Skip to content
View in the app

A better way to browse. Learn more.

hosang I.T.

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Tech

Tech Articles from a wide variety of topics and categories
In May, Apple agreed to pay $250 million to settle a U.S. class action lawsuit over Siri AI's delayed launch, and eligible iPhone users could receive up to a $95 payout.


This week, the California court overseeing the case held a hearing regarding preliminary approval of the settlement, but the judge has not yet issued a ruling. It will likely be at least a few more months before eligible customers can begin submitting claims, with payouts unlikely to begin until late this year or early next year if the settlement is ultimately approved. In other words, no action is required from eligible customers at this time.

Below, we have answered some key questions regarding the lawsuit.

Why Was Apple Sued?

In June 2024, Apple previewed new Siri capabilities powered by Apple Intelligence, including understanding of a user's personal context, on-screen awareness, and deeper per-app controls. For example, Apple showed an iPhone user asking Siri about their mother's flight and lunch reservation plans based on info from the Mail and Messages apps.

Apple advertised those Siri features in product presentations, on its website, in a TV commercial starring actor Bella Ramsey, and elsewhere.


In March 2025, Apple delayed the launch of the personalized version of Siri, leading to the company being hit with a class action lawsuit alleging false advertising.

In a statement, Apple touted a range of other Apple Intelligence features it had already released. Nevertheless, Apple agreed to settle the lawsuit "to stay focused" on "delivering the most innovative products and services to our users."

Apple finally announced "Siri AI" at WWDC 2026 last month, and the revamped assistant is available to test on the iOS 27 developer beta, with a public beta to follow this month. iOS 27 should be released in September, at which point "Siri AI" will finally be available to all users with an iPhone 15 Pro or newer.


Am I Eligible?

To be eligible to submit a claim, you must reside in the U.S. and have purchased any iPhone 15 Pro or iPhone 16 model between June 10, 2024 and March 29, 2025.

The full list of eligible iPhone models:
iPhone 15 Pro
iPhone 15 Pro Max
iPhone 16
iPhone 16e
iPhone 16 Plus
iPhone 16 Pro
iPhone 16 Pro Max
It is unlikely that individuals who submit a claim will still need to have physical possession of an eligible iPhone model. However, there is a possibility that proof of purchase or other information will be required, such as the device's serial number. Exact requirements will be outlined on the settlement website, which is still not live.

How Much Will Apple Pay Me?

According to the terms of the settlement, each person who files an eligible claim will receive a per-device payment of $25, but this amount could increase up to $95 if the total number of claims submitted is lower than anticipated.

Where and When Can I Submit a Claim?

Over the coming months, a settlement website is expected to go live with an online claims form.

Eligible class members will be notified by email within approximately 45 days after the settlement receives preliminary approval, according to the court documents. Even if you are not notified but are a U.S. resident who purchased one of the above iPhone models within the above dates, you are still eligible if you meet the criteria.Tags: Apple Intelligence, Apple Lawsuits, Siri, Siri AI
This article, "'Siri AI' Lawsuit Update: Apple to Pay Owners of These iPhone Models" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
A cloud intrusion that ended with the deployment of cryptomining malware has exposed a bigger risk for enterprises: AI gateways that concentrate access to cloud identities, permissions, and foundation models in a single, highly privileged system.
Researchers from cybersecurity firm Darktrace found attackers compromising an AWS EC2 instance acting as a LiteLLM proxy for Amazon Bedrock, eventually deploying XMRig cryptomining malware, along with attempts to abuse cloud identities and AI services.
Although the attack ended in cryptomining, researchers said the bigger concern is that AI gateways centralize model access, identities, and cloud privileges, making them valuable targets.
Experts found the attack familiar and consistent with past cloud attack techniques.
“Strip off the AI branding and this is a cloud intrusion pattern we’ve been watching since at least 2018: SSH open to the internet, brute-force attempts, a commodity XMRig miner, and repeated connections to a mining pool,” said Sean Malone, CISO at BeyondTrust. “Even the AI-specific angle, stolen credentials probing Bedrock model access, has had a name since 2024: LLMjacking.”

However, Malone agreed with Darktrace researchers on the potential blast radius. “AI gateways concentrate credentials, cloud permissions, and model access into a single choke point, so a routine intrusion lands on a privileged asset,” he explained.
The attack followed a known pattern
According to Darktrace, the compromised EC2 instance appeared to support LiteLLM activity and was associated with an IAM role capable of accessing Amazon Bedrock resources. While researchers could not conclusively determine the initial access vector, they said the attack followed a sequence commonly seen in cloud intrusions.
Before the miner was deployed, the instance had SSH exposed to the internet, with port 22 accessible from anywhere. Darktrace observed a high volume of inbound SSH connection attempts, largely originating from a single external IP address, indicating probable brute-force activity.
Shortly afterward, the host downloaded a ZIP archive containing XMRig cryptomining malware before repeatedly connecting to a known mining pool over HTTPS.
Darktrace stressed that it could not confirm whether the SSH activity directly led to the compromise because host-level logs were unavailable. However, the timing of the SSH exposure, miner download, and subsequent mining-pool communications strongly suggested the EC2 instance had been compromised and repurposed for unauthorized compute activity.
Compromised AI gateways are a big deal
The disclosure also detailed suspicious IAM activity observed separately, a day later, by another AWS identity. Among the unusual actions were a “GetSendQuota” API call from an IP address in Vietnam, attempts to enumerate and invoke Amazon Bedrock foundation models, and an effort to create a new IAM user using a randomly generated username.
This behavior is commonly associated with establishing persistence following credential compromise. However, Darktrace could not link the IAM activity directly to the LiteLLM incident.
Jason Soroko, senior fellow at Sectigo, said the incident’s significance lies less in the cryptominer than in the system that was compromised.
“These gateways are becoming brokers for identity, model access, prompts, logs, and policy,” he noted. “When one is exposed over SSH or backed by broad IAM permissions, it is no longer just another EC2 instance. It is a control point for AI operations.”
To protect against such attacks, Soroko added, security teams should close public admin paths, remove long-term keys where possible, scope IAM permissions, monitor Bedrock and model access patterns, and correlate workload telemetry with control-plane events.
Darktrace said it helped in the timely containment of the attack. “The cryptomining activity was received by Darktrace’s Managed Threat Detection service and reviewed by Darktrace’s SOC,” the researchers said in a blog post shared with CSO ahead of its publication on Thursday. “Following review, the activity was escalated to the customer. This escalation provided the customer with timely notification of active resource abuse in the AWS environment.”
View the full article
A cloud intrusion that ended with the deployment of cryptomining malware has exposed a bigger risk for enterprises: AI gateways that concentrate access to cloud identities, permissions, and foundation models in a single, highly privileged system.
Researchers from cybersecurity firm Darktrace found attackers compromising an AWS EC2 instance acting as a LiteLLM proxy for Amazon Bedrock, eventually deploying XMRig cryptomining malware, along with attempts to abuse cloud identities and AI services.
Although the attack ended in cryptomining, researchers said the bigger concern is that AI gateways centralize model access, identities, and cloud privileges, making them valuable targets.
Experts found the attack familiar and consistent with past cloud attack techniques.
“Strip off the AI branding and this is a cloud intrusion pattern we’ve been watching since at least 2018: SSH open to the internet, brute-force attempts, a commodity XMRig miner, and repeated connections to a mining pool,” said Sean Malone, CISO at BeyondTrust. “Even the AI-specific angle, stolen credentials probing Bedrock model access, has had a name since 2024: LLMjacking.”

However, Malone agreed with Darktrace researchers on the potential blast radius. “AI gateways concentrate credentials, cloud permissions, and model access into a single choke point, so a routine intrusion lands on a privileged asset,” he explained.
The attack followed a known pattern
According to Darktrace, the compromised EC2 instance appeared to support LiteLLM activity and was associated with an IAM role capable of accessing Amazon Bedrock resources. While researchers could not conclusively determine the initial access vector, they said the attack followed a sequence commonly seen in cloud intrusions.
Before the miner was deployed, the instance had SSH exposed to the internet, with port 22 accessible from anywhere. Darktrace observed a high volume of inbound SSH connection attempts, largely originating from a single external IP address, indicating probable brute-force activity.
Shortly afterward, the host downloaded a ZIP archive containing XMRig cryptomining malware before repeatedly connecting to a known mining pool over HTTPS.
Darktrace stressed that it could not confirm whether the SSH activity directly led to the compromise because host-level logs were unavailable. However, the timing of the SSH exposure, miner download, and subsequent mining-pool communications strongly suggested the EC2 instance had been compromised and repurposed for unauthorized compute activity.
Compromised AI gateways are a big deal
The disclosure also detailed suspicious IAM activity observed separately, a day later, by another AWS identity. Among the unusual actions were a “GetSendQuota” API call from an IP address in Vietnam, attempts to enumerate and invoke Amazon Bedrock foundation models, and an effort to create a new IAM user using a randomly generated username.
This behavior is commonly associated with establishing persistence following credential compromise. However, Darktrace could not link the IAM activity directly to the LiteLLM incident.
Jason Soroko, senior fellow at Sectigo, said the incident’s significance lies less in the cryptominer than in the system that was compromised.
“These gateways are becoming brokers for identity, model access, prompts, logs, and policy,” he noted. “When one is exposed over SSH or backed by broad IAM permissions, it is no longer just another EC2 instance. It is a control point for AI operations.”
To protect against such attacks, Soroko added, security teams should close public admin paths, remove long-term keys where possible, scope IAM permissions, monitor Bedrock and model access patterns, and correlate workload telemetry with control-plane events.
Darktrace said it helped in the timely containment of the attack. “The cryptomining activity was received by Darktrace’s Managed Threat Detection service and reviewed by Darktrace’s SOC,” the researchers said in a blog post shared with CSO ahead of its publication on Thursday. “Following review, the activity was escalated to the customer. This escalation provided the customer with timely notification of active resource abuse in the AWS environment.”
View the full article
Apple has stopped signing several older versions of iOS for a group of legacy iPhone and iPad models, cutting off the paths to reinstall or downgrade the affected software.


Apple will no longer validate over-the-air (OTA) or direct IPSW installs of the builds in question. Once a version is unsigned, there is no longer a way to restore or install it through Finder or iTunes.

The change is narrower than a typical signing update. Apple has not stopped signing the iOS versions themselves. Instead, it has ended signing for the baseband firmware, the low-level software that runs each device's cellular modem, tied to those releases.

The affected releases span iOS 6 through iOS 10. The full set of devices and versions that can no longer be restored is as follows:


iPhone 4 (CDMA): iOS 7.1.2 IPSW installs
iPhone 4S: iOS 6.1.3 and iOS 8.4.1 OTA installs, plus iOS 9.3.5 and iOS 9.3.6 IPSW installs
iPhone 5 (GSM and CDMA): iOS 8.4.1 OTA installs, plus iOS 10.3.3 and iOS 10.3.4 IPSW installs
iPhone 5c (GSM and CDMA): iOS 10.3.3 IPSW installs
iPad 2 (Wi-Fi + 3G, CDMA): iOS 6.1.3 and iOS 8.4.1 OTA installs, plus iOS 9.3.5 and iOS 9.3.6 IPSW installs
iPad 3rd generation (GSM and CDMA): iOS 8.4.1 OTA installs, plus iOS 9.3.5 and iOS 9.3.6 IPSW installs
iPad 4th generation (Wi-Fi + Cellular): iOS 8.4.1 OTA installs, plus iOS 10.3.3 and iOS 10.3.4 IPSW installs
iPad mini (Wi-Fi + Cellular): iOS 8.4.1 OTA installs, plus iOS 9.3.5 and iOS 9.3.6 IPSW installs


Tellingly, every model caught up in the change is a cellular variant. Wi-Fi-only iPads are untouched, since they carry no cellular modem and therefore there is no baseband to sign in the first place.

The oldest hardware on the list is the CDMA iPhone 4, which never advanced beyond iOS 7.1.2, while the newest builds affected are iOS 10.3.3 and iOS 10.3.4 on the iPhone 5 and the fourth-generation ‌iPad‌.

For context, Apple did not separate iOS and iPadOS until iPadOS 13, so these much earlier ‌iPad‌ releases were all running iOS at the time.

One of the more interesting entries is the OTA version of iOS 8.4.1, which Apple had kept signing to serve as a stepping stone. Certain devices had to pass through iOS 8.4.1 on the way to iOS 9, and the same signed build gave owners a route back if they wanted to revert. That fallback now disappears for nearly every device on the list, from the iPhone 4S up to the iPhone 5.

A device that is already up and running on its current firmware carries on as normal, but owners lose the fallback of a fresh install should that firmware ever break. It also shuts the door on restores for anyone holding onto old hardware to test apps, check compatibility, or preserve software.

Signing changes like this usually target the latest releases instead, often landing within days of a significant security patch for a current version of iOS or iPadOS. Pulling signatures for decade-old builds on aging devices is rarer, and it touches only a tiny fraction of users in 2026, since everything on the list is more than ten years old.Related Roundups: iPad, iPad miniBuyer's Guide: iPad (Don't Buy), iPad Mini (Don't Buy)Related Forums: iOS 10, iOS 8, iOS 9, iPad, iPhone
This article, "Apple Pulls Ability to Restore iPhone 5c, iPad Mini, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
The UK’s National Cyber Security Centre (NCSC) wants to deploy autonomous AI agents capable of finding and neutralizing cyberattacks on national networks in real time, marking Britain’s push toward a sovereign, machine-speed cyber defense system.
The blueprint, called Cyber Shield, was developed jointly with the Department for Science, Innovation and Technology (DSIT).
“The objective of Cyber Shield is to build a national-scale, collaborative approach to agentic cyber defence, using frontier AI to identify, reduce and resolve our national cyber risk,” the NCSC said in a blog post.
The proposal comes as the NCSC warns that AI is already helping attackers perform activities such as vulnerability discovery and reconnaissance “at a much greater scale and faster pace,” reducing the time available for defenders to respond.
While the agency said it has not yet observed fully autonomous attacks across the complete intrusion lifecycle, it expects frontier AI models to eventually operate from initial access through actions on objectives.
Cyber Shield relies on AI agents
According to the blueprint, Cyber Shield would rely on AI-powered “red” and “blue” agents to identify weaknesses in systems, detect threats, and progressively automate cyber defense activities.
“In the near future, we envisage a world where cyber defence is supported by ‘red’ and ‘blue’ agents which identify weaknesses in systems (‘red’) and defend against threats in real time (‘blue’),” the NCSC said in the blog.
Initially, the AI agents would identify vulnerabilities and threats at machine speed before progressing toward automated remediation. They would also generate and share security insights, detect and contain breaches, collaborate across organizational boundaries, and operate under the control of participating organizations.
The NCSC said it plans to begin by partnering with network defenders across government and critical UK sectors before transitioning to commercially scalable deployments.
“Our aim is to transition to commercially scalable solutions to deliver a level of national resilience which is ready for the future threat,” the agency said.
AI is shrinking defenders’ response window
“The UK faces a cyber threat that is growing in scale, speed and sophistication,” the NCSC said. “Frontier AI is accelerating this trend, with the potential to shift the balance in favour of attackers – and with serious implications for defenders.”
According to the agency, AI is already helping attackers conduct offensive cyber activities, including vulnerability discovery and reconnaissance, “at a much greater scale and faster pace.”
“As a result, activities that once took weeks can now take minutes, reducing the time available for defenders to respond, detect, and contain them,” the blog post added.
The Cyber Shield framework also prioritizes explainable AI, federated AI agents, automated vulnerability discovery and mitigation, coordinated detection and response, and national-scale scanning and mitigation capabilities. Among its longer-term objectives is the development of “fully automated vulnerability mitigation workflows” that would allow defenders to operate “beyond human scale,” initially across critical networks.
Sanchit Vir Gogia, chief analyst at Greyhound Research, said the blueprint reflects a broader shift toward operational AI in cybersecurity but also highlights governance challenges.
“Once an agent can alter a live environment, it stops being an assistant and joins the control plane,” Gogia said. “Every automated action must answer for its authority, its change and its reversal, and an agent that cannot explain itself has no business touching production.”
Gogia said the NCSC itself distinguishes between AI-assisted exposure identification and threat detection, which organizations can begin adopting today, and fully automated mitigation, which the blueprint identifies as an open research challenge.
Industry partnerships seen as critical
The NCSC said Cyber Shield cannot be delivered by the government alone and will require collaboration with industry, academia, frontier AI developers, and operators of critical national infrastructure.
“The Cyber Shield vision is ambitious and wide-reaching, and faces significant delivery challenges. It cannot be developed and operated by the NCSC or government alone,” the agency said.
According to the blog post, the NCSC and DSIT are establishing pathways for partners to contribute research, technologies, and operational expertise as the blueprint evolves.
The NCSC did not immediately respond to a request for comment on when Cyber Shield is expected to move beyond the blueprint stage.
Gogia said the blueprint is unlikely to immediately change enterprise technology procurement because it does not yet define an operational standard.
“Nobody will demand Cyber Shield-compatible products, because there is no operating standard to buy against,” he said. “What changes first is the criteria vocabulary. Serious buyers no longer ask whether a tool has agentic AI. They ask what it is permitted to change.”
View the full article
The UK’s National Cyber Security Centre (NCSC) wants to deploy autonomous AI agents capable of finding and neutralizing cyberattacks on national networks in real time, marking Britain’s push toward a sovereign, machine-speed cyber defense system.
The blueprint, called Cyber Shield, was developed jointly with the Department for Science, Innovation and Technology (DSIT).
“The objective of Cyber Shield is to build a national-scale, collaborative approach to agentic cyber defence, using frontier AI to identify, reduce and resolve our national cyber risk,” the NCSC said in a blog post.
The proposal comes as the NCSC warns that AI is already helping attackers perform activities such as vulnerability discovery and reconnaissance “at a much greater scale and faster pace,” reducing the time available for defenders to respond.
While the agency said it has not yet observed fully autonomous attacks across the complete intrusion lifecycle, it expects frontier AI models to eventually operate from initial access through actions on objectives.
Cyber Shield relies on AI agents
According to the blueprint, Cyber Shield would rely on AI-powered “red” and “blue” agents to identify weaknesses in systems, detect threats, and progressively automate cyber defense activities.
“In the near future, we envisage a world where cyber defence is supported by ‘red’ and ‘blue’ agents which identify weaknesses in systems (‘red’) and defend against threats in real time (‘blue’),” the NCSC said in the blog.
Initially, the AI agents would identify vulnerabilities and threats at machine speed before progressing toward automated remediation. They would also generate and share security insights, detect and contain breaches, collaborate across organizational boundaries, and operate under the control of participating organizations.
The NCSC said it plans to begin by partnering with network defenders across government and critical UK sectors before transitioning to commercially scalable deployments.
“Our aim is to transition to commercially scalable solutions to deliver a level of national resilience which is ready for the future threat,” the agency said.
AI is shrinking defenders’ response window
“The UK faces a cyber threat that is growing in scale, speed and sophistication,” the NCSC said. “Frontier AI is accelerating this trend, with the potential to shift the balance in favour of attackers – and with serious implications for defenders.”
According to the agency, AI is already helping attackers conduct offensive cyber activities, including vulnerability discovery and reconnaissance, “at a much greater scale and faster pace.”
“As a result, activities that once took weeks can now take minutes, reducing the time available for defenders to respond, detect, and contain them,” the blog post added.
The Cyber Shield framework also prioritizes explainable AI, federated AI agents, automated vulnerability discovery and mitigation, coordinated detection and response, and national-scale scanning and mitigation capabilities. Among its longer-term objectives is the development of “fully automated vulnerability mitigation workflows” that would allow defenders to operate “beyond human scale,” initially across critical networks.
Sanchit Vir Gogia, chief analyst at Greyhound Research, said the blueprint reflects a broader shift toward operational AI in cybersecurity but also highlights governance challenges.
“Once an agent can alter a live environment, it stops being an assistant and joins the control plane,” Gogia said. “Every automated action must answer for its authority, its change and its reversal, and an agent that cannot explain itself has no business touching production.”
Gogia said the NCSC itself distinguishes between AI-assisted exposure identification and threat detection, which organizations can begin adopting today, and fully automated mitigation, which the blueprint identifies as an open research challenge.
Industry partnerships seen as critical
The NCSC said Cyber Shield cannot be delivered by the government alone and will require collaboration with industry, academia, frontier AI developers, and operators of critical national infrastructure.
“The Cyber Shield vision is ambitious and wide-reaching, and faces significant delivery challenges. It cannot be developed and operated by the NCSC or government alone,” the agency said.
According to the blog post, the NCSC and DSIT are establishing pathways for partners to contribute research, technologies, and operational expertise as the blueprint evolves.
The NCSC did not immediately respond to a request for comment on when Cyber Shield is expected to move beyond the blueprint stage.
Gogia said the blueprint is unlikely to immediately change enterprise technology procurement because it does not yet define an operational standard.
“Nobody will demand Cyber Shield-compatible products, because there is no operating standard to buy against,” he said. “What changes first is the criteria vocabulary. Serious buyers no longer ask whether a tool has agentic AI. They ask what it is permitted to change.”
View the full article
DuckDuckGo's free web browser now blocks most video ads on YouTube, and the feature is on by default for iPhone and Mac users running the latest version of the app.


Announced on Wednesday, YouTube Ad Blocking stops ads that play before and during videos on YouTube's website, and DuckDuckGo says the result is the regular YouTube experience minus the interruptions, so features like viewing history and saving your spot in playlists keep working.

One thing to watch on iPhone is if you tap a YouTube link, it often opens the dedicated YouTube app if you have it installed. The blocking feature obviously won't work there, and you'll need to open the YouTube website inside the DuckDuckGo browser instead.

DuckDuckGo says it is using a community-maintained filter lists from uBlock Origin, along with its own rules to help minimize breakage. The company warns that videos may buffer a little longer than usual, but playback should run uninterrupted once a clip loads.

Note that YouTube Ad Blocking is separate from Duck Player, the browser's distraction-free video viewing mode, but the two can be enabled together.


The move follows Google's ongoing efforts to break ad blockers every which way it can, including recent changes to Chrome that targeted uBlock Origin. It's worth mentioning that DuckDuckGo isn't the first browser to block YouTube ads, with similar features already available in Brave and Opera.

DuckDuckGo's browser offers more than a dozen privacy protections, including ad tracker blocking and cookie pop-up removal. It's available for iOS devices on the App Store and for Mac on the Mac App Store and DuckDuckGo website.Tag: DuckDuckGo
This article, "DuckDuckGo Browser Now Blocks YouTube Ads on iPhone and Mac" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Meta has prototyped "super sensing" smart glasses that use cameras and audio recordings to capture the wearer's every moment, reports the Financial Times ($).


The smart glasses continuously collect audio while taking photos every few seconds, allowing the user to leverage AI to help query what they saw or heard, or recall their day, according to the report's sources.

Meta's current AI smart glasses have an LED in the corner of the frame that lights up to signal to others when a wearer is taking photographs or filming. But Meta executives don't want to activate the LED when the super-sensing features are turned on.
The report suggests the features could be activated on Meta's existing glasses via a software update.

Meta's plan, which could still change, highlights the obvious civil liberty and privacy risks of smart glasses. Privacy experts argue that always-on devices could violate data privacy or biometric data laws. It is also unclear whether the company or the wearer would be liable for potential violations of wiretapping laws, given that several U.S. states prohibit recording third-party conversations without consent.

Meta's existing Ray-Ban smart glasses already lack a visual indicator when AI is being used to analyze the wearer's surroundings. The company says it safeguards privacy by stripping out key identifying information.

In February, it was reported that the social media giant had an inactive facial recognition feature embedded in its Ray-Ban smart glasses platform. The company later removed the system.

Apple is widely expected to release its first smart glasses in 2027, designed in-house rather than through a partner brand.

Apple's smart glasses are expected to include cameras, microphones, and AI capabilities, and will have the ability to take photos, record video, provide translations, give turn-by-turn directions, and more. However, they won't have augmented reality capabilities, and it's not clear how Apple will manage privacy concerns.Tags: Financial Times, Meta, Privacy
This article, "Meta's 'Super Sensing' Prototype Glasses Quietly Record Everything" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
In a client engagement last year, an LLM-based deployment agent with standing access to a production Kubernetes cluster triggered a four-hour outage through a malformed configuration push. In the IAM, the agent appeared as a service account with a long-lived API key, no MFA, no scoped revocation path. When the incident review team asked which human had authorized the agent’s last action, no one in the room could answer. I have watched a version of that question go unanswered in three engagements over the past year, in three different sectors, with three different vendor stacks.
Every CISO deck right now contains a slide about agentic AI. Far fewer contain a slide about who, in identity terms, these agents actually are. That gap is the more dangerous one. The first slide is a strategy question. The second is a control question — and it is the one your auditors, your incident responders and your board will eventually ask. Gartner’s Top Cybersecurity Trends 2026, published by Director Analyst Alex Michaels, names both halves of that gap — agentic AI oversight (Trend 1) and IAM adaptation to AI agents (Trend 4) — as the forces redefining cyber risk this year.
This piece sets out a six-stage maturity model for non-human and agent-based identities (NHIs), the six minimum requirements that have to be met before any production deployment is defensible and the single most consequential reporting decision in the access-and-identity dimension: refusing the arithmetic mean across human and non-human identity governance.
Why agent-based systems break the existing identity model
A conventional service account performs a narrow, predictable task: it fetches a backup, runs a scheduled report, signs a build artifact. Its scope is fixed at design time. The controls around it — rotation, vaulting, audit — are well-understood.
An agent-based system does not work this way. It receives an intent, decomposes it into steps, calls whichever tools or APIs it judges appropriate and produces an outcome that was not specified action-by-action in advance. KuppingerCole’s 2026 Leadership Compass on Non-Human Identity Management notes that NHIs now outnumber human users in many enterprise environments, in some cases by a factor of 25 to 50. The same compass, authored under Principal Analyst Martin Kuppinger, observes that the tooling built around joiner-mover-leaver lifecycles was never designed to discover, attribute or govern these identities at that scale.
The OWASP GenAI Security Project has catalogued the resulting attack surface in two iterations — the Agentic AI Threats & Mitigations taxonomy in February 2025 and the more operational OWASP Top 10 for Agentic Applications later that year, categories ASI01 through ASI10. The notable finding is that three of the four highest-rated risks are identity questions: tool misuse and exploitation (ASI02), identity and privilege abuse including delegated and inherited trust (ASI03) and rogue agents that act outside their intended behavior (ASI10). A fourth, agentic supply chain vulnerabilities (ASI04), is identity adjacent.
CISA’s first joint Five Eyes advisory on the topic — Careful Adoption of Agentic AI Services, published 1 May 2026 with NSA, the Australian Signals Directorate’s ACSC, the Canadian Centre for Cyber Security, NCSC-NZ and NCSC-UK — converges on the same conclusion. Privilege risk is named the foundational concern. The Center for Internet Security followed with its own report on prompt injection as the top compounding risk in April 2026, and NIST’s AI Agent Standards Initiative, launched February 2026, is now drafting the formal standards that will sit alongside this guidance.
In other words, the dominant risk class introduced by agentic AI is not novel cryptography or some new exploit primitive. It is the unbounded scope of an identity that the existing IAM model was never asked to govern.
Six minimum requirements before any agent goes to production
Before any maturity discussion is useful, there is a floor. The following six requirements mark the line below which an agent-based system is not responsibly deployable in an enterprise environment. They are derived from incidents and audit findings I have collected across pharma, energy, finance and manufacturing engagements, and they are technically feasible on modern IAM and PAM platforms — though rarely on the IAM stacks most enterprises actually have today.
Each agent receives a uniquely attributable non-human identity. Shared service accounts across multiple agents, or shared between an agent and a human administrator, are not acceptable. Permissions are granted under an on-behalf-of model. The agent acts on the authority of a named human principal, inheriting that principal’s permissions, scoped to a defined purpose. It never acts from its own standing authority. No long-lived credentials. No API key valid for more than an hour. No embedded secrets in code. Short-lived, context-bound credentials only, revocable on anomaly. Complete audit trail through SIEM integration. Every agent action is logged with timestamp, executing identity, instructing human principal, input context and outcome. Continuous re-authentication. For long-running agents, identity is re-validated risk-based at regular intervals — not just at session start. Real-time revocation. The capability to disconnect an agent from systems within seconds is not optional. It is the only control that actually contains an agent-based incident in flight. An organization that cannot meet all six does not have an agent governance problem. It has a deployment readiness problem. The model below assumes these are in place by Stage 3; anything earlier is the discovery phase.
The six-stage NHI maturity model
Most enterprise maturity scales measure the access-and-identity dimension against the yardstick of human identity: is there central IAM, is MFA enforced for privileged access, does the joiner-mover-leaver lifecycle work? These remain the right questions, but they stop short. An organization that scores Stage 4 on human identity governance and Stage 1 on agent governance does not have a mature identity practice. It has a well-lit half and a blind half.
The following six-stage scale is cumulative — each stage assumes everything below it. The threshold of responsibility sits at Stage 3. In my view, production deployment of agent-based systems below Stage 3 is not defensible to a board, a regulator or an incident review.
StageLabelCriterion for non-human / agent-based identitiesAudit survivability0UnrecognizedNon-human identities exist but are not in the inventory. Shared service accounts, long-lived keys, no audit trail.No — agent activity is invisible to forensics.1VisibleIdentities are inventoried and assigned to an asset class, but not yet under independent governance.No — no per-agent accountability.2UniqueEach identity is uniquely attributable (no shared accounts); initial lifecycle rules exist but are applied inconsistently.Partial — who acted is answerable; on whose authority is not.3ControlledThe six minimum requirements are fully met: on-behalf-of model, short-lived credentials, SIEM audit trail, real-time revocation.Yes — minimum defensible posture.4Bounded and monitoredThe agent’s action is bounded; every action is reviewable and — where the process allows — reversible. Agent activity metrics are evaluated, not just collected.Yes — containment is provable.5Self-regulatingAnomalies in agent behavior are detected automatically and trigger risk-based pause or revocation. Each agent has a named accountable owner.Yes — state of the art. Stages 4 and 5 deserve unpacking because they are where the model departs from access control and begins to govern behavior. Bounded means the agent’s mandate has explicit limits it cannot act outside of. Reviewable means every action is logged with intent, execution and result. Reversible means an action can be rolled back before it produces irreversible effect — a hard constraint in any environment where actions touch physical processes, financial transactions or external commitments. Self-regulating means the system detects anomalies in agent behavior and intervenes before a human reasonably could.
The ‘human in the loop’ is not automatically governance
One misconception consistently overrates organizations’ agent governance. The presence of a human in the decision loop is widely treated as sufficient oversight. It is not. If a human is asked to approve hundreds or thousands of agent actions without the time to inspect each one, what exists is not control but an approval automation with a human signature on it. Human review does not scale to the action volume of an autonomous system.
A mature governance posture acknowledges this. It moves control from per-action approval to structural constraint: bound what the agent can do at all, monitor its behavior for anomaly and ensure that oversight is loyal to the principal, not to the executing system. An organization that rests its agent governance entirely on human per-action approvals does not reach Stage 4 of the model, regardless of how thoroughly those approvals are documented. Stage 4 requires structural bounding, not scaling handwork.
OWASP as an audit-ready evidence base
Maturity assessment risks drifting into subjective self-rating. The OWASP categories cited above can be operationalized into audit questions that anchor each stage in checkable evidence:
OWASP attack surface (Top 10 for agentic applications)Audit question for maturity assessmentMet from stageASI03 — Identity and privilege abuseDoes each agent have a unique identity, with no shared accounts?2ASI02 — Tool misuse and exploitationAre the interfaces an agent is permitted to use explicitly bounded?4ASI01 — Goal hijackIs each agent’s mandate clearly bounded and protected against manipulation?4ASI04 — Agentic supply chain vulnerabilityIs the agent’s software composition documented via SBOM?4ASI10 — Rogue agentAre anomalies in agent behavior detected and routed to pause or revoke?5 The column on the right matters. A common rating error is to grade an organization high because it has handled the easy requirements — unique identities, basic logging — without addressing the demanding ones. Tying the upper stages to the difficult criteria prevents that inflation.
Report human and non-human identity separately
The single most consequential reporting decision is to refuse the arithmetic mean. The access-and-identity dimension on a maturity radar should not collapse a Stage 4 human-identity practice and a Stage 1 agent-identity practice into a reassuring middle number. Both ratings belong on the same axis, but they belong reported separately.
A representative finding from current engagements: human identity governance at Stage 4 — central IAM, MFA, lifecycle managed — and agent governance at Stage 1, with agents recently inventoried but still authenticating via long-lived API keys against shared service accounts, without their own audit trail. The combined average would read Stage 2 to 3 and look acceptable. The separate reporting reveals that the unmanaged half is precisely the identity class with the largest and least predictable scope of action. That visibility is what triggers the prioritized roadmap action; an aggregated score buries it.
The named-accountable-owner test
If I run only one diagnostic in a new engagement, this is the one. For every production agent-based system in the environment, ask: who, by name, is accountable if this agent causes harm? An agent without a named accountable owner is the non-human counterpart of the workstation everyone uses, and no one owns. Stage 5 of the model formally requires a named accountable owner per deployed agent. The reason is operational, not bureaucratic: the question ‘who is responsible for this system?’ must be answered before the incident, not during it.
In practice, that accountability binds best to the role that already carries the operational risk of the affected process — typically the asset owner in the business function. Anchoring it there prevents agent-based systems from drifting into the organizational gray zone between IT, security and the business, which is exactly where unattributed action originates.
The maturity model in this article is a starting structure. The honest first step in adopting it is not to score well. It is to score truthfully, report human and non-human identity governance separately and treat the gap between them as the first item on the security roadmap for the agentic-AI period — before the next agent goes to production.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
In a client engagement last year, an LLM-based deployment agent with standing access to a production Kubernetes cluster triggered a four-hour outage through a malformed configuration push. In the IAM, the agent appeared as a service account with a long-lived API key, no MFA, no scoped revocation path. When the incident review team asked which human had authorized the agent’s last action, no one in the room could answer. I have watched a version of that question go unanswered in three engagements over the past year, in three different sectors, with three different vendor stacks.
Every CISO deck right now contains a slide about agentic AI. Far fewer contain a slide about who, in identity terms, these agents actually are. That gap is the more dangerous one. The first slide is a strategy question. The second is a control question — and it is the one your auditors, your incident responders and your board will eventually ask. Gartner’s Top Cybersecurity Trends 2026, published by Director Analyst Alex Michaels, names both halves of that gap — agentic AI oversight (Trend 1) and IAM adaptation to AI agents (Trend 4) — as the forces redefining cyber risk this year.
This piece sets out a six-stage maturity model for non-human and agent-based identities (NHIs), the six minimum requirements that have to be met before any production deployment is defensible and the single most consequential reporting decision in the access-and-identity dimension: refusing the arithmetic mean across human and non-human identity governance.
Why agent-based systems break the existing identity model
A conventional service account performs a narrow, predictable task: it fetches a backup, runs a scheduled report, signs a build artifact. Its scope is fixed at design time. The controls around it — rotation, vaulting, audit — are well-understood.
An agent-based system does not work this way. It receives an intent, decomposes it into steps, calls whichever tools or APIs it judges appropriate and produces an outcome that was not specified action-by-action in advance. KuppingerCole’s 2026 Leadership Compass on Non-Human Identity Management notes that NHIs now outnumber human users in many enterprise environments, in some cases by a factor of 25 to 50. The same compass, authored under Principal Analyst Martin Kuppinger, observes that the tooling built around joiner-mover-leaver lifecycles was never designed to discover, attribute or govern these identities at that scale.
The OWASP GenAI Security Project has catalogued the resulting attack surface in two iterations — the Agentic AI Threats & Mitigations taxonomy in February 2025 and the more operational OWASP Top 10 for Agentic Applications later that year, categories ASI01 through ASI10. The notable finding is that three of the four highest-rated risks are identity questions: tool misuse and exploitation (ASI02), identity and privilege abuse including delegated and inherited trust (ASI03) and rogue agents that act outside their intended behavior (ASI10). A fourth, agentic supply chain vulnerabilities (ASI04), is identity adjacent.
CISA’s first joint Five Eyes advisory on the topic — Careful Adoption of Agentic AI Services, published 1 May 2026 with NSA, the Australian Signals Directorate’s ACSC, the Canadian Centre for Cyber Security, NCSC-NZ and NCSC-UK — converges on the same conclusion. Privilege risk is named the foundational concern. The Center for Internet Security followed with its own report on prompt injection as the top compounding risk in April 2026, and NIST’s AI Agent Standards Initiative, launched February 2026, is now drafting the formal standards that will sit alongside this guidance.
In other words, the dominant risk class introduced by agentic AI is not novel cryptography or some new exploit primitive. It is the unbounded scope of an identity that the existing IAM model was never asked to govern.
Six minimum requirements before any agent goes to production
Before any maturity discussion is useful, there is a floor. The following six requirements mark the line below which an agent-based system is not responsibly deployable in an enterprise environment. They are derived from incidents and audit findings I have collected across pharma, energy, finance and manufacturing engagements, and they are technically feasible on modern IAM and PAM platforms — though rarely on the IAM stacks most enterprises actually have today.
Each agent receives a uniquely attributable non-human identity. Shared service accounts across multiple agents, or shared between an agent and a human administrator, are not acceptable. Permissions are granted under an on-behalf-of model. The agent acts on the authority of a named human principal, inheriting that principal’s permissions, scoped to a defined purpose. It never acts from its own standing authority. No long-lived credentials. No API key valid for more than an hour. No embedded secrets in code. Short-lived, context-bound credentials only, revocable on anomaly. Complete audit trail through SIEM integration. Every agent action is logged with timestamp, executing identity, instructing human principal, input context and outcome. Continuous re-authentication. For long-running agents, identity is re-validated risk-based at regular intervals — not just at session start. Real-time revocation. The capability to disconnect an agent from systems within seconds is not optional. It is the only control that actually contains an agent-based incident in flight. An organization that cannot meet all six does not have an agent governance problem. It has a deployment readiness problem. The model below assumes these are in place by Stage 3; anything earlier is the discovery phase.
The six-stage NHI maturity model
Most enterprise maturity scales measure the access-and-identity dimension against the yardstick of human identity: is there central IAM, is MFA enforced for privileged access, does the joiner-mover-leaver lifecycle work? These remain the right questions, but they stop short. An organization that scores Stage 4 on human identity governance and Stage 1 on agent governance does not have a mature identity practice. It has a well-lit half and a blind half.
The following six-stage scale is cumulative — each stage assumes everything below it. The threshold of responsibility sits at Stage 3. In my view, production deployment of agent-based systems below Stage 3 is not defensible to a board, a regulator or an incident review.
StageLabelCriterion for non-human / agent-based identitiesAudit survivability0UnrecognizedNon-human identities exist but are not in the inventory. Shared service accounts, long-lived keys, no audit trail.No — agent activity is invisible to forensics.1VisibleIdentities are inventoried and assigned to an asset class, but not yet under independent governance.No — no per-agent accountability.2UniqueEach identity is uniquely attributable (no shared accounts); initial lifecycle rules exist but are applied inconsistently.Partial — who acted is answerable; on whose authority is not.3ControlledThe six minimum requirements are fully met: on-behalf-of model, short-lived credentials, SIEM audit trail, real-time revocation.Yes — minimum defensible posture.4Bounded and monitoredThe agent’s action is bounded; every action is reviewable and — where the process allows — reversible. Agent activity metrics are evaluated, not just collected.Yes — containment is provable.5Self-regulatingAnomalies in agent behavior are detected automatically and trigger risk-based pause or revocation. Each agent has a named accountable owner.Yes — state of the art. Stages 4 and 5 deserve unpacking because they are where the model departs from access control and begins to govern behavior. Bounded means the agent’s mandate has explicit limits it cannot act outside of. Reviewable means every action is logged with intent, execution and result. Reversible means an action can be rolled back before it produces irreversible effect — a hard constraint in any environment where actions touch physical processes, financial transactions or external commitments. Self-regulating means the system detects anomalies in agent behavior and intervenes before a human reasonably could.
The ‘human in the loop’ is not automatically governance
One misconception consistently overrates organizations’ agent governance. The presence of a human in the decision loop is widely treated as sufficient oversight. It is not. If a human is asked to approve hundreds or thousands of agent actions without the time to inspect each one, what exists is not control but an approval automation with a human signature on it. Human review does not scale to the action volume of an autonomous system.
A mature governance posture acknowledges this. It moves control from per-action approval to structural constraint: bound what the agent can do at all, monitor its behavior for anomaly and ensure that oversight is loyal to the principal, not to the executing system. An organization that rests its agent governance entirely on human per-action approvals does not reach Stage 4 of the model, regardless of how thoroughly those approvals are documented. Stage 4 requires structural bounding, not scaling handwork.
OWASP as an audit-ready evidence base
Maturity assessment risks drifting into subjective self-rating. The OWASP categories cited above can be operationalized into audit questions that anchor each stage in checkable evidence:
OWASP attack surface (Top 10 for agentic applications)Audit question for maturity assessmentMet from stageASI03 — Identity and privilege abuseDoes each agent have a unique identity, with no shared accounts?2ASI02 — Tool misuse and exploitationAre the interfaces an agent is permitted to use explicitly bounded?4ASI01 — Goal hijackIs each agent’s mandate clearly bounded and protected against manipulation?4ASI04 — Agentic supply chain vulnerabilityIs the agent’s software composition documented via SBOM?4ASI10 — Rogue agentAre anomalies in agent behavior detected and routed to pause or revoke?5 The column on the right matters. A common rating error is to grade an organization high because it has handled the easy requirements — unique identities, basic logging — without addressing the demanding ones. Tying the upper stages to the difficult criteria prevents that inflation.
Report human and non-human identity separately
The single most consequential reporting decision is to refuse the arithmetic mean. The access-and-identity dimension on a maturity radar should not collapse a Stage 4 human-identity practice and a Stage 1 agent-identity practice into a reassuring middle number. Both ratings belong on the same axis, but they belong reported separately.
A representative finding from current engagements: human identity governance at Stage 4 — central IAM, MFA, lifecycle managed — and agent governance at Stage 1, with agents recently inventoried but still authenticating via long-lived API keys against shared service accounts, without their own audit trail. The combined average would read Stage 2 to 3 and look acceptable. The separate reporting reveals that the unmanaged half is precisely the identity class with the largest and least predictable scope of action. That visibility is what triggers the prioritized roadmap action; an aggregated score buries it.
The named-accountable-owner test
If I run only one diagnostic in a new engagement, this is the one. For every production agent-based system in the environment, ask: who, by name, is accountable if this agent causes harm? An agent without a named accountable owner is the non-human counterpart of the workstation everyone uses, and no one owns. Stage 5 of the model formally requires a named accountable owner per deployed agent. The reason is operational, not bureaucratic: the question ‘who is responsible for this system?’ must be answered before the incident, not during it.
In practice, that accountability binds best to the role that already carries the operational risk of the affected process — typically the asset owner in the business function. Anchoring it there prevents agent-based systems from drifting into the organizational gray zone between IT, security and the business, which is exactly where unattributed action originates.
The maturity model in this article is a starting structure. The honest first step in adopting it is not to score well. It is to score truthfully, report human and non-human identity governance separately and treat the gap between them as the first item on the security roadmap for the agentic-AI period — before the next agent goes to production.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
Security leaders have been on a spending sprint. The global AI in cybersecurity market is valued at $44 billion in 2026 and is projected to reach $213 billion by 2034, a trajectory that reflects genuine belief that machine learning will close the gap between the volume of threats and the capacity of human analysts. That belief is not wrong. What is wrong is where most organizations focus when the tools stop working.
When AI-driven detection underperforms, the instinct is to tune the algorithm, retrain the model or push the vendor for a better product. The real culprit, in most cases, is sitting upstream in the data pipelines long before any model ever sees an event. Fragmented telemetry, inconsistent schemas and stale behavioral baselines are quietly degrading the performance of AI security systems across the enterprise. Fixing the algorithm without fixing the data is like recalibrating a scale while the input keeps changing.
The tool sprawl problem nobody talks about at the data level
Most large enterprises are not working with clean, unified security data. They are working with decades of accumulated infrastructure decisions. Research shows the average enterprise runs 83 different security products from 29 separate vendors, and SOC teams absorb nearly 3,000 alerts per day, with 63 percent going unaddressed. Each of those tools generates its own telemetry in its own format, with its own field naming conventions, timestamp standards and metadata schemas.
Human analysts develop an intuition for navigating that inconsistency. Machine learning models do not. A behavioral detection model trained to correlate authentication events across your identity platform, your endpoint agent and your cloud access broker will produce unreliable results if those three tools call the same field three different names. The model is not broken. It is being fed structurally incoherent data and asked to find patterns in the noise.
What schema drift actually costs you
This is where the problem becomes invisible and expensive. Schema drift, the gradual mutation of data formats across security pipelines over time, rarely triggers an alert. Log formats change when vendors push updates. New telemetry sources add fields that did not previously exist. Identity platforms rename attributes without notifying the security engineering team. Over months, the statistical patterns that trained your behavioral detection models no longer match the data those models are receiving in production.
The downstream effects are exactly what most CISOs are already experiencing: Elevated false positive rates, analyst fatigue and detection gaps that only become visible after an incident. What most security leaders do not realize is that those symptoms trace back to the data layer, not the algorithm layer. Gartner projects that through 2026, organizations will abandon 60 percent of AI projects due to insufficient data quality, and the pattern is playing out in security operations as visibly as anywhere else.
Stale baselines are an attacker advantage
The data freshness problem is underappreciated as a security risk. Behavioral AI models build baselines from historical activity. In fast-changing enterprise environments, those baselines go stale faster than most security teams recognize.
The shift to hybrid work changed access patterns dramatically. Cloud adoption changed which resources users interact with and when. Mergers and acquisitions introduce new user populations with entirely different behavioral profiles. When AI models evaluate today’s activity against baselines built from a workforce and infrastructure that no longer exist, the results are predictable: Legitimate access triggers anomaly alerts, and sophisticated attackers who study baseline patterns can blend in precisely because the model’s assumptions have not kept up with the environment.
IBM research on data quality costs puts the average annual cost of poor data quality at $12.9 million per organization. In a security context, that figure does not capture the incident response costs, regulatory exposure or reputational damage that follow from a detection failure rooted in bad data architecture.
The organizational gap that keeps this problem in place
The reason this issue persists is structural. Data pipelines are typically managed by data or infrastructure engineering teams. Detection models are owned by SOC analysts or threat intelligence teams. The AI systems that sit between those two functions often belong to neither. When detection quality drops, security teams tune parameters. Engineering teams focus on pipeline cost and availability. Nobody owns the analytical consistency of the data flowing through the system, because no one’s job description covers that specific gap.
This is a leadership problem before it is a technical one. CISOs who want AI security tools to perform as advertised need to close that ownership gap and treat security telemetry with the same rigor applied to other business-critical data assets.
Three priorities for security leaders
Addressing this does not require a platform replacement or a multi-year transformation program. It requires deliberate attention to three areas:
Standardize telemetry schemas across your security stack. A unified schema, even an imperfect one, gives machine learning models a consistent foundation. Establish naming conventions for common fields, normalize timestamp formats and document deviations when vendors cannot comply. This is not a one-time project. It is ongoing governance. Build data quality monitoring into every ingestion pipeline. Before any event reaches an ML system, validate it for missing fields, timestamp anomalies and schema deviations. Catching data drift at ingestion is far cheaper than diagnosing detection failures after a real incident or after an attacker has already moved laterally. Apply governance discipline to security data, not just business data. Lineage tracking, validation rules and version-controlled schemas belong in security pipelines as much as they belong in financial reporting pipelines. Security telemetry is a critical business asset and should be managed accordingly. The AI-powered security tools in your stack are capable of delivering real value against modern threats. But that capability is entirely contingent on the quality, consistency and freshness of the data flowing into them. Before your organization invests another dollar in model tuning or platform upgrades, ask a harder and more productive question: When did anyone last audit the pipelines those models actually depend on?
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
Security leaders have been on a spending sprint. The global AI in cybersecurity market is valued at $44 billion in 2026 and is projected to reach $213 billion by 2034, a trajectory that reflects genuine belief that machine learning will close the gap between the volume of threats and the capacity of human analysts. That belief is not wrong. What is wrong is where most organizations focus when the tools stop working.
When AI-driven detection underperforms, the instinct is to tune the algorithm, retrain the model or push the vendor for a better product. The real culprit, in most cases, is sitting upstream in the data pipelines long before any model ever sees an event. Fragmented telemetry, inconsistent schemas and stale behavioral baselines are quietly degrading the performance of AI security systems across the enterprise. Fixing the algorithm without fixing the data is like recalibrating a scale while the input keeps changing.
The tool sprawl problem nobody talks about at the data level
Most large enterprises are not working with clean, unified security data. They are working with decades of accumulated infrastructure decisions. Research shows the average enterprise runs 83 different security products from 29 separate vendors, and SOC teams absorb nearly 3,000 alerts per day, with 63 percent going unaddressed. Each of those tools generates its own telemetry in its own format, with its own field naming conventions, timestamp standards and metadata schemas.
Human analysts develop an intuition for navigating that inconsistency. Machine learning models do not. A behavioral detection model trained to correlate authentication events across your identity platform, your endpoint agent and your cloud access broker will produce unreliable results if those three tools call the same field three different names. The model is not broken. It is being fed structurally incoherent data and asked to find patterns in the noise.
What schema drift actually costs you
This is where the problem becomes invisible and expensive. Schema drift, the gradual mutation of data formats across security pipelines over time, rarely triggers an alert. Log formats change when vendors push updates. New telemetry sources add fields that did not previously exist. Identity platforms rename attributes without notifying the security engineering team. Over months, the statistical patterns that trained your behavioral detection models no longer match the data those models are receiving in production.
The downstream effects are exactly what most CISOs are already experiencing: Elevated false positive rates, analyst fatigue and detection gaps that only become visible after an incident. What most security leaders do not realize is that those symptoms trace back to the data layer, not the algorithm layer. Gartner projects that through 2026, organizations will abandon 60 percent of AI projects due to insufficient data quality, and the pattern is playing out in security operations as visibly as anywhere else.
Stale baselines are an attacker advantage
The data freshness problem is underappreciated as a security risk. Behavioral AI models build baselines from historical activity. In fast-changing enterprise environments, those baselines go stale faster than most security teams recognize.
The shift to hybrid work changed access patterns dramatically. Cloud adoption changed which resources users interact with and when. Mergers and acquisitions introduce new user populations with entirely different behavioral profiles. When AI models evaluate today’s activity against baselines built from a workforce and infrastructure that no longer exist, the results are predictable: Legitimate access triggers anomaly alerts, and sophisticated attackers who study baseline patterns can blend in precisely because the model’s assumptions have not kept up with the environment.
IBM research on data quality costs puts the average annual cost of poor data quality at $12.9 million per organization. In a security context, that figure does not capture the incident response costs, regulatory exposure or reputational damage that follow from a detection failure rooted in bad data architecture.
The organizational gap that keeps this problem in place
The reason this issue persists is structural. Data pipelines are typically managed by data or infrastructure engineering teams. Detection models are owned by SOC analysts or threat intelligence teams. The AI systems that sit between those two functions often belong to neither. When detection quality drops, security teams tune parameters. Engineering teams focus on pipeline cost and availability. Nobody owns the analytical consistency of the data flowing through the system, because no one’s job description covers that specific gap.
This is a leadership problem before it is a technical one. CISOs who want AI security tools to perform as advertised need to close that ownership gap and treat security telemetry with the same rigor applied to other business-critical data assets.
Three priorities for security leaders
Addressing this does not require a platform replacement or a multi-year transformation program. It requires deliberate attention to three areas:
Standardize telemetry schemas across your security stack. A unified schema, even an imperfect one, gives machine learning models a consistent foundation. Establish naming conventions for common fields, normalize timestamp formats and document deviations when vendors cannot comply. This is not a one-time project. It is ongoing governance. Build data quality monitoring into every ingestion pipeline. Before any event reaches an ML system, validate it for missing fields, timestamp anomalies and schema deviations. Catching data drift at ingestion is far cheaper than diagnosing detection failures after a real incident or after an attacker has already moved laterally. Apply governance discipline to security data, not just business data. Lineage tracking, validation rules and version-controlled schemas belong in security pipelines as much as they belong in financial reporting pipelines. Security telemetry is a critical business asset and should be managed accordingly. The AI-powered security tools in your stack are capable of delivering real value against modern threats. But that capability is entirely contingent on the quality, consistency and freshness of the data flowing into them. Before your organization invests another dollar in model tuning or platform upgrades, ask a harder and more productive question: When did anyone last audit the pipelines those models actually depend on?
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
Apple's upcoming iPhone 18 Pro Max could be noticeably thicker and heavier than its predecessor, suggesting a trade-off behind the device's rumored larger battery.


