Skip to content
View in the app

A better way to browse. Learn more.

hosang I.T.

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Tech

Tech Articles from a wide variety of topics and categories
Facilities in Apple's supply chain have finished renovations ahead of "iPhone 20" production, according to a Weibo leaker who says Apple's 20th-anniversary iPhone will move to an all-glass design.


In a new post on Weibo, the leaker known as "Fixed Focus Digital" said the "preferred approach" for the iPhone 20 is a return to glass, with manufacturing quality expected to land somewhere around that of the first-generation iPhone Air. The leaker said the relevant manufacturing facility has "already been renovated" and is now waiting for machining to begin, but didn't name the supplier involved. Lens Technology produces iPhone cover glass and previously took over metal-frame and glass-back assembly plants from fellow supplier Catcher Technology.

Apple's iPhone production typically doesn't reach full-scale manufacturing until a matter of weeks before launch; for the iPhone 17, trial production began in June with full-volume output targeted for August, about a month ahead of the device's September release. The information likely refers to an early step in retooling a production line, which is the kind of groundwork Bloomberg said Apple is already "ramping up" as it develops the 20th-anniversary redesign.

The claim adds fresh supply chain detail to a redesign that has been rumored for well over a year. Bloomberg's Mark Gurman reported that Apple is aiming for a "mostly glass, curved iPhone without any cutouts in the display" to mark the iPhone's 20th anniversary, with curved glass wrapping around all sides of the device and a launch expected in September 2027.

In May, Fixed Focus Digital pushed back on an earlier report from fellow leaker Instant Digital claiming Apple was exploring liquid metal or an improved titanium alloy to replace aluminum on future Pro models, arguing that aluminum remains the only practical choice for now given the heat generated by on-device AI processing.

At the time, Fixed Focus Digital said any material change was unlikely before 2027, in line with the iPhone 18 Pro's expected retention of the same aluminum unibody design introduced on the iPhone 17 Pro. Earlier this month, the leaker reiterated that aluminum mid-frames are "going to be used in straight-edge phones for a long time to come," a distinction that leaves room for a different approach on the curved-edge iPhone 20.

The 20th anniversary iPhone models are expected to launch in the fall of 2027, following the iPhone 18, iPhone 18e, and ‌iPhone Air‌ 2 in the spring.Tags: 20th-Anniversary iPhone, Fixed Focus Digital
This article, "Factories Now Ready for iPhone 20's Glass Redesign, Leaker Claims" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple is allegedly using a 60Hz 8.4-inch display panel in the upcoming OLED iPad mini, which is expected to be released later this year.


The information comes courtesy of a hit-and-miss tipster running the account "yeux1122" on the Korean Naver blog. The leaker claims to have been told by a source in Apple's supply chain that the unreleased iPad mini is equipped with a low-temperature polycrystalline silicon (LTPS) backplane hybrid OLED panel clocked at 60Hz.

Apple's ‌iPad Pro‌ models feature two-stack low-temperature polycrystalline oxide (LTPO) OLED panels‌, which makes the display capable of dynamically adjusting its refresh rate between 10Hz and 120Hz (aka ProMotion). In contrast, LTPS OLED panels are usually paired with fixed refresh rates – such as 60Hz, 90Hz, or 120Hz – and are typically dimmer than LTPO panels.

If the leak is true, it's likely to disappoint iPad mini fans. Previous reports have not been clear on whether the iPad mini 8 will feature a higher refresh rate than the 60Hz LCD display used in the existing iPad mini 7. Given that the base iPhone 17 uses a 120Hz ProMotion panel, some would have believed it was reasonable to expect the same on the first OLED iPad mini. That said, the iPhone 17e goes to show that Apple is still in the 60Hz OLED business, so it might not consider the iPad mini to be a big enough market to justify the more advanced panel technology.

There's still hope of course that the rumor is off the mark. The leaker also said that the smaller form factor iPad is currently in mass production at Samsung Display's A2 Generation 5.5 OLED production line, which is located at its Asan campus in South Korea. Samsung has used the A2 line to manufacture LTPO panels as well as comparatively inferior LTPS panels, so if that piece of information is true, it doesn't mean the new iPad mini will definitely use the latter panel.
OLED iPad Mini: Release Date, Pricing, and What to Expect
Late last month, a report from Korean outlet ETNews claimed that mass production of the iPad mini 8 was underway at a Samsung factory. There are no rumors suggesting exactly when the next ‌iPad mini‌ will be released, but a late 2026 launch is widely expected. Aside from refresh rates, OLED offers several advantages over the LCD technology used in the iPad mini 7, such as higher contrast, deeper blacks, and improved power efficiency.Related Roundup: iPad miniTags: Naver, OLEDBuyer's Guide: iPad Mini (Don't Buy)Related Forum: iPad
This article, "Upcoming OLED iPad Mini Allegedly Uses 60Hz 8.4-Inch Display Panel" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple grew iPhone shipments in China by 24.4 percent year over year in the second quarter of 2026, making it the fastest-growing smartphone brand in a market that shrank overall, according to preliminary figures released today by research firm IDC.


Total shipments in China fell 4.3 percent to roughly 66 million units, amounting to a fifth consecutive quarter of decline. Apple and Huawei were the only major vendors to grow, with Huawei up 19.4 percent.

Apple's share of the Chinese market rose from 13.9 percent to 18.1 percent year over year, which was second only to Huawei's 22.6 percent. Meanwhile, Xiaomi suffered the steepest fall among the big brands, with shipments down 21.7 percent.

IDC attributes the market divergence largely to the way vendors reacted to rising memory and component costs amid the AI infrastructure buildout. Most Android vendors raised prices from late March, but Apple and Huawei held theirs steady, instead introducing targeted promotions.

On top of this, Huawei kept widening its lineup to cover more of the market, while Apple's early warnings of upcoming price increases in the second half of the year encouraged some buyers to purchase iPhone 17 series models sooner than they might have otherwise. "That gave hesitant buyers a reason to go ahead and purchase," said IDC analyst Arthur Guo.

The growth came despite a weak June market, as smartphone sales during China's "618" shopping festival fell nearly 15 percent compared to the same period in 2025.


IDC says it expects conditions to deteriorate over the next couple of years. As vendors run down cheaper component inventory, the firm forecasts China's year-over-year decline could widen to around 20 percent in the second half of 2026, right around when Apple is expected to launch its new iPhone 18 Pro models and first foldable iPhone. Storage prices are unlikely to ease meaningfully before 2027, and a broader recovery is not expected until 2028 or 2029, reckons IDC.

On the bright side, the research firm believes customers are postponing upgrades rather than walking away from smartphones, so the delayed demand should return in time. On that basis, a recovery could arrive around 2028–2029 as a fresh replacement cycle comes due.Related Roundup: iPhone 17Tags: China, IDCBuyer's Guide: iPhone 17 (Neutral)Related Forum: iPhone
This article, "iPhone 17 Pricing Helped Apple Buck China's Q2 Smartphone Decline" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
WhatsApp is developing a first-party cloud storage option for chat backups on iPhone, providing users with an alternative to iCloud for the first time, according to app tinkerer WABetaInfo.


Code found in the WhatsApp beta for iOS (version 26.28.10.16), available through TestFlight, suggests that users will eventually be able to pick their preferred backup destination directly from the app's chat backup settings. iCloud however will remain the default.

The feature harks back to one that WABetaInfo spotted in development for Android back in April, which is set to give users on Google's platform a way to store backups off Google Drive.

Under the plan, WhatsApp will reportedly include 2GB of free storage on its own servers, and there will be a 50GB tier priced at around $0.99 per month, similar to Apple's entry-level iCloud+ plan. There is also said to be a 1TB option in the works, although the tiers and pricing could always change before the backup feature goes live.

Image: WABetaInfo
Notably, backups kept on WhatsApp's servers will be protected by end-to-end encryption (E2EE) by default, with no way to switch encryption off. That's firmer protection than what is offered by iCloud backups, whose users must turn on encryption manually by enabling Advanced Data Protection (ADP). WhatsApp will reportedly recommend securing backups with a passkey, but a password or 64-digit key will also work.

WABetaInfo says the feature is still in development and not yet working for beta testers, and WhatsApp hasn't yet stated when it plans to officially launch the backup alternative.Tag: WhatsApp
This article, "WhatsApp Beta Reveals iCloud Backup Alternative for iPhone" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
A newly documented phishing-as-a-service platform distributed through Telegram is lowering the technical barrier to Microsoft 365 account takeovers by giving less-skilled attackers automated tools to evade some authentication controls and retain access after compromise.
The platform, called Forg365, uses AI-assisted lure creation alongside device-code abuse and adversary-in-the-middle techniques, according to research published by security company ZeroBEC.
Forg365 was offered with a five-day free trial, followed by subscriptions priced at $400 per month or $3,800 per year, the researchers said.
Customers can build phishing lures and control email delivery through a single operator panel. They can also manage captured account data and monitor compromised Microsoft 365 mailboxes. The service includes templates that impersonate widely used business platforms such as DocuSign, Adobe Acrobat Sign, SharePoint, and OneDrive.
“Phishing-as-a-service has been around for quite a few years,” said Jonathan Ong, senior analyst for managed security services at Omdia. “But the degree to which AI is integrated into Forg365 and enables users is what makes it concerning.”
Forg365’s significance lies in the industrialization and productization of the operator workflow, according to Devashri Datta, a cybersecurity researcher. “It integrates AI-assisted lure creation, evasion, and post-compromise mailbox operations into a subscription service distributed through Telegram,” Datta said.
How Forg365 works
ZeroBEC said the campaign it investigated began with an email built around a business-document and remittance-approval pretext. The message relied on legitimate cloud and email services before sending the recipient through several redirects.
Forg365 classified visitors before deciding whether to display a device-code phishing page, an adversary-in-the-middle flow, or a harmless decoy.
In the device-code attack, the victim is directed to a legitimate Microsoft authentication process and persuaded to enter a code that authorizes a session controlled by the attacker. The involvement of genuine Microsoft infrastructure can make the request appear credible.
The platform can also relay authentication through an adversary-in-the-middle attack and capture session information. ZeroBEC said suspicious visitors were diverted to a benign page, helping the operators conceal the phishing flow from researchers and automated security tools.
Complicating incident response
A browser extension called ForgCookie allows attackers to generate and refresh Microsoft single sign-on cookies from their own browsers, ZeroBEC said.
Forg365 also advertises tools for keeping sessions active and monitoring a compromised inbox. Read-only access to the mailbox can then be shared through a password-protected link.
As a result, resetting a password may not remove the attacker. Stolen refresh-token material or an attacker-controlled session could remain usable after the password is changed. Any devices registered during the compromise must also be investigated.
“CISOs should treat two controls as co-equal priorities rather than sequential ones,” Datta said, referring to tightly restricting device-code authentication and deploying phishing-resistant MFA such as FIDO2 or WebAuthn passkeys.
Organizations that do not require device-code authentication should consider blocking it in Microsoft Entra ID, said Keith Prabhu, founder and CEO of Confidis. This can disrupt the device-code component of a Forg365 campaign, although it would not stop attacks that rely on adversary-in-the-middle techniques or stolen session cookies.
Companies that still depend on device-code authentication should identify legitimate uses before imposing a broader restriction. Exceptions may be needed for some command-line tools, conference-room systems or other devices with limited input capabilities.
Deploying phishing-resistant authentication may also require hardware security keys or managed smartphones and could increase support requests during the transition, Datta said.
After detecting a compromise, response teams should revoke active refresh tokens and terminate existing sessions. Prabhu also recommended reviewing and revoking unauthorized OAuth permissions. Because ForgCookie runs in the attacker’s browser, defenders should look for repeated silent sign-ins and non-interactive Microsoft Graph activity from unfamiliar addresses, according to ZeroBEC.
Mailbox forwarding rules and delegated access should be reviewed for unauthorized changes, Prabhu said. Such changes could allow attackers to monitor communications or retain access after a password reset.
“IR teams should audit newly registered devices and remove any that cannot be attributed to the user,” Datta said. Teams should also check whether an attacker enrolled an unauthorized authenticator application or passkey during the compromise, she added.
ZeroBEC found that some devices registered during its investigation had names beginning with “Forg365,” giving defenders a possible indicator of compromise.
View the full article
Google has announced the rollout of Chrome's latest AI features to Mac and PC users in the U.K., indicated by a new "Ask Gemini" button with a sparkle icon in the upper right side of the browser.


Gemini in Chrome can work across multiple tabs, which is supposed to make it useful for comparing and summarizing information from several websites at once.

It also integrates with Google services such as Calendar, YouTube, Gmail, and Maps, allowing users to perform tasks like jumping to a specific moment in a YouTube video, scheduling a meeting, or drafting an email without leaving the current webpage.

The rollout includes Nano Banana, a new AI tool that can be used to generate images from text prompts right from the browser's sidebar.

Google says the new AI features will also be coming to iOS in the U.K. next month.

If you're not interested in any of this stuff, you can simply right-click on the Ask Gemini button at the upper right corner of Chrome and select Unpin to remove it from the browser.

Gemini's Chrome integration was initially limited to AI Pro and AI Ultra subscribers, but Google expanded access to all desktop users in the US in September 2025, followed by rollouts to over 50 countries.Tags: Chrome, Google, United Kingdom
This article, "Google Chrome's Gemini AI Features Roll Out to UK Users" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Seventy-one percent of organizations say AI has access to core business systems. Only 16% govern that access effectively, according to the 2026 CISO AI Risk Report. Ask your IR team three questions: Where is your AI system inventory? What happens if a production model starts generating harmful outputs? Who has the authority to take it offline?
I’ve spent 14 years in security — energy, banking, telecom, manufacturing. Red team work, detection programs and the last several years focused on AI risk and ShadowAI. What I see consistently: Organizations have AI in production, they have an IR playbook and they think those two things are connected. They’re not.
The CISO who thinks their IR playbook covers AI incidents probably hasn’t tested it. The ones who have tested it know it doesn’t.
Two kinds of AI incident — and why that split matters more than the list
AI incidents surged 56.4% from 2023 to 2024, reaching 233 documented cases. Most IR frameworks — including NIST SP 800-61, MITRE ATLAS and the GLACIS AI Incident Response Playbook — provide you with a taxonomy of six incident types and stop there. While useful, it misses the more important split: Failures the model causes on its own, versus failures caused by a human. Your detection approach, your containment logic and your legal exposure are very different between those two groups.
Model-originated failures — degradation, bias, hallucinations — happen when the system does exactly what it was built to do, just badly. The Epic Sepsis Model, deployed across hundreds of US hospitals, had a sensitivity of only 33% at external validation. It missed two-thirds of actual sepsis cases and flooded physicians with false alerts, as a 2021 JAMA Internal Medicine study found. No one attacked it. It just quietly stopped working while every dashboard stayed green.
Externally induced failures — adversarial attacks, data poisoning, privacy breaches — happen when someone corrupts the inputs or the training environment. Tesla’s Autopilot phantom braking cases, investigated by NHTSA across hundreds of thousands of vehicles, show what adversarial input failures look like in a safety-critical system. These two groups need different primary defenses and their own playbooks.
Then there is the hybrid case, which carries the most legal exposure right now. Hallucinations are model-originated but they land in court like human errors. When Air Canada’s chatbot invented a bereavement fare policy, the airline was held liable. When a US federal court let Mobley v. Workday proceed, it accepted that an AI hiring platform could be directly liable as an ‘agent’ of the employers using it. Neither failure looked like a security incident. Both ended up as legal ones. If your legal team is not on your IR call tree, your playbook is already incomplete.
The CIA triad doesn’t cover a hallucination
The CIA triad — confidentiality, integrity, availability — does not apply to most AI incidents. When Air Canada’s chatbot made up a policy, nothing was unavailable, nothing was changed without authorization, nothing was disclosed. The framework simply doesn’t reach it. When the Epic Sepsis Model missed two-thirds of cases, there was no breach, no intrusion, no indicator of compromise. By every traditional IR metric, the system looked fine.
This is not an edge case. Classical IR frameworks assume deterministic failures with static indicators of compromise — an assumption that breaks down against probabilistic systems. Microsoft’s Security Blog said it well in April 2026: A model may produce harmful output today and something completely different from the same prompt tomorrow. The root cause is not a line of code. It is a probability distribution, and as Microsoft’s Security Blog put it, you cannot patch a probability distribution.
The numbers confirm the gap. Average AI incident detection time is 4.5 days. Sixty-seven percent of AI incidents come from model errors, not adversarial attacks — yet security budgets keep funding perimeter tools built for the latter. We are looking for the wrong signals, with the wrong tools, for the wrong failure modes.
What a mature AI IR capability looks like
I get asked this at every conference I speak at. Here is the short answer: Three things that mature teams have in place before any incident occurs.
First, an AI Bill of Materials (AIBOM) for every production system. Think of it like a software SBOM, but for AI: It documents the base model, training datasets, third-party dependencies and the full component stack. Without it, you don’t know what your AI is made of — and you can’t investigate a data poisoning incident or a supply chain compromise without that baseline. The OWASP GenAI Security Project released an open-source AIBOM generator in December 2025 that produces output in CycloneDX format aligned with SPDX standards. It is practical to implement now.
Second, a model card for every production AI system — not a document in a shared drive nobody opens, but something your IR team can pull up in the first ten minutes of a response. Training data provenance. Model version. Known performance limits, including which subpopulations showed weaker accuracy in testing. Access controls. Blast radius if it fails. Most organizations I work with have model documentation written for data scientists that no one in security can use at 2am. That is not documentation. That is liability.
Third, a named data scientist on the IR call tree. Not someone to brief after the incident — someone with authority to interrogate model behavior in real time. Traditional IR has a network engineer on call. AI IR needs the same logic applied to the people who understand how the failing system works.
A fourth thing that very few teams have: A documented rollback threshold for each deployed model. A pre-agreed definition of what anomaly rate, drift metric or fairness deviation triggers containment or a fallback switch. Teams without this spend the first hours of an AI incident debating whether what they are seeing is actually a problem. Teams with a threshold spend those hours responding.
Four things to do before the next incident
Rewrite your detection triggers. Output anomaly scoring, data distribution monitoring for drift and behavioral tracking of model API usage need to be in your detection layer. They will not come from your SIEM. This is instrumentation work at the AI system level.
Redefine containment. For most AI incidents, ‘isolate the system’ is the wrong first move. Switching to a rule-based fallback while keeping the service running may cause less harm than taking the system offline and triggering a business escalation. Each deployed model needs pre-defined rollback criteria and a named fallback. Write those down now.
Get legal in the room before the incident. Mobley v. Workday means both the AI vendor and the deploying organization can carry liability for bias incidents. Air Canada means you cannot disclaim what your AI says to a customer. If your legal team is learning about an AI incident from a press inquiry, something has already gone wrong.
Build your AI inventory and treat it like your asset register. Start with the AIBOM for your highest-risk systems — those with access to customer data, financial decisions or clinical workflows. The GenAI-IRF framework gives you a structured taxonomy for this work and the GLACIS AI Incident Response Playbook maps it to NIST SP 800-61 and MITRE ATLAS procedures your team can adapt without starting from scratch.
Forty-two percent of organizations have already had a suspicious or confirmed AI incident, and more than half say their security posture is catching up, inconsistent or reactive. Updating your playbook isn’t optional. Fix it before you need it.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
Enterprises have worked for years to improve detection and response times in the face of increasingly sophisticated attacks that relied on manual hacking and living-of-the-land techniques. AI is now threatening to undo those efforts.
An increasing number of threat actors are automating all phases of attacks, including lateral movement by using LLM-powered agents, severely reducing the time from initial access to deep environment compromises.
“The real shift is speed, scale, and orchestration: familiar cloud attack techniques were executed faster and across more surfaces than defenders could comfortably contain,” wrote researchers from security firm Sygnia last week in a report about an AI-assisted cloud environment compromise they investigated.
Sygnia’s report came on the heels of research from Sysdig about a cyber intrusion and extortion campaign conducted end to end by an autonomous AI agent. Actions undertaken by the agent included harvesting credentials, mapping internal services, and establishing persistence.
What both incidents show is that AI attacks have graduated beyond LLM-written malware scripts and phishing lures to handling all stages of attack chains, including parts that previously required human reasoning and hands-on command execution adapted to the environment.
Last month researchers from the University of Toronto revealed that they managed to create an AI-powered self-replicating worm capable of autonomously finding and exploiting weaknesses in dozens of simulated systems. The researchers achieved this by leveraging an open-weight AI model and building an attack harness to keep it on track.
While it may not be surprising to security experts that this level of AI-assisted attack automation is already happening in the wild, it’s very unlikely that many companies have had time to adapt their defenses.
“What this exposes is a truth that all security personnel must come to terms with: Most breaches won’t hinge on advanced AI, but on unpatched systems, exposed services, and weak identity controls,” Gidi Cohen, CEO and co-founder of AI security startup Bonfy.ai, tells CSO. “AI just makes those gaps impossible to ignore. The organizations that will struggle aren’t the ones lacking AI defenses; they’re the ones still relying on human-speed security in a machine-speed threat environment.”
No need for zero-days
As aptly demonstrated by the U of Toronto study, AI agents don’t need sophisticated zero-day vulnerabilities to break into environments, because many environments have systems and applications with known flaws and generic weaknesses.
The attack documented by Sysdig, which its researchers dubbed JadePuffer, exploited a year-old vulnerability (CVE-2025-3248) in Langflow, ironically a tool for building AI agents. In the new attack documented by Sygnia, attackers exploited a weakness in a web application that enabled them to find a stored AWS key. From there they quickly made their way through the victim’s cloud environment with the help of AI automation.
“The threat actor was not exploiting a single misconfiguration; they were chaining weaknesses across application services, AWS resources, source-control repositories, CI/CD workflows, runtime components, and data stores, while rapidly executing credential discovery, secrets harvesting, cloud enumeration, deployment-pipeline abuse, runtime modification, database access, and operational disruption,” the researchers said.
As with the JadePuffer case, the attackers documented by Sygnia were focused on extorting money from the victim. To achieve this, they compromised as many AWS instances as possible, exfiltrated data but also set up multiple persistence points in the AWS environment. The goal was to put pressure on the victim by demonstrating that despite recovery efforts they still had access to the environment.
Speed is the new game
Once sophisticated attackers break into an environment they often spend weeks or even months slowly moving to other systems. This is in part because it takes time for a human team to gain a thorough understanding of the environment and to find where the most valuable systems are.
This activity is also often trial-and-error: The attackers perform reconnaissance to discover the network’s topology, find exploitable weaknesses in additional systems, and search them for stored credentials that could provide access to more targets, all while using existing OS tools or common system administration techniques that won’t trip malware and intrusion detection systems.
Active threat hunting is one way to counter such techniques that are designed to evade automated detection. When threat hunting, human analysts inspect the organization’s network and systems manually for signs of compromises that might have been missed by tools. This is a slow but effective defensive technique — but only if attackers operate with the same time constraints.
“Traditional incident response often relies on the assumption that attacker progression will generate enough observable signals for defenders to investigate and contain activity before access materially expands across the environment,” Sygnia’s researchers wrote in their report. “The observed attack pattern challenged this assumption. Forensic traces showed rapid, repeated activity consistent with automated or AI-assisted workflows for credential harvesting, permission analysis, vulnerability discovery, and attack-path mapping, allowing the intrusion to progress across multiple stages in a compressed time frame.”
And it wasn’t a case of simple automated scripts going through an attack playbook either, but workstreams that showed clear signs of environment adaptation. Every new access was rapidly assessed and resulted in actions tailored for that specific system, whether an EC2 instance, S3 bucket, SQL database, or a CI/CD runner on GitHub.
Prevention is back in the spotlight
The obvious answer to AI-assisted attacks is AI-assisted defense. But simply the presence of AI-powered features in detection and response products is not a guarantee for thwarting such fast and adaptive attacks. Organizations must ensure all these tools and workflows are well integrated into a coordinated process across their different teams.
Moreover, these attacks show the value of defense-in-depth actions such as continuous validation of configurations, fast patch deployment, frequent secrets rotation, network segmentation, IP-based access control rules, implementing the principle of least privilege for credentials, restricting administrative privileges, enabling multi-factor authentication, and isolating cloud workloads.
Sygnia also recommends building automated response playbooks that can be quickly adjusted and deployed when potential signs of compromise are detected.
“The skill floor for running a ransomware operation dropped to the cost of running an agent,” Dray Agha, senior manager of tactical response at security firm Huntress, tells CSO. “Very mediocre cyber criminals can now ‘level up’ their impact from AI. That should worry defenders more than any single new technique, as it means more attackers, more often, against more of the long tail of unpatched, exposed infrastructure.”
View the full article
Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through the OAuth connections that tie Salesforce to the apps and third-party vendors around it. In View the full article
Global security agencies say enterprises must clean up their act as Russian government-sponsored attackers exploit weaknesses in routers.
According to a new multinational cybersecurity advisory, cyberattackers continue to exploit inadequately-protected and/or poorly-configured network devices via age-old tactics. Threat actors scan for weakened devices, typically routers, allowing them to “opportunistically” compromise critical infrastructure networks, according to the bulletin from 19 federal agencies across North America, the UK, Europe, and Australia.
They then transfer configuration files to servers they control. These files, containing plaintext or weakly-encoded information like credentials, or details about the organization’s network, hold most of the potential value, noted Seva Ioussoufovitch, a senior research analyst at Info-Tech Research Group.
“It might sound simple, but this tactic has been exploited for well over a decade, and is clearly still effective,” he said.
How SNMP attacks work
To begin their attack, state-sponsored cybercriminals send requests via the standard Simple Network Management Protocol (SNMP) framework that supports device-network information exchange, which allows them to scan for weak, insecure devices still using older SNMPv1 or SNMPv2 protocols that accept common or default “community strings” for authentication. These strings are typically shared passwords, with predictable, public defaults that might have been left untouched by admins. Additionally, many of these devices may remain in their basic router configurations.
Using spoofed IP addresses, threat actors instruct SNMP agents running on these devices to copy their configurations to a file (typically “config.bkp” or “output.txt”), then transfer that file to virtual private servers (VPSs) that they control. In addition, cybercriminals are exploiting common vulnerabilities and exposures (CVEs) in Cisco devices, as well as in the Cisco’s Smart Install (SMI) tool.
Actors have exploited, at the very least, CVE-2018-0171 (published in 2018) and CVE-2008-4128 (published in 2008), according to the bulletin. Both of these targeted Cisco routers, giving remote, unauthenticated attackers the ability to execute arbitrary code, take unauthorized actions, or cause a denial of service (DoS).
Notable groups using this method are known to the security community as “Berserk Bear,” “Crouching Yeti,” “Dragonfly,” “Energetic Bear,” “Ghost Blizzard,” and “Static Tundra.” According to the bulletin, the industries most vulnerable to Russian state-sponsored cyber actors include communications, energy, financial services, defense industrial bases, healthcare and public health facilities, and government services and facilities.
A set-and-forget approach, even in 2026
The problem with router hygiene is that devices are susceptible to a “confluence of typical enterprise shortcomings” when it comes to operationalizing security, noted Info-Tech’s Ioussoufovitch.
“Many organizations still take a set-it-and-forget-it approach to routers, and don’t track them like they would an endpoint,” he said.
Compounding this risk is the fact that routers are typically critical to business continuity, which increases the necessity of keeping their security up-to-date. To make things worse, in some cases, it might also be unclear who’s in charge of device security. “Security points to the network team and they’re pointing right back at security,” Ioussoufovitch noted.
As well, many organizations continue to rely on legacy hardware that may be unsupported, but that the business is unwilling to replace.
Ultimately, Ioussoufovitch said, “network security just doesn’t seem to be receiving the same amount of attention as the usual areas of focus (like endpoints).”
Recommendation: Move away from older protocols and devices immediately
Specifically, the agencies urged security teams and network admins to upgrade to SNMPv3, enforce secure passwords, disable Cisco Smart Install, and block SNMP and common file transfer methods “at the firewall.”
Enterprises should immediately disable SNMPv1 and SNMPv2, which are “legacy protocols and should no longer be needed on current devices.” In instances where they are still deemed necessary, shift from default settings to grant read-only access (no read-write access).
SNMPv3 should be employed with authPriv configured to the “most modern encryption standard,” the bulletin advised. SNMPv3 adds strong authentication and data encryption unavailable in previous versions, and has more securely encoded parameters to authenticate and encrypt data.
“Moving to SNMPv3, which offers stronger authentication and encryption, is a clear, actionable step security teams need to prioritize now,” Ioussoufovitch agreed.
The government agencies urged enterprises to use strong, unique passwords for local accounts on network devices, and to monitor for unusual credentials that do not match standard naming conventions, or misconfiguration in logs or intrusion detection systems (IDS). Networks should support multi-factor authentication (MFA), and admins should enforce allow lists for management protocols like SNMP.
Additionally, enterprises should update network device software, retire end-of-life devices, and disable Cisco Smart Install on all machines once initial configuration is complete, as this introduces serious security issues when it inadvertently remains enabled, the agencies said.
Network security must improve across the board
The advisory is a signal that enterprises may be underinvesting in network security, noted Ioussoufovitch. Admins and security leaders should be asking these questions:
Do they have decent network detection and response capabilities in place? Are they applying analytics and anomaly detection to network traffic patterns? Have they incorporated micro-segmentation across the enterprise environment to limit risks posed by any individual router? “Getting at least some of these proactive measures in place, while taking a more disciplined approach to the tracking and replacement of EOL devices, can help security and network teams finally start making some headway against these types of threats,” said Ioussoufovitch.
David Shipley of Beauceron Security agreed that enterprise networking equipment security must be improved, but said that’s more on the vendors than the critical infrastructure providers. Vendors should be shipping products that are secure by default; customers shouldn’t have to be going back and turning these features on.
He added that it would be great to see Salt Typhoon-proof levels of device security and authentication. “Right now, it’s been trivial for them to pwn networking gear,” he said.
While the guidance is important and will help, Shipley said, “building better and shipping secure by default would do even more.”
View the full article
The US authorities NSA, FBI, and CISA warn that Russian hackers have recently carried out a number of attacks on critical infrastructure in North America and Europe.
Hackers are reportedly breaking into networks using vulnerable and misconfigured routers, making it extra important to install the latest security patches.
The most vulnerable are infrastructure related to energy, communications, healthcare, industry, the economy, and defense. Authorities in Australia, the UK, Canada, New Zealand, Estonia, Finland, France, and Italy support the warning, reports Bleeping Computer.
View the full article
Apple released the iOS 27 public beta today, and if you've been curious about the new software, now's the time to try it out. ‌iOS 27‌ brings Siri AI, performance improvements, and lots of new Apple Intelligence features. With the public betas, you don't need to wait until September to see what's new.


‌iOS 27‌ is one of Apple's most stable betas compared to prior years. We never recommend installing a beta on a main device, especially if you rely on important health apps, but if you have a secondary device or can live with a few bugs, the software is worth checking out.

Performance Improvements

Apple sped up a long list of features in ‌iOS 27‌, and it's immediately noticeable when you download the software.

Everything feels snappier than it did in iOS 26. Animations are quicker, apps launch faster, and AirDrop transfers complete faster. You'll see improvements when taking photos, opening the keyboard, using the App Library, and swapping Home Screen pages. Your iMessages between devices sync more accurately, messages won't fail to send and will be automatically retried, and your iPhone can transition more smoothly between Wi-Fi and cellular.

The majority of new features in ‌iOS 27‌ require ‌Apple Intelligence‌ and an iPhone 15 Pro or later, but the under-the-hood improvements are available on all iPhones, and even older iPhones will feel faster.

Siri AI

‌Siri‌ got a total overhaul in ‌iOS 27‌, and it's now "‌Siri‌ AI." It's more like ChatGPT or Claude than the prior version of ‌Siri‌, with support for back-and-forth conversations. ‌Siri‌ AI can do a lot of what other AI chatbots can do, but unlike other AI options, ‌Siri‌ has private access to your messages, emails, photos, apps, and other personal data so it can complete a wider range of tasks. ‌Siri‌ can also search the web, so it can answer all kinds of queries.

You can activate ‌Siri‌ with a wake word, swipe down from the middle of your screen to type a question to ‌Siri‌, chat with ‌Siri‌ in the ‌Siri‌ app, or press the side button to activate ‌Siri‌.

Some examples of what ‌Siri‌ is now able to do:

Create home automations with a command like lock all the doors at midnight.
Find specific emails, messages, photos, images, links, files, and other documents people have sent to you. You can ask based on person, time, location, and more.
Delete files, emails, photos, or messages.
Add all items from a recipe on a website to a shopping list.
Recommend activities, places, and restaurants you might like based on what it knows about you.
Look at something on your screen like a website and answer questions about it.
Answer general knowledge questions.
Add information about people to the Contacts app when asked, like birthdays or additional phone numbers.
Find passwords for websites and apps that are stored in the Passwords app.

