Agregátor RSS

OpenAI has been testing its ChatGPT Mac desktop app among paying subscribers for the last few weeks. Now, it has opened its new desktop app to anyone with a Mac.

Coming so soon after Apple announced at WWDC that ChatGPT will be integrated within Siri and some apps across its platforms, the introduction must be a sign of the times. Apple’s decision to support ChatGPT and other generative AI (genAI) platforms across its ecosystem should expose millions of users to tools they might not have yet tried out.

A nice integration for Mac users

If you’ve already used ChatGPT on a browser or through other applications, you’ll be familiar with what it can accomplish. The smart chatbot can help get things done, source information, improve your work, and much more. (Though, as always, be careful of any hallucinations or errors that might crop up.)

The integration seems to be a solid combination of the ease-of-use of the Mac and the powerful tools within ChatGPT. In effect, that means the tools within the chatbot are easily available from almost anywhere on your Mac.

It is just the beginning, of course, as Apple has already promised deeper integration between its platforms and ChatGPT as an adjunct to Apple Intelligence. Announced at this month’s developer conference, Apple described plenty of uses for the technology, including in Writing tools.

What can the ChatGPT app do on a Mac?

In a series of short videos shared via OpenAI’s Twitter/X feed, the company described some of what you can achieve. On your Mac, the Chat GPT app can:

• Respond to the well-known and familiar Option-Space shortcut to invoke a ChatGPT query.
• Take a screenshot of a specific window or your entire screen to request feedback or advice on what is there — for example, when seeking to improve code.
• Search past ChatGPT conversations for specific items.
• Quickly and easily ask about anything on your computer using copy and paste.
• And of course, as you engage in conversation, you can refine and improve the exchange to produce more useful results.

You do gain access to standard Voice Mode (so you can speak to ChatGPT). But OpenAI has already promised a new version of Voice Mode powered by GPT-4o will be introduced in the coming weeks. That version will introduce the new audio and video capabilities introduced within GPT-4o.

“Whether you want to brainstorm a new idea for your company, prepare for an interview or have a topic you’d like to discuss, tap the headphone icon in the bottom right corner of the desktop app to start a voice conversation,” the company said.

The trickle becomes a flood

While ethical, environmental, and trust issues continue to delay the kind of rapid deployment of AI aficionados had originally anticipated, there’s little doubt usage will accelerate as platforms like Apple’s weave support inside them.

For most enterprises, this demands implementation of device management systems to help protect against unapproved use of these tools, particularly around confidential data. Apple is responding to this need with device management controls in macOS to constrain use of Apple Intelligence/OpenAI. It is already possible to manage app installs on Macs using MDM systems.

The new app is available for Apple Silicon (M-series) Macs running macOS 14 or later. Similar apps are already available for iPads and iPhones, but not Windows, where they’re expected later this year. You can download the Mac app here. 

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

OpenAI has delayed the release of ChatGPT’s much-anticipated new Voice Mode feature, saying it needs another month” to refine the technology before offering it to a limited group of users in an alpha test.

“We had planned to start rolling this out in alpha to a small group of ChatGPT Plus users in late June, but need one more month to reach our bar to launch,” the  company said in social media platform X.

It said it “needs one more month to reach our bar to launch.”

OpenAI was more optimistic back in May, when it showcased Voice Mode during the Spring Update event at which it launched the faster and more capable GPT-4o large language model.

“We plan to launch a new Voice Mode with these new capabilities in an alpha in the coming weeks, with early access for Plus users as we roll out more broadly,” it said then, referring to users of its $20/month ChatGPT Plus subscription service.

With the introduction of GPT-4o, OpenAI said it was able to cut the voice response to time around 320 milliseconds, from 5.4 seconds for GPT-4, creating a more natural and real-time conversational experience.

Safety and scalability concerns take center stage

OpenAI gave two reasons for the launch delay: safety and scalability.

It emphasized its commitment to responsible AI development and the need for the model to effectively “detect and refuse certain content.” This suggests concerns about potential misuse of the technology for generating harmful or offensive speech.

Scalability also appears to be a hurdle. OpenAI said it aims to ensure the feature functions smoothly for millions of users while maintaining real-time responsiveness. This requires robust infrastructure capable of handling the increased processing demands.