Chinese leaker Ice Universe today claimed the iPhone 18 Pro Max will measure around 9mm thick and weigh approximately 240 grams. That would make the device around 0.25mm thicker and roughly 7 grams heavier than the current iPhone 17 Pro Max.

The latest claim comes off the back of recent regulatory filings indicating the iPhone 18 Pro Max will feature a 5,391mAh battery in China and a 5,567mAh battery in the U.S. – an increase of nearly 500mAh over the iPhone 17 Pro Max.

Ice Universe suggested the added thickness and weight are a direct result of the larger battery, but Apple is also said to be adopting a new type of vapor chamber that uses stainless steel, which could also be a contributing factor.

The rumor builds on an earlier claim that Apple's next flagship could become the heaviest iPhone ever. If so, it would have to be heavier than the iPhone 14 Pro Max, which also weighed 240 grams, so it may turn out that there are only milligram-level differences between the two.

Apple's use of titanium instead of stainless steel made the iPhone 15 Pro and iPhone 16 Pro models lighter than the iPhone 14 Pro models. Apple then switched away from titanium to less-dense aluminum for the iPhone 17 Pro models, but internal changes and slightly thicker designs bumped up their weight again.

The ‌iPhone 18 Pro‌ and ‌iPhone 18 Pro‌ Max are expected to launch alongside Apple's first foldable iPhone this September.Related Roundup: iPhone 18 ProTag: Ice Universe
This article, "iPhone 18 Pro Max Said to Be Thicker and Heavier Than Predecessor" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Poorly segmented networks and weak security controls continue to undercut security organizations’ ability to identify and contain attacks, giving attackers free rein after initial compromise, according to a recent study based on real-world enterprise security telemetry.
Zero Networks’ 2026 Lateral Movement Exposure Report — based on analysis of 54 trillion activities across 312 live enterprise environments — found that more than 80% of enterprise servers are reachable from anywhere inside the network.
The study found that 87% of enterprise servers accept inbound Remote Desktop Protocol (RDP) or SSH (Secure Shell) connections from broad internal sources, giving attackers wide access pathways once inside the network.
Furthermore, 78% of enterprise servers are reachable via SMB (Server Message Block) or WinRM (Windows Remote Management) — networking protocols attackers commonly exploit to achieve lateral movement as part of ransomware or other attacks.
In addition, 43% of internal authentication traffic still relies on NTLM (New Technology Lan Manager), a legacy protocol frequently abused for credential relay and privilege escalation attacks. And 12% of organizations maintain direct user-to-server administrative pathways, meaning a single compromised employee device can provide immediate access to high-value systems.
“These findings perfectly align with the reality our threat hunters at Huntress see on the front lines every day,” Dray Agha, senior manager of security operations at managed detection and response firm Huntress, tells CSO. “Most network perimeters are hard on the outside but lose that hostility and become flat on the inside network.”
The accessibility of most enterprise servers from inside compromised network means attackers have little need for sophisticated zero-day exploits once they breach the perimeter.
“They [attackers] are simply ‘living off the land’ using the exact same administrative tools and open pathways (like RDP and SMB) that IT teams use,” Agha adds.
Robby Winchester, chief global professional services officer at cybersecurity firm SpecterOps, also says Zero Networks’ findings are “right on point with what we typically observe.”
“On nearly every red team and penetration test we’ve conducted, our testers have achieved lateral movement,” Winchester explains. “Using tools like BloodHound show us that attack paths are pervasive and hard to eliminate without visibility, underscoring how hard it is to prevent lateral movement.”
Interconnected by design
At issue is the fact that security teams have spent years strengthening the perimeter while accepting a significant degree of implicit trust within the network.
But moving away from this approach is far from trivial, says David Sancho, senior threat researcher at Trend Micro.
“The uncomfortable reality is that many enterprise environments remain highly interconnected by design,” Sancho says. “RDP, SMB, SSH, and WinRM exist because administrators need to get work done.”
Legacy protocols such as NTLM persist because replacing them can be operationally challenging but replacing these aging technologies is nonetheless advisable because their presence makes it easier for attackers to dive deeper into compromised networks.
Still, Sancho notes that broad exposure does not automatically equate to widespread exploitation in all circumstances.
“Reachability indicates potential blast radius, not a certainty of compromise,” he explains. “At the same time, the findings highlight an ongoing operational challenge: balancing security with usability.”
Moreover, Sancho adds, “restricting administrative pathways, retiring legacy protocols, and implementing stronger segmentation are all sensible measures, but they are often difficult to execute in complex environments built over decades.”
Dhruv Datta, founder and co-CTO at GolfWiz AI, also sees reachable servers as only one aspect of the wider problem of enterprise security resilience.
“A reachable server may still be protected by identity controls, endpoint monitoring, access policies, or other safeguards,” Datta tells CSO. “The practical risk also depends on the privileges an attacker has gained, the controls around each protocol, and how quickly suspicious activity is detected.”
Still, defenders must do more to limit where an attacker can move to stand any chance of protecting sensitive systems, argues Joe Brinkley, director of offensive security research at penetration testing as a services firm Cobalt. This requirement is becoming even more pressing with the rising use of automated and AI-driven lateral movement.
“Organizations must pivot away from a strategy of pure detection and prioritize deterministic containment through micro-segmentation and strict, identity-driven least privilege,” Brinkley advises.
Countermeasures
Internal reachability of sensitive systems creates major ransomware and privilege escalation risks. Simply focusing on improving perimeter defences is wholly inadequate.
Mitigating the path to attack and making life harder for attackers involves a combination of improved network segmentation, identity controls, red-team testing, and tighter separation of privileged access.
View the full article
Poorly segmented networks and weak security controls continue to undercut security organizations’ ability to identify and contain attacks, giving attackers free rein after initial compromise, according to a recent study based on real-world enterprise security telemetry.
Zero Networks’ 2026 Lateral Movement Exposure Report — based on analysis of 54 trillion activities across 312 live enterprise environments — found that more than 80% of enterprise servers are reachable from anywhere inside the network.
The study found that 87% of enterprise servers accept inbound Remote Desktop Protocol (RDP) or SSH (Secure Shell) connections from broad internal sources, giving attackers wide access pathways once inside the network.
Furthermore, 78% of enterprise servers are reachable via SMB (Server Message Block) or WinRM (Windows Remote Management) — networking protocols attackers commonly exploit to achieve lateral movement as part of ransomware or other attacks.
In addition, 43% of internal authentication traffic still relies on NTLM (New Technology Lan Manager), a legacy protocol frequently abused for credential relay and privilege escalation attacks. And 12% of organizations maintain direct user-to-server administrative pathways, meaning a single compromised employee device can provide immediate access to high-value systems.
“These findings perfectly align with the reality our threat hunters at Huntress see on the front lines every day,” Dray Agha, senior manager of security operations at managed detection and response firm Huntress, tells CSO. “Most network perimeters are hard on the outside but lose that hostility and become flat on the inside network.”
The accessibility of most enterprise servers from inside compromised network means attackers have little need for sophisticated zero-day exploits once they breach the perimeter.
“They [attackers] are simply ‘living off the land’ using the exact same administrative tools and open pathways (like RDP and SMB) that IT teams use,” Agha adds.
Robby Winchester, chief global professional services officer at cybersecurity firm SpecterOps, also says Zero Networks’ findings are “right on point with what we typically observe.”
“On nearly every red team and penetration test we’ve conducted, our testers have achieved lateral movement,” Winchester explains. “Using tools like BloodHound show us that attack paths are pervasive and hard to eliminate without visibility, underscoring how hard it is to prevent lateral movement.”
Interconnected by design
At issue is the fact that security teams have spent years strengthening the perimeter while accepting a significant degree of implicit trust within the network.
But moving away from this approach is far from trivial, says David Sancho, senior threat researcher at Trend Micro.
“The uncomfortable reality is that many enterprise environments remain highly interconnected by design,” Sancho says. “RDP, SMB, SSH, and WinRM exist because administrators need to get work done.”
Legacy protocols such as NTLM persist because replacing them can be operationally challenging but replacing these aging technologies is nonetheless advisable because their presence makes it easier for attackers to dive deeper into compromised networks.
Still, Sancho notes that broad exposure does not automatically equate to widespread exploitation in all circumstances.
“Reachability indicates potential blast radius, not a certainty of compromise,” he explains. “At the same time, the findings highlight an ongoing operational challenge: balancing security with usability.”
Moreover, Sancho adds, “restricting administrative pathways, retiring legacy protocols, and implementing stronger segmentation are all sensible measures, but they are often difficult to execute in complex environments built over decades.”
Dhruv Datta, founder and co-CTO at GolfWiz AI, also sees reachable servers as only one aspect of the wider problem of enterprise security resilience.
“A reachable server may still be protected by identity controls, endpoint monitoring, access policies, or other safeguards,” Datta tells CSO. “The practical risk also depends on the privileges an attacker has gained, the controls around each protocol, and how quickly suspicious activity is detected.”
Still, defenders must do more to limit where an attacker can move to stand any chance of protecting sensitive systems, argues Joe Brinkley, director of offensive security research at penetration testing as a services firm Cobalt. This requirement is becoming even more pressing with the rising use of automated and AI-driven lateral movement.
“Organizations must pivot away from a strategy of pure detection and prioritize deterministic containment through micro-segmentation and strict, identity-driven least privilege,” Brinkley advises.
Countermeasures
Internal reachability of sensitive systems creates major ransomware and privilege escalation risks. Simply focusing on improving perimeter defences is wholly inadequate.
Mitigating the path to attack and making life harder for attackers involves a combination of improved network segmentation, identity controls, red-team testing, and tighter separation of privileged access.
View the full article
Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead. The affected tools are Amazon Q Developer, Anthropic's Claude Code, Augment, Cursor, Google Antigravity, and Windsurf.View the full article
Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprising more than 230 lookalike domains. The activity dates back to at least August 2022, according to DNS threat intelligence firm Infoblox. Once such campaign, observed earlier this year, involved theView the full article
Introduction
Order Management Systems (OMS) tools have become essential in the modern business environment, helping organizations streamline their operations, improve customer satisfaction, and boost overall efficiency. As companies move towards digital transformation, the demand for robust, scalable, and easy-to-integrate order management systems continues to grow.
In 2026, businesses face the challenge of managing a fast-paced, omnichannel world. Customers expect seamless, real-time order tracking, fast deliveries, and error-free transactions. For businesses, managing inventory, processing orders, and providing timely updates is critical for retaining customers and driving growth. With an ever-evolving digital landscape, it’s crucial for organizations to adopt OMS tools that offer flexibility, automation, and accurate reporting.
This blog will explore the top 10 Order Management Systems tools for 2026, helping you choose the best solution for your business needs. Whether you’re a small business or a large enterprise, we’ll provide you with the features, pros, cons, and a comparison table to help make an informed decision.
Top 10 Order Management Systems Tools for 2026
1. KIBO Commerce
Short Description: KIBO Commerce is a composable order management and commerce platform built for high-volume retailers, manufacturers, wholesalers, and distributors managing complex B2B, B2C, and D2C operations. Its AI-based platform unifies distributed order management (DOM) and eCommerce within a single MACH-certified, API-first architecture, letting businesses deploy individual modules or the full platform to replace fragmented legacy systems.
Key Features:
Distributed Order Management with intelligent, rules-based order routing Real-time inventory visibility across stores, warehouses, and vendor locations Omnichannel fulfillment (BOPIS, Curbside, Ship-from-Store, Ship-to-Home, and more) Composable, MACH-certified architecture for modular deployment and incremental migration Returns Management and reverse logistics Agentic AI capabilities for shopper engagement, promotions, merchandising, customer service, analytics, order routing, reverse logistics, inventory forecasting, development, and more Pros:
Recognized as a Leader in The Forrester Wave™: Order Management Systems (Q1 2025) Forrester Total Economic Impact™ study found 167% ROI with a payback period under six months Strong fit for complex B2C, B2B, and global enterprise omnichannel operations Modular composable design avoids vendor lock-in and supports phased rollouts Cons:
Best suited for mid-market and enterprise buyers rather than very small businesses Implementation benefits from dedicated technical resources for full configuration Wide customer base in North America and EMEA, less in APAC 2. Odoo OMS
Short Description:
Odoo offers a robust, integrated suite of business applications, with a powerful order management system that can handle everything from inventory management to invoicing and procurement.
Key Features:
Multi-warehouse and multi-currency support Real-time stock updates Seamless integration with other Odoo apps Automated workflows and reporting Advanced forecasting tools Pros:
All-in-one business suite Highly customizable Affordable for small businesses Cons:
Can be overwhelming for smaller teams due to the vast number of features Learning curve for new users 3. NetSuite OMS
Short Description:
NetSuite, a leading ERP platform, offers a comprehensive OMS solution designed for growing businesses and enterprises. It integrates with various systems to provide a unified approach to order management across all sales channels.
Key Features:
Multi-channel order processing Advanced financial management tools Real-time inventory and supply chain visibility Integration with CRM and marketing automation Detailed reporting and analytics Pros:
Ideal for larger businesses Robust customization options Scalable to accommodate business growth Cons:
Expensive for small businesses Complex setup and implementation 4. Brightpearl
Short Description:
Brightpearl is a cloud-based order management solution tailored for retail and wholesale businesses. It offers end-to-end automation, enabling real-time visibility into orders, inventory, and financials.
Key Features:
Multi-channel retail order processing Automated order routing Real-time inventory sync across sales channels Powerful reporting and analytics Integrated shipping management Pros:
Excellent for retail and wholesale businesses Great scalability Comprehensive feature set Cons:
Higher learning curve for new users May require dedicated IT resources for full implementation 5. ShipBob
Short Description:
ShipBob is an order management tool focused on helping businesses with eCommerce. It offers end-to-end fulfillment services that include warehousing, packaging, and shipping, along with robust OMS functionalities.
Key Features:
Real-time order tracking and fulfillment Multi-channel order management Automated shipping label creation Seamless integration with Shopify, BigCommerce, and WooCommerce International shipping support Pros:
Simplifies order fulfillment and shipping Ideal for small to medium eCommerce businesses Excellent customer support Cons:
Fees can accumulate for smaller shipments Limited customization options for advanced users 6. Zentail
Short Description:
Zentail is an OMS tool designed for multi-channel sellers, focusing on automating product listings, order management, and inventory synchronization across various platforms, such as Amazon, eBay, and Walmart.
Key Features:
Centralized order processing Automated inventory sync Multi-channel support (Amazon, eBay, Walmart, etc.) Bulk order processing capabilities Data-driven insights and reporting Pros:
Excellent for businesses selling across multiple platforms Easy-to-use interface Integration with popular eCommerce platforms Cons:
Limited features for very large businesses Can be costly for smaller operations 7. Shopify Plus
Short Description:
Shopify Plus is a high-end version of the popular eCommerce platform Shopify. It includes an OMS that offers robust tools for businesses that sell across various channels, with an emphasis on scaling and growth.
Key Features:
Multi-channel integration Seamless order management and tracking Customizable workflows and automation Real-time inventory management Built-in reporting and analytics Pros:
Excellent scalability and ease of use Great for eCommerce businesses Strong third-party integrations Cons:
High monthly fees Limited for non-eCommerce businesses 8. Acumatica Cloud ERP
Short Description:
Acumatica Cloud ERP is a comprehensive business management suite that includes order management capabilities tailored for businesses of all sizes. It combines financials, CRM, and order management into one solution.
Key Features:
Integrated with CRM and financial management systems Real-time inventory updates Multi-warehouse management Mobile access for on-the-go management Automation of order workflows Pros:
Ideal for growing businesses Highly customizable Full ERP suite with financial management Cons:
May be too complex for smaller businesses Higher cost of implementation 9. Katanacuts
Short Description:
Katanacuts is a modern, flexible order management system built for eCommerce and wholesale businesses. It enables the automation of order processing, providing real-time stock tracking, and integrating seamlessly with various sales channels.
Key Features:
Real-time inventory sync Multi-channel support (eCommerce, marketplaces) Integration with payment systems Automated order fulfillment and shipping Analytics and reporting tools Pros:
Strong multi-channel support Excellent for wholesale and eCommerce User-friendly interface Cons:
Limited advanced features May not suit larger businesses with complex needs 10. Orderhive
Short Description:
Orderhive is an intuitive OMS solution designed to centralize order management, streamline inventory management, and automate workflows for small and medium-sized businesses.
Key Features:
Multi-channel integration Centralized inventory management Real-time order processing Integration with leading eCommerce platforms Customizable workflows and reporting Pros:
Great for small to medium businesses Affordable pricing structure Easy integration with various platforms Cons:
Limited support for larger enterprises Less advanced reporting capabilities Comparison Table
Tool NameBest ForPlatform(s) SupportedStandout FeaturePricingRating (G2)KIBO CommerceB2C / B2B / EnterpriseWeb, iOS, AndroidComposable distributed order managemenCustom4.5/5Odoo OMSGrowing businessesWeb, Android, iOSAll-in-one business suiteFree / Custom4.6/5NetSuite OMSLarge enterprisesWeb, Android, iOSERP integration with order managementStarts at $999/month4.4/5BrightpearlRetail/WholesaleWeb, Android, iOSReal-time inventory syncStarts at $500/month4.6/5ShipBobeCommerce businessesWeb, iOS, AndroidOrder fulfillment and shipping servicesCustom4.7/5ZentailMulti-platform sellersWeb, Shopify, eBayAutomated inventory synchronizationCustom4.5/5Shopify PluseCommerce businessesWeb, iOS, AndroidSeamless multi-channel integrationStarts at $2,000/month4.7/5Acumatica Cloud ERPGrowing enterprisesWeb, iOS, AndroidFull ERP suite integrationCustom4.6/5KatanacutseCommerce/WholesaleWebReal-time inventory syncCustom4.4/5OrderhiveSMBsWeb, iOS, AndroidAffordable pricing and ease of useStarts at $29/month4.3/5 Which Order Management Systems Tool is Right for You?
Small Businesses:
If you’re a small business looking for an affordable and user-friendly solution, tools like Orderhive and TradeGecko (QuickBooks Commerce) are great options. These tools provide essential order management features without the complexity or high price tags of larger solutions.
Growing Enterprises:
For businesses in a growth phase, Odoo OMS and Brightpearl offer scalable options with advanced automation and integration capabilities to manage orders across multiple channels.
Large Enterprises/Enterprises:
NetSuite OMS and Acumatica Cloud ERP are perfect for larger businesses with complex needs, as they provide full ERP capabilities with advanced reporting, automation, and integration features.
eCommerce Businesses:
If you’re primarily focused on eCommerce, ShipBob and Shopify Plus are fantastic options, especially for businesses that need strong fulfillment and multi-channel support.
Conclusion
In 2026, selecting the right Order Management System is crucial for businesses of all sizes to streamline their operations, manage orders across multiple channels, and meet growing customer expectations. By investing in the right OMS, companies can ensure smooth order fulfillment, improved customer satisfaction, and better business outcomes.
We encourage you to explore demos or free trials of these tools to find the best fit for your business.
FAQs
1. What is an Order Management System (OMS)?
An OMS is a software system that helps businesses manage and track customer orders, inventory, payments, and fulfillment across various sales channels.
2. How do I choose the best OMS for my business?
Consider factors such as company size, industry, required features, budget, and integrations with other tools when selecting an OMS.
3. Can OMS tools handle multi-channel selling?
Yes, most modern OMS tools support multi-channel selling, integrating with eCommerce platforms like Shopify, Amazon, eBay, and more.
4. Are OMS tools scalable?
Yes, many OMS tools are highly scalable and can grow with your business, offering more features and integrations as you expand.
5. How much does an OMS cost?
Pricing varies widely, ranging from free open-source options to enterprise-level solutions that cost several hundred dollars per month. Most solutions offer tiered pricing models based on business size and requirements.
View the full article
The Apple TV 4K hasn't been updated since 2022, and it's due for a refresh. An update is planned for 2026, but Apple is likely going to wait to launch it after Siri AI launches in iOS 27.


Design

‌Apple TV‌ design updates don't happen often, and that's not changing. The next ‌Apple TV‌ is going to have the same squircle shape as the current model, and it'll continue to be made from a black plastic material.

We're expecting the 2026 ‌Apple TV‌ to be indistinguishable from the existing ‌Apple TV‌ on the exterior, with no changes to size or design.

New Chip

The ‌Apple TV‌ 4K is going to get a new A-series chip, and that'll be the biggest upgrade. Rumors suggest Apple is planning to use the A17 Pro that was first introduced in the iPhone 15 Pro models.

Compared to the A15 Bionic in the current ‌Apple TV‌, the A17 Pro is a solid update, and it's a good reason to hold off on buying the current model. The A17 Pro is built on a 3-nanometer process for faster speeds and better efficiency. It has hardware-accelerated ray tracing for higher-quality graphics in games and it supports hardware-accelerated AV1 decoding, which is useful for streaming content.

The A17 Pro is the oldest chip Apple makes that supports Apple Intelligence, and it's also used in the iPad mini 7.

Since Apple has held the ‌Apple TV‌ update for so long, it's possible it'll get an even newer chip like the A18 or A19. A RAM update is possible too, especially if the ‌Apple TV‌ has any kind of ‌Apple Intelligence‌ support.

Apple Intelligence and Siri

The next ‌Apple TV‌ is ready to launch, but new ‌Siri‌ features are the holdup. Apple wants to release the ‌Apple TV‌ with the smarter version of ‌Siri‌ that Apple is testing in ‌iOS 27‌, iPadOS 27, and macOS 27.

Bloomberg's Mark Gurman says the Apple TV is linked to "new artificial intelligence features" that Apple has postponed until iOS 27, which is launching in September 2026. Apple intended to debut the ‌Apple Intelligence‌ ‌Siri‌ features in spring 2026, but the company was still experiencing issues with ‌Siri‌. At this point, we're not going to see new ‌Siri‌ capabilities until ‌iOS 27‌, which also means a delay for all the devices that Apple is holding.

Along with the ‌Apple TV‌, the rumored home hub and a new version of the HomePod are waiting on ‌Siri‌ AI's launch.

Updated ‌Siri‌ features may require more RAM and a faster chip, so if you want the smarter ‌Siri‌ on the ‌Apple TV‌, that's another reason to wait before making a purchase.

Wi-Fi

The ‌Apple TV‌ could get Apple's N1 networking chip with Wi-Fi 7 support. Wi-Fi 7 works with the 6GHz band offered by newer routers.

6GHz connectivity is faster and less congested, which you want for a streaming device.

Bluetooth and Thread

The ‌Apple TV‌ 4K could get Bluetooth 6 for connecting devices like controllers and earbuds.

Apple's N1 chip also supports Thread, so the ‌Apple TV‌ will be able to continue to serve as a Thread border router and a Matter hub for smart home devices.

Siri Remote

It's possible Apple will introduce a new Siri Remote alongside the ‌Apple TV‌, though it's unclear what Apple might change.

Pricing

There were rumors of a price drop, but with the June 2026 price increase for the 2022 ‌Apple TV‌ and all Macs and iPads, a lower price is unlikely.

Launch Date

With ‌Siri‌ AI set to launch in September in ‌iOS 27‌, we could see the ‌Apple TV‌ refreshed right around when new iPhone models come out.Related Roundup: Apple TVBuyer's Guide: Apple TV (Don't Buy)Related Forum: Apple TV and Home Theater
This article, "Everything Coming in the 2026 Apple TV 4K" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
GitHub continues to be a scintillating target for attackers because it sits in the middle of the software supply chain and gives threat actors three things they crave: source code, secrets, and automated pipelines to run amok in.
Datadog Security Research has been tracking what it calls a “sustained pattern” of GitHub API abuse over the past several months that seeks to map organizations and their members. While individually these requests are “unremarkable,” they become dangerous when they move across environments for weeks at a time, and, worse, progress to full-out cloning. The biggest challenge is that they blend into normal API usage patterns.
GitHub has been a goldmine for criminals looking to breach organizations because many development lifecycles are insecure, said David Shipley of Beauceron Security. Typically, threat actors are after API keys and cloud secrets.

“Now with everyone being pushed to do more, faster, with AI agents coding, the treasure trove of secrets is likely even bigger,” he said. “In short, to steal a line from a previous gold rush of the analog era, ‘there’s gold in them thar hills.'”
Scott Miserendino, CTO at security and compliance company DataBee, agreed. “Github is the most popular source code repository for both open-source and enterprise projects,” he said. “Its sheer volume of projects, along with being home to some of the most popular and widely used software, make it a target.”
He noted that intellectual property theft such as the unauthorized cloning of private repositories can be used to gain use of proprietary software or find vulnerabilities that can be exploited.
A second popular attack involves searching for repositories containing default credentials to popular software. Using them, attackers may develop and test assaults on accounts that are present in production environments or come installed by default on certain appliances.
And, Datadog senior security engineer Julie Agnes Sparks wrote in a blog post, “the activity is not a single actor. Rather, it’s a blend of custom automated scanner tools, opportunistic abuse of leaked credentials, and coordinated networks of burner (ghost) accounts.”
A simple but effective way to map GitHub users
Sparks explained that a “large share” of GitHub’s API surface can be reached without authentication; it is public by design. Requests against APIs typically produce standard HTTP 200 responses.
This means a threat actor can build detailed maps of organizations, their public repositories, their members, who they follow, their starred repos, and projects they interact with. This traffic blends into normal API usage and thus does not seem suspicious, she said.
Furthermore, GitHub only collects geolocation data when a user interacts with private repositories, recording who they are and what access token they used, not when they interact with external resources. This limits geolocation and VPN/proxy-based attribution.
Typically, threat actors have performed automated scraping with custom or legitimate-sounding user agents, taking advantage of GitHub “ghost” accounts, profiles created anywhere from two to five years ago and left dormant.
This is an attractive method because, Sparks noted, “an account with a multi-year history reads as more legitimate than one registered the same week it starts scraping.”
Typically, these accounts are used for a “burst” of just one to three weeks across many enterprises at once, then usage stops. The researchers identified more than 50 ghost accounts across multiple user agents, clustered into families with names like user432023, user412023, or kobalt*.
Some campaigns did use the legitimate accounts of GitHub users who had inadvertently posted their OAuth tokens or personal access tokens (PATs), or have had their endpoints compromised or exposed in other ways.
Attackers use a mix of data exfiltration agents with names like GitHub-Company-Scraper, GitHub-Scraper-Tool/1.0., and GitHubAnalytics/1.5,designed to blend into normal data analysis traffic. The bulk of requests target the open source query language /graphql, which is “well suited” for bulk queries across enterprises, users, and repositories, Sparks noted. Normal REST endpoints are used for org-mapping.
The focus of the campaigns was “narrow and consistent,” and the concern “lies in the aggregate,” Sparks said. In isolation, requests target public repositories without authentication and return successful responses. This rarely produces “meaningful access” into an enterprise’s repositories.
But a group of accounts moving in sync across shared GitHub accounts with versioned, custom tooling over a period of weeks represents more troubling and systematic behavior. She cited one event in which dozens of distinct, legitimate, but compromised GitHub user accounts made API requests to a single organization within a window of only a few minutes, although in that case the attack failed, because they targeted private repository commit paths.
How enterprises can protect their GitHub environments
Sparks pointed out that these behaviors can be hunted for and detected “if you are watching the right fields,” such as those identifying the user agent, token type, autonomous system number (ASN), or attempted action.
“User agents, event activity, and actor names are vital clues to unauthorized activity in your environment,” Sparks emphasized. She suggested reviewing unusual user agent behavior across GitHub audit logs, particularly for those that extend to private repositories where the platform also captures the IP address, actor name, and programmatic access type.
Enterprises should also enable GitHub audit log streaming, baseline user agents, and perform proactive threat hunting. Most importantly, she said, they should develop detections unique to their GitHub organization, noting, “It’s important to know what normal looks like in your environment.”
Simply put, added Miserendino, enterprises should be following security best practices, including enabling multi-factor authentication (MFA) on all accounts, performing periodic user access reviews, removing any unused or unneeded accounts, and scanning repositories for credentials stored in plaintext rather than in a secret store.
This article originally appeared on InfoWorld.
View the full article
GitHub continues to be a scintillating target for attackers because it sits in the middle of the software supply chain and gives threat actors three things they crave: source code, secrets, and automated pipelines to run amok in.
Datadog Security Research has been tracking what it calls a “sustained pattern” of GitHub API abuse over the past several months that seeks to map organizations and their members. While individually these requests are “unremarkable,” they become dangerous when they move across environments for weeks at a time, and, worse, progress to full-out cloning. The biggest challenge is that they blend into normal API usage patterns.
GitHub has been a goldmine for criminals looking to breach organizations because many development lifecycles are insecure, said David Shipley of Beauceron Security. Typically, threat actors are after API keys and cloud secrets.

“Now with everyone being pushed to do more, faster, with AI agents coding, the treasure trove of secrets is likely even bigger,” he said. “In short, to steal a line from a previous gold rush of the analog era, ‘there’s gold in them thar hills.'”
Scott Miserendino, CTO at security and compliance company DataBee, agreed. “Github is the most popular source code repository for both open-source and enterprise projects,” he said. “Its sheer volume of projects, along with being home to some of the most popular and widely used software, make it a target.”
He noted that intellectual property theft such as the unauthorized cloning of private repositories can be used to gain use of proprietary software or find vulnerabilities that can be exploited.
A second popular attack involves searching for repositories containing default credentials to popular software. Using them, attackers may develop and test assaults on accounts that are present in production environments or come installed by default on certain appliances.
And, Datadog senior security engineer Julie Agnes Sparks wrote in a blog post, “the activity is not a single actor. Rather, it’s a blend of custom automated scanner tools, opportunistic abuse of leaked credentials, and coordinated networks of burner (ghost) accounts.”
A simple but effective way to map GitHub users
Sparks explained that a “large share” of GitHub’s API surface can be reached without authentication; it is public by design. Requests against APIs typically produce standard HTTP 200 responses.
This means a threat actor can build detailed maps of organizations, their public repositories, their members, who they follow, their starred repos, and projects they interact with. This traffic blends into normal API usage and thus does not seem suspicious, she said.
Furthermore, GitHub only collects geolocation data when a user interacts with private repositories, recording who they are and what access token they used, not when they interact with external resources. This limits geolocation and VPN/proxy-based attribution.
Typically, threat actors have performed automated scraping with custom or legitimate-sounding user agents, taking advantage of GitHub “ghost” accounts, profiles created anywhere from two to five years ago and left dormant.
This is an attractive method because, Sparks noted, “an account with a multi-year history reads as more legitimate than one registered the same week it starts scraping.”
Typically, these accounts are used for a “burst” of just one to three weeks across many enterprises at once, then usage stops. The researchers identified more than 50 ghost accounts across multiple user agents, clustered into families with names like user432023, user412023, or kobalt*.
Some campaigns did use the legitimate accounts of GitHub users who had inadvertently posted their OAuth tokens or personal access tokens (PATs), or have had their endpoints compromised or exposed in other ways.
Attackers use a mix of data exfiltration agents with names like GitHub-Company-Scraper, GitHub-Scraper-Tool/1.0., and GitHubAnalytics/1.5,designed to blend into normal data analysis traffic. The bulk of requests target the open source query language /graphql, which is “well suited” for bulk queries across enterprises, users, and repositories, Sparks noted. Normal REST endpoints are used for org-mapping.
The focus of the campaigns was “narrow and consistent,” and the concern “lies in the aggregate,” Sparks said. In isolation, requests target public repositories without authentication and return successful responses. This rarely produces “meaningful access” into an enterprise’s repositories.
But a group of accounts moving in sync across shared GitHub accounts with versioned, custom tooling over a period of weeks represents more troubling and systematic behavior. She cited one event in which dozens of distinct, legitimate, but compromised GitHub user accounts made API requests to a single organization within a window of only a few minutes, although in that case the attack failed, because they targeted private repository commit paths.
How enterprises can protect their GitHub environments
Sparks pointed out that these behaviors can be hunted for and detected “if you are watching the right fields,” such as those identifying the user agent, token type, autonomous system number (ASN), or attempted action.
“User agents, event activity, and actor names are vital clues to unauthorized activity in your environment,” Sparks emphasized. She suggested reviewing unusual user agent behavior across GitHub audit logs, particularly for those that extend to private repositories where the platform also captures the IP address, actor name, and programmatic access type.
Enterprises should also enable GitHub audit log streaming, baseline user agents, and perform proactive threat hunting. Most importantly, she said, they should develop detections unique to their GitHub organization, noting, “It’s important to know what normal looks like in your environment.”
Simply put, added Miserendino, enterprises should be following security best practices, including enabling multi-factor authentication (MFA) on all accounts, performing periodic user access reviews, removing any unused or unneeded accounts, and scanning repositories for credentials stored in plaintext rather than in a secret store.
This article originally appeared on InfoWorld.
View the full article
Wistia is a capable video marketing platform, but two patterns drive teams to start looking elsewhere.
The first is pricing: the free tier is locked to a single user with Wistia branding on the player, and the next step up is the Business plan at $79 per month, with no mid-tier in between.
The second is page performance: Wistia’s embed loads JavaScript bundles, CSS, and font resources at page render, and for teams running high-traffic landing pages or product pages with aggressive Core Web Vitals targets, that initialization weight shows up directly in their Largest Contentful Paint scores.
The natural response is to search for a Wistia alternative. The problem is what happens next.
Most Wistia alternatives carry embed scripts just as heavy as Wistia’s. Swarmify’s own benchmarking, published in early 2026, explicitly acknowledges this: “most alternatives still rely on heavy scripts that can hurt Core Web Vitals.”
You can switch platforms and still end up with the same PageSpeed score six weeks later, because the comparison articles evaluate features, pricing, and marketing toolkits without telling you how heavy each platform’s embed script actually is.
What actually determines your embed’s page impact is the platform’s delivery architecture: how much JavaScript it loads at render, how many HTTP requests it fires before the first frame appears, and whether it lets you defer all of that until a viewer clicks.
This article breaks down six Wistia alternatives by exactly those dimensions, alongside pricing and security depth, so you can match the right platform to the specific page you are embedding on. By the end, you will have a concrete evaluation method and a clear decision path based on your actual use case.
Key Takeaways
Choosing a video host is also a page speed decision. The embed script each platform loads at page render directly affects how fast your site feels to visitors and how Google scores it, often more than any other single factor on the page. Most Wistia alternatives carry embed scripts just as heavy as Wistia’s. Switching platforms without checking the right variables often trades a pricing problem for a speed problem instead of solving both. Three variables actually predict a platform’s embed impact: the total script weight it loads before the first frame, the number of HTTP requests it fires at page render, and whether it supports a facade pattern that defers loading until a viewer clicks play. Most roundups skip all three. Wistia has no DRM capability at any pricing tier. For course creators, EdTech platforms, and anyone selling access to video content, that is a material gap that most alternatives comparisons never flag. The right Wistia alternative depends on what you are embedding it on and what outcome you are measuring, not just which feature list looks closest to Wistia’s. Why Wistia’s Embed Slows Sites Down (and Why Most Alternatives Don’t Solve it)
According to Google’s 2026 Core Web Vitals documentation, a page passes LCP if the largest visible element renders within 2.5 seconds.
Video poster images and player thumbnails are among the most frequent LCP candidates, which means the video hosting platform you choose directly affects your Google ranking signals, not just your viewer experience.
Wistia’s Business plan, at $79 per month billed annually, is the entry point for engagement analytics, lead capture forms, and heatmaps. Teams that only need hosting and basic playback without those marketing tools are, in effect, paying for a feature set they do not use.
Even Wistia’s own lazy-loading configuration does not eliminate the initial asset load of its player script entirely, and multiple independent performance tests from early 2026 confirm that its embed contributes measurable LCP delay relative to infrastructure-first alternatives.
The problem compounds on landing pages and product pages where conversion rates are tightly tied to load speed. Research published by Vodafone found that improving LCP by 31% corresponded to an 8% increase in sales conversions. A video embed that adds 400 to 600 milliseconds to your LCP on a high-converting page is not a minor aesthetic issue.
Switching video hosts won’t automatically fix your site speed. What determines your LCP impact is whether your chosen platform’s embed architecture is built for delivery first, or for marketing tooling first.
The platforms that actually perform better share two traits: their player scripts are smaller because they are built for delivery rather than marketing automation, and they support facade or lazy-load patterns that defer script initialization until the viewer actively clicks play.
Platforms built primarily as marketing tools tend to load their full analytics and CRM event tracking infrastructure on every page render, regardless of whether that viewer ever touches the video.
6 Wistia Alternatives Evaluated by Performance, Pricing, and Security
These platforms were evaluated across embed weight, pricing model, DRM and security depth, analytics capability, and use-case fit. They are ordered by embed weight, lightest first, which is the primary lens of this article.
Ranking criteria used:
Embed weight class (script KB and HTTP requests) DRM availability (not just password protection) Pricing predictability (flat rate vs. per-video or per-seat) Analytics depth for marketing-grade use cases Best-fit embedding context PlatformStarting PriceDRMEmbed WeightAnalyticsBest ForBunny.net StreamNo monthly fee. Storage from $0.01/GB, CDN from $0.005/GB. Transcoding, player, and basic DRM free. Basic DRM free; MediaCage Enterprise from $99/month + per-license fees Very lightBasicDev teams, CDN-priority deploymentsCloudflare StreamMinutes Stored  $5.00 / 1,000 minutes; Minutes Delivered  $1.00 / 1,000 minutesNoLightBasicTeams on Cloudflare stackGumletFree plan; $6/month (Creator plan); $19/month (Growth plan)Yes (Add-on at $99/month)LightFull-stackSaaS, EdTech, course creatorsSproutVideo$10/month (Seed plan)NoMediumMarketingWistia feature-parity migrationVimeo$12/month (Starter plan)Available for Enterprise tierMediumStandardCreative agencies, brand videoVidyardFree / $59/user (Starter plan)NoHeavySales CRMB2B sales prospecting 1. Bunny.net Stream
Bunny.net Stream runs on a pay-as-you-go model: approximately $0.01 per GB stored and $0.005 per GB of bandwidth delivered. The embed script is among the lightest available. There are no built-in marketing analytics, no in-player CTAs, and no lead capture forms.
Best for: Development teams and technical operators who want pure delivery infrastructure without a marketing layer. If your video sits on a product page and all you need is fast, reliable playback with no branding overhead, Bunny Stream handles it at near-zero cost.
Watch out for: If you need engagement heatmaps, form capture, or CRM event streaming, Bunny Stream provides none of that. You will be stitching together a separate analytics stack.
2. Cloudflare Stream
Cloudflare Stream prices at $5 per 1,000 minutes stored, and $1 per 1,000 minutes delivered. Delivery runs through Cloudflare’s global edge network, which means if your stack already runs on Cloudflare, latency behavior is predictable and well-integrated. The player is clean and lightweight.
Best for: Teams already running infrastructure on Cloudflare who want video delivery to sit inside the same network boundary. Ideal for developers who want a single vendor for CDN, security, and video.
Watch out for: No DRM, limited analytics compared to marketing-grade platforms, and no native facade support in the standard embed.
3. Gumlet
Gumlet is a video hosting and streaming platform built for developers, SaaS teams, course creators, and OTT platforms.
Its AI-powered transcoding engine reduces video file sizes by at least 40% compared to standard encoding pipelines before delivery begins, and the embed loads at 118 KB with 9 HTTP requests, placing it in the same lightweight tier as Cloudflare Stream while adding a full analytics layer on top.
Plans start at $6 per month for the Creator plan, with advanced analytics, workspaces, and 24/7 support included at every tier.
On DRM, Gumlet provides it for free for 5 videos for all new accounts, and a $99 per month add-on for full-scale protection.
Best for: SaaS teams, EdTech platforms, and course creators who need lightweight delivery, marketing-grade analytics, and content protection without paying separately for each. Unlike most platforms in this comparison, Gumlet includes advanced analytics, workspaces, and 24/7 human support on every plan, not just enterprise tiers.
Watch out for: Teams that only need delivery and no analytics will find lighter, cheaper options in Bunny Stream or Cloudflare Stream.
4. SproutVideo
SproutVideo includes engagement heatmaps, in-player lead capture forms, and domain whitelisting for privacy control.
These features represent the closest functional match to Wistia’s marketing toolkit at a fraction of the price. Pricing starts at $10/month for the Seed plan.
On integrations, SproutVideo connects natively with HubSpot, Mailchimp, and Zapier, covering the core CRM and email automation workflows that Wistia users typically depend on.
Best for: Marketing teams migrating from Wistia whose primary reason for leaving is cost rather than performance, and who want to keep their existing analytics and lead capture workflows intact.
Watch out for: No DRM, and embed performance sits in the medium range. Teams targeting Core Web Vitals above 90 should test SproutVideo’s embed on their specific pages before committing.
5. Vimeo
Vimeo’s Starter plan runs at $12 per month and includes unlimited video storage, customizable privacy settings, and a clean, ad-free player.
The creative community has used Vimeo as a reliable Wistia alternative for years, and its player quality and review tooling remain strong. As of late 2025, Bending Spoons completed a $1.38 billion acquisition of Vimeo, and the company has already restructured its pricing plans and reduced its workforce.
For teams currently on Vimeo evaluating a move, the practical concern is not what the platform does today but whether its pricing trajectory and infrastructure investment will remain stable under an ownership model built around post-acquisition margin recovery.
Best for: Creative agencies and brand content teams who prioritize player aesthetics and familiarity, and who are not primarily optimizing for technical page performance.
Watch out for: Standard embeds add measurable page weight (342 KB, 18 HTTP requests). Teams with aggressive PageSpeed targets should test before deploying at scale.
6. Vidyard
Vidyard positions itself as a sales video platform: viewer-level analytics, CRM integrations with Salesforce, HubSpot, and Outreach, AI avatar video generation, and screen recording built in. 
The free tier exists, and paid plans start at $59 per user per month. It appears on this list because teams evaluating Wistia alternatives frequently consider it, particularly those coming from Wistia’s CRM integration features.
The distinction worth understanding before shortlisting it is that Vidyard is optimized for one-to-one video delivery inside sales emails, not for embedding on public-facing web pages.
Best for: B2B sales teams who need to know exactly who watched a video, which parts they replayed, and when they dropped off. It integrates directly into outbound sequences and deals workflows in a way no other platform on this list does.
Watch out for: Its embed is heavy relative to every other platform here. Teams that embed Vidyard players on product or landing pages typically see LCP scores drop materially. It is built for inbox delivery, not website performance.
The 3 Variables That Predict Your Video Embed’s Page Speed Impact
Before running through the alternatives, here is the evaluation framework that most reviews skip entirely. Run this against any platform before committing.
To make the variables concrete from the start, here is how three platforms benchmark across all three dimensions in the same browser window, using the same test video, using Gumlet’s player speed test, which benchmarks multiple platforms in the same browser window using the same test video. 
PlatformLoad Time (ms)Player Size (KB)HTTP RequestsGumlet2371189Vimeo51334218Wistia78447624 Note: Benchmark figures above are drawn from Gumlet’s player speed test tool, tested in the same browser window using the same source video. Your results will vary based on network conditions, page payload, and CDN edge proximity. Run tests on your own pages using PageSpeed Insights for production-accurate numbers. 
Each column maps to one of the three variables below.
Variable 1: Player Script Size (KB Loaded Before First Frame)
This is the total weight of JavaScript and CSS that the platform loads at page render, before the viewer presses play. Wistia’s player loads 476 KB before the first frame renders. Gumlet loads 118 KB. That 4x difference in script weight is what shows up in your PageSpeed Insights report as LCP delay, not anything about your hosting environment or CDN.
Variable 2: HTTP Requests Before Playback Starts
Every network request before the first frame is another round trip between your viewer’s browser and a remote server. Wistia fires 24 HTTP requests before playback starts. Google’s guidance on third-party embeds treats anything above 10 requests as a material latency contributor on mobile connections.
Platforms built primarily for marketing automation tend to load integrations, analytics beacons, and third-party tracking pixels as part of the base embed. Infrastructure-first platforms load only what is necessary to start the video.
Variable 3: Facade and Lazy-load Support
A facade pattern means the platform replaces the video player at initial load with a static thumbnail image. The full player script loads only when the viewer clicks the thumbnail. For pages where not every visitor watches the video (which is most pages), this eliminates the embed’s LCP impact entirely.
Ask any platform you are evaluating whether their standard embed supports a facade pattern natively, or whether you need to implement it yourself with a custom workaround.
The facade question is the single fastest way to filter a shortlist. If a vendor’s answer is “you can do it manually with a bit of JavaScript,” their embed architecture was not designed for performance-sensitive pages. Platforms where facade is a documented, supported feature in the standard embed are the ones worth testing.
What is a facade pattern?
A facade is a static placeholder (usually a thumbnail image or a low-resolution poster frame) that replaces a video player at initial page load. The actual player script, with all its JavaScript, tracking pixels, and CDN requests, only loads when the viewer clicks the thumbnail.
For pages where not every visitor plays the video, a facade eliminates the embed’s contribution to LCP entirely. 
Which Alternative is Right for Your Setup?
What’s the best video hosting alternative to Wistia for embedding on a Webflow site?
If you are embedding video on a Webflow site with a PageSpeed score target above 85, the platform choice is a performance architecture decision first.
Bunny.net Stream and Gumlet both offer the lightest video embed footprints in this comparison, and both support CDN-optimized thumbnail delivery that prevents the poster image from becoming your LCP candidate.
Gumlet adds the analytics layer that Webflow product and marketing teams typically need. Cloudflare Stream works well if your Webflow project already routes through Cloudflare’s network.
The one move to make regardless of platform: configure the embed with a facade pattern so the player script defers until the viewer clicks. Most platforms on this list support this, though the implementation varies: some offer it as a native default, others require manual configuration. 
Cloudflare Stream, for example, does not offer native facade support in its standard embed and requires a custom workaround.
Choosing for a course platform or EdTech product with paid content
DRM is not optional for platforms charging for access to video content. Password protection and domain restrictions slow down leakage; they do not stop a determined viewer from screen recording or resharing a link.
Multi-DRM protection using FairPlay (for Apple devices) and Widevine (for Android and desktop Chrome) makes recordings technically unusable for redistribution.
Wistia has no DRM at any tier. Of the six alternatives in this article, only Gumlet includes DRM for free in the industry and as a purchasable add-on at $99 per month, with FairPlay and Widevine provisioned automatically for every new account.
Bunny.net Stream, Cloudflare Stream, SproutVideo, Vimeo, and Vidyard do not offer native DRM. If you are running a paid course platform, that column in the comparison table above is the one that narrows your shortlist to one.
Choosing for a feature-parity migration away from Wistia
If the primary driver is cost and you want to keep the marketing features, SproutVideo is the most direct answer.
Heatmaps, lead capture, domain restrictions, and flat-rate pricing at $10 per month. For teams that also want to improve performance, Gumlet’s analytics suite includes heatmap-level engagement data and in-player lead forms, and its embed outperforms Wistia on load time, player size, and HTTP requests by a meaningful margin.
Before You Switch: How to Measure the Impact
Switching platforms without a baseline means you will not know whether the change actually moved the needle. This step takes approximately two hours and belongs before you commit to any platform, not after.
Run a baseline PageSpeed Insights test on your three highest-traffic pages containing video embeds. Note the LCP score and check which element PageSpeed flags as the LCP candidate. If it is the video thumbnail or player, the platform is directly contributing to your score.
After switching, configure the facade pattern before testing. The embed architecture matters more than the platform name. Even a lightweight embed without facade will still add player script weight to your initial load. Enable lazy loading or facade at the platform level first, then test.
Re-run the PageSpeed test 48 hours after the embed swap to allow CDN cache warm-up across edge nodes. Compare LCP scores. According to Google’s published Chrome User Experience Report (CrUX) research, an improvement of 0.3 seconds or more in LCP corresponds to a measurable uplift in conversion rate on commercial pages.
Before running any migration, verify how your current embeds are implemented. If you used Wistia’s JavaScript embed rather than iframe, switching platforms requires updating embed code across every page.
Run an inventory of your Wistia video URLs before committing to any migration path.
Frequently Asked Questions
1. What is the best Wistia alternative for embedding on a Webflow site without slowing it down?
The best alternatives for Webflow performance are Gumlet and Bunny.net Stream, specifically because their embed scripts are the lightest in this comparison at 118 KB and under 50 KB respectively, and both support CDN-optimized poster image delivery.
For teams that need marketing analytics alongside performance, Gumlet is the practical choice since Bunny Stream provides only delivery infrastructure with no in-platform analytics. Configure any embed with a facade pattern on Webflow to defer the player script until the viewer clicks. 
Before finalizing your choice, run a PageSpeed Insights test on your specific Webflow page with each embed in place, because real-world scores depend on what else the page loads, not just the video player alone.
2. Does switching from Wistia to a different video host actually improve Core Web Vitals scores?
Switching platforms improves Core Web Vitals only if the new platform has a lighter embed script and you configure lazy loading or a facade pattern correctly. Wistia’s embed loads 476 KB and fires 24 HTTP requests before first frame render, based on June 2026 benchmark data from Gumlet’s player speed test.
Platforms like Gumlet and Bunny Stream load substantially less. The platform change alone is not sufficient: the default embed from most platforms still loads synchronously, which means it contributes to LCP. Enabling facade or lazy load reduces the contribution to near zero.
Run a PageSpeed baseline before switching, then compare after configuring the embed correctly on the new platform.
3. Which Wistia alternatives support DRM for course creators and paid video content?
Among the six platforms evaluated here, only Gumlet supports DRM. As of Q2 2026, Gumlet provides free DRM for 5 videos for all new accounts, and charges $99 per month for teams that need full-scale DRM protection.
That is approximately one-fifth of the $500 per month industry average for multi-DRM implementation. Wistia offers no DRM capability at any pricing tier. If you are running a platform where viewers pay for access to video content, DRM is not an optional feature.
Ask any platform on your shortlist to confirm whether FairPlay and Widevine are auto-provisioned or require a manual Apple certification request before you can go live.
4. Is Bunny.net Stream good enough for a SaaS product page, or do I need something with more analytics?
Bunny.net Stream is good enough for delivery, but not for measurement. The platform is pure infrastructure: fast, lightweight, CDN-backed, and priced at near-zero cost. What it does not provide is any engagement data. You will not know play rates, watch depth, drop-off points, or which viewers clicked what.
For a SaaS product demo page where you want to know if viewers who reach the 70% mark in the demo video are converting to trials at a higher rate, Bunny Stream gives you no signal. For a page where the video is explanatory or decorative and you are not making product decisions based on how people engage with it, Bunny Stream is a clean, low-cost choice.
Decide whether video engagement is a measurement variable in your product or marketing team’s decision-making before choosing a delivery-only platform.
5. How do I migrate my video library from Wistia to a new platform without breaking embeds?
Start with a full inventory of your current Wistia embed URLs before making any platform change. If you use Wistia’s JavaScript embed, you will need to update embed code on each page. If you use iframe embeds, the process is the same.
Most platforms, including Gumlet and SproutVideo, support bulk video imports either via URL list or direct API transfer. After migrating, do not immediately delete videos from Wistia: keep both versions live for two to four weeks while you verify analytics are tracking correctly on the new platform and no pages are returning broken player states. Update your sitemap if you have video schema markup pointing to old Wistia URLs.
6. What is the cheapest Wistia alternative that still includes analytics and removes platform branding?
SproutVideo’ Seed plan starting at $10 per month is the most direct answer: flat pricing, no per-video fees, engagement heatmaps, lead capture, and domain whitelisting. Gumlet’s Creator plan at $6 per month removes Gumlet branding and adds referrer and domain restrictions with CTAs and pixel tracking included, though marketing CRM integration starts at the $19 Growth plan.
Both are a fraction of Wistia’s $79 Business plan, which is the entry point for analytics on Wistia’s pricing page as of June 2026. Avoid platforms where the analytics dashboard requires a plan upgrade to access anything beyond play count and watch time, since basic view tracking is not the same thing as engagement intelligence.
7. What is the biggest mistake teams make when switching video platforms for performance reasons?
The most common mistake is switching platforms without configuring the facade or lazy-load pattern on the new embed. Teams move from Wistia to a lighter platform, run a PageSpeed test, and see little improvement because the new player still loads synchronously at page render. 
The platform change reduces the payload, but the embed still fires on page load. Enabling facade on the new embed, so the player only initializes when the viewer clicks, is the step that actually moves the LCP score.
Run your PageSpeed baseline before switching, configure the facade pattern after switching, then re-run the test 48 hours later to give CDN caches time to warm. Those two steps, in that order, are what separate teams who see measurable results from teams who switch and wonder why nothing changed.
8. What happened to Vimeo after the Bending Spoons acquisition, and should I be concerned?
Bending Spoons completed its $1.38 billion acquisition of Vimeo in November 2025, taking the company private. In January 2026, Vimeo announced sweeping global layoffs, with reports indicating a large portion of its engineering team was let go.
Bending Spoons has a documented pattern across prior acquisitions: Evernote saw its U.S. staff largely eliminated; WeTransfer lost 75% of its workforce within two months of its acquisition closing.
Vimeo has since restructured its pricing plans, and the company’s self-serve tiers now cap at Starter ($12/month) and Standard ($25/month), with businesses requiring higher-tier features routed to Enterprise sales.
For teams that have wired video into their product, the risk is not immediate shutdown; it is roadmap uncertainty, support degradation, and pricing trajectory under an ownership model built on post-acquisition margin recovery.
Choosing the Right Platform Starts With the Right Question
The useful question is not “what is the best Wistia alternative.” It is “what is the best platform for the specific page I am embedding on and the specific outcome I am measuring.”
For performance-sensitive product and landing pages, the embed architecture is the decision. Platforms with scripts under 120 KB, fewer than 10 HTTP requests, and native facade support will move your LCP scores.
Platforms built around marketing automation, including Wistia itself, load heavier payloads because they are tracking behavior at the session level, not just delivering video.
For paid content platforms and EdTech products, DRM is the disqualifying criterion. Five of the six platforms in this article have no DRM capability. That makes the decision straightforward.
What has changed most in 2026 is not the technology: it is the pricing. A year ago, the performance-and-security combination that Wistia’s pricing model priced out of reach for most growing teams was genuinely expensive to replicate elsewhere. That gap has closed.
The decision now turns on architecture and fit, not on whether a team can afford to do it properly.
View the full article
Meta is rolling out a new feature that lets people use public Instagram posts and reels to generate AI content, and it's turned on by default.


