- itscybernews
- Posts
- For years, AI couldn't spell its own name. This week it learned to print a working QR code — and the scammers were already in line.
For years, AI couldn't spell its own name. This week it learned to print a working QR code — and the scammers were already in line.
Meta just shipped an image AI that does the one thing these tools always failed at — it prints readable text and scannable QR codes. That's genuinely useful. It also handed every scammer a free print shop.

For about three years, there was one small, funny thing that no AI image generator could do: spell.
You could ask for a photorealistic astronaut riding a horse on Mars and get a masterpiece. Ask for a shop sign that said “OPEN” and you’d get “OPNE” — or “OEPPN,” or some melting alien script that looked like a ransom note written by a drunk robot. The reason was almost sweet: these models never actually learned to read. They learned that letters are shapes, the way clouds are shapes, and they smeared them across the canvas hoping for the best.
This week, that era quietly ended. And it ended in a way that is both genuinely wonderful and — because this is itscybernews, and there’s always a catch — a small gift to every scammer on the planet.
Marvel first. As always.
✨ The wonderful part: the machine finally learned to write
On July 7, Meta’s new Superintelligence Labs shipped its first in-house image model, Muse Image. It’s free inside the Meta AI app, Instagram, and WhatsApp, and it already sits at No. 2 on the public image-quality leaderboard — ahead of Google’s latest, behind only OpenAI. Hundreds of millions of people can use it right now, at no cost, from a phone.
But the leaderboard isn’t the interesting part. How it works is.
Older image generators paint everything in one hallucinatory brushstroke — which is exactly why text came out as gibberish. Muse Image does something different: when your prompt needs something precise, it stops painting and starts thinking. It writes and runs actual code behind the scenes — the way a designer would open a calculator or a layout tool — and only then renders the picture. The result is the stuff these tools always fumbled:
Readable, styled text — a real menu, a real poster, a real infographic where the words are actually the words you asked for.
Accurate charts and diagrams — because it computes the numbers instead of guessing at the shape of a bar graph.
Working, scannable QR codes — the model literally generates a functional code and bakes it into a beautiful image.
Sit with that last one for a second, because it’s a genuine first. For a small business owner, this is magic: “Make me a menu for The Blue Kettle café, warm and hand-lettered, with a scan-to-order QR code in the corner” — and out comes a finished, printable menu with a QR code that actually opens your ordering page. No designer. No separate QR tool. No Photoshop. One sentence, eight seconds, done.
It’s the same story playing out everywhere in AI right now: the machine stops being a slot machine you pull and starts being a tireless intern who checks its own work. Accessibility wins too — someone who can’t afford a designer can now make a clean, legible flyer for their fundraiser or their band or their lost cat. That’s real, and it’s good.
So what could possibly go wrong with an AI that makes flawless branded graphics — complete with working QR codes — for free, in seconds, for anyone?
The answer is sitting on a parking meter near you.
🎣 The catch: you just gave every con artist a free print shop
Here’s the uncomfortable truth about a scam. Most phishing gets caught by a gut feeling — the email that’s almost right, the logo that’s slightly squished, the text that’s weirdly worded, the little wrongness that makes the hair on your neck stand up. Bad design has quietly been one of our best defenses for years.
An AI that produces perfect design erases that defense. And the timing could not be worse, because the fastest-growing scam of 2026 is built on exactly the thing Muse Image just made trivial: the QR code.
They call it ”quishing” — phishing with a QR code instead of a link — and the numbers are genuinely alarming:
Microsoft, which analyzed 8.3 billion phishing threats in the first quarter of this year, says QR-code phishing jumped 146% between January and March 2026.
QR-phishing emails went from roughly 47,000 in August 2025 to over 249,000 by November — a fivefold spike in a single year.
The UK’s fraud line logged a 587% rise in QR-scam reports between 2023 and 2025.
Nearly 90% of these attacks exist to do one thing: steal your login or your card number.
Why QR codes? Because they’re the perfect disguise. A link, you can hover over and inspect. A QR code is an opaque black-and-white box — you can’t tell a real one from a booby-trapped one by looking, and neither can most email filters, which see “an image” and wave it through.
Now picture the two colliding. This isn’t hypothetical — the low-tech version has already been quietly emptying wallets:
In Redondo Beach, California, scammers stuck fake QR stickers on about 150 parking meters, pointing to poi2park.com — one letter off from the real pay2park.com. People scanned, “paid,” and handed their card straight to a criminal.
