique of analyzing the network traffic of several period trackers, including Stardust, to understand how the apps collected and shared data (if at all) with third parties. Wodinsky found that Stardust was the only app out of the six tested that shared the user’s sensitive health data with another company.
As quoted by BBC News, a Stardust spokesperson said that RudderStack is “contractually prohibited from selling or using it for its own purposes.” As U.S.-based companies, both Stardust and RudderStack can still receive demands for users’ information from law enforcement for users’ health information that’s stored on their servers.
Stardust founder Rachel Moranis did not respond to TechCrunch’s request for comment on Thursday, or questions about whether the company has received demands for its users’ data. A spokesperson said in an email after publication that the company “has never received any requests, demands, or legal process for user data from authorities or third parties.”
Of the six apps tested by Wodinsky, Mozilla recommended Euki as “squeaky clean,” as the app was not seen to be sharing any data with third parties with its core features, and the user’s health data did not leave their device.
Updated with comment from Stardust.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Tech
UK cops say arrest of two young hackers disrupted the operations of an infamous hacking group
U.K. police said on Thursday that the jailing of two hackers has “severely” hampered the activities of the infamous cybercrime group known as Scattered Spider.
Owen Flowers, 18, and Thalha Jubair, 20, pleaded guilty earlier this year to hacking Transport of London (TfL), the government body overseeing the U.K. capital’s public transit system, in 2024. The two were sentenced to five years and six months in prison on Thursday.
The jailing of Flowers and Jubair is a reminder that, sometimes, the most dangerous and effective hackers don’t work for sophisticated government agencies with millions of dollars of budget. More often, they are rather very young and smart hackers motivated by money and infamy among their peers.
Groups such as Scattered Spider, as well as ShinyHunters, another cybercriminal collective, often target and exploit employees and individuals rather than computer systems, a strategy that’s both effective and hard to counter.
While hacking groups’ members tend to come and go, the groups themselves can rebrand. But British authorities are convinced the jailing of Flowers and Jubair represents a significant blow to Scattered Spider, an amorphous group that’s been linked to dozens of high-profile attacks, such as those against casino giant MGM, airline WestJet, and cybersecurity firm Okta. These attacks in turn gave the hackers access to several of these companies’ customers.
“Scattered Spider has been the most significant cybercrime threat to the U.K. in recent years. Through this investigation, we have severely disrupted that threat and brought key offenders to justice,” said Paul Foster, the head of the U.K. National Crime Agency’s National Cyber Crime Unit.
The two hackers were behind the cyberattack against TfL in summer 2024, which took the system’s infrastructure offline, including the ticketing system, and the online real-time train arrival information system. The disruptions lasted for weeks.
Flowers and Jubair were arrested a year later. At the time, the FBI accused Jubair of being involved in attacks on more than 120 companies using social engineering tactics.
Authorities said the attack against TfL resulted in losses of around £29 million (around $47 million). The two hackers had such deep access to TfL systems that they “could have shut out and shut down TfL completely,” and held “the keys to the kingdom” to the company’s systems, according to The Guardian.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Tech
Yes, you can now order DoorDash from the command line
Sudo make me a sandwich. The future has arrived! DoorDash just introduced a limited beta of DoorDash CLI, a command-line tool for developers that lets you order DoorDash directly from your AI agent. The tool can be used to search stores, find deals, and check out, the company says.
Called “dd-cli,” the new tool is open to U.S. and Canadian macOS developers via a waitlist, said DoorDash co-founder and CTO Andy Fang in a post on X. DoorDash was asked for comment about the new feature.
The announcement is getting a lot of attention because, on the face of it, it’s rather funny. Command-line tools are associated with programming, not ordering lunch. An AI agent running commands to order your salad or sandwich can initially feel somewhat absurd.
But the DoorDash CLI isn’t actually a joke; it’s an example of what agentic commerce can look like.
With this move, the company is exposing DoorDash’s ordering platform to AI agents, allowing developers to add functionality to their own software and services. That means instead of visiting DoorDash’s app, developers could build their own tools for ordering food, groceries, or finding local lunch deals, among other things, or use those capabilities as building blocks that are combined with other tools.
DoorDash, too, has experimented with offering its service via iMessage and now has its own AI chatbot, “Ask DoorDash” — offering two examples of how agentic commerce can work. It also exposes its service to AI chatbots, like OpenAI’s ChatGPT and Claude.
The company’s sign-up form for access to the new CLI tool includes a field asking developers what they would build, if allowed into the beta.
The launch has a bit of humor to it, as it recalls that old XKCD comic about programmers automating ridiculous tasks — like making a sandwich. In the comic, a programmer says “make me a sandwich,” and the other person responds, “What? Make it yourself,” so the programmer says “sudo make me a sandwich,” and the other person says “OK.” (It’s programming humor, okay?)
The attached video in the X post leans into the over-engineering angle, as it reads Slack, recalls memories, parses JSON, inspects menu structures, runs Python scripts, recovers from errors, and calculates totals, just to do something as simple as ordering three salads. As the task runs, the interface reads “Flibbertigibbeting,” making the whole thing even funnier.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