If you have an Instagram account that's not set to private, there is a setting allowing anyone to generate content on ‌Meta‌ AI using your images and videos. The option was added to support ‌Meta‌'s new image generation model, Muse Image. Muse Image is rolling out across Instagram, WhatsApp, and ‌Meta‌ AI, and it pulls in images from an Instagram account with just an @-mention. From ‌Meta‌'s description of Muse Image:

An Instagram help page explains that content on public Instagram accounts can be used for creating content with AI features, and you won't get a notification if someone uses your content to create an AI image.

‌Meta‌ opts all public Instagram accounts in by default, but there is an option to turn off AI permissions. In the Instagram app settings, scroll to Sharing and Reuse, then toggle off "Posts" and "Reels" under the "Allow people to create with and reuse your content on Instagram and with AI features at ‌Meta‌."

Turn off the setting now if you don't want people using your content to create AI images, because AI content created prior to turning it off isn't deleted. Muse Image is still rolling out, and so is the toggle to turn off AI use. You may not see the opt-out option right away. Private Instagram profiles aren't included in Muse Image.

‌Meta‌ plans to expand Muse Image to Facebook and Messenger soon, and allow advertisers and agencies to use Muse Image to create content in the coming weeks. ‌Meta‌ is also working on a Muse Video feature.Tags: Instagram, Meta, Photos
This article, "Meta's New AI Image Tool Can Use Your Public Instagram Photos by Default" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Nintendo today said it is ending service for its Mario Kart Tour mobile game on Tuesday, September 29. There are no plans for an offline version of the game, so it will no longer be playable after that date.


In-game currency is no longer available for purchase, and Nintendo has ended automatic subscription renewals ahead of the shutdown date.

Players who had a Mario Kart Tour Gold Pass subscription will be able to use the benefits for free from now until September 29, while players who did not have a subscription will get the benefits starting on August 4.

The Gold Pass includes Gold Gifts, Gold Challenges, 200cc, an increase in the maximum coins and points that can be earned per day, and a pipe gauge that fills faster. Players who have rubies can use the currency in the Spotlight Shop, Mii Racing Suit Shop, and Coin Rush until service ends.

Mario Kart Tour launched in September 2019 and it was downloaded more than 90 million times during its first week of availability.

Like traditional Mario Kart games, Mario Kart Tour on iPhone and iPad tasked players with racing to beat their rivals to the finish line, using drifts and items to succeed. The game featured several tracks, and playable characters like Luigi, Toad, Shy Guy, Waluigi, Peach, and Toadette.

Nintendo has launched and then canceled several mobile games, including Animal Crossing: Pocket Camp, Miitomo, Dr. Mario World, and Dragalia Lost. Fire Emblem Heroes, Super Mario Run, and new game Pictonico continue to be available.Tags: Mario Kart Tour, Nintendo
This article, "Nintendo Shutting Down Mario Kart Tour iOS Game" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
OpenAI today introduced GPT-Live, which it describes as a new generation of voice models meant to make talking to AI feel more like having a conversation with a real person. GPT-Live is meant to replace the existing ChatGPT voice experience.


GPT-Live is able to listen and speak at the same time, and it can show it is paying attention with acknowledgment phrases like "mhmm." The model was built for continuous interaction, and it can make decisions on whether to speak, continue listening, pause, interrupt, or use a tool multiple times per second.

OpenAI says GPT-Live is its smartest voice model to date, using the latest frontier model (currently GPT–5.5) for web search, deep reasoning, and complex work. While GPT-Live works on a task, it is able to continue a conversation, and then give the results of a task when it's finished. It also works for live translation, and displays rich visual cards for weather, stocks, sports, and more.

OpenAI is rolling out GPT-Live–1 and GPT-Live–1 mini to ChatGPT users worldwide starting today. GPT-Live–1 is the default for Go, Plus, and Pro users, while GPT-Live–1 mini is the default for Free users.

ChatGPT users can tap the Voice button to talk with ChatGPT and experience GPT-Live. GPT-Live does not yet support voice with video or screen sharing in ChatGPT, but OpenAI is working to add that feature soon.Tags: ChatGPT, OpenAI
This article, "OpenAI Introduces GPT-Live to Make ChatGPT Voice Feel Like a Real Conversation" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple earned its highest number of Emmy nominations to date in 2026, with popular shows like Pluribus, Margo's Got Money Troubles, Widow's Bay, Shrinking, and Slow Horses earning the most nominations. New series Widow's Bay received 19 nominations, while Pluribus was second with 18 nominations.


The five most highly nominated shows are up for best series in their respective categories, and have also earned several lead actress and actor nominations.
Pluribus


Outstanding Drama Series
Outstanding Lead Actress in a Drama Series - Rhea Seehorn, Carol Sturka
Outstanding Supporting Actor in a Drama Series - Carlos-Manuel Vesga, Manousos
Outstanding Supporting Actress in a Drama Series - Karolina Wydra, Zosia
Outstanding Guest Actress in a Drama Series - Miriam Shor, Helen
Outstanding Guest Actor in a Drama Series - Jeff Hiller, Larry
Outstanding Writing for a Drama Series
Outstanding Directing for a Drama Series

Margo's Got Money Troubles


Outstanding Comedy Series
Outstanding Lead Actress in a Comedy Series - Elle Fanning
Outstanding Supporting Actor in a Comedy Series - Nick Offerman, Jinx Millet
Outstanding Supporting Actress in a Comedy Series - Michelle Pfeiffer, Shyanne Millet

Slow Horses


Outstanding Drama Series
Outstanding Lead Actor in a Drama Series - Gary Oldman, Jackson Lamb
Outstanding Supporting Actor in a Drama Series - Jack Lowden, River Cartwright
Outstanding Guest Actor in a Drama Series - Jonathan Pryce, David Cartwright
Outstanding Directing for a Drama Series
Outstanding Writing for a Drama Series

Shrinking


Outstanding Comedy Series
Outstanding Lead Actor in a Comedy Series - Jason Segel, Jimmy
Outstanding Supporting Actress in a Comedy Series - Jessica Williams, Gaby
Outstanding Supporting Actor in a Comedy Series - Harrison Ford, Paul
Outstanding Supporting Actor in a Comedy Series - Michael Urie, Brian
Outstanding Guest Actor in a Comedy Series - Brett Goldstein, Louis
Outstanding Guest Actor in a Comedy Series - Michael J. Fox, Gerry

Widow's Bay


Outstanding Comedy Series
Outstanding Lead Actor in a Comedy Series - Matthew Rhys, Mayor Tom Loftis
Outstanding Supporting Actress in a Comedy Series - Dale Dickey, Rosemary
Outstanding Supporting Actor in a Comedy Series - Stephen Root, Wyck
Outstanding Supporting Actress in a Comedy Series - Kate O'Flynn, Patricia
Outstanding Guest Actress in a Comedy Series - Betty Gilpin, Sarah Westcott Warren
Outstanding Guest Actor in a Comedy Series - Hamish Linklater, Richard Warren
Outstanding Directing for a Comedy Series
Outstanding Writing for a Comedy Series

The Morning Show


Outstanding Supporting Actor in a Drama Series - Billy Crudup, Cory Ellison

Your Friends & Neighbors


Outstanding Drama Series

Apple also received nominations in categories for music, sound, picture editing, and more. Other titles up for those awards include Murderbot, Mr. Scorsese, Palm Royale, and Monarch: Legacy of Monsters.

The full list of nominations can be found on the Television Academy website. Winners will be announced live on Monday, September 14 at 5:00 p.m. Pacific Time on NBC.Related Roundup: Apple TVTag: Apple TV ServiceBuyer's Guide: Apple TV (Don't Buy)Related Forum: Apple TV and Home Theater
This article, "Apple TV Earns Record 87 Emmy Nominations for 2026, Led by 'Pluribus' and 'Widow's Bay'" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today published a new support document warning that macOS 28 will no longer support encrypted Mac OS Extended (HFS+) volumes, meaning affected external drives will need to be decrypted or reformatted ahead of the update.


Starting with macOS 28, "the Mac OS Extended file system format will be supported only for volumes (disks and other storage devices) that aren't encrypted." Any encrypted HFS+ disks, such as older encrypted external hard drives, will stop working with the Mac unless users take action before upgrading.

Apple has not given a specific reason for the change. APFS, which natively supports encryption, has been the default file system on the Mac since macOS High Sierra launched in 2017, and dropping encrypted HFS+ support looks like a further nudge toward retiring the older format altogether.

The transition will start showing up before macOS 28 arrives. Apple says that beginning with macOS 26, a Mac might notify users if it detects an encrypted Mac OS Extended disk that will not carry over to macOS 28 or later, identifying the affected volume by name.

Users can also check manually through Disk Utility by selecting a volume and looking at the format details listed beneath its name; a volume showing both "Mac OS Extended" and "Encrypted," such as "CoreStorage Logical Volume • Mac OS Extended (Case-sensitive, Journaled, Encrypted)," will be incompatible.

Unencrypted Mac OS Extended volumes are not affected. Apple says macOS 28 and later will continue to support them, and notes that Mac OS Extended is also known as HFS Plus, or HFS+.

For anyone who wants to keep using an affected drive after upgrading, Apple recommends backing up its contents first, then either reformatting or decrypting it. Reformatting means erasing the volume and setting it up again in APFS or APFS (Encrypted) format through Disk Utility, which permanently deletes existing data but ensures the drive keeps working in future versions of macOS.

Decrypting is the alternative for anyone who wants to preserve their existing data on the drive. That involves connecting the drive, unlocking it with its encryption password, then Control-clicking its icon in the Finder or on the desktop and choosing Decrypt, entering the password a second time to begin the process. Apple notes that decryption "takes time, especially for large volumes," and progress can be checked in Terminal.

Once decryption finishes, users can optionally convert the volume to APFS without erasing it via Disk Utility's Convert to APFS option, and re-encrypt it afterward if desired. Apple notes that this decryption path does not apply to encrypted Time Machine backup disks.Related Roundup: macOS Golden GateTag: Apple Support
This article, "Apple to Drop Support for Encrypted Mac OS Extended Drives Next Year" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Code spotted in the third developer beta of iOS 27 suggests that Apple is preparing to add car key support for Lucid and Xiaomi vehicles, and that the feature could be nearing launch.


The code references the identifiers "LCID" and "XIA1," which appear to correspond to Lucid and Xiaomi respectively. With an Apple car key, drivers can use their iPhone or Apple Watch to lock, unlock, and start a compatible vehicle instead of relying on a traditional key fob.

Lucid Motors was already named as one of 13 brands Apple said would "soon" gain car key support at WWDC 2025, alongside Acura, Chevrolet, Cadillac, GMC, Porsche, Rivian, Smart, Tata Motors, Hongqi, WEY, Chery, and Voyah. Apple did not give a timeframe for that rollout at the time, and Lucid has yet to formally confirm when the feature will arrive on its Air or Gravity models.

Xiaomi's inclusion would be new. The Chinese electronics maker has expanded rapidly into electric vehicles with models like the SU7 sedan and YU7 SUV, and car key support would mark one of the company's first tie-ins with Apple's ecosystem despite Xiaomi being a major Apple rival in the smartphone market.

This is not the first time beta code has hinted at car key support ahead of an official announcement. MacRumors previously found code pointing to Volkswagen adding Apple Wallet car keys to future vehicles, and similar backend references preceded confirmed support for General Motors brands. As with those cases, the code does not confirm which specific models will be compatible or give an exact date, though its presence in a live beta suggests Lucid and Xiaomi support could arrive relatively soon.Related Roundups: iOS 27, iPadOS 27Tags: iPhone Car Keys, Xiaomi
This article, "iOS 27 Code Points to Car Key Support for Lucid and Xiaomi" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist. New research, which its authors call HalluSquatting, turns that habit into an attack: work out the fake names an AI reliably invents, register them first, and wait for the assistant to fetch your trap on a user'sView the full article
It is now July and we are still waiting for Apple to begin its annual Back to School offer in countries like the U.S. and Canada — if it is still coming.


In the U.S., Apple launched its Back to School offer in June from 2020 through 2025, but it has waited until July in the more distant past:
2025: June 17
2024: June 20
2023: June 5
2022: June 24
2021: June 17
2020: June 15
2019: July 9
2018: July 12
2017: July 12Last year, college students and educational staff could receive a free accessory like AirPods 4 or an Apple Pencil Pro with the purchase of a qualifying Mac or iPad model. It is unclear what Apple plans to offer this year, but given the company recently raised prices on all Macs and iPads, this year's promotion would be rather bittersweet.

Bloomberg's Mark Gurman reported that Apple planned to launch its 2026 Back to School offer by last week, but that did not end up happening. Apple may have decided to hold off until July this year in order to give customers more time to digest the price increases that it implemented last month, but we are merely speculating.

Given the offer launched between July 9 and July 12 in 2017 through 2019, hopefully the 2026 offer arrives over the next few days.

UNiDAYS verification is now required on Apple's education store in the U.S. and Canada.Tag: Back to School Promotion
This article, "When is Apple's 2026 Back to School Offer?" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Amazon today has knocked the price of the 512GB MacBook Neo down to $689.99, from $799.00. This sale is only available in the Indigo color option, and it makes the 512GB model cheaper than the current price of the 256GB model on Amazon.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

This marks the first notable discount on the MacBook Neo since Apple's price hikes in June. Amazon provides a mid-to-late July delivery estimate for the Indigo 512GB model, and we don't know how long this sale will last, so be sure to take advantage while it's live.

$109 OFFMacBook Neo (512GB) for $689.99

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Amazon Offers First Major Post-Hike Discount on 512GB MacBook Neo" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple is testing DRAM memory chips from China's state-backed ChangXin Memory Technologies (CXMT), according to a new report from the Financial Times.


Last week, it emerged that Apple was in discussions with CXMT and fellow Chinese chipmaker Yangtze Memory Technologies (YMTC) about sourcing memory, with no deal finalized. The new details suggest Apple has since progressed to qualifying CXMT's chips specifically, running the company's memory through the kind of technical validation that typically precedes a supplier being approved for production use. Apple has apparently still not committed to using CXMT's chips commercially, and is continuing to lead a lobbying effort among U.S. tech companies to get Washington's blessing for broader use of the supplier's products.

CXMT has grown from a heavily subsidized and unremarkable domestic chip maker into the world's fourth-largest DRAM producer, behind Samsung Electronics, SK Hynix, and Micron Technology, accounting for roughly 11% of global DRAM wafer capacity last year. That share is expected to climb to 15% by 2028 as new production lines come online in Hefei, Shanghai, and Beijing. Qualifying CXMT as a working supplier now would let Apple tap into that capacity as soon as it needs to, rather than starting the testing process from scratch once a political green light arrives.

Standard DRAM contract prices are reported to have surged an estimated 55% to 60% in early 2026 as AI server demand pulled capacity away from consumer devices, and Apple recently raised prices across almost its entire product lineup as a result. A qualified fourth DRAM supplier would give Apple leverage in future negotiations with Samsung, SK Hynix, and Micron, as well as a potential hedge against further shortage-driven price increases on devices built for the Chinese market.

Both CXMT and YMTC appear on the Pentagon's 1260H roster of firms Washington links to the Chinese military. In practice, that mostly cuts off Defense Department contracting rather than blocking ordinary commercial purchases, so nothing legally stops Apple from buying CXMT chips today. YMTC carries a heavier restriction, since it's also on the Commerce Department's Entity List, meaning any U.S. company needs an export license before dealing with it. What Apple reportedly wants from the administration is a promise that CXMT won't get pushed onto that same Entity List down the road, since that would effectively cut off the supply.

Back in 2022, an earlier attempt to work with Chinese memory suppliers, including YMTC, drew objections from Washington and was shelved after lawmakers pushed back. According to Bloomberg, Apple CEO Tim Cook has now taken the pitch directly to administration officials, framing it as a way to route Chinese-made memory into devices for the Chinese market specifically, which would leave more Samsung, SK Hynix, and Micron chips available for products sold elsewhere. Not everyone in the administration is said to be on board, so it remains unclear whether the lobbying push will succeed.Tags: China, Financial Times
This article, "Apple Begins Testing Controversial Chinese Memory Chips" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Amazon is taking $150 off multiple models of the M5 MacBook Air, including deals on both 13-inch and 15-inch models. These are some of the lowest prices we've seen on the notebooks in the wake of Apple's price hikes last month.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

In terms of 13-inch models, Amazon has the 16GB/1TB 13-inch MacBook Air for $1,449.00, down from $1,599.00. This one is available in three colors on Amazon, and it's currently the only 13-inch model on sale for $150 off.

$150 OFF13-inch M5 MacBook Air (16GB/1TB) for $1,449.00

Regarding the 15-inch models, you'll also find $150 off the M5 MacBook Air, with multiple color options on sale for each configuration. Prices start at $1,349.00 for the 512GB model, down from $1,299.00, and also include one 1TB model on sale.

$150 OFF15-inch M5 MacBook Air (512GB) for $1,349.00
$150 OFF15-inch M5 MacBook Air (16GB/1TB) for $1,649.00

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Amazon Offers $150 Discount on M5 MacBook Air Models" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple CEO Tim Cook and incoming CEO John Ternus are attending this year's Sun Valley Conference, according to Forbes.


Allen & Co., the boutique investment firm behind the event, uses the conference as an annual excuse to put media, tech, and finance leaders in the same rooms for a week of closed-door talks at the Sun Valley Lodge. This year's event began on July 7 and is expected to run through July 11.

This marks Cook's final Sun Valley trip as Apple's chief executive officer. Apple announced in April that Ternus will take the CEO title on September 1, ending Cook's 15-year run atop the company as he moves into the newly created executive chairman role.

Apple's SVP of Services and Health, Eddy Cue, is also attending the Sun Valley Conference again this year. Cue has been a regular at the conference in previous years.

This year's guest list places Apple's leadership alongside a heavy concentration of AI industry figures, including OpenAI CEO Sam Altman, OpenAI chairman Bret Taylor, OpenAI president Greg Brockman, Alphabet CEO Sundar Pichai, Palantir CEO Alex Karp, and Anthropic CEO Dario Amodei.

Beyond the AI contingent, this year's attendees include Meta CEO Mark Zuckerberg, Amazon's Jeff Bezos, YouTube CEO Neal Mohan, Netflix co-CEO Ted Sarandos, Warner Bros. Discovery CEO David Zaslav, Home Depot co-founder Ken Langone, and LinkedIn co-founder Reid Hoffman.

Sun Valley's reputation as a dealmaking backdrop goes back decades. Casual conversations at the resort are widely credited with laying the groundwork for Disney buying ABC in 1995, Bezos picking up The Washington Post in 2013, and Verizon's 2014 deal for AOL.Tags: Eddy Cue, John Ternus, Tim Cook
This article, "Tim Cook and John Ternus Attend Sun Valley Conference Together" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
A few years ago, the most powerful AI tools in a developer’s workflow helped write code. Today, they can do much more. It’s increasingly common to hand an AI agent a task like:
Read this repository, refactor the authentication service to match the new specification, run the test suite, and open a pull request if everything passes. The agent reads files, analyzes dependencies, executes commands, modifies code, and interacts with external systems. In many cases, it can complete meaningful chunks of engineering work with minimal supervision. The shift sounds incremental until you realize something important: We’re no longer delegating suggestions. We’re delegating actions.
What’s interesting is that the biggest challenge increasingly isn’t whether agents can perform these tasks. In many cases, they already can. The harder question is whether developers trust them enough to delegate meaningful work. The bottleneck is shifting from capability to confidence.
While reading Srini Sekaran’s recent announcement introducing Docker AI Governance, one statement stood out:
“Your laptop is the new prod.”


The more I thought about it, the more it felt less like a marketing tagline and more like a useful way to understand what is changing about software development.
From Assistants to Agents
The last few years of developer tooling can be viewed as a progression. First, AI tools assisted developers by generating snippets and answering questions. Then, copilots emerged, helping developers complete larger tasks within existing workflows. Now we’re entering the era of agents. Unlike earlier tools, agents don’t just recommend actions. They increasingly perform them. Once software begins taking actions instead of offering suggestions, the governance conversation changes fundamentally.
A Small Observation From Building With Agents
One thing I’ve noticed while working on AI projects and experimenting with agent-based workflows is how quickly the trust boundary moves.
When I first started using AI tools, I mostly treated them like a second set of eyes. I’d ask questions about a codebase, sanity-check an approach, generate a small piece of code, or help make sense of documentation. The tools were useful, but they weren’t doing anything on their own. Every action still depended on me deciding what happened next. That changed as coding agents became more capable.
Tasks that previously involved copying code between windows increasingly became workflows where an agent could inspect a repository, modify files, run tests, and iterate on failures with minimal supervision. The productivity gains were undeniable, but so was the realization that the agent now had access to the same environment, credentials, and tooling that I did.
As a Docker Captain, this is what makes the current conversation around AI governance so interesting to me. The challenge isn’t simply that models are becoming more capable. It’s that they’re increasingly interacting with real systems rather than generating text in isolation.
Once an agent can execute actions on your behalf, the challenge is no longer just capability. Developers need confidence that the agent will operate within understood boundaries. Governance becomes important not only because it protects systems, but because it helps people trust the systems they are using.
Why Developers Still Hesitate
Most developers aren’t worried about whether agents can generate code. They’re worried about whether the agent will operate predictably once it starts interacting with real systems. That hesitation often comes from the fact that our existing trust models were designed around human operators, not autonomous software.
Most enterprise security controls evolved around a relatively simple assumption: humans perform actions and systems enforce controls around those actions. Source code flows through repositories. Changes pass through CI/CD pipelines. Production workloads run inside managed environments. Identity systems determine who can access what. Network controls restrict where workloads can communicate. The security stack works because work typically moves through predictable checkpoints. Organizations know where to observe activity, apply policy, and collect audit trails.
Agents Don’t Follow Those Checkpoints
AI agents introduce a different operating model. An agent running on a developer’s machine can inspect repositories, execute commands, install packages, access local files, query APIs, and interact with external tools all within a single session. More importantly, it often does so using the same permissions as the person operating it. From the organization’s perspective, a significant amount of work is shifting outside the systems that were originally designed to govern it. The laptop is no longer just where code is written. It is increasingly where decisions are executed.
Figure 1. Traditional security governs workflow checkpoints. Agent governance must account for execution at runtime.
A coding agent doesn’t need to wait for a pull request before interacting with a codebase. It can analyze and modify files long before a change reaches a repository. It can access credentials available to the local environment. It can connect to external services using the same permissions available to its operator.
Consider a common scenario: an agent is asked to investigate why an integration test is failing. To debug the issue, it might inspect configuration files, generate temporary scripts, install additional dependencies, execute diagnostic commands, and repeatedly rerun the test suite before a human ever reviews the result. None of these actions are unusual, but they illustrate how much activity can now occur directly within the developer’s environment.  This doesn’t make agents inherently unsafe. It does mean that many existing security assumptions deserve a second look.
Why Prompt-Based Guardrails Aren’t Enough
One common response is to rely on instructions. Tell the agent not to access sensitive files. Tell the agent not to call external services. Tell the agent not to perform risky actions. These instructions are useful, but they are fundamentally different from enforcement. A prompt can influence behavior. A runtime can restrict behavior. That distinction becomes increasingly important as agents gain more autonomy. Security has traditionally been strongest when controls exist below the application layer. Filesystem permissions don’t suggest restrictions; they enforce them. Network policies don’t ask whether traffic should be blocked; they block it. The same principle applies to AI agents. If an organization wants confidence in what an agent can and cannot do, those guarantees ultimately need to exist at the layer where actions are actually executed.
The Two Ways Agents Interact With The World
When I simplify the problem, most agent activity falls into two categories. The first is execution. Agents read files, modify code, install software, execute commands, and open network connections. The second is tool usage. Agents interact with external systems through APIs, integrations, and MCP tools. These might include GitHub, Jira, cloud platforms, internal services, communication tools, or customer systems. Both paths create tremendous value. Both paths can also introduce risk. Governing only one of them leaves a blind spot. An organization might carefully control external tool access while overlooking what an agent can execute locally. Or it might secure local execution while providing broad access to external systems. Effective governance requires visibility and control across both surfaces.
The Governance Challenge
The question for many organizations is no longer whether AI agents will be adopted, but how they can be adopted responsibly. That decision is already being made in engineering teams around the world because the productivity gains are real. The more important question is how organizations can embrace agent autonomy without sacrificing visibility, accountability, and control. Just as importantly, developers need confidence that they understand those boundaries. The easier it is to understand what an agent can access, execute, and modify, the easier it becomes to incorporate agents into everyday workflows. Traditional security models were built around infrastructure boundaries. Agent governance increasingly requires runtime boundaries.
Where is the agent running? What can it access? What can it execute? Which tools can it invoke? Which credentials can it use? And can those controls be enforced consistently regardless of whether the agent is running on a laptop, in CI, or in production? These questions are quickly becoming infrastructure questions, not merely AI questions. Because if AI agents are becoming active participants in software delivery, then the environments they operate in deserve the same level of attention that we have historically given to production systems.
The laptop is no longer just where software gets written. Increasingly, it’s where software acts. And that’s why “your laptop is the new prod” feels less like a prediction and more like a description of where modern development is already headed. The real challenge isn’t simply giving agents more autonomy. It’s creating environments where developers feel comfortable using that autonomy. Because the future of agentic development may depend less on what agents are capable of doing and more on what developers are willing to trust them to do.
In Part 2, we’ll explore what governance looks like at the runtime layer and why isolation, policy enforcement, and controlled tool access are becoming foundational building blocks for agentic systems.

View the full article
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names.
The X/Twitter account IRIS C2 (@C2IRIS) has gained more than 4,000 followers since its creation in January 2025, posting frequently about security vulnerabilities, AI and software exploits. IRIS C2 says it is a company in McLean, Va. that sells offensive cybersecurity capabilities.
The IRIS C2 website dangles the possibility of million-dollar payouts for exploits to attract talent.
“Our business model is this,” reads a pinned post on top of the IRIS C2 account on X. “Attract the very best vulnerability researchers and exploit developers in the world to join our company. This mostly revolves around junior engineers with raw talent/extremely high IQ. We don’t care if they have a college degree/industry experience.”
The website linked in that profile — irisc2[.]com — says the company is hiring for a number of open positions, and a recent post on its LinkedIn page enthuses about an overwhelming number of applications from potential employees. The website claims IRIS C2 is in the business of acquiring “zero-day exploits, individual primitives, partial chains, and full capabilities across all major platforms. Payouts range from $10,000 to $7 million depending on target, reliability, and operational value.”
The government contracting portal g2exchange.com reports that irisc2[.]com is operated by a business based in Virginia called Calvexa Group LLC. The “contact” link on the website for Calvexa Group — calvexagroup[.]com — forwards visitors to irisc2[.]com. G2Exchange shows that while Calvexa Group LLC is registered as a federal contractor, it does not appear to be working on any direct government contracts.
A search on the Arlington, Va. address listed in the incorporation records for Calvexa Group LLC finds the property is occupied by Jack Burkman, the 60-year-old founder and managing partner of the lobbying firm Burkman & Associates. When approached with questions about IRIS C2, Burkman referred further inquiries to his longtime associate, 28-year-old Jacob Wohl.
Jack Burkman (left) and Jacob Wohl, at a press conference in August 2020. Image: Wikipedia.
Burkman and Wohl have a storied history of creating fake intelligence companies and using them to spread false claims about and frame public figures, including fabricated sexual assault claims against then FBI director Robert Mueller, and Pete Buttigieg, then mayor of South Bend, Indiana and a Democratic candidate for the presidency. In 2019, Burkman and Wohl held press conferences falsely alleging extramarital affairs by Sen. Elizabeth Warren (D-Mass.) and then-2020 presidential candidate Kamala Harris.
In the wake of the 2020 presidential election, Wohl and Burkman were prosecuted by multiple U.S. states for making thousands of robocalls to residents of battleground states and disseminating false claims about mail-in ballots. They were indicted in Cleveland on 15 felony counts of orchestrating a robocall scheme aimed at suppressing the black vote in Detroit, and were sentenced in late 2025 to probation after their appeals to dismiss the charges were rejected.
In 2022, Wohl and Burkman both pleaded guilty to a single felony charge of telecommunications fraud in Ohio, and sentenced to a fine, probation, and community service. In March 2023, a judge in a New York civil case ruled that Wohl and Burkman had violated federal and state civil rights laws, and the two agreed to pay a $1 million settlement.
In June 2023, the Federal Communications Commission (FCC) imposed a $5.1 million fine against Wohl and Burkman for their robocall campaigns, at the time the largest fine ever sought by the FCC under the Telephone Consumer Protection Act.
Jacob “Jay” Wohl’s GitHub account.
By the age of 17, Wohl had started multiple investment firms, and cultivated the nickname “Wohl of Wall Street” after appearing on Fox News in 2015 to discuss his new hedge funds. In 2017, the Arizona Corporation Commission charged Wohl and his investment funds with 14 counts of securities fraud, and ordered him to pay $35,000 in restitution. In 2019, Wohl pleaded guilty in California to four felony counts of selling unregistered securities and was sentenced to two years of probation.
The market for previously unknown security vulnerabilities has always been populated by a colorful mix of researchers, academics, charlatans, clout-chasers and people actively involved cybercrime communities. But the market for selling offensive security services to the U.S. government tends to be far more circumspect. Plenty of government contractors recruit vulnerability researchers and pay for the exclusive rights to novel software exploits, yet none of them do so quite as brazenly and openly as IRIS C2.
Recent posts from the Twitter/X account IRISC2 (@c2iris).
Indeed, KrebsOnSecurity was unaware of IRIS C2 until last month, when an attendee at a regional cybersecurity conference shared that Wohl and Calvexa Group were pestering people at the conference about selling their vulnerability research.
In an interview with KrebsOnSecurity, Wohl said Mr. Burkman was not involved in the day-to-day operations of IRIS C2. Wohl shared that IRIS C2 originally began as a penetration testing company, but shifted its focus recently to selling phone-hacking services to the government. Several times throughout the interview, Mr. Wohl mentioned working on federal government contracts, but when pressed for specifics said he was not at liberty to speak publicly about them.
Mr. Wohl said he does not have any formal education or training in computer science or information security, and that most of his knowledge on the matter is self-taught.
“I know more about tech than anyone,” Wohl bragged. “My background has always been extremely technical, and I’ve always been deeply into tech. People know me as someone who is able to create spectacularly exquisite capabilities that would make your head spin.”
Wohl said security researchers bring the company unique vulnerability findings “on a regular basis,” but that in many cases those findings are preliminary and not fully fleshed-out.
“Let’s say someone finds a flaw in a media decoder on a phone,” Wohl said. “A lot of times what we receive is an exploit primitive, where the idea is there but the [execution] needs work. You need that exploit to be stable and reliable, and that’s what we do.”
Wohl claims IRIS C2 has approximately 40 employees, although he said none of them are allowed to list their employment on LinkedIn for operational security reasons. In May, the author of the IRIS C2 account on X said that his girlfriend had no idea what he did for a living. But if IRIS C2 has any other employees, they may be similarly unaware of Mr. Wohl’s history of outright fabrications — or even his real name.
In September 2024, Politico reported that Berkman and Wohl were bragging about big companies supposedly buying services from their now-defunct company LobbyMatic, which claimed to use artificial intelligence to assist in political lobbying efforts. However, Politico found the pair were running the company using pseudonyms, with Wohl reportedly adopting the name “Jay Klein” and Burkman using the moniker “Bill Sanders.” Politico reported that two of the former LobbyMatic employees resigned after learning of their true identities, while other employees only learned after they had left the company.
View the full article
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and publishing it publicly, exposing a broader risk as enterprises deploy AI agents with privileged access to software development environments, according to new research from Noma Security.
The AI security company detailed the attack, dubbed GitLost, in a blog post, saying an unauthenticated attacker could exploit GitHub’s preview Agentic Workflows by submitting a crafted GitHub issue to a public repository. If the AI agent has read access to private repositories within the same organization, it can retrieve sensitive information and publish it in a public comment, the company said.
GitHub Agentic Workflows combine GitHub Actions with AI models such as Claude or GitHub Copilot, allowing developers to define workflows in Markdown. At the same time, AI agents read issues, invoke tools, and perform tasks on their behalf.
“What will happen when the GitHub agent reads something it should not trust?” Noma researcher Sasi Levi wrote. “The answer is a textbook indirect prompt-injection attack, the kind of attack that quietly sends private data to anyone on the internet.”
Public GitHub issue became the attack vector
According to Noma, the attack did not rely on stolen credentials, malware, or software vulnerabilities. Instead, an attacker embedded hidden instructions within a GitHub Issue submitted to a public repository.
Because the AI agent interpreted the issue as instructions rather than untrusted content, it accessed a private repository and posted its contents back to the public issue, the blog post added.
“The root cause of the GitLost vulnerability is, by now, a familiar one in agentic AI systems: prompt injection,” Levi wrote. “In this specific case, any malicious actor can create a GitHub Issue and, in the issue body, hide commands in plain English that GitHub’s agent will follow.”
To demonstrate the attack, the researchers created what appeared to be a routine GitHub Issue requesting documentation updates. Once the workflow was triggered, the AI agent retrieved the README file from a private repository and published its contents in a publicly visible comment.
The researchers also said they bypassed GitHub’s prompt-based guardrails by making a minor wording change that caused the AI agent to comply with instructions it had previously rejected.
GitHub did not immediately respond to a request for comment.
Research points to a broader AI agent risk
Noma said GitLost illustrates a broader architectural challenge for AI agents rather than a flaw unique to GitHub.
“The issue is not that GitHub’s AI agent is unusually insecure,” Levi wrote. “The issue is that any AI agent with access to both untrusted external content and sensitive internal resources can become an unintended bridge between the two if trust boundaries are not enforced.”
Independent cybersecurity researcher and red teamer Vibhum Dubey said the findings expose a more fundamental issue than prompt injection alone.
“This isn’t prompt injection in the abstract—this is GitHub shipping agent permissions before shipping agent security,” Dubey said. “The vulnerability exposes that AI agents operate on a service account permission model, not a user permission model. That’s an architectural assumption security teams made before considering LLMs as an attack vector.”
According to Dubey, the prompt injection itself is almost secondary.
“What’s dangerous is that trust boundaries exist in GitHub’s data model but nowhere in the agent’s execution context,” he said. “The agent doesn’t ‘know’ a repository is private. It just sees ‘accessible.’ As more organizations deploy agents, we’re accumulating these invisible permission gaps.”
Experts urge tighter controls on AI agents
Dubey said organizations should rethink how AI agents are granted permissions rather than treating the issue primarily as a monitoring challenge.
“Three concrete fixes: Agents get explicit repository whitelists, not broad service account access. All user inputs, including commit messages, PR descriptions, and issues, should be validated before reaching the LLM. And have an emergency kill-switch ready,” he said. “Most teams can disable a compromised API key. Can you disable a rogue agent?”
Dubey said GitLost demonstrates how AI agents can effectively become an insider threat once granted broad organizational access.
“The brilliance of GitLost isn’t that it fooled an AI. It’s that it weaponized GitHub’s assumption that service accounts are trustworthy,” he said. “Agents were explicitly built to bypass human judgment and operate autonomously. That’s exactly why they’re dangerous: we normalized cross-boundary operations the moment we automated them.” Noma also recommended applying least-privilege access controls, limiting AI agents’ cross-repository access, and treating GitHub Issues, pull requests, and comments as untrusted input.
View the full article
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and publishing it publicly, exposing a broader risk as enterprises deploy AI agents with privileged access to software development environments, according to new research from Noma Security.
The AI security company detailed the attack, dubbed GitLost, in a blog post, saying an unauthenticated attacker could exploit GitHub’s preview Agentic Workflows by submitting a crafted GitHub issue to a public repository. If the AI agent has read access to private repositories within the same organization, it can retrieve sensitive information and publish it in a public comment, the company said.
GitHub Agentic Workflows combine GitHub Actions with AI models such as Claude or GitHub Copilot, allowing developers to define workflows in Markdown. At the same time, AI agents read issues, invoke tools, and perform tasks on their behalf.
“What will happen when the GitHub agent reads something it should not trust?” Noma researcher Sasi Levi wrote. “The answer is a textbook indirect prompt-injection attack, the kind of attack that quietly sends private data to anyone on the internet.”
Public GitHub issue became the attack vector
According to Noma, the attack did not rely on stolen credentials, malware, or software vulnerabilities. Instead, an attacker embedded hidden instructions within a GitHub Issue submitted to a public repository.
Because the AI agent interpreted the issue as instructions rather than untrusted content, it accessed a private repository and posted its contents back to the public issue, the blog post added.
“The root cause of the GitLost vulnerability is, by now, a familiar one in agentic AI systems: prompt injection,” Levi wrote. “In this specific case, any malicious actor can create a GitHub Issue and, in the issue body, hide commands in plain English that GitHub’s agent will follow.”
To demonstrate the attack, the researchers created what appeared to be a routine GitHub Issue requesting documentation updates. Once the workflow was triggered, the AI agent retrieved the README file from a private repository and published its contents in a publicly visible comment.
The researchers also said they bypassed GitHub’s prompt-based guardrails by making a minor wording change that caused the AI agent to comply with instructions it had previously rejected.
GitHub did not immediately respond to a request for comment.
Research points to a broader AI agent risk
Noma said GitLost illustrates a broader architectural challenge for AI agents rather than a flaw unique to GitHub.
“The issue is not that GitHub’s AI agent is unusually insecure,” Levi wrote. “The issue is that any AI agent with access to both untrusted external content and sensitive internal resources can become an unintended bridge between the two if trust boundaries are not enforced.”
Independent cybersecurity researcher and red teamer Vibhum Dubey said the findings expose a more fundamental issue than prompt injection alone.
“This isn’t prompt injection in the abstract—this is GitHub shipping agent permissions before shipping agent security,” Dubey said. “The vulnerability exposes that AI agents operate on a service account permission model, not a user permission model. That’s an architectural assumption security teams made before considering LLMs as an attack vector.”
According to Dubey, the prompt injection itself is almost secondary.
“What’s dangerous is that trust boundaries exist in GitHub’s data model but nowhere in the agent’s execution context,” he said. “The agent doesn’t ‘know’ a repository is private. It just sees ‘accessible.’ As more organizations deploy agents, we’re accumulating these invisible permission gaps.”
Experts urge tighter controls on AI agents
Dubey said organizations should rethink how AI agents are granted permissions rather than treating the issue primarily as a monitoring challenge.
“Three concrete fixes: Agents get explicit repository whitelists, not broad service account access. All user inputs, including commit messages, PR descriptions, and issues, should be validated before reaching the LLM. And have an emergency kill-switch ready,” he said. “Most teams can disable a compromised API key. Can you disable a rogue agent?”
Dubey said GitLost demonstrates how AI agents can effectively become an insider threat once granted broad organizational access.
“The brilliance of GitLost isn’t that it fooled an AI. It’s that it weaponized GitHub’s assumption that service accounts are trustworthy,” he said. “Agents were explicitly built to bypass human judgment and operate autonomously. That’s exactly why they’re dangerous: we normalized cross-boundary operations the moment we automated them.” Noma also recommended applying least-privilege access controls, limiting AI agents’ cross-repository access, and treating GitHub Issues, pull requests, and comments as untrusted input.
View the full article
Apple has suspended development of the display for a cheaper, lighter version of the Vision Pro that it originally planned to launch in the next few years, according to The Elec.