New York City’s transport department issued a formal alert after fraudsters slapped fake QR stickers on ParkNYC meters.
In Denver’s Cherry Creek, a woman scanned a parking sign, got a fraud alert seconds later, went back — and peeled the fake sticker right off with her fingernail.
Those scams needed a printer, a sticker, and a half-decent fake page. Muse Image and its cousins hand the next wave of scammers the entire toolkit for free: a gorgeous, on-brand parking sign, a flawless “your package is held — scan to reschedule delivery” notice, a pixel-perfect fake invoice with a working malicious QR code and text that’s spelled correctly — mass-produced, in any language, with zero design skill. The tells we used to rely on are gone. And it doesn’t stop at QR codes: readable-text generation means convincing fake receipts, fake screenshots, and fake documents are now a one-line prompt away.
The same leap that lets an honest café print a working menu lets a dishonest stranger print a working trap. It’s the same machine.
Try the AI that knows your customers. No commitment.
Most platform evaluations start with a demo request and end three weeks later in a conference room. This one takes 15 minutes and puts you directly inside Gladly's interface — navigating it on your own terms.
See how AI surfaces real-time customer context before a conversation starts. Watch how a single conversation thread pulls in purchase history, channel history, and account details without a handoff.
No installation. No commitment. Start the interactive demo and see the platform for yourself.
🛡️ The good news: the fix is a habit, not a gadget
The reassuring thing about quishing is that beating it costs nothing and requires no new software. A QR code is just a link wearing a costume — so treat it like one.
Preview before you leap. Every modern phone camera shows the destination URL before it opens. Read it. If a “parking” code wants to send you to poi2park.com, stop. That one-second glance is the whole ballgame.
Give the sticker a fingernail test. Real parking signs are printed into the sign. If the QR code is a sticker you can peel — as Denver’s scammer learned the hard way — it’s fake. Pay through the city’s official app instead.
Be suspicious of “scan me” urgency. “Your package is held,” “your account is locked,” “scan to claim your refund” — urgency plus a QR code is the classic setup. Go to the company’s real app or site by typing it yourself.
Turn on passkeys / phishing-resistant MFA. If a scam does grab your password, a passkey means the stolen password alone opens nothing. This is the single best backstop, and it’s free.
For businesses: assume your email filter is blind to QR codes hidden in images. Use security that actually renders and inspects the code, not just the text — and train your team that a beautiful email is no longer proof of a legitimate one.
None of this is exotic. It’s looking both ways before you cross — updated for a world where the crosswalk can now be forged perfectly.
✅ What to actually do
This week, for you and everyone you nag about tech:
Practice the preview habit once, on purpose. Point your camera at any QR code and notice your phone shows the URL first. Now you’ll never forget to look.
Never scan a QR code on a sticker in public — parking meters, restaurant tables, flyers taped to poles. Use the official app or type the address.
Treat a QR code in an email or text like a link from a stranger, because that’s exactly what it is. Beautiful branding is now free; it proves nothing.
Turn on passkeys for your email and bank this week. It’s the seatbelt for the one time you do get fooled.
If you run a team or a business:
Ask your security or IT contact one question: “Do our email filters actually inspect QR codes inside images, or just the text?” If it’s just text, you have a quishing-shaped hole.
Warn your customers proactively. If you use QR codes for payments or ordering, tell people what your real domain is — so a one-letter fake stands out.
The takeaway
We just watched an AI cross a line it had been stuck behind for years: it learned to write. Legible menus, honest infographics, a working QR code baked into a beautiful image — for free, from a phone, for anyone. That’s a real gift, especially to the small business owner and the person who could never afford a designer. It’s worth being amazed by.
But the very thing that makes it a gift — flawless, effortless, on-brand design for everyone — is the same thing that quietly retires one of our oldest defenses. For years, scams gave themselves away by looking off. Now the polish is free, the spelling is perfect, and the malicious QR code actually scans. The tell is gone, and the only defense left is the boring, powerful habit of pausing to look before you scan.
The machine learned to write this week. That’s genuinely wonderful. It just means the rest of us have to get a little better at reading.
Stay curious, stay safe.
— itscybernews
Was this forwarded to you? Reply and tell us what you’d like us to dig into next — we read every one.

