Agregátor RSS

An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort. Agent ID Administrator is a privileged built-in role introduced by Microsoft as part of its agent identity platform to handle all aspects of an AI agent's identity lifecycle operations in a Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that could allow an attacker to access sensitive information. It was addressed as part of its Patch Tuesday update for this Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Meta začala zaměstnancům zaznamenávat veškerá kliknutí a stisknuté klávesy • Cílem tohoto kontroverzního opatření je vycvičit AI k samostatné práci • Pracovníci se sledování nemohou nijak bránit a brzy navíc očekávají propouštění

Společnost TSMC ohlásila velké množství novinek a také jedno překvapení. Ještě v roce 2029 očekává silnou poptávku po procesech bez BSPD (přesunu napájení na zadní stranu čipu), a tak chystá A13…

Microsoft and OpenAI on Monday again revised their agreement, softening their exclusivity and revenue-sharing conditions in the process. These changes underscore how critical it is for enterprises to work with as many AI vendors as practical, given the leapfrogging performance stats as well as the constantly shifting alliances.

Both OpenAI and Microsoft issued their own statements, which were essentially identical, about the contractual changes. 

Microsoft’s statement said that the company still derives some benefits from its alliance with OpenAI. “Microsoft remains OpenAI’s primary cloud partner and OpenAI products will ship first on Azure, unless Microsoft cannot and chooses not to support the necessary capabilities,” it said.

But, the company noted, the earlier exclusivity is now gone. “OpenAI can now serve all its products to customers across any cloud provider. Microsoft will continue to have a license to OpenAI IP for models and products through 2032. Microsoft’s license will now be non-exclusive.”

In addition, the company’s role as a major investor in OpenAI is driving a different revenue relationship, it said: “Microsoft will no longer pay a revenue share to OpenAI. Revenue share payments from OpenAI to Microsoft continue through 2030, independent of OpenAI’s technology progress, at the same percentage but subject to a total cap. ”

AGI clause removed

One key component within earlier versions of the Microsoft-OpenAI deal was the change in the relationship if OpenAI ever achieved artificial general intelligence (AGI), a term that eludes a concrete definition but generally refers to AI that equals or exceeds human capabilities. 

Although it was not directly referenced in the statement from either vendor, multiple media reports said that AGI references have now been removed from the revised agreement. 

Market changes

Analysts and consultants generally agreed that this altered agreement will reinforce, and should extend, the current enterprise IT trend of hedging bets by striking arrangements with a variety of AI providers, including the major hyperscalers. Beyond future-proofing enterprises’ AI efforts, some of those agreements are for practical issues, such as the need to work with global AI firms specializing in different languages that the enterprise needs.

Thomas Randall, research director at Info-Tech Research Group, explained that the market has changed since the original agreement was struck. “The era of exclusive frontier model access as a strategic differentiator is coming to an end,” he pointed out. “The Microsoft-OpenAI agreement in 2023 was meaningful because access to GPT4 was scarce. But that scarcity no longer applies because the competitive differences between frontier models have reduced substantially since then.”

The amended Microsoft-OpenAI agreement “is more of a formal acknowledgment that model access is no longer a strict advantage,” he said. “The immediate practical change for IT from this agreement, especially for shops that were reluctant to deepen an Azure commitment, is that they now have a clearer path to accessing OpenAI models through other hyperscalers.”

Randall argued that this translates into a rebalancing of where enterprise IT should focus its AI efforts, especially in terms of differentiation.

“If model access is commoditizing at the infrastructure layer, then strategic questions must focus on quality and governance of proprietary data, the depth and sophistication of agentic workflow integration, and organizational capability to deploy AI at scale,” he said.

“Consequently, the vendors who control the orchestration and application layers [such as] the agent frameworks, the data connectors, the governance tooling, and workflow integration, will be best positioned to capture enterprise value. The competitive ground has shifted from attaining model access to how vendors deeply and reliably embed AI into enterprise workflows.”

Alastair Woolcock, VP analyst at Gartner, agreed that this contractual change from two key market leaders is an inevitable reaction to a vastly changing AI marketplace. “The first great AI shadow investment is being rewritten for a multipolar AI Cold War,” he said. 