“Exact timelines depend on meeting our high safety and reliability bar,” the company added in the post. “We are also working on rolling out the new video and screen sharing capabilities we demoed separately, and will keep you posted on that timeline.”

More competition for ChatGPT

OpenAI’s delay in Voice Mode rollout creates an interesting scenario in the burgeoning field of AI voice capabilities.

Competitors like Anthropic, with its Claude 3.5 Sonnet model, have already showcased voice-enabled interaction during demos.

Similarly, Google’s AI research arm, DeepMind, has been making strides in voice-based AI with its LaMDA language model,.

“Anthropic has joined this year’s intense AI race with models designed to compete head-on with recent announcements from OpenAI and Google,” said Neil Shah, VP for research and partner at Counterpoint Research. “Generative AI is a blue ocean opportunity, and each company, including Anthropic and OpenAI, will need to target specific use cases and segments. Anthropic, for example, is focusing on coding, writing, and workflow optimization.”

Beyond dedicated AI models, large language models such as Bard (Google AI) and Jurassic-1 Jumbo (AI21 Labs) are also constantly evolving, with some incorporating basic functionalities for voice interaction and response generation.

Even Microsoft’s Copilot programming assistant has begun to integrate voice-based guidance for developers.

OpenAI’s iterative approach: safety first

OpenAI’s decision to prioritize safety and scalability reflects a cautious yet responsible approach. Launching a powerful voice-enabled AI requires careful consideration of potential risks and ensuring the technology can handle widespread use without compromising performance.

“As part of our iterative deployment strategy, we’ll start the alpha with a small group of users to gather feedback and expand based on what we learn,” said the company.  

This iterative approach allows them to refine the model based on real-world user interactions and mitigate potential issues before a wider release.

While the delay may disappoint some users eager to experience Voice Mode, it does show a certain caution in the face of recent criticism of OpenAI’s attitude to safety. It has been working to restore confidence in that area with a series of appointments to its new safety and security committee.

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions - From 2023.0.0 before 2023.0.11 From 2023.1.0 before 2023.1.6, and&

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions - From 2023.0.0 before 2023.0.11 From 2023.1.0 before 2023.1.6, and&Newsroomhttp://www.blogger.com/profile/[email protected]

Mezi nejvýznamnější vědce 19. století rozhodně patřil William Thomson, známý také jako lord Kelvin z Largsu. 26. června je to 200 let od narození fyzika a matematika, který stojí například za myšlenkou podmořských kabelů.

Od čtvrtku do soboty probíhá v Norimberku openSUSE Conference 2024.

When Angela received her first shot at the Lombardi Comprehensive Cancer Center in early 2020, Covid-19 was months away. Far from a household name, mRNA vaccines were mostly relegated to lab studies.

Yet the jab she received was made of the same technology. A melanoma patient, Angela had multiple malignant moles removed. Alongside an established immune-stimulating drug, the hope was the duo could fight off any residual cancerous cells and slash the chances of relapse.

Scientists have long sought cancer vaccines that prevent the pesky cells from growing back. Like those targeting viruses, the vaccines would train the body’s immune system to recognize the cancerous cells and attack and eliminate them before they could grow and spread.

Despite decades of research into cancer vaccines, the dream has mostly failed. One reason is that every cancer, in every person, is different. So is each person’s immune system. Tailoring vaccines to neutralize cancers for each patient would not only be expensive, but sometimes impossible due to how long they’d take to develop—time is not on cancer patients’ sides.

In contrast, mRNA vaccines are far speedier to build. After they were removed, Angela’s malignant moles were analyzed for specific cancerous “fingerprints” or neoantigens. Based on these proteins, scientists at Moderna—known for their Covid-19 vaccines—built a custom mRNA cancer vaccine to train her immune system to prevent her own cancer from recurring.

Angela is part of clinical trial led by pharmaceutical companies Moderna and Merck to see if malignant skin cancer came back in patients given the treatment. Compared to a standard immunotherapy drug alone, adding a custom mRNA vaccine reduced the chances of cancer returning by roughly 50 percent and increased lifespan.

To be clear, the vaccines don’t protect a person from getting cancer in the first place. Rather, they teach the immune system to recognize residual malignant cells and prevent them from returning. The companies have launched Phase 3 clinical studies in people with melanoma and a type of lung cancer, with earlier stage clinical trials for other cancer cell types in the works.