The Korean outlet says Apple supplier Samsung Display is set to internally wind down the panel project – known in the industry as "G-VR" – with development set to be formally terminated by September.

G-VR is a glass-substrate micro-OLED, a lower-cost alternative to the silicon-based OLEDoS used in the current Vision Pro. It was being developed at around 1,600 to 1,700 pixels per inch, which is roughly half the 3,386 PPI of Apple's Vision Pro. The report says mass production had once been planned for sometime after 2028.

Apple has since turned much of its attention away from headsets in favour of smart glasses development, which has apparently drained momentum from the G-VR glass-substrate. However, Samsung continues to develop OLEDoS panels for the company's own mixed-reality devices, according to the report.

Bloomberg's Mark Gurman said in October 2025 that Apple had paused work on a lighter, cheaper "Vision Air" to fast-track glasses that would rival Meta's Ray-Bans. In May 2026, Gurman reported that the cheaper device had been canceled outright.

Apple hasn't walked away from the headset market entirely, though. If a new Vision Pro-style device does materialize, Gurman said in May that he wouldn't expect it for "around two more years at least," given that the bulk of Apple's mixed-reality hardware talent has been pulled onto other projects like smart glasses, which are expected to launch in 2027.

Apple refreshed the Vision Pro in October 2025 with an updated model featuring an M5 chip. Last month, Apple upped the starting price of its Vision Pro from $3,499 to $3,699 as part of the company's sweeping product price hikes.Related Roundup: Apple Vision ProTags: Samsung, The ElecBuyer's Guide: Vision Pro (Neutral)Related Forum: Apple Vision Pro
This article, "Report: Cheaper Apple Vision Pro Display Work Winds Down at Samsung" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Cybercriminals are exploiting India’s tax filing season with a new malware campaign that refuses to put all its eggs in one basket.
Researchers at Cyderes have uncovered a sophisticated phishing operation that poses as the Indian Tax Department to deliver two remote access trojans (RATs) through a multi-stage infection chain, giving attackers persistent access to compromised systems.
Indians receive fake tax assessment emails that pressure them into downloading what appears to be an official ITR utility. But the convincing government branding hides a carefully engineered infection sequence that abuses legitimate Windows binaries, DLL side-loading, in-memory execution, and process injection to gain persistent access.
According to Cyderes, the operation deploys a Gh0st RAT derivative and a .NET-based implant related to the QuasarRAT/AsyncRAT family, each communicating with separate command-and-control (C2) servers.
“The dual-implant design gives the attacker redundant access even if one channel is blocked or detected,” Cyderes researchers said in a blog post.
A stealthy, multi-stage infection chain
To avoid detection, the campaign layers its execution chain, rather than dropping malware immediately after initial access.
Once the victims are lured into downloading and opening the archives posing as legitimate Income Tax Department utilities, trusted Windows executables are abused to load malicious DLLs. This allows the malware to borrow the legitimacy of signed binaries while sidestepping security controls.
“The infection begins with ‘COU_ITR-1_to_4_AY2026-27.exe’, a legitimate and digitally signed binary that the attacker repurposes as a launcher,” the researchers said, adding that it is a known technique where an attacker “places a malicious library in a path the trusted binary will check first, giving the malware a clean entry point.”
The campaign then runs its subsequent infection stages, which employ multiple defense-evasion techniques, including anti-analysis checks, AMSI patching, encrypted in-memory execution of .NET assemblies, and session-aware process injection into svchost.exe.
The multiple attack stages include DLL sideloading, privilege checking to ensure the attack process is running with admin rights, and session-aware payload injection.
Dual implants for operational resilience
The campaign was particularly flagged for its deliberate use of two distinct RAT families rather than relying on a single backdoor.
While one implant is based on the long-running Gh0st RAT lineage, the second belongs to the QuasarRAT/AsyncRAT ecosystem. Both provide remote administration capabilities, allowing attackers to execute commands, collect data, deploy additional payloads, and maintain long-term access to infected endpoints.
Each of these RATs communicates with a dedicated command-and-control (c2) infrastructure, likely to survive detection and blocking of either during incident response.
Cyderes recommended focusing on behavioral detections rather than relying solely on EDR signatures, as the campaign abuses trusted Windows components and in-memory execution. Key indicators include DLL sideloading, unexpected service creation, AMSI tampering, native processes hosting the .NET runtime, and process injection into svchost.exe.
The disclosure also provided a detailed set of IOCs, including file hashes, malicious domains, C2 infrastructure, and host artifacts associated with both RAT families.
View the full article
Cybercriminals are exploiting India’s tax filing season with a new malware campaign that refuses to put all its eggs in one basket.
Researchers at Cyderes have uncovered a sophisticated phishing operation that poses as the Indian Tax Department to deliver two remote access trojans (RATs) through a multi-stage infection chain, giving attackers persistent access to compromised systems.
Indians receive fake tax assessment emails that pressure them into downloading what appears to be an official ITR utility. But the convincing government branding hides a carefully engineered infection sequence that abuses legitimate Windows binaries, DLL side-loading, in-memory execution, and process injection to gain persistent access.
According to Cyderes, the operation deploys a Gh0st RAT derivative and a .NET-based implant related to the QuasarRAT/AsyncRAT family, each communicating with separate command-and-control (C2) servers.
“The dual-implant design gives the attacker redundant access even if one channel is blocked or detected,” Cyderes researchers said in a blog post.
A stealthy, multi-stage infection chain
To avoid detection, the campaign layers its execution chain, rather than dropping malware immediately after initial access.
Once the victims are lured into downloading and opening the archives posing as legitimate Income Tax Department utilities, trusted Windows executables are abused to load malicious DLLs. This allows the malware to borrow the legitimacy of signed binaries while sidestepping security controls.
“The infection begins with ‘COU_ITR-1_to_4_AY2026-27.exe’, a legitimate and digitally signed binary that the attacker repurposes as a launcher,” the researchers said, adding that it is a known technique where an attacker “places a malicious library in a path the trusted binary will check first, giving the malware a clean entry point.”
The campaign then runs its subsequent infection stages, which employ multiple defense-evasion techniques, including anti-analysis checks, AMSI patching, encrypted in-memory execution of .NET assemblies, and session-aware process injection into svchost.exe.
The multiple attack stages include DLL sideloading, privilege checking to ensure the attack process is running with admin rights, and session-aware payload injection.
Dual implants for operational resilience
The campaign was particularly flagged for its deliberate use of two distinct RAT families rather than relying on a single backdoor.
While one implant is based on the long-running Gh0st RAT lineage, the second belongs to the QuasarRAT/AsyncRAT ecosystem. Both provide remote administration capabilities, allowing attackers to execute commands, collect data, deploy additional payloads, and maintain long-term access to infected endpoints.
Each of these RATs communicates with a dedicated command-and-control (c2) infrastructure, likely to survive detection and blocking of either during incident response.
Cyderes recommended focusing on behavioral detections rather than relying solely on EDR signatures, as the campaign abuses trusted Windows components and in-memory execution. Key indicators include DLL sideloading, unexpected service creation, AMSI tampering, native processes hosting the .NET runtime, and process injection into svchost.exe.
The disclosure also provided a detailed set of IOCs, including file hashes, malicious domains, C2 infrastructure, and host artifacts associated with both RAT families.
View the full article
Samsung has announced it will introduce its latest Galaxy smartphones at a July 22 event, including what is believed to be a Galaxy Z Fold 8 with new passport-style dimensions similar to Apple's upcoming book-style foldable iPhone.


It's no secret that Samsung has been working on a new foldable form factor to go head-to-head with Apple's rumored iPhone Ultra, and the company has been hinting at what's to come. Today's event announcement includes a video of a show ticket having its stub torn off to make it shorter than before – clearly alluding to the new device. "A new shape unfolds," reads the tagline.

The shorter, wider version of Samsung's book-style foldable is said to resemble Apple's own folding device, which is expected to have a 7.8-inch inner display, a 5.5-inch outer display, two rear cameras, one front camera, and a Touch ID power button instead of Face ID. Apple is anticipated to debut the foldable in September alongside its new iPhone 18 Pro models.

Apart from unveiling the Galaxy Z Fold 8, Samsung is expected to announce new versions of the Galaxy Z Fold 7, which also unfolds like a book, and the clamshell-style Galaxy Z Flip 7. New Galaxy Watches are also expected. Galaxy Unpacked will be held in London, U.K., starting at 9:00 a.m. Eastern Time on July 22.


On Tuesday, Google revealed that it will introduce its latest Pixel smartphones at an August 12 event, debuting the updated devices about a month ahead of when Apple is expected to announce new iPhone models.Tags: Foldable iPhone, Samsung
This article, "Samsung Galaxy Unpacked Event Set for July 22 With Foldable iPhone Rival Expected to Debut" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today announced its multiyear partnership with Broadcom to design and produce custom silicon components and wireless technologies, confirming a Reuters report we covered on Monday.


Apple says the new agreement is expected to exceed $30 billion, and will lead to the creation of more than 15 billion U.S. chips and support "hundreds" of American jobs.

Broadcom is part of Apple's American Manufacturing Program (AMP), an initiative launched last year to boost U.S. manufacturing. Under Apple's largest AMP commitment to date, Broadcom will invest $1.5 billion to expand and modernize its manufacturing facility in Fort Collins, Colorado, where it will produce advanced radio frequency components, including FBAR filters, as well as wireless connectivity technologies.
Broadcom's chips cover custom radio frequency components, Wi-Fi and Bluetooth connectivity, and other networking semiconductors found throughout Apple's lineup. Apple says the investment is part of its commitment to invest $600 billion in the U.S. over four years.
This article, "Apple Announces $30 Billion Broadcom Deal to Make More US Chips" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple's foldable iPhone is on track to ship in September despite rumors of a delayed launch, reports Chinese financial outlet Cailian Press.


The outlet says it spoke with several people within Apple's supply chain, who indicated that the device's design was locked in some time ago and that the foldable is now in mass production.

Separately, Chinese financial outlet East Money and Korea's The Bell reported that Apple's foldable has entered mass production, with assembly partner Foxconn launching large-scale hiring to secure labor.

Asked about rumors that its launch could slip due to complex assembly and low yields, sources who spoke to Cailian Press reportedly said they had not heard of any delay, and that a September delivery window was still expected.

The report provides a glimmer of hope for consumers eager to pre-order one of the devices in early fall. Last month, The Elec reported that mass production was set to begin in July, but it also said Apple had run into hinge problems during testing. While most of those issues were said to have since been resolved, it raised the odds of a small initial shipment following the device's launch.

Then over the weekend, Apple analyst Ming-Chi Kuo suggested the foldable will be unveiled alongside the iPhone 18 Pro models in September but may not go on sale until the fourth quarter, suggesting a possible release in October or later.

Bloomberg's Mark Gurman reported in March that the new foldable iPhone won't ship to customers in the same September timeframe as the iPhone 18 Pro and ‌iPhone 18 Pro‌ Max. However, a month later, Gurman said that the foldable iPhone remained on track for a September debut alongside the iPhone 18 Pro models, and that Apple is aiming to put it on sale at roughly the same time or slightly later.

Apple has reportedly told suppliers to prepare to make approximately 10 million foldable iPhones this year, up from a previous forecast of about 7-8 million units a few months ago.

The book-style foldable is expected to feature a 7.8-inch inner display, a 5.5-inch cover screen, an A20 chip, Apple's C2 modem in some countries, and a Touch ID power button, with a starting pricing rumored between roughly $2,000 and $2,500 across reports. Apple's foldable could launch as the "iPhone Ultra," as suggested by rumors.Tags: Foldable iPhone, iPhone Ultra
This article, "iPhone Ultra Reportedly in Mass Production, No Delay Envisaged" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
A Chinese threat actor tracked as UAT-7810 is actively refining its bespoke malware to expand its Operational Relay Box (ORB) network by breaking into internet-facing networking devices. According to findings from Cisco Talos, UAT-7810 is an advanced persistent threat (APT) actor that's responsible for maintaining and proliferating LapDogs, an ORB network that first came to light in June 2025.View the full article
I’ve spent two years doing incident response and threat intel, and the one habit I’d keep if I had to give up every other is also the most boring. I don’t act on a piece of intelligence until I’ve checked it against the thing it claims to describe. It’s slow. It’s tedious. Almost nobody does it, because checking costs the exact time the feed was supposed to save. So, we read the report, nod and move on. That works fine most weeks. The weeks it doesn’t are the ones I remember, and the one I keep coming back to started with a feed that sounded completely sure of itself and had it backwards.
A cluster the feed got wrong
I was mapping infrastructure behind a loader operation, sweeping a single service port through a commercial platform. It handed back a cluster of hosts; all tagged the same thing: Chalubo RAT. The tag didn’t stop me. The metadata did. Every host in the cluster carried one first-seen date, down to the day.
Real infrastructure never looks that clean. Operators stand hosts up a few at a time, over weeks, whenever they get to it. A whole cluster sharing one first-seen date almost always means you’re looking at the day the feed’s pipeline ingested the batch, not the day anyone actually saw those hosts live. So now I had two things I didn’t trust: The family name and the too-perfect date. Easiest way to settle it was to close the feed and go look at the malware.
Chalubo is a Linux botnet. It brute-forces SSH and throws DDoS traffic. What I had in front of me was a Windows shellcode loader, a DonutLoader variant, the kind of thing that sits at the front of a ransomware intrusion. Different platform, different job. Calling one the other isn’t a near miss. It’s a category error.
So, I detonated it in an isolated lab, captured the traffic, mapped the C2 and pulled the config. It spoke a protocol of its own: Payload delivery on one custom channel, a steganographic beacon on a second, across a ten-host cluster, with a config format that had nothing to do with Chalubo. The reason for the bad tag turned out to be dull. The feed’s rule for that port keyed on the port plus a loose pattern, my loader tripped it and the label propagated across the whole batch with the ingest date stapled on.
This isn’t a knock on the vendor. Fingerprinting malware families across the entire internet is genuinely hard. The damage starts one step later, with whatever the reader does with that tag. Believe it, and you spend the week hardening against a Linux DDoS botnet while a Windows ransomware precursor sits quietly on your network. Wrong threat. Wrong priorities. The feed didn’t just come up empty. It pointed the response in the wrong direction, with total confidence and a familiar logo on it. Nothing about the tag looked wrong. The file was the only thing that said otherwise.
The same gap, in a federal advisory
For a while I filed this as a commercial-feed problem, the tax you pay for buying intel from a vendor cutting corners at scale. Then the same shape turned up in one of the best sources any of us get for free.
Earlier this year I spent some time inside the joint FBI and CISA advisory on Ghost, or Cring depending on who’s naming it, a ransomware crew that’s hit organizations in seventy-plus countries. Like everyone, I opened the PDF first. Its indicator table is literally headed “MD5 File Hashes”: 14 samples, each pinned to an MD5 and nothing else. MD5’s been broken for years. It’s the whole reason detection moved to SHA-256, and an MD5-only indicator doesn’t drop cleanly into half the tooling defenders actually run.
Then I opened the other copy of the same advisory. It doesn’t only ship as a PDF. There’s a machine-readable STIX bundle too, the format built to feed straight into a TIP or a SIEM. Same advisory, same code, different file. Six of those fourteen samples carried SHA-256 in the STIX, with SHA-1 and fuzzy hashes next to them, none of it in the PDF table. The stronger indicators were in the official release the entire time, sitting in the file almost nobody opens. Read the PDF like most people do, and you walk away with weaker detections than whoever opened the STIX, and nothing tells you there’s a difference.
That same bundle cut the other way too, and this is the part worth slowing down on. Down in its relationships sat a threat-actor object naming APT41, Winnti, Wicked Panda, wired to several of the Ghost indicators. The advisory’s text never says APT41. It goes out of its way to call the attribution “variable over time.” Pull on the thread and it falls apart: No vendor has ever tied Ghost to APT41, and the object looks like automated enrichment, not a human analyst’s call. The STIX isn’t lying to you. The problem is subtler. Feed it into your TIP and you’ve quietly inherited a nation-state attribution nobody actually made. One file was missing good data. The other was carrying data nobody vetted. You only catch either by looking.
And it’s not a one-country quirk. A while later I reversed a Go backdoor, GAMYBEAR, the one UAC-0241 pointed at Ukrainian schools and state bodies, documented in a CERT-UA advisory. Good report. It nailed the behavior. But the actual loader gave up more than fifteen binary-level corrections to what the advisory had: A persistence mechanism attributed to the wrong component, a broken TLS implementation and a handful of indicators that only held once I checked them against the real sample instead of the writeup. That’s the kind of detail that keeps a detection alive after the operator renames the file. Commercial vendor. Federal agency. Foreign CERT. Three sources, all accurate, all carrying something other than the full truth in the copy most people read.
What I do differently now
The lesson wasn’t trust intelligence more or trust it less. It’s narrower than that. An indicator is a claim, and a claim gets checked before you stake a defense on it, most of all when it’s the advisory covering your own organization, because that’s the one whose blind spots quietly become yours. It’s cheap enough to make routine. If I were standing up a detection program next week, three things would be in from day one.
Treat any automated family label as a guess until something specific backs it. A row of identical first-seen dates is a fact about a pipeline, not a record of an attack. When an advisory ships in more than one format, open the machine-readable copy and don’t stop at the PDF, because the structured file tends to hold both the stronger indicators and the unvetted ones, and you want to see both. And for anything that actually matters, run a live sample through your own stack before you call it covered. The gap between an indicator and a detection that fires is exactly where attackers like to live.
I still reach for all three kinds of source every week, and I’ll defend every one of them. They were never the problem. The checking was always the cheap part. Assuming I could skip it was the expensive one. A report is where the work starts. Not where it stops.
The full teardowns behind these three cases are published on GitHub: The DonutLoader protocol analysis, the Ghost detection content and the GAMYBEAR reversing notes and rule, each in its own repository.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
I’ve spent two years doing incident response and threat intel, and the one habit I’d keep if I had to give up every other is also the most boring. I don’t act on a piece of intelligence until I’ve checked it against the thing it claims to describe. It’s slow. It’s tedious. Almost nobody does it, because checking costs the exact time the feed was supposed to save. So, we read the report, nod and move on. That works fine most weeks. The weeks it doesn’t are the ones I remember, and the one I keep coming back to started with a feed that sounded completely sure of itself and had it backwards.
A cluster the feed got wrong
I was mapping infrastructure behind a loader operation, sweeping a single service port through a commercial platform. It handed back a cluster of hosts; all tagged the same thing: Chalubo RAT. The tag didn’t stop me. The metadata did. Every host in the cluster carried one first-seen date, down to the day.
Real infrastructure never looks that clean. Operators stand hosts up a few at a time, over weeks, whenever they get to it. A whole cluster sharing one first-seen date almost always means you’re looking at the day the feed’s pipeline ingested the batch, not the day anyone actually saw those hosts live. So now I had two things I didn’t trust: The family name and the too-perfect date. Easiest way to settle it was to close the feed and go look at the malware.
Chalubo is a Linux botnet. It brute-forces SSH and throws DDoS traffic. What I had in front of me was a Windows shellcode loader, a DonutLoader variant, the kind of thing that sits at the front of a ransomware intrusion. Different platform, different job. Calling one the other isn’t a near miss. It’s a category error.
So, I detonated it in an isolated lab, captured the traffic, mapped the C2 and pulled the config. It spoke a protocol of its own: Payload delivery on one custom channel, a steganographic beacon on a second, across a ten-host cluster, with a config format that had nothing to do with Chalubo. The reason for the bad tag turned out to be dull. The feed’s rule for that port keyed on the port plus a loose pattern, my loader tripped it and the label propagated across the whole batch with the ingest date stapled on.
This isn’t a knock on the vendor. Fingerprinting malware families across the entire internet is genuinely hard. The damage starts one step later, with whatever the reader does with that tag. Believe it, and you spend the week hardening against a Linux DDoS botnet while a Windows ransomware precursor sits quietly on your network. Wrong threat. Wrong priorities. The feed didn’t just come up empty. It pointed the response in the wrong direction, with total confidence and a familiar logo on it. Nothing about the tag looked wrong. The file was the only thing that said otherwise.
The same gap, in a federal advisory
For a while I filed this as a commercial-feed problem, the tax you pay for buying intel from a vendor cutting corners at scale. Then the same shape turned up in one of the best sources any of us get for free.
Earlier this year I spent some time inside the joint FBI and CISA advisory on Ghost, or Cring depending on who’s naming it, a ransomware crew that’s hit organizations in seventy-plus countries. Like everyone, I opened the PDF first. Its indicator table is literally headed “MD5 File Hashes”: 14 samples, each pinned to an MD5 and nothing else. MD5’s been broken for years. It’s the whole reason detection moved to SHA-256, and an MD5-only indicator doesn’t drop cleanly into half the tooling defenders actually run.
Then I opened the other copy of the same advisory. It doesn’t only ship as a PDF. There’s a machine-readable STIX bundle too, the format built to feed straight into a TIP or a SIEM. Same advisory, same code, different file. Six of those fourteen samples carried SHA-256 in the STIX, with SHA-1 and fuzzy hashes next to them, none of it in the PDF table. The stronger indicators were in the official release the entire time, sitting in the file almost nobody opens. Read the PDF like most people do, and you walk away with weaker detections than whoever opened the STIX, and nothing tells you there’s a difference.
That same bundle cut the other way too, and this is the part worth slowing down on. Down in its relationships sat a threat-actor object naming APT41, Winnti, Wicked Panda, wired to several of the Ghost indicators. The advisory’s text never says APT41. It goes out of its way to call the attribution “variable over time.” Pull on the thread and it falls apart: No vendor has ever tied Ghost to APT41, and the object looks like automated enrichment, not a human analyst’s call. The STIX isn’t lying to you. The problem is subtler. Feed it into your TIP and you’ve quietly inherited a nation-state attribution nobody actually made. One file was missing good data. The other was carrying data nobody vetted. You only catch either by looking.
And it’s not a one-country quirk. A while later I reversed a Go backdoor, GAMYBEAR, the one UAC-0241 pointed at Ukrainian schools and state bodies, documented in a CERT-UA advisory. Good report. It nailed the behavior. But the actual loader gave up more than fifteen binary-level corrections to what the advisory had: A persistence mechanism attributed to the wrong component, a broken TLS implementation and a handful of indicators that only held once I checked them against the real sample instead of the writeup. That’s the kind of detail that keeps a detection alive after the operator renames the file. Commercial vendor. Federal agency. Foreign CERT. Three sources, all accurate, all carrying something other than the full truth in the copy most people read.
What I do differently now
The lesson wasn’t trust intelligence more or trust it less. It’s narrower than that. An indicator is a claim, and a claim gets checked before you stake a defense on it, most of all when it’s the advisory covering your own organization, because that’s the one whose blind spots quietly become yours. It’s cheap enough to make routine. If I were standing up a detection program next week, three things would be in from day one.
Treat any automated family label as a guess until something specific backs it. A row of identical first-seen dates is a fact about a pipeline, not a record of an attack. When an advisory ships in more than one format, open the machine-readable copy and don’t stop at the PDF, because the structured file tends to hold both the stronger indicators and the unvetted ones, and you want to see both. And for anything that actually matters, run a live sample through your own stack before you call it covered. The gap between an indicator and a detection that fires is exactly where attackers like to live.
I still reach for all three kinds of source every week, and I’ll defend every one of them. They were never the problem. The checking was always the cheap part. Assuming I could skip it was the expensive one. A report is where the work starts. Not where it stops.
The full teardowns behind these three cases are published on GitHub: The DonutLoader protocol analysis, the Ghost detection content and the GAMYBEAR reversing notes and rule, each in its own repository.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
Apple's challenge against the EU's designation of its App Stores and iOS platform as "gatekeepers" was dismissed by Europe's top court on Wednesday, reports Reuters.

Apple took its case to Luxembourg's General Court in 2024 after the European Commission designated its five App Stores – on the iPhone, iPad, Mac, Apple TV, and Apple Watch – as a single core platform service under the Digital Markets Act (DMA), a label that brings with it a set of strict obligations.

Designated "gatekeepers" are prohibited from favoring their own services over those of rivals, and are prevented from combining personal data across different services. They also have to give users the option to use alternative app stores.

Apple also challenged the EU's designation of iOS as a gateway platform, a status that requires the operating system allows rival services to interoperate with it.

The company also disputed the classification of iMessage as a number-independent interpersonal communications service, or NIICS, which would subject the app to EU telecoms rules. But the General Court said Apple's actions regarding the iMessage service are inadmissible.