For more on some of the commands you can use with ‌Siri‌, we have a dedicated Siri AI guide.

Visual Intelligence

Visual Intelligence is accessible through the Camera app with a new ‌Siri‌ mode that you can choose as an alternative to photo and video modes. It works the same as it did before, but it's easier to get to.

There are new ‌Visual Intelligence‌ features, and ‌Siri‌ can do things like tell you the nutritional value of something you're about to eat, or calculate what everyone owes from an image of a receipt. We have more examples in our iOS 27 Visual Intelligence guide.

Write with Siri

‌Siri‌ can generate text from scratch in ‌iOS 27‌, and there's a system-wide Write with ‌Siri‌ feature you can get to from the keyboard. ‌Siri‌ can help you write, give you feedback on what you've written, change the tone or wording of your writing, and even write in your style by analyzing your emails and messages.

Your iPhone also automatically suggests grammar fixes in addition to spelling fixes.

Photos Clean Up

The Clean Up tool that removes unwanted objects from images in the Photos app is much improved in ‌iOS 27‌, and it does a better job cleanly removing what you don't want and filling in what's missing more convincingly.

There are also new image tools for extending the borders of a photo using AI, and changing the perspective or composition of an image.

Our full iOS 27 Photos guide goes through all of the new features.

Passwords

If you use the Passwords app, there's a new feature that uses Safari to automatically change weak and compromised passwords for you. It requires a device that supports ‌Apple Intelligence‌.

Safari

You can create custom extensions with natural language commands in Safari, which is useful for when you want to do something specific but there isn't a good extension available. Some sample suggestions, from Apple:

Create a citation for the current webpage and copy it to my clipboard
Create a 3-minute focus timer for the page
Set the minimum font size to 14pt
Turn the page into pirate speak
Style websites like 90s websites with bold colors and type
Every time I open a new tab, draw me a different flower
Highlight and show the dimensions of webpage elements when I tap on them
Enter the design mode for a website so that I can edit the contents

Safari can also automatically organize your tabs into categories and watch a webpage and let you know if there are changes. For more, read our iOS 27 Safari guide.

Home App

Use HomeKit Secure Video cameras? They now support 2K and 4K recording. There's also a new AI feature that gives you text descriptions for what's happening in your home, and there's an option to search through videos using natural language to find something you're looking for.

The AI features will require a 2TB iCloud+ plan at launch, but the 4K streaming doesn't.

For more on what's new in the Home app, check out our iOS 27 Home guide.

AirPods EQ

If you've ever wanted to adjust the sound of your AirPods, you can do so with new AirPods customization options that let you tweak mids, highs, and lows. Custom EQ is available for AirPods 4, AirPods Pro 2, AirPods Pro 3, and AirPods Max 2.

Shortcuts

If you find the Shortcuts app intimidating, it's easier to use in ‌iOS 27‌. You can tell the Shortcuts app what you want to be able to accomplish with a shortcut, and it'll make it using AI. You can then refine it with further natural language requests, or manually edit.

How to Install the Beta

You can sign up for the ‌iOS 27‌ beta (and any other betas) using Apple's public beta website. Once you're signed up, you can go to Settings > General > Software Update and then choose the ‌iOS 27‌ Public Beta to install the update.

Make sure to create a backup before you install the beta just in case you want to downgrade back to ‌iOS 26‌ later.

How to Downgrade From iOS 27 Beta to iOS 26

Beta Reminders

‌iOS 27‌ is still very much a beta, and this is not the final version of the software we'll see in September. Apple is still refining ‌Siri‌ AI and ‌Apple Intelligence‌ features, as well as addressing bugs and tweaking features.

iOS 27 Discussion and App Info

The iOS MacRumors forums are a good place to discuss ‌iOS 27‌ features and take a look at what people are saying about the software's stability.

There's a list of working and non-working apps on the forums if you want to see what you might miss out on, and a helpful discussion on how people are using ‌Siri‌ AI.

We also have a full iOS 27 roundup with more detail on what's new in the update.Related Roundups: iOS 27, iPadOS 27
This article, "iOS 27 Public Beta Is Here: 10 New Features Worth Testing" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple is adding a new warning about malicious iMessages in iOS 26.6, according to X user @limpless_skelly, who shared a mockup of the notification.


The pop-up will warn users that a message could be trying to harm their iPhone or compromise their privacy. Apple asks users to share the message so it can guard against future attacks, and there are "Not Now," "Share With Apple," and "Don't Report" options to tap. Not Now likely causes the pop-up to surface again at a later time.


The actual alert hasn't been seen yet, but code in iOS 26.6 beta 5 confirms that it is indeed in the beta. It's not yet clear what messages will cause it to appear, but it could be a response to sophisticated exploits and phishing attempts in the Messages app. Apple added a "BlastDoor" sandbox security system to Messages in iOS 14, but in 2021, there was a zero-click iMessage exploit that was able to circumvent it and install spyware on the target device. Apple has since added Lockdown Mode and iMessage Contact Key Verification for extra security, along with spam message filtering.

Unfortunately, the alert looks similar to some of the fake scam pop-ups that show up in Safari, which could confuse iPhone users.

Apple has released five betas of iOS 26.6 so far, and it's nearing a public launch. We're expecting the update to come out sometime around the end of July.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "iOS 26.6 Will Warn You About Malicious iMessages" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today released the first public beta of macOS Golden Gate, expanding the macOS 27 beta test to non-developers. You can sign up to test the update on Apple's beta website, and then download it by going to System Settings > General > Software Update and toggling on the macOS 27 beta.


‌macOS Golden Gate‌ includes the same Siri AI features as iOS 27 and iPadOS 27, but you get to ‌Siri‌ through Spotlight with a Command + Space keyboard shortcut. ‌Siri‌ can search the web to answer questions, look through your personal data like photos, emails, and messages to help you find what you're searching for, and complete actions in and between apps. There is a dedicated ‌Siri‌ app, and you can hold ongoing conversations with ‌Siri‌.

Apple brought Visual Intelligence to the Mac, so ‌Siri‌ can look at what's on your screen and answer questions about it.

The Liquid Glass design introduced last year has been updated, and Apple added a slider for controlling overall system transparency. Liquid Glass opacity has been changed so it better diffuses complex content, and other design changes bring more depth and separation to the UI so it's easier to tell which window is active.

Apps now feature uniform toolbars with headings and controls that are easier to read, and windows no longer have such dramatically rounded corners. Sidebars are no longer floating and extend edge-to-edge, plus window positioning is more consistent across external displays.

Write with ‌Siri‌ is able to generate text from scratch, correct your grammar, or give you feedback on your writing, and there are new AI editing tools in the Photos app. In Shortcuts, you can create automations with natural language requests, and search has been improved in Mail and Messages. Apple made multiple performance improvements across ‌macOS Golden Gate‌ for a faster, smoother experience even on older Macs.

More on the new features in macOS 27 can be found in our macOS Golden Gate roundup.Related Roundup: macOS Golden Gate
This article, "First macOS Golden Gate Public Beta Now Available" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today released the first public betas of iOS 27 and iPadOS 27, allowing anyone with a compatible device to download and test the new software.

Subscribe to the MacRumors YouTube channel for more videos.
You can get started by signing up on Apple's beta website and then opting in to the public beta by going to Settings > General > Software Update and choosing the ‌iOS 27‌ or ‌iPadOS 27‌ Public Beta option. Today's public beta is identical to the third developer beta, and there's also a newly revised ‌iPadOS 27‌ third beta available for developers.

‌iOS 27‌ introduces Siri AI, a more capable version of ‌Siri‌ that can search the web, access your personal information, see what's on your screen, and take actions in and across apps. ‌Siri‌ in ‌iOS 27‌ is more similar to Claude or ChatGPT than the prior version of ‌Siri‌, with a dedicated ‌Siri‌ app for back-and-forth conversations. You can use ‌Siri‌ AI if you have a device that supports Apple Intelligence.

Apple updated the Liquid Glass design that debuted last year, adding a slider to adjust the transparency level and refining its look. There are new AI features in many of Apple's apps. Visual Intelligence moved to the Camera app and supports new features like getting the nutritional information for a meal or splitting a bill, and ‌Siri‌ is able to generate text for you or help you refine your writing with Write with ‌Siri‌.

There are new AI photo editing tools in the Photos app, Safari can organize your tabs automatically, and you can create Shortcuts and Safari extensions using natural language commands. AirPods have custom EQ, the Home app supports 4K video cameras, and there are new child safety controls for parents.

Apple made dozens of improvements to device performance, and everything feels faster, even on older iPhones. Apps launch quicker, AirDrop transfers are faster, the keyboard loads quicker, and more.

Additional information on the new features in ‌iOS 27‌ can be found in our dedicated iOS 27 roundup, with info on ‌iPadOS 27‌ available in our separate iPadOS 27 roundup.Related Roundups: iOS 27, iPadOS 27
This article, "iOS 27 and iPadOS 27 Now Available to Public Beta Testers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today released the first public beta of watchOS 27, giving Apple Watch users a chance to try the new software ahead of its fall launch.


You can sign up for Apple's public beta testing program on the beta website, and then download the updates through the Apple Watch app on the iPhone. Today's public beta is the same as the third developer beta released last week.

‌watchOS 27‌ adopts Siri AI, and you can use ‌Siri‌ from your wrist as long as you have an iPhone that supports it. ‌Siri‌ AI can access your personal information, answer all kinds of questions, and complete tasks for you. There is a dedicated ‌Siri‌ app that's front and center on the watch in the new dynamic app grid that comes up when pressing the Digital Crown.

There's a new gesture for selecting a widget in the Smart Stack, plus Apple added Smart Stack suggestions for finding a parked car, accessing a transit card, and getting a birthday reminder.

Workout Buddy works without your iPhone nearby, treadmill run and walk distances are tracked more accurately, and Apple added a unified Find My app that also supports Precision Finding.

More on what's new in the updates can be found in our watchOS 27 roundup.Related Roundups: Apple TV, watchOS 26, watchOS 27Buyer's Guide: Apple TV (Don't Buy)Related Forums: Apple TV and Home Theater, Apple Watch
This article, "watchOS 27 Now Available to Public Beta Testers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today seeded the fifth betas of upcoming iOS 26.6 and iPadOS 26.6 updates to developers for testing purposes, with the software coming a week after Apple seeded the fourth betas.


Registered developers can download the betas from the Settings app on the iPhone or iPad by going to the General section and selecting Software Update.

With iOS 27 set to launch in September, Apple is wrapping up work on iOS 26. We are not expecting any major new features in the iOS 26.6 update, and it will primarily focus on bug fixes and performance improvements.

The update adds new wording around blocked contact limits, letting users know when they have exceeded the maximum number of blocked contacts. The update might also include a new anti-snatching feature that locks your iPhone if it's grabbed from your hand.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "Apple Seeds Fifth iOS 26.6 and iPadOS 26.6 Betas to Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today provided the fifth beta of an upcoming macOS Tahoe 26.6 update to developers for testing purposes, with the update coming a week after Apple seeded the fourth beta.


Developers can download the ‌macOS Tahoe‌ 26.6 update by opening up the System Settings app, selecting the General category, and then choosing Software Update. Beta Updates will need to be enabled, and a free developer account is required.

With macOS Golden Gate launching in just a couple months, Apple is likely focusing most of its attention on the new software. We are not expecting any major new features in ‌macOS Tahoe‌ 26.6.Related Roundup: macOS TahoeRelated Forum: macOS Tahoe
This article, "Fifth macOS Tahoe 26.6 Beta Now Available for Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today provided developers with the fifth betas of upcoming watchOS 26.6, tvOS 26.6, and visionOS 26.6 betas for testing purposes. The software comes a week after Apple seeded the fourth betas.


The software updates are available through the Settings app on each device, and because these are developer betas, a free developer account is required.

There's no word on what's in the software as of yet. watchOS, tvOS, and visionOS often get few features in each new beta, with updates primarily focusing on bug fixes and performance improvements.Related Roundups: Apple TV, Apple Vision Pro, watchOS 26, watchOS 27Buyer's Guide: Apple TV (Don't Buy), Vision Pro (Neutral)Related Forums: Apple TV and Home Theater, Apple Vision Pro, Apple Watch
This article, "Apple Releases Fifth watchOS 26.6, tvOS 26.6 and visionOS 26.6 Betas" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
OpenAI's ambitions to build a hardware rival to the iPhone are already running into trouble because of Apple's trade secret lawsuit, according to Bloomberg's Mark Gurman, who argues the damage is showing up well before any court ruling.


Apple sued OpenAI last week, accusing the company of pushing former employees, and even people it was trying to recruit, to hand over details on unreleased products. The suit also claims OpenAI coached new hires on how to dodge Apple's exit-interview security checks using a document tied to former iPhone design chief Tang Tan. Apple is asking the court to order OpenAI to stop the alleged conduct, destroy any proprietary material it obtained, and pay damages.

A courtroom resolution could take years, Gurman says, but he argues the suit is doing damage now, squeezing OpenAI's ability to recruit and creating drag on its device work long before a judge weighs in. OpenAI has declined to discuss its hardware roadmap directly, though in response to the suit the company said it has "no interest in other companies' trade secrets" and remains focused on its own technology.

The scale of the talent drain is a major part of why this matters to Apple. More than 400 former Apple employees now work at OpenAI, including former Apple design chief Jony Ive, and Gurman says the company poached so heavily from Apple's iPhone product design group specifically that Apple had to rebuild parts of the team. Apple has responded with bigger retention bonuses and executives personally working to keep engineers from leaving.

The trade secret situation has apparently become one of Apple's biggest internal concerns of the past several months, ranking alongside tariff exposure and the ongoing memory chip shortage. In its own court filing, Apple frames the case as narrowly about trade secrets and describes OpenAI's hardware business as still nascent, arguing that discovery is needed to expose "the pervasive theft of Apple's trade secrets."

The lawsuit is said to already be reshaping OpenAI's hiring, independent of anything a court eventually decides. Apple employees weighing a move to OpenAI may now think twice given the added scrutiny, and even interviewing there could draw attention from Apple's security team, which could keep more engineers at Apple and slow the flow of institutional knowledge to OpenAI.

Former Apple employees are likely to grow more guarded about discussing prior work, with managers avoiding technical questions that risk touching Apple's confidential information. New legal reviews, tighter internal controls, and compliance training could pull engineers away from actual development, while senior OpenAI leadership spends time on discovery and depositions.

Given Apple's leverage over Asia's consumer electronics manufacturers, suppliers may be reluctant to deepen ties with OpenAI for fear of jeopardizing bigger, longer-standing relationships with Apple or getting pulled into the litigation themselves.

Bloomberg Intelligence wrote that "Apple is likely to secure targeted preliminary relief tied to OpenAI's device effort." Any such order would likely require disputed materials to be isolated, evidence preserved, and compliance certified, which could slow OpenAI's hardware plans further. In the longer term, if Apple can prove its trade secrets made it into OpenAI's products, OpenAI could be forced to redesign them.

Regardless, a person familiar with OpenAI's plans told Gurman the company still expects to announce its first hardware product this year and release it in 2027, though that could shift as OpenAI reviews Apple's claims. That device is reportedly far along, but building out a wider family of products, the kind Bloomberg previously described as central to OpenAI's device ambitions, will likely get harder. OpenAI has reportedly explored categories including smart speakers and wearables with an iPhone-style device as the eventual goal, but a simpler, non-phone product is expected to ship first.Tags: Bloomberg, Apple Lawsuits, Mark Gurman, OpenAI
This article, "Report: Apple's OpenAI Lawsuit Threatens iPhone Rival Plans" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That's supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don't file tickets. That's the shape of this week. Trusted code turns on the people who installed it. Old bugs from last year are still landing because the fix sat in a queue tooView the full article
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a recent data leak in which a contractor published dozens of internal CISA credentials — including AWS Govcloud keys — in a public GitHub repository for almost six months before being notified by KrebsOnSecurity. Experts say the gaps identified in the agency’s initial response provide important lessons that all security teams should absorb.

On May 15, 2026, the security firm GitGuardian asked for help in notifying CISA about the existence of a public GitHub repository called “Private CISA” that included 844 MB of sensitive CISA-related data. One of the exposed files, titled “importantAWStokens,” included the administrative credentials to three Amazon AWS GovCloud servers. Another file — “AWS-Workspace-Firefox-Passwords.csv” — listed plaintext usernames and passwords for dozens of internal CISA systems.
CISA quickly acknowledged our initial alert, but took more than 48 hours to invalidate the AWS keys and many other important secrets leaked in the GitHub repo. In its report on the data leak, CISA said the complexities of the agency’s systems and interconnections with federal and industry partners caused its key rotation to take longer than anticipated.
“Drawing on this experience, CISA encourages others to maintain mature and well-tested key management capabilities,” the report notes.
CISA also admitted it can do better when it comes to responding to security incident notifications from external parties. The postmortem stresses that clear and distinct reporting channels are essential to ensure that incidents affecting the organization itself are handled differently from those involving its products or customers.
“In CISA’s case, these channels were not well defined, leading the security researcher to try multiple avenues – including emailing the contractor, submitting through CISA’s vulnerability disclosure platform (which is intended for vulnerabilities impacting the broader cybersecurity community), and ultimately involving a reporter,” reads the analysis written by Preston Werntz and Brad Libbey, the acting chief information officer and acting chief information security officer at CISA, respectively.
CISA said it is refining its reporting channels to make them easier and faster for researchers. “Additionally, while many researchers rely on the security.txt file, organizations can ensure clarity by publishing reporting instructions in multiple prominent locations,” the CISA authors wrote.
Guillaume Valadon, the GitGuardian researcher who first contacted KrebsOnSecurity about the exposed CISA credentials, said CISA ignored nine automated alerts about the exposed credentials prior to our notification on May 15. Valadon’s company constantly scans public code repositories at GitHub and elsewhere for exposed secrets, automatically alerting the offending accounts of any apparent sensitive data exposures.
“Letting nine notification emails go unanswered is how a one-day incident becomes a six-month exposure,” Valadon wrote in an analysis of CISA’s report. “Make it trivial to report a leak about you, not just about your products. The person reporting a leak to you is not the threat. Publish a security.txt, but do not stop there. Put reporting instructions in several prominent places, and make sure a report about your own infrastructure does not land in a product-bug queue.”
The report’s authors also emphasized the importance of continuously scanning public code repositories like GitHub for exposed secrets, and said CISA has since rotated all secrets and created an action plan to improve management of developer secrets and to better monitor for them going forward.
The report notes that while CISA had developed a playbook for responding to cybersecurity incidents, that playbook somehow didn’t include what to do in situations involving GitHub or other cloud services. Valadon said the report validates the need to scan continuously — not just quarterly — for exposed secrets.
“The Private-CISA repository sat public for six months,” Valadon wrote. “Continuous monitoring of public GitHub surfaced it. Comprehensive internal scanning could have caught the plaintext passwords and committed backups long before they left the building.”
CISA gave itself passing grades on several areas of security preparedness that it said helped the agency gauge the scope and impact of the exposed secrets, including enhanced logging capabilities, and the adoption of zero-trust principles in both its production and development systems. CISA said those detailed logs allowed it to show that no customer or mission data was exposed, and that the leaked credentials were not used outside of CISA’s environments. The agency said the contractor who exposed the secrets had their system access revoked.
Valadon reckons the biggest takeaway is the CISA postmortem itself, and praised the agency for being transparent about what worked and what didn’t.
“To my knowledge, it is also the first time a national cybersecurity agency has publicly advocated for secrets scanning and for simplifying relations with security researchers,” Valadon wrote. “That is exactly the incident communication we should expect from every organization.”
View the full article
Apple captured a record 20% share of the global smartphone market in the second quarter of 2026, even as worldwide shipments fell 4% year-over-year amid an ongoing memory chip shortage, according to a new report from Omdia.


It is Apple's best second-quarter showing on record, landing in what is normally its slowest stretch of the year. Omdia credits this to a strong iPhone 17 upgrade cycle, as well as Apple keeping prices flat across the lineup while rivals were forced to raise theirs. The firm still flagged that Apple raised prices on other products late in the quarter, which raises the question of whether iPhone pricing will follow suit later this year.

The wider industry slump traces back to a memory chip shortage that has pushed component costs sharply higher, with some vendors reportedly paying several times more for memory than a year ago. Samsung was the only other major vendor to grow, holding the top overall spot at 22% share as Chinese competitors pulled back their lineups and raised prices to cope.

Omdia expects the squeeze to worsen over the next two quarters as peak shopping season collides with tight supply, pushing vendors further upmarket to protect margins. That is expected to leave fewer affordable options for budget buyers, and adds another data point to observe as Apple heads into an iPhone 18 cycle already facing rising component costs of its own.Tag: Omdia
This article, "Apple's Steady iPhone Pricing Pays Off as Rivals Scramble" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
In March, Apple informed the EU that it had agreed to acquire certain assets and hire employees from SigScalr, according to a notice published today on the European Commission's website.

SigScalr created the open-source observability platform SigLens, which companies can use to aggregate and analyze logs, metrics, and traces at massive scales for monitoring and debugging purposes. SigLens was known for being a cost-effective and fast solution compared to many competing platforms.Tag: Apple Acquisition
This article, "Apple Acquiring SigScalr" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false "fact" about the user, hide the change, and quietly steer its answers in later sessions. When it works, the person reads an ordinary-looking reply and never learns their assistant was tampered with. TheView the full article
Amazon this week has low prices on the Apple Watch Series 11, with $100 discounts across numerous models of the smartwatch. This sale includes a handful of 42mm and 46mm GPS aluminum models, but cellular devices are a bit more rare this time around.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

You can get the 42mm GPS Apple Watch Series 11 for $299.00, down from $399.00, and the 46mm GPS model for $329.00, down from $429.00. On Amazon, you'll find four of the 42mm GPS models and three of the 46mm GPS models on sale at these all-time low prices.

$100 OFFApple Watch Series 11 (42mm GPS) for $299.00
$100 OFFApple Watch Series 11 (46mm GPS) for $329.00

Compared to past sales, these are both solid second-best prices on the Apple Watch Series 11 and come within $20-$30 of those previous all-time low prices. Head to our full Deals Roundup to get caught up with all of the latest deals and discounts that we've been tracking over the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Missed the Last Apple Watch Sale? Series 11 Now $100 Off on Amazon" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple is developing a new API that will let third-party accessories, including Meta's Ray-Ban ‌Meta‌ glasses and Quest headsets, automatically pair across a user's Apple devices the same way AirPods and the Apple Watch do today, according to Apple's EU Interoperability Request page.


The plan responds to a request ‌Meta‌ filed in October 2025 under the EU's Digital Markets Act, asking Apple to let a ‌Meta‌ device, once paired with one iPhone or iPad, automatically become available on a user's other Apple devices without extra prompts. Third-party accessories have never been able to tap into that ability, meaning owning non-Apple hardware alongside an iPhone has always involved more friction. If Apple builds this out, that gap will close, at least for whichever manufacturers get access to the new API.

Apple told ‌Meta‌ on February 4 that it plans to let third-party apps access cryptographic materials that make a pairing completed on one Apple device usable on another, secured by a session key and a one-time, per-accessory user consent. Apple expects to finish development by spring 2027 and ship it "shortly thereafter," which points toward an iOS 27.x update, possibly iOS 27.4, though Apple has not yet confirmed a version.

The feature runs on AccessorySetupKit and Proximity Pairing, infrastructure Apple built to comply with a March 2025 European Commission ruling and which only works in the EU today, the same infrastructure behind the proximity pairing feature already live for EU users. ‌Meta‌ has objected that adopting it would force the company to abandon Core Bluetooth, which it relies on for pairing everywhere outside Europe, and has asked Apple to decouple the two. Apple has declined so far, though it told ‌Meta‌ that support outside the EU "is something we are still considering."

The request remains in phase three as of Apple's most recent update. ‌Meta‌ hasn't yet invoked the DMA's formal dispute resolution process, which would trigger a review by Apple's Interoperability Request Review Board within 30 working days. Until then, Apple's plan proceeds with a spring 2027 rollout tied to AccessorySetupKit, in the EU only.Related Roundup: AirPods 4Tags: European Union, MetaBuyer's Guide: AirPods (Caution)Related Forum: AirPods
This article, "Apple Plans AirPods-Like Pairing for Meta's Glasses and Quest" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, artificial intelligence (AI)-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts. Distributed via Telegram and costing $400 a month (or $3,800 per year), attack chains leverage phishingView the full article
Apple shares have rallied 15 percent since their worst day on the stock market in more than a year, adding almost $600 billion in value since June 25 and returning the stock to record territory (via Bloomberg).


The rebound comes as investors grow uneasy about the mind-boggling sums of cash continually being poured into the AI data center buildout, despite there being no obvious indicator for when investors will get a return on their investment.

Apple's decision to sit out the data center spending spree and instead pay Google for access to its frontier AI models is being increasingly seen by traders as an asset rather than a liability. Apple is using Google's Gemini to underpin the revamped version of Siri and new Apple Intelligence features across its platforms.

Apple's WWDC presentation last month of upcoming AI features in iOS 27 and macOS Golden Gate initially sent the stock lower, but it has since rebounded in impressive fashion.

The rally has occurred in spit of the fact that Apple is facing pressure from soaring memory chip costs, which was what prompted the company to raise prices on Macs, iPads, and its Home devices on June 25. That was the move that triggered the company's worst single-day stock drop since April 2025, with shares closing at $275.15. Apple's iPhone models were spared similar price hikes, but the company has hinted that further increases could follow.

Investors are also viewing Apple's upcoming foldable iPhone, expected in September, as a potential catalyst, according to Bloomberg. Nikkei reported earlier this month that Apple told suppliers to prepare for around 10 million units this year, up from a prior forecast of seven to eight million.

Apple shares are now up 16 percent in 2026, making it the best performer among the "Magnificent Seven" tech giants, which includes Microsoft, Amazon, Alphabet, Meta, Nvidia, and Tesla. AAPL closed at $315.32 on Friday, just shy of its all-time high of $317.40 set in early June.

In the coming days, MacRumors will be speaking with a prominent technology commentator about whether Apple's decision to avoid the AI data-center arms race is actually becoming a strategic advantage. Stay tuned.Tag: Bloomberg
This article, "Apple Stock Hits Record Territory as Traders Sour on AI Spending" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
RabbitMQ has patched two access control vulnerabilities affecting the widely used open-source message broker that could expose enterprise application data and, in some deployments, allow attackers to gain complete control over the messaging infrastructure.
The flaws, discovered by Miggo Security, exposed OAuth secrets to unauthenticated attackers, letting low-privileged users potentially spy on other tenants.
“RabbitMQ is the plumbing that moves data between services inside modern applications: orders, payments, authentication events, internal notifications,” Miggo researchers explained in a report shared with CSO ahead of its publication on Monday. “RabbitMQ is downloaded more than 15 million times a year, and the scale makes it a high-value target.”
Affecting RabbitMQ releases dating back to version 3.13.0, introduced in early 2024, the flaws have now been fixed in all supported versions.
Obsolete endpoint leaked OAuth configurations
The more severe issue, tracked as CVE-2026-57219, allows anyone with network access to RabbitMQ’s management interface to receive the broker’s OAuth client secret without authentication.
The flaw stems from an obsolete management endpoint “GET/api/auth” that returned RabbitMQ’s OAuth configuration, which includes the broker’s confidential OAuth client secret, to anyone who queried it. In deployments using confidential OAuth clients with providers such as Microsoft Entra ID, Auth0, Keycloak, or UAA, attackers could exchange the leaked secret for an administrator token and gain complete control over the broker.
The problem was assigned a high severity score of CVSS 8.7 out of 10, and was fixed in the versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6.
RabbitMQ reportedly addressed the issue by removing the obsolete endpoint altogether, instead delivering OAuth configuration through an authenticated bootstrap mechanism that no longer exposes the client secret over HTTP.
According to Miggo, successful exploitation could allow attackers to access or modify messages, create users, alter broker configuration, and effectively compromise the messaging layer supporting enterprise applications. The company recommended organizations to upgrade immediately, rotate any exposed OAuth client secrets after patching, and ensure the management interface is never exposed to untrusted networks.
Broadcom, whose Tanzu division maintains RabbitMQ, did not immediately respond to CSO’s request for comment.
Authorization bypass for reconnaissance
The second vulnerability, CVE-2026-57221, is an authorization bypass affecting RabbitMQ’s passive queue and exchange declaration operations.
Although attackers need valid credentials for exploitation, even accounts with no assigned permissions can discover whether queues and exchanges exist and retrieve metadata such as message counts and active consumers because the permission check is skipped.
Miggo noted the flaw does not expose message contents or allow tampering, but it can leak valuable operational intelligence in shared environments. Attackers could map applications, monitor workload activity, and gather reconnaissance for subsequent attacks against other tenants sharing the same virtual host, the researchers added.
RabbitMQ fixed the issue by ensuring passive queue and exchange declarations now enforce the same authorization checks as other operations. Because there is no configuration workaround or WAF mitigation for this flaw, organizations were advised to upgrade to a patched release and isolate tenants into separate virtual hosts until patching can be completed.
Miggo said the vulnerabilities are the first CVEs discovered by its autonomous security research platform, VulnHunter, before being validated by its security team and disclosed to RabbitMQ maintainers, who reportedly confirmed the issues and released patches.
View the full article
RabbitMQ has patched two access control vulnerabilities affecting the widely used open-source message broker that could expose enterprise application data and, in some deployments, allow attackers to gain complete control over the messaging infrastructure.
The flaws, discovered by Miggo Security, exposed OAuth secrets to unauthenticated attackers, letting low-privileged users potentially spy on other tenants.
“RabbitMQ is the plumbing that moves data between services inside modern applications: orders, payments, authentication events, internal notifications,” Miggo researchers explained in a report shared with CSO ahead of its publication on Monday. “RabbitMQ is downloaded more than 15 million times a year, and the scale makes it a high-value target.”
Affecting RabbitMQ releases dating back to version 3.13.0, introduced in early 2024, the flaws have now been fixed in all supported versions.
Obsolete endpoint leaked OAuth configurations
The more severe issue, tracked as CVE-2026-57219, allows anyone with network access to RabbitMQ’s management interface to receive the broker’s OAuth client secret without authentication.
The flaw stems from an obsolete management endpoint “GET/api/auth” that returned RabbitMQ’s OAuth configuration, which includes the broker’s confidential OAuth client secret, to anyone who queried it. In deployments using confidential OAuth clients with providers such as Microsoft Entra ID, Auth0, Keycloak, or UAA, attackers could exchange the leaked secret for an administrator token and gain complete control over the broker.
The problem was assigned a high severity score of CVSS 8.7 out of 10, and was fixed in the versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6.
RabbitMQ reportedly addressed the issue by removing the obsolete endpoint altogether, instead delivering OAuth configuration through an authenticated bootstrap mechanism that no longer exposes the client secret over HTTP.
According to Miggo, successful exploitation could allow attackers to access or modify messages, create users, alter broker configuration, and effectively compromise the messaging layer supporting enterprise applications. The company recommended organizations to upgrade immediately, rotate any exposed OAuth client secrets after patching, and ensure the management interface is never exposed to untrusted networks.
Broadcom, whose Tanzu division maintains RabbitMQ, did not immediately respond to CSO’s request for comment.
Authorization bypass for reconnaissance
The second vulnerability, CVE-2026-57221, is an authorization bypass affecting RabbitMQ’s passive queue and exchange declaration operations.
Although attackers need valid credentials for exploitation, even accounts with no assigned permissions can discover whether queues and exchanges exist and retrieve metadata such as message counts and active consumers because the permission check is skipped.
Miggo noted the flaw does not expose message contents or allow tampering, but it can leak valuable operational intelligence in shared environments. Attackers could map applications, monitor workload activity, and gather reconnaissance for subsequent attacks against other tenants sharing the same virtual host, the researchers added.
RabbitMQ fixed the issue by ensuring passive queue and exchange declarations now enforce the same authorization checks as other operations. Because there is no configuration workaround or WAF mitigation for this flaw, organizations were advised to upgrade to a patched release and isolate tenants into separate virtual hosts until patching can be completed.
Miggo said the vulnerabilities are the first CVEs discovered by its autonomous security research platform, VulnHunter, before being validated by its security team and disclosed to RabbitMQ maintainers, who reportedly confirmed the issues and released patches.
View the full article
Meta has filed a patent application for an AI that listens to your voice throughout the day, works out how it thinks you are feeling from the way you sound, and keeps a timestamped log of every read. Each read gets pinned to the moment it happened: the time, your location, what you were doing, even how you were using your phone. Some versions in the filing would listen all day; others wouldView the full article
A few days ago, I was sitting with the CISO of a Fortune 50 company, walking through how his security team was thinking about AI agents in the SOC. Smart team. Serious program. They had already connected Claude to a few detection tools and were seeing real value in specific investigations. But as we mapped out the broader architecture, something kept nagging at me. The design they were buildingView the full article
Remember that new feature Meta announced last week that let people use public Instagram posts and reels to generate AI content? It didn't last long. Meta pulled the feature from Instagram late on Friday, following widespread criticism over privacy concerns.