“Frontier AI has become too capital-intensive and infrastructure-constrained for one-cloud exclusivity to survive. For Microsoft, this is a controlled concession. The investor story moves from ‘Microsoft owns the OpenAI channel’ to ‘Microsoft controls the enterprise AI operating layer’ through Copilot, Azure, security, workflow integration, data gravity and AI operations,” Woolcock said.

“For OpenAI, this is a liberation event,” he noted. “Its biggest constraint is no longer demand. It is compute, capital and distribution. OpenAI cannot become the global AI platform if one partner controls the pipes.”

He added that, for enterprise IT executives, “this means more choice, but not necessarily less dependency. Lock-in moves up the stack, from cloud infrastructure to AI ecosystem alignment, agent orchestration, workflow control and data governance. This is consequential, not because the partnership is weakening, but because it shows the next phase of AI competition will be fought through flexible alliances, compute access, silicon, power and enterprise distribution, not traditional ownership.”

Planning assumptions altered

Tony Olvet, group VP with IDC, said this contractual change “is unlikely to affect most near‑term Microsoft or OpenAI deployments, but it does change planning assumptions. CIOs and CTOs should expect more choice in where OpenAI capabilities appear, greater commercial leverage and increased need to govern AI across multiple channels. This has strategic implications: enterprises should continue to rely on strong partners while designing AI architectures, contracts, and governance frameworks that can shift across clouds, models and vendors as the market evolves.”

Most consultants stressed the vanishing exclusivity for almost all of the key AI players, something that may not be a bad thing for IT.

A key background factor at play here is the timeline. It can take an enterprise an extended period to fully deploy capabilities across its global environment.

Noah Kenney, principal consultant for Digital 520, noted, “standing up OpenAI workloads on AWS, Google Cloud, or Oracle will take time. Reference architectures, identity and data integrations, compliance reviews, and procurement cycles do not move at the speed of a press release. Enterprises that have spent years optimizing on Azure will not migrate overnight, nor should they.”

But, he said. “for the substantial population of companies that are not Microsoft shops, that have actively avoided Azure, or that operate in multi-cloud by policy, this is the first time OpenAI has been a realistic first-class option on their preferred infrastructure. That is a meaningful shift in the addressable market, even if the operational reality lags by quarters.”

Given the constantly changing relationships within AI, not to mention multiple AI firms preparing to try to become publicly traded, reality is likely to look very different at the end of an enterprise AI rollout than it did at the beginning, so they need options. 

“Until today, choosing OpenAI effectively meant choosing Azure, and choosing Azure gave you privileged access to OpenAI. That tight coupling shaped procurement decisions, reference architectures, and multi-year cloud commitments at thousands of enterprises. It is no longer true,” Kenney said.

“What changes for [enterprise IT executives] is the structural assumption underneath their AI roadmap,” he noted. “OpenAI can now ship its products across any cloud and Microsoft now has a non-exclusive license to OpenAI’s IP through 2032, which means Microsoft is also free to lean harder into its own models, into Anthropic, and into whatever else the market produces. Both sides just bought themselves optionality and that optionality flows downstream to the customer.”

He added, “the companies that benefit are the ones who treat model providers, cloud providers, and inference infrastructure as three separate procurement decisions with three separate exit ramps.”

Vendor lock-in ‘relocating’

Sanchit Vir Gogia, chief analyst at Greyhound Research, said that the kneejerk reaction to the contract changes is that enterprise IT will now have more options and more flexibility. But Gogia said that dependence is not being reduced as much as it is being moved. 

“Lock-in is not going away. It is relocating. At the model level, substitution is becoming easier. Not trivial, but certainly more feasible than before. At the orchestration level, however, substitution remains difficult,” Gogia said. “Once your workflows, controls, identity layers, and governance structures are built around a particular system, changing that system is not a small task. That is where dependency sits. Quietly. Persistently. And often unnoticed until it begins to constrain you.”

There are still differences between providers, and those differences matter in certain contexts, he said. “But the gap is narrowing in ways that are meaningful for enterprise use. Increasingly, the question is not which model is best in isolation. The question is how that model is used, governed, and embedded into the organization. That is a very different question,” Gogia said.