To be classified as a "gatekeeper" under the DMA, a company must fulfill certain criteria, including having sales across the EU of at least €7.5 billion, or a market capitalization of €75 billion or above. The designation also requires platforms or services to have more than 45 million monthly active users and over 10,000 active business users annually within the EU.Tags: Apple Antitrust, App Store, European Commission, European Union
This article, "Apple Loses EU Fight Over App Store Gatekeeper Label" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Introduction
For many years, software development and IT operations lived in separate, isolated silos, creating manual friction and delayed releases until DevOps emerged to bridge this gap through a culture of collaboration, automation, and continuous improvement. Today, the sheer volume of software, platforms, and methodologies on modern cloud-native landscape maps often leaves beginners feeling overwhelmed and attempting to master everything at once. However, learning tools in a logical sequence is far more effective than trying to digest the entire ecosystem simultaneously; true proficiency is built by mastering a core set of foundational utilities that move code smoothly from a laptop to a live environment. By emphasizing practical experience over pure theory, you can turn abstract pipeline concepts into tangible engineering skills, and structured resources like the DevOpsSchool learning ecosystem can provide the organized mentorship needed to navigate this technical transition systematically.
What Is a DevOps Toolchain?
A DevOps toolchain is a collection of tools that work together to automate, manage, and streamline the entire software delivery lifecycle. Rather than relying on a single monolithic application, DevOps practitioners combine specialized software components into an integrated pipeline. This toolchain supports the continuous loop of planning, coding, building, testing, deploying, operating, and monitoring software.
The primary objective of a toolchain is to foster collaboration and remove manual handoffs between teams. In a traditional setup, moving code from development to QA and then to production required multiple manual steps, tickets, and approvals. A well-designed toolchain automates these transitions, allowing software to flow through checks and balances with minimal human intervention.
Automation sits at the heart of this concept. When a developer updates code, the toolchain automatically triggers a build, runs automated tests, validates security compliance, provisions the necessary infrastructure, and deploys the application. This process is commonly referred to as Continuous Integration and Continuous Delivery (CI/CD).
Beyond deployment, a modern toolchain manages infrastructure management and active monitoring. It ensures that the environments housing the applications are stable, secure, reproducible, and observable. By viewing these tools not as isolated utilities but as parts of an interconnected ecosystem, you begin to see how modern engineering teams deliver value reliably at high velocity.
Why Learning DevOps Tools Matters
Understanding the mechanics of DevOps tools is crucial because these applications turn abstract methodologies into repeatable realities. Automation cannot exist without tools that script, package, and deploy software. By learning these technologies, you gain the ability to eliminate repetitive manual tasks, reducing human error and freeing up time for high-value engineering work.
Tools also serve as a common language that improves collaboration between developers and operations engineers. When infrastructure is defined using the same version-controlled files that developers use for application logic, the traditional barriers between departments disappear. Both teams work out of the same repositories, review each other’s configurations, and share responsibility for the system’s overall health.
From a business perspective, proficiency with these utilities leads directly to faster deployments and better reliability. Organizations can ship new features to customers in minutes or hours rather than weeks or months. If an issue occurs in production, automated monitoring and deployment tools allow teams to roll back changes or patch vulnerabilities almost instantly.
However, it is vital to clarify that tools support DevOps practices rather than defining DevOps itself. Simply installing a piece of software does not mean you are practicing DevOps. The tools are instruments; the core philosophy relies on shared responsibility, transparency, and a culture of continuous learning. Mastering the technical tools gives you the capability to implement these philosophical principles effectively in real-world project environments.
DevOps Learning Roadmap
Navigating the landscape requires a step-by-step progression. Attempting to learn advanced container orchestration before understanding basic operating system commands is a recipe for frustration. Below is a structured progression designed to build your skills logically.
Computer Basics ↓ Linux Fundamentals ↓ Networking Basics ↓ Git & Version Control ↓ Shell Scripting ↓ Python Basics ↓ Docker ↓ Jenkins / CI/CD ↓ Cloud Fundamentals ↓ Terraform ↓ Kubernetes ↓ Monitoring & Logging ↓ DevSecOps Basics ↓ Real-World Projects 1. Computer Basics & Linux Fundamentals
Everything in the cloud runs on servers, and the vast majority of those servers run Linux. You must start by learning how to navigate the command line, manage file systems, edit text files directly from the terminal, and understand users, groups, and permissions.
2. Networking Basics
You cannot secure or troubleshoot systems if you do not know how data travels between them. Focus on understanding IP addressing, subnets, ports, protocols like HTTP, HTTPS, and SSH, DNS configuration, and the basics of load balancing.
3. Git & Version Control
Git is the absolute foundation of modern collaborative engineering. It tracks changes to code and configurations, allows multiple engineers to work on the same system simultaneously, and serves as the single source of truth for automation workflows.
4. Scripting (Shell Scripting & Python Basics)
Automating systems requires writing code to handle repetitive tasks. Start with basic Shell scripting (Bash) to automate operating system tasks, then pick up Python to handle more complex logic, API interactions, and data parsing.
5. Docker & Containerization
Containers isolate applications from their underlying infrastructure, ensuring that code runs the same way on a developer’s laptop as it does on a production server. Docker is the standard entry point for understanding container runtimes and packaging.
6. Jenkins / CI/CD Pipelines
Once you can package an application, you need a mechanism to build and test it automatically every time code changes. Jenkins introduces you to pipeline architecture, build triggers, and automated workflows.
7. Cloud Fundamentals (AWS, Azure, or GCP)
Modern engineering rarely involves buying physical hardware. You must learn how to navigate at least one major cloud platform, understanding how to provision virtual servers, manage cloud storage, and configure cloud networks safely.
8. Terraform (Infrastructure as Code)
Instead of clicking buttons in a cloud console to create infrastructure, you write configuration files that define your resources. Terraform allows you to spin up, modify, and tear down entire cloud environments programmatically.
9. Kubernetes (Container Orchestration)
When you have dozens or hundreds of containers running across multiple servers, you need a system to manage their lifecycle, scaling, network routing, and health. Kubernetes is the industry standard for container orchestration.
10. Monitoring, Logging, & DevSecOps Basics
Once applications are running, you must keep them healthy and secure. Learning to collect metrics, aggregate logs, and scan code for vulnerabilities ensures your systems remain stable, visible, and resilient against security threats.
Essential DevOps Tools
To help you evaluate the key tools to start your DevOps journey, the following comparison table breaks down the primary utilities, their purposes, why you should focus on them, and a realistic project you can build to gain hands-on proficiency.
ToolPrimary PurposeWhy Beginners Should Learn ItPractical ProjectLinuxOperating System FoundationOver 90% of cloud servers run on Linux; command-line fluency is mandatory.Set up a secure local server, manage permissions, and configure local cron jobs.Git & GitHubVersion Control & CollaborationTracks changes, manages collaboration, and triggers automated pipelines.Create a repository, manage branches, resolve a merge conflict, and submit a pull request.VS CodeCode and Configuration EditingA highly customizable editor that supports syntax highlighting, Git integration, and extensions.Configure an IDE workspace with extensions for markdown, yaml, shell scripting, and git.Shell ScriptingOperating System AutomationAllows quick automation of repetitive system administration tasks and text processing.Write a script that checks disk space usage and sends an alert email if it exceeds 80%.PythonAdvanced Automation & ScriptingHighly readable language used for cloud automation, API integration, and writing custom tools.Write a script that talks to a cloud provider API to list and stop unutilized virtual machines.DockerApplication ContainerizationStandardizes application environments, solving the “it works on my machine” problem.Create a Dockerfile for a basic web application, build the image, and run it locally.JenkinsCI/CD AutomationWidely adopted, open-source automation server used to build, test, and deploy applications.Build a pipeline that automatically pulls code from GitHub, runs tests, and builds a container.AWS / Azure / GCPCloud Infrastructure ProvisioningProvides the underlying virtualized computing power, networking, and storage for modern apps.Deploy a virtual instance, attach a block storage volume, and host a static website securely.TerraformInfrastructure as Code (IaC)Allows you to define and provision cloud infrastructure using a declarative configuration language.Write a script to automatically provision a cloud network, security groups, and a virtual machine.KubernetesContainer OrchestrationAutomates deployment, scaling, management, and networking of containerized applications.Deploy a multi-container web application with automated self-healing and load balancing.PrometheusTime-Series Metric CollectionCaptures real-time performance data and health metrics from applications and infrastructure.Configure a target instance to export system metrics and collect them using Prometheus.GrafanaMetric VisualizationTransforms raw data from Prometheus into readable, interactive dashboards for monitoring.Design a visual dashboard that displays real-time CPU, memory, and network utilization.ELK Stack / LokiLog Aggregation and AnalysisCollects and centralizes logs from various applications to facilitate troubleshooting.Aggregate logs from multiple Docker containers into a central location for searchable analysis.Trivy / SonarQubeSecurity and Code Quality ScanningScans code vulnerabilities and container image security flaws early in the deployment cycle.Integrate an image scanner into your build process to block images with critical security flaws. How These Tools Work Together
To truly understand the value of these utilities, you must look at them through the lens of an interconnected software delivery lifecycle. A single tool does nothing in isolation; their power comes from how they pass data and control from one stage to the next.
Let us trace the path of an application update through a modern automated pipeline:
[Developer Workspace] -> Writes code & configuration files in VS Code ↓ [Git / GitHub Repository] -> Code commits push to remote main branch ↓ [Jenkins CI Pipeline] -> Detects change, pulls code, initiates build sequence ↓ [Docker Engine Build] -> Compiles code, runs unit tests, packages into a container image ↓ [Trivy Security Scan] -> Validates container image for known security vulnerabilities ↓ [Terraform Automation] -> Verifies cloud infrastructure and provisions missing components ↓ [Kubernetes Cluster] -> Deploys container image via rolling update to prevent downtime ↓ [Prometheus & Grafana] -> Monitors live container performance and application health ↓ [Continuous Feedback] -> System issues generate logs for engineers to review in VS Code The Developer Workspace: A software engineer writes code and infrastructure configurations inside an editor like Visual Studio Code on a Linux-based workstation. Version Control Submission: The engineer uses Git commands to commit these changes and pushes them to a remote repository hosted on GitHub. Pipeline Orchestration: A Jenkins server detects the new commit via a webhook and immediately initiates an automated continuous integration pipeline. Containerized Packaging: Within the pipeline, Jenkins executes Docker commands to build a fresh container image containing the updated application code and runs automated test suites. Security Verification: The pipeline passes the newly built Docker image to a security scanner like Trivy, checking for unpatched vulnerabilities in the base operating system or application libraries. Infrastructure Synthesis: If the tests and scans pass, the pipeline applies Terraform configurations to verify that the target cloud environment matches the exact infrastructure specifications required by the updated application. Orchestrated Deployment: Jenkins instructs the Kubernetes cluster to update its deployment. Kubernetes pulls the verified Docker container image from a container registry and executes a rolling update, replacing old instances with new ones without causing user downtime. Observability and Monitoring: Once live, Prometheus continually scrapes performance metrics from the new containers, while Grafana displays the performance metrics on a dashboard viewed by the operations team. Continuous Feedback: If application logs reveal an error or if Prometheus detects an unexpected spike in memory usage, notifications are generated, allowing engineers to pull logs, diagnose the problem, and write a patch, restarting the cycle. Building a Beginner Home Lab
You do not need an expensive corporate cloud account or high-end enterprise server hardware to practice DevOps. You can construct a functional, fully featured learning environment entirely on your existing computer or by utilizing free resources available online.
Begin by transforming your local machine into a micro-datacenter using virtualization. If your computer runs Windows or macOS, install a virtualization platform like VirtualBox or utilize features like the Windows Subsystem for Linux (WSL). This allows you to run a full Linux environment (such as Ubuntu Server) directly on your laptop without altering your primary operating system.
Next, install Docker inside your local Linux environment. This instantly gives you the capacity to run multiple isolated applications, local databases, and web servers without cluttering your system. You can spin up local databases, configure web proxy servers, and practice network routing entirely within a single command-line interface.
For version control and CI/CD pipelines, set up a free personal account on GitHub. You can install a local instance of Jenkins inside a Docker container on your machine and connect it to your GitHub repository using webhooks or local polling tools. This lets you practice building real automation pipelines right on your local machine.
When you are ready to venture into the cloud, make use of the free tiers offered by major cloud platforms such as AWS, Google Cloud, or Microsoft Azure. These providers offer limited-resource virtual instances, storage buckets, and basic database services completely free for up to twelve months. Always set up billing alerts immediately upon account creation to guarantee you stay within the free tier boundaries while practicing your infrastructure configurations.
Hands-On Projects
Theoretical knowledge vanishes quickly without practical implementation. To cement your understanding of these core technologies, work through structured, hands-on tasks that gradually increase in complexity.
Linux and Shell Scripting Practice: Write a custom script that automates basic server upkeep. Program the script to run every midnight, check disk space, clear out temporary log files older than seven days, and write a summary report to a local text file. Git Workflow Exercises: Mimic a real-world software team environment. Create a repository, create a separate branch to add a feature, intentionally edit the same file line in both branches to create a merge conflict, and practice walking through the technical steps required to safely resolve the conflict and merge the code. Dockerizing a Web Application: Take a simple, single-page application written in Python, Node.js, or HTML/CSS. Write a minimal Dockerfile that copies the application files, exposes the correct network port, sets up the required environment variables, and packages it into a portable container image that runs smoothly on any system. Creating a Jenkins Automation Pipeline: Build a structured workflow file that automates validation tasks. Configure the pipeline to monitor your GitHub repository, pull down code changes automatically whenever you commit work, run a syntax checker to catch errors, and print a success message upon completion. Provisioning Infrastructure with Terraform: Write configuration files that declare basic cloud components, such as a virtual private network, a firewall security rule allowing HTTP traffic, and a single micro-sized virtual server instance. Practice running plans to preview infrastructure changes before executing them. Deploying Applications to Kubernetes: Set up a lightweight local cluster using tools like Minikube or Kind. Write configuration files to deploy your custom containerized web application, configure a service layer to distribute incoming network traffic, and simulate a server failure by manually deleting a running instance to watch Kubernetes automatically spin up a healthy replacement. Monitoring an Application Stack: Install Prometheus and Grafana to watch over your local lab infrastructure. Build a visual dashboard showing real-time graphs of CPU workloads, memory usage patterns, and network traffic, and configure custom alert conditions that change color when your local systems face heavy simulation workloads. Measuring Your Progress
When learning a broad spectrum of technical tools, it is easy to mistake watching video tutorials for true operational competence. To ensure you are genuinely absorbing the material, establish clear indicators to track your engineering growth.
The following KPI dashboard outlines key operational metrics you can track to evaluate your practical learning progress over time.
MetricWhy It MattersLearning BenefitCommands PracticedMeasures direct familiarity with command-line interactions.Builds muscle memory, reducing reliance on cheat sheets for basic operating system navigation.Git CommitsQuantifies your daily and weekly engagement with configuration tracking.Develops proper version control habits and builds a visible, clean development history.Projects CompletedTracks your capability to integrate separate utilities into working solutions.Demonstrates your ability to solve multi-step technical problems independently.CI/CD Pipelines BuiltReflects your understanding of automated quality gates and integration logic.Helps you understand build errors, step configurations, and delivery paths.Docker Images CreatedMeasures your ability to package software and minimize dependencies.Builds a deep understanding of application layers, file sizes, and container optimization.Documentation WrittenValidates your capacity to explain complex setups to fellow engineers.Solidifies your knowledge and creates a personal technical reference library for future work. Common Challenges
The path to mastering a modern delivery toolchain contains common obstacles that derail many aspiring engineers. Recognizing these friction points early allows you to alter your learning strategy and maintain steady progress.
The following table details common learning roadblocks along with direct, practical recommendations to overcome them.
ChallengeImpactRecommended SolutionLearning Too Many Tools at OnceLeads to cognitive fatigue, confusion, and a superficial understanding of concepts.Pick one core tool stack component at a time and do not advance until you understand its underlying purpose.Ignoring Linux FundamentalsCreates significant roadblocks when troubleshooting container runtimes or cloud systems.Spend your initial weeks exclusively inside the terminal learning file manipulation and permission models.Memorizing CommandsLeaves you helpless when faced with minor syntax changes or unique error messages.Focus on the underlying architectural concepts; let documentation handle the specific syntax flags.Skipping ProjectsCreates a false sense of security that breaks down during real-world technical troubleshooting.Build a functional, broken, and repaired lab environment for every single tool you study.Weak Troubleshooting SkillsCauses long delays when simple configuration typos stop an entire build pipeline.Learn to read error stack traces line-by-line from the bottom up to locate the root cause.Lack of ConsistencyForgetting syntax and core commands due to long gaps between study sessions.Commit to spending thirty uninterrupted minutes inside a terminal every single day. Best Practices
Establishing solid habits early in your training ensures you build a reliable foundation that scales naturally into professional deployment environments.
Step-by-Step Implementation Checklist
Master One Tool Component at a Time: Resist the temptation to jump into Kubernetes while still struggling to build basic Docker container images. Ensure you understand the immediate problem a tool solves before adding more layers to your technical stack. Engage in Daily Practical Execution: Coding and system administration are mechanical skills that depend heavily on consistency. Spending a brief period interacting with a terminal daily is far more valuable than a single long session once a week. Construct End-to-End Projects: Move beyond isolated sandbox exercises. Connect your version control repositories directly to build platforms, run security scanners, and deliver your code onto actual virtual host systems. Rely on Official Documentation: Avoid relying solely on third-party blog tutorials that may become outdated quickly. Learn to read official product documentation guides, configuration specs, and release logs to find accurate information. Maintain Clear Internal Documentation: Write detailed installation and setup readmes for every lab configuration you build. Documenting your steps ensures you can recreate complex environments weeks later without starting over from scratch. Review and Revisit Key Concepts: Periodically audit your understanding of foundational elements. Revisit basic networking principles, Linux access rights, and Git branch structures to ensure your core technical knowledge remains sharp. Real-World Example: A Learner’s Journey
Let us look at a realistic case study of an individual transitioning into DevOps. This example demonstrates how following a structured framework helps build operational capability step-by-step.
The Starting Point
An entry-level technical professional with basic desktop computer knowledge but no server administration, command-line fluency, or software development background decided to transition into cloud operations engineering.
Month 1: Setting the Baseline
The learner avoided cloud accounts entirely during the first four weeks. Instead, they installed an Ubuntu Linux virtual machine locally. They spent an hour each day creating directories, modifying file access permissions, editing configurations with text editors, and writing simple Bash scripts to automate file archival.
Month 2: Managing Code and Configurations
The learner introduced version control by creating a personal account on GitHub. They moved their collection of Bash scripts into a Git repository, practicing branching models, committing code, and resolving artificial merge conflicts until tracking file histories became second nature.
Month 3: Embracing Containerization
With a solid terminal foundation established, the learner installed Docker. They learned how to build container images for small applications, manage internal container networks, map persistent data volumes, and combine multiple local components using configuration files.
Month 4: Connecting the Pipeline
The learner set up an automation server locally and linked it to their version control system. They built an automated continuous integration pipeline that pulled their containerized application code directly from GitHub, initiated build scripts, ran automated tests, and generated verified container build artifacts.
Month 5: Moving to the Cloud
The learner opened a free-tier cloud service provider account and configured billing protections immediately. Instead of manually clicking through the web console dashboard, they utilized infrastructure configuration files to declare their networks, access lists, and virtual servers cleanly as version-controlled code.
The Outcome
By maintaining a methodical, step-by-step approach over several months, the learner transformed abstract technical concepts into highly integrated, functional automation systems. This structured learning strategy helped them develop strong problem-solving skills and the practical capability to manage modern application pipelines.
Common Beginner Mistakes
Installing Every Tool Immediately: Many beginners start by downloading complex enterprise utilities simultaneously, which often leads to configuration conflicts and confusion. Focus on mastering the underlying operating system and code workflows before adding advanced orchestration layers. Ignoring Networking Principles: You cannot debug a broken continuous delivery pipeline if you do not understand subnets, firewall rules, routing behaviors, and protocol headers. Make sure you spend time learning how data actually flows across networks. Skipping Git Mastery: Treating version control as an afterthought is a major mistake. Real-world automation depends entirely on a clean, structured version control history; an unorganized repository will quickly lead to broken build pipelines. Avoiding Troubleshooting Opportunities: Copying and pasting configuration files without analyzing error logs deprives you of vital learning moments. When a build fails, read the log file line by line to understand exactly what broke and why. Focusing Exclusively on Certifications: While certifications can help structure your studies, they do not replace the value of hands-on experience. Prioritize building practical home labs and maintaining public code portfolios alongside your test preparation. Future of DevOps Tools
The automation landscape continues to evolve rapidly. Staying aware of industry directions ensures you choose tools that remain highly relevant as delivery platforms mature.
Artificial intelligence continues to integrate into deployment pipelines. Modern AI-assisted development tools help engineers write infrastructure configurations, analyze build logs to find anomalies, and suggest optimal scaling parameters. However, these assistive utilities still require engineers who understand the core underlying systems to validate and correct their outputs.
Platform Engineering has grown into a highly prominent architectural practice. Instead of requiring every developer to master complex infrastructure configurations, specialized engineering teams build internal developer platforms. These platforms provide self-service access to resources, abstracting away underlying infrastructure complexities while maintaining governance standards.
GitOps has emerged as a standard pattern for cloud-native delivery infrastructure. In a GitOps workflow, the desired state of a production system is maintained entirely within a version-controlled repository. Specialized agent software continuously watches the repository and updates live infrastructure automatically to match the declared configuration files.
Observability platforms have progressed beyond traditional simple status monitoring. Modern systems utilize advanced telemetry aggregation to trace transactions across distributed applications, helping teams pinpoint performance bottlenecks automatically. This evolution makes understanding telemetry collection, log aggregation, and system visibility a vital skill for anyone entering the field.
Certifications & Learning Paths
While hands-on project creation should remain your primary learning focus, pursuing structured certification paths can help validate your expertise and fill hidden gaps in your knowledge.
To help plan your training milestones, the following table organizes industry-standard certifications by structural area, target audience, technical level, and primary material focus.
Certification AreaBest ForSkill LevelLearning FocusLinux AdministrationFoundations and core systems management.Beginner / IntermediateFile management, system permissions, user administration, and command-line text processing.Version ControlFoundational software tracking.BeginnerBranch management styles, remote workflows, commit signatures, and history resolution.ContainerizationCore packaging engineering.IntermediateCore runtime configuration, custom file generation, network isolated spaces, and storage mapping.Cloud InfrastructureCloud platform architecture.Beginner / IntermediateCloud network layouts, identity management, compute instances, and virtual data storage.Infrastructure as CodeProgrammatic environment creation.IntermediateDeclarative syntax patterns, state file tracking, workspace separation, and module construction.OrchestrationMulti-system cloud deployments.AdvancedHigh-availability design, secure configurations, continuous service discovery, and container scheduling. Practical DevOps Tool Checklist
Establish Linux Competency: Practice navigating directory systems, altering file configurations, managing access rights, and searching system streams using the command line daily. Maintain Active Version Control Habituation: Move all your script files and configurations into a personal version control platform, utilizing branching strategies for all modifications. Package Custom Applications: Construct custom container build configurations to package simple web applications along with their exact runtime dependencies. Orchestrate Automation Workflows: Set up a dedicated build server to watch your code repositories and automatically run validation tasks every time you save changes. Program Cloud Deployments: Replace manual infrastructure setup by writing configuration files that safely declare and provision cloud systems automatically. Manage Scaled Environments: Set up a lightweight local orchestration environment to practice scaling containers up and down, managing software versions, and handling self-healing workflows. Implement Comprehensive Observability: Configure system exporters and tracking dashboards to monitor real-time resource utilization and centralize application logs for troubleshooting. Publish a Project Portfolio: Maintain a well-documented, public repository showcasing your integrated automation systems to demonstrate your practical technical capabilities. FAQs (15 Questions)
1. Which DevOps tool should I learn first?
You should always start with Linux fundamentals. The vast majority of cloud infrastructure, container platforms, and automation tools run on Linux operating systems. Learning to navigate the command-line interface, manage system files, configure user permissions, and use text editors layout the base for all future tools.
2. Do I need programming experience before learning Docker?
No, deep software engineering skills are not required to learn Docker. However, you should have a basic understanding of how applications run, including how they use network ports, environment variables, and file systems. Basic scripting knowledge will make writing container configurations much easier.
3. Should I learn Linux before Kubernetes?
Yes, a firm understanding of Linux is highly recommended before diving into Kubernetes. Kubernetes orchestrates containers that run on Linux nodes. Without knowing how Linux handles processes, networking, storage volumes, and user permissions, troubleshooting a Kubernetes cluster will be very difficult.
4. Is Jenkins still worth learning?
Yes, Jenkins remains highly relevant. While newer cloud-native pipeline utilities exist, Jenkins is still widely used in corporate environments globally. Learning Jenkins helps you master fundamental CI/CD concepts like build stages, environment variables, webhooks, and artifact management, which easily translate to other pipeline tools.
5. Which cloud platform should a beginner choose?
Start with one of the major providers: Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP). AWS currently holds the largest market share, making it an excellent starting point with abundant learning resources. Focus on mastering core cloud concepts rather than trying to learn multiple platforms at once.
6. How can I practice using these tools at home for free?
You can build a fully featured DevOps lab using a standard laptop. Use tools like VirtualBox or WSL to run Linux locally for free. Docker, Jenkins, Terraform, and Prometheus can all be run locally inside containers. For cloud practice, take advantage of the free-tier accounts provided by AWS, Azure, or GCP.
7. Do I need to learn every single tool to get a job?
No, trying to learn every tool is a common mistake. Companies value a deep understanding of core principles over a superficial knowledge of dozens of applications. Focus on mastering one tool in each major category: one version control tool (Git), one container system (Docker), one CI/CD tool (Jenkins), one IaC tool (Terraform), and one cloud platform.
8. How can I effectively measure my progress?
The best way to measure progress is through working, automated projects. If you can write an infrastructure file that spins up a cloud server, configures a pipeline to build a custom container image, and deploys it with monitoring without manual intervention, you are making excellent progress.
9. What is the difference between Docker and Kubernetes?
Docker is used to package, isolate, and run individual containers on a single machine. Kubernetes is a container orchestration platform used to manage, scale, and coordinate thousands of containers running across a whole cluster of multiple servers. Docker builds and runs the container, while Kubernetes manages them at scale.
10. Why is Git considered so important for DevOps?
Git serves as the single source of truth for both application code and infrastructure configurations. It records every change made to a system, allows teams to collaborate safely on branches, provides rollback capabilities when updates fail, and serves as the primary trigger for automated delivery pipelines.
11. What is Infrastructure as Code (IaC)?
Infrastructure as Code is the practice of managing and provisioning computing environments using configuration files rather than manual processes or graphical user interfaces. Tools like Terraform allow you to write human-readable code that automatically builds, updates, and tears down entire cloud architectures.
12. Do I need to be a Linux system administrator before starting?
No, you do not need to be an expert sysadmin to start. You should focus on practical everyday operational commands: managing files, editing configurations, inspecting running processes, checking network status, and reading system log outputs. Your administration skills will naturally deepen as you build projects.
13. What is the difference between continuous integration and continuous delivery?
Continuous Integration (CI) focuses on automatically merging, building, and testing code changes every time a developer commits updates to a repository. Continuous Delivery (CD) takes those tested changes and automatically prepares them for deployment to staging or production environments, ensuring code is always in a deployable state.
14. What are the dangers of ignoring security while learning tools?
Ignoring security early on can lead to risky habits, like embedding passwords or private cloud access keys directly inside public GitHub repositories. Learning to handle secret tokens securely from the beginning prevents cloud account compromises and aligns with real-world DevSecOps standards.
15. How much scripting is actually required on a daily basis?
Scripting is a daily necessity for automation tasks. You do not need to write complex application code, but you must be comfortable writing short Bash scripts to handle operating system tasks and basic Python scripts to parse data formats like JSON or YAML and interact with cloud APIs.
Final Thoughts
Embarking on this engineering path requires patience, consistency, and a structured strategy. The landscape can seem overwhelming at first, but remember that every complex cloud environment is built upon simple, foundational components. Focus on mastering core architectural concepts before worrying about advanced, specialized utilities.Take your time running code locally, understanding operating system principles, and learning to read error logs carefully. True competence comes from building, breaking, and fixing real automation labs. Stay curious, practice regularly, and build your technical toolkit step-by-step.
View the full article
With change a constant, cybersecurity professionals looking to improve their careers can benefit from the latest insights into employers’ needs. Data from Foote Partners on the skills and certification most in demand today may provide helpful signposts.
Analyzing more than 660 certifications as part of its 2Q 2026 “IT Skills Demand and Pay Trends Report,” Foote Partners calculated the most valuable IT security certifications to pursue right now based on two dimensions. The first, the average pay premium, measures the difference in pay between IT pros with a particular credential and those without it. The second, market value increase, measures the increase in pay gains over the past six months.
Together, average pay premium and market value increase can give cybersecurity pros a starting point in deciding which certification to pursue for more pay. Apart from considering their overall professional goals, security professionals should consider each certification’s training and exam costs, whether vendor-specific or vendor-neutral, and the lateral or vertical role opportunities it may open.
Here are the top 13 certifications paying higher premiums today in descending order.
GIAC Security Expert (GSE)
The GIAC Security Expert (GSE) portfolio certification is for security leaders wishing to prove their status as a top information security practitioner by showing they have offensive and defensive skills and hands-on practical skills. Available for more than 15 years, the GSE is considered one of the broadest and deepest cybersecurity certifications. To earn the certification, candidates must complete any six practitioner certifications and any four applied knowledge certifications.
GIAC allows candidates to customize the certification to fit their expertise and career. Candidates can also build their certification over any amount of time as along as the required certifications within the portfolio remain active. Practitioner certification exams are 2-5 hours in length, depending on the specific certification attempt, and applied knowledge certification exams are 4 hours in length.
Training fees: Some training is offered in affiliation with SANS Institute and costs $8,780.
Exam Fees: Because you need 10 certifications to achieve the GSE prices vary significantly. If you already hold a GIAC Certified Forensic Analyst (GCFA), the cost of one of the required certifications drops from $1,299 to $499. Most required certifications are priced at either $999 or $1,299 per attempt, though they can cost up to $11,190.
GIAC Security Professional (GSP)
The GIAC Security Professional (GSP) is designed to demonstrate the holder’s depth and breadth of information security knowledge. Launched approximately two years, this newer certification is the halfway point to the GSE. Customization of the certification is allowed, and to achieve it a candidate must complete any three practitioner certifications and any two applied knowledge certifications. Candidates can also build their certification over any amount of time as along as the required certifications within the portfolio remain active. Practitioner Certification exams are 2-5 hours in length, depending on the specific certification attempt, and Applied Knowledge Certification exams are 4 hours in length.
Training fees: Some training is offered in affiliation with SANS Institute and costs $8,780.
Exam Fees: Because you need five certifications to achieve the GSP prices vary significantly. If you already hold a GIAC Security Essentials (GSEC), the cost of one of the required certifications drops from $1,299 to $499. Most certifications required are priced at either $999 or $1,299 per attempt, though certification can cost up to $5,595.
Microsoft Certified Azure Cybersecurity Architect Expert
Those who earn the Microsoft Certified: Cybersecurity Architect Expert credential are able to translate a cybersecurity strategy into capabilities that protect the assets, business, and operations of an organization. Through the certification process, candidates learn to design, guide the implementation of, and maintain security solutions that follow zero-trust principles and best practices. You’ll also be able to design solutions for governance, risk, and compliance (GRC), security operations, and security posture management.​
As a prerequisite, candidate must have earned one of the following: Microsoft Certified: Azure Security Engineer Associate, Microsoft Certified: Identity and Access Administrator Associate, Microsoft Certified: Security Operations Analyst Associate certification.
Training fees: Self-paced training is available from the course’s page and free of charge. There is also an option to find an instructor-led training with pricing starting at $1,300.
Exam Fees: The exam costs $165 and Microsoft offers free practice assessments.
Certificate of Cloud Security Knowledge (CCSK)
As a certificate and not a certification — an important distinction — the Cloud Security Alliance (CSA) positions its Certificate of Cloud Security Knowledge as the foundation for future credentials and upskilling in the sector. From this perspective, the CCSK is helpful for cybersecurity analysts, compliance managers, security engineers, architects, and administrators. This vendor-neutral certificate has been recently updated and covers topics in zero trust, DevSecOps, cloud telemetry and security analytics, artificial intelligence, and more. CCSK offers a variety of training modalities, including an exam prep kit, instructor-led classes offered virtually and in person, and an online self-paced option. Candidates must score at least 80% on the exam, randomly pulling 60 multiple-choice questions from a test bank.
Training fees: Prices vary based on modality. A self-paced course and exam bundle costs $795, and online, instructor-led training begins at$995.
Exam fees: The exam costs $445, though discounts are available for corporate members, andUS military veterans can take it for free.
Certified in Risk and Information Systems Control (CRISC)
Administered by ISACA, theCertified in Risk and Information Systems Control certification provides candidates with training across four domains: corporate IT governance, risk assessment, risk response and reporting, and technology and security. CRISC is ideal for candidates who want to enhance and optimize business resilience and risk management across their organization. The exam consists of 150 questions across the four domains. Since ISACA began offering CRISC in 2010, more than 23,000 people have obtained the certification. ISACA claims 52% of certificate holders experienced on-the-job improvement, and CRISC is the “4th top-paying certification worldwide.” To qualify for CRISC, candidates must adhere to a code of professional ethics and have three years of work experience in risk assessment and risk response and reporting. On passing the exam, candidates must submit 20 CPE credits annually and120 continuing professional education (CPE) hours every three years to maintain their CRISC.
Training fees: ISACA offers three resources: anonline review course, $895; a review manual inprint ordigital, $139; and anannual subscription to a 833-question test bank, $399. Discounts are available for ISACA members.
Exam fees: $575, ISACA members; $760 for non-members; plus $50 application fee.
Certified Information Systems Auditor (CISA)
The Information Systems Audit and Control Association (ISACA)’s CISA is geared toward IT auditors who wish to upskill or earn a pay boost. According to ISACA, 70% of CISA holders report on-the-job improvement, and another 22% receive a raise. The course covers five domains: information systems auditing, implementation, and operations; protection of information assets; and IT governance. Thefour-hour exam consists of 150 multiple-choice questions, and candidates must earn 450 on ISACA’s scaled scoring system, with 800 representing a perfect score. Tomaintain their CISA, certification holders must take 20 CPE credits annually and 120 over three years through conferences, volunteering, on-demand learning, and other methods as well as paying maintenance fee. To qualify, you must have five years of experience in IT or IS audit, control, assurance, or security. You can apply for an experience waiver for up to three years.
Training fees: ISACA offers four resources: anonline review course for $895, anannual subscription to a question bank for $399, and a print or digitalreview manual for $139. Discounts are available for ISACA members. 
Exam fees: $575, members; $760, non-members; plus $50 application fee.
Certified Information Systems Security Professional (CISSP)
CISSP is a generalist cert from ISC2 aimed at security pros who have already established a strong track record. Advanced-level analysts interested in getting CISSP certified will need to know all the ins and outs of security and risk management, asset security, operations, security assessment and testing, and more. The CISSP certification requires five years of full-time experience in at least two of its eight domains. The exam is adaptive, ranging from 100 to 150 questions, including multiple-choice and advanced items of varying formats. Candidates need to score 700 points out of 1,000 to pass the exam.
Training fees:Online self-paced training fees start at $595 and can cost up to $1,993;online instructor-led bootcamp costs $2,880.
Exam fee:$749
Certified Secure Software Lifecycle Professional (CSSLP)
This ISC2 certification helps cyber pros build their career by training them to better incorporate security practices throughout software development phases. The CSSLP exam evaluates experience across eight domains: secure software concepts; secure software; lifecycle management; secure software requirements; secure software architecture and design; secure software implementation; secure software testing; secure software deployment, operations, maintenance; secure software supply chain. Those wishing to acquire the CSSLP must have four years of paid work experience as a software development lifecycle professional in one or more of the eight domains.
Training fees:Online self-paced training fees start at $550 and can cost up to $1,718; online instructor-led bootcamp costs $2,650.
Exam fee: $599
Check Point Certified Security Master (CCSM)
To become a Check Point Certified Security Master (CCSM) security professionals must have an active Certified Security Expert (CCSE) and mast have completed two subsequent Check Point Specialist accreditations. CCSM validates advanced expertise in configuring, deploying, and troubleshooting Check Point solutions. Check Point certifications are valid for 24 months.
Training fees: Training for CCSE is $3,500
Exam fee: The fee for CCSE is $300
GIAC Experienced Cybersecurity Specialist (GX-CS)
The Experienced Cybersecurity Specialist (GX-CS) sits within the applied knowledge certifications with GIAC. The certification is for practitioners to show their qualifications for advanced, hands-on IT systems roles across cybersecurity. Its intent is to demonstrate the candidate can navigate evolving real-world threats. The certification covers five areas: network security analysis and tools; evaluation of Windows and Linux OS security; advanced security tools and techniques; common attacks and defenses; and implementing overall cybersecurity and information security. The GX-CS is for GSEC holders who acquired additional experience — the GSEC exam costs $999, and SANS Institute offers training for GSEC.
Training fees: There are a few related affiliate training programs provided by SANS, each costing approximately $9,000.
Exam fee: $499 for those with an active GSEC; otherwise $1,299.
OffSec Certified Professional (OSCP+)
To earn theOffSec Certified Professional certification, candidates must complete the affiliated course, PEN-200: Penetration Testing with Kali Linux, and pass the subsequent exam. The course covers 20 plus modules, including information gathering, vulnerability scanning, encryption and cryptography, Active Directory and AWS exploitation, and more. Certificate holders will have shown mastery of penetration testing methodologies ideal for new roles, such as an ethical hacker, incident responder, or threat hunter. The OSCP+ exam is entirely hands-on, and test-takers must compromise systems within a lab environment.
OffSec does not enforce any prerequisites but recommends candidates be familiar with TCP/IP networking, scripting in Bash and Python, and Linux and Windows, which they can learn through itsNetwork Penetration Testing Essentials Learning Path.
Training and exam fees: OffSec bundles the course and exam for $1,749 and as a yearly subscription that includes access to one 200 or 300-level course, the associated labs, and two exam attempts for $2,749 annually.
OffSec Experienced Penetration Tester (OSEP)
TheOffSec Experienced Penetration Tester is ideal for penetration testers and ethical hackers who need more advanced techniques to sharpen offensive skills against modern enterprise defenses. Across more than 20 modules, the certification introduces these professionals to advanced offensive techniques, EDR and AV evasion, advanced Windows offensive security and more. During the two-day proctored exam, professionals must connect to a lab environment via a VPN and compromise multiple machines within a network through several possible attack paths. To pass, professionals must achieve the objective stated within the control panel or score atleast 100 points — 10 points are awarded for every flag found in a local.txt or proof.txt file. Professionals who earn their OSEP can also obtain theirOSCE³ Certification to demonstrate their mastery of offensive security. They would also need to pass the exams for WEB-300: Advanced Web Attacks and Exploitation and EXP-301: Windows User Mode Exploit Development, after which the OSCE³ is automatically awarded.
While there are no formal prerequisites for OSEP, OffSec recommends candidates take thePEN-200: Penetration Testing with Kali Linux or have a strong foundation in operating systems, networking, and scripting. 
Training and exam fees: OffSec bundles the course and exam for $1,749, and as a yearly subscription that includes access to one 200 or 300-level course, the associated labs, and two exam attempts for $2,749 annually.
OffSec Exploitation Expert (OSEE)
OffSec’s Offensive Security Exploitation Expert is a vendor-specific certification, focusing on advanced Windows exploitation, with OffSec deeming it its most challenging certification. As a penetration testing course, the material dives deep into topics such as advanced heap manipulations and disarming WDEG mitigations. Certificate holders can identify problematic code in Windows operating systems and develop exploits. For the practical exam, candidates must complete a comprehensive penetration test of software and create an exploit within a lab environment — all within 72 hours. To qualify, you must have experience debugging, developing Windows exploits, and using the following technologies: WinDBG, x86_64, IDA Pro, and basic C/C++ programming. OffSec recommends completing its300-level certifications before OSEE.
Training and exam fees: OffSec offers only instructor-led, in-person training. Enterprises should inquire for more information.
View the full article
With change a constant, cybersecurity professionals looking to improve their careers can benefit from the latest insights into employers’ needs. Data from Foote Partners on the skills and certification most in demand today may provide helpful signposts.
Analyzing more than 660 certifications as part of its 2Q 2026 “IT Skills Demand and Pay Trends Report,” Foote Partners calculated the most valuable IT security certifications to pursue right now based on two dimensions. The first, the average pay premium, measures the difference in pay between IT pros with a particular credential and those without it. The second, market value increase, measures the increase in pay gains over the past six months.
Together, average pay premium and market value increase can give cybersecurity pros a starting point in deciding which certification to pursue for more pay. Apart from considering their overall professional goals, security professionals should consider each certification’s training and exam costs, whether vendor-specific or vendor-neutral, and the lateral or vertical role opportunities it may open.
Here are the top 13 certifications paying higher premiums today in descending order.
GIAC Security Expert (GSE)
The GIAC Security Expert (GSE) portfolio certification is for security leaders wishing to prove their status as a top information security practitioner by showing they have offensive and defensive skills and hands-on practical skills. Available for more than 15 years, the GSE is considered one of the broadest and deepest cybersecurity certifications. To earn the certification, candidates must complete any six practitioner certifications and any four applied knowledge certifications.
GIAC allows candidates to customize the certification to fit their expertise and career. Candidates can also build their certification over any amount of time as along as the required certifications within the portfolio remain active. Practitioner certification exams are 2-5 hours in length, depending on the specific certification attempt, and applied knowledge certification exams are 4 hours in length.
Training fees: Some training is offered in affiliation with SANS Institute and costs $8,780.
Exam Fees: Because you need 10 certifications to achieve the GSE prices vary significantly. If you already hold a GIAC Certified Forensic Analyst (GCFA), the cost of one of the required certifications drops from $1,299 to $499. Most required certifications are priced at either $999 or $1,299 per attempt, though they can cost up to $11,190.
GIAC Security Professional (GSP)
The GIAC Security Professional (GSP) is designed to demonstrate the holder’s depth and breadth of information security knowledge. Launched approximately two years, this newer certification is the halfway point to the GSE. Customization of the certification is allowed, and to achieve it a candidate must complete any three practitioner certifications and any two applied knowledge certifications. Candidates can also build their certification over any amount of time as along as the required certifications within the portfolio remain active. Practitioner Certification exams are 2-5 hours in length, depending on the specific certification attempt, and Applied Knowledge Certification exams are 4 hours in length.
Training fees: Some training is offered in affiliation with SANS Institute and costs $8,780.
Exam Fees: Because you need five certifications to achieve the GSP prices vary significantly. If you already hold a GIAC Security Essentials (GSEC), the cost of one of the required certifications drops from $1,299 to $499. Most certifications required are priced at either $999 or $1,299 per attempt, though certification can cost up to $5,595.
Microsoft Certified Azure Cybersecurity Architect Expert
Those who earn the Microsoft Certified: Cybersecurity Architect Expert credential are able to translate a cybersecurity strategy into capabilities that protect the assets, business, and operations of an organization. Through the certification process, candidates learn to design, guide the implementation of, and maintain security solutions that follow zero-trust principles and best practices. You’ll also be able to design solutions for governance, risk, and compliance (GRC), security operations, and security posture management.​
As a prerequisite, candidate must have earned one of the following: Microsoft Certified: Azure Security Engineer Associate, Microsoft Certified: Identity and Access Administrator Associate, Microsoft Certified: Security Operations Analyst Associate certification.
Training fees: Self-paced training is available from the course’s page and free of charge. There is also an option to find an instructor-led training with pricing starting at $1,300.
Exam Fees: The exam costs $165 and Microsoft offers free practice assessments.
Certificate of Cloud Security Knowledge (CCSK)
As a certificate and not a certification — an important distinction — the Cloud Security Alliance (CSA) positions its Certificate of Cloud Security Knowledge as the foundation for future credentials and upskilling in the sector. From this perspective, the CCSK is helpful for cybersecurity analysts, compliance managers, security engineers, architects, and administrators. This vendor-neutral certificate has been recently updated and covers topics in zero trust, DevSecOps, cloud telemetry and security analytics, artificial intelligence, and more. CCSK offers a variety of training modalities, including an exam prep kit, instructor-led classes offered virtually and in person, and an online self-paced option. Candidates must score at least 80% on the exam, randomly pulling 60 multiple-choice questions from a test bank.
Training fees: Prices vary based on modality. A self-paced course and exam bundle costs $795, and online, instructor-led training begins at$995.
Exam fees: The exam costs $445, though discounts are available for corporate members, andUS military veterans can take it for free.
Certified in Risk and Information Systems Control (CRISC)
Administered by ISACA, theCertified in Risk and Information Systems Control certification provides candidates with training across four domains: corporate IT governance, risk assessment, risk response and reporting, and technology and security. CRISC is ideal for candidates who want to enhance and optimize business resilience and risk management across their organization. The exam consists of 150 questions across the four domains. Since ISACA began offering CRISC in 2010, more than 23,000 people have obtained the certification. ISACA claims 52% of certificate holders experienced on-the-job improvement, and CRISC is the “4th top-paying certification worldwide.” To qualify for CRISC, candidates must adhere to a code of professional ethics and have three years of work experience in risk assessment and risk response and reporting. On passing the exam, candidates must submit 20 CPE credits annually and120 continuing professional education (CPE) hours every three years to maintain their CRISC.
Training fees: ISACA offers three resources: anonline review course, $895; a review manual inprint ordigital, $139; and anannual subscription to a 833-question test bank, $399. Discounts are available for ISACA members.
Exam fees: $575, ISACA members; $760 for non-members; plus $50 application fee.
Certified Information Systems Auditor (CISA)
The Information Systems Audit and Control Association (ISACA)’s CISA is geared toward IT auditors who wish to upskill or earn a pay boost. According to ISACA, 70% of CISA holders report on-the-job improvement, and another 22% receive a raise. The course covers five domains: information systems auditing, implementation, and operations; protection of information assets; and IT governance. Thefour-hour exam consists of 150 multiple-choice questions, and candidates must earn 450 on ISACA’s scaled scoring system, with 800 representing a perfect score. Tomaintain their CISA, certification holders must take 20 CPE credits annually and 120 over three years through conferences, volunteering, on-demand learning, and other methods as well as paying maintenance fee. To qualify, you must have five years of experience in IT or IS audit, control, assurance, or security. You can apply for an experience waiver for up to three years.
Training fees: ISACA offers four resources: anonline review course for $895, anannual subscription to a question bank for $399, and a print or digitalreview manual for $139. Discounts are available for ISACA members. 
Exam fees: $575, members; $760, non-members; plus $50 application fee.
Certified Information Systems Security Professional (CISSP)
CISSP is a generalist cert from ISC2 aimed at security pros who have already established a strong track record. Advanced-level analysts interested in getting CISSP certified will need to know all the ins and outs of security and risk management, asset security, operations, security assessment and testing, and more. The CISSP certification requires five years of full-time experience in at least two of its eight domains. The exam is adaptive, ranging from 100 to 150 questions, including multiple-choice and advanced items of varying formats. Candidates need to score 700 points out of 1,000 to pass the exam.
Training fees:Online self-paced training fees start at $595 and can cost up to $1,993;online instructor-led bootcamp costs $2,880.
Exam fee:$749
Certified Secure Software Lifecycle Professional (CSSLP)
This ISC2 certification helps cyber pros build their career by training them to better incorporate security practices throughout software development phases. The CSSLP exam evaluates experience across eight domains: secure software concepts; secure software; lifecycle management; secure software requirements; secure software architecture and design; secure software implementation; secure software testing; secure software deployment, operations, maintenance; secure software supply chain. Those wishing to acquire the CSSLP must have four years of paid work experience as a software development lifecycle professional in one or more of the eight domains.
Training fees:Online self-paced training fees start at $550 and can cost up to $1,718; online instructor-led bootcamp costs $2,650.
Exam fee: $599
Check Point Certified Security Master (CCSM)
To become a Check Point Certified Security Master (CCSM) security professionals must have an active Certified Security Expert (CCSE) and mast have completed two subsequent Check Point Specialist accreditations. CCSM validates advanced expertise in configuring, deploying, and troubleshooting Check Point solutions. Check Point certifications are valid for 24 months.
Training fees: Training for CCSE is $3,500
Exam fee: The fee for CCSE is $300
GIAC Experienced Cybersecurity Specialist (GX-CS)
The Experienced Cybersecurity Specialist (GX-CS) sits within the applied knowledge certifications with GIAC. The certification is for practitioners to show their qualifications for advanced, hands-on IT systems roles across cybersecurity. Its intent is to demonstrate the candidate can navigate evolving real-world threats. The certification covers five areas: network security analysis and tools; evaluation of Windows and Linux OS security; advanced security tools and techniques; common attacks and defenses; and implementing overall cybersecurity and information security. The GX-CS is for GSEC holders who acquired additional experience — the GSEC exam costs $999, and SANS Institute offers training for GSEC.
Training fees: There are a few related affiliate training programs provided by SANS, each costing approximately $9,000.
Exam fee: $499 for those with an active GSEC; otherwise $1,299.
OffSec Certified Professional (OSCP+)
To earn theOffSec Certified Professional certification, candidates must complete the affiliated course, PEN-200: Penetration Testing with Kali Linux, and pass the subsequent exam. The course covers 20 plus modules, including information gathering, vulnerability scanning, encryption and cryptography, Active Directory and AWS exploitation, and more. Certificate holders will have shown mastery of penetration testing methodologies ideal for new roles, such as an ethical hacker, incident responder, or threat hunter. The OSCP+ exam is entirely hands-on, and test-takers must compromise systems within a lab environment.
OffSec does not enforce any prerequisites but recommends candidates be familiar with TCP/IP networking, scripting in Bash and Python, and Linux and Windows, which they can learn through itsNetwork Penetration Testing Essentials Learning Path.
Training and exam fees: OffSec bundles the course and exam for $1,749 and as a yearly subscription that includes access to one 200 or 300-level course, the associated labs, and two exam attempts for $2,749 annually.
OffSec Experienced Penetration Tester (OSEP)
TheOffSec Experienced Penetration Tester is ideal for penetration testers and ethical hackers who need more advanced techniques to sharpen offensive skills against modern enterprise defenses. Across more than 20 modules, the certification introduces these professionals to advanced offensive techniques, EDR and AV evasion, advanced Windows offensive security and more. During the two-day proctored exam, professionals must connect to a lab environment via a VPN and compromise multiple machines within a network through several possible attack paths. To pass, professionals must achieve the objective stated within the control panel or score atleast 100 points — 10 points are awarded for every flag found in a local.txt or proof.txt file. Professionals who earn their OSEP can also obtain theirOSCE³ Certification to demonstrate their mastery of offensive security. They would also need to pass the exams for WEB-300: Advanced Web Attacks and Exploitation and EXP-301: Windows User Mode Exploit Development, after which the OSCE³ is automatically awarded.
While there are no formal prerequisites for OSEP, OffSec recommends candidates take thePEN-200: Penetration Testing with Kali Linux or have a strong foundation in operating systems, networking, and scripting. 
Training and exam fees: OffSec bundles the course and exam for $1,749, and as a yearly subscription that includes access to one 200 or 300-level course, the associated labs, and two exam attempts for $2,749 annually.
OffSec Exploitation Expert (OSEE)
OffSec’s Offensive Security Exploitation Expert is a vendor-specific certification, focusing on advanced Windows exploitation, with OffSec deeming it its most challenging certification. As a penetration testing course, the material dives deep into topics such as advanced heap manipulations and disarming WDEG mitigations. Certificate holders can identify problematic code in Windows operating systems and develop exploits. For the practical exam, candidates must complete a comprehensive penetration test of software and create an exploit within a lab environment — all within 72 hours. To qualify, you must have experience debugging, developing Windows exploits, and using the following technologies: WinDBG, x86_64, IDA Pro, and basic C/C++ programming. OffSec recommends completing its300-level certifications before OSEE.
Training and exam fees: OffSec offers only instructor-led, in-person training. Enterprises should inquire for more information.
View the full article
Researchers at Nebula Security have disclosed GhostLock (CVE-2026-43499), a 15-year-old Linux kernel flaw that lets any logged-in user take full root control of a machine that has not been patched. The vulnerable code has shipped by default in essentially every mainstream distribution since 2011. The flaw needs no special permission, no unusual settings, and no networkView the full article
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2026-48282 (CVSS score: 10.0) - A path traversal vulnerability in Adobe ColdFusion that could lead to arbitrary code execution in the context of theView the full article
The Messages app is arguably the most important app on the iPhone, and in iOS 27, Apple is adding some useful improvements. There are some quality-of-life fixes for longtime issues, and new AI features.


Contextual Suggestions

Messages uses Apple Intelligence to surface one-tap suggestions based on what's being discussed in a conversation. If someone you're talking to asks you to send a photo, Messages recognizes the request and suggests adding the relevant photos.


If someone invites you to an event, Messages offers to add it to your Calendar. If someone asks you to pick something up at the store, Messages will suggest adding it to your Reminders list or to the Notes app.

Messages will also suggest Genmoji you might want to generate based on the conversation.

Write With Siri

There's a systemwide Write with Siri feature that's available in the Messages app. ‌Siri‌ AI can compose entire messages for you, proofread your messages, or give you feedback.


There is a dedicated Write with ‌Siri‌ button above the keyboard where you can get to the new ‌Siri‌ tools.

Smart Reply suggestions also use your writing style so they sound more natural.

Siri AI

‌Siri‌ AI integrates with the Messages app. You can ask ‌Siri‌ to find images, videos, links, addresses, phone numbers, and more in the Messages app, plus ‌Siri‌ can draft message replies and act on info in the Messages app, like adding an event date to the Calendar app.

Drawing

You can use a new Drawing interface in the Messages app to send little sketches and notes. It's available when tapping on the "+" button next to the text bar in a conversation.


The drawing interface is the same as the Markup tool available in apps like Photos and Notes. There's a marker, a pen, a highlighter, and an eraser, plus options to use the tools in any color.

Accidental Recordings

The ‌iOS 27‌ Messages app includes an option to remove the audio button from the text bar. In the Messages section of the Settings app, you can navigate to Show in Text Field to set the right-side button to Record Audio, Start Dictation, or None.


Setting the option to none will prevent you from accidentally recording a voice message with an errant tap.

Tapbacks

Messages now consolidates notifications for Tapback responses, which is useful when you're in a group thread and tons of people are sending emojis.

Sending

When a message fails to send in ‌iOS 27‌, your iPhone will automatically retry sending it. In iOS 26, you get an alert if a message fails, but you have to manually tap to try to send it again.

The Messages app also supports continuous sending of photos, videos, and texts. If you're sending someone a photo and your connection is poor or you go offline, it automatically resumes sending when the connection is restored.

Syncing

Cross-device syncing is improved in ‌iOS 27‌, so conversations will sync more reliably across the iPhone, iPad, Mac, Apple Watch, and Vision Pro. Fewer messages will fail to sync and display properly when you switch between devices.

Messages, read states, reactions, and attachments sync faster.

When you take a photo and then go to the Messages app to send it, you're more likely to see it right away. Apple says the iPhone is faster to add recent camera captures to Messages.

Search

Apple improved its search index across apps like Mail and Messages, so you're more likely to find what you're looking for.

You can also search for conversations in Messages using a phone number or a contact's nickname.

Offloaded Media

If you have photos or videos that have been offloaded to save storage space, you can still find them in the ‌iOS 27‌ Messages app when you search.

Thumbnails are also displayed for offloaded media instead of a placeholder image, so you know what's there.

RCS

In RCS message conversations with Android users, you can now long press on a message to send an inline reply. ‌iOS 27‌ also shows reaction emoji directly on images and videos, a feature that was not functioning in ‌iOS 26‌.

Genmoji

Apple revamped ‌Genmoji‌ creation in ‌iOS 27‌. There's an updated interface for describing an emoji that you want, with options to start from an existing emoji, choose an image from ‌Photos‌, or select a person.


After uploading an image or using a text phrase to create a ‌‌Genmoji‌‌, there's a new "Describe a change" interface for making updates to what you've already created. You can iterate on designs and change individual elements of a ‌‌Genmoji‌‌, tweaking colors and objects. Each change uses the old base instead of regenerating a new ‌‌Genmoji‌‌.

With a series of requests, it is possible to make a complicated, multi-element ‌‌Genmoji‌‌. Along with describing changes, you can add in additional emoji, and the interface makes suggestions on what to do next.

‌‌Genmoji‌‌ output is more consistent, and ‌‌Genmoji‌‌ look more like real emoji with a 3D, cartoonish style by default. There is now an option to change style, so if you don't want the cartoonish look, you can ask for something else like a drawing or a sketch.

Large Conversations

Large conversations load and scroll faster in ‌iOS 27‌, according to Apple.

Read More

More on all of the features in ‌iOS 27‌ can be found in our iOS 27 guide.Related Roundups: iOS 27, iPadOS 27
This article, "iOS 27: 13 Ways the Messages App is Smarter and Less Annoying" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Popular flight tracking app Flighty has a new Connection Assistant that helps travelers make connecting flights at airports worldwide.


Connection Assistant gives flyers a step-by-step guide for all connections on a trip. It will outline whether users need to go through passport control, recheck a bag, go through security, or change terminals, and it gives an estimate of how long the process will take. Adding a passport to the app will let users know if they can use e-gates or skip passport control.

Users will get a heads-up on how tight a connecting flight is based on recommended minimums for planning purposes, and how long it typically takes to get from one flight to another. Flighty says Connection Assistant combines flight tracking data with airport-specific procedures and statistical modeling of millions of prior flights to create a custom walkthrough for each flight.

Flighty is also now able to predict arrival and departure gates, gate range, or concourse when a flight is first added to the app. The predictions are based on the flight's historical gates, and on the day of a connection, predictions will narrow to the exact gate.

Flighty can be downloaded from the App Store for free, with weekly, monthly, annual, and lifetime purchase options for Pro features.
This article, "Flighty Update Adds Step-by-Step Guide for Connecting Flights" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
A critical vulnerability in the Kernel-based Virtual Machine (KVM) module of the Linux kernel allows attackers with root access in a guest VM to execute arbitrary code on the host system. This violates the most important security boundary that cloud providers and enterprises rely on to isolate sensitive processes on servers.
The vulnerability, tracked as CVE-2026-53359, stems from a use-after-free memory bug in the shadow MMU emulation of KVM on x86 CPU architecture. According to Hyunwoo Kim, the researcher who discovered it, the flaw has been present in the Linux kernel code for the past 16 years and is the first KVM guest-to-host escape vulnerability that works on both Intel and AMD CPUs.
Hyunwoo dubbed the flaw Januscape and reported it through Google’s kvmCTF, a vulnerability reward program that pays up to $250,000 for a full VM escape demonstrated in KVM, which Google uses in Google Cloud as well as Android infrastructure.
“With guest-side actions alone, an attacker can compromise the host that runs their VM,” the research wrote in an advisory on GitHub. “For example, an attacker who has rented just a single instance on a public cloud could panic the host kernel to take down every other tenant VM on the same physical machine (DoS), or run code with root privilege on the host to take over the host and all the guests on it (RCE).”
On some Linux distributions, including Red Hat Enterprise Linux (RHEL), the vulnerability can also be exploited for local privilege escalation inside the guest VM because the /dev/kvm device is world-writable (0666).
The Januscape flaw was patched by the Linux kernel maintainers on June 16, but users should check for updates from their respective distribution maintainers. Because Linux has a large ecosystem of variants and support channels, it could take a while for the patches to trickle down to all existing flavors.
VM escape proof of concept
Hyunwoo released a proof-of-concept that demonstrates the kernel panic and denial-of-service condition, but he has held back on releasing the full VM escape exploit for now. Even though he said in his detailed write-up that achieving a full escape is difficult because the primitive is tricky, it doesn’t mean other researchers or malicious attackers wouldn’t be able to develop a working exploit.
Januscape only works on servers with Intel and AMD CPUs, but Hyunwoo also disclosed a different KVM guest-to-host escape vulnerability dubbed ITScape (CVE-2026-46316) last month that works on ARM64 architecture. The researcher, who uses the moniker V4bel online, is also the person who developed the Dirty Frag Linux privilege escalation exploit earlier this year by combining the Dirty Pipe (CVE-2022-0847) and Copy Fail (CVE-2026-31431) kernel page-cache corruption techniques.
VM escape exploits are among the most dangerous attacks to enterprise environments, which often use virtualization to isolate legacy applications and services that are no longer supported by their developers or whose compromise could pose a big risk to the entire infrastructure.
Attackers have exploited VM escape vulnerabilities in the wild before, particularly targeting the VMware ESXi hypervisor, and there are even APT groups that specialize in targeting virtualized environments.
View the full article
Palo Alto Networks’ security division, Unit 42, is warning of yet another campaign targeting Microsoft Teams users.

The new campaign begins with Teams users receiving an email asking if they would like to participate in a survey. If they open the attached PDF file, they will shortly thereafter receive a voice call purporting to be from Microsoft Support.

The fake support representative then attempts to gain permission to install a remote access tool, and in the process, Ether RAT — a Trojan that gives the scammers full access to the affected computer — is also installed.

After that, it’s a simple matter to steal sensitive data and files from users, reports Bleeping Computer.

In other words, there’s every reason to be on guard against both email surveys and support calls.
View the full article
Apple today provided public beta testers with the fourth betas of iOS 26.6, iPadOS 26.6, macOS Tahoe 26.6, watchOS 26.6, and tvOS 26.6, with the software coming a day after Apple seeded the betas to developers.


After signing up to beta test the software updates on Apple's beta site, public beta testers can download the new software using the Software Update section in the Settings app on each device.

iOS 26.6 has a feature that will let you know when you have blocked too many contacts, but the limit is in the thousands so most users may not ever see the messaging. There are also signs of a new iPhone anti-snatching feature that locks a stolen iPhone when it's grabbed from your hand.

No other major new features have been found in any of the software updates, with Apple likely focusing on bug fixes and security improvements. We're nearing the end of the "26" software cycle, with Apple planning to release iOS 27, iPadOS 27, macOS Golden Gate, and more in September.Related Roundups: iOS 26, iPadOS 26, macOS TahoeRelated Forums: iOS 26, macOS Tahoe
This article, "Apple Seeds Fourth Public Betas of iOS 26.6, macOS Tahoe 26.6 and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Anthropic today said it is bringing Claude Cowork to mobile and the web, with beta access rolling out to Max users first. Claude Cowork is a feature that lets Claude access local files and connected tools, then autonomously complete tasks on your behalf.


Claude Cowork tasks can now be started and monitored on the web, desktop, and Claude mobile apps. Claude is able to work in the background in the cloud even when no device is online, sending an alert when it needs permission to move forward with a task.

Anthropic says the desktop is still the best place for the full Cowork experience because it gives Claude access to local files and a browser, but those who were unable to install a desktop app can now use Cowork.

Claude chat and Cowork have also been combined into a single view on the web and desktop and are no longer separate tabs.

As part of the expansion to mobile, Anthropic is extending doubled Cowork usage limits through August 5.Tag: Anthropic
This article, "Claude Cowork Expands to iPhone and the Web" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple previously announced that the first iOS 27 public beta would be released in July, meaning that it should be available at some point this month.


Below, we have outlined how to get ready for the iOS 27 public beta, which will likely follow the third or fourth iOS 27 developer beta.

Release Date History

The first public betas of iOS 16 through iOS 26 came out between July 11 and July 24.


iOS 26 Public Beta: Thursday, July 24, 2025
iOS 18 Public Beta: Monday, July 15, 2024
iOS 17 Public Beta: Wednesday, July 12, 2023
iOS 16 Public Beta: Monday, July 11, 2022


Get Ready

Once it is available, anyone will be able to install the iOS 27 public beta on a compatible iPhone for free by following the steps outlined below.

Sign up at beta.apple.com for free.
Open your iPhone's Settings app and tap General → Software Update → Beta Updates.
Select the iOS 27 Public Beta option (restart your iPhone if you don't see it) and follow the on-screen steps.If you are impatient, anyone can install the iOS 27 developer beta for free right now.

Warning: While the first public beta is usually more stable than the first developer beta, iOS betas often have bugs and performance issues. You may not be able to use some apps that you rely on, and issues can extend to CarPlay. Backing up your iPhone before installing beta software is highly recommended, and relying on a secondary iPhone altogether is always a good idea if possible.

iOS 27 is compatible with the iPhone 11 and newer, but Apple Intelligence features like Siri AI are limited to the iPhone 15 Pro and newer.

Keep in mind that the revamped version of Siri has a waitlist. To join the waitlist, open the Settings app on iOS 27 and tap on Siri and you will find it there. In some cases, it can take a few weeks to receive access to Siri AI and the Siri app.

Beyond the new Siri, iOS 27 features Liquid Glass design enhancements, performance improvements, expanded child safety features, and more.Related Roundups: iOS 27, iPadOS 27
This article, "iOS 27 Public Beta is Coming Soon" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Google will introduce its latest Pixel smartphones at an August 12 event, debuting the updated devices about a month ahead of when Apple is expected to announce new iPhone models.


Google is expected to launch the Pixel 11, Pixel 11 Pro, Pixel 11 Pro XL, and a new Pixel 11 Pro Fold. Leaked CAD renders suggest the new smartphones will have slimmed down bezels, a slightly thinner design than the Pixel 10, and an updated all-black camera bar.

The latest Pixel foldable is expected to look like the Pixel 10 Pro Fold, but it could be thinner with some minor changes to the rear camera bar. It's supposed to be about 10.1mm thick when folded and 4.8mm thick when unfolded, which is not too far off from the rumored thickness of Apple's foldable iPhone.

Last year, Apple cut the 128GB iPhone and the iPhone 17 launched with 256GB of starting storage, and Google plans to make the same move with the Pixel 11.

This year's Pixel devices could be more expensive, and a leak out of Europe suggests a €100 price increase across all new Pixel smartphones compared to the prior pricing. Most device manufacturers are upping prices in 2026 because of the soaring costs of DRAM.

Apple raised the prices of all Macs and iPads in June, and the new iPhones coming in the fall are likely going to be more expensive than the ‌iPhone 17‌ lineup. The iPhone 18 Pro and Pro Max could be up to $200 more expensive, according to analyst estimates.

Google's Pixel 11 lineup will compete with Apple's ‌iPhone 18 Pro‌ models, which Apple is expected to introduce in September. Apple won't have a Pixel 11 equivalent in 2026 because it is holding its base iPhone 18 until spring 2027, but it will launch the ‌iPhone 18 Pro‌, ‌iPhone 18 Pro‌ Max, and its first foldable iPhone.

Samsung is also going to launch new smartphones ahead of when Apple introduces the ‌iPhone 18‌ lineup. The next Samsung Unpacked event is expected later in July, with the company set to introduce the Galaxy Z Fold 8, the Galaxy Z Flip 8, and the Galaxy Z Fold 8 Wide. The latter foldable has an aspect ratio that's closer to the rumored foldable iPhone.

With the foldable iPhone, Apple will be competing with Samsung and Google, and both companies have had time to refine their foldable device designs. Samsung has been making foldables since 2019, and Google's first Pixel Fold came out in 2023.Tags: Foldable iPhone, Google, Google Pixel
This article, "Google's Pixel 11 Event Set for August 12, a Month Before Apple Debuts Foldable iPhone" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today released a third version of the beta firmware it is testing for the AirPods Pro 2, AirPods Pro 3, AirPods 4, and AirPods Max 2. The firmware is limited to developers at the current time, and it has a build number of 9A5314b.


In iOS 27, iPadOS 27, and macOS Golden Gate, Apple is adding a new AirPods interface, a slider for Adaptive mode, and support for custom EQ, so the firmware adds support for those features. AirPods are also compatible with the new Siri AI.

When the AirPods are connected to an iPhone, iPad, or Mac running iOS 26, iPadOS 26, or macOS 26 or later, there is a beta firmware option that can be accessed in the AirPods settings interface. Toggling on beta updates allows users to install the beta firmware.

Firmware updates can be downloaded by connecting the AirPods to an Apple device and connecting them to power. It can take a few hours for new firmware to be installed because there is no straightforward software update option like there is for other Apple devices.Related Roundups: AirPods 4, AirPods Max 2, AirPods Pro 3, iOS 27, iPadOS 27Buyer's Guide: AirPods (Caution), AirPods Max (Buy Now), AirPods Pro (Neutral)Related Forum: AirPods
This article, "Apple Releases New AirPods Beta Firmware With iOS 27 Features" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
The iPhone 18 Pro's aluminum frame and camera housing are both set to grow thicker than the iPhone 17 Pro's, according to new posts from the leaker known as "Fixed Focus Digital."


In a post on Weibo today, the leaker said that aluminum alloy mid-frames are "going to be used in straight-edge phones for a long time to come," referring to Apple's continued use of the material introduced with the ‌iPhone 17 Pro‌ rather than a return to titanium. Citing leaked materials from Tata, the leaker claimed that the ‌iPhone 18 Pro‌'s overall body and rear camera plateau, will be thicker than the current model, corresponding to a roughly 2mm increase the leaker says it can now confirm firsthand. The leaker added that the final thickness figure "will indeed be somewhat surprising."

The post links to two of the leaker's earlier claims. In one, Fixed Focus Digital said the ‌iPhone 18 Pro‌ lineup "will still feature an aluminum alloy build" with "indeed excellent" heat dissipation, while warning that buyers should be cautious about the new color options given the discoloration and surface chipping that has affected some ‌iPhone 17 Pro‌ units. In the other, the leaker said supply chain feedback confirmed the ‌iPhone 18 Pro‌'s main camera upgrade and indicated that the aluminum alloy back panel would grow by 2mm.

That 2mm figure lines up with a separate post the leaker shared on July 4, which estimated that the ‌iPhone 18 Pro‌ models' overall thickness will land somewhere around 9.9–10.9mm. That would mark a substantial jump from the ‌iPhone 17 Pro‌ and ‌iPhone 17 Pro‌ Max, which both measure 8.75mm thick. It also builds on dummy models shared in April, which suggested the ‌iPhone 18 Pro‌ Max's camera plateau would grow to 11.54mm, up from 11.23mm on the ‌iPhone 17 Pro‌ Max.