"Our intent was to provide a useful creative tool and to give people control over whether their public ​content could be referenced in this way," Meta said in a statement. "We've ​heard the feedback that this feature missed the mark, so ⁠it's no longer available," the company added.Tag: Meta
This article, "Meta Pulls AI Image Feature From Instagram Days After Launch" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Cybersecurity researchers have flagged an intrusion in which an unknown threat actor leveraged a vibe-coded PowerShell script for Active Directory (AD) enumeration. "The script looked for the Domain Controller (DC) and mapped users, computers, and domains, before creating a directory and exporting out a number of files, and finally creating AD_Report.html to measure the success of theView the full article
Google today announced that Waze is getting a handful of new features, including some Gemini-powered personalization enhancements for Conversational Reporting.


Conversational Reporting already uses Gemini when users report traffic incidents like slowdowns, but now you can use it to suggest map updates like road closures or outdated addresses. Saying something like "The road is closed here" will prompt Waze to send the information to local map editors, who then verify the suggestion and update the map for everyone.

Google says reporting road updates conversationally is rolling out now globally on iOS and Android.

Elsewhere, Gemini is being recruited in Waze to help users who know what they need to get, but don't know where to get it. Before navigating somewhere, you can tap the search voice icon to ask questions like "Find me a coffee shop that's open right now," "Find me parking close to Grand Mall" or something more specific like "Find me a gas station nearby with the lowest prices." Google says Waze will respond with a list of options that you can navigate using your voice.
The feature is also rolling out worldwide now on all platforms.

In addition, Waze is getting an option to adjust to a "less chatty" mode for voice prompts, so that interacting with the app's driving directions doesn't intrude as much on a driver's music or podcast listening.

Waze is also getting a new Motorcycle Mode that includes two-wheeled shortcuts and more accurate ETAs for more optimal routing.


Lastly, Waze will now suggest routes based on your previous trips, augmenting its hyperlocal understanding of a city's traffic patterns. So if you prefer driving on highways over local streets with multiple stops, you'll see those suggested first. It's an optional setting that can be toggled on or off, and it's rolling out now in Argentina, Brazil, Colombia, Malaysia, Mexico, Peru and the Philippines on Android and iOS, with more countries coming soon.Tag: Waze
This article, "5 New Waze Features Rolling Out Now: Here Are All the Details" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Jurassic Park wasn’t really about dinosaurs.
It was about arrogant people building systems they believed were controllable.
“Life finds a way” is probably the most famous line from the entire franchise. Ian Malcolm’s warning that no matter how sophisticated the technology becomes, no matter how expensive the fences are, and no matter how confident the operators feel, nature eventually escapes containment.
And in every movie, it does.
The dinosaurs always get out. The systems fail. Eventually, the humans lose control.
What makes Jurassic Park fascinating is that despite advanced monitoring, complex containment systems and sophisticated operational controls, the outcome never really changes. At its core, the story is about people mistaking visibility for control.
Cybersecurity has the same problem.
For years, security teams have operated under the assumption that with enough tooling, governance, process, maturity and spend, we can build environments that are effectively secure. Maybe not perfect, but secure enough that compromise becomes rare and manageable.
But attackers find a way.
Given enough time, skill or motivation, they eventually identify the weakness nobody considered. The overlooked privilege. The dependency nobody mapped. The misconfiguration hiding behind layers of dashboards, process, and compliance reporting.
We are already seeing this play out. Nation-state attacks are becoming increasingly sophisticated, while AI-driven exploit discovery is beginning to compress vulnerability research from weeks into minutes.
The raptors are learning faster now.
Mistaking visibility for control
That does not mean prevention no longer matters. The fences in Jurassic Park still slowed the dinosaurs down. They created friction. They reduced exposure. Modern security controls do the same thing.
But the failure in Jurassic Park was never simply that the fences broke.
It was that the entire system assumed the fences represented certainty.
Cybersecurity often makes the same mistake.
The industry has become incredibly good at demonstrating preparedness in controlled environments. Dashboards. Compliance reports. Tabletop exercises. RTO metrics. Recovery attestations.
Jurassic Park had dashboards too.
The problem is that visibility is often mistaken for survivability. Organizations can prove they monitored the environment, documented the process, and ran the exercise, while still having very little confidence that the business could continue operating during a genuine systemic failure.
Most organizations still operate with an implicit belief that compromise is exceptional rather than inevitable. Disaster recovery plans, business continuity workshops, and annual tabletop exercises are treated as evidence of resilience. In reality, many of them are carefully controlled simulations of a world that no longer exists.
Traditional disaster recovery was designed for an era where infrastructure changed slowly, applications were relatively static, and dependencies were limited enough that recovery assumptions could remain valid for months or even years.
That world is gone. AI killed it.
Environments now evolve constantly. Cloud infrastructure changes daily. AI-assisted development accelerates release cycles. Applications rely on sprawling third-party ecosystems. APIs connect systems in ways many organizations do not fully understand. Entire workloads appear and disappear dynamically.
The environment you tested last quarter may no longer exist today.
And yet many resilience programs still operate as if annual or quarterly testing provides meaningful confidence.
Most companies do not really test resilience.
They test optimism.
The backup fallacy
And nowhere is this overconfidence more obvious than backups.
Somewhere along the way, organizations confused “having backups” with “being resilient.” Those are not remotely the same thing.
A backup simply proves you stored a copy of something at a specific point in time. It does not prove you can survive.
Most recovery models were designed in the late 90s and early 2000s for relatively static systems and predictable infrastructure. The core philosophy has barely evolved since then, even as environments have become increasingly distributed, ephemeral, and interconnected.
Restoring data is not the same as restoring operations.
Restoring infrastructure is not the same as restoring business functionality. Modern application are complex and rely on ephemeral elements, third party components and applications as well as complex data flows not just data sets.
Very few organizations continuously validate whether they can recover full feature-function applications, maintain operational workflows, preserve data integrity, reconnect dependencies, restore permissions correctly, or continue operating under active attack conditions.
We built incredibly sophisticated telemetry for understanding how we die.
We built almost none for proving we can survive.
That gap is becoming impossible to ignore.
The recent rise of continuous resilience testing and recovery validation is not accidental. It reflects a growing realization that recovery assumptions themselves may no longer be trustworthy.
Static resilience models are struggling to survive dynamic infrastructure.
This is where resilience starts becoming an engineering problem rather than a compliance exercise.
When restoration assumptions fail
Because the real question is no longer, “How quickly can we restore the application?”
The real question is, “What happens if we cannot restore it?”
Jurassic Park repeatedly explored exactly this scenario. The real panic never started when the fences failed. It started when the operators realized they could not regain control quickly enough.
Businesses now face the same risk.
What happens if AWS experiences a prolonged outage? What happens if Azure Identity Services fail globally? What happens if Stripe, Salesforce, Slack, or Microsoft 365 disappear for days rather than hours?
Many organizations do not actually have business continuity strategies for those situations.
They have restoration assumptions.
Twenty years ago, most organizations directly owned large portions of their operational stack. Today, companies increasingly rent critical business capability from a relatively small number of providers.
Identity. Infrastructure. Communications. Payments. Collaboration. Customer operations.
The efficiency gains are enormous.
So is the concentration risk.
Resilience as an engineering discipline
Historically, business continuity planning assumed localized disruption. A building burned down. A regional data center failed. A storm impacted an office. The internet itself was not the dependency.
Today, entire businesses are built on tightly interconnected SaaS and cloud ecosystems where operational survivability depends on third parties remaining continuously available.
We optimized organizations for efficiency, automation, integration, and scale.
Not necessarily survivability.
That is why resilience needs to evolve beyond annual tabletop exercises and static recovery plans.
True resilience is not a binder sitting on a shelf. It is not a workshop performed once a year. It is not a recovery document written against an environment that changed six months ago.
It is a continuous understanding of the environment itself.
It requires live telemetry, operational visibility, dependency awareness, continuous validation, and the ability to adapt under changing conditions.
Adapting to chaos
The survivors in Jurassic Park only succeeded once they stopped pretending the environment was fully controllable and instead adapted to the reality in front of them.
Cybersecurity needs to make the same shift.
Attackers will keep adapting.
AI will accelerate faster than most governance models can handle.
Complexity will continue to outpace our assumptions about control.
The organizations that survive will not necessarily be the ones with the tallest fences. They will be the ones who understand their environments deeply enough to continue operating when control is lost.
The goal was never to eliminate chaos.
It was to survive long enough to adapt to it.
Because resilience is not about preventing chaos.
It is about operating through it.
Because eventually, one way or another, life finds a way.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
Jurassic Park wasn’t really about dinosaurs.
It was about arrogant people building systems they believed were controllable.
“Life finds a way” is probably the most famous line from the entire franchise. Ian Malcolm’s warning that no matter how sophisticated the technology becomes, no matter how expensive the fences are, and no matter how confident the operators feel, nature eventually escapes containment.
And in every movie, it does.
The dinosaurs always get out. The systems fail. Eventually, the humans lose control.
What makes Jurassic Park fascinating is that despite advanced monitoring, complex containment systems and sophisticated operational controls, the outcome never really changes. At its core, the story is about people mistaking visibility for control.
Cybersecurity has the same problem.
For years, security teams have operated under the assumption that with enough tooling, governance, process, maturity and spend, we can build environments that are effectively secure. Maybe not perfect, but secure enough that compromise becomes rare and manageable.
But attackers find a way.
Given enough time, skill or motivation, they eventually identify the weakness nobody considered. The overlooked privilege. The dependency nobody mapped. The misconfiguration hiding behind layers of dashboards, process, and compliance reporting.
We are already seeing this play out. Nation-state attacks are becoming increasingly sophisticated, while AI-driven exploit discovery is beginning to compress vulnerability research from weeks into minutes.
The raptors are learning faster now.
Mistaking visibility for control
That does not mean prevention no longer matters. The fences in Jurassic Park still slowed the dinosaurs down. They created friction. They reduced exposure. Modern security controls do the same thing.
But the failure in Jurassic Park was never simply that the fences broke.
It was that the entire system assumed the fences represented certainty.
Cybersecurity often makes the same mistake.
The industry has become incredibly good at demonstrating preparedness in controlled environments. Dashboards. Compliance reports. Tabletop exercises. RTO metrics. Recovery attestations.
Jurassic Park had dashboards too.
The problem is that visibility is often mistaken for survivability. Organizations can prove they monitored the environment, documented the process, and ran the exercise, while still having very little confidence that the business could continue operating during a genuine systemic failure.
Most organizations still operate with an implicit belief that compromise is exceptional rather than inevitable. Disaster recovery plans, business continuity workshops, and annual tabletop exercises are treated as evidence of resilience. In reality, many of them are carefully controlled simulations of a world that no longer exists.
Traditional disaster recovery was designed for an era where infrastructure changed slowly, applications were relatively static, and dependencies were limited enough that recovery assumptions could remain valid for months or even years.
That world is gone. AI killed it.
Environments now evolve constantly. Cloud infrastructure changes daily. AI-assisted development accelerates release cycles. Applications rely on sprawling third-party ecosystems. APIs connect systems in ways many organizations do not fully understand. Entire workloads appear and disappear dynamically.
The environment you tested last quarter may no longer exist today.
And yet many resilience programs still operate as if annual or quarterly testing provides meaningful confidence.
Most companies do not really test resilience.
They test optimism.
The backup fallacy
And nowhere is this overconfidence more obvious than backups.
Somewhere along the way, organizations confused “having backups” with “being resilient.” Those are not remotely the same thing.
A backup simply proves you stored a copy of something at a specific point in time. It does not prove you can survive.
Most recovery models were designed in the late 90s and early 2000s for relatively static systems and predictable infrastructure. The core philosophy has barely evolved since then, even as environments have become increasingly distributed, ephemeral, and interconnected.
Restoring data is not the same as restoring operations.
Restoring infrastructure is not the same as restoring business functionality. Modern application are complex and rely on ephemeral elements, third party components and applications as well as complex data flows not just data sets.
Very few organizations continuously validate whether they can recover full feature-function applications, maintain operational workflows, preserve data integrity, reconnect dependencies, restore permissions correctly, or continue operating under active attack conditions.
We built incredibly sophisticated telemetry for understanding how we die.
We built almost none for proving we can survive.
That gap is becoming impossible to ignore.
The recent rise of continuous resilience testing and recovery validation is not accidental. It reflects a growing realization that recovery assumptions themselves may no longer be trustworthy.
Static resilience models are struggling to survive dynamic infrastructure.
This is where resilience starts becoming an engineering problem rather than a compliance exercise.
When restoration assumptions fail
Because the real question is no longer, “How quickly can we restore the application?”
The real question is, “What happens if we cannot restore it?”
Jurassic Park repeatedly explored exactly this scenario. The real panic never started when the fences failed. It started when the operators realized they could not regain control quickly enough.
Businesses now face the same risk.
What happens if AWS experiences a prolonged outage? What happens if Azure Identity Services fail globally? What happens if Stripe, Salesforce, Slack, or Microsoft 365 disappear for days rather than hours?
Many organizations do not actually have business continuity strategies for those situations.
They have restoration assumptions.
Twenty years ago, most organizations directly owned large portions of their operational stack. Today, companies increasingly rent critical business capability from a relatively small number of providers.
Identity. Infrastructure. Communications. Payments. Collaboration. Customer operations.
The efficiency gains are enormous.
So is the concentration risk.
Resilience as an engineering discipline
Historically, business continuity planning assumed localized disruption. A building burned down. A regional data center failed. A storm impacted an office. The internet itself was not the dependency.
Today, entire businesses are built on tightly interconnected SaaS and cloud ecosystems where operational survivability depends on third parties remaining continuously available.
We optimized organizations for efficiency, automation, integration, and scale.
Not necessarily survivability.
That is why resilience needs to evolve beyond annual tabletop exercises and static recovery plans.
True resilience is not a binder sitting on a shelf. It is not a workshop performed once a year. It is not a recovery document written against an environment that changed six months ago.
It is a continuous understanding of the environment itself.
It requires live telemetry, operational visibility, dependency awareness, continuous validation, and the ability to adapt under changing conditions.
Adapting to chaos
The survivors in Jurassic Park only succeeded once they stopped pretending the environment was fully controllable and instead adapted to the reality in front of them.
Cybersecurity needs to make the same shift.
Attackers will keep adapting.
AI will accelerate faster than most governance models can handle.
Complexity will continue to outpace our assumptions about control.
The organizations that survive will not necessarily be the ones with the tallest fences. They will be the ones who understand their environments deeply enough to continue operating when control is lost.
The goal was never to eliminate chaos.
It was to survive long enough to adapt to it.
Because resilience is not about preventing chaos.
It is about operating through it.
Because eventually, one way or another, life finds a way.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
Apple faced pressure from the White House to use Intel's chipmaking plants while it was negotiating relief from semiconductor tariffs last summer, reports The Wall Street Journal ($).


In August 2025, Apple CEO Tim Cook was in Washington to lobby the Trump administration to drop its proposed 100 percent tariff on semiconductor imports – a levy that would have raised costs across Apple's product line. Apple reportedly secured an exemption after pledging to invest hundreds of billions of dollars in the U.S., although many of those investments were already planned.

During the meetings, president Trump and commerce secretary Howard Lutnick are said to have urged Cook to use Intel's fabrication plants to make some of Apple's chips. The link between the tariff talks and the Apple-Intel deal had not been previously reported.

Almost a year later, Trump announced via his Truth Social platform that Apple would begin using Intel-made chips in some products. "We need to design and build our Chips right here in America," the president posted. The news sent Intel shares to record highs.

According to a person familiar with the negotiations cited by the WSJ, Apple plans to have Intel make chips for both Mac laptops and iPhones. The report doesn't say which chips or in what volume, and Apple is expected to remain reliant on Taiwan Semiconductor Manufacturing Company, or TSMC, for the majority of its custom silicon.

Apple hasn't looked to Intel as a supplier before, both because the chipmaker has trailed rivals like TSMC and Samsung and due to the rocky history between the two companies.

The report suggests the arrangement is part of a wider administration effort to prop up Intel, especially since the U.S. government converted $9 billion in federal grants into a 10 percent equity stake last year, making it the chipmaker's largest shareholder.

Nvidia and SpaceX have also signed deals with Intel since then, reportedly with similar pressure applied by the Trump administration.