And, he pointed out, it leads you to a very different place, “because once you ask that question, you are no longer looking at models. You are looking at orchestration. You are looking at identity. You are looking at governance, compliance, integration, workflow. You are looking at the layer that sits above the model and quietly determines how everything actually works. That layer is where the real dependency forms.”

Microsoft understands this, he noted. “You can see it in how it is positioning itself. It is no longer behaving like a gateway to a single provider. It is building something broader: A layer where multiple models can coexist, where those models can be managed, governed, and embedded into enterprise systems in a consistent way.

That is not accidental,” Gogia said. “That is a deliberate move towards control at a higher level. And importantly, it is also a hedge. A very clear one. Because it reduces reliance on any single partner, including OpenAI.”

Vendor confirms repo data exposure after Lapsus$ claims source code, secrets dump

Software security testing outfit Checkmarx has become the latest organization caught up in an ongoing attack on security-tool providers. The biz said data posted online appears to have come from one of its GitHub repositories after the Lapsus$ extortion crew claimed to have dumped the company’s source code, secrets, and other sensitive data.…

Online trading platform Robinhood's account creation process was exploited by threat actors to inject phishing messages into legitimate emails, tricking users into believing their accounts had suspicious activity. [...]

Transakcí jako je prodej kryptoměn, jejich směna nebo využití pro platbu za zboží a služby se může týkat zdanění. Poradíme, co podléhá dani a kdy nic dělat nemusíte.

Pokud okolnosti případu naznačují nízkou společenskou škodlivost pachatelova činu, je povinností soudu to zohlednit, nařídil Ústavní soud. I podmíněný trest pak může být přehnaný.

V sobotu 25. dubna proběhl v Bratislavě čtvrtý ročník konference OpenCamp, na které se mluvilo o otevřené náhradě za špatně fungující slinivku, základech optických sítí, komunikační síti Matrix a dalších tématech.

Na článek s popisem textových režimů čipu ANTIC v počítačích Atari dnes navážeme. Popíšeme si totiž grafické (rastrové) režimy a taktéž si ukážeme, jakým způsobem se řeší jedno z omezení ANTICu: možnost adresovat pouze 4kB video RAM.

Od té doby, co jsme se na otázky z kosmologie dívali naposledy, už je zase nějaký ten týden, proto je na čase se dnes podívat na dalších několik otázek, které mi přišly a pokusit se na ně co nejlépe zodpovědět. Nezdržujme se tedy, a pojďme rovnou na to.

Robert Hallock, který funguje u Intelu jako vice-prezident pro marketing se zaměřením na osobní počítače, vyjádřil rozhořčení ze stavu softwarových optimalizací her pro procesory Intelu…

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious after an update. [...]

Nový ovladač Steam Controller jde do prodeje 4. května. Cena je 99 eur.

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys and other sensitive information.

On Friday, unknown attackers exploited the vulnerability to push a new version of element-data, a command-line interface that helps users monitor performance and anomalies in machine-learning systems. When run, the malicious package scoured systems for sensitive data, including user profiles, warehouse credentials, cloud provider keys, API tokens, and SSH keys, developers said. The malicious version was tagged as 0.23.3 and was published to the developers’ Python Package Index and Docker image accounts. It was removed about 12 hours later, on Saturday. Elementary Cloud, the Elementary dbt package, and all other CLI versions weren't affected.

Assume compromise

“Users who installed 0.23.3, or who pulled and ran the affected Docker image, should assume that any credentials accessible to the environment where it ran may have been exposed,” the developers wrote.

Read full article

Comments

Canadian authorities have arrested three men for operating an "SMS blaster" device that pretends to be a cellular tower to send phishing texts to nearby phones. [...]

A Chinese national accused of carrying out cyberespionage operations for China's intelligence services has been extradited from Italy to the United States to face criminal charges. [...]

Sociální sítě i další služby a platformy na internetu už nejsou, co bývaly. Uživatel už často není na prvním místě, důležitější začíná být na něm zbohatnout.

Itron, Medtronic disclose breaches in Friday filings

Digital intruders recently broke into two major tech suppliers - utility-technology firm Itron and medical-device maker Medtronic - according to filings with federal regulators.…