The added bulk is reportedly tied to a redesigned main camera system. The device is widely rumored to feature the iPhone's first variable aperture, a component reported to cost Apple 50% more than the current fixed-aperture lens. Production of the new module is said to be ramping up at suppliers including LG Innotek and Sunny Optical.

The ‌iPhone 18 Pro‌ and ‌iPhone 18 Pro‌ Max are expected to launch alongside Apple's first foldable iPhone this September.Related Roundups: iPhone 17 Pro, iPhone 18 ProTag: Fixed Focus DigitalBuyer's Guide: iPhone 17 Pro (Caution)Related Forum: iPhone
This article, "iPhone 18 Pro Could Be Noticeably Thicker Than iPhone 17 Pro" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Amazon today has a few discounts on the iPad mini 7, starting at $489.00 for the 128GB Wi-Fi tablet, down from $599.00. This is the first time since Prime Day that we've tracked all Wi-Fi models of the tablet on sale with notable discounts.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Additionally, you can get the 256GB Wi-Fi iPad mini 7 for $589.00 and the 512GB Wi-Fi iPad mini 7 for $769.00, both available in multiple colors. Of course, when compared to the pre-hike prices on each model, these are all second-best prices on the iPad mini 7.

$110 OFF128GB Wi-Fi iPad mini 7 for $489.00
$110 OFF256GB Wi-Fi iPad mini 7 for $589.00
$130 OFF512GB Wi-Fi iPad mini 7 for $769.00

Additionally, you can pair a new iPad mini with the Apple Pencil Pro for $99.00 on sale right now on Amazon, down from $129.00.

$30 OFFApple Pencil Pro for $99.00

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Amazon Discounts All Wi-Fi iPad Mini 7 Models by Up to $130" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Faster detection and response are two of the clearest promises in the move toward an agentic SOC, but speed on its own is not the point. What matters is whether managed SOC providers can reduce the time it takes to qualify, investigate, escalate, and act without making the workflow harder to trust. In this blog, we look at how agentic workflows can improve MTTD and MTTR, and what that actually means in day-to-day managed security operations.
View the full article
A federal judge has thrown out most of the claims in a proposed class action accusing Apple's AirPods Max of a condensation defect, ruling that the $549 headphones do what they were built for even if they fall short of a buyer's expectations (via Law360).


Filed in April 2025 by two plaintiffs, the suit alleges that condensation builds up inside the AirPods Max ear cups during normal indoor use, which can degrade sound, break ear detection and active noise cancellation, and interfere with charging.

From the 24-page order:
Both plaintiffs claim that Apple knew about the problem as early as 2018, but stayed quiet.

However, in an order issued on Monday, Judge Orelia E. Merchant of the Eastern District of New York dismissed every claim brought under New York law with prejudice. She found that the state's implied warranty of merchantability asks only that a product meet "a minimal level of quality," not that it needs to be perfect. She also noted that one plaintiff had successfully used his AirPods Max to watch a movie.

The New York resident was dropped from the case entirely, while the Washington state resident may still proceed with two claims under Washington law and the federal Magnuson-Moss Warranty Act.

The AirPods Max condensation phenomenon is fairly well-known at this point. Condensation frequently forms where warm body heat meets the cooler aluminum ear cups. Owners began reporting condensation soon after the headphones launched in December 2020. By 2023, the issue was sometimes referred to as "condensation death" following reports that some headphones had stopped working due to the accumulation of liquid.

Whether the phenomenon is the direct cause of reported faults has never been firmly established. Many owners experience condensation build-up inside the cans with apparently no ill effects, and there haven't been waves of water-damaged units flooding the repair market. Apple's AirPods Max 2, launched in March this year, have the same ear cup design as the original model, and condensation has been reported in them as well.

The New York case is actually the second AirPods Max condensation class action to flounder. An earlier California case filed in February 2021 never reached the class-wide stage because the lead plaintiffs settled their individual claims with Apple and both parties moved to dismiss.

Notably, Apple has not conceded the headphones have an inherent defect in either case. In its California court filing, the company argued that moisture is more noticeable on AirPods Max simply because the ear cups are magnetic and removable, and pointed to its own guidance that the headphones "aren't waterproof or water resistant."Related Roundup: AirPods Max 2Tag: Apple LawsuitsBuyer's Guide: AirPods Max (Buy Now)Related Forum: AirPods
This article, "AirPods Max Condensation Lawsuit Largely Dismissed by NY Judge" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Maestral, the free lightweight open-source Dropbox client for Mac, has been retired, according to the project's maintainer, Sam Schott.


Over its seven-year life, Maestral has proven to be a popular client for users on platforms and file systems that are no longer directly supported by Dropbox. It has also been lauded for its simplicity, small app bundle size, and low memory usage compared to the official Dropbox app.

By cutting out Dropbox's client bloat, Maestral just runs silently in the background and syncs a local folder to Dropbox using the company's APIs. It also allows for configuring an unlimited number of Dropbox accounts, supports selective sync, and works on an unlimited number of devices – avoiding Dropbox's caps.

Schott, writing on the project's GitHub page:
Schott says Maestral will still remain usable in the medium term – i.e., for as long as its certificates are valid – but it will no longer be actively maintained or receive updates. Unless someone else forks the project and takes it over, unfortunately it will eventually stop working.Tag: Dropbox
This article, "Free Dropbox Client Maestral Will Eventually Stop Working" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple is reportedly working on a second-generation iPhone Air that's expected to launch in spring 2027, and one of Apple's main aims is to improve battery life. We now have the first rumor suggesting what kind of improvement could be coming.


In a post on Weibo listing supply chain predictions, serial leaker Digital Chat Station said the iPhone Air 2 is expected to feature a 3,500mAh battery. That's up from the 3,149mAh battery in the current iPhone Air, indicating around a 11% increase in raw capacity.

A larger battery capacity usually implies either a physically larger battery or a denser one, but it does not automatically mean a bigger phone. Apple may also be able to improve internal packaging to fit a larger battery in the same chassis. Either way, it's going to be another tight squeeze.

Multiple prior rumors have suggested Apple is adding a second camera to the ‌iPhone Air‌ to address the main customer complaint about the device. The current model has a single rear Wide lens, which makes it less versatile compared to the more affordable iPhone 17 in terms of photography. Reports suggest Apple will add an Ultra Wide lens to the iPhone Air 2 to address this.

Multiple technologies are housed in the plateau of the iPhone Air to maximize space for the battery, so Apple would presumably need to redesign the internals considerably to fit in another camera. Whether that will impact the battery packaging design remains to be seen.

The device will use an A20 chip built on Apple's new 2nm process, so it could feature better efficiency, which should help battery life regardless of any change in battery capacity. In addition, according to a separate report, Apple is said to be adopting a Samsung-made OLED technology called CoE (Color Filter on Encapsulation), which could make the iPhone Air 2's display thinner. That could allow Apple to slide in a slightly larger battery while retaining the same device dimensions.

The iPhone Air 2 is expected to launch in the first half of 2027, alongside the regular iPhone 18 and the lower-cost iPhone 18e. Related Roundup: iPhone AirTag: Digital Chat StationBuyer's Guide: iPhone Air (Neutral)
This article, "iPhone Air 2 Could Get an 11% Battery Capacity Boost" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
The Gentlemen ransomware underscores a challenge many CISOs face: stopping attackers after they gain an initial foothold. Researchers say the malware can spread across enterprise networks using legitimate Windows management tools while simultaneously attempting to weaken security and recovery systems.
A report from Picus Security shows the malware combines self-propagation with the abuse of trusted administrative tools and attempts to impair recovery systems before encryption begins. The report follows a technical analysis of the encryptor published by Microsoft Threat Intelligence in late May.
The Gentlemen is a ransomware-as-a-service operation written in Go and obfuscated with Garble. The group first emerged around mid-2025 as a closed operation and began offering its platform to affiliates in September 2025.
The Picus report focuses on a Windows-targeting encryptor, but other researchers have reported broader Gentlemen tooling aimed at Linux and VMware ESXi environments. The group has been observed in attacks on organizations in sectors including education, transportation, healthcare, and financial services across North America, South America, Europe, Africa, and Asia.
Its self-propagation capability is the most significant feature for enterprise defenders. When enabled, the malware can enumerate reachable systems, stage its binary through an SMB share, and attempt up to 21 remote execution operations against each target.
Those methods include PsExec, WMIC, scheduled tasks, Windows services, PowerShell remoting, and WMI process creation. The redundancy is intended to improve the chances that at least one method will succeed, allowing the malware to continue spreading through the network.
Before encryption, The Gentlemen attempts to weaken the victim environment by disabling Microsoft Defender, deleting shadow copies, and removing forensic artifacts. It also stops services linked to databases, backup tools, endpoint protection, and virtualization platforms, a tactic that can make recovery harder once encryption begins.
The encryptor uses a hybrid Curve25519 and XChaCha20 encryption scheme with unique keys for each file, Picus said. In the sample cited by Picus, encrypted files were appended with the .umc16h extension, though other researchers have observed different extensions in separate Gentlemen campaigns. The group also uses double extortion tactics, threatening to leak stolen data if victims do not pay.
Lateral movement and identity risks
Once attackers gain an initial foothold, compromised identities and excessive privileges often matter more than the malware itself, said Sakshi Grover, senior research manager for Cybersecurity Services Research at IDC Asia/Pacific.
“The Gentlemen reinforces a trend IDC has been observing across modern ransomware operations: attackers are increasingly exploiting trusted administrative tools, compromised identities, and excessive privileges rather than relying solely on sophisticated malware or zero-day exploits,” Grover said.
For CISOs, that means ransomware defense cannot be judged only by whether the initial compromise is blocked. Organizations also need to limit how far an attacker can move once inside the network.
Grover said security leaders should start with stronger controls around privileged accounts, including phishing-resistant MFA and tighter limits on who can access critical systems. Identity governance and network segmentation should then be used to reduce the number of paths an attacker can take once inside the environment.
Those controls should be tested through adversary emulation and attack path testing, rather than assumed to be effective because they exist on paper.
Backups and endpoint tools
The Gentlemen’s attempt to impair security and recovery tools highlights a common weakness in enterprise ransomware planning, according to analysts.
“Many organizations continue to equate deploying backup platforms or endpoint detection solutions with being ransomware resilient,” Grover said. “However, sophisticated ransomware increasingly targets these very capabilities before encryption begins.”
Grover added that CISOs should test whether recovery systems remain usable during an active compromise, including backups that are meant to be immutable and endpoint tools protected against tampering. Those exercises should also account for the possibility that Active Directory or key security management consoles may be unavailable.
The most dangerous assumption is that having backups is the same as being able to recover from ransomware, according to Devashri Datta, a cybersecurity researcher.
“If your backups live on the same flat network or depend on the same compromised Active Directory credentials, they are not a recovery asset; they are part of the attack surface,” she said.
Datta also pointed to over-reliance on endpoint detection and response tools. ESET researchers have linked The Gentlemen to a mature EDR-killer toolset, including variants that abuse vulnerable drivers to disrupt security software.
An operational resilience problem
The group’s model reflects the continued industrialization of ransomware-as-a-service, a framework that Datta said lowers the technical barrier for affiliates by pairing encryption with standardized evasion and propagation layers.
For CISOs, the question is not whether backup and endpoint tools are in place, but whether they still work after attackers have gained administrative access. Datta said organizations need to assess exposure across identity infrastructure, Active Directory, cloud services, and backup environments.
The priority, she said, is to reduce the paths available to attackers and prove, through regular resilience exercises, that the organization can contain an intrusion before it becomes a wider outage.
View the full article
At some point, every security leader gets asked a version of the same question: Are we good? It tends to arrive when something is at stake and the person asking needs to know they can rely on the answer.
I learned what that question really means at a firm I was with earlier in my career. We had received intelligence that threat actors were preparing to go after financial services firms over the holidays, counting on skeleton staffing and slower response times. We had procedures for exactly that kind of heightened alert, and we ran them. The moment that stayed with me came in a hallway. The head of business stopped me and asked, plainly, “Are we good?” He was not asking for a status report on our controls or a walkthrough of our incident response plan. He wanted a seasoned leader to look at him and say, with conviction, that we were good.
That instinct, the need for someone accountable enough to say “we’re good” and mean it, sits at the center of a debate the cybersecurity industry keeps having: Whether the CISO role has become unsustainable. The list of responsibilities continues to grow. Security leaders are expected to oversee cyber resilience, regulatory compliance, third-party risk, business continuity, AI governance, incident response and an ever-more-complex threat landscape. Boards, regulators, customers and investors simultaneously demand greater visibility into cyber risk than ever before.
The conclusion many people draw from this expansion is that the traditional CISO role can no longer work. If no single person can realistically master every domain that falls under modern cybersecurity, perhaps the role itself has become obsolete.
I believe the opposite is true. The modern CISO is disappearing from one version of itself and re-emerging as something larger. It is undergoing the same evolution the CFO role experienced over the last two decades.
Historically, CFOs were viewed primarily as financial operators. Their responsibilities centered on accounting, reporting, controls, audits and budgeting. As businesses grew larger, more global, more regulated and more dependent on technology, that model changed. The CFO evolved from a finance specialist into a strategic executive responsible for shaping enterprise-wide decisions. McKinsey documented this shift, finding that the number of functions reporting to CFOs had expanded significantly, and that business leaders had come to see them as critical drivers of change across the enterprise, not just stewards of the balance sheet.
Nobody looked at that expanding mandate and concluded the CFO role was becoming irrelevant. They recognized that finance had become more important to the business.
The same thing is happening in cybersecurity. For years, security was treated as a technical discipline operating on the periphery of the organization. Today, a significant cyber incident can halt operations, disrupt revenue, trigger regulatory scrutiny, damage customer trust and move markets. Cyber risk has become business risk, and that shift fundamentally changes what a CISO is for. Security leaders increasingly sit on enterprise risk committees alongside their peers, and regulators are paying far closer attention to how security is built into the design of products and systems from the outset. Both are signs that security has moved from a back-office function into the room where business risk gets decided.
The data reflects how much the role has already changed. According to Splunk’s 2026 CISO Report, nearly all CISOs now count AI governance and risk management among their core responsibilities. Seventy-eight percent report personal liability concerns tied to security incidents, up from 56% just a year ago. The role now carries individual legal exposure alongside operational accountability. That is a description of an executive function, full stop.
Modern security leaders are now expected to help boards understand risk, participate in strategic planning, navigate regulatory obligations, oversee resilience programs and establish governance around emerging technologies like artificial intelligence. These responsibilities extend well beyond traditional security operations, and the job has grown considerably faster than the organizational structures supporting it.
Some companies have responded by building larger, more specialized security leadership teams. Microsoft’s Secure Future Initiative is the most prominent example. The company established a Cybersecurity Governance Council led by a Global CISO, with over a dozen Deputy CISOs appointed across major security domains including engineering, AI, cloud services, gaming and government systems. It represents one of the largest security transformations in the industry, involving thousands of engineers and a governance structure built to coordinate security across a genuinely sprawling organization.
Some observers read structures like this as evidence that the traditional CISO model is breaking down. Look closer and you see the opposite. Microsoft expanded the organization supporting security leadership rather than dismantling it. Centralized accountability remains with a global CISO while execution is distributed across specialized leaders and teams.
This is exactly what mature executive functions look like at scale. Large enterprises do not eliminate CFOs when finance grows more complex. They add controllers, treasury leaders, FP&A organizations and investor relations teams. Complexity does not eliminate executive accountability. It deepens the need for it.
There is shared, organization-wide security: the SOC, vulnerability management and the other services the entire firm depends on. Then there is business-line security, led by deputy or business-unit CISOs whose job is to make sure their individual units are protected. Those embedded leaders drive requirements into the shared services and provide independent oversight of them, while staying close enough to their business to understand what it actually needs. One central executive owns the whole picture, with specialized leaders carrying it into every corner of the organization.
One structural point follows directly from this: The CISO should never report to the CTO. The person accountable for security should not sit underneath the person accountable for building and shipping technology, because those two mandates can pull in different directions. Security belongs under the COO, the CRO or the CEO, where it can speak to risk independently and be heard.
AI is accelerating this evolution further. Organizations are deploying autonomous systems capable of making recommendations, triggering workflows and acting at machine speed. What AI cannot do is own the decisions behind those actions. Someone still has to determine what can be delegated to machines, establish governance frameworks, define acceptable risk and answer for those choices to regulators, boards and shareholders. In most organizations, that someone is the CISO.
The most practical place to start is a simple principle: every AI action should trace back to an accountable human. Framed that way, we are not delegating decisions to AI at all. We are putting machines to work while keeping a person answerable for what they do. That principle forces accountability to live somewhere specific in the organization rather than dissolving into the system.
This is worth sitting with: AI may strengthen the case for executive security leadership rather than weaken it. For years, CISOs governed human behavior inside organizations. Now they govern human and machine behavior simultaneously, a mandate with no obvious ceiling.
The cybersecurity industry keeps asking whether the CISO role can survive the demands being placed on it. The better question is whether organizations are adapting their leadership structures fast enough to support where the role is already heading.
The future of security leadership is unlikely to be a loose collection of specialists operating without clear ownership. It will more closely resemble other mature executive functions, with specialized leaders operating under a single accountable executive who understands how risk connects to the business as a whole. As cyber risk becomes inseparable from business risk, that executive becomes indispensable.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
Introduction
Modern enterprise software development has evolved into a hyper-complex ecosystem where relying on a fragmented array of decoupled tools—like GitHub, Jenkins, Terraform, and Kubernetes—frequently leaves engineering executives blind to actual delivery maturity, systemic security vulnerabilities, and deployment bottlenecks. To bridge this gap, forward-thinking organizations are adopting a dedicated Software Delivery Governance Platform like SCMGalaxy OS, which acts as an overarching orchestration layer that moves beyond simple tool execution to continuously assess engineering processes, enforce automated compliance guardrails, and provide structured, metrics-driven pathways toward true operational excellence.
Featured Snippet
What Is a Software Delivery Governance Platform?
A Software Delivery Governance Platform is an enterprise management solution that unifies visibility, compliance, and performance tracking across the entire software development lifecycle. It continuously evaluates engineering teams against maturity frameworks, enforces process compliance, balances velocity with security metrics, and provides automated, actionable roadmaps to optimize delivery efficiency and reduce systemic risk.
Understanding Software Delivery Governance
What Is Software Delivery Governance?
Software delivery governance is the structured framework of rules, metrics, operational standards, and compliance mechanisms that oversee how software is built, secured, verified, and deployed. It transforms software delivery from an ad-hoc engineering activity into a predictable, auditable business process.
Why Modern Enterprises Need Governance
As software architectures shift toward microservices and decentralized engineering teams, standardizing practices across an organization becomes incredibly difficult. Without explicit governance, teams create bespoke deployment methods, bypass security checks to meet deadlines, and introduce fragmented configurations that complicate maintenance. Governance ensures alignment without micromanagement by embedding automated guardrails into the software delivery pipeline.
Tool Usage vs. Process Maturity
Many IT leaders mistake an extensive toolchain for a mature DevOps practice. An engineering team might use advanced continuous integration pipelines, yet lack automated quality gates, clear rollback strategies, or standard vulnerability scanning. True delivery governance evaluates how effectively these tools are integrated into a cohesive, repeatable process.
Tool AdoptionDelivery GovernanceFocuses on installing and configuring specific software platforms.Focuses on measuring process compliance, efficiency, and quality outcomes.Measures success by tool uptime and user adoption rates.Measures success by lead time, deployment frequency, MTTR, and change failure rates.Creates fragmented workflows tailored to individual team preferences.Standardizes architectural and delivery patterns across the enterprise.Delivers localized automation without systemic visibility.Provides comprehensive executive dashboards to analyze organizational health. Special Enterprise Education Framework
In Simple Terms
Think of tool adoption as buying a fleet of high-performance sports cars. Software delivery governance is building the highway system, setting the traffic laws, installing speed cameras, and training the drivers to ensure everyone reaches their destination safely without crashing.
Enterprise Example
A global retail bank utilized Jenkins across fifty separate application development teams. However, because there was no centralized governance, every team wrote their own deployment scripts. Three teams accidentally exposed internal API credentials in their production build files, triggering a severe security audit. By implementing a unified governance platform, the bank enforced standardized, immutable pipeline templates that completely eliminated manual, non-compliant configurations.
Why It Matters
Unregulated software delivery leads directly to production downtime, compliance violations, and inflated operational costs. Proper governance protects brand reputation while eliminating friction for developers, turning delivery speed into a reliable competitive advantage.
Key Takeaways
Tools provide execution capability, but governance guarantees process reliability. Centralized frameworks prevent fragmented configurations across disparate engineering groups. Automated guardrails enable faster delivery by removing manual validation bottlenecks. Understanding Engineering Maturity
What Is a Maturity Assessment?
An engineering maturity assessment is an objective evaluation of an organization’s software development capabilities, culture, and technical execution. It compares current engineering behaviors against recognized industry benchmarks—such as DORA (DevOps Research and Assessment) metrics—to pinpoint systemic gaps.
Why Maturity Measurement Matters
You cannot optimize what you do not measure. Without a structured assessment framework, engineering leaders prioritize initiatives based on anecdotal feedback or the latest industry trends rather than addressing actual architectural constraints. Continuous maturity tracking provides clear, data-driven justification for platform engineering investments.
Characteristics of High-Maturity Engineering Teams
High-maturity teams consistently demonstrate predictable delivery cycles. They rely on trunk-based development, boast fully automated testing suites that run within their pipelines, utilize blue-green or canary deployment patterns, and actively manage their systems using real-time observability dashboards.
Common Signs of Low Engineering Maturity
Conversely, low-maturity organizations exhibit clear anti-patterns. These include long lead times stretching over weeks, frequent manual intervention during production rollouts, critical vulnerabilities discovered late in the development lifecycle, and a high change failure rate requiring emergency rollbacks.
[Low Maturity: Manual Steps / Siloed Teams] │ ▼ (Implement Automated Guardrails & Tracing) [Medium Maturity: Standardized CI/CD / Scheduled Releases] │ ▼ (Introduce Predictive Analytics & AI Governance) [High Maturity: Continuous Delivery / Autonomous Governance] Special Enterprise Education Framework
In Simple Terms
An engineering maturity assessment is a comprehensive health checkup for your software delivery organization. It uncovers underlying operational problems before they manifest as critical system failures or delayed product launches.
Enterprise Example
An insurance firm struggled with consistent delays in its quarterly software releases. An engineering maturity assessment revealed that while their writing of code was fast, their testing phase relied heavily on manual verification, creating a massive logjam. This objective data allowed the VP of Engineering to pivot resources toward building automated regression testing frameworks.
Why It Matters
Understanding maturity prevents organizations from wasting capital on unnecessary infrastructure. It ensures that transformation budgets are precisely directed toward fixing the exact processes hampering delivery velocity.
Key Takeaways
Objective assessments replace subjective opinions with verifiable data. High maturity directly correlates with lower production incident rates and faster feature delivery. Tracking maturity helps align engineering goals with broader business strategies. Software Delivery Maturity Assessment
What Is a Software Delivery Maturity Assessment?
This specialized evaluation analyzes the entire lifecycle of an application—from the initial code commit down to production monitoring—ensuring that every phase meets strict corporate standards for quality, security, and velocity.
Key Assessment Areas
Source Code Management
Evaluates code branching strategies, commit frequencies, pull request review cycles, and secret detection mechanisms within repositories.
Build Automation
Measures the speed, repeatability, and isolation of the compilation process, ensuring builds are immutable and clear of external environmental dependencies.
Deployment Automation
Analyzes how code transitions across staging, testing, and production environments without relying on manual steps or ad-hoc scripts.
Security Controls
Tracks the integration of static and dynamic security analysis tools directly within active development workflows.
Observability
Assesses the system’s ability to provide deep context into application health via structured logs, distributed traces, and granular metrics.
Reliability Engineering
Examines disaster recovery runbooks, automated scaling capabilities, chaos engineering experiments, and system resilience under heavy loads.
Governance Practices
Verifies auditability, compliance logging, and alignment with regulatory frameworks like SOC 2, ISO 27001, or HIPAA.
Special Enterprise Education Framework
In Simple Terms
This assessment verifies that every step an application takes on its way to your customers is completely secure, automated, documentable, and repeatable.
Enterprise Example
An e-commerce business implemented a delivery assessment framework across its core checkout services. The assessment discovered that although their build automation was highly mature, their deployment automation was flawed because staging environments did not accurately replicate production configurations. This mismatch caused frequent runtime errors during deployment windows.
Why It Matters
Evaluating the entire lifecycle prevents siloed optimization. It does little good to speed up code compilation if your deployment phase remains stuck in a complex web of manual approvals and environmental mismatches.
Key Takeaways
Governance platforms evaluate multiple interlinked engineering disciplines simultaneously. Continuous compliance checking ensures the delivery pipeline remains audit-ready at all times. Eliminating environment drifts reduces post-deployment production errors. DevOps Maturity Assessment
What Is DevOps Maturity?
DevOps maturity measures how deeply an enterprise has broken down traditional silos between software development and IT operations, replacing them with shared tooling, automated feedback loops, and collaborative workflows.
Collaboration and Culture
True DevOps maturity is rooted in organizational culture. It requires shared accountability for system stability, blameless post-mortems following production outdates, and a pervasive commitment to continuous experimentation.
Automation Adoption
Mature DevOps organizations minimize manual intervention across the operational spectrum. This includes treating infrastructure as code (IaC), automating patch management, and embedding self-healing scripts into the runtime environment.
Delivery Performance
Performance is tracked using core DORA metrics: deployment frequency, lead time for changes, time to restore service (MTTR), and change failure rate. High-maturity organizations consistently achieve elite performance levels across these indicators.
Continuous Improvement Practices
A mature DevOps practice leverages feedback from production environments to refine upstream development. Performance logs, user errors, and system bottlenecks are automatically funneled back into the product backlog for engineering review.
Special Enterprise Education Framework
In Simple Terms
DevOps maturity is about how well your development team (the people building features) and your operations team (the people keeping the systems running) operate as a single, coordinated unit using automation.
Enterprise Example
A logistics provider transitioned from a legacy architecture to a mature DevOps model. Previously, developers handed off code to an isolated operations team, resulting in multi-day deployment cycles. By introducing shared performance metrics and automated deployment pipelines, the combined team reduced their production release time from two weeks down to less than one hour.
Why It Matters
High DevOps maturity cuts down organizational friction, prevents finger-pointing during major system outages, and dramatically speeds up the delivery of customer-facing features.
Key Takeaways
DevOps maturity balances rapid code deployment with high system stability. Tracking core DORA metrics provides a transparent view of engineering velocity. Cultural alignment is just as critical as automated tooling for long-term success. CI/CD Maturity Assessment
Understanding CI/CD Maturity
Continuous Integration and Continuous Delivery (CI/CD) maturity examines the depth, speed, and safety of an organization’s automated pipelines. It tracks how efficiently code updates move from a developer’s local machine into active production.
Pipeline Standardization
Low-maturity organizations suffer from unique, snowflake pipelines maintained by individual teams. High maturity requires standardized, reusable pipeline blueprints managed by central platform engineering teams, ensuring uniform compliance policies.
Deployment Automation
This tracks the elimination of manual handoffs. Highly mature pipelines utilize advanced automated deployment strategies—such as progressive delivery or canary rollouts—to limit the blast radius of any faulty code updates.
Quality Gates
Mature pipelines enforce strict quality gates. Code commits must pass static analysis linting, unit test coverage minimums, and architectural compliance checks automatically before moving down the pipeline.
Release Frequency
While low-maturity groups cluster updates into high-risk, monthly releases, high-maturity teams push small, incremental changes multiple times per day, minimizing operational risk.
Low MaturityMedium MaturityHigh MaturityManual builds triggered via developer workstations.Scheduled nightly builds running on a shared server.Automated builds triggered instantly on code commit.Code testing performed manually by QA silos.Basic automated unit tests run inside the pipeline.Comprehensive unit, integration, and security tests.Production rollouts require manual server configuration.Automated scripts deploy code to static targets.Progressive delivery using automated canary gates.Zero automated rollbacks during deployment failures.Manual execution of rollback scripts required.Automated rollbacks triggered by metric deviations. Special Enterprise Education Framework
In Simple Terms
CI/CD maturity measures how clean, secure, and automated your software assembly line is. A mature line automatically tests and packages every part the moment it arrives, rejecting any defective components instantly.
Enterprise Example
A fintech enterprise updated its core transaction engine using a high-maturity CI/CD model. When a developer committed code containing a minor memory leak, the automated pipeline detected an anomaly during integrated performance testing, halted the staging rollout, and alerted the developer within ten minutes—preventing a catastrophic production outage.
Why It Matters
A mature CI/CD pipeline stops bad code from ever reaching production. It removes human error from the deployment equation, ensuring that applications are shipped uniformly every single time.
Key Takeaways
Reusable pipeline templates prevent configuration drift across diverse codebases. Automated quality gates enforce organizational standards without slowing down developers. Small, frequent updates drastically lower the blast radius of software bugs. Release Management Maturity Assessment
Release Governance
Release governance defines the policies, risk assessments, and compliance approvals required to authorize production deployments. It ensures clear alignment between engineering speed and enterprise risk tolerance.
Change Management
Legacy change management relies on long, manual review meetings (CABs). Mature release management replaces these meetings with automated change tracking, leveraging pipeline data to populate audit trails in real time.
Risk Reduction
This focuses on decoupled releases using feature flags and progressive rollouts. By separating code deployment from feature activation, organizations minimize systemic risk during major product updates.
Deployment Coordination
Large enterprises often need to orchestrate complex rollouts across multiple interdependent legacy platforms and modern cloud systems simultaneously. Mature release management automates this cross-team choreography.
Release Reliability Metrics
Tracking metrics like change failure rate, release slippage, and rollback duration helps organizations understand the operational predictability of their delivery processes.
Special Enterprise Education Framework
In Simple Terms
Release management governance is the digital traffic controller for your production environment. It verifies that every code update has passed its inspections, carries the right documentation, and enters production without disrupting existing traffic.
Enterprise Example
A healthcare applications provider used a governance platform to automate their change management process. Instead of convening a weekly 3-hour review board to manually approve release logs, the platform verified that all pipeline tests passed, compiled the compliance records, and automatically opened and approved the production change ticket.
Why It Matters
Automating release governance removes massive bureaucratic delays from the software lifecycle, transforming deployment windows from high-stress weekend marathons into non-events.
Key Takeaways
Separating code deployment from feature activation reduces operational risk. Automated change logs save hundreds of hours during enterprise compliance audits. Real-time risk scoring highlights problematic releases before they hit production. DevSecOps Maturity Assessment
Security Integration Across the SDLC
DevSecOps maturity evaluates how naturally security practices are woven throughout the entire software development lifecycle, ensuring that security is never treated as a final, superficial check.
Shift-Left Security
This practice moves security analysis directly into the developer’s early workspace. It includes scanning code for open-source vulnerabilities (SCA) and code quality issues (SAST) during local development and initial pull requests.
[Plan] ──> [Code + Local SAST] ──> [Build + SCA] ──> [Test + DAST] ──> [Govern & Deploy] ▲ ▲ ▲ └──────────────────────┴──────────────────┴─ (Automated Security Gates) Compliance Automation
Enterprises must continuously adhere to stringent regulatory standards. Mature DevSecOps replaces periodic manual audits with automated, continuous compliance scanning across all active configurations.
Secure Software Delivery
Ensures the absolute integrity of the software build pipeline itself. This involves validating container images, generating cryptographic Software Bills of Materials (SBOMs), and securing secrets within the environment.
Risk Governance
Tracks exposure levels across the company, prioritizing vulnerabilities based on real-world reachability and business impact rather than relying on generic severity scores.
Special Enterprise Education Framework
In Simple Terms
DevSecOps maturity means installing security inspection checkpoints at every station of your software assembly line, catching and correcting flaws the exact moment they appear.
Enterprise Example
An aviation software company embedded automated container scanning into their build pipelines. When an open-source library used in a service developed a critical exploit, the platform immediately flagged the vulnerability, blocked the build from moving forward, and provided the engineering team with the exact secure patch version required.
Why It Matters
Fixing a security vulnerability in production is incredibly expensive and highly risky. Shifting security checks left into early development cycles saves millions in remediation costs while protecting critical corporate data.
Key Takeaways
Continuous software supply chain validation protects against advanced third-party vulnerabilities. Automated compliance controls keep engineering practices aligned with evolving regulations. Reachability analysis helps developers focus on fixing high-priority, exposed security risks. Observability and SRE Maturity Assessment
What Is Observability Maturity?
Observability maturity evaluates an enterprise’s capability to understand the true internal state of its production applications based entirely on their external outputs, shifting operational models from reactive alerting to proactive system optimization.
Metrics, Logs, and Traces
Low-maturity teams look at basic infrastructure metrics like CPU usage in isolation. High-maturity groups correlate system metrics, structured application logs, and distributed traces to map user journeys across distributed environments.
Reliability Engineering Practices
Site Reliability Engineering (SRE) maturity measures how effectively an organization manages operational risk, automates incident response, runs chaos experiments, and architecturally designs for system resilience.
Incident Management
Tracks the lifecycle of operational incidents. Mature teams rely on automated alerting, dynamic runbooks, automated anomaly detection, and systematic post-mortems to continuously lower their Mean Time to Repair (MTTR).
Service Level Objectives (SLOs)
High-maturity teams align engineering priorities with user satisfaction by establishing strict Service Level Indicators (SLIs) and Service Level Objectives (SLOs), managing features against a predefined error budget.
Special Enterprise Education Framework
In Simple Terms
Observability and SRE maturity is like driving an advanced aircraft with a smart digital cockpit. Instead of waiting for an engine to fail completely, your instruments monitor deep internal performance trends, warning you of minor anomalies so you can adjust course early.
Enterprise Example
A streaming media service implemented advanced SRE telemetry. During a high-traffic live event, an automated observability system noticed an unusual latency spike in a microservice. Instead of waiting for an engineer to log in, the system dynamically scaled up the container cluster and rerouted traffic, maintaining a seamless experience for users.
Why It Matters
High observability and SRE maturity ensures that production systems scale predictably, minimize costly downtime, and provide deep data insights to optimize system performance.
Key Takeaways
Correlated telemetry speeds up root-cause analysis during major incidents. Error budgets provide an objective mechanism to balance feature speed with system stability. Blameless post-mortems convert operational failures into structural system improvements. Software Configuration Management Platform
Importance of Configuration Governance
Configuration governance ensures that all environment properties, application parameters, and systemic policies are managed uniformly through auditable code, preventing human error from destabilizing setups.
Managing Infrastructure Consistency
Using Tools like Terraform or Ansible requires rigorous governance. A Software Configuration Management platform ensures that no manual modifications occur directly within production infrastructure, enforcing a strict GitOps methodology.
Version Control Governance
Enforces administrative policies across code repositories, requiring multi-party pull request sign-offs, mandatory linear histories, and automated commit tracing back to authorized project tickets.
Auditability and Traceability
Maintains an immutable record of exactly who changed what, when, and why across both application source code and global infrastructure environments, simplifying regulatory audits.
Configuration Compliance
Continuously scans runtime configurations against security baselines, automatically alerting teams or remediating drifted parameters back to their authorized states.
Special Enterprise Education Framework
In Simple Terms
Configuration governance ensures that the underlying blueprints for your digital infrastructure are version-controlled, securely locked down, and completely protected against ad-hoc, manual modifications.
Enterprise Example
A global telecommunications provider suffered periodic outages caused by engineers making manual configuration tweaks directly on live staging servers. By adopting a strict configuration management framework, they locked down direct server access and mandated that every single environment update go through an approved Git repository, entirely eliminating undocumented system drift.
Why It Matters
Uncontrolled configuration drift is a major cause of mysterious production outages. Treating infrastructure strictly as versioned code guarantees complete system reproducibility across environments.
Key Takeaways
Enforcing GitOps principles removes manual human mistakes from infrastructure management. Granular change tracing ensures total transparency for internal and external auditors. Continuous configuration scanning prevents silent security degradations over time. AI Code Governance Platform
Rise of AI-Assisted Software Development
The integration of generative AI coding assistants has drastically accelerated code creation. However, this massive spike in raw code volume introduces a pressing need for automated governance frameworks to oversee AI-generated contributions.
Risks of Uncontrolled AI Code Generation
Without explicit governance, AI assistants can inadvertently introduce insecure design patterns, use outdated open-source packages, violate intellectual property licensing, and swell the technical debt profile of an application.
Governance Requirements for AI Usage
Enterprises must establish automated guardrails to verify that all AI-assisted code contributions are cleanly documented, pass rigorous static analysis, and comply with strict copyright standards.
Code Quality and Compliance Controls
An AI code governance platform automatically monitors the percentage of code generated via AI, tracks its subsequent refactoring rate, and applies stricter linting and testing requirements to AI-originated pull requests.
Future of AI Governance
As AI agents move from simple code completion to autonomous agentic software development, governance platforms will serve as the essential orchestrator—verifying agent access levels, validating code logic, and auditing all autonomous adjustments.
Traditional DevelopmentAI-Assisted Development GovernanceCode written solely by human engineers at a predictable, manageable speed.Code generated rapidly by AI agents, drastically increasing overall review volume.Code reviews focus primarily on human design and internal logic paths.Code reviews must strictly check for licensing defects and hidden security design flaws.Security risks are well-understood and tied directly to developer experience.Security risks can be weirdly unpredictable due to hallucinated dependencies.Compliance relies on manual peer reviews and traditional code checkups.Compliance requires fully automated validation engines to scale with generation volume. Special Enterprise Education Framework
In Simple Terms
AI code governance is like adding an automated quality inspector to check the work of an ultra-fast robotic worker on an assembly line, ensuring its high speed doesn’t compromise structural integrity or safety standards.
Enterprise Example
A software enterprise noticed a 40% jump in code commits after equipping developers with AI assistants. However, their security teams discovered that these assistants frequently suggested deprecated library methods. By deploying an AI code governance platform, the firm automatically blocked any AI pull requests that failed to meet their updated security architecture baselines.
Why It Matters
AI tools offer incredible software development velocity, but without clear governance, that speed can easily result in unsafe, non-compliant code reaching production environments.
Key Takeaways
High code generation speed requires highly automated validation systems. Licensing compliance checks prevent intellectual property liabilities from AI suggestions. Advanced analytics help track code churn and quality across AI-assisted repositories. How SCMGalaxy OS Works
SCMGalaxy OS serves as an enterprise Software Delivery Governance Platform, providing engineering leaders with a structured environment to assess, govern, and systematically optimize their engineering maturity.
[SCMGalaxy OS Core Engine] ├── 1. Data Ingestion (GitHub, Jira, Jenkins, Telemetry) ├── 2. Assessment Framework (DevOps, DevSecOps, SRE, AI) ├── 3. Scoring & Risk Identification Engine └── 4. Dynamic Dashboards ──> Generates 30/90/180-Day Roadmaps Assessment Framework
The platform connects with an organization’s existing software toolchain, pulling clean metadata across repositories, pipelines, issue trackers, and cloud environments to assess capabilities without disrupting daily workflows.
Maturity Scoring Engine
SCMGalaxy OS normalizes this data against proprietary maturity scoring algorithms, outputting clear, cross-discipline maturity scores across SCM, CI/CD, security, and site reliability engineering.
Risk Identification
The engine automatically surfaces hidden process risks—such as long code review times, missing security gates, undocumented environment variations, and high pipeline failure rates.
Recommendations and Insights
Beyond displaying raw graphs, the platform delivers contextual, actionable recommendations, highlighting the exact structural changes needed to remove delivery friction.
Governance Dashboards
Provides real-time dashboards customized for specific roles—giving CTOs high-level maturity roadmaps while providing engineering managers with granular pipeline health analytics.
Transformation Roadmaps
SCMGalaxy OS converts assessment data into clear, phased improvement pathways:
30-Day Roadmap
Focuses on fixing immediate, high-severity operational issues—such as securing exposed access parameters, establishing basic unit test gates, and patching critical security flaws.
90-Day Roadmap
Expands toward process standardization—including rolling out uniform pipeline templates, automating change tracking, and setting up initial SLO metrics.
180-Day Roadmap
Drives advanced optimization initiatives—such as launching progressive canary delivery models, running chaos engineering experiments, and deploying automated AI code governance frameworks.
Benefits of SCMGalaxy OS
Visibility Into Engineering Health
Eliminates operational blind spots by unifying engineering data into a single, reliable source of truth, allowing executives to objectively evaluate performance across all engineering departments.
Standardized Assessments
Replaces manual, inconsistent assessment methods with fully automated evaluations, ensuring all engineering groups are tracked against the exact same high standards.
Better Governance
Enforces compliance requirements directly within development workflows, completely stopping non-compliant code changes from reaching live production environments.
Reduced Delivery Risk
Highlights delivery bottlenecks and architectural issues early, helping organizations lower their change failure rates and prevent production regressions.
Improved Reliability
Guides engineering teams to build deeply resilient systems by helping them systematically implement advanced SRE principles and robust observability telemetry.
Stronger Security Posture
Shifts security compliance directly into active pipelines, allowing organizations to maintain an audit-ready security profile without slowing down daily features.
Executive Decision Support
Provides tech executives with the objective data required to prioritize engineering investments, optimize resource allocation, and validate digital transformation outcomes.
Real-World Enterprise Scenarios
Enterprise DevOps Transformation
Challenge: A retail giant had highly siloed development and operations teams, resulting in high change failure rates and slow feature rollouts. Assessment Findings: Deep pipeline variances across teams, a complete lack of automated testing, and zero standard DORA metrics tracking. Recommendations: Centralize pipeline blueprints and enforce automated integration test gates within SCMGalaxy OS. Expected Outcomes: Cut deployment lead times by 50% while lowering the change failure rate below 10%. Platform Engineering Assessment
Challenge: An enterprise platform group lacked any clear metrics to judge the internal adoption and effectiveness of their cloud infrastructure templates. Assessment Findings: Massive configuration drift across cloud environments due to teams making manual, undocumented changes. Recommendations: Implement a strict GitOps deployment model and set up automated configuration scanning. Expected Outcomes: Eliminate infrastructure drift across staging and production, saving thousands in operational cleanup. Multi-Team Governance Initiative
Challenge: A software company struggled with inconsistent code quality and varying delivery metrics across ten newly acquired engineering groups. Assessment Findings: Drastically different branching methodologies and wildly inconsistent code verification standards. Recommendations: Deploy SCMGalaxy OS governance dashboards to establish baseline metrics and enforce uniform code review gates. Expected Outcomes: Achieve uniform compliance and release predictability across all business units within 90 days. Security Modernization Program
Challenge: A healthcare technology provider needed to modernize its security verification processes to comply with strict update regulations. Assessment Findings: Security scans were only run right before major releases, creating huge remediation delays. Recommendations: Shift security scans directly into the early CI build phase via SCMGalaxy OS quality gates. Expected Outcomes: Reduce vulnerability remediation times by 70% while maintaining an audit-ready regulatory posture. AI Development Governance Rollout
Challenge: An insurance provider wanted to accelerate development with AI tools but faced major concerns regarding intellectual property leaks and unstable code patterns. Assessment Findings: AI code was entering repositories without distinct tracking, leading to high code churn rates. Recommendations: Set up automated AI code attribution tracking and apply stricter automated verification gates on AI commits. Expected Outcomes: Safely harness AI generation speed while guaranteeing full licensing and quality compliance. Common Software Delivery Governance Challenges
Tool Sprawl
The uncontrolled addition of independent software tools leads directly to fragmented data silos, making it incredibly difficult to form a cohesive view of delivery performance.
Solution: Use a governance platform to pull data from all existing systems into a centralized analytics engine. Lack of Standardization
When individual development groups build unique delivery processes, maintaining organizational compliance and predictable software quality becomes nearly impossible.
Solution: Mandate centralized, reusable pipeline templates managed by a core platform engineering team. Poor Visibility
Without clean, unified metrics dashboards, technology leaders are forced to make strategic decisions based on guesswork rather than objective operational data.
Solution: Deploy real-time governance scorecards that continuously aggregate engineering health data. Inconsistent Processes
Teams utilizing variable branching methodologies and subjective code review standards introduce unpredictable risks during release windows.
Solution: Enforce automated branching and review policies directly within your source control platforms. Weak Security Controls
Treating security checks as an afterthought at the end of a long release cycle inevitably delays code rollouts and increases vulnerability exposure.
Solution: Integrate automated security scans directly into early continuous integration workflows. Absence of Measurement Frameworks
Without an established framework to evaluate maturity, engineering organizations struggle to track progress or identify exactly where optimizations are required.
Solution: Adopt an industry-standard maturity model to measure and guide engineering initiatives. Common Mistakes Organizations Make
Measuring Tools Instead of Outcomes: Tracking tool license usage or simple commit volumes rather than business-impacting metrics like lead time, stability, and customer satisfaction. Ignoring Engineering Culture: Expecting automation to solve underlying cultural issues, such as a lack of shared accountability or fear of reporting system flaws. Assessing Once and Never Reassessing: Treating maturity evaluation as a single, annual check box rather than an ongoing, continuous operational measurement process. Treating Governance as Compliance Only: Viewing governance purely as bureaucratic oversight rather than a mechanism to empower developers to ship code safely. Lack of Executive Sponsorship: Attempting to transform deep engineering practices without the explicit backing and strategic alignment of executive leadership. Governance Improvement Checklist
Do all engineering teams track their core DORA metrics automatically in real time? Are deployment pipelines built from centralized, standardized templates? Are security checks run automatically on every code commit? Is change management documentation populated automatically via pipeline data? Do engineering teams operate with defined, measurable SLOs and error budgets? Building a Software Delivery Transformation Roadmap
[1. Assessment Phase] ──> [2. Prioritization] ──> [3. Execution] ──> [4. Optimization] ──> [5. Continuous Evaluation] 1. Assessment Phase
Begin by connecting your delivery applications to baseline current practices across all engineering groups, uncovering immediate bottlenecks and hidden structural risks.
2. Prioritization Phase
Analyze your baseline metrics to identify high-impact, achievable improvements—focusing first on critical security gaps and manual deployment bottlenecks.
3. Execution Phase
Roll out targeted technical improvements, such as introducing standardized pipeline blueprints, automating test gates, and removing manual approval steps.
4. Optimization Phase
Introduce advanced operational practices once foundations are stable—including progressive delivery rollouts, deeper telemetry correlation, and initial AI governance layers.
5. Continuous Improvement Phase
Establish a culture of ongoing engineering evaluation, continuously analyzing live delivery data to refine your architectural standards and governance guardrails.
Future of Software Delivery Governance
AI-Powered Governance
Governance platforms will soon leverage advanced predictive analytics to analyze code changes and historical pipeline metrics to forecast release risks before execution.
Platform Engineering Governance
As platform engineering matures, governance tools will serve as the essential control layer, ensuring internal developer platforms deliver speed without compromising compliance.
Autonomous Delivery Pipelines
Future pipelines will autonomously adapt their deployment pathways based on real-time risk scores—skipping manual gates for low-risk changes while stepping up testing for highly complex updates.
Engineering Intelligence Platforms
Software governance is shifting toward comprehensive intelligence systems, combining operational metrics with business outcomes to map the true ROI of engineering initiatives.
Continuous Maturity Measurement
Static annual maturity audits are being phased out by continuous, real-time tracking engines that reflect the true state of an organization’s engineering maturity at any moment.
Governance-Driven Transformation
Enterprise transformations will increasingly rely on data-driven governance models, utilizing automated platforms to guide, measure, and scale organizational changes safely.
Why Organizations Choose SCMGalaxy OS
SCMGalaxy OS provides the comprehensive architecture modern enterprises need to move beyond simple tool tracking and establish true software delivery governance. By seamlessly combining cross-discipline assessments, automated risk identification, and actionable roadmaps, the platform empowers technology leaders to optimize delivery speed, enforce rigorous security, and drive measurable engineering maturity at scale.
FAQ Section
1. What is a Software Delivery Governance Platform?
It is a centralized enterprise system that tracks performance, ensures compliance, and measures engineering maturity across the entire software development lifecycle, transforming delivery into a predictable business process.
2. Why do organizations need maturity assessments?
Maturity assessments replace subjective guesswork with clear, objective data, allowing engineering leaders to locate operational bottlenecks and ensure transformation investments match true system constraints.
3. What is DevOps Maturity Assessment?
It evaluates how effectively an enterprise has eliminated traditional silos between its development and operations teams, tracking cultural collaboration, automation adoption, and core DORA metrics.
4. How does CI/CD Maturity Assessment work?
It analyzes the speed, automation depth, and safety of deployment pipelines, checking for standardized templates, automated quality gates, and progressive rollout capabilities.
5. What is DevSecOps Maturity Assessment?
It tracks the natural integration of security practices throughout the entire development cycle, ensuring code analysis, container checks, and compliance scanning happen automatically and early.
6. Why is observability maturity important?
Observability maturity shifts operations from reactive alerts to proactive optimization, allowing teams to correlate metrics, logs, and traces to solve production problems before they disrupt users.
7. What is AI Code Governance?
It is an automated framework designed to manage the quality, security, and licensing compliance of code written by generative AI assistants, preventing technical debt and copyright issues.
8. How does SCMGalaxy OS generate maturity scores?
The platform integrates directly with your existing developer toolchain, analyzing lifecycle metadata against standardized algorithms to produce objective maturity metrics across engineering fields.
9. What are 30/90/180-day transformation roadmaps?
They are phased, data-driven improvement pathways generated by SCMGalaxy OS that prioritize fixing critical technical flaws first before scaling up to advanced automation and continuous optimization.
10. Who should use SCMGalaxy OS?
It is designed for technology executives—including CTOs, CIOs, VPs of Engineering, Platform Architects, and Security Leaders—looking to govern, analyze, and scale engineering performance across an enterprise.
Final Summary
Achieving software delivery excellence requires moving past simple tool adoption and embracing objective, automated governance. A modern software delivery lifecycle demands deep, data-driven coordination across multiple disciplines—including DevOps collaboration, standardized CI/CD pipelines, automated DevSecOps gates, robust SRE observability, and comprehensive AI code governance frameworks. SCMGalaxy OS gives technology leaders the exact architectural visibility and framework engine needed to transform chaotic development processes into structured, high-performing delivery ecosystems. By continuously tracking engineering maturity metrics and converting those insights into actionable roadmaps, the platform ensures your enterprise scales its delivery speed safely, securely, and predictably. Take control of your software delivery lifecycle today. Explore SCMGalaxy OS to baseline your engineering maturity, implement automated guardrails, and build a reliable, high-performance software transformation roadmap for your enterprise.
View the full article
Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday. "An attacker can exploit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification processView the full article
BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below - CVE-2026-40138 (CVSS score: 9.2) - A pre-authentication vulnerability exists in theView the full article
Most software composition analysis tools read what developers declare. Insignary Clarity’s patented binary-first platform analyzes what is actually built, shipped, and deployed — including the open-source components that never appear in any manifest.
Insignary, Inc., whose patented binary fingerprint technology has been cited in four Gartner research reports, today announced its recognition as a Sample Vendor for Reachability Analysis in the Gartner Hype Cycle for Secure Software Engineering, 2026.
According to Gartner: “Open-source and third-party components may contain a long list of vulnerabilities, but not all of them directly impact your code base. Reachability analysis helps in triaging the vulnerabilities based on their exploitability.”*1
The urgency is clear across independent industry research. A 2024 Venafi survey of 800 security decision-makers across the U.S., U.K., Germany, and France found that 92% are concerned about AI-generated code, and 63% have considered banning it outright over security risk.*2 The U.S. National Vulnerability Database recorded more than 48,000 CVEs in 2025 — roughly 130 every day.
AI coding assistants are accelerating the growth of unmanaged open-source dependencies. As organizations adopt these tools at scale, they face a widening challenge: understanding which open-source components enter production software, whether those components can be trusted, and how the resulting security and compliance risks are managed.
The problem is structural. Most SCA tools read what developers declare — not what actually runs. AI-generated code, vendor libraries, and third-party binaries frequently bypass package managers and never appear in a manifest.
“SBOMs are increasingly becoming a regulatory requirement around the world. However, software transparency is only as reliable as the accuracy of an SBOM itself. You cannot verify an SBOM by reading the manifest that created it. You verify an SBOM by examining the software that was actually built, shipped, and deployed. As software supply-chain regulations increasingly depend on SBOMs, the ability to validate software at the binary level becomes essential for organizations operating in regulated industries, critical infrastructure, and AI-enabled software environments.” — Taek Wan Kim, President & CEO, Insignary
INSIGNARY CLARITY: BINARY-FIRST. AI-AWARE.
Insignary Clarity scans both source and binary to build a complete Software Bill of Materials (SBOM) for the applications teams build, the third-party components they incorporate, and the IT infrastructure that bypasses the traditional secure development lifecycle.
Key capabilities include:
Binary SCA — identifies open-source components, vulnerabilities, and license obligations directly from compiled binaries, without requiring source code or package manifests AIBOM Generation — produces an AI Bill of Materials for software containing AI-generated or AI-assisted code, covering components that bypass traditional dependency declarations Reachability Analysis — determines which disclosed vulnerabilities actually reach executable code paths, enabling risk-based prioritization rather than raw CVE-count triage Continuous Vulnerability Alerting — monitors stored SBOMs against updated vulnerability databases and delivers automated alerts when newly disclosed CVEs match deployed components, without requiring a rescan “An SBOM is foundational to managing the complexity and securability of modern software deployments.”*3
RECOGNITION IN FOUR GARTNER REPORTS
Insignary has been cited in four Gartner research reports*, Gartner Hype Cycle for Secure Software Engineering,2026, Gartner Hype Cycle for Application Security,2025, Gartner Scale Application Security With AI-Augmented Vulnerability Remediation,2025, and Gartner 3 Steps for Assessing an Open-Source Software Project, 2025.
SUPPORTING GLOBAL SOFTWARE SUPPLY CHAIN REQUIREMENTS
Insignary Clarity supports organisations meeting software supply-chain security requirements across North America and globally:
U.S. Executive Order 14028 and OMB Memorandum M-26-05 — federal agencies may now independently verify vendor SBOMs rather than accepting a standard attestation form, raising the bar for all software sold into the U.S. government FDA Section 524B — every connected medical device premarket submission must include a binary-verified SBOM covering all compiled software components Canada’s Bill C-8 Critical Cyber Systems Protection Act (CCSPA), effective June 2026 — mandatory supply chain risk management for banking, telecommunications, energy, and transportation operators Additional frameworks: CISA and NSA SBOM guidance, NIST SSDF, Australia’s Information Security Manual (ISM), U.S. Connected Vehicle Rule, EU Cyber Resilience Act.
TRUSTED BY GOVERNMENTS AND GLOBAL ENTERPRISES
Globally, BearingPoint — one of Europe’s leading management and technology consulting firms and a strategic investor in Insignary — serves as the company’s exclusive distributor across Europe. Cybertrust Japan, another strategic investor, and its reselling partner TechMatrix drive adoption across Japanese manufacturing under a joint SBOM initiative. Customers include government organizations and global leaders across the electronics, defense, financial services, automotive, manufacturing, medical, and other technology sectors.
GARTNER and Hype Cycle are trademarks of Gartner, Inc. and/or its affiliates. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
ABOUT INSIGNARY
Insignary Inc. is a Toronto-based cybersecurity company specializing in binary composition analysis and software supply chain security. Its patented technology enables organizations to identify open-source software components, vulnerabilities, and software provenance directly from compiled binaries without requiring access to source code.
The company’s flagship platform, Insignary Clarity, provides binary analysis and software composition analysis capabilities that enable organizations to verify the contents of deployed software and strengthen software supply chain governance. Insignary Clarity AIR extends this capability to the AI domain by helping organizations identify, assess, and manage risks associated with AI models, AI-generated software, and AI-driven development environments.
The company serves enterprises, governments, and software vendors worldwide and is supported by strategic investors and partners including BearingPoint in Europe, Cybertrust Japan and TechMatrix in Japan, and TMA Solutions. Through its global partner ecosystem, Insignary supports software supply chain security initiatives across North America, Europe, and Asia.
Website: https://insignary.com/
Full report: Gartner Hype Cycle for Secure Software Engineering, 2026
References:
Gartner, Hype Cycle for Secure Software Engineering 2026 Venafi, “Machine Identity Management Development Survey,” 2024 Gartner, “Emerging Tech: A Software Bill of Materials Is Critical to Software Supply Chain Management.” Contact
Principal Solutions Architect
Jessica DY Lee
Insignary
[email protected]
View the full article
In a test of major LLMs, Zscaler found that some autonomous AI agents fell victim to frauds, reinforcing how easily some high-end enterprise agents can be conned by schemes that would fool few, if any, humans.
The security vendor looked at various forms of indirect prompt injection (IPI) traps and found that, whereas many models fell victim to the schemes, some of the lower-level LLMs fared better than their pricier siblings. 
The Zscaler testing found, for example, that four models were found to be “vulnerable”: Llama3-3-70b-instruct; Llama3-2-90b-instruct; Gemini-3-flash; and Gemini-2.5-pro. Three models were found to be “safe”: Llama4-maverick; Gemini-3.1-pro; and Gemini-3.1-flash-lite. Those results indicated that the scam resistance of Gemini-2.5-pro was seemingly weaker than that of Gemini-3.1-flash-lite. 
But Noah Kenney, principal consultant at Digital 520, said that there is not necessarily any valuable takeaway from that revelation, because agents constantly change behavior as they feed on new data and revise their analyzed assumptions. That means an agent that failed a specific test might very well pass the identical test an hour later, he said. 
“The risk of an agent is constantly changing and that can cause vastly different results. You can’t assume the results are generalizable. The test result is only at one point in time,” Kenney pointed out. Zscaler “is trying to prove a point that I don’t think the data necessarily proves.”
Kenney added that having a clean “safe/vulnerable” classification is too simplistic to be useful. “That’s a binary classification. I would never recommend to a CISO to do a binary classification.”
The full ZScaler blog post argued that many autonomous agents are susceptible to IPI traps.
The company said it identified IPI embedded in multiple websites, where hidden instructions were designed to manipulate the behavior of an AI agent.
In its internal validation across 26 LLMs, 4 models “failed to take appropriate actions,” which, it said, demonstrated “measurable real-world impact, showing that susceptibility varies by model and by the context provided to the LLM alongside the prompt.”
The post added, “as AI agents become a more common interface to the web, the content itself is going to become a larger attack surface, highlighting that AI is a double-edged sword that can streamline workflows while also introducing new avenues for abuse.”
Aman Mahapatra, chief strategy officer for Tribeca Softtech, a New York City-based technology consulting firm, said that although the results are not surprising, they are significant. 
The especially worrisome detail in the report is that any commercial LLM failed at all, “because the security model for agentic AI has historically assumed that model-level safety training would meaningfully attenuate this class of attack,” Mahapatra said. “It does not, and the Zscaler data is the first widely-cited public evidence.”
A fundamental architecture issue
Mahapatra also said that the examples cited by Zscaler are not nearly as concerning as the implications of the greater damage that could occur.
“The Zscaler payment scam scenario, where an agent pays a fake $3 ‘developer license fee’ to obtain an API key, is the most benign version of this,” he said. “The same technique applied to an agent authorized for procurement, expense processing, vendor onboarding, or trade execution produces losses at completely different scales. I have watched Fortune 50 banks stand up agentic workflows in the last six months that would fail exactly this attack in a live examination.”
Indeed, he noted, most AI vendors already understand the magnitude of risk from today’s AI agents.
“Every model provider will admit privately that the fundamental architecture of transformer-based reasoning cannot cleanly separate untrusted content from trusted instructions when both share the context window,” Mahapatra said. “The attack surface is architectural, not just behavioral. That means the defense has to be architectural too, and this is where the enterprise agentic AI conversation is still lagging badly.”
Zscaler’s testing also reinforced the difference in how AI agents and humans process information.
“Humans are skeptical of instructions they did not expect. Agents are eager to follow structured metadata because their training rewards them for treating high-signal fields as authoritative. Humans notice when a payment request appears in the middle of an unrelated task. Agents will thread that payment request into their execution plan if the surrounding context frames it as procedurally necessary,” Mahapatra pointed out, noting that while humans have relationships with vendors, memories of prior interactions, and social context to give them verification signals, agents only have what is in the context window, and, he said, “the context window is now the primary attack surface.”
Fritz Jean-Louis, principal cybersecurity advisor at Info-Tech Research Group, agreed that the risks described in the ZScaler post are concerning, because they are in areas not traditionally addressed by enterprise security.
“These attacks differ from traditional threats in that they target how AI systems process, interpret, and act on information behind the scenes,” Jean-Louis said. “Agentic AI introduces new trust boundaries, including untrusted content influencing automated decision making, tools and plugins acting autonomously on behalf of users, and AI systems operating with broad, inherited permissions. This effectively transforms the challenge into an insider threat paradigm.”
This article originally appeared on InfoWorld.