Intel's foundry business posted $10.4 billion in operating losses over its last four fiscal quarters, and outside customers have in recent years doubted its ability to reliably produce usable silicon at a high volume. The WSJ report gives no timeline for when Intel-made chips might appear in shipping Apple products, and Apple has not commented on the arrangement.Tags: Intel, The Wall Street Journal
This article, "Report: Apple Agreed to Intel Chips Amid White House Tariff Talks" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Picture the moment after an AI issue is reported.
A security analyst is reviewing a ticket reporting that an internal AI tool produced the wrong recommendation in a live business workflow. The risk is not theoretical anymore. Someone wants to know whether this is a security incident, a model issue, a privacy issue, a vendor issue or just “something the AI did.” The risk register has a line item for inaccurate output, and it may even have a severity rating.
What it does not have is an answer to the question everyone is now asking: who has the authority to stop this thing?
That is the gap many AI governance programs still need to close. Organizations are getting better at identifying AI risks, documenting them and assigning them to governance categories. What they are often less prepared for is the operational moment when an AI risk becomes a real event that has to be investigated, contained and explained.
In security programs, that distinction matters. A risk register can document concerns, but it cannot preserve evidence, notify leadership, assess impact or decide whether an AI system should keep running. Security leaders do not need another spreadsheet that says AI can fail; they need an executable response model for what happens when it does.
The list is not the response
Risk registers are useful because they create visibility. They help organizations name risks, compare severity, assign ownership and communicate concerns to leadership. In early AI adoption, visibility matters because many organizations are still discovering where AI is being used, what data is involved and which business processes may be affected.
But a risk register is not a control. Security teams already understand this in other domains. A list of vulnerabilities is not a vulnerability management program, and a list of third-party risks is not a vendor risk management function. The list is only the beginning of the work.
AI risk creates the same problem. A risk entry that says “model output may be inaccurate” does not define who monitors output quality, what level of error is acceptable, what evidence should be preserved or who can pause the system. A risk entry that says “sensitive data may be exposed” does not explain whether prompts are logged, whether outputs are reviewed, whether the vendor can use submitted data or whether the event should trigger privacy, legal or security escalation.
This is where AI governance can look stronger than it actually is. The organization may have a policy, a committee, an intake form and a risk register, but those artifacts do not automatically create operational readiness. When something happens, the real test is whether the organization knows what to do next.
AI incidents do not always look like breaches
Part of the challenge is that AI incidents do not always look like traditional cybersecurity incidents. A breach has familiar patterns: unauthorized access, data exfiltration, malware, credential compromise or suspicious activity in a system. AI failures can be messier because they may appear first as a bad recommendation, a misleading summary, an unsafe automation, a flawed classification or an output that quietly changes a decision.
That does not make them less important. An AI tool used in a security workflow could misclassify an alert. A generative AI assistant could expose sensitive information in a response. A model embedded in a business process could drift over time and produce unreliable recommendations. A vendor-managed AI feature could change behavior after an update that the organization did not fully review.
Security teams need a practical way to sort these events. Not every AI error should be treated as a full security incident. Still, every organization using AI in meaningful workflows should know how AI-related events are reported, triaged and escalated. Without that structure, teams may lose time debating ownership while the impact continues.
The first step is defining what counts as an AI incident. That definition should be broad enough to capture security, privacy, safety, operational and compliance concerns, but specific enough that employees know when to report something. A confusing chatbot answer may not require the same response as a data exposure event, but both should have a path for review.
Evidence has to exist before the investigation
Incident response depends on evidence. That is obvious in cybersecurity, but it is often overlooked in AI governance conversations. If an organization cannot reconstruct what happened, who used the system, what data was involved and what output was produced, it will struggle to investigate the event or defend its response.
AI systems can complicate that evidence trail. Prompts may not be logged. Outputs may not be retained. Vendor tools may provide limited visibility. Model versions may change. Users may copy AI-generated content into other systems without preserving its source. Business teams may treat AI output as a recommendation rather than a system event.
Security leaders should push for evidence requirements before AI systems move into production. At a minimum, organizations should know what logs are available, how long they are retained, who can access them and whether they are sufficient for investigation. For higher-risk use cases, teams may also need records of model version, prompt history, output history, user actions, data sources and downstream decisions.
This does not mean every AI interaction needs heavy surveillance. Monitoring should be proportional to risk, and organizations still need to respect privacy, legal and workforce considerations. The point is simpler: if the AI system matters enough to influence real work, it matters enough to leave an evidence trail when something goes wrong.
Ownership cannot be implied
AI ownership is often fragmented. A business unit may sponsor the use case, a data science team may configure the model, IT may manage the platform, security may assess risk, and a vendor may provide the underlying capability. Everyone is involved, but no one may be fully accountable after deployment.
That ambiguity becomes dangerous during an incident. If an AI tool begins producing unreliable output, the organization needs to know who owns the system, who owns the business process and who owns the decision to continue or stop use. A governance committee can provide oversight, but it usually cannot serve as the operational owner of every deployed AI capability.
Security programs should insist on named ownership for AI systems, especially those used in sensitive or high-impact workflows. Ownership should include responsibility for monitoring, exceptions, user guidance, vendor coordination and incident escalation. It should also include decision rights, because accountability without authority is just a name in a spreadsheet.
The hardest question is often pause authority. Who can suspend, restrict, roll back or retire an AI system when risk exceeds tolerance? If that question is not answered before deployment, the organization may be forced to answer it under pressure.
Security leaders need an AI response playbook
An AI response playbook does not need to be complicated, but it does need to be real. It should explain how employees report AI concerns, how the event is triaged, what evidence is preserved, who investigates, when legal or privacy teams are involved, and who can make operational decisions. It should also define when executive leadership needs to be notified.
The playbook should reflect the type of AI system involved. A low-risk internal productivity tool may require a lightweight review path. An AI system supporting security operations, regulated decisions, customer communication, healthcare workflows or financial processes needs stronger monitoring and escalation. The response model should fit the risk of the use case.
This is where security can add discipline without turning AI governance into bureaucracy. Security teams already know how to build escalation paths, preserve evidence, run incident reviews and improve controls after failures. The opportunity is to extend that operating muscle into AI governance before incidents force the issue.
Organizations should also conduct post-incident reviews for meaningful AI events. The goal should not be blame; it should be learning. Did the monitoring work? Was the owner clear? Was the evidence sufficient? Did the vendor respond? Were users confused about acceptable use? Did the organization know who could make the decision?
Governance has to be executable
AI governance is often discussed as a policy, ethics or compliance challenge. It is all of those things, but once AI systems enter production, it also becomes a security execution challenge. Risk has to be monitored, events have to be investigated and someone has to be able to act.
That is why the next maturity step is not simply better documentation. Organizations need governance that works when a system is live, a decision is time-sensitive and the facts are incomplete. In that moment, the risk register may help explain what the organization expected, but it will not run the response.
Security leaders should not wait for AI governance to arrive fully formed from somewhere else in the enterprise. They should help shape the operating model now, while many organizations are still early enough to correct course. The goal is not to own every AI risk; it is to ensure AI risk can be managed once AI becomes operational.
A risk register can tell leaders what might go wrong. An incident response plan tells people what to do when it does. For AI governance to matter in security programs, organizations need both.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
Picture the moment after an AI issue is reported.
A security analyst is reviewing a ticket reporting that an internal AI tool produced the wrong recommendation in a live business workflow. The risk is not theoretical anymore. Someone wants to know whether this is a security incident, a model issue, a privacy issue, a vendor issue or just “something the AI did.” The risk register has a line item for inaccurate output, and it may even have a severity rating.
What it does not have is an answer to the question everyone is now asking: who has the authority to stop this thing?
That is the gap many AI governance programs still need to close. Organizations are getting better at identifying AI risks, documenting them and assigning them to governance categories. What they are often less prepared for is the operational moment when an AI risk becomes a real event that has to be investigated, contained and explained.
In security programs, that distinction matters. A risk register can document concerns, but it cannot preserve evidence, notify leadership, assess impact or decide whether an AI system should keep running. Security leaders do not need another spreadsheet that says AI can fail; they need an executable response model for what happens when it does.
The list is not the response
Risk registers are useful because they create visibility. They help organizations name risks, compare severity, assign ownership and communicate concerns to leadership. In early AI adoption, visibility matters because many organizations are still discovering where AI is being used, what data is involved and which business processes may be affected.
But a risk register is not a control. Security teams already understand this in other domains. A list of vulnerabilities is not a vulnerability management program, and a list of third-party risks is not a vendor risk management function. The list is only the beginning of the work.
AI risk creates the same problem. A risk entry that says “model output may be inaccurate” does not define who monitors output quality, what level of error is acceptable, what evidence should be preserved or who can pause the system. A risk entry that says “sensitive data may be exposed” does not explain whether prompts are logged, whether outputs are reviewed, whether the vendor can use submitted data or whether the event should trigger privacy, legal or security escalation.
This is where AI governance can look stronger than it actually is. The organization may have a policy, a committee, an intake form and a risk register, but those artifacts do not automatically create operational readiness. When something happens, the real test is whether the organization knows what to do next.
AI incidents do not always look like breaches
Part of the challenge is that AI incidents do not always look like traditional cybersecurity incidents. A breach has familiar patterns: unauthorized access, data exfiltration, malware, credential compromise or suspicious activity in a system. AI failures can be messier because they may appear first as a bad recommendation, a misleading summary, an unsafe automation, a flawed classification or an output that quietly changes a decision.
That does not make them less important. An AI tool used in a security workflow could misclassify an alert. A generative AI assistant could expose sensitive information in a response. A model embedded in a business process could drift over time and produce unreliable recommendations. A vendor-managed AI feature could change behavior after an update that the organization did not fully review.
Security teams need a practical way to sort these events. Not every AI error should be treated as a full security incident. Still, every organization using AI in meaningful workflows should know how AI-related events are reported, triaged and escalated. Without that structure, teams may lose time debating ownership while the impact continues.
The first step is defining what counts as an AI incident. That definition should be broad enough to capture security, privacy, safety, operational and compliance concerns, but specific enough that employees know when to report something. A confusing chatbot answer may not require the same response as a data exposure event, but both should have a path for review.
Evidence has to exist before the investigation
Incident response depends on evidence. That is obvious in cybersecurity, but it is often overlooked in AI governance conversations. If an organization cannot reconstruct what happened, who used the system, what data was involved and what output was produced, it will struggle to investigate the event or defend its response.
AI systems can complicate that evidence trail. Prompts may not be logged. Outputs may not be retained. Vendor tools may provide limited visibility. Model versions may change. Users may copy AI-generated content into other systems without preserving its source. Business teams may treat AI output as a recommendation rather than a system event.
Security leaders should push for evidence requirements before AI systems move into production. At a minimum, organizations should know what logs are available, how long they are retained, who can access them and whether they are sufficient for investigation. For higher-risk use cases, teams may also need records of model version, prompt history, output history, user actions, data sources and downstream decisions.
This does not mean every AI interaction needs heavy surveillance. Monitoring should be proportional to risk, and organizations still need to respect privacy, legal and workforce considerations. The point is simpler: if the AI system matters enough to influence real work, it matters enough to leave an evidence trail when something goes wrong.
Ownership cannot be implied
AI ownership is often fragmented. A business unit may sponsor the use case, a data science team may configure the model, IT may manage the platform, security may assess risk, and a vendor may provide the underlying capability. Everyone is involved, but no one may be fully accountable after deployment.
That ambiguity becomes dangerous during an incident. If an AI tool begins producing unreliable output, the organization needs to know who owns the system, who owns the business process and who owns the decision to continue or stop use. A governance committee can provide oversight, but it usually cannot serve as the operational owner of every deployed AI capability.
Security programs should insist on named ownership for AI systems, especially those used in sensitive or high-impact workflows. Ownership should include responsibility for monitoring, exceptions, user guidance, vendor coordination and incident escalation. It should also include decision rights, because accountability without authority is just a name in a spreadsheet.
The hardest question is often pause authority. Who can suspend, restrict, roll back or retire an AI system when risk exceeds tolerance? If that question is not answered before deployment, the organization may be forced to answer it under pressure.
Security leaders need an AI response playbook
An AI response playbook does not need to be complicated, but it does need to be real. It should explain how employees report AI concerns, how the event is triaged, what evidence is preserved, who investigates, when legal or privacy teams are involved, and who can make operational decisions. It should also define when executive leadership needs to be notified.
The playbook should reflect the type of AI system involved. A low-risk internal productivity tool may require a lightweight review path. An AI system supporting security operations, regulated decisions, customer communication, healthcare workflows or financial processes needs stronger monitoring and escalation. The response model should fit the risk of the use case.
This is where security can add discipline without turning AI governance into bureaucracy. Security teams already know how to build escalation paths, preserve evidence, run incident reviews and improve controls after failures. The opportunity is to extend that operating muscle into AI governance before incidents force the issue.
Organizations should also conduct post-incident reviews for meaningful AI events. The goal should not be blame; it should be learning. Did the monitoring work? Was the owner clear? Was the evidence sufficient? Did the vendor respond? Were users confused about acceptable use? Did the organization know who could make the decision?
Governance has to be executable
AI governance is often discussed as a policy, ethics or compliance challenge. It is all of those things, but once AI systems enter production, it also becomes a security execution challenge. Risk has to be monitored, events have to be investigated and someone has to be able to act.
That is why the next maturity step is not simply better documentation. Organizations need governance that works when a system is live, a decision is time-sensitive and the facts are incomplete. In that moment, the risk register may help explain what the organization expected, but it will not run the response.
Security leaders should not wait for AI governance to arrive fully formed from somewhere else in the enterprise. They should help shape the operating model now, while many organizations are still early enough to correct course. The goal is not to own every AI risk; it is to ensure AI risk can be managed once AI becomes operational.
A risk register can tell leaders what might go wrong. An incident response plan tells people what to do when it does. For AI governance to matter in security programs, organizations need both.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
At Amazon Web Services (AWS), artificial intelligence is already compressing security work that once took months into minutes.
In the old world, human red teams would find vulnerabilities, write reports, refine those reports, and eventually hand them to defenders, who would then begin building detections or fixes, Steve Schmidt, chief security officer at AWS, tells CSO. That process could take “two, four, six, eight, 10 months,” Schmidt says.
“Now with proper application of AI, we can have the detections built for the problems the red team finds in 15 minutes-ish,” he says. “I think the outside is about four hours.”
That kind of workflow offers a glimpse of what AI could make possible for the most sophisticated security organizations: AI agents testing systems, other agents generating defenses, and human security engineers validating results and refining the feedback loop.
But it also raises a more uncomfortable question for the rest of the cybersecurity industry: What happens to organizations that cannot build anything close to that?
The concern has become significant enough that the Trump administration recently directed agencies to expand access to AI-enabled cybersecurity capabilities for resource-constrained organizations, including rural hospitals, community banks, and local utilities.
The order reflects a growing fear that AI could deepen a divide that has existed in cybersecurity for years: the divide between organizations with money, expertise, and engineering depth, and those struggling to keep pace with basic security demands.
Yet security leaders and practitioners suggest the impact of AI will be more complicated than a simple widening gap. Some experts say AI is merely adding a new layer to a long-standing security poverty problem. Others argue AI could democratize capabilities once reserved for elite organizations. Still others see today’s divide as real, but potentially temporary, as models become cheaper, more open, and easier to run.
The class divide was already here
For Matt Warner, co-founder and CTO of Blumira, the premise that AI is creating a cybersecurity class divide misses a key point: The divide already exists.
“I would go even a step further and say that there has been a class divide for the last 10 to 15 years,” Warner tells CSO.
What AI changes, he argues, is not necessarily the existence of the divide but how stark it becomes. Larger organizations have money, people, and time to experiment with AI. Smaller organizations often do not.
“The big differences that we’re seeing, especially from where we sit in the world, is the difference is getting starker in having the resources to leverage AI and the time to leverage AI more than anything else,” Warner says.
That distinction matters because many smaller organizations are already overwhelmed. Warner pointed to resource-constrained local governments and small or midmarket organizations that are still far behind large enterprises in basic IT and security maturity.
“I can find you a county in Michigan with two IT people for 2,000 employees,” Warner says. “Those people don’t have time to leverage AI and even learn how to use AI because they’re mostly just trying to put out fires.”
That problem is not unique to AI. Smaller organizations have long struggled to patch systems, prioritize vulnerabilities, monitor environments, and respond to incidents with limited staff. AI may help eventually, but only if those organizations have enough capacity to adopt it.
Wendy Nather’s framework gets an AI layer
Anton Chuvakin, security advisor in the office of the CISO for Google Cloud, sees the AI divide as part of a much older problem.
“I feel like it sends me back to when Wendy Nather invented the security poverty line,” Chuvakin tells CSO, referring to Nather’s 2011 concept describing organizations that lack the money, expertise, capability, or influence to implement effective security.
Chuvakin is skeptical that AI fundamentally changes that model. “I don’t think AI necessarily breaks that model,” he says. “I think it just adds another dimension.”
Cybersecurity has always been shaped by unequal access to top talent, tools, and services, Chuvakin argues. Large organizations could afford better SIEM deployments, advanced DLP programs, threat hunters, application security experts, and incident response retainers. Smaller organizations often could not.
AI may become another scarce resource, but Chuvakin cautions against overstating the role of model cost alone. In his view, the bigger structural issue may be talent rather than tokens.
“Prices for people won’t drop, but prices for LLMs may drop,” he believes.
That means the organizations with the greatest advantage may not simply be those that can afford the most expensive models. They may be the ones that can afford the people who know how to use them — and, as the frontier-access debate below suggests, that talent gap may prove more durable than any gap in model access itself.
AI creates new costs — and new uncertainties
Nather herself, now senior research initiatives director at 1Password, sees AI affecting every dimension of the security poverty line: money, expertise, capability, and influence.
The financial challenges are not limited to whether an organization can pay for an AI tool. In some cases, organizations that cannot afford enterprise licensing may end up making tradeoffs around privacy.
“If an organization can’t afford an enterprise license for the models they’re using, then they can’t keep their data private,” Nather tells CSO. “So, they have to give up privacy because they can’t afford privacy.”
That’s a new twist on an old dimension of the poverty line: It’s not just that under-resourced organizations lack a capability, but that the capability they can afford comes bundled with a risk wealthier organizations don’t have to accept.
Token-based pricing adds another problem: unpredictability. “At this point, nobody knows how much they’re going to burn in tokens at any given time,” she says.
That makes budgeting difficult for organizations that cannot absorb surprise costs. Nather also warns that usage-based pricing is controlled by providers and can change over time, leaving customers with limited leverage.
“The charging practice is in the hands of the providers, and they can change it at any time,” she says.
For organizations already operating below the security poverty line, that uncertainty could make AI adoption harder, even if the technology itself becomes more capable.
Access to frontier models may be a temporary divide
Dave Baggett, SVP/GM of the security suite at Kaseya, agrees there is security class divide dynamic playing out today, particularly around access to frontier models.
“There’s definitely a haves and have-nots issue around Mythos specifically because most people don’t have it,” Baggett tells CSO. But he doesn’t think the divide will have a long-term impact. Open-weight models, quantization, mixture-of-experts architectures, and increasingly powerful commodity hardware, he argues, are closing the gap faster than most people expect.
While not every organization will build a frontier model, he says, more organizations may be able to run capable models locally or use cheaper systems that approximate what today’s elite models can do.
“What it says for finding vulnerabilities is at that point, open-source people can run this stuff,” Baggett says. “Then you’re back to having a symmetrical opportunity where the defenders who are writing the open source can run the same tools the attackers would and have them fix the issues.”
His bottom line is that the divide may be real but short-lived. “Right now, there certainly is a have, have-not schism, but it may not be there for long,” Baggett says — a view Chuvakin shares, though he frames it in terms of the model market rather than open source specifically.
“I don’t think it’s the lowering prices example, but it’s more like you’re a top-tier model maker, I’m a second-tier model maker. My model in a year would do what your model did a year ago,” Chuvakin says.
The real advantage is operational depth
Schmidt’s description of AI use at AWS points to another kind of divide: not access to AI, but the ability to operationalize it.
AWS uses multiple models for different tasks, Schmidt says. One model may discover vulnerabilities, while other models validate results or help build defenses. Humans remain accountable for evaluating what the systems produce.
“Because we believe really strongly in human accountability for the use of AI from end to end, we still have humans take a look at what the systems come up with to determine whether they are reasonable and appropriate,” he says.
That workflow requires more than a model. It requires corporate data, secure infrastructure, feedback loops, security engineers, data scientists, and AI specialists who can work together.
Schmidt also pushes back on the idea that running AI locally on powerful consumer hardware is a substitute for production-grade security infrastructure. “Often the value of the model is also dependent on its proximity to data so that the model can ingest, use, and reason about data,” he says. “As a security person, I do not want that to be on your laptop.”
Experimentation on a laptop is useful, Schmidt says, but it is not the same as a secure production environment.
“I want the data to be somewhere safe that I can control, that I can see, that I can reason about, not sitting on your laptop,” he says. “Experimentation in there, awesome. That’s great. But it is not a production infrastructure component.”
That distinction may define the emerging AI security gap. Many organizations may be able to access AI tools. Far fewer may be able to safely integrate them into real security workflows.
The democratization argument
Phil Venables, a partner at Ballistic Ventures and former CISO of Google Cloud, takes the most optimistic view.
Asked whether AI is widening the gap between well-resourced and under-resourced security organizations, Venables tells CSO, “No, I actually think it’s the exact opposite.”
The reason, he argues, is that AI packages expertise and automation in ways that can be delivered broadly. “One of the fantastic things about AI, and we’re already starting to see this, is [that it’s] a great democratizer of capabilities,” he says. “AI packages up expertise and automation capabilities at a level beyond what prior waves of technology have done, and it makes it available at scale into organizations that have not previously been able to afford these things.”
He points to red teaming as an example. Nearly every organization would like a world-class red team, but few can afford one.
“Pretty much every organization on the planet would love to have a world-class red team to constantly test their security to find and fix things before attackers do,” Venables says. “But very few organizations have ever been able to afford to build a high-end red team.”
AI agents, he argues, could make that kind of capability available more economically. The same pattern could apply to insider threat; third-party risk; software security; governance, risk and compliance; and security operations.
“So even the smallest and resource-constrained organizations can now have access to a higher-end capability,” he maintains.
Venables does see a danger zone, however: under-resourced security teams inside organizations with aggressive AI ambitions. Those teams may struggle to keep up as the rest of the business adopts AI rapidly. But for many small and midsize organizations, he believes AI could improve access to security capabilities they never had before.
A divide over AI — or over readiness?
For elite organizations, AI is already becoming a force multiplier. Security teams with deep engineering talent, mature data infrastructure, and strong governance can use AI to accelerate testing, detection engineering, vulnerability discovery, and risk management.
For smaller organizations, the picture is less clear. AI may eventually package scarce expertise into affordable services. Open models may reduce dependence on expensive frontier systems. But organizations below the security poverty line still face familiar constraints: too few people, too little time, limited expertise, unpredictable costs, and weak leverage over vendors.
The emerging divide may therefore be less about who has access to AI and more about who can turn AI into durable security outcomes.
That makes the question facing cybersecurity more complicated than whether AI will create haves and have-nots. The industry already had them.
The real question is whether AI becomes another technology that rewards the organizations already best positioned to use it — or the first major security advance in years that helps those below the poverty line finally catch up.
View the full article
At Amazon Web Services (AWS), artificial intelligence is already compressing security work that once took months into minutes.
In the old world, human red teams would find vulnerabilities, write reports, refine those reports, and eventually hand them to defenders, who would then begin building detections or fixes, Steve Schmidt, chief security officer at AWS, tells CSO. That process could take “two, four, six, eight, 10 months,” Schmidt says.
“Now with proper application of AI, we can have the detections built for the problems the red team finds in 15 minutes-ish,” he says. “I think the outside is about four hours.”
That kind of workflow offers a glimpse of what AI could make possible for the most sophisticated security organizations: AI agents testing systems, other agents generating defenses, and human security engineers validating results and refining the feedback loop.
But it also raises a more uncomfortable question for the rest of the cybersecurity industry: What happens to organizations that cannot build anything close to that?
The concern has become significant enough that the Trump administration recently directed agencies to expand access to AI-enabled cybersecurity capabilities for resource-constrained organizations, including rural hospitals, community banks, and local utilities.
The order reflects a growing fear that AI could deepen a divide that has existed in cybersecurity for years: the divide between organizations with money, expertise, and engineering depth, and those struggling to keep pace with basic security demands.
Yet security leaders and practitioners suggest the impact of AI will be more complicated than a simple widening gap. Some experts say AI is merely adding a new layer to a long-standing security poverty problem. Others argue AI could democratize capabilities once reserved for elite organizations. Still others see today’s divide as real, but potentially temporary, as models become cheaper, more open, and easier to run.
The class divide was already here
For Matt Warner, co-founder and CTO of Blumira, the premise that AI is creating a cybersecurity class divide misses a key point: The divide already exists.
“I would go even a step further and say that there has been a class divide for the last 10 to 15 years,” Warner tells CSO.
What AI changes, he argues, is not necessarily the existence of the divide but how stark it becomes. Larger organizations have money, people, and time to experiment with AI. Smaller organizations often do not.
“The big differences that we’re seeing, especially from where we sit in the world, is the difference is getting starker in having the resources to leverage AI and the time to leverage AI more than anything else,” Warner says.
That distinction matters because many smaller organizations are already overwhelmed. Warner pointed to resource-constrained local governments and small or midmarket organizations that are still far behind large enterprises in basic IT and security maturity.
“I can find you a county in Michigan with two IT people for 2,000 employees,” Warner says. “Those people don’t have time to leverage AI and even learn how to use AI because they’re mostly just trying to put out fires.”
That problem is not unique to AI. Smaller organizations have long struggled to patch systems, prioritize vulnerabilities, monitor environments, and respond to incidents with limited staff. AI may help eventually, but only if those organizations have enough capacity to adopt it.
Wendy Nather’s framework gets an AI layer
Anton Chuvakin, security advisor in the office of the CISO for Google Cloud, sees the AI divide as part of a much older problem.
“I feel like it sends me back to when Wendy Nather invented the security poverty line,” Chuvakin tells CSO, referring to Nather’s 2011 concept describing organizations that lack the money, expertise, capability, or influence to implement effective security.
Chuvakin is skeptical that AI fundamentally changes that model. “I don’t think AI necessarily breaks that model,” he says. “I think it just adds another dimension.”
Cybersecurity has always been shaped by unequal access to top talent, tools, and services, Chuvakin argues. Large organizations could afford better SIEM deployments, advanced DLP programs, threat hunters, application security experts, and incident response retainers. Smaller organizations often could not.
AI may become another scarce resource, but Chuvakin cautions against overstating the role of model cost alone. In his view, the bigger structural issue may be talent rather than tokens.
“Prices for people won’t drop, but prices for LLMs may drop,” he believes.
That means the organizations with the greatest advantage may not simply be those that can afford the most expensive models. They may be the ones that can afford the people who know how to use them — and, as the frontier-access debate below suggests, that talent gap may prove more durable than any gap in model access itself.
AI creates new costs — and new uncertainties
Nather herself, now senior research initiatives director at 1Password, sees AI affecting every dimension of the security poverty line: money, expertise, capability, and influence.
The financial challenges are not limited to whether an organization can pay for an AI tool. In some cases, organizations that cannot afford enterprise licensing may end up making tradeoffs around privacy.
“If an organization can’t afford an enterprise license for the models they’re using, then they can’t keep their data private,” Nather tells CSO. “So, they have to give up privacy because they can’t afford privacy.”
That’s a new twist on an old dimension of the poverty line: It’s not just that under-resourced organizations lack a capability, but that the capability they can afford comes bundled with a risk wealthier organizations don’t have to accept.
Token-based pricing adds another problem: unpredictability. “At this point, nobody knows how much they’re going to burn in tokens at any given time,” she says.
That makes budgeting difficult for organizations that cannot absorb surprise costs. Nather also warns that usage-based pricing is controlled by providers and can change over time, leaving customers with limited leverage.
“The charging practice is in the hands of the providers, and they can change it at any time,” she says.
For organizations already operating below the security poverty line, that uncertainty could make AI adoption harder, even if the technology itself becomes more capable.
Access to frontier models may be a temporary divide
Dave Baggett, SVP/GM of the security suite at Kaseya, agrees there is security class divide dynamic playing out today, particularly around access to frontier models.
“There’s definitely a haves and have-nots issue around Mythos specifically because most people don’t have it,” Baggett tells CSO. But he doesn’t think the divide will have a long-term impact. Open-weight models, quantization, mixture-of-experts architectures, and increasingly powerful commodity hardware, he argues, are closing the gap faster than most people expect.
While not every organization will build a frontier model, he says, more organizations may be able to run capable models locally or use cheaper systems that approximate what today’s elite models can do.
“What it says for finding vulnerabilities is at that point, open-source people can run this stuff,” Baggett says. “Then you’re back to having a symmetrical opportunity where the defenders who are writing the open source can run the same tools the attackers would and have them fix the issues.”
His bottom line is that the divide may be real but short-lived. “Right now, there certainly is a have, have-not schism, but it may not be there for long,” Baggett says — a view Chuvakin shares, though he frames it in terms of the model market rather than open source specifically.
“I don’t think it’s the lowering prices example, but it’s more like you’re a top-tier model maker, I’m a second-tier model maker. My model in a year would do what your model did a year ago,” Chuvakin says.
The real advantage is operational depth
Schmidt’s description of AI use at AWS points to another kind of divide: not access to AI, but the ability to operationalize it.
AWS uses multiple models for different tasks, Schmidt says. One model may discover vulnerabilities, while other models validate results or help build defenses. Humans remain accountable for evaluating what the systems produce.
“Because we believe really strongly in human accountability for the use of AI from end to end, we still have humans take a look at what the systems come up with to determine whether they are reasonable and appropriate,” he says.
That workflow requires more than a model. It requires corporate data, secure infrastructure, feedback loops, security engineers, data scientists, and AI specialists who can work together.
Schmidt also pushes back on the idea that running AI locally on powerful consumer hardware is a substitute for production-grade security infrastructure. “Often the value of the model is also dependent on its proximity to data so that the model can ingest, use, and reason about data,” he says. “As a security person, I do not want that to be on your laptop.”
Experimentation on a laptop is useful, Schmidt says, but it is not the same as a secure production environment.
“I want the data to be somewhere safe that I can control, that I can see, that I can reason about, not sitting on your laptop,” he says. “Experimentation in there, awesome. That’s great. But it is not a production infrastructure component.”
That distinction may define the emerging AI security gap. Many organizations may be able to access AI tools. Far fewer may be able to safely integrate them into real security workflows.
The democratization argument
Phil Venables, a partner at Ballistic Ventures and former CISO of Google Cloud, takes the most optimistic view.
Asked whether AI is widening the gap between well-resourced and under-resourced security organizations, Venables tells CSO, “No, I actually think it’s the exact opposite.”
The reason, he argues, is that AI packages expertise and automation in ways that can be delivered broadly. “One of the fantastic things about AI, and we’re already starting to see this, is [that it’s] a great democratizer of capabilities,” he says. “AI packages up expertise and automation capabilities at a level beyond what prior waves of technology have done, and it makes it available at scale into organizations that have not previously been able to afford these things.”
He points to red teaming as an example. Nearly every organization would like a world-class red team, but few can afford one.
“Pretty much every organization on the planet would love to have a world-class red team to constantly test their security to find and fix things before attackers do,” Venables says. “But very few organizations have ever been able to afford to build a high-end red team.”
AI agents, he argues, could make that kind of capability available more economically. The same pattern could apply to insider threat; third-party risk; software security; governance, risk and compliance; and security operations.
“So even the smallest and resource-constrained organizations can now have access to a higher-end capability,” he maintains.
Venables does see a danger zone, however: under-resourced security teams inside organizations with aggressive AI ambitions. Those teams may struggle to keep up as the rest of the business adopts AI rapidly. But for many small and midsize organizations, he believes AI could improve access to security capabilities they never had before.
A divide over AI — or over readiness?
For elite organizations, AI is already becoming a force multiplier. Security teams with deep engineering talent, mature data infrastructure, and strong governance can use AI to accelerate testing, detection engineering, vulnerability discovery, and risk management.
For smaller organizations, the picture is less clear. AI may eventually package scarce expertise into affordable services. Open models may reduce dependence on expensive frontier systems. But organizations below the security poverty line still face familiar constraints: too few people, too little time, limited expertise, unpredictable costs, and weak leverage over vendors.
The emerging divide may therefore be less about who has access to AI and more about who can turn AI into durable security outcomes.
That makes the question facing cybersecurity more complicated than whether AI will create haves and have-nots. The industry already had them.
The real question is whether AI becomes another technology that rewards the organizations already best positioned to use it — or the first major security advance in years that helps those below the poverty line finally catch up.
View the full article
At Amazon Web Services (AWS), artificial intelligence is already compressing security work that once took months into minutes.
In the old world, human red teams would find vulnerabilities, write reports, refine those reports, and eventually hand them to defenders, who would then begin building detections or fixes, Steve Schmidt, chief security officer at AWS, tells CSO. That process could take “two, four, six, eight, 10 months,” Schmidt says.
“Now with proper application of AI, we can have the detections built for the problems the red team finds in 15 minutes-ish,” he says. “I think the outside is about four hours.”
That kind of workflow offers a glimpse of what AI could make possible for the most sophisticated security organizations: AI agents testing systems, other agents generating defenses, and human security engineers validating results and refining the feedback loop.
But it also raises a more uncomfortable question for the rest of the cybersecurity industry: What happens to organizations that cannot build anything close to that?
The concern has become significant enough that the Trump administration recently directed agencies to expand access to AI-enabled cybersecurity capabilities for resource-constrained organizations, including rural hospitals, community banks, and local utilities.
The order reflects a growing fear that AI could deepen a divide that has existed in cybersecurity for years: the divide between organizations with money, expertise, and engineering depth, and those struggling to keep pace with basic security demands.
Yet security leaders and practitioners suggest the impact of AI will be more complicated than a simple widening gap. Some experts say AI is merely adding a new layer to a long-standing security poverty problem. Others argue AI could democratize capabilities once reserved for elite organizations. Still others see today’s divide as real, but potentially temporary, as models become cheaper, more open, and easier to run.
The class divide was already here
For Matt Warner, co-founder and CEO of Blumira, the premise that AI is creating a cybersecurity class divide misses a key point: The divide already exists.
“I would go even a step further and say that there has been a class divide for the last 10 to 15 years,” Warner tells CSO.
What AI changes, he argues, is not necessarily the existence of the divide but how stark it becomes. Larger organizations have money, people, and time to experiment with AI. Smaller organizations often do not.
“The big differences that we’re seeing, especially from where we sit in the world, is the difference is getting starker in having the resources to leverage AI and the time to leverage AI more than anything else,” Warner says.
That distinction matters because many smaller organizations are already overwhelmed. Warner pointed to resource-constrained local governments and small or midmarket organizations that are still far behind large enterprises in basic IT and security maturity.
“I can find you a county in Michigan with two IT people for 2,000 employees,” Warner says. “Those people don’t have time to leverage AI and even learn how to use AI because they’re mostly just trying to put out fires.”
That problem is not unique to AI. Smaller organizations have long struggled to patch systems, prioritize vulnerabilities, monitor environments, and respond to incidents with limited staff. AI may help eventually, but only if those organizations have enough capacity to adopt it.
Wendy Nather’s framework gets an AI layer
Anton Chuvakin, security advisor in the office of the CISO for Google Cloud, sees the AI divide as part of a much older problem.
“I feel like it sends me back to when Wendy Nather invented the security poverty line,” Chuvakin tells CSO, referring to Nather’s 2011 concept describing organizations that lack the money, expertise, capability, or influence to implement effective security.
Chuvakin is skeptical that AI fundamentally changes that model. “I don’t think AI necessarily breaks that model,” he says. “I think it just adds another dimension.”
Cybersecurity has always been shaped by unequal access to top talent, tools, and services, Chuvakin argues. Large organizations could afford better SIEM deployments, advanced DLP programs, threat hunters, application security experts, and incident response retainers. Smaller organizations often could not.
AI may become another scarce resource, but Chuvakin cautions against overstating the role of model cost alone. In his view, the bigger structural issue may be talent rather than tokens.
“Prices for people won’t drop, but prices for LLMs may drop,” he believes.
That means the organizations with the greatest advantage may not simply be those that can afford the most expensive models. They may be the ones that can afford the people who know how to use them — and, as the frontier-access debate below suggests, that talent gap may prove more durable than any gap in model access itself.
AI creates new costs — and new uncertainties
Nather herself, now senior research initiatives director at 1Password, sees AI affecting every dimension of the security poverty line: money, expertise, capability, and influence.
The financial challenges are not limited to whether an organization can pay for an AI tool. In some cases, organizations that cannot afford enterprise licensing may end up making tradeoffs around privacy.
“If an organization can’t afford an enterprise license for the models they’re using, then they can’t keep their data private,” Nather tells CSO. “So, they have to give up privacy because they can’t afford privacy.”
That’s a new twist on an old dimension of the poverty line: It’s not just that under-resourced organizations lack a capability, but that the capability they can afford comes bundled with a risk wealthier organizations don’t have to accept.
Token-based pricing adds another problem: unpredictability. “At this point, nobody knows how much they’re going to burn in tokens at any given time,” she says.
That makes budgeting difficult for organizations that cannot absorb surprise costs. Nather also warns that usage-based pricing is controlled by providers and can change over time, leaving customers with limited leverage.
“The charging practice is in the hands of the providers, and they can change it at any time,” she says.
For organizations already operating below the security poverty line, that uncertainty could make AI adoption harder, even if the technology itself becomes more capable.
Access to frontier models may be a temporary divide
Dave Baggett, SVP/GM of the security suite at Kaseya, agrees there is security class divide dynamic playing out today, particularly around access to frontier models.
“There’s definitely a haves and have-nots issue around Mythos specifically because most people don’t have it,” Baggett tells CSO. But he doesn’t think the divide will have a long-term impact. Open-weight models, quantization, mixture-of-experts architectures, and increasingly powerful commodity hardware, he argues, are closing the gap faster than most people expect.
While not every organization will build a frontier model, he says, more organizations may be able to run capable models locally or use cheaper systems that approximate what today’s elite models can do.
“What it says for finding vulnerabilities is at that point, open-source people can run this stuff,” Baggett says. “Then you’re back to having a symmetrical opportunity where the defenders who are writing the open source can run the same tools the attackers would and have them fix the issues.”
His bottom line is that the divide may be real but short-lived. “Right now, there certainly is a have, have-not schism, but it may not be there for long,” Baggett says — a view Chuvakin shares, though he frames it in terms of the model market rather than open source specifically.
“I don’t think it’s the lowering prices example, but it’s more like you’re a top-tier model maker, I’m a second-tier model maker. My model in a year would do what your model did a year ago,” Chuvakin says.
The real advantage is operational depth
Schmidt’s description of AI use at AWS points to another kind of divide: not access to AI, but the ability to operationalize it.
AWS uses multiple models for different tasks, Schmidt says. One model may discover vulnerabilities, while other models validate results or help build defenses. Humans remain accountable for evaluating what the systems produce.
“Because we believe really strongly in human accountability for the use of AI from end to end, we still have humans take a look at what the systems come up with to determine whether they are reasonable and appropriate,” he says.
That workflow requires more than a model. It requires corporate data, secure infrastructure, feedback loops, security engineers, data scientists, and AI specialists who can work together.
Schmidt also pushes back on the idea that running AI locally on powerful consumer hardware is a substitute for production-grade security infrastructure. “Often the value of the model is also dependent on its proximity to data so that the model can ingest, use, and reason about data,” he says. “As a security person, I do not want that to be on your laptop.”
Experimentation on a laptop is useful, Schmidt says, but it is not the same as a secure production environment.
“I want the data to be somewhere safe that I can control, that I can see, that I can reason about, not sitting on your laptop,” he says. “Experimentation in there, awesome. That’s great. But it is not a production infrastructure component.”
That distinction may define the emerging AI security gap. Many organizations may be able to access AI tools. Far fewer may be able to safely integrate them into real security workflows.
The democratization argument
Phil Venables, a partner at Ballistic Ventures and former CISO of Google Cloud, takes the most optimistic view.
Asked whether AI is widening the gap between well-resourced and under-resourced security organizations, Venables tells CSO, “No, I actually think it’s the exact opposite.”
The reason, he argues, is that AI packages expertise and automation in ways that can be delivered broadly. “One of the fantastic things about AI, and we’re already starting to see this, is [that it’s] a great democratizer of capabilities,” he says. “AI packages up expertise and automation capabilities at a level beyond what prior waves of technology have done, and it makes it available at scale into organizations that have not previously been able to afford these things.”
He points to red teaming as an example. Nearly every organization would like a world-class red team, but few can afford one.
“Pretty much every organization on the planet would love to have a world-class red team to constantly test their security to find and fix things before attackers do,” Venables says. “But very few organizations have ever been able to afford to build a high-end red team.”
AI agents, he argues, could make that kind of capability available more economically. The same pattern could apply to insider threat; third-party risk; software security; governance, risk and compliance; and security operations.
“So even the smallest and resource-constrained organizations can now have access to a higher-end capability,” he maintains.
Venables does see a danger zone, however: under-resourced security teams inside organizations with aggressive AI ambitions. Those teams may struggle to keep up as the rest of the business adopts AI rapidly. But for many small and midsize organizations, he believes AI could improve access to security capabilities they never had before.
A divide over AI — or over readiness?
For elite organizations, AI is already becoming a force multiplier. Security teams with deep engineering talent, mature data infrastructure, and strong governance can use AI to accelerate testing, detection engineering, vulnerability discovery, and risk management.
For smaller organizations, the picture is less clear. AI may eventually package scarce expertise into affordable services. Open models may reduce dependence on expensive frontier systems. But organizations below the security poverty line still face familiar constraints: too few people, too little time, limited expertise, unpredictable costs, and weak leverage over vendors.
The emerging divide may therefore be less about who has access to AI and more about who can turn AI into durable security outcomes.
That makes the question facing cybersecurity more complicated than whether AI will create haves and have-nots. The industry already had them.
The real question is whether AI becomes another technology that rewards the organizations already best positioned to use it — or the first major security advance in years that helps those below the poverty line finally catch up.
View the full article
At Amazon Web Services (AWS), artificial intelligence is already compressing security work that once took months into minutes.
In the old world, human red teams would find vulnerabilities, write reports, refine those reports, and eventually hand them to defenders, who would then begin building detections or fixes, Steve Schmidt, chief security officer at Amazon, tells CSO. That process could take “two, four, six, eight, 10 months,” Schmidt says.
“Now with proper application of AI, we can have the detections built for the problems the red team finds in 15 minutes-ish,” he says. “I think the outside is about four hours.”
That kind of workflow offers a glimpse of what AI could make possible for the most sophisticated security organizations: AI agents testing systems, other agents generating defenses, and human security engineers validating results and refining the feedback loop.
But it also raises a more uncomfortable question for the rest of the cybersecurity industry: What happens to organizations that cannot build anything close to that?
The concern has become significant enough that the Trump administration recently directed agencies to expand access to AI-enabled cybersecurity capabilities for resource-constrained organizations, including rural hospitals, community banks, and local utilities.
The order reflects a growing fear that AI could deepen a divide that has existed in cybersecurity for years: the divide between organizations with money, expertise, and engineering depth, and those struggling to keep pace with basic security demands.
Yet security leaders and practitioners suggest the impact of AI will be more complicated than a simple widening gap. Some experts say AI is merely adding a new layer to a long-standing security poverty problem. Others argue AI could democratize capabilities once reserved for elite organizations. Still others see today’s divide as real, but potentially temporary, as models become cheaper, more open, and easier to run.
The class divide was already here
For Matt Warner, co-founder and CEO of Blumira, the premise that AI is creating a cybersecurity class divide misses a key point: The divide already exists.
“I would go even a step further and say that there has been a class divide for the last 10 to 15 years,” Warner tells CSO.
What AI changes, he argues, is not necessarily the existence of the divide but how stark it becomes. Larger organizations have money, people, and time to experiment with AI. Smaller organizations often do not.
“The big differences that we’re seeing, especially from where we sit in the world, is the difference is getting starker in having the resources to leverage AI and the time to leverage AI more than anything else,” Warner says.
That distinction matters because many smaller organizations are already overwhelmed. Warner pointed to resource-constrained local governments and small or midmarket organizations that are still far behind large enterprises in basic IT and security maturity.
“I can find you a county in Michigan with two IT people for 2,000 employees,” Warner says. “Those people don’t have time to leverage AI and even learn how to use AI because they’re mostly just trying to put out fires.”
That problem is not unique to AI. Smaller organizations have long struggled to patch systems, prioritize vulnerabilities, monitor environments, and respond to incidents with limited staff. AI may help eventually, but only if those organizations have enough capacity to adopt it.
Wendy Nather’s framework gets an AI layer
Anton Chuvakin, security advisor in the office of the CISO for Google Cloud, sees the AI divide as part of a much older problem.
“I feel like it sends me back to when Wendy Nather invented the security poverty line,” Chuvakin tells CSO, referring to Nather’s 2011 concept describing organizations that lack the money, expertise, capability, or influence to implement effective security.
Chuvakin is skeptical that AI fundamentally changes that model. “I don’t think AI necessarily breaks that model,” he says. “I think it just adds another dimension.”
Cybersecurity has always been shaped by unequal access to top talent, tools, and services, Chuvakin argues. Large organizations could afford better SIEM deployments, advanced DLP programs, threat hunters, application security experts, and incident response retainers. Smaller organizations often could not.
AI may become another scarce resource, but Chuvakin cautions against overstating the role of model cost alone. In his view, the bigger structural issue may be talent rather than tokens.
“Prices for people won’t drop, but prices for LLMs may drop,” he believes.
That means the organizations with the greatest advantage may not simply be those that can afford the most expensive models. They may be the ones that can afford the people who know how to use them — and, as the frontier-access debate below suggests, that talent gap may prove more durable than any gap in model access itself.
AI creates new costs — and new uncertainties
Nather herself, now senior research initiatives director at 1Password, sees AI affecting every dimension of the security poverty line: money, expertise, capability, and influence.
The financial challenges are not limited to whether an organization can pay for an AI tool. In some cases, organizations that cannot afford enterprise licensing may end up making tradeoffs around privacy.
“If an organization can’t afford an enterprise license for the models they’re using, then they can’t keep their data private,” Nather tells CSO. “So, they have to give up privacy because they can’t afford privacy.”
That’s a new twist on an old dimension of the poverty line: It’s not just that under-resourced organizations lack a capability, but that the capability they can afford comes bundled with a risk wealthier organizations don’t have to accept.
Token-based pricing adds another problem: unpredictability. “At this point, nobody knows how much they’re going to burn in tokens at any given time,” she says.
That makes budgeting difficult for organizations that cannot absorb surprise costs. Nather also warns that usage-based pricing is controlled by providers and can change over time, leaving customers with limited leverage.
“The charging practice is in the hands of the providers, and they can change it at any time,” she says.
For organizations already operating below the security poverty line, that uncertainty could make AI adoption harder, even if the technology itself becomes more capable.
Access to frontier models may be a temporary divide
Dave Baggett, SVP/GM of the security suite at Kaseya, agrees there is security class divide dynamic playing out today, particularly around access to frontier models.
“There’s definitely a haves and have-nots issue around Mythos specifically because most people don’t have it,” Baggett tells CSO. But he doesn’t think the divide will have a long-term impact. Open-weight models, quantization, mixture-of-experts architectures, and increasingly powerful commodity hardware, he argues, are closing the gap faster than most people expect.
While not every organization will build a frontier model, he says, more organizations may be able to run capable models locally or use cheaper systems that approximate what today’s elite models can do.
“What it says for finding vulnerabilities is at that point, open-source people can run this stuff,” Baggett says. “Then you’re back to having a symmetrical opportunity where the defenders who are writing the open source can run the same tools the attackers would and have them fix the issues.”
His bottom line is that the divide may be real but short-lived. “Right now, there certainly is a have, have-not schism, but it may not be there for long,” Baggett says — a view Chuvakin shares, though he frames it in terms of the model market rather than open source specifically.
“I don’t think it’s the lowering prices example, but it’s more like you’re a top-tier model maker, I’m a second-tier model maker. My model in a year would do what your model did a year ago,” Chuvakin says.
The real advantage is operational depth
Schmidt’s description of AI use at AWS points to another kind of divide: not access to AI, but the ability to operationalize it.
AWS uses multiple models for different tasks, Schmidt says. One model may discover vulnerabilities, while other models validate results or help build defenses. Humans remain accountable for evaluating what the systems produce.
“Because we believe really strongly in human accountability for the use of AI from end to end, we still have humans take a look at what the systems come up with to determine whether they are reasonable and appropriate,” he says.
That workflow requires more than a model. It requires corporate data, secure infrastructure, feedback loops, security engineers, data scientists, and AI specialists who can work together.
Schmidt also pushes back on the idea that running AI locally on powerful consumer hardware is a substitute for production-grade security infrastructure. “Often the value of the model is also dependent on its proximity to data so that the model can ingest, use, and reason about data,” he says. “As a security person, I do not want that to be on your laptop.”
Experimentation on a laptop is useful, Schmidt says, but it is not the same as a secure production environment.
“I want the data to be somewhere safe that I can control, that I can see, that I can reason about, not sitting on your laptop,” he says. “Experimentation in there, awesome. That’s great. But it is not a production infrastructure component.”
That distinction may define the emerging AI security gap. Many organizations may be able to access AI tools. Far fewer may be able to safely integrate them into real security workflows.
The democratization argument
Phil Venables, a partner at Ballistic Ventures and former CISO of Google Cloud, takes the most optimistic view.
Asked whether AI is widening the gap between well-resourced and under-resourced security organizations, Venables tells CSO, “No, I actually think it’s the exact opposite.”
The reason, he argues, is that AI packages expertise and automation in ways that can be delivered broadly. “One of the fantastic things about AI, and we’re already starting to see this, is [that it’s] a great democratizer of capabilities,” he says. “AI packages up expertise and automation capabilities at a level beyond what prior waves of technology have done, and it makes it available at scale into organizations that have not previously been able to afford these things.”
He points to red teaming as an example. Nearly every organization would like a world-class red team, but few can afford one.
“Pretty much every organization on the planet would love to have a world-class red team to constantly test their security to find and fix things before attackers do,” Venables says. “But very few organizations have ever been able to afford to build a high-end red team.”
AI agents, he argues, could make that kind of capability available more economically. The same pattern could apply to insider threat; third-party risk; software security; governance, risk and compliance; and security operations.
“So even the smallest and resource-constrained organizations can now have access to a higher-end capability,” he maintains.
Venables does see a danger zone, however: under-resourced security teams inside organizations with aggressive AI ambitions. Those teams may struggle to keep up as the rest of the business adopts AI rapidly. But for many small and midsize organizations, he believes AI could improve access to security capabilities they never had before.
A divide over AI — or over readiness?
For elite organizations, AI is already becoming a force multiplier. Security teams with deep engineering talent, mature data infrastructure, and strong governance can use AI to accelerate testing, detection engineering, vulnerability discovery, and risk management.
For smaller organizations, the picture is less clear. AI may eventually package scarce expertise into affordable services. Open models may reduce dependence on expensive frontier systems. But organizations below the security poverty line still face familiar constraints: too few people, too little time, limited expertise, unpredictable costs, and weak leverage over vendors.
The emerging divide may therefore be less about who has access to AI and more about who can turn AI into durable security outcomes.
That makes the question facing cybersecurity more complicated than whether AI will create haves and have-nots. The industry already had them.
The real question is whether AI becomes another technology that rewards the organizations already best positioned to use it — or the first major security advance in years that helps those below the poverty line finally catch up.
View the full article
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabilities (KEV) catalog, following reports of zero-day exploitation in the wild. The vulnerabilities, both rated 10.0 on the CVSS scoring system, are below - CVE-2026-48939 - A vulnerability in theView the full article
In 2022, Apple began rolling out Tap to Pay on iPhone, a system that allows small business owners and other merchants to accept contactless payments on an iPhone, with no point-of-sale hardware required. The feature allows customers to pay by simply tapping their iPhone or Apple Watch, credit card or debit card, or other contactless payment option on the merchant's iPhone. Payment is securely completed using NFC, like Apple Pay.


