DeepScience — Artificial Intelligence

DeepScience · Artificial Intelligence · Daily Digest

Your AI Might Not Be Looking at the Picture

Today's research asks a question that should make you nervous: when AI says it understands, does it actually see?

            June 08, 2026
          

Hi — three stories today, all zero citations because they landed this morning. The batch is heavy on surveys and position papers I'm setting aside, but underneath there are three empirical findings worth your time. One will make you distrust AI vision tools. One will make you distrust most websites. One will make you distrust your own Instagram grid. Let's go.

Today's stories

              01 / 03
            

AI Vision Models Often Answer Without Actually Looking at the Image

Blur the image completely, feed it to a top AI vision model — and in up to 40% of cases, you get the exact same answer anyway.

Here is what researchers found. They took state-of-the-art vision-language models — AI systems designed to look at images and answer questions about them — and systematically destroyed the images. They blurred them, step by step, until there was nothing left but grey fog. Then they checked: did the model's answer change? For 20 to 40 percent of test questions, across 12 different benchmarks and 3 models (including Qwen2.5-VL and LLaVA-v1.6), the answer didn't budge at all. The AI was essentially a student who memorised the answer sheet and stopped reading the questions. They'd give you the right answer — but for entirely the wrong reason. The team then looked inside the models to understand why. Think of the model's internal processing as a relay race. The first runners — the middle layers — are supposed to pick up visual information from the image encoder and pass it forward. The problem: they frequently drop the baton. Whatever visual information survives that first leg gets actively suppressed by the later layers, which prefer to lean on what they've learned from text instead. Two failure points, one after the other. Why does this matter? If you're using an AI tool to read a medical scan, screen a legal document, or check a security camera feed, and the model is actually running on memorised text patterns rather than your image, you have a reliability problem that benchmarks are currently not catching — because the benchmarks themselves reward correct answers, not correct reasoning. The catch: this diagnostic covers three relatively small models. It doesn't propose a fix. And the researchers honestly acknowledge that full statistical detail is still being worked through. This is an early warning, not a solved problem.

Glossary

vision-language model — An AI system trained to process both images and text together, used for tasks like answering questions about photos.

benchmark — A standard test used to measure how well an AI system performs on a specific type of task.

image encoder — The part of the AI that converts a raw image into a numerical representation the rest of the model can read.

Source: Diagnosing Visual Ignorance in Vision-Language Models

              02 / 03
            

An AI Agent That Spots and Fixes Manipulative Website Design

Ninety-eight percent of the 485 real websites a research team crawled had at least one design trick built in to manipulate your privacy choices.

You've seen these tricks. A pre-ticked box for marketing emails. A 'Reject All' button that's grey and tiny next to a bright 'Accept All'. A cancel subscription flow that takes seven clicks and two guilt-trip screens. These are called deceptive patterns — design choices that nudge you toward decisions you didn't intend to make. They're not new, but a team studying them found something that should raise your eyebrows: AI is now being used to generate and optimise them at scale, a process they call 'AI grooming'. To fight fire with fire, they built DPAgent, a multi-agent system — think of it as a four-person inspection team where each inspector has a different job. One looks for groomed manipulation, one maps the page, one flags the deceptive elements, and one rewrites the interface to remove them. Across a crawl of 485 live websites, DPAgent detected 91 percent of the AI-groomed deceptive patterns it was shown, scored an F1 of 0.82 on privacy-specific manipulation (F1 is an accuracy measure that accounts for both misses and false alarms), and successfully repaired 77 percent of the flagged interfaces. On efficiency: it explored more than 80 percent of deceptive pattern types while visiting roughly 10 percent of the pages that standard methods require. The catch — and this matters — the paper doesn't fully disclose what the baseline comparisons were, or the details of how AI grooming was simulated. A 77 percent repair rate also means one in four problems goes unfixed. This is a promising proof of concept, not a plug-in you can install today. But the underlying finding — that almost every site you visit has at least one manipulation built in — that part is very much real.

Glossary

deceptive pattern — A user interface design choice intended to trick or pressure people into actions they didn't consciously choose, like hidden opt-outs or misleading button colours.

multi-agent system — An AI setup where several specialised models work together, each handling a different sub-task.

F1 score — A single number that combines precision (how often the AI is right when it flags something) and recall (how often it catches what it should) into one accuracy measure.

Source: DPAgent-in-the-Middle: Agentic Defense and Repair Against AI-Groomed Deceptive Patterns

              03 / 03
            

Your Public Posts Are Leaking Your Home Address Without You Knowing

A coffee shop tag here, a gym selfie there, a photo of your street's autumn leaves — together, they're enough to map where you live and work.

The researchers behind this paper started from an uncomfortable premise: private information leaks not from individual posts but from the pattern across many posts. Any single photo you share is probably harmless. The latte on your kitchen windowsill reveals nothing. But latte-on-windowsill plus 7am gym check-in plus Wednesday farmers market plus tagged bookshop is, to the right analysis, a fairly precise map of your life. Think of it like a mosaic floor: each tile is a plain coloured square, but step back and you see a detailed portrait. To study this at scale, a team at — the paper doesn't name a single institution, so I'll say an academic group using both Rednote and Instagram data — built SopriBench, a synthetic benchmark using 50 simulated user profiles, 500 posts, and 1,569 images, guided by real leakage patterns abstracted from 318 actual accounts. They then built Argus, a training-free AI agent that uses abductive reasoning — reasoning backwards from evidence to the most likely explanation — to piece together what a profile reveals. Argus scored 0.55 on their privacy exposure metric versus 0.44 for the best existing baseline. The biggest gains came from cross-post inference: stitching clues across multiple posts, which accounted for 63 percent of the leakage they found. The catch is significant: the test set is synthetic and small — 50 users. The framework was not tested on real platforms in a live setting, and no statistical significance testing is reported. What this paper gives you is a structured vocabulary for the problem and a first benchmark. It doesn't tell you how exposed your actual account is. But it does confirm the threat is cumulative, cross-modal, and much harder to avoid than most privacy advice acknowledges.

Glossary

abductive reasoning — A type of logical inference that works backwards — given a set of observations, what is the most likely explanation?

cross-post leakage — Private information that emerges only when multiple posts are analysed together, not from any single post alone.

privacy exposure score — A metric used in this paper that weights leaked information by how sensitive and granular it is, not just whether it was leaked at all.

Source: What Your Posts Reveal: A Benchmark and Agentic Framework for User-Level Privacy Leakage on Social Media

The bigger picture

Step back and look at today's three stories together, and one uncomfortable theme runs through all of them: the gap between what AI claims to perceive and what it actually does. Vision models that answer without seeing. Websites that claim to offer choice while engineering manipulation. Social feeds that look like casual sharing while quietly building a dossier. In each case, the surface behaviour looks fine — the AI gives an answer, the website gives you a button, your posts get likes — but the underlying process is working against your interests or your understanding. That's not a coincidence. It's a structural feature of systems optimised for output rather than transparency. What today's papers collectively suggest is that diagnosis is finally catching up to deployment. We're getting better tools for asking: is this system actually doing what it claims? The harder question — how to fix it at scale — is mostly still open. But you can't fix what you can't name.

What to watch next

The visual ignorance paper is a direct challenge to benchmark designers — expect responses from the teams behind the 12 benchmarks it audited, possibly within weeks. On the dark patterns side, watch for whether DPAgent's approach gets picked up by browser extension developers or regulators; the EU's Digital Services Act gives this work a natural policy hook. The open question I'd most want answered: can a version of DPAgent run locally in your browser without sending your page contents to a third-party server?