View the full article
Some autonomous AI agents fell victim to frauds, reinforcing how easily some high-end enterprise agents can be conned by schemes that would fool few, if any, humans, Zscaler found in a test of major LLMs.
The security vendor looked at various forms of indirect prompt injection (IPI) traps and found that, whereas many models fell victim to the schemes, some of the lower-level LLMs fared better than their pricier siblings. 
The Zscaler testing found, for example, that four models were found to be “vulnerable”: Llama3-3-70b-instruct; Llama3-2-90b-instruct; Gemini-3-flash; and Gemini-2.5-pro. Three models were found to be “safe”: Llama4-maverick; Gemini-3.1-pro; and Gemini-3.1-flash-lite. Those results indicated that the scam resistance of Gemini-2.5-pro was seemingly weaker than that of Gemini-3.1-flash-lite. 
But Noah Kenney, principal consultant at Digital 520, said that there is not necessarily any valuable takeaway from that revelation, because agents constantly change behavior as they feed on new data and revise their analyzed assumptions. That means an agent that failed a specific test might very well pass the identical test an hour later, he said. 
“The risk of an agent is constantly changing and that can cause vastly different results. You can’t assume the results are generalizable. The test result is only at one point in time,” Kenney pointed out. Zscaler “is trying to prove a point that I don’t think the data necessarily proves.”
Kenney added that having a clean “safe/vulnerable” classification is too simplistic to be useful. “That’s a binary classification. I would never recommend to a CISO to do a binary classification.”
The full ZScaler blog post argued that many autonomous agents are susceptible to IPI traps.
The company said it identified IPI embedded in multiple websites, where hidden instructions were designed to manipulate the behavior of an AI agent.
In its internal validation across 26 LLMs, 4 models “failed to take appropriate actions,” which, it said, demonstrated “measurable real-world impact, showing that susceptibility varies by model and by the context provided to the LLM alongside the prompt.”
The post added, “as AI agents become a more common interface to the web, the content itself is going to become a larger attack surface, highlighting that AI is a double-edged sword that can streamline workflows while also introducing new avenues for abuse.”
Aman Mahapatra, chief strategy officer for Tribeca Softtech, a New York City-based technology consulting firm, said that although the results are not surprising, they are significant. 
The especially worrisome detail in the report is that any commercial LLM failed at all, “because the security model for agentic AI has historically assumed that model-level safety training would meaningfully attenuate this class of attack,” Mahapatra said. “It does not, and the Zscaler data is the first widely-cited public evidence.”
A fundamental architecture issue
Mahapatra also said that the examples cited by Zscaler are not nearly as concerning as the implications of the greater damage that could occur.
“The Zscaler payment scam scenario, where an agent pays a fake $3 ‘developer license fee’ to obtain an API key, is the most benign version of this,” he said. “The same technique applied to an agent authorized for procurement, expense processing, vendor onboarding, or trade execution produces losses at completely different scales. I have watched Fortune 50 banks stand up agentic workflows in the last six months that would fail exactly this attack in a live examination.”
Indeed, he noted, most AI vendors already understand the magnitude of risk from today’s AI agents.
“Every model provider will admit privately that the fundamental architecture of transformer-based reasoning cannot cleanly separate untrusted content from trusted instructions when both share the context window,” Mahapatra said. “The attack surface is architectural, not just behavioral. That means the defense has to be architectural too, and this is where the enterprise agentic AI conversation is still lagging badly.”
Zscaler’s testing also reinforced the difference in how AI agents and humans process information.
“Humans are skeptical of instructions they did not expect. Agents are eager to follow structured metadata because their training rewards them for treating high-signal fields as authoritative. Humans notice when a payment request appears in the middle of an unrelated task. Agents will thread that payment request into their execution plan if the surrounding context frames it as procedurally necessary,” Mahapatra pointed out, noting that while humans have relationships with vendors, memories of prior interactions, and social context to give them verification signals, agents only have what is in the context window, and, he said, “the context window is now the primary attack surface.”
Fritz Jean-Louis, principal cybersecurity advisor at Info-Tech Research Group, agreed that the risks described in the ZScaler post are concerning, because they are in areas not traditionally addressed by enterprise security.
“These attacks differ from traditional threats in that they target how AI systems process, interpret, and act on information behind the scenes,” Jean-Louis said. “Agentic AI introduces new trust boundaries, including untrusted content influencing automated decision making, tools and plugins acting autonomously on behalf of users, and AI systems operating with broad, inherited permissions. This effectively transforms the challenge into an insider threat paradigm.”
This article originally appeared on InfoWorld.

View the full article
Apple is continuing to refine iOS 27 ahead of its planned September launch, and the third beta includes several new features. Siri is more customizable, there's a fun new wallpaper action, and some useful improvements to Photos and Shortcuts.


Siri Voice

Beta 3 adds support for ‌Siri‌ voice customization on compatible devices. The customization option existed in prior betas, but it was not active. It's now usable, and you can customize the pace and expressivity of ‌Siri‌, with two base voice options available right now.


‌Siri‌ voice customization requires an iPhone 17 Pro or an iPhone Air because it uses on-device processing.

Live Recognition

In Accessibility, Apple added a new Live Recognition section. Live Recognition uses on-device intelligence to detect and describe things around you with the camera app. The feature is able to answer questions about what it sees, with an option to set a default question. There's also support for custom activities.


Reminders

The Reminders app has an updated icon with Liquid Glass to-do list bullets.


Photos

In the ‌Photos‌ section of the Settings app, there's a new Show Rating Controls toggle. It displays star ratings on photos and videos, and shows a rating badge on thumbnails.


Control Center

In Control Center, you can see details about your cellular connection even when connected to Wi-Fi. It shows signal strength and whether you're connected to LTE or 5G.


Shortcuts

You can now choose whether to open to the Describe a Shortcut interface or the manual Shortcuts editor when creating a new shortcut.


Wallpaper

When you swipe down into the notification center, a cutout of the subject of your wallpaper now appears first over the Home Screen or app you're using.



AirPods

The Adaptive setting on the AirPods has a slider that lets you select more transparency or more noise cancellation.


Home App

Apple clarified that Apple Intelligence features in the Home app will require a 2GB iCloud+ plan.

Maps

Apple added a tooltip to make it clearer that route preferences haven't been eliminated and can be accessed by tapping under the options interface when getting directions.


Lock Screen

The Control Center buttons on the Lock Screen now have black icons instead of white icons with some wallpaper.


5G in India

5G+ is now available in India on supported carriers. Related Roundups: iOS 27, iPadOS 27
This article, "Everything New in iOS 27 Beta 3" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Using Apple Intelligence camera features in the Home app will require an iCloud+ plan starting at 2TB, according to Apple. Apple shared the detail in its notes for the third macOS Golden Gate beta that was released today.


In iOS 27, iPadOS 27, and macOS 27 Golden Gate, the Home app is able to generate written summaries for motion alerts from HomeKit Secure Video cameras. It's also able to group footage from separate cameras for an overview of activity and pull out noteworthy recordings, plus it supports natural language search.

Apple said at WWDC that some ‌Apple Intelligence‌ features would require an ‌iCloud‌+ plan, but Apple didn't specify which tier users would need to subscribe to. For the Home features, users will need the 2TB ‌iCloud‌+ plan or better. The 2TB plan includes 2TB of ‌iCloud‌ storage and it costs $9.99 per month.

‌HomeKit Secure Video‌ cloud storage has always required a paid ‌iCloud‌ plan. The 50GB plan allows for one camera, while the 200GB plan supports up to five. The 2TB plan lets users add an unlimited number of ‌HomeKit Secure Video‌ cameras, and now it will also add the ‌Apple Intelligence‌ Home feature set. HomeKit video storage does not count against the storage limit of an ‌iCloud‌+ plan, so the full 2TB stays available for photos and other data.

More on what's new in the Home app in ‌iOS 27‌, ‌iPadOS 27‌, and macOS 27 can be found in our guide.Related Roundups: iOS 27, iPadOS 27Tag: Apple Intelligence
This article, "Apple Intelligence Home Features Require 2TB iCloud+ Plan in iOS 27" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
With watchOS 27 beta 3, Apple added support for Siri AI and the ‌Siri‌ app, so Apple Watch users can now use the features right from their wrist.


Apple said ‌Siri‌ AI would be coming to the watch back when ‌watchOS 27‌ was first introduced, but the feature wasn't live until now.

The Dynamic App Grid that pops up when the Digital Crown is pressed displays the ‌Siri‌ app in the center, and the smarter version of ‌Siri‌ is available to answer queries and complete requests.

‌Siri‌ AI on Apple Watch relies on a nearby Apple Intelligence- compatible iPhone for processing. Conversations in the ‌Siri‌ app on Apple Watch sync to the ‌Siri‌ app across all other devices like iPhone, iPad, and Mac.Related Roundups: Apple Watch 11, watchOS 26, watchOS 27Tag: SiriBuyer's Guide: Apple Watch (Caution)Related Forum: Apple Watch
This article, "Siri AI Comes to Apple Watch in watchOS 27 Beta 3" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
With the third beta of macOS 27, Apple added new Golden Gate-themed wallpaper options to the Mac.


There are new Golden Gate Sunset and Golden Gate Night options, both of which join the prior Golden Gate abstract wallpaper that Apple introduced with the initial beta.

Golden Gate Sunset and Golden Gate Night animate when unlocking the Mac, and can be set as a screen saver. When used as a screen saver, the Golden Gate Sunset wallpaper features waves breaking on the rocks near the Golden Gate Bridge. The Golden Gate Night wallpaper shows cars driving across the bridge.

With past updates, Apple has included several themed wallpaper options, so more Golden Gate wallpapers could be added in the future. macOS Golden Gate is limited to developers right now, but we are expecting a public beta soon.Related Roundup: macOS Golden Gate
This article, "macOS Golden Gate Gets New Wallpaper" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and government sectors, has been attributed to a threat cluster tracked by Check Point ResearchView the full article
Apple today provided developers with the third beta of macOS Golden Gate, with the update coming two weeks after Apple seeded the second beta.


Developers can download ‌macOS Golden Gate‌ by going to System Settings > General > Software Update. Beta Updates will need to be enabled, and a free developer account is required.

‌macOS Golden Gate‌ includes multiple design improvements. Liquid Glass opacity has been improved to increase readability, there's a slider for controlling the level of transparency, and changes to shadowing make it easier to tell when a window is active. Apps now have uniform toolbars, edge-to-edge sidebars, and less rounded corners, plus there are fewer icons in menu bars.

Siri has been transformed into ‌Siri‌ AI, a chatbot-style assistant that combines general world knowledge, your personal data, and onscreen awareness to answer questions about anything and find information for you. ‌Siri‌ lives in Spotlight, and you can ask questions with the new Search or Ask interface.

There's also a ‌Siri‌ app where you can chat with ‌Siri‌ and view past conversations, and on newer Macs, you can set a custom voice for ‌Siri‌ with personalized pace and expressivity. Visual Intelligence is now on the Mac so ‌Siri‌ can answer questions about what's on your screen, and a Write with ‌Siri‌ feature lets ‌Siri‌ generate text or give feedback on your writing.

There are AI photo editing tools in the Photos app, AI tab organization in Safari, an option to use AI to automatically update weak passwords in the Passwords app, and a revamped Image Playground app that can generate photorealistic images.

More on all of the new features in ‌macOS Golden Gate‌ can be found in our macOS Golden Gate roundup. ‌macOS Golden Gate‌ is limited to developers right now, but Apple plans to release a public beta soon.Related Roundup: macOS Golden Gate
This article, "macOS Golden Gate Beta 3 Now Available for Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today seeded the third betas of iOS 27 and iPadOS 27 to developers for testing purposes, with the update coming two weeks after Apple released the second betas.


Registered developers can download the betas from the Settings app on the iPhone or iPad by going to the General section and selecting Software Update.

‌iOS 27‌ introduces Apple's smarter version of Siri, ‌Siri‌ AI. ‌Siri‌ AI is a chatbot similar to ChatGPT, incorporating general world knowledge, personal data from apps like Messages and Mail, and onscreen awareness to answer questions and find information for you.

There are new Apple Intelligence features in apps like Photos, Safari, Shortcuts, Wallet, and Passwords, plus Apple added a standalone ‌Siri‌ app that houses ‌Siri‌ conversations. Write with ‌Siri‌ is available systemwide for generating text or offering feedback on your writing, and Visual Intelligence has been relocated to the Camera app with a new ‌Siri‌ mode.

Apple improved the look of Liquid Glass and added a slider for customizing transparency. There are multiple performance improvements to speed up iOS, so everything feels faster, even on older iPhones. Apps launch quicker, AirDrop transfers are faster, the keyboard pops up more quickly, and devices are better at transitioning between Wi-Fi and Cellular to keep you connected.

For more on what's new in ‌iOS 27‌, we have a dedicated iOS 27 roundup.Related Roundups: iOS 27, iPadOS 27
This article, "Apple Seeds Third iOS 27 and iPadOS 27 Betas to Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today provided developers with the third beta of an upcoming visionOS 27 update for testing purposes, with the beta coming two weeks after Apple released the second beta.


visionOS 27 can be installed by opening the Settings app, going to Software Updates, and opting into Beta Updates.

visionOS 27 introduces Siri AI, the smarter and more capable version of ‌Siri‌ that's similar in capability to chatbots like ChatGPT and Claude. On the Vision Pro, ‌Siri‌ can answer questions about anything the wearer is looking at, and there's a new ‌Siri‌ orb that can be placed anywhere in wearer's virtual space.

Panorama photos can be turned into spatial environments, and there's a new Icelandic Thórsmörk environment that features dramatic mountains, valleys, and glaciers, along with the northern lights. Web Environment support allows developers to create 360-degree environments in Safari for a more native Vision Pro browsing experience.

App windows are now curved to provide a more immersive workspace, and Control Center has been reorganized to make system controls easier to find. Apple added a smaller widget size, and notifications automatically expand when the wearer looks at them.

More on what's new in visionOS 27 is listed in our Vision Pro roundup.Related Roundup: Apple Vision ProBuyer's Guide: Vision Pro (Neutral)Related Forum: Apple Vision Pro
This article, "Apple Seeds Third visionOS 27 Beta to Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today seeded the third beta of watchOS 27 to developers, with the update coming two weeks after the launch of the second beta.


The beta can be downloaded through the Watch app on the iPhone with a free developer account. The Apple Watch will need to be on the charger, connected to Wi-Fi, and have a battery level of 50 percent or above for new software to be installed. The beta is available for all Apple Watch models compatible with ‌watchOS 27‌ except for the Apple Watch Ultra 3.

‌watchOS 27‌ will include Siri AI, the smarter, more capable version of ‌Siri‌. ‌Siri‌ can hold back-and-forth conversations, plus it has access to general world knowledge and your personal data to answer questions and find information. ‌Siri‌ AI on Apple Watch requires an iPhone that supports Apple Intelligence, including the iPhone 15 Pro and later.

There's a new Dynamic app grid that highlights ‌Siri‌ suggested apps, and more intuitive Smart Stack Suggestions. You can find your parked car, see pinned messages, get noise alerts, and view identity and transit cards.

Liquid Glass has been updated to improve legibility, and Workout Buddy works on the Apple Watch even when an iPhone isn't nearby. Workout Buddy also gains new metrics like progressive increases to distance, pace, or duration. Apple added a new all-in-one Find My app with support for Precision Finding, and there are performance optimizations that improve battery life.

More on what's new in ‌watchOS 27‌ is available in our watchOS 27 roundup.
Related Roundups: watchOS 26, watchOS 27Related Forum: Apple Watch
This article, "Apple Seeds watchOS 27 Beta 3 to Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today seeded the third beta of tvOS 27 to developers for testing purposes, with the update coming two weeks after Apple released the second beta.


The beta can be downloaded and installed through the Settings app on the Apple TV. A free developer account is required.

tvOS 27 has few new features compared to the other 27 software updates, but it does add a redesigned Podcasts app, options for larger text, and a more responsive Control Center.

AirPlaying to an ‌Apple TV‌ from another Apple device is faster, and apps and animations are smoother. You can also now see AppleCare coverage details in the Settings app.

More on the features in tvOS 27 can be found in our Apple TV roundup.Related Roundup: Apple TVBuyer's Guide: Apple TV (Don't Buy)Related Forum: Apple TV and Home Theater
This article, "Apple Seeds tvOS 27 Beta 3 to Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today provided the fourth beta of an upcoming macOS Tahoe 26.6 update to developers for testing purposes, with the update coming a week after Apple seeded the third beta.


Developers can download the ‌macOS Tahoe‌ 26.6 update by opening up the System Settings app, selecting the General category, and then choosing Software Update. Beta Updates will need to be enabled, and a free developer account is required.

With macOS Golden Gate launching in just a couple months, Apple is likely focusing most of its attention on the new software. We are not expecting any major new features in ‌macOS Tahoe‌ 26.6.Related Roundup: macOS TahoeRelated Forum: macOS Tahoe
This article, "Fourth macOS Tahoe 26.6 Beta Now Available for Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today seeded the fourth betas of upcoming iOS 26.6 and iPadOS 26.6 updates to developers for testing purposes, with the software coming a week after Apple seeded the third betas.


Registered developers can download the betas from the Settings app on the iPhone or iPad by going to the General section and selecting Software Update.

With iOS 27 set to launch in September, Apple is wrapping up work on iOS 26. We are not expecting any major new features in the iOS 26.6 update, and it will primarily focus on bug fixes and performance improvements.

The update adds new wording around blocked contact limits, letting users know when they have exceeded the maximum number of blocked contacts. The update might also include a new anti-snatching feature that locks your iPhone if it's grabbed from your hand.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "Apple Seeds Fourth iOS 26.6 and iPadOS 26.6 Betas to Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today provided developers with the fourth betas of upcoming watchOS 26.6, tvOS 26.6, and visionOS 26.6 betas for testing purposes. The software comes a week after Apple seeded the third betas.


The software updates are available through the Settings app on each device, and because these are developer betas, a free developer account is required.

There's no word on what's in the software as of yet. watchOS, tvOS, and visionOS often get few features in each new beta, with updates primarily focusing on bug fixes and performance improvements.Related Roundups: Apple TV, Apple Vision Pro, watchOS 26, watchOS 27Buyer's Guide: Apple TV (Don't Buy), Vision Pro (Neutral)Related Forums: Apple TV and Home Theater, Apple Vision Pro, Apple Watch
This article, "Apple Releases Fourth watchOS 26.6, tvOS 26.6 and visionOS 26.6 Betas" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
An iPhone 17 Pro Max in Cosmic Orange has been sealed inside a 250 year time capsule as part of America's Semiquincentennial celebrations, with the device not due to be seen again until the 23rd century.


America250, the congressionally appointed nonprofit leading the 250th anniversary celebrations, announced that "America's Time Capsule" was officially sealed and buried at Independence National Historical Park in Philadelphia on July 4, 2026, to be reopened in 2276.

The iPhone was included through America250's "America Innovates" initiative as a representative of the cutting edge of American innovation and technology in 2026, with the device showcasing advances in handheld computing, imaging, and connectivity that have transformed how people work, communicate, and create in the 21st century. The device contains "digital artifacts" in the Notes app, intended to give whoever opens the capsule in 2276 a small window into everyday life in 2026.

The capsule itself was built to give the iPhone and everything else inside it the best possible chance of surviving intact. Developed with the National Institute of Standards and Technology and preservation experts at the Library of Congress, it uses a 900 pound, precision milled stainless steel cylinder sealed with indium, a soft metal that deforms under compression to fill microscopic imperfections in the sealing groove. It was covered with a 1,100 pound stainless steel bell jar that creates a protective air pocket to keep the vessel dry underground.