Some of Apple's retail employees have been using iPhone 14 units with Tap to Pay on iPhone, instead of a Bluetooth credit card reader affixed to the back of the device, and now the company apparently plans to go a step further.

Bloomberg's Mark Gurman today said Apple will be giving more retail employees newer iPhone 16 units to expand its in-store usage of Tap to Pay on iPhone.

"The tap-to-pay system in the iPhone 14 can sometimes be finicky and not support metal cards like American Express Platinum or Chase Sapphire Reserve," he explained. "But Apple has found that the iPhone 16 does a better job and eliminates the need for store employees to carry around the specialized terminals."

iOS 27 builds upon Tap to Pay on iPhone with a new "Tap to Share" feature.Tags: Apple Store, Mark Gurman, Tap to Pay on iPhone
This article, "Apple Stores to Expand Use of 'Tap to Pay on iPhone'" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple's M7 Ultra chip coming in 2028 is designed to support up to 1.5TB of unified memory, according to Bloomberg's Mark Gurman. However, whether such a configuration is offered may depend on the state of the ongoing memory chip shortage.

In 2019, Apple released an Intel-based Mac Pro with up to 1.5TB RAM.
This article, "Apple's M7 Ultra Chip Designed to Match a 2019 Mac Pro Feat" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Two new Apple Pencil models are in development for release alongside next-generation iPad Pro models next year, according to Bloomberg's Mark Gurman.


Specifically, he said new versions of the lower-end Apple Pencil with a USB-C port and the higher-end Apple Pencil Pro are in the works.

Apple is working to satisfy upcoming EU requirements related to making batteries more replaceable, leading Gurman to believe that the new Apple Pencil models could be equipped with "new battery systems." While that wording is vague, it seems to suggest that the next Apple Pencil models could have replaceable batteries.

No other details were provided, so we do not know of any potential design changes or other new features that are planned at this time.

The current Apple Pencil with a USB-C port was released in November 2023, while the Apple Pencil Pro followed in May 2024.Related Roundup: iPad ProTags: Apple Pencil, Mark GurmanBuyer's Guide: iPad Pro (Neutral)Related Forum: iPad Accessories
This article, "Two New Apple Pencils Reportedly Launching Next Year" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
The first public betas of iOS 27, macOS Golden Gate, and more will be released this week, according to Bloomberg's Mark Gurman. This aligns with Apple's promised July timeframe.

If you have an iPhone 15 Pro or newer, the key new feature is Siri AI, but there is a waitlist if you want to try it.Related Roundups: iOS 27, iPadOS 27
This article, "iOS 27 Public Beta Reportedly Available This Week" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
According to Bloomberg's Mark Gurman, Apple will be releasing a regular M6 chip, but it has no plans to offer higher-end M6 Pro and M6 Max chips. In his Power On newsletter today, he said the reason for this break in tradition is AI.


"Apple had been planning major neural-processing upgrades for the M7 family and ultimately decided those improvements were important enough to justify accelerating the next generation rather than completing the M6 lineup," he explained.

There won't be an M6 Ultra chip either, he said.

A new 14-inch MacBook Pro with a base M6 chip will be released later this year, and then Apple plans to move on to releasing the base M7 chip in the first half of 2027, M7 Pro and M7 Max chips in late 2027, and an M7 Ultra chip in 2028.

He said the M7 Ultra chip in particular "dramatically upgrades AI performance," and that it may power Apple Intelligence servers starting in 2029.

"AI is no longer just another feature Apple's chips need to support," said Gurman. "It is now shaping how those products are designed and when they are shipped."

The current M5 Pro and M5 Max chips launched in March, and Gurman still expects an M5 Ultra chip to debut in the Mac Studio as early as this year.

A summary:M5 chip: October 2025
M5 Pro and M5 Max chips: March 2026
M5 Ultra chip: Late 2026
M6 chip: Late 2026
M7 chip: First half of 2027
M7 Pro and M7 Max chips: Second half of 2027
M7 Ultra chip: 2028Related Roundups: Mac Studio, MacBook ProTags: Apple Silicon, Mark GurmanBuyer's Guide: Mac Studio (Don't Buy), MacBook Pro (Buy Now)Related Forums: Mac Studio, MacBook Pro
This article, "Here's Why Apple is Reportedly Skipping M6 Pro and M6 Max Chips" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Amazon today has the AirPods Pro 3 available for $199.99, down from $249.00. This is the best price we've seen on the AirPods Pro 3 since Prime Day ended last month, coming in around $20 higher when compared to that all-time low price.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

This model of the AirPods Pro launched in September 2025 and has 2x better Active Noise Cancellation than the previous generation, better audio quality, a revised fit that's meant to improve comfort and stability, Live Translation for in-person conversations, and heart rate sensing for workouts.

$49 OFFAirPods Pro 3 for $199.99

Head to our full Deals Roundup to get caught up with all of the latest deals and discounts that we've been tracking over the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "AirPods Pro 3 Hit Best Price Since Prime Day at $199.99" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple's stores will be rolling out Back to School marketing materials this week, according to Bloomberg's Mark Gurman. This suggests that the offer will begin in the U.S. in the next few days.

Last year, college students and educational staff could receive a free accessory like AirPods 4 or an Apple Pencil Pro with the purchase of a qualifying Mac or iPad model. The Back to School offer is in addition to the discounted prices already available through Apple's education store year-round, but it will be a bittersweet situation this year given that Apple recently raised prices on all Macs and iPads.
This article, "Apple's 2026 Back to School Offer is Coming Soon" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Version 8.14.0 of the jscrambler npm package shipped with a malicious preinstall hook that silently drops and runs a native infostealer during installation, one build each for Windows, macOS, and Linux. Published on July 11, 2026, it needs no import and no CLI call. Installing 8.14.0 is enough to run it. Socket flagged the release six minutes after it wasView the full article
Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026. "At Balochistan Police, the compromised assets included servers hosting web applications that manage police and citizen data, such as criminal andView the full article
Anker's Prime 3-in-1 Wireless Charging Station has dropped to $99.74 on Amazon, down from $149.99. This is one of Anker's newest accessories, and Amazon's sale today is a match of the all-time low price that we last tracked during Prime Day.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

The Prime 3-in-1 Wireless Charging Station features Qi2.2 support, which lets a compatible MagSafe ‌iPhone‌ charge at up to 25W. It's the same speed as Apple's ‌MagSafe‌ charger, and it is 10W faster than the standard Qi2 ‌MagSafe‌ chargers. You can also simultaneously charge an Apple Watch and AirPods with the device.

$50 OFFAnker Prime 3-in-1 Wireless Charging Station for $99.74
$60 OFFAnker SOLIX Power Station with Lantern for $189.99

Below you'll find a list of the best Anker discounts on Amazon this week, also including wall chargers, portable batteries, and more. There are a few more accessories that are matching their Prime Day prices, including Anker's SOLIX Power Station with Lantern. You can get this accessory for $189.99, down from $249.99.

Wall Chargers

Anker Nano USB-C Wall Charger with Smart Display - $25.99, down from $39.99
Anker 140W 4-Port GaN USB-C Charger - $79.99, down from $99.99
Anker 3-Port Prime Charger - $99.99, down from $149.99
Wireless Chargers

Anker MagGo 3-in-1 Charging Station - $71.99, down from $89.99
Anker 3-in-1 MagSafe-Compatible UFO Charger - $71.99, down from $89.99
Anker 3-in-1 MagSafe-Compatible Foldable Charging Station - $85.99, down from $109.99
Anker 3-in-1 MagSafe-Compatible Charging Cube - $89.99, down from $129.99
Anker 3-in-1 Prime Wireless Charging Station - $99.74, down from $149.99
Anker Prime MagSafe-Compatible 3-in-1 Charging Station - $139.99, down from $229.99
Portable Chargers

Anker MagGo Power Bank 10,000 mAh - $65.99, down from $79.99
Anker Prime Power Bank 20,100 mAh - $129.99, down from $179.99
Anker Prime Power Bank 26,250 mAh - $179.99, down from $229.99
Portable Power Stations

Anker SOLIX C300 Power Station with Lantern - $189.99, down from $249.00
Anker SOLIX C300 - $249.99, down from $299.99
Anker SOLIX S2000 - $599.00, down from $1,199.00
Anker SOLIX C2000 Gen 2 - $899.99, down from $1,499.00

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Score Summer-Ready Anker Accessories at Rare Low Prices This Weekend" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
OpenAI has responded after being sued by Apple over alleged theft of the iPhone maker's trade secrets.

"We have no interest in other companies' trade secrets," said OpenAI spokesperson Drew Pusateri. "We remain focused on building innovative technology that empowers people everywhere."Tags: Apple Lawsuits, OpenAI
This article, "OpenAI Responds After Being Sued by Apple" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user's session. It has yet to be assigned a CVE identifier. "TheView the full article
Think of sun-kissed golden sands, swaying palm trees, vibrant night markets, and the soothing sound of crashing waves. Yes, we are talking about Goa, India’s ultimate pocket-sized paradise. Whether you are searching for the best places to visit in Goa, looking for a thrill through water sports in Goa, or planning a peaceful retreat, this tiny coastal state offers something magical for every traveler.
Planning a trip here can feel overwhelming because there is simply so much to see and do. That is exactly why we created this ultimate Goa travel guide. With curated insights from seasoned travelers and local experts, this guide—along with the comprehensive trip-planning resources over at GoaOrbit.com—will help you craft the perfect tropical getaway.
Why Visit Goa?
Goa isn’t just a destination; it’s a mood. It is a unique geographical pocket where Indian traditions blend seamlessly with centuries-old Portuguese heritage. Travelers flock here to experience the relaxed “Susegad” lifestyle—a local Konkani term that translates to a laid-back, contented attitude toward life. From world-class nightlife to ancient spiritual sites, pristine eco-tourism spots, and mouth-watering seafood, a Goa vacation offers a sensory escape that stays with you long after the sand has washed off your shoes.
Destination Overview
Located on the southwestern coast of India within the Konkan region, Goa is bounded by Maharashtra to the north and Karnataka to the east and south, while the Arabian Sea frames its western coast.
Capital: Panaji (Panjim) Official Language: Konkani (English, Hindi, and Marathi are widely understood) Currency: Indian Rupee (INR) Ideal Trip Duration: 4 to 7 days Perfect For: Solo travel in Goa, a romantic honeymoon in Goa, a fun family trip to Goa, or budget backpacking adventures. Best Places to Visit in Goa
When exploring the places to visit in North Goa and the places to visit in South Goa, you will quickly realize the state has two distinct personalities. North Goa is loud, energetic, and historic, while South Goa is serene, scenic, and untamed.
Historical Forts & Churches
Aguada Fort: A 17th-century Portuguese fort standing tall against the Arabian Sea. The iconic lighthouse here offers spectacular panoramic views, making it one of the top places to visit in North Goa. Chapora Fort: Made famous by Bollywood cinema, these high ruins offer a breathtaking view of the Vagator shoreline, especially during sunset. Basilica of Bom Jesus: A UNESCO World Heritage site in Old Goa holding the mortal remains of St. Francis Xavier. Its baroque architecture represents the peak of Portuguese heritage. Se Cathedral: Located right across from the Basilica, this is one of the largest churches in Asia, celebrated for its magnificent Golden Bell. Nature & Wildlife
Dudhsagar Waterfalls: Translating to “Sea of Milk,” this four-tiered majestic waterfall cascades down the Western Ghats. It is accessible via an adventurous jeep safari through the Bhagwan Mahavir Wildlife Sanctuary. Sahakari Spice Plantation: Located in Ponda, this eco-tourism spot offers a sensory walk among aromatic spices like cardamom, vanilla, and nutmeg, followed by a traditional Goan buffet served on banana leaves. Things to Do in Goa
If you are wondering about the absolute best things to do in Goa, look beyond the beaches to experience the rich cultural tapestry of the region.
[ Adventure ] ------------> Scuba diving, Parasailing & Jet skiing | v [ Sightseeing ] -----------> Historic Portuguese Forts & Baroque Churches | v [ Experience ] -----------> Sunset Cruises, Spice Plantations & Night Markets Take a Mandovi River Sunset Cruise: Enjoy live Konkani folk dances, music, and panoramic views of Panaji illuminated at night as you sail down the river. Walk Through Fontainhas: The Latin Quarter of Panaji feels like an open-air museum. Walk past brightly colored 18th-century Portuguese houses with terracotta tiled roofs and wrought-iron balconies. Spot Dolphins: Head out on an early morning boat trip from Sinquerim or Varca beach to watch wild dolphins leap out of the Arabian Sea. North Goa vs South Goa Comparison
Choosing where to base your stay depends entirely on your travel style. Here is a quick breakdown to help you decide:
FeatureNorth GoaSouth GoaVibeHigh-energy, party-centric, bustlingPeaceful, laid-back, close to natureCrowdBackpacker groups, party lovers, shoppersHoneymooners, luxury travelers, familiesBeachesActive, commercialized, filled with beach shacksPristine, quiet, uncrowded, white sandsAttractionsHistoric forts, flea markets, vibrant clubsWaterfalls, heritage mansions, quiet coves Best Beaches in Goa
No trip is complete without exploring the best beaches in Goa. The coastline stretches for over 100 kilometers, offering unique coastal retreats.
North Goa Beaches
Calangute & Baga: The undisputed epicenters of tourism. These adjacent shores are packed with energetic beach shacks, endless rows of sunbeds, and a buzzing night scene. Anjuna & Vagator: Famed for their dramatic rocky cliffs, hippie legacy, and iconic beach clubs that host legendary sunset parties. Arambol: A bohemian paradise at the northernmost edge, popular among long-stay international backpackers, musicians, and yoga practitioners. South Goa Beaches
Palolem: A beautiful, crescent-shaped bay lined with colorful wooden beach huts and shaded by a dense grove of coconut palms. Colva & Benaulim: Endless stretches of powdery white sand, highly popular for a peaceful family trip to Goa. Agonda: A quiet, pristine beach designated as a nesting site for olive ridley sea turtles. Perfect for clear meditation and reading. Water Sports Guide
For thrill-seekers, participating in adventurous water sports in Goa is an absolute must-do activity.
+-------------------------------------------------------------+ | GOA WATER SPORTS GUIDE | +---------------------+---------------------------------------+ | Activity | Best Locations | +---------------------+---------------------------------------+ | Scuba Diving | Grande Island, Malvan Border | | Parasailing | Calangute, Baga, Anjuna | | Jet Skiing | Candolim, Calangute, Colva | | Kayaking & SUP | Sal Backwaters, Palolem Beach | +---------------------+---------------------------------------+ Scuba Diving & Snorkeling: Explore the thriving marine life and old shipwrecks around Grande Island under the supervision of certified PADI instructors. Parasailing: Soar high above the Arabian Sea for a bird’s-eye view of the beautiful coastline. Kayaking: For a gentler adventure, paddle peacefully through the quiet mangrove forests and calm backwaters of the Sal River. Goa Nightlife Guide
When the sun goes down, the energetic Goa nightlife wakes up. The state is world-famous for its open-air dance floors and lively night entertainment.
Iconic Nightclubs: Dance the night away at legendary spots like Club Cubana (the nightclub in the sky), Tito’s Lane in Baga, or Curlies in Anjuna. Offshore Casinos: Try your luck on the luxury floating casinos anchored in the Mandovi River, such as Deltin Royale or Majestic Pride, which offer endless entertainment, gourmet buffets, and games. Silent Noise Parties: Head down to Palolem Beach on Saturday nights, put on wireless headphones, and dance to your choice of DJ beats right under the starlight. Suggested Goa Itinerary
To get the absolute most out of your holiday, here is a balanced 4-day Goa itinerary that seamlessly covers heritage, adventure, and relaxation:
Day 1: Arrival & Exploring North Goa Culture. Land in Goa, check into your resort, and spend your afternoon walking through the colorful lanes of Fontainhas in Panaji. In the evening, watch the golden sunset from the historic ramparts of Aguada Fort. Day 2: Beach Hopping & Nightlife. Spend your morning enjoying water sports at Calangute Beach. Relax at a beach shack for lunch, catch the sunset at Vagator cliffs, and experience the lively nightlife at Tito’s Lane. Day 3: South Goa Serenity. Head south to visit the historic Basilica of Bom Jesus. Spend a relaxing afternoon walking along the pristine white sands of Colva Beach, and end your day with a peaceful dinner at Palolem Beach. Day 4: Nature & Departure. Take an early morning dolphin-spotting boat cruise. Visit a beautiful spice plantation in Ponda for a traditional lunch before heading to the airport or railway station for your journey home. Planning a longer stay or looking for a customized romantic trip? You can discover detailed, custom route layouts on GoaOrbit.com to match your travel style perfectly.
Best Time to Visit Goa
Choosing the right season ensures you get the exact vacation experience you are looking for.
November to February (Peak Season): The absolute best time to visit Goa. The weather is pleasantly cool, all beach shacks are fully operational, and the festive energy peaks with major Christmas and New Year celebrations. March to May (Summer Season): The weather gets hot and humid, but it is the perfect time for budget travelers to secure steep discounts on luxury resorts. The sea remains calm and perfect for scuba diving. June to October (Monsoon Season): The state transforms into a lush green paradise. While beach activities shut down due to rough seas, it is the best time for monsoon travel to see gushing waterfalls, enjoy white-water rafting, and experience peaceful eco-tourism. How to Reach Goa
Goa is exceptionally well-connected to major Indian cities and international hubs.
By Air: You can fly into Manohar International Airport (Mopa) in North Goa or Dabolim Airport in South Goa. Both serve regular domestic and international flights. By Train: The main railway stations are Madgaon (MAO) in South Goa and Thivim (THVM) in North Goa, well-connected by fast trains like the Rajdhani and Vande Bharat Express. By Road: Smooth national highways connect Goa to nearby major cities like Mumbai, Pune, and Bengaluru, making it ideal for a scenic road trip or overnight sleeper bus journey. Where to Stay
From budget hostels to ultra-luxury heritage villas, accommodation options here are incredibly diverse:
Luxury Resorts: Properties like The Leela, Taj Exotica, and W Goa offer world-class hospitality, private beach access, and infinity pools. Boutique Heritage Hotels: Stay in restored Indo-Portuguese villas nestled in quiet villages like Assagao or Saligao for an authentic cultural experience. Budget Hostels & Eco-Huts: Backpacker hostels like Zostel or colorful beach huts right on Palolem sand are perfect for solo travelers and budget backpackers. Local Food to Try
Goan cuisine is an aromatic celebration of local coconut, heavy spices, and fresh catches from the sea.
Goan Fish Curry Rice: The absolute staple food of the state—fresh fish cooked in a spicy, tangy coconut gravy served with hot steamed rice. Pork Vindaloo: A fiery, vinegar-infused traditional dish influenced heavily by Portuguese cooking styles. Chicken Xacuti: A rich, savory curry made with fresh grated coconut and roasted local spices. Bebinca: A delicious, multi-layered traditional Goan dessert made from egg yolks, coconut milk, flour, and pure ghee. Shopping in Goa
Take a piece of this coastal paradise back home with you by visiting the lively local markets:
Anjuna Flea Market: Held every Wednesday, this market is perfect for buying handmade jewelry, bohemian clothes, dreamcatchers, and quirky souvenirs. Mackie’s Night Bazaar: A lively Saturday night market featuring clothes, local handicrafts, live music stages, and international food stalls. Local Specialties: Don’t leave without picking up fresh Goan cashews, local Feni (a traditional spirit made from cashew apples), and authentic Goan spice mixes from the local markets in Mapusa or Panaji. Budget Planning Tips
Enjoying a fabulous Goa vacation does not have to break the bank. Follow these smart financial tips:
Rent a Scooter: Taxis can be quite expensive here. Renting a scooter or automatic scooter costs just ₹350 to ₹600 per day and gives you total freedom to explore. Eat at Local Dhabas and Shacks: Skip the high-end tourist restaurants and enjoy authentic local fish thalis at small village eateries for a fraction of the cost. Travel Off-Peak: Plan your trip during the shoulder months of October or March to get premium accommodation at nearly half the price. Travel Safety Tips
Goa is generally one of the safest tourist destinations in India, but keeping basic safety measures in mind ensures a smooth trip:
Respect the Sea: Always pay attention to the warning flags placed on beaches by lifeguards. Never swim after consuming alcohol or when red warning flags are flying. Drive Responsibly: Wear a helmet at all times when riding scooters, carry a valid driving license, and strictly avoid drinking and driving. Secure Your Belongings: Keep a close eye on your personal items at crowded night markets and busy beaches. Hidden Gems in Goa
If you want to escape the massive tourist crowds, head out to explore these secret, pristine locations:
[ Hidden Gems ] ├── Kakolem Beach (Secluded cove accessible via a cliff trek) ├── Butterfly Beach (Secret semi-circular bay famous for dolphin sightings) ├── Chorla Ghats (Misty, lush green mountain roads in the Western Ghats) └── Divar Island (A peaceful river island frozen in time, reached by ferry) Kakolem Beach: A secret, highly secluded cove hidden between steep cliffs, perfect for travelers seeking ultimate isolation. Butterfly Beach: A beautiful, secret semi-circular bay accessible only via a short boat ride or a trek through dense forest. It is famous for pristine sands and butterfly sightings. Divar Island: A peaceful river island located on the Mandovi River. Take a free government ferry ride to explore sleepy villages, ancient churches, and vintage Portuguese houses completely frozen in time. Responsible Tourism Tips
Help preserve the natural beauty of the state for future generations of travelers by practicing eco-conscious habits:
Say No to Plastic: Avoid leaving plastic bottles, wrappers, or cups on the beaches. Always discard trash in designated waste bins. Respect Marine & Wildlife: Keep a respectful distance from nesting sea turtles and avoid throwing trash or disturbing marine life during boat tours. Support Local Businesses: Buy your crafts, fresh produce, and services directly from local artisans, fishermen, and family-run guesthouses to support the local economy. Frequently Asked Questions
Which part of Goa is best for a family vacation?
South Goa is ideal for a peaceful family trip. Beaches like Colva, Benaulim, and Varca offer quiet sands, safe swimming conditions, and premium family-friendly luxury resorts away from loud party music.
How many days are enough to see the top places in Goa?
A duration of 4 to 5 days is perfect to explore the top places. It allows you to spend two days exploring the historic forts and vibrant markets of the north, and two days relaxing among the pristine beaches and nature sites of the south.
Is Goa safe for solo female travelers?
Yes, it is considered one of the safest tourist destinations in India for solo female travelers. The locals are hospitable and helpful. However, standard travel safety precautions like avoiding isolated areas late at night and using registered transport should always be followed.
What is the cheapest way to travel around locally?
Renting a geared or automatic scooter is the cheapest and most convenient option. Rental rates range between ₹350 to ₹600 per day depending on the season, excluding the cost of fuel.
When do the famous beach shacks open for the season?
Beach shacks are built from scratch every year after the monsoons. They generally open up by mid-November and remain fully operational until the end of April, before being dismantled for the rainy season.
Do I need to book water sports activities in advance?
During the peak winter season (December and January), it is highly recommended to book popular activities like scuba diving in advance. For standard rides like jet-skiing or parasailing, you can walk up directly to operators on major beaches like Baga or Calangute.
Key Takeaways
North Goa is perfect for historic sightseeing, water sports, and enjoying iconic nightlife. South Goa is best suited for white-sand beaches, ultimate relaxation, and exploring hidden natural gems. The ideal travel window is between November and February for great weather, or the monsoon season for beautiful green scenery. Always rent a scooter for affordable local travel, and remember to respect the local culture and fragile coastal environment. Conclusion
From the historic, winding lanes of Fontainhas to the vibrant beach shacks of Baga and the serene, untouched shores of Palolem, Goa is a coastal treasure trove waiting to be discovered. Planning the perfect getaway is all about balancing adventure with relaxation.
Now that you are armed with this comprehensive guide, you are ready to plan your dream vacation. For more expert insights, detailed route maps, accommodation recommendations, and booking tips, head over to GoaOrbit.com to start planning your perfect Goan escape today!
View the full article
Selecting the right hospital for aesthetic procedures is a major life decision. Today, looking for the best cosmetic hospitals in the world frequently takes patients across international borders. The rise of globalized healthcare has made cosmetic surgery abroad a highly accessible path for individuals seeking world-class medical expertise, advanced clinical technologies, and cost-effective treatment options.
Navigating international healthcare can feel overwhelming. This comprehensive patient guide breaks down the best countries for plastic surgery, provides transparent regional price comparisons, and offers practical toolkits to help you evaluate international hospitals and board-certified surgeons with confidence.
Why Patients Choose Cosmetic Surgery Abroad
Thousands of patients travel internationally each year for aesthetic medicine and reconstructive surgery. Understanding the primary drivers behind medical tourism can help you determine if traveling for care aligns with your personal goals.
Affordability Without Compromise: The most common driver is the significant difference in plastic surgery cost by country. Patients often find that premium care packages abroad cost a fraction of the price of the identical procedure in their home country, even when factoring in travel and lodging. Access to World-Class Specialists: Traveling allows patients to book consultations with the best cosmetic surgeons in the world—industry pioneers who specialize in specific, high-tech body contouring or facial surgery techniques. Immediate Availability: Many patients face lengthy waiting lists for elective procedures at home. International clinical networks frequently offer more flexible, immediate scheduling. Privacy and Discrete Recovery: Healing in a relaxing, neutral environment away from daily personal and professional responsibilities offers a level of privacy that many patients highly value. Best Countries for Plastic Surgery
Different regions have established global reputations for excellence in specific areas of aesthetic medicine and surgical care.
Turkey
Turkey has emerged as a premier hub for medical travel, recognized for high-volume surgical expertise and state-of-the-art facilities. It is globally renowned for advanced hair restoration and complex facial procedures. The country combines highly competitive pricing with comprehensive international patient packages.
South Korea
Often referred to as the cosmetic surgery capital of the world, South Korea leads the industry in innovative facial contouring, blepharoplasty, and advanced, minimally invasive procedures. Seoul’s highly competitive market ensures that local clinics utilize cutting-edge technology and meticulously refined surgical methods.
Thailand
Thailand offers a mature medical tourism infrastructure, characterized by massive, multi-specialty international hospitals that feel like luxury hotels. It is a top destination for body contouring, gender affirmation surgeries, and complex reconstructive surgery, backed by exceptional post-operative hospitality.
Mexico
For patients based in North America, Mexico offers an excellent blend of proximity and quality. Cities like Tijuana, Guadalajara, and Cancun feature accredited hospitals and highly experienced, bilingual surgical teams specializing in full-body transformations and post-bariatric surgeries.
Spain and the Czech Republic
For European travelers, Spain and the Czech Republic serve as regional benchmarks. Spain is highly regarded for premium breast and body contouring procedures, while Prague offers exceptionally safe, rigorously regulated European clinical standards at an accessible price point.
International Hospital Selection Guide
When evaluating international hospitals, safety and clinical quality must remain your absolute priorities. Do not base your decision solely on marketing brochures or social media imagery.
Look for Gold-Standard Hospital Accreditation
Reputable international clinics voluntarily undergo rigorous independent evaluations. Look for institutions accredited by recognized global bodies, such as Joint Commission International (JCI) or equivalent national healthcare quality monitoring systems. Accreditation ensures the facility strictly adheres to stringent infection control protocols, patient safety regulations, and modern surgical standards.
Evaluate International Patient Infrastructure
The best facilities feature dedicated international patient departments. These teams manage everything from language translation services and medical record transfers to airport logistics and coordinated local accommodation, ensuring your treatment planning process is seamless.
Utilize Comparison Platforms
Evaluating individual clinics across different continents can be exhausting. Utilizing dedicated independent comparison platforms like BestCosmeticHospitals.com allows you to transparently review verified institutional credentials, examine facility track records, and compare international clinical standards side-by-side.
Surgeon Selection Checklist
Your choice of surgeon is the single most critical factor determining the safety and aesthetic outcome of your procedure. Use this checklist to vet potential specialists before booking a pre-operative consultation.
Board Certification: Ensure the doctor is formally certified by their country’s official plastic surgery board (e.g., ASPS international members, ISAPS members, or local equivalents). Specialized Experience: Ask how many times the surgeon has performed your specific desired procedure within the past year. A great breast specialist may not necessarily be the ideal choice for a complex rhinoplasty. Transparent Before & After Portfolio: Request a comprehensive gallery of previous patient cases. Look for consistent, natural-looking results across diverse body types. Malpractice & Insurance Clarity: Confirm the surgeon’s standing with local medical regulatory boards and understand what insurance provisions cover their clinical practice. Treatment Cost Comparison by Country
Surgical fees vary widely across regions due to differing local economies, labor costs, and hospital overhead expenses. Below is an estimated cost comparison for primary cosmetic procedures across major medical tourism destinations.
CountryRhinoplasty CostLiposuction CostBreast AugmentationTummy Tuck CostHair Transplant CostUnited States$7,500 – $15,000$5,000 – $11,000$6,500 – $12,000$8,500 – $16,000$7,000 – $18,000Turkey$2,500 – $5,000$2,000 – $4,500$2,800 – $5,500$3,000 – $6,000$1,500 – $3,500Mexico$3,000 – $6,000$2,500 – $5,000$3,500 – $6,500$4,000 – $7,500$2,500 – $5,500Thailand$3,200 – $6,500$2,200 – $4,800$3,400 – $6,000$4,500 – $8,000$2,000 – $5,000South Korea$3,500 – $7,500$2,800 – $6,000$4,000 – $8,500$5,000 – $9,500$3,000 – $7,000Czech Republic$2,800 – $5,500$2,000 – $4,200$3,000 – $5,800$3,500 – $6,800$2,200 – $4,800 Popular Procedures: Overview, Benefits, and Timelines
Rhinoplasty
Overview: Surgical reshaping of the nasal structure to improve facial harmony or correct functional breathing issues. Key Benefits: Enhanced facial balance, corrected structural asymmetry, and improved respiratory airflow. Recovery Timeline: Initial swelling and bruising subside within 2 weeks. The refined, final structural shape takes 6 to 12 months to fully settle. Liposuction & Body Contouring
Overview: Targeted removal of stubborn localized fat deposits using specialized suction cannulas to refine body contours. Key Benefits: Eliminates exercise-resistant fat cells and sculpts key areas like the abdomen, flanks, and thighs. Recovery Timeline: Most patients return to light, non-strenuous work within 1 week. Compression garments must be worn consistently for 4 to 6 weeks. Breast Augmentation
Overview: Utilizing saline or cohesive silicone gel implants to enhance breast volume, shape, and overall symmetry. Key Benefits: Restores volume lost to pregnancy or aging, balances natural asymmetry, and enhances body proportions. Recovery Timeline: Normal daily physical routines can generally be resumed after 1 week. Full physical exercise and heavy lifting must be avoided for at least 6 weeks. Tummy Tuck (Abdominoplasty)
Overview: Surgical removal of excess abdominal skin and fat, frequently combined with the surgical repair of weakened or separated core muscles. Key Benefits: Flattens the abdominal profile, removes severe stretch marks, and restores core muscle wall integrity. Recovery Timeline: Walking upright may be difficult for the first 10 days. Patients typically require 3 to 4 weeks off from standard office work before returning to full mobility. Risks and Safety Considerations
Every surgical procedure carries inherent clinical risks. When traveling internationally, managing these risks requires careful planning and realistic expectations.
Surgical Risks: Potential complications include post-operative infection, hematoma, adverse anesthesia reactions, asymmetrical healing, or deep vein thrombosis (DVT) exacerbated by long-distance travel. The Travel Factor: Flying immediately after surgery increases blood clot risks. Always secure a formal, written clearance from your surgeon before boarding a return flight. Mitigation Strategy: Never hide your medical history. Disclose all current medications, allergies, and past surgeries during your digital consultations. Additionally, secure specialized medical travel insurance that explicitly covers elective cosmetic procedures and potential revision care abroad. Pre-Surgery Preparation & Post-Surgery Care
[6 Weeks Before] -> Stop Smoking & Avoid Blood-Thinning Supplements [2 Weeks Before] -> Complete Local Lab Tests & Clear Medical History Transfers [Surgery Day] -> In-Hospital Procedure & Initial Post-Op Monitoring [1-2 Weeks Post] -> Stay Local for Follow-Up Inspections & Suture Removal [6 Weeks Post] -> Gradual Return to Exercise Under Surgeon Guidance Pre-Operative Checklist
To ensure your body is prepared for surgery, avoid smoking, alcohol, and all anti-inflammatory medications or herbal supplements that thin the blood for at least four to six weeks before your flight. Ensure all primary medical evaluations, blood work, and clearance letters from your home physician are completely organized and shared with your international clinic well in advance.
Post-Operative Management
Healing does not end when you leave the operating room. Arrange for a trusted companion to travel with you, or coordinate dedicated medical nursing care through your hospital for the initial 72 hours post-surgery. Strictly follow all prescription protocols for antibiotics and pain management, keep your surgical incisions meticulously clean, and attend every scheduled local follow-up appointment before returning home.
Medical Tourism Planning Tips: Avoiding Common Mistakes
Don’t Rush the Return Flight: Plan to stay in your destination country for at least 7 to 14 days post-surgery, depending on the complexity of the procedure, to ensure initial healing goes smoothly. Verify All Hidden Costs: Ensure your initial financial quote clearly outlines hospital fees, anesthesia fees, post-op medications, surgical garments, and follow-up checks so you don’t face unexpected expenses. Establish Local Continuity of Care: Before you travel, identify a board-certified plastic surgeon or trusted general practitioner in your home city who is willing to manage your long-term healing evaluations or address any minor post-travel healing questions. Frequently Asked Questions
1. Is it safe to undergo cosmetic surgery abroad?
Yes, international surgery is safe provided you select fully accredited, JCI-recognized hospitals and check that your specialist is an active member of professional bodies like ISAPS.
2. How can I verify if an international cosmetic surgeon is qualified?
Always request proof of their formal board certification in plastic surgery, read independent patient reviews across multiple platforms, and look up their medical license registration status with their country’s Ministry of Health.
3. What happens if I experience complications after returning home?
Before booking your trip, establish a clear post-operative plan with your international surgeon. Purchasing specialized medical travel insurance helps cover the costs of unexpected corrective care or local follow-up treatments if needed.
4. Why is plastic surgery so much cheaper in countries like Turkey or Mexico?
Lower prices are driven by lower local living costs, reduced hospital overheads, favorable currency exchange rates, and administrative efficiencies—not a reduction in clinical quality or safety standards.
5. Can I travel alone for an international cosmetic procedure?
While possible for minor treatments, it is highly recommended to travel with a companion or book a dedicated post-operative care package for major procedures like a tummy tuck or body contouring.
6. How long must I wait after surgery before flying home?
For minor facial procedures or hair transplants, patients can often travel within 3 to 5 days. Major body surgeries usually require waiting 10 to 14 days to minimize the risk of Deep Vein Thrombosis (DVT).
7. Will the hospital staff speak English?
Reputable international clinics catering to medical tourists provide fluent, English-speaking medical staff or assign dedicated personal translators to guide you through every step of your treatment.
8. How do I start planning my international medical trip?
You can begin by using independent resource platforms like BestCosmeticHospitals.com to research accredited clinics, read patient reviews, and easily request direct, transparent consultations from verified global specialists.
Key Takeaways
Prioritize Safety Over Price: Hospital accreditations (like JCI) and verifiable surgeon credentials must always take priority over finding the absolute lowest price. Plan for Realistic Timelines: Factor a comfortable 7 to 14-day local recovery window into your travel itinerary before booking your return flight. Maintain Clear Communication: Use initial virtual consultations to ask detailed questions about potential risks, hidden fees, and post-operative care expectations. Conclusion & Next Steps
Traveling for aesthetic care can be an empowering, life-changing experience that connects you with exceptional clinical talent and affordable treatment options. By prioritizing thorough research, maintaining realistic expectations, and focusing on certified medical excellence, you can confidently navigate your journey toward achieving your personal aesthetic goals.
Ready to take the next step in your research? Visit BestCosmeticHospitals.com to discover accredited international clinics, view verified surgeon profiles, compare treatment costs, and securely request personalized consultations with top-rated cosmetic medical specialists around the world.
View the full article
Two of Apple's retail stores in the U.S. will be relocating later this month, although they will only be a short distance from their existing locations.

Apple Renaissance at Colony Park
Apple Queens Center in Elmhurst, New York is moving to a temporary location in the shopping mall on Friday, July 17 at 10 a.m. local time, presumably to allow for renovations to be completed at the existing store over the coming months.

Apple Renaissance at Colony Park in Ridgeland, Mississippi is moving to a new spot within the same shopping center on Friday, July 24 at 10 a.m. local time. Apple's new storefront will be located right in front of the Show Fountain.Tag: Apple Store
This article, "Two Apple Stores in U.S. Are Moving Soon" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple's Mail app is getting some useful updates in iOS 27, with Apple making big improvements to search and introducing new AI features.


Search

‌iOS 27‌ has an overhauled search system that extends to the Mail app. Instead of surfacing results based on keywords and recency, Mail app search ranks results by relevance and intent. Search results that come up in Mail are more relevant than before, so you find exactly what you're looking for.

If you search for "Sprouts" because you want to find a recent order, it'll show your order before it shows marketing emails you might have from the same retailer.

Siri AI

The Mail app has a built-in "Ask Siri" feature. Long press on any email and you can ask ‌Siri‌ to summarize, find an item in the email, track a package, get a flight number, save a photo, and more.

Once you get a response, you can swipe down to enter the ‌Siri‌ interface for asking follow-up questions. Conversations are logged in the ‌Siri‌ app.

‌Siri‌ can complete tasks in the Mail app too, like deleting all emails from a specified sender or adding information from an email to your Reminders list.

Writing Tools

The Mail app has a Write with ‌Siri‌ interface above the keyboard, which you can tap to get writing help. ‌Siri‌ can draft an email for you, check over an email you've written, help you reword an email, change the style of the email, or give you writing tips.

Write with ‌Siri‌ is able to match your standard writing style, punctuation, and tone, so emails sound more like you and less like AI.

Your iPhone also now flags both typos and grammar errors while you write.

Smart Reply

Smart Replies that your iPhone suggests to you are now tuned to your writing style, which means the one-tap suggestions sound like things you might actually type.

Contextual Suggestions

The contextual suggestions that you see at the top of the Mail app are now available to third-party apps, plus Apple has revamped the design.

An email that includes a flight time or a restaurant reservation has a one-tap button for adding it to the Calendar app. An email with directions may let you see the route in Maps, and emails with tracking information can be tracked with the Wallet app.

Call Context

Call Context is a feature that works between the Mail app and the Phone app. When you call a business like an airline or a retailer where you have a relevant email, the Phone app will show information pulled from that email.

You might see it bring up a reservation number for a flight, or an order number for a call with a retailer. Call Context works on-device, looking at who you're calling and not call audio.

Performance Improvements

Messages in Mail load faster, search indexing is more reliable, and unread badges between platforms like iOS and macOS sync more reliably. Apple also updated list formatting.

Requirements

The Mail app search improvements are available on all iPhones that run ‌iOS 27‌, but AI features like ‌Siri‌ AI integration, Write with ‌Siri‌, Call Context, and Contextual Suggestions require an iPhone that supports Apple Intelligence.

‌Siri‌ AI is not available in the European Union or China, and Contextual Suggestions are English-only at launch.Related Roundups: iOS 27, iPadOS 27
This article, "iOS 27: What's New With the Mail App" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
The following is the list of F5 Distributed Cloud Services technical knowledge updates:
IP addresses and domains
Updated the F5 Distributed Cloud Services IP Address and Domain Reference for Firewall or Proxy Settings guide. Added new static IP addresses for the F5 Global Controller SSO egress traffic.
View the full article
Apple today accused OpenAI of stealing Apple trade secrets and intellectual property in its effort to develop an AI hardware device.


In a lawsuit filed with the Northern District of California, Apple said it uncovered evidence of a months-long scheme to steal confidential information. Apple says OpenAI hardware lead and former Apple designer Tang Tan and former electrical engineer Chang Liu directed Apple employees interviewing with OpenAI to provide details on unreleased devices, components, manufacturing processes, and vendor relationships.

In a statement to MacRumors, Apple said it is suing to protect the hard work of its employees.

Tan is accused of using his internal knowledge of Apple's exit procedures to help employees covertly deliver information, and giving OpenAI key information about Apple suppliers that has benefited OpenAI's work on an AI device. From the lawsuit:

Apple says it discovered a pattern of OpenAI recruits emailing themselves confidential information when leaving Apple, including Tan. Others were "improperly using their knowledge of Apple's confidential and trade secret information to assist OpenAI in developing hardware." OpenAI apparently used confidential Apple hardware information when approaching Apple suppliers, and tricked one company into using a "specific trade secret metal-finishing technique" for an OpenAI device by claiming it had Apple's permission to do so.

Apple says evidence on an employee's work-issued device indicates Tan instructed her to "bring some parts" she worked on to an interview, suggesting she show OpenAI batteries, SIPs, logic boards, and other hardware. It was not an isolated incident, and Apple claims several OpenAI interviewees were asked to do the same.

Liu allegedly kept an Apple-issued laptop after departing the company and exploited a vulnerability to download dozens of confidential Apple documents while he was working at OpenAI. He also maintained a relationship with Yu-Ting "Alyssa" Peng, an Apple employee who continued to give him updates on Apple's projects, vendor decisions, and engineering details. When Liu learned he still had access to Apple's systems, he texted Peng "LOL, I found out I can access the [network storage], so funny."

Apple accuses OpenAI leadership of creating a culture of hardware theft, and says OpenAI's hardware business is "rotten to its core" because of its reliance on information stolen from Apple.

Apple attempted to contact OpenAI in February when it first learned of the potential theft, but OpenAI did not respond, leading Apple to investigate further. Apple claims OpenAI is under pressure to debut a hardware device, which has led to the company taking shortcuts instead of investing in legitimate development. "OpenAI has turned to trade secret misappropriation to free-ride off Apple's decades of innovation," reads the lawsuit.

Former Apple design chief and OpenAI designer Jony Ive is not named in the suit, but it does target io Products, which OpenAI acquired. While OpenAI CEO Altman is referenced, he isn't named as a defendant, and Apple doesn't suggest Ive or Altman were involved. Apple also does not appear to be targeting the ongoing OpenAI recruitment of Apple staff, though the lawsuit mentions that more than 400 former Apple employees now work at OpenAI.

Apple mentions its ongoing partnership with OpenAI for Siri ChatGPT integration, but only to say that the agreement is not an issue in the lawsuit.

Prior rumors suggest the relationship between Apple and OpenAI has been souring, with OpenAI allegedly considering a lawsuit against Apple because the integration failed to live up to OpenAI's expectations and Apple's promises.

In its trade secret theft lawsuit, Apple is seeking an injunction to stop OpenAI from possessing, using, or disclosing its technologies as well as damages "in an amount to be determined at trial." It is also suing Tan and Liu for breach of contract for violating their agreements with Apple.Tags: Apple Lawsuits, OpenAI
This article, "Apple Sues OpenAI for Stealing Trade Secrets to Build AI Hardware" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple's annual iPhone event is just two months away, but we're still not quite clear on when and in what quantities the new foldable "iPhone Ultra" will be available. It sounds like we could end up in a situation similar to that of the iPhone X where it was introduced at the September event but didn't become available for pre-orders until around six weeks later.


Other news this week included a third round of developer betas for iOS 27 and related updates, some fresh iPhone 18 Pro rumors, a recap on where things stand with the next-generation Apple TV, and more, so read on below for all of the details!

Top Stories

'iPhone Ultra' Likely to 'Repeat the iPhone X Story' With Delayed Launch

Apple will likely "repeat the iPhone X story" by unveiling its foldable iPhone at the same time as the iPhone 18 Pro and iPhone 18 Pro Max, but starting foldable iPhone pre-orders at a later date, according to analyst Ming-Chi Kuo.


Kuo this week said manufacturing challenges have limited early production of the foldable iPhone, which will reportedly be named iPhone Ultra. As a result, he believes the device may launch at some point after the iPhone 18 Pro models.

In 2017, Apple unveiled the iPhone 8, iPhone 8 Plus, and iPhone X on September 12. iPhone 8 and iPhone 8 Plus pre-orders began just three days later, while iPhone X pre-orders began six weeks later on Friday, October 27. Likewise, Kuo believes the foldable iPhone may not be available to pre-order until the fourth quarter of 2026.

Everything Coming in the 2026 Apple TV 4K

The Apple TV 4K hasn't been updated since 2022, and it's due for a refresh. An update is planned for 2026, but Apple is likely going to wait to launch it until Siri AI launches in iOS 27.


Check out our recap of everything we're expecting for the next iteration of Apple's set-top box, from specs and feature support to pricing and a launch date.

Everything New in iOS 27 Beta 3

Apple is continuing to refine iOS 27 ahead of its planned September launch, and the third developer beta released this week includes several new features. Siri is more customizable, there's a fun new wallpaper action, and there are some useful improvements to Photos and Shortcuts.


On the Mac side, the new macOS beta includes gorgeous new Golden Gate-themed wallpapers that can also serve as screen savers.

Public betas of the upcoming releases will be available sometime this month.

Apple Intelligence Home Features Require 2TB iCloud+ Plan in iOS 27

Using Apple Intelligence camera features in the Home app will require an iCloud+ plan starting at 2TB, according to Apple.


In iOS 27, iPadOS 27, and macOS 27 Golden Gate, the Home app is able to generate written summaries for motion alerts from HomeKit Secure Video cameras. It's also able to group footage from separate cameras for an overview of activity and pull out noteworthy recordings, plus it supports natural language search.

Apple said at WWDC that some ‌Apple Intelligence‌ features would require an ‌iCloud‌+ plan, but it hadn't specified which tier users would need to subscribe to. For the Home features, users will need the $9.99/month 2TB ‌iCloud‌+ plan or better.

iPhone 18 Pro Battery Capacities Revealed by Regulatory Filings

New Chinese regulatory certification filings appear to confirm the battery capacities of Apple's upcoming iPhone 18 Pro and ‌iPhone 18 Pro‌ Max models.


According to filings in China's C3 database, spotted earlier this week by the leaker known as "Digital Chat Station" on Weibo, the ‌iPhone 18 Pro‌ is seemingly rated for 4,056mAh in China and 4,288mAh in the U.S., up modestly from the iPhone 17 Pro's 3,988mAh and 4,252mAh. The ‌iPhone 18 Pro‌ Max shows a bigger jump, rated for 5,391mAh in China and 5,567mAh in the U.S., compared with 4,823mAh and 5,088mAh on the ‌iPhone 17 Pro‌ Max, an increase of nearly 500mAh.

The foldable "iPhone Ultra" will reportedly include two battery cells registering at 1,921mAh and 2,962mAh, for a combined minimum rated capacity of 4,883mAh.

When is Apple's 2026 Back to School Offer?

It is now July and we are still waiting for Apple to begin its annual Back to School offer in countries like the U.S. and Canada — if it is still coming. In the U.S., Apple launched its Back to School offer in June from 2020 through 2025, but it has waited until July in the more distant past.


Last year, college students and educational staff could receive a free accessory like AirPods 4 or an Apple Pencil Pro with the purchase of a qualifying Mac or iPad model. It is unclear what Apple plans to offer this year, but given the company recently raised prices on all Macs and iPads, this year's promotion would be rather bittersweet.

MacRumors Newsletter

Each week, we publish an email newsletter like this highlighting the top Apple stories, making it a great way to get a bite-sized recap of the week hitting all of the major topics we've covered and tying together related stories for a big-picture view.

So if you want to have top stories like the above recap delivered to your email inbox each week, subscribe to our newsletter!Tag: Top Stories
This article, "Top Stories: 'iPhone Ultra' and Apple TV Rumors, iOS 27 Beta 3, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/[email protected], came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version wasView the full article
Apple accounted for roughly 90% of all Edge AI-capable smartwatch shipments in the first quarter of 2026, according to new data from Counterpoint Research.


That dominance came as Edge AI penetration across the broader smartwatch market grew 70% year-over-year, reaching 25% in the first quarter of 2026, according to Counterpoint's Global Smartwatch Shipments Tracker.

"Edge AI" refers to artificial intelligence that runs directly on a device's own chip rather than being processed on remote servers. On the Apple Watch, that means the onboard Neural Engine handles tasks like recognizing an irregular heartbeat or detecting a fall in the moment, without sending data to a paired iPhone or the cloud first. Anshika Jain, Principal Analyst at Counterpoint Research, said:



Health and fitness monitoring remains the main use case for Edge AI on smartwatches. Counterpoint's data shows blood pressure monitoring shipments doubling and sleep apnea detection tripling year over year, with brands now apparently setting their sights on diabetes detection next.

Apple's head start traces back to 2023, when it introduced the S9 chip with a 4-core Neural Engine built specifically for on-device machine learning in the Apple Watch. Huawei only followed with comparable silicon in 2025, launching its own Kirin W80 chip to power its "Celia" voice assistant locally, and Qualcomm isn't entering the race until this year with its Snapdragon Wear Elite platform. Google is also said to be readying its own Tensor-based wearable chip, though it has yet to ship.

Counterpoint notes that a software-driven alternative to dedicated NPUs is also emerging, with Ambiq's Apollo platform running AI inference on vector-core silicon via Arm's Helium extensions rather than purpose-built neural hardware. This approach remains a niche compared to Apple's dedicated-chip strategy, but it could eventually help cheaper smartwatches offer some Edge AI features without the silicon Apple has spent years building into its devices.

Counterpoint only classifies a smartwatch as Edge AI-capable if it has a neural engine or NPU on board and at least one of its health, safety, or interaction features actually runs its inference on that chip, rather than merely including the hardware.Related Roundup: Apple Watch 11Tag: CounterpointBuyer's Guide: Apple Watch (Caution)
This article, "Apple Watch Accounts for 90% of AI Smartwatch Shipments" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a "credible external security threat." The company has temporarily disabled access to the affected accounts, a step it says it took "out of an abundance of caution" while it works with internal and external securityView the full article
On this week's episode of The MacRumors Show, we discuss the future of Apple's increasingly tangled high-end MacBook lineup, including the entry-level MacBook Pro and the rumored "MacBook Ultra."

Subscribe to The MacRumors Show YouTube channel for more videos
Apple's chip roadmap for the Mac is reportedly set to take an unusual turn over the next year. The company is said to be skipping the M6 Pro and M6 Max entirely, jumping from the M5 generation straight to the M7 for its high-end laptops. A standard M6 chip will still arrive this year in an entry-level ‌MacBook Pro‌, but there will apparently be no Pro or Max variant in that family.

As a result, Apple's first high-end OLED laptop will use the existing M5 Pro and M5 Max chips rather than newer silicon. First-generation buyers would therefore be paying a premium for a redesigned machine featuring the same processors already found in the current ‌MacBook Pro‌, with M7 Pro and M7 Max models expected to follow in the second half of 2027.

The launch window remains fluid. The device was long expected to arrive in late 2026, but memory chip constraints and Apple's recent price increases have pushed it toward early 2027. A second-generation model with M7 chips is already planned for late 2027, meaning the first Ultra could remain on sale for a relatively short window.

The overlapping releases make for a crowded and confusing roadmap. Across roughly a year, Apple is expected to ship a base M6 ‌MacBook Pro‌, a redesigned base M7 model in the first half of 2027, two M5 Pro and M5 Max MacBook Ultra models, their eventual M7 Pro and M7 Max successors, and perhaps new high-end ‌MacBook Pro‌ models with the M7 Pro and M7 Max. Notably, the entry-level M7 model is set to get the new design first, ahead of the pricier high-end ‌MacBook Pro‌ models.

The headline changes are reserved for the top-tier "Ultra" model. It is expected to be the first Mac with an OLED display, using the same hybrid tandem ‌OLED‌ technology as the iPad Pro, along with the first touchscreen on a Mac, a Dynamic Island in place of the notch, and a thinner chassis. Both 14-inch and 16-inch sizes are expected. Built-in cellular connectivity for the first time on a Mac is also rumored.

Apple is reportedly positioning touch as "touch-friendly, not touch-first," letting users move between touch, trackpad, and keyboard rather than treating the Mac like an iPad. That marks a reversal for a company that long resisted the idea. Steve Jobs argued in 2010 that vertical touchscreens cause arm fatigue, and as recently as 2021 hardware chief John Ternus said the Mac was "totally optimized for indirect input."

Signs of the shift are already visible in macOS 27 Golden Gate, which adds direct touch control to Sidecar, so users can tap and interact with macOS elements using a finger on an ‌iPad‌. A reinforced hinge is also expected, so the display does not wobble when tapped.

Pricing is likely to be steep. Apple raised prices across the Mac lineup in June, and the current 14-inch ‌MacBook Pro‌ now starts at $1,999, rising to $2,499 with the M5 Pro chip and $4,099 for an M5 Max. The 16-inch M5 Max reaches $4,399, and a fully specced configuration already exceeds $10,000. The high-end ‌OLED‌ model is expected to start higher still.

The MacRumors Show has its own YouTube channel, so make sure you're subscribed to keep up with new episodes and clips.

Subscribe to The MacRumors Show YouTube channel!

You can also listen to ‌The MacRumors Show‌ on Apple Podcasts, Spotify, Overcast, or other podcast apps. You can also copy our RSS feed directly into your player.



If you haven't already listened to the previous episode of The MacRumors Show, catch up to hear our discussion about the latest leaks and rumors surrounding the iPhone 18 Pro.

Subscribe to ‌The MacRumors Show‌ for new episodes every week, where we discuss some of the topical news breaking here on MacRumors, often joined by interesting guests such as Kayci Lacob, Kevin Nether, John Gruber, Mark Gurman, Jon Prosser, Luke Miani, Matthew Cassinelli, Brian Tong, Quinn Nelson, Jared Nelson, Eli Hodapp, Mike Bell, Sara Dietschy, iJustine, Jon Rettinger, Andru Edwards, Arnold Kim, Ben Sullins, Marcus Kane, Christopher Lawley, Frank McShan, David Lewis, Tyler Stalman, Sam Kohl, Federico Viticci, Thomas Frank, Jonathan Morrison, Ross Young, Ian Zelbo, and Rene Ritchie.

‌The MacRumors Show‌ is on X @MacRumorsShow, so be sure to give us a follow to keep up with the podcast. You can also email us at [email protected] or head over to The MacRumors Show forum thread. Remember to rate and review the podcast, and let us know what subjects and guests you would like to see in the future.Related Roundup: MacBook ProTags: MacBook Ultra, The MacRumors ShowBuyer's Guide: MacBook Pro (Buy Now)Related Forum: MacBook Pro
This article, "The MacRumors Show: Goodbye MacBook Pro? MacBook Ultra Is Coming" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Researchers at firmware security firm Binarly have found six new flaws in U-Boot, the small program that starts up hardware as varied as home routers, smart cameras, and the management chips inside data-center servers. Four of the bugs can crash a device. The other two could let an attacker who slips a malicious image in front of the bootloader run their own code, before the deviceView the full article
Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card's password to anything the attacker picks. No old password. No backup card. Once it is reset, whoever did it controls the wallet and can move the coins out. This is not an emergency for most owners. The attack needsView the full article
Members of the European Parliament (MEPs) have failed to block a proposal extending the mass scanning of private communications, a measure they have previously rejected twice.
This time too, more votes were cast against the proposal than in favor, but due to the absence of numerous MEPs on the eve of the summer recess, the motion to reject did not attain the necessary absolute majority. The proposal passed by default.
Similarly, an amendment to require warrants for the scanning received more votes in favor than against, but failed to attain the necessary absolute majority to pass.
The so-called Chat Control 1.0 law will now be extended through 2028.
According to its supporters, the measure can be seen as a vital component in the fight against the sexual abuse of children, while opponents see it as a move to restrict privacy.
This has been a long-running battle within the European Union. Last November, the European Commission put a halt to proposals for large-scale monitoring and proposed a voluntary approach. This has now changed. Under the new measure, service providers will be able to scan private messages without a warrant. This affects direct messages on platforms including Discord, Skype, Instagram, Snapchat, and Xbox, as well as emails sent via Google’s Gmail and Apple’s iCloud. Encrypted services like WhatsApp remain unaffected.
“Today’s vote on the interim regulation was a setback, but the political battle over the permanent ‘Chat Control 2.0’ is just getting started. The resistance we saw in Parliament today was so strong that finding a majority for permanent, suspicionless mass scanning in future negotiations is a complete pipe dream,” wrote Patrick Beyer, a long-standing critic of the proposal and a former MEP himself.
In November, he warned that enterprises could be affected by the measure. “For a corporation, a ‘false positive’ could mean that confidential internal documents, code, or strategic plans are flagged and sent to external authorities or police forces without the company’s knowledge.”
Discussions on a permanent solution to the issue are continuing, with some firmly entrenched views on both sides. “The core dispute between the EU Parliament, member state governments, and the EU Commission remains the scanning of private chats: should it be indiscriminate, or targeted at criminal suspects?” wrote Beyer.
View the full article
Members of the European Parliament (MEPs) have failed to block a proposal extending the mass scanning of private communications, a measure they have previously rejected twice.
This time too, more votes were cast against the proposal than in favor, but due to the absence of numerous MEPs on the eve of the summer recess, the motion to reject did not attain the necessary absolute majority. The proposal passed by default.
Similarly, an amendment to require warrants for the scanning received more votes in favor than against, but failed to attain the necessary absolute majority to pass.
The so-called Chat Control 1.0 law will now be extended through 2028.
According to its supporters, the measure can be seen as a vital component in the fight against the sexual abuse of children, while opponents see it as a move to restrict privacy.
This has been a long-running battle within the European Union. Last November, the European Commission put a halt to proposals for large-scale monitoring and proposed a voluntary approach. This has now changed. Under the new measure, service providers will be able to scan private messages without a warrant. This affects direct messages on platforms including Discord, Skype, Instagram, Snapchat, and Xbox, as well as emails sent via Google’s Gmail and Apple’s iCloud. Encrypted services like WhatsApp remain unaffected.
“Today’s vote on the interim regulation was a setback, but the political battle over the permanent ‘Chat Control 2.0’ is just getting started. The resistance we saw in Parliament today was so strong that finding a majority for permanent, suspicionless mass scanning in future negotiations is a complete pipe dream,” wrote Patrick Beyer, a long-standing critic of the proposal and a former MEP himself.
In November, he warned that enterprises could be affected by the measure. “For a corporation, a ‘false positive’ could mean that confidential internal documents, code, or strategic plans are flagged and sent to external authorities or police forces without the company’s knowledge.”
Discussions on a permanent solution to the issue are continuing, with some firmly entrenched views on both sides. “The core dispute between the EU Parliament, member state governments, and the EU Commission remains the scanning of private chats: should it be indiscriminate, or targeted at criminal suspects?” wrote Beyer.
View the full article
The bill of materials for the iPhone 18 Pro Max is expected to rise by nearly $300 compared to the iPhone 17 Pro Max, according to a new Counterpoint Research analysis.


The estimate covers the 1TB storage model. NAND flash costs for the device are said to exceed $250 on their own, a figure that would cover roughly half of the ‌iPhone 17 Pro‌ Max's entire estimated component cost. DRAM pricing is also climbing sharply, with both components facing pressure from a broader memory chip shortage tied to surging demand for AI hardware.

Apple's expected shift to a 2nm chip is described as the second-largest contributor to the cost increase. The ‌iPhone 18 Pro‌ is rumored to debut the A20 Pro, manufactured on TSMC's N2 process, which reportedly carries a steep premium in wafer pricing over the current N3P node used for the A19 Pro. Early yield ramp costs on a new process node typically add to per-unit chip pricing as well.

Counterpoint says display costs and other miscellaneous components may actually decline compared to the ‌iPhone 17 Pro‌ Max, partially offsetting the memory and chip increases. Camera costs are expected to rise slightly, which the firm attributes to new technology, likely a reference to the variable-aperture main camera rumored for the Pro models.



The report arrives weeks after Apple raised prices on 14 products, including every Mac and iPad, along with the Apple TV, HomePod, HomePod mini, and Vision Pro. Apple attributed those increases to the same memory chip shortage cited in the Counterpoint report, saying that the "supply-demand imbalance" driven by AI data center buildouts had made further price increases necessary. iPhone, Apple Watch, and AirPods pricing was left unchanged in that round of hikes, but the ‌iPhone 18 Pro‌ lineup is widely expected to be next.

The Wall Street Journal previously reported that the ‌iPhone 18 Pro‌ could start as high as $1,399, citing estimates that Apple's DRAM cost per unit could climb from $39 to $145 and its flash storage cost from $13 to $51. Apple CEO Tim Cook told the outlet that the company is "still working through" which devices will see price increases. Separately, IDC has estimated a $200 increase to the Pro and Pro Max models specifically, while Weibo leakers have separately suggested Apple could raise its Chinese starting price for the lineup by around 11%.

To manage the higher costs without giving up margin entirely, Apple is expected to apply different retail price increases across storage tiers rather than a flat increase across the lineup, concentrating the impact on higher-capacity models. Even with an average $200 retail price rise, Counterpoint still expects the ‌iPhone 18 Pro‌ Max to land at a slightly lower gross margin than the ‌iPhone 17 Pro‌ Max achieved in 2025.