Beyond the iPhone, the capsule holds contributions from all 56 states and territories and all three branches of the federal government, including a feather from Civil War era bald eagle mascot "Old Abe" (Wisconsin), fabric from the Wright brothers' 1903 aircraft (Ohio), and an AI generated response from Anthropic's Claude submitted by California imagining the state 250 years from now. Related Roundup: iPhone 17 ProBuyer's Guide: iPhone 17 Pro (Caution)Related Forum: iPhone
This article, "iPhone 17 Pro Max Sealed in Time Capsule Until 2276" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Stephen Wilson, field chief technology officer for HashiCorp, an IBM company, likens AI agents to “really smart kindergartners.”
“They know how to do something, but they have no clue as to why they should do it,” Wilson says.
This combination of superior execution power and lack of judgment can create a significant challenge for organizations trying to fit AI agents into their existing zero trust architectures. In a robust zero trust environment, Wilson notes, human users are first authenticated, then given escalating decision-making powers and access over time, with many organizations potentially taking weeks to onboard an IT employee with elevated privileges. But that model breaks down with AI agents that can be spun up for single tasks and then quickly destroyed.
“Imagine having to onboard and offboard one of these entities within your ecosystem once every second,” Wilson says. “The introduction of AI agents isn’t necessarily creating new problems. But it is exacerbating problems that have always been there.”
‘You don’t know when they’re going to be wrong’
The pressure for organizations to aggressively adopt AI has brought a corresponding pressure to lower or delete barriers between authentication, decision-making, execution, and authorization, Wilson says. Rather than rearchitecting their zero trust programs for AI agents, many organizations are essentially giving the tools broad access and hoping for the best.
“These agents move so quickly, and no one is quite certain exactly what access they should have,” Wilson says. “I’ve never seen this before, where really smart security people are just closing their eyes and moving at a rate that can be dangerous.”
Already, unfettered access for agentic AI could unleash “calamity” within some organizations, Wilson says, with a report emerging that an AI agent deleted entire production databases. “We’ve seen an example of months and months of work disappearing, even in stable software development environments,” Wilson says. “Even if we estimate that AI agents are right 80% of the time, the problem is the other 20%—what happens when they’re wrong?”
Taking the long view
While agentic AI can raise short-term security problems, Wilson sees the technology as a forcing function that will spur long-term improvements to organizations’ zero trust environments. “We’re at an inflection point where we’re going to have to do the hard things,” he says. “With human users, we’ve accepted that we’re not going to move as fast as we want, and we’re going to have to say no a lot. But this is a tidal wave.”
Wilson likens the rise of agentic AI to the debut of the iPhone (“but 10 times more potent”), noting that smartphones forced organizations to create security and governance practices for bring-your-own-device (BYOD) and remote work programs. “Before the iPhone, there was no such thing as BYOD,” he says. “It was very painful at first, but we would not have remote work if it wasn’t for the iPhone.”
“AI brings that same challenge,” Wilson says. Doing the hard things, he adds, means moving to zero standing privilege, issuing dynamic credentials at the moment of use rather than relying on long-lived secrets, and building security in rather than bolting it on. The goal is to keep the human “on the loop” rather than in it, supervising agents without slowing them down. “Some organizations are going to take some hard lumps, but I think we’re going to be more secure in the long run.”
To learn more, visit us here.
View the full article
Introduction
AI background removal tools have revolutionized how images are edited, allowing professionals and casual users alike to easily remove or replace backgrounds in photos. These tools, powered by artificial intelligence and machine learning, automatically detect and remove backgrounds, saving significant time compared to manual editing. Whether you’re an e-commerce seller, photographer, graphic designer, or social media influencer, these tools are essential for creating clean, professional visuals with minimal effort.
In 2026, AI background removal tools are more advanced than ever, offering faster processing, higher accuracy, and user-friendly interfaces. When choosing the right tool for your needs, it’s essential to consider factors such as supported platforms, pricing, and the unique features each tool offers, ensuring it fits your specific workflow.
Top 10 AI Background Removal Tools in 2026
1. Design.com 
Short Description: Design.com’s Background Remover quickly removes backgrounds from any image using AI. Just upload a photo and it generates a clean, transparent version in seconds, ready for use in designs or marketing materials. 
Key Features
Instant AI background removal in seconds Free to use for basic background removal Clean, high-quality cutouts with smooth edges Works with common image formats (JPG, PNG, etc.) Easy drag-and-drop upload process Works with other Design.com tools like logos, flyers, and websites Access to 633,000+ templates to reuse your cutout images in designs Pricing
Free: Background removal is free to use Premium Plans: Unlock access to full template library (633,000+ designs), advanced branding tools, and wider design features across the platform Pros
Very fast and beginner-friendly No design experience needed High-quality transparent cutouts Easy integration into other design templates Cons 
Web-based only 2. Adobe Photoshop (AI-Powered)
Short Description: Adobe Photoshop now integrates AI-powered background removal, giving users the ability to easily cut out objects from their photos with precision. Key Features: Adobe Sensei AI for accurate selections Seamless background replacement Built-in cloud storage Advanced editing features beyond background removal Multi-device support Pros: Extremely precise with high customization Integrated with Adobe’s suite of tools Supports advanced editing for professionals Cons: Expensive subscription cost Steep learning curve for beginners 3. Fotor
Short Description: Fotor provides a user-friendly interface for removing backgrounds from photos with AI assistance. It is suited for both beginners and professionals. Key Features: One-click background removal AI enhancement tools for photo editing Multi-platform support (Windows, macOS, iOS, Android) Batch processing support Cloud storage options Pros: Easy to use with a clean interface Affordable pricing options Quick background removal Cons: Limited customization for complex images Free version lacks some advanced features 4. PhotoScissors
Short Description: PhotoScissors is an easy-to-use tool that leverages AI to remove backgrounds from photos. It’s designed for users who need a quick, simple solution. Key Features: Drag-and-drop interface AI-based background removal No need for advanced editing skills Support for various file formats Transparent background support Pros: Ideal for beginners No advanced software skills required Affordable pricing Cons: Less suitable for high-quality, detailed images Limited editing features 5. Clipping Magic
Short Description: Clipping Magic is an AI-powered tool focused on providing fast and high-quality background removal with a focus on precision and user control. Key Features: Real-time background removal with AI Precision editing tools for detailed cuts Supports various image file types Allows for background replacement Unlimited image processing with a subscription Pros: Quick processing with excellent results Simple user interface Detailed controls for fine adjustments Cons: Limited to image editing; lacks advanced features Subscription required for full functionality 6. Canva
Short Description: Canva, a popular graphic design tool, offers an AI-powered background remover that allows users to easily edit images for social media, presentations, and marketing. Key Features: One-click background remover Integration with Canva’s design tools Customizable templates Free and paid plans available Image editing features for content creation Pros: Easy integration with Canva’s design tools Great for creating social media posts Simple, beginner-friendly interface Cons: Limited advanced editing tools for professionals Some features require a paid subscription 7. Pixlr
Short Description: Pixlr is a versatile AI background remover that works well for both casual users and professionals, offering robust editing tools alongside background removal features. Key Features: AI-powered background removal Advanced editing tools (adjustments, filters, etc.) Support for layers and transparent backgrounds Easy-to-use interface Cross-platform (web and mobile) Pros: Great for a mix of casual and advanced users Free and premium plans available Supports multiple image formats Cons: More advanced features can be complex for beginners Free version contains ads 8. Kapwing
Short Description: Kapwing is an AI-driven tool for background removal, perfect for creators needing a fast, reliable solution for image and video editing. Key Features: One-click background removal Image and video editing tools User-friendly interface Cloud-based platform for easy access Support for team collaboration Pros: Supports both image and video background removal Free tier with basic functionality Simple, intuitive interface Cons: Limited advanced features for professional users Watermark on free version 9. Trace
Short Description: Trace is an AI background remover that delivers quick and accurate results, making it suitable for e-commerce businesses and photographers. Key Features: AI-powered, automatic background removal Ideal for product photography High-quality, transparent background results Bulk image processing capabilities Easy integration with other platforms via API Pros: Great for e-commerce users Quick processing for bulk images Excellent quality results Cons: Limited creative editing features Paid subscription required for full access 10. InPixio
Short Description: InPixio offers a straightforward AI-powered background removal tool with intuitive features, perfect for casual users looking for fast and accurate edits. Key Features: Automatic background removal with AI Simple, easy-to-use interface Customizable background options One-click tools for easy editing Free and paid versions available Pros: Beginner-friendly Affordable pricing Simple, effective tool Cons: Lacks some advanced features Free version has limited functionality Comparison Table
Tool NameBest ForPlatform(s) SupportedStandout FeaturePricingRating (G2/Capterra)Remove.bgE-commerce, DesignersWebFast background removalFree / Starts at $0.294.7/5Adobe PhotoshopProfessionals, DesignersWindows, macOSAdvanced editing toolsSubscription ($20.99/mo)4.8/5FotorSocial Media CreatorsWeb, iOS, AndroidAI-powered photo editingFree / Starts at $8.99/mo4.5/5PhotoScissorsBeginners, Casual UsersWebDrag-and-drop interfaceFree / Starts at $9.994.4/5Clipping MagicProduct PhotographyWebPrecision editingStarts at $3.99/image4.6/5CanvaSocial Media MarketersWeb, iOS, AndroidEasy design integrationFree / Starts at $12.99/mo4.7/5PixlrMixed Users (Beginners to Advanced)Web, iOS, AndroidAdvanced tools & filtersFree / Starts at $5.994.3/5KapwingContent CreatorsWebVideo & image editingFree / Starts at $16/mo4.5/5TraceE-commerce, Product PhotographyWebBulk image processingStarts at $5/image4.7/5InPixioCasual UsersWindows, Mac, WebSimple, effective toolFree / Starts at $39.994.4/5 Which AI Background Removal Tool is Right for You?
Small businesses and e-commerce stores: Remove.bg, Trace Designers and professionals: Adobe Photoshop, Clipping Magic Content creators and marketers: Canva, Kapwing Beginners or casual users: PhotoScissors, InPixio Conclusion
AI background removal tools are indispensable in 2026, offering a blend of speed, precision, and ease of use for all levels of users. Whether you’re editing product photos, social media content, or professional visuals, the right tool can significantly improve your workflow. Test out these tools through free trials or demos to see which one fits your needs best.
FAQs
Q1: How do AI background removal tools work?
A1: These tools use artificial intelligence algorithms to detect and isolate subjects from the background, then remove or replace the background.
Q2: Are AI background removal tools accurate?
A2: Yes, most tools offer high accuracy, though the results may vary depending on the complexity of the image.
Q3: Do I need any prior editing experience to use these tools?
A3: No, many tools are designed to be user-friendly, even for beginners.
Q4: Is there a free version of these tools?
A4: Most tools offer free versions with limited functionality, but a subscription or one-time fee is often required for full access.
Q5: Can I replace the background with custom images?
A5: Yes, many tools offer background replacement features, allowing you to use custom images or solid colors.
View the full article
Introduction
In today’s fast-paced digital world, effective communication is key to success, especially when presenting ideas, projects, and pitches. Whether for business meetings, educational purposes, or personal projects, the right presentation software can make all the difference in delivering impactful and visually engaging presentations. In 2026, the market for presentation software tools is more diverse than ever, offering a wide range of features to cater to various professional needs.
Presentation software tools are essential for creating slideshows that capture attention and deliver messages clearly. The rise of remote work and virtual meetings has only increased the demand for intuitive and versatile tools. With so many options available, choosing the right one can be overwhelming. This blog post will explore the top 10 presentation software tools for 2026, outlining their features, pros, and cons to help you make an informed decision. Whether you’re a business professional, educator, or student, finding the right presentation tool can help elevate your communication and presentation skills.
Top 10 Presentation Software Tools in 2026
1. Microsoft PowerPoint
Short Description:
PowerPoint is a veteran in the presentation software space, offering robust features for creating professional slideshows. It is the go-to tool for many businesses and educational institutions.
Key Features:
Extensive template library for various purposes Real-time collaboration via Microsoft 365 Advanced animation and transition effects Integration with Microsoft Teams and OneDrive Smart Design Ideas powered by AI Pros:
Widely recognized and used in professional settings Highly customizable with advanced features Excellent offline functionality Cons:
Some features may require a steep learning curve Can be costly with a Microsoft 365 subscription Lacks some of the modern collaborative tools found in newer software 2. Google Slides
Short Description:
Google Slides is a cloud-based presentation tool that offers a simple yet effective solution for collaborative presentations. It’s widely used for team projects and presentations in educational settings.
Key Features:
Real-time collaboration and commenting Access from any device with an internet connection Easy integration with Google Workspace apps Wide range of themes and templates Offline editing available through Google Drive Pros:
Free with a Google account Seamless collaboration with other Google tools Cloud-based for easy access and sharing Cons:
Limited advanced features compared to PowerPoint Can feel basic for advanced users Requires a stable internet connection for optimal use 3. Design.com Presentation Maker
Short Description:
Design.com presentation maker is an AI-powered presentation tool that helps users create professional, visually engaging, and on-brand presentations in seconds. By analyzing your business name, keywords, and branding elements, the platform generates tailored slide decks that align with your brand identity, making it ideal for pitches, proposals, reports, portfolios, and marketing presentations.
Key Features:
AI-powered presentation generation from business names and keywords AI that creates tailored, on-brand presentation designs Automatic application of brand colors for a more visually cohesive templates Thousands of professionally designed presentation templates Customizable fonts, colors, layouts, shapes, curved text, and gradient effects Keyword-based refinement to improve and regenerate presentation designs Shortlist feature for saving and comparing AI-generated concepts Unlimited editing and customization after generation Export compatibility with PowerPoint and Google Slides High-resolution downloads in PNG, JPG, SVG, EPS, and PDF formats Free presentation templates available for instant customization Access to additional branding tools for social media posts, banners, business cards, and more Royalty-free commercial usage rights for downloaded designs Customer support for design, download, and technical assistance Pros:
Creates presentations that are tailored to your business and brand rather than generic or irrelevant templates Generates professional presentations quickly with minimal effort Maintains brand consistency through automatic logo and color integration Offers extensive customization options after AI generation Provides access to a large template library and a complete branding ecosystem Supports multiple export formats, including vector files for professional use Suitable for businesses, entrepreneurs, marketers, and creative professionals Cons:
Some premium templates require a paid subscription Requires clear business information and keywords to achieve the most accurate AI-generated results 4. Keynote
Short Description:
Apple’s native presentation software, Keynote, is a powerful and intuitive tool favored by macOS and iOS users for its sleek design and ease of use.
Key Features:
Stunning visual effects and themes Easy integration with other Apple software Real-time collaboration for team presentations User-friendly interface with drag-and-drop functionality Seamless cloud syncing via iCloud Pros:
Beautiful templates and design features Free for Apple users Excellent performance on macOS and iOS Cons:
Limited compatibility with non-Apple devices Fewer customization options than PowerPoint Restricted to the Apple ecosystem 5. Canva
Short Description:
Canva is a versatile online design tool that has rapidly gained popularity for creating visually appealing presentations with ease, especially for non-designers.
Key Features:
Drag-and-drop editor with thousands of customizable templates Cloud-based, with easy sharing and collaboration Large library of free stock images, icons, and fonts Presentation animation and transition effects Integration with social media and marketing platforms Pros:
Free and easy to use Excellent for creating visually stunning presentations Perfect for beginners and non-designers Cons:
Limited features in the free version Lacks the depth of PowerPoint’s advanced features Can feel too basic for professional presentations 6. Visme
Short Description:
Visme is an all-in-one tool for creating presentations, infographics, and other visual content. It’s ideal for professionals looking for more control over design.
Key Features:
Thousands of templates and design assets Easy integration with data visualization tools Collaborative features for team presentations Customizable animations and transitions Export presentations as HTML5 for embedding Pros:
Highly customizable with detailed design controls Excellent for creating infographics and visual content Great for professionals who need to showcase data Cons:
Some features are locked behind the paid version Learning curve for beginners Can be slower with large files 7. Ludus
Short Description:
Ludus is a creative presentation tool that blends design flexibility with web-based functionality. It’s perfect for artists, designers, and creative professionals.
Key Features:
Full customization options with HTML/CSS code support Interactive and visually rich presentations Drag-and-drop integration with other creative tools like Figma Collaboration features for team-based projects Integration with GIFs, videos, and 3D models Pros:
Flexible for creative professionals Full control over presentation design and functionality Excellent for interactive presentations Cons:
May not be suitable for non-technical users More expensive than some alternatives Limited templates compared to other tools 8. Zoho Show
Short Description:
Zoho Show is a cloud-based presentation tool aimed at business teams, offering easy collaboration, seamless integration with Zoho apps, and plenty of customizable templates.
Key Features:
Real-time collaboration and feedback options Integrates seamlessly with other Zoho productivity apps Easy sharing via cloud and social media Cloud storage for easy access anywhere Offline editing capabilities Pros:
Free for Zoho users Excellent collaboration and sharing options Great integration with Zoho CRM and other tools Cons:
Lacks some advanced features compared to PowerPoint Fewer templates than other major players Can be slow at times with large presentations 9. Slidebean
Short Description:
Slidebean is a unique presentation tool that automates the design process, allowing users to focus on content while the tool takes care of the aesthetics.
Key Features:
AI-driven design engine that automates layout and formatting Cloud-based with real-time collaboration features Integration with Google Drive and Dropbox for file management Thousands of design templates and customizable elements Easy export to PPT, PDF, and image formats Pros:
Saves time with automated design features Ideal for users with minimal design experience Great for creating professional pitch decks Cons:
Limited customization for advanced users Free version has restricted access to certain features Lacks some advanced presentation features 10. Beautiful.ai
Short Description:
Beautiful.ai offers smart templates and AI-powered design tools to create stunning presentations quickly, focusing on simplicity and efficiency.
Key Features:
AI-powered design suggestions and auto-adjustments Wide range of templates designed for different use cases Real-time collaboration and team editing Cloud-based, with easy sharing and presentation modes Integration with Google Slides and PowerPoint Pros:
Easy-to-use with minimal design skills required Great for professionals on tight schedules Clean, modern design aesthetic Cons:
Limited customization options Can be too simplistic for some users Higher cost for premium plans Comparison Table
Tool NameBest ForPlatform(s) SupportedStandout FeaturePricingRatingMicrosoft PowerPointBusiness ProfessionalsWindows, macOSAdvanced features, offline modeStarts at $6.99/month4.5/5Google SlidesTeam CollaborationWeb-basedFree, seamless collaborationFree4.2/5PreziCreative IndustriesWeb-based, DesktopZooming non-linear interfaceStarts at $3/month4.4/5KeynoteApple UsersmacOS, iOSSleek design, easy-to-useFree for Apple users4.3/5CanvaNon-DesignersWeb-based, iOS, AndroidEasy-to-use, free versionFree / Premium starts at $12.95/month4.7/5VismeProfessionalsWeb-basedData visualization integrationStarts at $15/month4.6/5LudusDesigners & CreativesWeb-basedFull customization optionsStarts at $10/month4.5/5Zoho ShowBusiness TeamsWeb-based, iOSZoho integration, free for Zoho usersFree (Zoho users)4.2/5SlidebeanEntrepreneursWeb-basedAutomated designStarts at $8/month4.3/5Beautiful.aiProfessionalsWeb-basedAI-powered design featuresStarts at $12/month4.4/5 Which Presentation Software Tool is Right for You?
For Business Professionals: Microsoft PowerPoint or Zoho Show. For Creative Professionals: Prezi or Ludus. For Teams and Collaboration: Google Slides, Zoho Show. For Quick Presentations and Design: Canva, Beautiful.ai. Conclusion
Presentation software tools are an integral part of effective communication in 2026. As the digital landscape evolves, these tools continue to offer innovative features for a variety of professional needs. Whether you’re a business professional looking for advanced features or a creative seeking dynamic, engaging visuals, there is a tool for you. Consider trying demos or free trials to explore what works best for your needs.
FAQs
1. What is the best presentation software for business teams?
Microsoft PowerPoint and Zoho Show are excellent for team collaboration and business use.
2. Can I use these tools for free?
Yes, many tools like Google Slides, Canva, and Zoho Show offer free versions with limited features.
3. Which presentation tool is best for creative presentations?
Prezi and Ludus are ideal for creative professionals looking for dynamic and visually engaging presentations.
View the full article
Introduction
In today’s digital age, the power of a well-designed presentation cannot be overstated. As businesses, educators, and creators rely on visuals to communicate their ideas, AI-driven presentation design tools have emerged as a game-changer. These tools leverage artificial intelligence to help users craft compelling, visually appealing presentations in minutes, saving time and boosting creativity.
AI Presentation Design Tools in 2026 are essential for professionals who want to automate design processes, enhance creativity, and improve their visual storytelling. These tools integrate smart algorithms that offer template suggestions, content formatting, design elements, and even design style recommendations tailored to the user’s needs. Whether you’re preparing a business pitch, an educational slide deck, or a creative project, these tools are here to make the process smoother, faster, and more effective.
When selecting the right AI presentation tool, users should look for features such as ease of use, customizable templates, integration with other platforms, and flexibility in design styles. The goal is to find a tool that supports the creation of high-quality presentations without requiring advanced design skills.
Top 10 AI Presentation Design Tools for 2026
Here are the top AI-powered tools that are revolutionizing presentation design in 2026:
1. Design.com
Design.com’s AI presentation maker creates professional, brand-aligned presentations in seconds. Unlike other AI tools that generate generic slides, Design.com analyzes your business name, keywords, and branding elements to create tailored presentations that reflect your unique brand identity.
Key Features:
AI-powered presentation generation based on your business name and keywords. Smart AI that studies your input and branding to create tailored, on-brand presentations. Thousands of professionally designed presentation templates to choose from. Automatic application of brand colors and styling to your presentations when you upload or create a logo. Full customization of fonts, colors, layouts, shapes, curved text, and gradient effects. Shortlist feature for saving and comparing the generated presentation concepts. Unlimited editing and design adjustments. Export-ready presentations compatible with PowerPoint and Google Slides. High-resolution downloads in PNG, JPG, SVG, EPS, and PDF formats. Free presentation templates available for customization. Access to matching branding assets, including social media posts, banners, business cards, and more. Royalty-free commercial usage rights for downloaded designs. Customer support for customization, downloads, and technical assistance. Pros:
Generates presentations that are tailored to your brand rather than generic templates. Fast and easy presentation creation with minimal input required. Strong brand consistency through automatic logo styling integration. Extensive customization options after AI generation. Large template library and access to a complete branding ecosystem. Multiple export formats, including vector files for professional use. Cons:
Premium templates require a paid subscription. Advanced customization may take additional time for users seeking highly specific designs. 2. Canva
Short Description: Canva is a well-known graphic design tool that also offers AI-powered presentation templates for quick and professional results. Key Features:AI-based design suggestions for layouts and content placement. Drag-and-drop interface for ease of use. Collaborative features for team-based editing. Extensive library of pre-built presentation templates and stock images. Export options to various formats (PPT, PDF, etc.). Pros:Extremely versatile for various types of designs. Easy to learn for beginners. Cons:Some features are locked behind a paid subscription. Limited design elements for advanced users. 3. Slidebean
Short Description: Slidebean is an AI presentation tool that specializes in creating slides based on the content you input, providing a professional design in no time. Key Features:AI-driven layout and design suggestions. Content-first approach for creating presentations. Cloud-based collaboration for real-time editing. Customizable templates for different use cases. Export presentations in multiple formats. Pros:Quick design process with minimal input. Great for users who want a no-hassle design experience. Cons:Limited customization for users with advanced design skills. Some features require a premium subscription. 4. Prezi
Short Description: Prezi is a dynamic presentation tool that utilizes AI to help create non-linear presentations, offering a unique, zooming canvas experience. Key Features:Non-linear presentation style for engaging storytelling. AI-powered design suggestions for custom layouts. Ability to create zooming effects and interactive slides. Collaboration tools for group work and sharing. Offers templates for a variety of industries. Pros:Engaging and interactive presentation style. Flexible design for storytelling-focused presentations. Cons:Can be difficult for beginners to master. Limited traditional slide-style templates. 5. Visme
Short Description: Visme offers AI-driven design tools that help you create engaging and professional presentations with a focus on data visualization. Key Features:Advanced data visualization tools (graphs, charts, infographics). AI-powered design recommendations for layout and content. Customizable templates for professional presentations. Integrates with external data sources like Google Sheets and Excel. Multi-platform support (web, mobile). Pros:Excellent for data-heavy presentations. A broad range of customization options. Cons:Steeper learning curve for beginners. Limited free features. 6. Pitch
Short Description: Pitch is a team-focused presentation tool that uses AI to automate slide design while allowing for a high degree of collaboration. Key Features:AI-driven design layout suggestions. Extensive library of templates and images. Real-time collaboration features for teams. Integrates with Google Drive and Slack. Ability to embed videos and interactive elements. Pros:Great for team collaboration and editing. Simplifies presentation design with automated AI features. Cons:Limited offline functionality. Some advanced features are only available in paid plans. 7. Zoho Show
Short Description: Zoho Show provides AI-powered design features that allow users to create stunning presentations for business and educational purposes. Key Features:AI-based templates and layout suggestions. Cloud-based collaboration and sharing options. Easy-to-use interface with drag-and-drop functionality. Seamless integration with Zoho Suite tools. Wide variety of customizable templates. Pros:Free tier available for individual users. Integrates well with other Zoho apps. Cons:Lacks some advanced design features. Requires a Zoho account for full access. 8. Google Slides (AI-enhanced)
Short Description: Google Slides, now enhanced with AI features, allows for smart formatting and content recommendations while maintaining collaborative functionality. Key Features:AI-powered design suggestions and layout optimization. Real-time collaboration for teams. Seamless integration with Google Drive and other Google Workspace apps. Simple and intuitive interface. Support for multimedia elements (images, videos, links). Pros:Free for personal and business users. Easy collaboration with team members. Cons:Basic design features compared to specialized tools. Limited template variety. 9. FlowVella
Short Description: FlowVella combines AI-driven design tools with multimedia features for interactive presentations. Key Features:AI-based design tools for slide creation. Supports embedded multimedia (audio, video, images). Interactive presentations with clickable links and navigation. Cloud storage and sharing options. Offline viewing support. Pros:Interactive and engaging presentation format. Great for multimedia-rich content. Cons:Limited traditional slide designs. Basic AI tools compared to competitors. 10. Venngage
Short Description: Venngage is an AI-powered tool ideal for creating visually striking infographics and presentation slides, especially focused on data-driven content. Key Features:Data visualization tools for infographics and charts. AI-powered design and layout suggestions. A wide variety of presentation templates and icons. Collaboration features for team-based editing. Simple drag-and-drop interface. Pros:Great for infographics-heavy presentations. Flexible templates and design options. Cons:Some features are behind a paywall. Lacks advanced animation options. Comparison Table
Tool NameBest ForPlatform(s) SupportedStandout FeaturePricingRatingBeautiful.AIBusiness professionalsWeb-basedAuto-adjusting designFree / Paid Plans4.5/5 (G2)CanvaDesigners and marketersWeb, iOS, AndroidVersatile template libraryFree / Paid Plans4.8/5 (Capterra)SlidebeanStartups and marketersWeb-basedContent-first designStarts at $29/month4.3/5 (Trustpilot)PreziStorytellers, educatorsWeb-based, DesktopZooming presentation styleFree / Paid Plans4.4/5 (Capterra)VismeData-heavy presentationsWeb-basedData visualization toolsFree / Paid Plans4.7/5 (G2)PitchTeams and collaboratorsWeb-based, iOS, AndroidTeam collaboration featuresFree / Paid Plans4.6/5 (Trustpilot)Zoho ShowBusiness professionalsWeb-basedIntegration with Zoho SuiteFree / Paid Plans4.0/5 (Capterra)Google SlidesGeneral usersWeb, iOS, AndroidGoogle Workspace integrationFree4.2/5 (Trustpilot)FlowVellaMultimedia creatorsWeb, iOS, AndroidInteractive presentationFree / Paid Plans4.3/5 (Capterra)VenngageData visualization creatorsWeb-basedInfographic templatesFree / Paid Plans4.5/5 (Trustpilot) Which AI Presentation Design Tools Tool is Right for You?
Choosing the right AI presentation design tool depends on several factors:
For Business Professionals: Beautiful.AI, Pitch, and Slidebean provide easy-to-use interfaces with real-time collaboration features, perfect for team-based projects. For Data-Heavy Presentations: Visme and Venngage excel at creating data visualizations and infographics, ideal for data-driven industries like marketing and finance. For Creative Storytelling: Prezi’s non-linear presentation style and FlowVella’s multimedia support are perfect for educators and creatives. For Budget-Conscious Users: Google Slides and Canva offer free versions with plenty of templates and features, making them suitable for users on a budget. Conclusion
AI Presentation Design Tools are evolving quickly in 2026, offering innovative features that make creating presentations easier and more efficient than ever before. Whether you need a professional pitch deck or a creative educational slideshow, these tools have something to offer. Test out demos, try free trials, and pick the tool that fits your design needs and budget.
FAQs
1. What are AI Presentation Design Tools?
AI Presentation Design Tools use artificial intelligence to automate design decisions, suggest layouts, and optimize content for visually appealing presentations.
2. Are AI presentation tools free?
Many AI presentation tools offer free versions with limited features, with more advanced features available in paid plans.
3. Which AI tool is best for team collaboration?
Pitch and Beautiful.AI are great tools for teams as they offer seamless collaboration features.
4. Can AI tools handle data visualization?
Yes, tools like Visme and Venngage excel in creating data-heavy presentations with advanced data visualization capabilities.
5. What tool is best for interactive presentations?
Prezi and FlowVella offer interactive, non-linear presentations, making them great for engaging storytelling.
Meta Description
Discover the best AI presentation design tools in 2026. Compare features, pros, cons, and pricing of top tools to create stunning, AI-driven presentations.
View the full article
Introduction
In 2026, AI-driven design tools are revolutionizing the way posters and flyers are created, making the design process faster, easier, and more accessible to everyone from small businesses to large corporations. AI Poster & Flyer Designers tools leverage the power of artificial intelligence to automate and enhance design tasks, making it possible for anyone—whether they have a background in graphic design or not—to create visually stunning and professional designs in just a few clicks.
With the increasing demand for high-quality marketing materials in industries like events, retail, and real estate, having the right design tool is crucial. These tools help businesses to stay competitive by enabling rapid creation of eye-catching posters and flyers without the need for expensive graphic design software or a dedicated designer.
This blog post will explore the top 10 AI Poster & Flyer Designers tools in 2026, providing a comparison of their features, pricing, pros and cons, and more, to help you find the best tool for your needs.
Top 10 AI Poster & Flyer Designers Tools in 2026
Design.com 
Design.com lets you create posters and flyers just by typing what you need. You can enter a business name, event, or short idea, and it will quickly generate ready-made designs you can edit. It removes the need for design skills, so you can go from idea to finished poster or flyer in minutes.
After that, you can easily change things like text, colors, fonts, and images using a simple AI Poster Generator and editor. You also get templates you can start from if you prefer more control. The designs can be used online or printed, making them suitable for both social media posts and physical flyers.
Key Features
Create posters and flyers from simple text prompts Thousands of ready-made templates Easy drag-and-drop editing Instant design variations you can tweak Download for print or online use Works with other tools like logos and websites Pricing
Free: Make and edit designs for free (printing not included) Premium (~$3/month, billed yearly): Save designs, remove limits, access more templates and tools Premium + Website (~$6–$12/month, billed yearly): Includes everything in Premium plus a website builder Pros
Very easy to use, even for beginners Fast results from simple prompts or ideas Lots of templates to choose from Works for both digital and print designs Can edit everything quickly without design skills Cons
Lightweight collaboration features 2. Crello (now VistaCreate)
Short Description: VistaCreate (formerly Crello) offers a variety of AI tools for creating stunning posters, flyers, and marketing materials quickly and efficiently. It’s perfect for users looking to create high-impact visuals.
Key Features:
50,000+ templates and designs AI-assisted design resizing Animated graphics and videos Rich library of fonts, images, and elements Easy social media sharing Pros:
Great for creating both static and animated designs Huge template library for various industries Free version available with useful features Cons:
Some templates and assets are behind a paywall Occasional bugs in advanced features 3. Adobe Express
Short Description: Adobe Express is a simple and powerful AI-powered tool designed to help users create professional-quality posters and flyers without needing advanced design skills.
Key Features:
Integration with Adobe Creative Cloud for advanced tools AI-based design recommendations Customizable templates Social media export options Text and image effects Pros:
Well-known brand with a reputation for quality High-quality templates and images Syncs with Adobe products for extended features Cons:
Limited free features compared to other tools May have a steeper learning curve for complete beginners 4. PosterMyWall
Short Description: PosterMyWall is an online design tool that uses AI to simplify the process of creating posters, flyers, and promotional materials for any type of business or event.
Key Features:
Easy-to-use design interface AI-driven design suggestions based on user inputs Thousands of high-quality templates Social media and print export options Collaborative tools for teams Pros:
Easy for beginners and non-designers Large collection of customizable templates Affordable pricing plans Cons:
Free version comes with watermarks Fewer advanced design tools compared to others 5. Designhill Poster Maker
Short Description: Designhill Poster Maker uses AI to help users create professional-looking posters and flyers. It is designed for businesses and individuals who need quick and high-quality designs.
Key Features:
AI-powered template selection Drag-and-drop interface Wide variety of pre-designed layouts Social media integrations Customizable fonts and colors Pros:
Great for quick flyer and poster creation Templates for different industries Easy sharing options Cons:
Some users find the interface a bit cluttered Fewer design customization options than high-end tools 6. Snappa
Short Description: Snappa is an intuitive AI-driven design platform perfect for creating posters, flyers, and social media graphics, even for users with little to no design experience.
Key Features:
Over 500,000 stock photos Custom templates for flyers and posters AI-based resizing for different platforms One-click social media sharing Easy collaboration for teams Pros:
Clean and simple interface Great value with a free plan available Lots of templates for various industries Cons:
Limited advanced customization features Some templates are only available on premium plans 7. Fotor
Short Description: Fotor is an AI-powered online design tool designed for users who need quick, professional-quality posters and flyers for their marketing campaigns.
Key Features:
AI-based design automation Large selection of templates and design elements Smart design suggestions based on user behavior Cloud storage and sharing options Photo editing tools integrated Pros:
High-quality templates for various types of designs AI-powered features that speed up the design process Robust editing tools for more detailed design work Cons:
Some features require premium subscription Limited customization for beginners 8. Easil
Short Description: Easil is a DIY design tool offering AI-powered templates and features for poster and flyer design, making it perfect for businesses looking to create custom designs without a designer.
Key Features:
AI-powered templates and resizing Drag-and-drop editing interface Access to thousands of stock images and elements Collaborative tools for teams Multi-platform support for social media Pros:
Easy for beginners to use Affordable pricing plans Great customer support Cons:
Some templates are only available on premium plans Limited advanced design features 9. Stencil
Short Description: Stencil is an AI-driven design tool ideal for creating fast and effective posters and flyers, with an emphasis on simplicity and user-friendliness.
Key Features:
AI-powered templates for quick design Wide variety of fonts and graphics Social media integration for direct sharing Multiple canvas sizes for flyers, posters, and banners Mobile-friendly Pros:
Extremely simple to use Great for quick, no-fuss designs Excellent for social media content Cons:
Limited customization for advanced users More complex designs require external tools 10. RelayThat
Short Description: RelayThat is an AI design tool that focuses on automating design creation across multiple platforms, perfect for businesses that need consistency and scalability in their poster and flyer designs.
Key Features:
AI-based branding and design automation Cross-platform design consistency Multiple template options for posters and flyers Integrations with major marketing platforms Real-time collaboration for teams Pros:
Great for brand consistency across campaigns High automation and time-saving features Easy to use, even for beginners Cons:
More suitable for larger businesses or teams Limited design customization options Comparison Table
Tool NameBest ForPlatform(s) SupportedStandout FeaturePricingG2/Capterra RatingCanvaBeginners, MarketersWeb, iOS, AndroidTemplates, Ease of UseFree / $12.99/month4.7/5 (G2)VistaCreateSmall businesses, Social MediaWeb, iOS, AndroidAnimated GraphicsFree / $10/month4.6/5 (G2)Adobe ExpressAdvanced Users, Creative TeamsWeb, iOS, AndroidAdobe IntegrationFree / $9.99/month4.5/5 (Capterra)PosterMyWallEvent Planners, Small BusinessesWebLarge Template LibraryFree / $9.99/month4.4/5 (G2)DesignhillSmall Businesses, DesignersWebAI-Powered Template SelectionFree / $20/month4.5/5 (G2)SnappaBeginners, Social Media MarketersWebStock Photos, TemplatesFree / $10/month4.5/5 (G2)FotorBeginners, Content CreatorsWeb, iOS, AndroidImage Editing, Design AutomationFree / $8.99/month4.4/5 (G2)EasilSocial Media MarketersWebDrag-and-Drop InterfaceFree / $7.50/month4.6/5 (Capterra)StencilSocial Media MarketersWeb, iOS, AndroidSimple, Fast DesignsFree / $9/month4.5/5 (G2)RelayThatLarge Businesses, AgenciesWebCross-Platform Design AutomationCustom Pricing4.6/5 (G2) Which AI Poster & Flyer Designers Tool is Right for You?
When choosing the right AI Poster & Flyer Designers tool, consider your specific needs:
Small Businesses & Beginners: Tools like Canva, VistaCreate, and Snappa are perfect for those who want simple, easy-to-use solutions with lots of templates and customization options. Creative Teams & Advanced Users: If you’re looking for more powerful features, Adobe Express and RelayThat offer advanced tools for professional designers. Event Planners & Marketers: PosterMyWall and Designhill Poster Maker provide excellent tools for creating posters and flyers for events, with collaborative features and high-quality templates. Conclusion
In 2026, AI Poster & Flyer Designers tools are essential for anyone who wants to create impactful, professional designs quickly and efficiently. Whether you’re a small business, social media marketer, or professional designer, these tools can help streamline your design process and deliver stunning visuals in a fraction of the time. Many of these tools offer free trials or freemium versions, so you can explore them before making a commitment.
As the world of design continues to evolve with AI, it’s crucial to stay updated on the latest tools and features. Experiment with different platforms and find the one that best suits your needs.
SEO & FAQs
Main Keyword: AI Poster & Flyer Designers tools
Secondary Keywords: best AI Poster & Flyer Designers software, AI Poster & Flyer Designers comparison, top AI Poster & Flyer Designers solutions
Meta Description: Discover the top 10 AI Poster & Flyer Designers tools in 2026. Compare features, pricing, pros, and cons to find the best tool for your design needs.
FAQs
Q1: What is the best AI Poster & Flyer Designers tool for beginners?
A1: Canva and Snappa are excellent for beginners due to their user-friendly interfaces and easy-to-use templates.
Q2: Which tool is best for advanced designers?
A2: Adobe Express and RelayThat offer more advanced design features and customization options.
Q3: Can I create animated flyers and posters?
A3: Yes, tools like VistaCreate and Fotor allow users to create animated posters and flyers with ease.
Q4: Are there free AI Poster & Flyer Designer tools?
A4: Yes, most of the tools, including Canva, VistaCreate, and Snappa, offer free versions with limited features.
Q5: Can these tools be used for social media posts as well?
A5: Yes, many of these tools, such as Easil and Snappa, are perfect for creating social media graphics in addition to posters and flyers.
View the full article
Introduction
In the ever-evolving digital world of 2026, graphic design is increasingly powered by artificial intelligence (AI), revolutionizing the creative industry. AI graphic design tools are designed to automate and enhance the design process, making it accessible, faster, and more efficient. These tools can generate stunning designs, suggest layouts, and optimize images based on the user’s input. AI’s ability to assist with tasks such as resizing, color adjustments, or generating creative ideas has drastically lowered the barrier for individuals and businesses alike to create professional-grade visuals.
In 2026, AI graphic design tools are no longer a novelty—they’re a necessity. Whether you’re an entrepreneur needing quick visuals for your marketing campaign or a professional designer looking for assistance with repetitive tasks, AI tools can save time and effort, making your designs more impactful. But with so many options available, selecting the right AI graphic design software can be overwhelming. Here’s a look at the top 10 AI Graphic Design Tools in 2026 to help you make an informed choice.
Top 10 AI Graphic Design Tools in 2026
1. Design.com
Short Description: Design.com is a brand-first AI graphic design platform that generates logos, websites, marketing materials, and more from a single starting point, with everything automatically styled to match your brand identity from day one.
Key Features:
AI graphic design suite covering logos, websites, business cards, social media graphics, flyers, posters, presentations, and QR codes Chat-based AI logo editor that takes plain language instructions and applies changes instantly through a copyright-safe, custom-trained model Instant logo preview for generated business names, connecting the naming and branding process in one seamless workflow 500,000+ exclusive logo templates built by professional designers and verified for originality 750+ fonts with 525+ proprietary typefaces that exist nowhere else in the market 62,000+ custom vector shapes for clean, scalable design output Brand auto-sync engine that pushes your logo, colors, and typography across every design asset automatically Full file format support, including PNG, JPG, SVG, EPS, PDF, GIF, MP4, and transparent background exports Extended license options available for brands that need exclusive logo ownership Free plan that covers design, customization, and downloading with no payment required Pros:
Approaches graphic design as a brand system rather than a collection of individual assets, which is something no other tool on this list does Chat-based AI editing removes the technical barrier that keeps most people from producing polished design work Exclusive template and font library means results look original rather than borrowed from a shared stock pool Animated file exports in GIF and MP4 give brands ready-to-use assets for video content and social reels without additional software The free plan is one of the most generous in the category, with no watermarks and no payment required to download Cons:
Browser-based only, with no desktop or mobile application
2. Adobe Sensei
Short Description: Adobe Sensei is Adobe’s AI platform that enhances their entire suite of creative tools. It automatically optimizes design tasks such as image tagging, color adjustments, and layout arrangement.
Key Features:
AI-driven auto-masking and subject selection in images. Advanced image recognition and automatic tagging. AI-powered layout suggestions and content-aware resizing. Integrates with Adobe Creative Cloud applications. Smart editing tools for both video and graphic designs. Pros:
Seamless integration with Adobe Creative Cloud. High-quality AI-powered automation for advanced designers. Extensive support and tutorials. Cons:
High learning curve for new users. Expensive compared to some other tools. 3. Fotor
Short Description: Fotor is an AI-powered online photo editor and design tool that enables quick and professional editing with minimal effort. It’s suitable for social media posts, advertisements, and photo retouching.
Key Features:
One-click AI enhancement for images. Access to customizable templates for social media graphics. AI background remover. Batch processing for editing multiple images at once. Retouching tools for portraits and images. Pros:
Intuitive interface, ideal for beginners. Great for photo editing and enhancement. Affordable pricing options. Cons:
Lacks some advanced features found in other tools. Limited design resources for complex tasks. 4. Crello
Short Description: Crello is a creative tool similar to Canva, focusing on graphic design, animation, and video editing with the help of AI. It’s ideal for creating eye-catching social media content.
Key Features:
AI-powered animations and video creation. Access to 30,000+ customizable templates. Background remover and resizing tools. Drag-and-drop editor for ease of use. Collaboration features for team projects. Pros:
Wide range of templates for various design needs. Great for creating animated visuals. Affordable pricing with a free version available. Cons:
Limited in terms of vector editing. AI tools can be basic compared to competitors like Adobe. 5. Visme
Short Description: Visme is an all-in-one design tool that incorporates AI to enhance the design and presentation process. It allows users to create infographics, presentations, and various graphic assets.
Key Features:
AI-driven design suggestions for presentations and graphics. Hundreds of templates and interactive elements. Customizable charts and infographics. Team collaboration tools for creating shared projects. Analytics tools for measuring the effectiveness of visual content. Pros:
Perfect for creating professional presentations and infographics. Easy-to-use interface with a wide range of resources. Analytics features for marketing and design feedback. Cons:
Can be overwhelming for beginners. Limited functionality in the free version. 6. Snappa
Short Description: Snappa is a graphic design tool with AI capabilities, allowing users to create stunning visuals quickly. It’s aimed at marketers, bloggers, and business owners who need high-quality designs fast.
Key Features:
AI-assisted design templates for social media, blog posts, and ads. High-quality stock photos and graphics. One-click background remover. Team collaboration and shared access to assets. Simple interface, no prior design knowledge required. Pros:
Great for small businesses and marketers. Extensive library of free templates. Affordable pricing with a free version. Cons:
Limited customization for advanced design needs. Smaller template library compared to competitors. 7. RelayThat
Short Description: RelayThat uses AI to automate brand consistency across all of your designs, ensuring that logos, fonts, and color schemes are always aligned with your brand identity.
Key Features:
AI-driven automation for resizing and rebranding visuals. Cross-platform design consistency. Customizable templates for quick design creation. Ability to batch design across various formats. Multi-user collaboration for teams. Pros:
Ideal for maintaining brand consistency. Time-saving automation for resizing and rebranding. Great for teams and agencies. Cons:
Can be difficult to fine-tune designs. Limited customization options. 8. Designhill
Short Description: Designhill offers an AI-powered design tool for creating logos, business cards, and social media posts. It’s a great option for startups and entrepreneurs looking for quick, professional visuals.
Key Features:
AI logo generator for creating custom logos. Thousands of templates for social media and marketing designs. Brand kit for consistent branding. Print-on-demand services for t-shirts and merchandise. Customizable designs for both print and digital. Pros:
Excellent for startups needing quick branding solutions. Easy-to-use with AI-powered design options. Wide range of print and digital design services. Cons:
Logo designs may lack uniqueness. Limited features for advanced users. 9. Artbreeder
Short Description: Artbreeder is an AI-powered platform for creating unique digital art. By combining and enhancing images, users can produce breathtaking visuals for websites, social media, or creative projects.
Key Features:
AI-assisted image creation through image blending. Access to a community of creators for inspiration and collaboration. High-level customization options for digital art. Ability to generate characters, landscapes, and abstract art. Open-source integration for further customization. Pros:
Ideal for creating unique, artistic designs. Great for concept art and experimental designs. User-friendly interface. Cons:
Limited to artistic and abstract designs. Not suitable for professional graphic design tasks. 10. DeepArt
Short Description: DeepArt uses deep learning to transform your photos into works of art, mimicking the style of famous artists. This AI tool is perfect for creating stunning visuals for social media or personal projects.
Key Features:
AI-powered style transfer for transforming photos into art. Integration with various social media platforms. Customizable artistic filters and effects. High-quality output for print or digital use. Fast processing and easy-to-use interface. Pros:
Unique and creative photo transformations. Great for social media and personal projects. High-quality rendering. Cons:
Limited design capabilities beyond photo transformation. Pricing can be high for advanced features. Comparison Table
Tool NameBest ForPlatform(s) SupportedStandout FeaturePricingRatingDesign.comSmall businesses and entrepreneurs who want a complete brand identity from one platformWebBrand auto-sync engine that applies logo, colors, and typography across every asset automaticallyFree / $3/mo+4.7/5Adobe SenseiProfessional DesignersWeb, DesktopAI-powered auto-maskingCustom Pricing4.5/5FotorBloggers & EntrepreneursWeb, iOS, AndroidAI-powered photo enhancementFree / Starts at $8.994.5/5CrelloSocial Media ManagersWeb, iOS, AndroidAI animations & video creationFree / Starts at $7.994.6/5VismeBusiness & EnterprisesWebAnalytics & design suggestionsFree / Starts at $12.254.4/5SnappaSmall BusinessesWebEasy-to-use template editorFree / Starts at $104.4/5RelayThatAgenciesWebCross-platform consistencyStarts at $494.7/5DesignhillStartupsWebAI-powered logo generatorFree / Starts at $204.2/5ArtbreederArtists & CreativesWebAI-generated artworkFree / Starts at $8.994.6/5DeepArtPhotographers & CreativesWebArtistic style transferStarts at $19.994.5/5 Which AI Graphic Design Tool is Right for You?
When deciding which AI graphic design tool to use, consider factors like your level of expertise, design needs, budget, and preferred platform. For beginners and small businesses, tools like Canva and Fotor are excellent choices for fast and easy design creation. For professionals and larger teams, Adobe Sensei and Visme provide more advanced features, AI-powered enhancements, and collaboration tools. RelayThat is ideal for businesses focused on maintaining brand consistency across multiple platforms.
Conclusion
As we move into 2026, AI is transforming graphic design, enabling faster, more efficient, and cost-effective creation of high-quality visuals. Whether you’re a marketer, designer, or business owner, these AI graphic design tools can help streamline your creative process. Explore the free trials or demos of these tools to find the one that best suits your needs and start designing smarter today.
FAQs
Q1: Are AI graphic design tools suitable for beginners?
Yes, many AI graphic design tools like Canva and Fotor are designed for users without prior design experience, offering easy-to-use templates and features.
Q2: Do AI graphic design tools require a subscription?
While some AI graphic design tools offer free versions, more advanced features often require a paid subscription.
Q3: Can AI graphic design tools replace professional designers?
AI graphic design tools can help automate repetitive tasks but may not fully replace the creativity and expertise of professional designers for complex projects.
Q4: Are these AI graphic design tools suitable for businesses?
Yes, many of these tools, such as Visme and RelayThat, offer features specifically for businesses, including brand consistency and team collaboration options.
Q5: How do I choose the best AI graphic design tool?
Consider your design needs, platform preferences, budget, and desired features. Trying out demos or free trials can help you decide which tool fits your needs.
View the full article
Existing security controls weren’t designed for AI agents.
Static credentials and standing privileges aren’t sufficient for an emerging model where organizations need to rapidly authorize, limit, and revoke permissions from autonomous agents, sometimes more than once within a single workflow.
Agentic AI requires organizations to carefully consider how to govern agentic identity, agent-to-agent communication, secrets management, privileged access, and workforce identity.
Agentic identity
The first challenge is to establish a reliable identity for agents themselves.
The “how” here is still being hotly debated. Some organizations treat AI agents as another form of non-human identity, similar to service accounts or machine identities. Others argue that agents should be their own category, distinct from both human users and machine accounts.
In any case, agents need something like a “certificate” to give them an identity that can be recognized and governed across environments. This is especially important because, in most enterprises, agents will operate across multiple environments, including cloud platforms, on-premises systems, and SaaS applications. 
Agent-to-agent communication
Securing agentic AI requires organizations to limit not only which resources AI agents can access, but also which other access-enabled agents they can communicate with. This is often currently handled with Model Context Protocol (MCP) gateways, although this approach is largely giving way to the use of agentic mesh.
An agentic mesh is a distributed architecture where multiple specialized AI agents can discover one another, coordinate, and collaborate on tasks without a central controller. This approach lets organizations overlay intent-based communication rules via certificates, but also allows permissions to be revoked on demand.
Agentic secrets
Traditionally, secrets like passwords and API keys are managed via requests through IT service management platforms. But this mechanism doesn’t work for AI agents, which operate too quickly and across too many systems to rely on static credentials.
Instead, secrets should be generated dynamically, used for a specific purpose, and then retired when the task is complete. This approach can be compared to modern hotel key cards. Unlike the physical room keys of the past, a key card is issued for a specific stay, but after that, it becomes worthless to both legitimate users and malicious actors.
Privileged access
AI agents may start with the same permissions as a given human user, drawing on relevant business systems and data for context. However, as workflows get handed off from agent to agent, this privilege should not be passed along throughout the process. Rather, privileges should be whittled down at each stage until only a thin layer remains to authorize a specific execution step.
Workforce identity
Organizations already manage the identities of human workers, of course, but often these identities are handled differently across separate management platforms and sign-on tools. To support agentic AI, organizations must find ways to break through this fragmentation, ensure that worker identities are current, and translate workforce permissions correctly into agentic workflows.
A lifecycle approach to identity
These five areas should not be addressed in isolation. Rather, organizations should apply governance and observability across the identity lifecycle, ensuring that every agentic action can ultimately be traced back to approved access and permission levels.
The outcomes of this effort—including dynamic access, the principle of least privilege, strong identity, and clear auditability—are goals that many organizations have long been pursuing. The rise of agentic AI makes them more urgent than ever.
To learn more, visit us here.

View the full article
Introduction
In 2026, web design continues to be a cornerstone of digital presence, playing a crucial role in how brands, businesses, and creators engage with audiences. Web Design Software tools are essential platforms that help users build, edit, and publish visually appealing, responsive, and interactive websites without the need for extensive coding knowledge.
Whether you’re a freelance designer, a startup founder, or a large-scale enterprise, the right web design tool can make the difference between a clunky site and a user-focused digital experience. With AI integration, drag-and-drop interfaces, real-time collaboration, and responsive design features taking center stage, the landscape has never been more exciting.
In this blog, we explore the Top 10 Web Design Software Tools in 2026, diving into their standout features, strengths, limitations, and ideal use cases to help you choose the perfect fit for your next web project.
Top 10 Web Design Software Tools in 2026
11. Design.com
Short Description: An AI website builder that instantly generates complete, fully branded websites for small businesses and entrepreneurs without any coding required.
Key Features:
AI-generated website layouts, copy, and page structure from your business name and industry Automatic brand syncing that applies your logo, colors, and fonts across every page instantly Drag-and-drop editor with 3,000+ mobile-responsive templates across industries Built-in SEO tools with editable page titles and meta descriptions Contact forms, email capture, image galleries, maps, and payment acceptance Hosting is included on all plans with one-click publishing and instant live updates Connects with 50+ additional design tools for logos, business cards, social media graphics, flyers, and more Free plan available with no credit card required Pros:
AI generates a complete, branded website in minutes with no design experience needed Automatic brand syncing eliminates manual design work across every page and asset One of the most affordable website builders on this list, with a genuinely useful free plan All-in-one platform covers website, logo, brand assets, and marketing materials in one place Rated 4.7 on Trustpilot from over 4,000 verified reviews Cons:
Strictly browser-based with no desktop or mobile app 2. Adobe XD
Short Description: A powerful design and prototyping tool for UI/UX professionals.
Key Features:
Vector-based interface design Real-time collaboration Voice and motion prototyping Seamless integration with Adobe Creative Cloud Responsive resize Pros:
Excellent for prototyping and mockups Tight Adobe ecosystem integration Cons:
Lacks direct website publishing features Limited dynamic functionality 3. Figma
Short Description: A cloud-based collaborative interface design tool used by teams worldwide.
Key Features:
Real-time multi-user editing Component libraries and reusable assets Plugins and widgets Auto layout and prototyping Integrates with Slack, Jira, and more Pros:
Powerful for design collaboration Free tier with many capabilities Cons:
Needs internet connectivity No built-in publishing 4. Wix Studio
Short Description: The advanced version of Wix, offering pro-level design with visual freedom.
Key Features:
Smart grid and flexible canvas Built-in CMS and API access AI assistant for layout suggestions Advanced SEO and analytics Responsive design features Pros:
All-in-one design and development Intuitive and beginner-friendly Cons:
Less flexibility than custom code Design limitations in complex use cases 5. Framer
Short Description: A powerful tool for interactive web experiences, now supporting full site publishing.
Key Features:
Real-time prototyping React code export Templates and visual editing Built-in CMS and hosting SEO-ready and mobile-optimized Pros:
Realistic, responsive prototypes Direct publishing from the app Cons:
Best suited for advanced designers Slightly higher learning curve 6. Squarespace
Short Description: A polished platform known for aesthetic templates and ease of use.
Key Features:
Designer templates for various industries Integrated e-commerce and blogging Hosting, domain, and SSL Email marketing tools Appointment scheduling Pros:
Stunning templates Ideal for creatives and small businesses Cons:
Limited design flexibility Not suitable for complex web apps 7. Editor X (by Wix)
Short Description: A professional website builder for advanced design and responsive layout.
Key Features:
Grid layouting system Breakpoints for screen-specific design Collaborative workspace Velo for custom coding Built-in CMS and dev tools Pros:
Powerful responsive design tools Flexibility for designers and developers Cons:
Can be overwhelming for beginners Slower performance for complex sites 8. Sketch
Short Description: A macOS-native digital design toolkit for creating interfaces and prototypes.
Key Features:
Vector editing tools Shared symbols and styles Cloud collaboration Plugin ecosystem Prototyping and developer handoff Pros:
Lightweight and fast on Mac Great plugin support Cons:
Mac-only Limited collaboration compared to Figma 9. Zyro
Short Description: A lightweight website builder that combines AI with ease of use.
Key Features:
AI writer and heatmap tools Grid-based editor Integrated e-commerce SEO and analytics dashboard Fast-loading templates Pros:
Very beginner-friendly Fast website setup Cons:
Limited customizability Not suitable for larger businesses 10. WordPress + Elementor
Short Description: The classic WordPress CMS with a visual drag-and-drop builder plugin.
Key Features:
Front-end live editor Theme and widget library WooCommerce integration Mobile editing and templates Global styles and custom CSS Pros:
Highly flexible and extendable Huge community and plugins Cons:
Requires maintenance and updates Performance can depend on hosting Comparison Table
Tool NameBest ForPlatform(s) SupportedStandout FeaturePricingRating (G2/Capterra)Design.comSmall businesses, entrepreneursWebAI brand syncing across the entire website and all marketing assetsFree / $4/mo+4.6 / 4.7Adobe XDUI/UX prototypingWindows, MacPrototyping & animationsStarts at $9.99/mo4.5 / 4.4FigmaTeam collaborationWebReal-time multi-user editingFree / Starts at $124.7 / 4.8Wix StudioCreatives & small agenciesWebVisual layout gridFree / Starts at $164.5 / 4.6FramerInteractive websitesWeb, MacLive responsive prototypingFree / Starts at $204.6 / 4.7SquarespaceSmall business websitesWebBeautiful templatesStarts at $164.4 / 4.5Editor XAdvanced responsive designWebBreakpoint-based designFree / Starts at $224.4 / 4.3SketchMac UI/UX designersmacOSVector editing + plugins$99/year4.5 / 4.6ZyroBeginners & entrepreneursWebAI-based design featuresStarts at $11.994.3 / 4.2WordPress+ElementorCustom WP websitesWeb, macOS, WindowsDrag-drop + CMS flexibilityFree / Premium $59/yr4.6 / 4.7 Which Web Design Software Tool is Right for You?
Freelancers & Designers: Choose Figma, Sketch, or Webflow for creativity and precision. Startups & SMBs: Wix Studio, Zyro, or Squarespace offer affordability and speed. Large Teams: Figma or Editor X provide real-time collaboration and advanced control. Developers: Framer, Webflow, or WordPress + Elementor allow flexibility with code. Design Beginners: Zyro or Wix Studio make it easy to launch without prior skills. Conclusion
In 2026, the world of Web Design Software tools is thriving with innovation and accessibility. Whether you’re a seasoned designer or a curious entrepreneur, the tools listed above provide the versatility and power to craft stunning websites tailored to your needs. With AI, real-time collaboration, and no-code interfaces becoming standard, now is the perfect time to explore these platforms.
Try out the free versions or demos where available, and find the tool that aligns with your goals and skill level.
FAQs
1. What is the best Web Design Software tool for beginners?
Zyro and Wix Studio are beginner-friendly and require no coding experience.
2. Can I design responsive websites using these tools?
Yes, most tools like Webflow, Editor X, and Framer offer advanced responsive design features.
3. Which software is best for team collaboration?
Figma stands out for real-time multi-user collaboration.
4. Are these tools suitable for e-commerce websites?
Yes, platforms like Webflow, Squarespace, Zyro, and WordPress + Elementor have e-commerce integrations.
5. What’s the difference between Webflow and WordPress?
Webflow is a hosted visual CMS, while WordPress is an open-source CMS with plugin support and requires separate hosting.
View the full article
Ever since ChatGPT made its public debut nearly four years ago, governance and security have largely lagged behind AI adoption.
Eager to experiment with AI tools and find ways to improve their work and personal lives, users have uploaded corporate data, financial records, and even their own health information to large language models (LLMs). While this freewheeling activity presents obvious risks, many users and businesses have so far been spared from catastrophic consequences.
Stephen Wilson, field chief technology officer for HashiCorp, an IBM company, notes that most people are still using AI tools largely as “assistants,” with the technology only taking action at the direction of human users. But, as AI agents are given more ability to act on their own, the risk calculus is changing. And so far, Wilson says, security and governance practices aren’t keeping up.
“Right now, what’s happening is that organizations are starting to use AI tools as full partners but governing the tools the same way they did when they were only using them as assistants,” Wilson says. “When AI is an assistant, the user is very close to the execution, and they’re handing over API keys, social media credentials, and bank information. But now we’re starting to ask AI to do things on our behalf autonomously.”
As organizations move from assisted use cases toward more autonomous workflows, Wilson says, they need to mature their governance models across three common adoption patterns: AI as assistant, AI as an agent, and AI as operator.
AI as assistant
The most basic and widespread form of enterprise AI adoption is AI as an assistant. In this model, a human remains close to the work, using the technology to summarize information, draft content, generate code, and complete other discrete tasks. The user enters a prompt, evaluates the response, and decides what to do next.
Although humans remain close to the execution at this stage, activity is not free from risk. When users interact with AI assistants, they can easily bring sensitive data, credentials, or permissions with them into the workflow. A user with privileged access might paste an API key into a prompt or even ask an LLM to analyze confidential records.
“You need to have a very tight handoff from the human identity to the machine identity,” Wilson says. “You also need to be able to govern what that machine can access from a machine-to-service perspective, because if I get elevated privilege, it’s not hard to inject that privilege into the context window.”
At the assistant stage, organizations largely need to ensure that AI activity is governed by the same boundaries already established for users. But as AI moves from answering prompts to completing work, those governance boundaries must expand.
AI as an agent
At this stage, human users begin asking AI tools to complete certain tasks autonomously. For example, instead of going back and forth with an LLM to outline and draft a piece of content, a user might simply give an AI tool a set of inputs and basic instructions and then ask the tool to generate the piece on its own. In fact, the writing agent may even pass off the finished draft to an editing agent or other AI tools before coming back to a human user.
“When that happens, the governance controls and the identity and auditability have to go up because you’re moving the human out of the loop even more,” Wilson says. “With AI assistants, the human is still the initiator of the request that happens back and forth. But with AI as agent, you’re making a request and then just letting it run.”
At this stage, Wilson says, organizations must determine what level of access different agents need to complete certain tasks, as well as how to confer identity upon AI agents. “How do you manage the persona? How do you accelerate its ability to be more correct often? These are the things you have to think about as you start to move to AI as an agent.”
AI as operator
This is the stage where AI agents take on not just individual tasks but entire projects. Instead of prompting agentic tools to write and edit a single article, an organization might ask a team of AI agents to design and execute an entire marketing campaign.
“The human comes back in two or three hours and has the entire project, including where to publish, individual social media posts, and engagement strategies,” Wilson says. “The level of governance and identity and auditing have to increase as your level of oversight decreases.”
Wilson notes that it is important at this stage to establish strong governance not only around data access but also around accuracy. For example, if an AI agent creates social media content, the organization needs to know that the content uses approved messaging, moves through the right review process, and is published only through authorized channels.
This is a complex challenge because AI agents are probabilistic systems, while many enterprise workflows are deterministic. Before giving agents the power to complete these workflows, Wilson says, leaders must think carefully about where AI-generated work should end and controlled execution should begin.
The road ahead
Most organizations are only beginning to deploy agentic AI beyond the assistant stage, and Wilson notes that security leaders are still debating the right governance, identity, auditability, and observability models for these systems.
But the overarching governance demand is clear: As AI systems gain more autonomy, organizations must implement more rigorous controls. An AI assistant can be governed largely as an extension of the individual user. An AI agent must be governed as part of a team, with clear visibility into the work it performs and the systems it touches. And an AI operator must be governed as a business function, with controls that span data access, workflow execution, approvals, and audit trails.
“Your scope of governance, identity, and observability has to increase at the same rate as if you were moving from an individual to a team to an organization,” Wilson says.
To learn more, visit us here.
View the full article
OHC_logo_transparent_01.jpeg flags-medium.png OHC_logo_blue_square_small.jpeg

 

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.