The ‌iPhone 18 Pro‌ and ‌iPhone 18 Pro‌ Max are expected to launch alongside Apple's first foldable iPhone in the fall.Related Roundup: iPhone 18 ProTag: Counterpoint
This article, "iPhone 18 Pro Max Component Costs Could Rise Nearly $300" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Security company CrowdStrike has identified five new prompt injection techniques that could leave enterprises at risk. Prompt injections attacks exploit the growing use of AI within organizations . They work by tricking LLMs into accepting instructions that a human operator would recognize as dubious.
The five new types of attack that CrowdStrike has added to its prompt injection taxonomy are:
Trigger-Activated Rule Addition in which an attacker adds a new rule that looks innocuous at first, but can be triggered later to cause strange behavior within the model.
Cognitive Token Suppression,a way to circumvent built-in safety measures by shifting the model’s linguistic choices away from established refusal patterns.
Algorithmic Payload Decomposition,or delivering a message in multiple stages each of which appears innocent but that, when combined, can be assembled into a single command that is more threatening.
Special Token Injection, an attack that can be compared to the embedding of counterfeit “control switches” within normal instructions. Attackers look to introduce confusion that tricks the model into elevating untrusted user content to the status of a high-priority system directive.
Unwitting User Context-Data Injection, an exploit that draws on the boundary between trusted data and executable instructions, tricking the user into introducing malicious instructions as part of the context data for the LLM.  The prompt may be harmless: The malicious instruction is hidden inside the surrounding context data. It works when a user uploads a document, forwards an email or adds content that is later processed by AI.
Security teams can guard against such attacks in several ways, CrowdStrike said, including threat modeling every place that model context can originate, expanding testing, and extending detection engineering to include composite attacks.
View the full article
Security company CrowdStrike has identified five new prompt injection techniques that could leave enterprises at risk. Prompt injections attacks exploit the growing use of AI within organizations . They work by tricking LLMs into accepting instructions that a human operator would recognize as dubious.
The five new types of attack that CrowdStrike has added to its prompt injection taxonomy are:
Trigger-Activated Rule Addition in which an attacker adds a new rule that looks innocuous at first, but can be triggered later to cause strange behavior within the model.
Cognitive Token Suppression,a way to circumvent built-in safety measures by shifting the model’s linguistic choices away from established refusal patterns.
Algorithmic Payload Decomposition,or delivering a message in multiple stages each of which appears innocent but that, when combined, can be assembled into a single command that is more threatening.
Special Token Injection, an attack that can be compared to the embedding of counterfeit “control switches” within normal instructions. Attackers look to introduce confusion that tricks the model into elevating untrusted user content to the status of a high-priority system directive.
Unwitting User Context-Data Injection, an exploit that draws on the boundary between trusted data and executable instructions, tricking the user into introducing malicious instructions as part of the context data for the LLM.  The prompt may be harmless: The malicious instruction is hidden inside the surrounding context data. It works when a user uploads a document, forwards an email or adds content that is later processed by AI.
Security teams can guard against such attacks in several ways, CrowdStrike said, including threat modeling every place that model context can originate, expanding testing, and extending detection engineering to include composite attacks.
View the full article
Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if successfully exploited, could enable credential theft, privilege escalation, and arbitrary code execution on the host. A brief description of the high-severity vulnerabilities is as follows - GHSA-hjr6-g723-hmfm (CVSS score: 8.8) - An operating systemView the full article
There are a few solid low prices on Apple devices available this week, including $99 off the Apple Watch Ultra 3, $150 off the M5 MacBook Air, and $450 off the M5 Pro MacBook Pro. You'll also find great deals on Anker accessories available on Amazon right now.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Apple Watch Ultra 3


What's the deal? Take $99 off Apple Watch Ultra 3
Where can I get it? Amazon
Where can I find the original deal? Right here
$99 OFFApple Watch Ultra 3 for $699.99

Amazon this week has a few deals on the Apple Watch Ultra 3, providing $99 discounts on select models. We did track these models at $149 off during Prime Day this year, but those discounts are long gone and Amazon's prices today are still solid second-best options for anyone who missed those sales in June.

MacBook Pro


What's the deal? Take $450 off M5 Pro MacBook Pro
Where can I get it? Best Buy
Where can I find the original deal? Right here
$450 OFF14-inch M5 Pro MacBook Pro (24GB/2TB) for $2,549.00

You can get the 24GB/2TB 14-inch M5 Pro MacBook Pro for $2,549.00 this week at Best Buy, down from the new price of $2,999.00. This is one of the last few remaining Apple devices remaining at pre-hike prices, and we're not expecting the sale to last much longer.

MacBook Air


What's the deal? Take $150 off M5 MacBook Air
Where can I get it? Amazon
Where can I find the original deal? Right here
$150 OFF13-inch M5 MacBook Air (16GB/1TB) for $1,449.00
$150 OFF15-inch M5 MacBook Air (16GB/1TB) for $1,649.00

Amazon is taking $150 off multiple models of the M5 MacBook Air, including deals on both 13-inch and 15-inch models. These are some of the lowest prices we've seen on the notebooks in the wake of Apple's price hikes last month.

Anker


What's the deal? Save on Anker accessories
Where can I get it? Amazon
Where can I find the original deal? Right here
$50 OFFAnker Prime 3-in-1 Wireless Charging Station for $99.74

Anker's popular Prime 3-in-1 Wireless Charging Station has dropped to $99.74 on Amazon, down from $149.99. This is one of Anker's newest accessories, and Amazon's sale today is a match of the all-time low price that we last tracked during Prime Day. There are plenty of other Anker accessories on sale this week, which you can find in our original post.

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "$450 Off a MacBook Pro? The Best Apple Discounts You Can Grab Today" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Meta has been warned by the European Commission that its endlessly scrolling Facebook and Instagram feeds may violate the EU's new Digital Services Act rules.


In preliminary findings published on Friday, the Commission said that its investigation into features such as infinite scroll, autoplay, push notifications, and highly personalized recommender systems, found that Meta "did not adequately assess the risks of their addictive design on the physical and mental wellbeing of users, including minors and vulnerable adults."

From the press release:
The Commission additionally criticized Meta's risk mitigation measures, saying that the platforms' time management tools could be easily dismissed and don't meaningfully limit the time users spend on the services. It also found fault with Meta's parental controls, which the Commission said were "only effective if parents and guardians possess adequate technical expertise, as well as devote effort and time to understand them."

The Commission said that at this stage of its investigation, it believes Meta needs to make design changes to both Instagram and Facebook. These could include disabling addictive features such as autoplay and infinite scroll by default, introducing effective screen time breaks, and modifying its recommender system to make it less focused on driving engagement.

Meta on Friday said it disagreed with the Commission's findings, claiming they "don't accurately take into account the significant steps we've taken to protect teens."

The Commission said Meta now has the opportunity to exercise its right of defence by reviewing the documents in the investigation file and responding in writing to its preliminary findings. If those provisional conclusions are upheld, the company could face a fine of up to 6 percent of its global annual turnover.Tags: European Commission, European Union, Facebook, Instagram, Meta
This article, "EU: Facebook and Instagram's Infinite Scroll May Break Digital Rules" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
OpenAI says it is shuttering its ChatGPT Atlas browser. When it was released last October, the company said the agentic browser was designed around the question "What if you could chat with your web browser?" The question was at least novel, but the answer was apparently not all that compelling.

As part of a slew of ChatGPT Work-related announcements on Thursday, OpenAI confirmed plans to "sunset" Atlas, with deprecation scheduled for August 9.
Tags: ChatGPT, OpenAI
This article, "OpenAI's ChatGPT Atlas Browser Is Shutting Down" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple has significantly lowered its demand expectations for the standard iPhone 17 because of rising hardware costs, a Chinese leaker claimed today.


According to the account "Fixed Focus Digital" on Weibo, some production lines for the standard iPhone 17 this week shifted from an earlier 15 percent reduction to plans to suspend roughly one-third of their capacity. The leaker also claimed Apple has made a "very serious" internal assessment of the impact that higher hardware costs could have on demand.

The claims can't be independently verified, plus the post doesn't say whether the production adjustments apply to overall iPhone 17 output or only to certain manufacturing lines, so caution is advised.

Higher component costs are impacting the electronics industry worldwide due to intense demand from AI companies intent on maximizing data center buildout, and Apple is far from immune.

The doubling cost of memory and storage chips over the last year recently led Apple to increase prices across multiple product lines, which CEO Tim Cook called "unavoidable." So far, iPhones have been spared the hikes, but Apple is widely expected to use the debut of iPhone 18 Pro models in September as a chance to increase the prices of its entire smartphone lineup.

Apple is expected to unveil a next-generation iPhone 18 model next spring alongside a new iPhone 18e and iPhone Air 2, as part of a new split-launch strategy.Related Roundup: iPhone 17Tag: Fixed Focus DigitalBuyer's Guide: iPhone 17 (Neutral)Related Forum: iPhone
This article, "Apple Reportedly Slashes iPhone 17 Demand Forecast Amid Rising Costs" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple's battery supplier has registered two new battery cells believed to be destined for the company's rumored foldable iPhone, according to a prolific Chinese leaker.


In a post on Weibo, the leaker known as Digital Chat Station said that the two cells have rated capacities of 1,921mAh and 2,962mAh, for a combined minimum rated capacity of 4,883mAh. "The supply chain is also predicting a total battery capacity of 4,800–5,000mAh, though this still needs further confirmation," the leaker added.

If accurate, the dual-cell design would be in line with existing book-style foldable smartphones, which typically split the battery across the device's two halves. In terms of where it sits next to rival foldables already on the market, the Google Pixel 10 Pro Fold has a total battery capacity of 5,015 mAh, while the Samsung Galaxy Z Fold 7 has a 4,400 mAh capacity. For comparison's sake, the iPhone 18 Pro and iPhone 18 Pro Max are believed to come with 4,288mAh and 5,567mAh batteries, respectively.

The leaker's claim appears to conflict with an early rumor suggesting Apple was testing a significantly larger 5,400mAh to 5,800mAh battery for its first foldable iPhone. That report described an engineering test configuration, however, so it's possible Apple has since revised the design. Either that or the rumor was incorrect.

A March 2025 rumor claimed that Apple has placed a heavy focus on improving power efficiency while slimming down key components of its foldable iPhone, with battery life said to be a key priority for the company. Separately, Apple analyst Ming-Chi Kuo has said the device will use high-density battery cells.

Apple's foldable iPhone is rumored to feature a 7.8-inch inner display and a 5.5-inch cover display, along with Touch ID instead of Face ID, an A20 chip, and Apple's C2 modem in some countries. The device is expected to be unveiled alongside the iPhone 18 Pro models in September. Apple's book-style foldable could launch as the "iPhone Ultra," as suggested by reports. IDC has predicted that the foldable will carry an average selling price of $2,500, with storage options potentially priced as high as $3,000.Tags: Digital Chat Station, Foldable iPhone, iPhone Ultra
This article, "Foldable iPhone Ultra Battery Capacity Allegedly Registered by Supplier" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Security leaders have made strong progress in visibility. Most organizations can now identify vulnerabilities across their applications, dependencies and development pipelines with far more consistency than in the past. Yet a fundamental imbalance remains: Vulnerabilities are being discovered faster than they can be remediated.
That imbalance is growing. Today, 82% of organizations carry security debt, defined as accumulated vulnerabilities that have remained unresolved for more than a year. At the same time, the share of vulnerabilities defined as both “severe” and “likely to be exploited” continues to increase.
This combination has real consequences. Vulnerabilities are not just accumulating; they persist in production environments long enough to be discovered and used.
Among my fellow CISOs, the conversation has shifted. The challenge now is to translate this reality into a business case that resonates with executive leadership and drives investment in remediation capacity. Here are six ways to do this.
Treat security debt like financial debt
Security debt behaves much like financial debt. It accumulates over time, compounds when left unmanaged and creates ongoing costs for the business. Those costs show up in delayed releases, emergency remediation efforts, audit findings and incident response.
Managing it effectively requires the same discipline applied to financial risk. That means measuring total and critical debt, setting reduction targets and tracking progress over time. It also means distinguishing between acceptable and unacceptable levels of risk, rather than treating all vulnerabilities as equal.
I believe security debt should be visible at the executive level. Leadership teams routinely track financial performance, operational resilience and service reliability. Security debt belongs in the same category. It reflects the organization’s exposure and its ability to manage that exposure over time.
Frame remediation capacity as a business constraint
Most organizations have a strong awareness of vulnerabilities. The limiting factor is the ability to address them.
Remediation capacity determines whether security debt grows or shrinks. When the volume of new findings exceeds the organization’s ability to fix them, the backlog expands and exposure increases. This dynamic persists regardless of how effective detection tools are.
In my experience, it’s important to quantify this constraint. That includes showing the gap between findings and fixes, identifying where high-risk vulnerabilities remain open and demonstrating how long they persist. These data points make it clear that incremental efficiency improvements will not close the gap on their own.
Presenting remediation capacity in operational terms helps align the discussion with executive priorities. Leaders understand constraints in engineering throughput, cloud spend and service availability. Remediation capacity should be treated in the same way.
Focus on exploitable risk in critical systems
Security debt becomes meaningful when it is tied to business impact.
Not all vulnerabilities carry the same level of risk. The ones that matter most share two characteristics. They are likely to be exploited, and they exist in applications that are important to the business.
Traditional severity scoring does not fully capture this. The Common Vulnerability Scoring System (CVSS) remains useful. Still, it does not reflect whether a vulnerability is reachable, whether it sits in a critical system or whether exploit techniques are readily available.
A practical approach is to layer exploitability and business context onto existing scoring models. This creates a focused set of high-risk vulnerabilities that require immediate attention. In many environments, this represents a relatively small percentage of total findings, but it accounts for a large portion of potential impact.
By concentrating on this subset, organizations can direct resources where they have the greatest effect. This approach also makes it easier to communicate risks in business terms.
Prioritize crown-jewel applications
Risk is not distributed evenly across applications.
Every organization has systems that are more critical than others. These may include customer-facing platforms, revenue-generating services or applications that process sensitive data. Compromise in these areas has a disproportionate impact on the business.
Focusing remediation efforts on these crown-jewel applications improves outcomes quickly. Our research found that 11.3% of flaws have high severity and high exploitability. It ensures that the most important systems receive the highest level of protection and reduces the likelihood of high-impact incidents.
Clear targets help reinforce this focus. Over a defined period, organizations can reduce critical security debt, shorten the lifespan of high-risk vulnerabilities and maintain strict thresholds for exposure in key systems. These targets translate security activity into business outcomes that leadership can understand and support.
Establish metrics that reflect risk
Metrics play a central role in shaping behavior.
Many organizations continue to rely on the number of vulnerabilities discovered or resolved. While these metrics provide useful context, they do not indicate whether risk is increasing or decreasing.
More effective measures focus on exposure. These include the number of critical or exploitable vulnerabilities in key systems, the average age of those vulnerabilities and trends over time. Together, these metrics provide a clearer picture of how risk is evolving.
Linking these measures to organizational objectives strengthens accountability. Security debt reduction can be incorporated into OKRs, with specific targets for reducing critical debt, lowering vulnerability age and maintaining acceptable thresholds in high-risk applications.
Formalizing risk acceptance is also important. High-risk vulnerabilities that remain open should require business approval and defined timelines. This ensures that risk is acknowledged and managed deliberately.
Increase investment in remediation capacity
Improving security outcomes requires sustained investment in the ability to act.
Remediation capacity can be expanded in several ways. Organizations can allocate dedicated engineering time for security work, integrate remediation into development workflows and adopt automation to reduce manual effort. AI-assisted fixes and automated guidance can help teams address vulnerabilities more efficiently without disrupting development velocity.
Preventing new security debt is equally important. Policies such as requiring high-risk vulnerabilities to be resolved before release help limit the introduction of additional exposure. Over time, this reduces the overall burden on remediation teams.
These changes do not slow innovation. They create conditions for delivering software safely and consistently.
Align the business around risk reduction
Security debt affects more than the security function. It influences resilience, regulatory posture and the organization’s ability to deliver software with confidence.
CISOs play a central role in aligning stakeholders around this issue. By framing security debt in terms of business impact, capacity constraints and measurable outcomes, they can shift the conversation from technical backlog management to enterprise risk reduction.
This alignment is critical for securing investment. When leadership understands the relationship between remediation capacity and business risk, decisions about funding, prioritization and trade-offs become clearer.
Security debt will continue to exist. What matters is how effectively it is managed and measured. For example, a good target should be doubling fix capacity through tooling investment, not just headcount.
Organizations that measure, govern and actively invest in reducing it are better positioned to control risk at scale. Those that do not will continue to see exposure grow, even as their visibility improves.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
Security leaders have made strong progress in visibility. Most organizations can now identify vulnerabilities across their applications, dependencies and development pipelines with far more consistency than in the past. Yet a fundamental imbalance remains: Vulnerabilities are being discovered faster than they can be remediated.
That imbalance is growing. Today, 82% of organizations carry security debt, defined as accumulated vulnerabilities that have remained unresolved for more than a year. At the same time, the share of vulnerabilities defined as both “severe” and “likely to be exploited” continues to increase.
This combination has real consequences. Vulnerabilities are not just accumulating; they persist in production environments long enough to be discovered and used.
Among my fellow CISOs, the conversation has shifted. The challenge now is to translate this reality into a business case that resonates with executive leadership and drives investment in remediation capacity. Here are six ways to do this.
Treat security debt like financial debt
Security debt behaves much like financial debt. It accumulates over time, compounds when left unmanaged and creates ongoing costs for the business. Those costs show up in delayed releases, emergency remediation efforts, audit findings and incident response.
Managing it effectively requires the same discipline applied to financial risk. That means measuring total and critical debt, setting reduction targets and tracking progress over time. It also means distinguishing between acceptable and unacceptable levels of risk, rather than treating all vulnerabilities as equal.
I believe security debt should be visible at the executive level. Leadership teams routinely track financial performance, operational resilience and service reliability. Security debt belongs in the same category. It reflects the organization’s exposure and its ability to manage that exposure over time.
Frame remediation capacity as a business constraint
Most organizations have a strong awareness of vulnerabilities. The limiting factor is the ability to address them.
Remediation capacity determines whether security debt grows or shrinks. When the volume of new findings exceeds the organization’s ability to fix them, the backlog expands and exposure increases. This dynamic persists regardless of how effective detection tools are.
In my experience, it’s important to quantify this constraint. That includes showing the gap between findings and fixes, identifying where high-risk vulnerabilities remain open and demonstrating how long they persist. These data points make it clear that incremental efficiency improvements will not close the gap on their own.
Presenting remediation capacity in operational terms helps align the discussion with executive priorities. Leaders understand constraints in engineering throughput, cloud spend and service availability. Remediation capacity should be treated in the same way.
Focus on exploitable risk in critical systems
Security debt becomes meaningful when it is tied to business impact.
Not all vulnerabilities carry the same level of risk. The ones that matter most share two characteristics. They are likely to be exploited, and they exist in applications that are important to the business.
Traditional severity scoring does not fully capture this. The Common Vulnerability Scoring System (CVSS) remains useful. Still, it does not reflect whether a vulnerability is reachable, whether it sits in a critical system or whether exploit techniques are readily available.
A practical approach is to layer exploitability and business context onto existing scoring models. This creates a focused set of high-risk vulnerabilities that require immediate attention. In many environments, this represents a relatively small percentage of total findings, but it accounts for a large portion of potential impact.
By concentrating on this subset, organizations can direct resources where they have the greatest effect. This approach also makes it easier to communicate risks in business terms.
Prioritize crown-jewel applications
Risk is not distributed evenly across applications.
Every organization has systems that are more critical than others. These may include customer-facing platforms, revenue-generating services or applications that process sensitive data. Compromise in these areas has a disproportionate impact on the business.
Focusing remediation efforts on these crown-jewel applications improves outcomes quickly. Our research found that 11.3% of flaws have high severity and high exploitability. It ensures that the most important systems receive the highest level of protection and reduces the likelihood of high-impact incidents.
Clear targets help reinforce this focus. Over a defined period, organizations can reduce critical security debt, shorten the lifespan of high-risk vulnerabilities and maintain strict thresholds for exposure in key systems. These targets translate security activity into business outcomes that leadership can understand and support.
Establish metrics that reflect risk
Metrics play a central role in shaping behavior.
Many organizations continue to rely on the number of vulnerabilities discovered or resolved. While these metrics provide useful context, they do not indicate whether risk is increasing or decreasing.
More effective measures focus on exposure. These include the number of critical or exploitable vulnerabilities in key systems, the average age of those vulnerabilities and trends over time. Together, these metrics provide a clearer picture of how risk is evolving.
Linking these measures to organizational objectives strengthens accountability. Security debt reduction can be incorporated into OKRs, with specific targets for reducing critical debt, lowering vulnerability age and maintaining acceptable thresholds in high-risk applications.
Formalizing risk acceptance is also important. High-risk vulnerabilities that remain open should require business approval and defined timelines. This ensures that risk is acknowledged and managed deliberately.
Increase investment in remediation capacity
Improving security outcomes requires sustained investment in the ability to act.
Remediation capacity can be expanded in several ways. Organizations can allocate dedicated engineering time for security work, integrate remediation into development workflows and adopt automation to reduce manual effort. AI-assisted fixes and automated guidance can help teams address vulnerabilities more efficiently without disrupting development velocity.
Preventing new security debt is equally important. Policies such as requiring high-risk vulnerabilities to be resolved before release help limit the introduction of additional exposure. Over time, this reduces the overall burden on remediation teams.
These changes do not slow innovation. They create conditions for delivering software safely and consistently.
Align the business around risk reduction
Security debt affects more than the security function. It influences resilience, regulatory posture and the organization’s ability to deliver software with confidence.
CISOs play a central role in aligning stakeholders around this issue. By framing security debt in terms of business impact, capacity constraints and measurable outcomes, they can shift the conversation from technical backlog management to enterprise risk reduction.
This alignment is critical for securing investment. When leadership understands the relationship between remediation capacity and business risk, decisions about funding, prioritization and trade-offs become clearer.
Security debt will continue to exist. What matters is how effectively it is managed and measured. For example, a good target should be doubling fix capacity through tooling investment, not just headcount.
Organizations that measure, govern and actively invest in reducing it are better positioned to control risk at scale. Those that do not will continue to see exposure grow, even as their visibility improves.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
Microsoft is warning defenders about a new backdoor that blurs the line between espionage malware and wipers.
In a technical analysis published on Thursday, Microsoft Threat Intelligence detailed GigaWiper, a Golang-based implant first observed in October 2025 intrusions that combines remote administration capabilities with multiple disk-wiping and ransomware routines.
Rather than building a new destructive tool from scratch, the operators assembled GigaWiper from several existing malware families, embedding them as modular commands inside a single backdoor.
“GigaWiper is particularly notable for its makeup,” Microsoft researchers said. “The consolidation of multiple destructive capabilities into a modular backdoor reflects a notable shift in wiper malware, which are typically designed purely to destroy rather than to extort and carry real-world consequences.”
Malware capabilities of the backdoor included multiple disk wiping logics, an irreversible Crucio ransomware encryption, persistence, and RabbitMQ and Redis-based communication.
A backdoor for destruction on demand
According to Microsoft, GigaWiper exists in two forms. A standalone wiper and a larger backdoor whose command set embeds the standalone wiping functionality alongside numerous administrative features.
Written in Go, the malware supports 20 command codes that enable operators to execute PowerShell commands, manage Windows services and processes, manipulate the registry, capture screenshots, record displays, clear event logs, and remotely control infected systems through a Virtual Network Computing (VNC)-like capability.
Persistence is established through a scheduled task posing as a “OneDrive Update,” while command-and-control (C2) relies on RabbitMQ for receiving instructions and Redis for returning command output. This architecture allows attackers to quietly maintain access and selectively activate destructive functionality when an objective has been achieved, the researchers added.
The backdoor combines three malware families
Microsoft researchers found that GigaWiper integrates destructive code from multiple malware families instead of relying on a single wiping mechanism.
These integrations show up in the form of separate commands that the backdoor supports.

One command performs raw physical disk wiping by overwriting drives and removing partition metadata. Another borrows from the Crucio ransomware family, encrypting files with randomly generated keys that are intentionally never stored, making recovery impossible despite presenting itself like ransomware.
A third command recreates the functionality of FlockWiper, implementing secure multi-pass wiping in Go to permanently erase data on Windows systems.
“We tied GigaWiper to both Crucio and FlockWiper based on code analysis, shared execution flow, function naming, and unique strings,” the researchers said. “Crucio’s code was the base for GigaWiper command 3, and FlockWiper was re-coded in Golang and updated for GigaWiper command 12,” they noted, referring to the 20 listed commands the backdoor supports.
The standalone wiper was implemented as command 1 from the list.
Microsoft recommended hardening endpoints and identities, enabling behavioral detection and endpoint detection and response (EDR) capabilities, and using attack surface reduction controls to limit compromise risks.
The company also urged defenders to maintain offline or otherwise resilient backups, as destructive malware like GigaWiper is designed to irreversibly wipe or encrypt data. To support detection, the researchers shared a list of indicators of compromise (IOCs), which included FlockWiper and Crucio file hashes and a couple of C2 IP addresses.
View the full article
Microsoft is warning defenders about a new backdoor that blurs the line between espionage malware and wipers.
In a technical analysis published on Thursday, Microsoft Threat Intelligence detailed GigaWiper, a Golang-based implant first observed in October 2025 intrusions that combines remote administration capabilities with multiple disk-wiping and ransomware routines.
Rather than building a new destructive tool from scratch, the operators assembled GigaWiper from several existing malware families, embedding them as modular commands inside a single backdoor.
“GigaWiper is particularly notable for its makeup,” Microsoft researchers said. “The consolidation of multiple destructive capabilities into a modular backdoor reflects a notable shift in wiper malware, which are typically designed purely to destroy rather than to extort and carry real-world consequences.”
Malware capabilities of the backdoor included multiple disk wiping logics, an irreversible Crucio ransomware encryption, persistence, and RabbitMQ and Redis-based communication.
A backdoor for destruction on demand
According to Microsoft, GigaWiper exists in two forms. A standalone wiper and a larger backdoor whose command set embeds the standalone wiping functionality alongside numerous administrative features.
Written in Go, the malware supports 20 command codes that enable operators to execute PowerShell commands, manage Windows services and processes, manipulate the registry, capture screenshots, record displays, clear event logs, and remotely control infected systems through a Virtual Network Computing (VNC)-like capability.
Persistence is established through a scheduled task posing as a “OneDrive Update,” while command-and-control (C2) relies on RabbitMQ for receiving instructions and Redis for returning command output. This architecture allows attackers to quietly maintain access and selectively activate destructive functionality when an objective has been achieved, the researchers added.
The backdoor combines three malware families
Microsoft researchers found that GigaWiper integrates destructive code from multiple malware families instead of relying on a single wiping mechanism.
These integrations show up in the form of separate commands that the backdoor supports.

One command performs raw physical disk wiping by overwriting drives and removing partition metadata. Another borrows from the Crucio ransomware family, encrypting files with randomly generated keys that are intentionally never stored, making recovery impossible despite presenting itself like ransomware.
A third command recreates the functionality of FlockWiper, implementing secure multi-pass wiping in Go to permanently erase data on Windows systems.
“We tied GigaWiper to both Crucio and FlockWiper based on code analysis, shared execution flow, function naming, and unique strings,” the researchers said. “Crucio’s code was the base for GigaWiper command 3, and FlockWiper was re-coded in Golang and updated for GigaWiper command 12,” they noted, referring to the 20 listed commands the backdoor supports.
The standalone wiper was implemented as command 1 from the list.
Microsoft recommended hardening endpoints and identities, enabling behavioral detection and endpoint detection and response (EDR) capabilities, and using attack surface reduction controls to limit compromise risks.
The company also urged defenders to maintain offline or otherwise resilient backups, as destructive malware like GigaWiper is designed to irreversibly wipe or encrypt data. To support detection, the researchers shared a list of indicators of compromise (IOCs), which included FlockWiper and Crucio file hashes and a couple of C2 IP addresses.
View the full article
Check Point Software CTO Jonathan Zanger met with CSO Spain during the software company’s Engage 2026 user conference last week in Paris.
At the event, Check Point executives and representatives discussed how the company is dealing with various types of threats, how it is adopting AI securely, and how Check Point and others can leverage AI for their own benefit.
“That’s why I believe 2026 is a fascinating year to work in this field. Every technological change drastically affects cybersecurity,” Zanger told CSO Spain. “I think we’re currently witnessing the biggest change since the advent of the internet. So, without a doubt, we’re facing significant transformations.”
What follows CSO Spain’s discussion with Zanger, edited for length and clarity.
How are AI agents changing the way we detect and stop cyber threats? What new risks are they creating?
I’ll try to answer on several levels. The first is how we operate differently as a cybersecurity company protecting our clients.
We’ve always had teams of experts monitoring threats, identifying malicious actors, and creating new defenses for our products. Consequently, whenever we detected an APT group, we investigated it and created signatures to protect against it. Or when we saw a suspicious network used by threat actors, we identified its location and blocked it. While it’s true that, in many ways, we were always limited by the number of talented people capable of gathering that intelligence and turning it into actionable defenses, what has AI allowed us to do? Dramatically scale this operation.
Could you give an example?
We’ve always had red teams testing our products to ensure their security. And we’ve always valued those teams highly because they made our products significantly more secure. Now, those teams are incredibly powerful thanks to AI, working 20 times more efficiently. What do we have now? A combination of people and AI agents, with around 300 instances continuously monitoring and testing our systems. This is what allows us to deliver better cybersecurity and scale our capabilities.
But it’s clear that malicious actors are using AI to carry out their operations…
That’s right. Just as it helped us scale our operations, it’s also helped them. We’re now seeing a proliferation of smaller, faster threat groups and malicious actors, capable of conducting phishing campaigns with less expertise than before. Consequently, we’re seeing more people entering the field of offensive cybersecurity. So, perhaps the final piece of the puzzle is that organizations are adopting AI systems, and now we have a new challenge: How are we going to protect them?
In this context, what security challenges arise when AI agents can access and operate enterprise systems? In your opinion, what should organizations prepare for?
Systems used to be deterministic: Given the same input, they produced a predictable output, which made them easier to protect. With AI agents, this changes, as they understand natural language, handle ambiguity, and their behavior isn’t always predictable, requiring a new approach to cybersecurity. Furthermore, something very important must be considered: AI depends on the systems it’s connected to. There’s a tension between security teams, who seek to limit these connections to reduce risks, and those promoting AI, who want to integrate it throughout the organization to gather information from any area.
In other words, the more connections AI has, the greater the attack surface and the security risk.
How is generative AI making it easier for attackers to create cyberattacks? From your perspective, what are the most important defenses today?
AI has transformed software development, making it much faster and more accessible. But what’s happening? Cybercriminals are exploiting this same capability, allowing them to escalate attacks like phishing, ransomware, malware, and vulnerability exploitation, increasing both the speed and volume of threats.
What do you recommend doing in this scenario?
Defenders must also embrace AI. Detection and response are no longer enough when an attack can cause damage in seconds, so prevention plays a key role. While attackers maintain a certain advantage because they only need to hit once and are not subject to regulations, defenders have a differentiating factor: collaboration between teams, organizations, and security companies, which helps to level the playing field.
But you can’t deny that many AI platforms still have vulnerabilities…
That’s right, because innovation often advances faster than security. That’s why I recommend incorporating a layer of security from the very beginning of any AI project and not assuming that a platform is secure simply because it comes from a reputable vendor.
How can AI platforms be used securely in the face of the expanding attack surface? What do you consider to be the most significant risk?
Throughout the evolution of systems, innovation, and organizations, security hasn’t always been a priority from the outset of product development. We see this because we investigate different platforms, especially AI platforms, to assess their security. This has allowed us to uncover serious vulnerabilities in every AI platform we’ve analyzed over the past year, as well as in all major AI development tools.
Now, I’m not criticizing anyone here, because their job is to launch innovative products quickly. But I do believe security gaps exist. That’s why I think that, in many cases, this is the role of organizations like ours: to work with companies to ensure that when they use this innovative technology, they do so in a way that protects their data, safeguards their employees, and doesn’t increase their risk.
Would you share any lessons you’ve learned from adopting AI?
Absolutely. The lesson I take away is that when you adopt AI, whatever the use case, you must do so by incorporating a layer of security. And don’t assume a platform is secure just because it comes from an innovative AI company.
In your opinion, what are the most important innovations in security platforms today? And how do they help customers and organizations stay protected?
I’d like to identify three major areas where AI is transforming cybersecurity. The first is the use of AI to strengthen defense operations. Just as it has revolutionized software development, AI is changing how security teams work, enabling them to detect vulnerabilities, assess security posture, implement changes, and respond to threats more quickly, efficiently, and scalably.
The second area is the protection of the AI ​​applications and agents themselves. As these technologies are integrated into corporate networks, the challenge arises of ensuring they do not become a new attack vector or expose sensitive information. This is a very recent field, driven by the rapid adoption of generative AI, in which there is still ample room for innovation.
Finally, I want to emphasize the need to defend against increasingly rapid and sophisticated AI-driven attacks. To this end, I advocate combining advanced models capable of detecting zero-day vulnerabilities and anomalous behavior with AI systems that simulate the behavior of an ethical attacker. This way, organizations can anticipate cybercriminals, identify their attack surface, and strengthen their defenses before an incident occurs.
The final question concerns the needs of small and medium-sized organizations, which want AI systems to be more transparent and easier to audit when they help detect or respond to threats. What are your thoughts on this?
I believe explainability is a crucial part of what we must offer our clients as cybersecurity advocates. There’s always a tension between blocking something immediately and, at the same time, being able to explain why it was blocked. People like to understand what happened, and this presents a delicate balance. Therefore, my perspective is that we should automatically block as many threats as possible, without requiring human intervention, but we must also enable humans to understand what happened and modify the future behavior of the protection mechanisms.
Víctor Manuel Fernández attending Engage 2026 as a guest of Check Point Software.
View the full article
Check Point Software CTO Jonathan Zanger met with CSO Spain during the software company’s Engage 2026 user conference last week in Paris.
At the event, Check Point executives and representatives discussed how the company is dealing with various types of threats, how it is adopting AI securely, and how Check Point and others can leverage AI for their own benefit.
“That’s why I believe 2026 is a fascinating year to work in this field. Every technological change drastically affects cybersecurity,” Zanger told CSO Spain. “I think we’re currently witnessing the biggest change since the advent of the internet. So, without a doubt, we’re facing significant transformations.”
What follows CSO Spain’s discussion with Zanger, edited for length and clarity.
How are AI agents changing the way we detect and stop cyber threats? What new risks are they creating?
I’ll try to answer on several levels. The first is how we operate differently as a cybersecurity company protecting our clients.
We’ve always had teams of experts monitoring threats, identifying malicious actors, and creating new defenses for our products. Consequently, whenever we detected an APT group, we investigated it and created signatures to protect against it. Or when we saw a suspicious network used by threat actors, we identified its location and blocked it. While it’s true that, in many ways, we were always limited by the number of talented people capable of gathering that intelligence and turning it into actionable defenses, what has AI allowed us to do? Dramatically scale this operation.
Could you give an example?
We’ve always had red teams testing our products to ensure their security. And we’ve always valued those teams highly because they made our products significantly more secure. Now, those teams are incredibly powerful thanks to AI, working 20 times more efficiently. What do we have now? A combination of people and AI agents, with around 300 instances continuously monitoring and testing our systems. This is what allows us to deliver better cybersecurity and scale our capabilities.
But it’s clear that malicious actors are using AI to carry out their operations…
That’s right. Just as it helped us scale our operations, it’s also helped them. We’re now seeing a proliferation of smaller, faster threat groups and malicious actors, capable of conducting phishing campaigns with less expertise than before. Consequently, we’re seeing more people entering the field of offensive cybersecurity. So, perhaps the final piece of the puzzle is that organizations are adopting AI systems, and now we have a new challenge: How are we going to protect them?
In this context, what security challenges arise when AI agents can access and operate enterprise systems? In your opinion, what should organizations prepare for?
Systems used to be deterministic: Given the same input, they produced a predictable output, which made them easier to protect. With AI agents, this changes, as they understand natural language, handle ambiguity, and their behavior isn’t always predictable, requiring a new approach to cybersecurity. Furthermore, something very important must be considered: AI depends on the systems it’s connected to. There’s a tension between security teams, who seek to limit these connections to reduce risks, and those promoting AI, who want to integrate it throughout the organization to gather information from any area.
In other words, the more connections AI has, the greater the attack surface and the security risk.
How is generative AI making it easier for attackers to create cyberattacks? From your perspective, what are the most important defenses today?
AI has transformed software development, making it much faster and more accessible. But what’s happening? Cybercriminals are exploiting this same capability, allowing them to escalate attacks like phishing, ransomware, malware, and vulnerability exploitation, increasing both the speed and volume of threats.
What do you recommend doing in this scenario?
Defenders must also embrace AI. Detection and response are no longer enough when an attack can cause damage in seconds, so prevention plays a key role. While attackers maintain a certain advantage because they only need to hit once and are not subject to regulations, defenders have a differentiating factor: collaboration between teams, organizations, and security companies, which helps to level the playing field.
But you can’t deny that many AI platforms still have vulnerabilities…
That’s right, because innovation often advances faster than security. That’s why I recommend incorporating a layer of security from the very beginning of any AI project and not assuming that a platform is secure simply because it comes from a reputable vendor.
How can AI platforms be used securely in the face of the expanding attack surface? What do you consider to be the most significant risk?
Throughout the evolution of systems, innovation, and organizations, security hasn’t always been a priority from the outset of product development. We see this because we investigate different platforms, especially AI platforms, to assess their security. This has allowed us to uncover serious vulnerabilities in every AI platform we’ve analyzed over the past year, as well as in all major AI development tools.
Now, I’m not criticizing anyone here, because their job is to launch innovative products quickly. But I do believe security gaps exist. That’s why I think that, in many cases, this is the role of organizations like ours: to work with companies to ensure that when they use this innovative technology, they do so in a way that protects their data, safeguards their employees, and doesn’t increase their risk.
Would you share any lessons you’ve learned from adopting AI?
Absolutely. The lesson I take away is that when you adopt AI, whatever the use case, you must do so by incorporating a layer of security. And don’t assume a platform is secure just because it comes from an innovative AI company.
In your opinion, what are the most important innovations in security platforms today? And how do they help customers and organizations stay protected?
I’d like to identify three major areas where AI is transforming cybersecurity. The first is the use of AI to strengthen defense operations. Just as it has revolutionized software development, AI is changing how security teams work, enabling them to detect vulnerabilities, assess security posture, implement changes, and respond to threats more quickly, efficiently, and scalably.
The second area is the protection of the AI ​​applications and agents themselves. As these technologies are integrated into corporate networks, the challenge arises of ensuring they do not become a new attack vector or expose sensitive information. This is a very recent field, driven by the rapid adoption of generative AI, in which there is still ample room for innovation.
Finally, I want to emphasize the need to defend against increasingly rapid and sophisticated AI-driven attacks. To this end, I advocate combining advanced models capable of detecting zero-day vulnerabilities and anomalous behavior with AI systems that simulate the behavior of an ethical attacker. This way, organizations can anticipate cybercriminals, identify their attack surface, and strengthen their defenses before an incident occurs.
The final question concerns the needs of small and medium-sized organizations, which want AI systems to be more transparent and easier to audit when they help detect or respond to threats. What are your thoughts on this?
I believe explainability is a crucial part of what we must offer our clients as cybersecurity advocates. There’s always a tension between blocking something immediately and, at the same time, being able to explain why it was blocked. People like to understand what happened, and this presents a delicate balance. Therefore, my perspective is that we should automatically block as many threats as possible, without requiring human intervention, but we must also enable humans to understand what happened and modify the future behavior of the protection mechanisms.
Víctor Manuel Fernández attending Engage 2026 as a guest of Check Point Software.
View the full article
With iOS 27, Apple is introducing several CarPlay features that will improve your in-car experience, both when you're driving and when you're idle in the car. From new video experiences to Siri AI, there are multiple new options to look forward to.


Video Apps

‌CarPlay‌ apps can incorporate video browsing capabilities, so you can browse for and watch videos on your in-car display while parked. The video playback feature does not work when a car is in motion for safety reasons, but if you're watching something and shift into drive, playback will switch to audio only.

iPhone apps that support AirPlay can also stream content to the car's display.

Video apps require car manufacturers to enable support on the vehicle, and no automakers have announced plans to add support as of now.

Siri AI

Apple's smarter, more capable version of ‌Siri‌ can be used in the car for hands-free conversations. ‌Siri‌ AI for ‌CarPlay‌ works like ‌Siri‌ AI on other devices, so you can ask it to complete tasks or find information for you while you drive.

Conversations in ‌CarPlay‌ sync to the ‌Siri‌ app on iPhone so you can pick them up later.

Audio

There is a persistent mini-player for the Now Playing ‌CarPlay‌ template. The player shows artwork and playback controls in the top right corner of audio and media apps.

The Now Playing interface in ‌CarPlay‌ also has a progress bar, so you can jump to a specific spot in a song, podcast, or audiobook.

Wallpapers

‌CarPlay‌ includes the new ‌iOS 27‌ wallpapers, formatted for the ‌CarPlay‌ interface. The wallpapers have wave-style designs in a range of colors, with 14 total wallpaper options available.

‌CarPlay‌ in ‌iOS 27‌ also supports larger, more interactive content thumbnails and it incorporates the updated Liquid Glass icons for apps like Maps and Weather.

Route Data

Navigation apps like Apple Maps and Google Maps can share route data with a vehicle for incorporating information like EV charging stops. The car is able to check a map route against the range of the vehicle, and suggest a charging stop.

Reliability and Location Accuracy

Apple says that wireless ‌CarPlay‌ is more reliable in ‌iOS 27‌, plus it supports improved GPS location accuracy and navigation heading detection.

Voice Control

All app categories are also now able to offer a voice control option, and Apple has designed a voice control template that can be integrated into apps for voice conversations.

Natural Language Improvements

In Apple Maps, Apple extended natural language search to navigation, and that also works with ‌CarPlay‌. You can ask ‌Siri‌ for directions that avoid toll roads, highways, and more.

Compatibility

Using the new ‌CarPlay‌ features in ‌iOS 27‌ requires a connected iPhone with ‌iOS 27‌ installed. For ‌Siri‌ AI, you'll need an iPhone that supports Apple Intelligence, which includes the iPhone 15 Pro and later.Related Roundups: CarPlay, iOS 27, iPadOS 27Related Forum: HomePod, HomeKit, CarPlay, Home & Auto Technology
This article, "iOS 27: 8+ New CarPlay Features" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple TV is taking over Hall H at San Diego Comic-Con for the first time, according to Deadline. Apple is holding a two-hour panel on July 25 featuring stars from Widow's Bay, Matchbox The Movie, Mayday, Dark Matter, and Silo. Hall H is known for some of the biggest Comic-Con panels and events, and Saturday draws the largest crowds. Apple's event will come before a major Marvel Studios presentation.


Panelists from Matchbox The Movie will include John Cena, Jessica Biel, and Arturo Castro, while Dark Matter panelists will include Blake Crouch, Matt Tolmach, Jacquelyn Ben-Zekry, Joel Edgerton, Jennifer Connelly, and more. Panelists for Widow's Bay have not been announced, but it should be a popular portion of the event given the show's popularity. Widow's Bay recently received 19 Emmy nominations.

John Francis Daley and Jonathan Goldstein will discuss Mayday, and Silo panelists include Graham Yost, Rebecca Ferguson, Common, Tim Robbins, Ashley Zukerman, Jessica Henwick, and Alexandria Riley. Josh Horowitz from the Happy, Sad, Confused podcast will moderate the panels.

A Silo Experience will be held at The Lot from Friday, July 24 to Sunday, July 26. On Friday, July 24, Apple plans to offer a sneak preview of Dark Matter season 2.

‌Apple TV‌ has had a presence at prior Comic-Con events, but Apple skipped the 2025 show.

San Diego Comic-Con takes place from July 23 to July 26, with a preview night on July 22. The ‌Apple TV‌ panel will be held from 2:00 to 4:00 p.m. on July 25.Related Roundup: Apple TVTag: Apple TV ServiceBuyer's Guide: Apple TV (Don't Buy)Related Forum: Apple TV and Home Theater
This article, "Apple TV Taking Over Comic-Con's Hall H for the First Time With Widow's Bay, Silo and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
A security hole within AI dev tools has allowed attackers to escape sandboxes by misleading the humans in the loop who were supposed to knowingly approve the tool’s actions, according to cybersecurity research firm Wiz.
“We discovered GhostApproval, a systematic vulnerability pattern affecting six of the top AI coding assistants: Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf [now known as Devin Desktop],” the Wiz report said. “In each case, a malicious repository can trick the agent into accessing arbitrary files outside the workspace sandbox, potentially achieving remote code execution on the developer’s machine.”
The first report of the hole came earlier this month from Cato Networks, but was limited to one platform, Cursor, whereas Wiz found that its impact was far wider. 
The underlying security problem, symbolic links (symlinks), is well known and has been leveraged for decades. But GhostApproval, Wiz noted, goes well beyond their historic use as an attack vector. 
Symbolic links are special files that act as shortcuts to other files or directories. In attacks, they typically resolve to a target outside of the intended control sphere, which allows a threat actor to operate on unauthorized files in a less- or uncontrolled environment, outside of a secure sandbox, or even an air-gapped system.
“In several cases,” Wiz noted, “the agent’s internal reasoning explicitly recognizes the dangerous target, yet the confirmation prompt shown to the user conceals this information entirely. This is CWE-451 – UI misrepresentation of critical information – layered on top of the symlink vulnerability. The user approves what they believe is a harmless local edit. The agent then writes to a sensitive file outside of the project workspace.”
Wiz said it reported the issue to the six vendors initially impacted; AWS, Cursor and Google “fixed the issue promptly,” Augment and Windsurf/Devin “acknowledged receipt but went silent,” and Anthropic had already fixed the problem before it was contacted by Wiz.
Potentially massive exposure
But analysts and consultants said the AI dev tool problem that Wiz described illustrates a far greater security risk: enterprises are trusting these tools and the information they report far too much, which is what may give attackers a big opportunity.
Katie Norton, senior research manager for DevSecOps at IDC, noted that the Wiz report pointed out a disturbing fact. “The safety check people rely on to catch these actions doesn’t actually stop anything. That’s a real way for an attacker to break into a developer’s machine,” she said. “The scope is bounded by one condition: the attack requires a developer to clone and operate on an untrusted or malicious repository. That concentrates the risk in workflows touching external contributors, forked repositories, and third-party or open source dependencies, rather than in internally authored code.”
Norton said the exposure from this flaw, along with similar holes in other AI dev tools, is potentially massive. “Since March 2025, security vendors and researchers have disclosed comparable issues in nearly every major AI coding assistant. That pattern: a mitigation ships, then a new bypass of that same mitigation surfaces within months. That is worth watching and reflects how new this category’s threat model still is across the board, it’s not a gap specific to any one vendor’s practices.”
That means, she said, that agentic coding tools need multilayered defense, because the risk isn’t confined to the code an agent generates. “The tools themselves sit within the software supply chain and can be attacked directly. GhostApproval makes that point clearly,” she noted.
“The vulnerability has nothing to do with code quality or insecure output. It’s a flaw in how the agent handles files and represents its own actions to the user, introduced by the tool’s design rather than a bad prompt or a compromised dependency. Failure to account for the coding tools’ own attack surface is what leaves this kind of gap unaddressed.”
Rethink policies and procedures
Noah Kenney, principal consultant at Digital 520, agreed; enterprise CISOs need to potentially rethink many of their AI dev tool policies and procedures. 
“The significant part is that the agent’s own reasoning identified the malicious target and the approval dialog hid it anyway. The tool knew it was writing to SSH keys and still asked a human to approve an edit to a config file, giving the human an illusion of control over the model,” Kenney said. “Many considered human in the loop to be the answer to agent risk, but this report shows that the loop can be fed bad information by the very agent it is supposed to be supervising.”
Because of this, Kenney advised adjusting the way tool management is enforced.
“Treat AI coding assistants as privileged software with filesystem access, not as editor plugins. That means patch discipline, version pinning, and knowing which tools in your environment write to disk before authorization,” Kenney said. “Then sandbox the blast radius. These agents should run against trusted repositories in isolated environments where a write to authorized_keys goes nowhere. Do not rely on the tool’s own dialog as your control or governance solution.”
A category-wide design issue
Justin Greis, CEO of consulting firm Acceligence, added that this security hole is a much bigger enterprise security strategy problem than most CISOs realize. 
“Six different vendors independently arrived at a very similar trust model. That suggests we’re looking at a category-wide design challenge rather than a collection of isolated implementation bugs. If vulnerabilities like this remained uncorrected, they would represent a meaningful enterprise risk, particularly for organizations that allow AI coding assistants to interact with untrusted repositories or production development environments,” he said.
“The immediate concern isn’t simply remote code execution. It’s that these agents operate with a level of filesystem access, tool access, and developer trust that traditional IDE extensions never had. Once an AI agent becomes an active participant in software development, every trust boundary it crosses becomes part of the organization’s attack surface.”

View the full article
A security hole within AI dev tools has allowed attackers to escape sandboxes by misleading the humans in the loop who were supposed to knowingly approve the tool’s actions, according to cybersecurity research firm Wiz.
“We discovered GhostApproval, a systematic vulnerability pattern affecting six of the top AI coding assistants: Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf [now known as Devin Desktop],” the Wiz report said. “In each case, a malicious repository can trick the agent into accessing arbitrary files outside the workspace sandbox, potentially achieving remote code execution on the developer’s machine.”
The first report of the hole came earlier this month from Cato Networks, but was limited to one platform, Cursor, whereas Wiz found that its impact was far wider. 
The underlying security problem, symbolic links (symlinks), is well known and has been leveraged for decades. But GhostApproval, Wiz noted, goes well beyond their historic use as an attack vector. 
Symbolic links are special files that act as shortcuts to other files or directories. In attacks, they typically resolve to a target outside of the intended control sphere, which allows a threat actor to operate on unauthorized files in a less- or uncontrolled environment, outside of a secure sandbox, or even an air-gapped system.
“In several cases,” Wiz noted, “the agent’s internal reasoning explicitly recognizes the dangerous target, yet the confirmation prompt shown to the user conceals this information entirely. This is CWE-451 – UI misrepresentation of critical information – layered on top of the symlink vulnerability. The user approves what they believe is a harmless local edit. The agent then writes to a sensitive file outside of the project workspace.”
Wiz said it reported the issue to the six vendors initially impacted; AWS, Cursor and Google “fixed the issue promptly,” Augment and Windsurf/Devin “acknowledged receipt but went silent,” and Anthropic had already fixed the problem before it was contacted by Wiz.
Potentially massive exposure
But analysts and consultants said the AI dev tool problem that Wiz described illustrates a far greater security risk: enterprises are trusting these tools and the information they report far too much, which is what may give attackers a big opportunity.
Katie Norton, senior research manager for DevSecOps at IDC, noted that the Wiz report pointed out a disturbing fact. “The safety check people rely on to catch these actions doesn’t actually stop anything. That’s a real way for an attacker to break into a developer’s machine,” she said. “The scope is bounded by one condition: the attack requires a developer to clone and operate on an untrusted or malicious repository. That concentrates the risk in workflows touching external contributors, forked repositories, and third-party or open source dependencies, rather than in internally authored code.”
Norton said the exposure from this flaw, along with similar holes in other AI dev tools, is potentially massive. “Since March 2025, security vendors and researchers have disclosed comparable issues in nearly every major AI coding assistant. That pattern: a mitigation ships, then a new bypass of that same mitigation surfaces within months. That is worth watching and reflects how new this category’s threat model still is across the board, it’s not a gap specific to any one vendor’s practices.”
That means, she said, that agentic coding tools need multilayered defense, because the risk isn’t confined to the code an agent generates. “The tools themselves sit within the software supply chain and can be attacked directly. GhostApproval makes that point clearly,” she noted.
“The vulnerability has nothing to do with code quality or insecure output. It’s a flaw in how the agent handles files and represents its own actions to the user, introduced by the tool’s design rather than a bad prompt or a compromised dependency. Failure to account for the coding tools’ own attack surface is what leaves this kind of gap unaddressed.”
Rethink policies and procedures
Noah Kenney, principal consultant at Digital 520, agreed; enterprise CISOs need to potentially rethink many of their AI dev tool policies and procedures. 
“The significant part is that the agent’s own reasoning identified the malicious target and the approval dialog hid it anyway. The tool knew it was writing to SSH keys and still asked a human to approve an edit to a config file, giving the human an illusion of control over the model,” Kenney said. “Many considered human in the loop to be the answer to agent risk, but this report shows that the loop can be fed bad information by the very agent it is supposed to be supervising.”
Because of this, Kenney advised adjusting the way tool management is enforced.
“Treat AI coding assistants as privileged software with filesystem access, not as editor plugins. That means patch discipline, version pinning, and knowing which tools in your environment write to disk before authorization,” Kenney said. “Then sandbox the blast radius. These agents should run against trusted repositories in isolated environments where a write to authorized_keys goes nowhere. Do not rely on the tool’s own dialog as your control or governance solution.”
A category-wide design issue
Justin Greis, CEO of consulting firm Acceligence, added that this security hole is a much bigger enterprise security strategy problem than most CISOs realize. 
“Six different vendors independently arrived at a very similar trust model. That suggests we’re looking at a category-wide design challenge rather than a collection of isolated implementation bugs. If vulnerabilities like this remained uncorrected, they would represent a meaningful enterprise risk, particularly for organizations that allow AI coding assistants to interact with untrusted repositories or production development environments,” he said.
“The immediate concern isn’t simply remote code execution. It’s that these agents operate with a level of filesystem access, tool access, and developer trust that traditional IDE extensions never had. Once an AI agent becomes an active participant in software development, every trust boundary it crosses becomes part of the organization’s attack surface.”

View the full article
Anthropic is updating Claude with a new "Reflect" feature that's akin to Spotify Wrapped. Reflect lets you look back on how you've been using Claude, and for how long.


Reflect includes a summary of Claude usage, incorporating key topics, usage patterns, and the type of tasks you work through using Claude.

You can look back at Claude activity over the past 1, 3, 6, or 12 months, and in the near future, Anthropic plans to add a view of how much time you've spent using Claude. Anthropic says the Reflect feature invites users to step back and look at the role Claude plays in their lives. It will surface questions for you to consider, like "What's one thing you want to keep doing yourself, even if Claude could do it faster?"

There are new settings for quiet hours or scheduling a nudge to remind you to take a break from using Claude after a certain amount of time. Anthropic says you can also use the information with the 4D AI Fluency Framework to expand how you work with Claude across four categories: Delegation, Description, Discernment, and Diligence. It offers examples of how you collaborate with Claude, and it has practical suggestions for areas of improvement.

Reflect does not draw information from incognito chats, and it doesn't use underlying files from connected tools. Conversations connected to health integration tools are also left out of insights, and the information shown in the Reflect option isn't used for other purposes.

Reflect is available in beta for Free, Pro, and Max users who have memory turned on. It can be accessed through the Settings section of Claude on the web or in the desktop app. Select the Reflect tab to generate a report.Tag: Anthropic
This article, "Anthropic Adds 'Reflect' Feature to Claude for Tracking Your Usage" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
OpenAI today announced ChatGPT Work, a ChatGPT agent with built-in Codex that can complete tasks across web, mobile, and desktop using information from your apps. ChatGPT Work can execute multi-step tasks, using scheduling to work independently. Like Claude Cowork, ChatGPT can use your computer to do tasks in the background across apps.


Tasks can be started and managed on any device, including a smartphone. On the desktop, OpenAI is merging the Codex app with the ChatGPT app. ChatGPT Work can use local files and apps to do tasks, or a new built-in browser to access websites, tools, and online files. Plugins connect apps and systems to ChatGPT Work, and a new Sites beta feature lets you create interactive sites and web apps for reports, live dashboards, and more.

ChatGPT Work is powered by OpenAI's GPT–5.6 models, which are also rolling out today after a limited preview period. Sol is OpenAI's new flagship model, while Terra is a balanced everyday work model and Luna is a cost-efficient model.

OpenAI says that GPT–5.6 Sol achieves "state-of-the-art results" in coding, knowledge work, cybersecurity, and science. It outperforms prior frontier models while using fewer tokens for a lower estimated cost.

OpenAI claims that GPT–5.6 is better at coding and has improved design judgment, able to create "tasteful, ergonomic, and functional interfaces" with just high-level direction. It can also create more accurate presentations, documents, and spreadsheets.

The model has safeguards against misuse, with layered protections that include real-time checks, monitoring, and access calibrated to risk and trust. It is OpenAI's best cybersecurity model, ideal for code review, threat modeling, and more.

GPT–5.6 is available across ChatGPT, Codex, and the OpenAI API starting today. GPT–5.6 Sol is available for Plus, Pro, Business, and Enterprise users. Free and Go users have access to GPT–5.6 Terra.

ChatGPT Work is available today for Pro, Enterprise, and Edu plans. It will expand to Plus and Business plans in the next few days.

With OpenAI merging Codex and ChatGPT, there is a new ChatGPT desktop app that's available across Mac and Windows. Users who have the Codex app installed can update it to turn it into the new ChatGPT desktop app. The existing ChatGPT desktop app is being renamed ChatGPT Classic.Tags: ChatGPT, OpenAI
This article, "OpenAI Debuts ChatGPT Work Agent and New GPT-5.6 Models" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
It's been a few weeks since Apple announced widespread price hikes across numerous product categories, including the 2026 MacBook Pro. These new prices are now reaching third party retailers, but there remains one exception at Best Buy, which still has one model of the 14-inch M5 Pro MacBook Pro at its pre-hike price.

Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

You can get the 24GB/2TB 14-inch M5 Pro MacBook Pro for $2,549.00, down from the new price of $2,999.00. This one is available in both Silver and Space Black, and Best Buy provides both in-store pick-up and delivery options at checkout.

$450 OFF14-inch M5 Pro MacBook Pro (24GB/2TB) for $2,549.00

Across Best Buy and Amazon, this remains one of the only products still available at pre-hike prices, with nearly every other MacBook and iPad either unavailable to purchase or only available at their newly increased prices.

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Last Call: M5 Pro MacBook Pro Remains at Pre-Hike Price But Not for Much Longer" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple has held meetings with PrismML about ways it could use the startup's technology to run much larger AI models directly on iPhones, according to The Information.


The report said PrismML has managed to shrink down Alibaba's open-source large language model Qwen 3.6 to run entirely on an iPhone 17 Pro. The model has 27 billion parameters, which is larger than Apple's on-device AFM 3 Core Advanced model with 20 billion parameters. Apple's model powers iOS 27 enhancements such as Siri AI's more expressive voices and improved systemwide dictation on iPhone 17 Pro and iPhone Air models.

Unlike with AFM 3 Core Advanced, all of Qwen 3.6's parameters can be active at the same time.

"One new on-device Apple model has 20 billion parameters but uses a so-called sparse architecture, in which only 1 billion to 4 billion parameters are active at a time," the report said, in reference to AFM 3 Core Advanced. "In the case of PrismML's on-device model, all 27 billion parameters are active at the same time."

Larger models running directly on iPhones would allow for more Apple Intelligence features to run on device instead of on Apple's Private Cloud Compute servers, which could reduce Apple's costs and further enhance user privacy.Tags: Apple Intelligence, The Information
This article, "Apple Exploring Ways to Run Much Larger AI Models Directly on iPhones" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple and MLB today released the August schedule for Apple TV's weekly Friday Night Baseball doubleheader.

Friday Night Baseball games are included with an Apple TV streaming subscription at no additional cost.Related Roundup: Apple TVBuyer's Guide: Apple TV (Don't Buy)Related Forum: Apple TV and Home Theater
This article, "Apple TV and MLB Release August Schedule for 'Friday Night Baseball'" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple stands to gain from India's decision to eliminate import duties on a range of components used in smartphone manufacturing, in a move that could further lower costs for the company's rapidly growing India-based supply chain.


According to a report from Reuters, the Indian government has done away with tariffs of 7.5% and 5% that had applied to inputs for wireless charging hardware, automotive and medical device screens, and lithium-ion battery cells. The exemptions are set to remain in effect through to March 31, 2029.

The wireless charging component exemption, in particular, feeds directly into the MagSafe ecosystem used across the iPhone lineup. With import costs on that hardware now removed, Apple's India-based assembly partners have a clearer path to sourcing and building charging components domestically rather than importing them at a markup.

Apple has leaned heavily on India as it works to shift iPhone production away from China, with assembly partners now building roughly a quarter of all iPhones in the country and producing the entire iPhone 17 lineup there for the first time, including the higher-end Pro and Pro Max models. Foxconn, one of Apple's main assemblers, poured $1.5 billion into expanding its India operations earlier this year, and Tata Electronics has grown into an equally central manufacturing partner alongside it.Tags: India, MagSafe
This article, "Apple's Manufacturing in India Gets Boost From New Tariff Exemptions" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
There's a big accessory sale happening on Amazon this week, with the year's best prices on Anker chargers, Samsung monitors, Sonos audio products, and much more.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Highlights this time around include a new batch of audio devices on sale, including the Sonos Ace Headphones for $279.00, down from $399.00, and Sony's WH-1000XM5 Noise Canceling Headphones for $248.00, down from $399.00. Another notable audio discount is on the Soundcore Sleep A30 Earbuds, which are designed to be worn in bed, available for $179.99, down from $229.99.

$50 OFFSoundcore Sleep A30 Earbuds for $179.99
$120 OFFSonos Ace Headphones for $279.00
$151 OFFSony WH-1000XM5 Noise Canceling Headphones for $248.00

In terms of monitor and TV deals, there are quite a few Samsung deals happening this week on Amazon. The 32-inch Smart Monitor M9 has hit its second-best price on Amazon at $1,267.20, down from $1,599.99, beating the Prime Day deal by about $30. You'll also find solid sales on The Frame TVs and Odyssey monitors right now.

$332 OFFSamsung 32-inch Smart Monitor M9 for $1,267.20

We're also tracking big discounts from brands like LG, Hisense, iVANKY, Jackery, and more in the lists below. Accessories on sale include USB-C wall chargers, MagSafe-compatible wireless chargers, portable batteries, headphones, docks, and monitors.

Audio

Soundcore Sleep A30 Earbuds - $179.99, down from $229.99
Sony WH-1000XM5 Noise Canceling Headphones - $248.00, down from $399.00
Sonos Ace Headphones - $279.00, down from $399.00
Sony WH-1000XM6 Noise Canceling Headphones - $398.00, down from $459.00

Monitors and TVs

Samsung 27-inch Odyssey G5 Monitor - $169.99, down from $249.99
LG 27-inch UltraGear Monitor - $269.12, down from $499.99
Hisense 65-inch E6 Cinema Series 4K TV - $377.99, down from $478.00
Samsung 27-inch Odyssey OLED G5 - $415.00, down from $499.99
Samsung 55-inch The Frame 4K TV - $897.99, down from $1,097.99
Samsung 49-inch Odyssey OLED G9 Monitor - $1,049.99, down from $1,299.99
Samsung 32-inch M9 Smart Monitor - $1,267.20, down from $1,599.99

Docks

Anker Nano 13-Port Docking Station - $111.99, down from $149.99
Anker Prime 14-Port Docking Station - $169.99, down from $269.99
Anker Prime 14-Port Thunderbolt 5 Dock - $319.99, down from $399.99
iVANKY 23-in-1 Thunderbolt 5 FusionDock Max 2 - $399.99, down from $499.99

Wall Chargers

Anker Nano USB-C Wall Charger - $25.99, down from $39.99
UGREEN 100W GaN 4-Port Charger - $40.84, down from $54.99
Anker 140W 4-Port GaN USB-C Charger - $79.99, down from $89.99
Anker 3-Port Prime Charger - $99.99, down from $149.99

Wireless Chargers

Anker 3-in-1 MagGo Qi2 Charging Stand - $71.99, down from $89.99
Anker 3-in-1 MagGo UFO Charger - $71.99, down from $89.99
Anker 3-in-1 MagSafe-Compatible Foldable Charging Station - $85.99, down from $109.99
Anker 3-in-1 MagSafe-Compatible Charging Cube - $89.99, down from $129.99
Anker 3-in-1 Prime Wireless Charging Station - $99.74, down from $149.99
Anker Prime MagSafe-Compatible 3-in-1 Charging Station - $139.99, down from $229.99

Portable Chargers

Anker MagGo Power Bank 10,000 mAh - $65.99, down from $79.99
Anker SOLIX C300 Power Station with Lantern - $189.99, down from $249.00
Anker Prime Power Bank 26,250 mAh - $179.99, down from $229.99
Anker SOLIX C1000 Gen 2 Portable Power Station - $549.99, down from $599.00
Jackery Explorer 1000 v2 Portable Power Station - $429.00, down from $799.00
Anker SOLIX C2000 Gen 2 Portable Power Station - $899.99, down from $1,499.00

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Sonos, Sony, Anker and More: The Best Amazon Accessory Deals Right Now" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
OHC_logo_transparent_01.jpeg flags-medium.png OHC_logo_blue_square_small.jpeg

 

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.