Getting Personal

Like healthy cells, cancerous cells are dotted with all kinds of proteins on their surfaces. Dubbed “neoantigens,” these proteins differentiate cancer cells from healthy ones, making them attractive targets for therapies. And like fingerprints, neoantigens often differ between different cancer types and individuals, raising the possibility of personalized treatments.

That’s the idea behind cancer vaccines. They work like vaccines against infectious diseases. Parts of the invader—in cancer’s case, its unique neoantigens—are mixed with chemicals that stimulate the immune system. Once injected, the concoction directs the immune system to specifically attack cells with the neoantigen and eliminate the threat.

Compared to chemotherapy—notorious for its horrible side effects—cancer vaccines target a person’s own constellation of neoantigens, which in theory limits damage.

In 2017, two small clinical trials offered a glimpse that these vaccines could work in humans. Both studies targeted melanoma, a mole-like type of cancer that can quickly spread and recur.

After surgical removal, the researchers sequenced the genes of each malignant mole and selected up to 20 different protein fragments for each person to develop into vaccines. In one study, the shots kept the cancer at bay in four out of six patients for at least two years. The two who saw their cancer come back quickly entered remission after treatment with a drug that stimulates their immune system.

Another study enrolled 13 patients, eight with no visible tumors and five whose cancer had already spread. A personalized vaccine encoded 10 neoantigens for each person and used a virus to shuttle the mixture into cells. While successful for the first group, who remained cancer-free for over a year, results were mixed in the second group. For these patients, the cancer shrank but resurged in some, while others went into remission after treatment with the same immune-stimulating drug.

“It’s potentially a game changer,” Dr. Cornelis Melief at Leiden University Medical Center, who was not involved in the study, told Nature at the time.

Yet the field still faced a roadblock: Cancer vaccines are expensive to make and often require time—time that patients don’t always have.

An mRNA World

Enter mRNA vaccines. Best known for battling Covid-19, these vaccines can be designed and manufactured at a fraction of the time and cost of their traditional protein-based counterparts.

A cancer vaccine based on mRNA follows a similar path to previous iterations, but with a few upgrades.

The patient’s skin cancer is rapidly sequenced for its genes after removal. Selection of neoantigen genes is key. Not all of them can be recognized by the immune system. Machine learning algorithms, trained on expanding databases of cancer-related mutations, sort through the data to identify the neoantigen genes most likely to stimulate the immune system. Moderna picks up to 34 candidates with the highest chances.

Like in Covid-19 vaccines, the selected genes are then translated into mRNA and encapsulated in fatty bubbles. Once injected, the mRNA commandeers the cell’s protein-making machinery to pump out neoantigens. These, in turn, train the immune system to sniff out the foe.

The mRNA vaccines weren’t used alone, however. Taking a note from previous studies, the companies added an immune-stimulating drug to boost efficacy.

The results from a three-year ongoing trial were announced earlier this month. The combination, compared to the drug alone, reduced the risk of cancers returning and death by 49 percent. They also decreased the risk of the cancer spreading by 62 percent. Living cancer-free for at least two and a half years, those treated with the combo saw a boost in their chances of survival with the addition of the mRNA vaccine. The results mirror those from a previous analysis, led by Dr. Jeffrey Weber at New York University Langone Health, who is overseeing the trial, dubbed KEYNOTE-942.

“At the end of the day, you realize, ‘Damn! This combination seems to have activity,’” Weber told Nature.

Although the results are promising, the combo isn’t for everyone. Later-stage cancers, especially those which have already spread, don’t respond well to the treatment. These tumors also rapidly grow—compared to their earlier counterparts—robbing scientists of precious time to develop the personalized vaccine.

Others are doing similar work. BioNTech has partnered with Genentech to develop vaccines targeting up to 20 neoantigens for notoriously aggressive pancreatic cancer. The vaccine worked for only half of the participants; even then, a fraction of the immune system only recognized one neoantigen. Nonetheless, vaccinated patients lived longer cancer-free after treatment when assessed 18 months after treatment.

Cancer vaccines are having a renaissance, but there’s much left to learn. Figuring out how to choose the right neoantigens is first and foremost. One team, for example, is verifying that immune cells in blood samples from patients actually recognize the selected neoantigens.

Other cancer types are already on the docket as potential next targets, including those that affect cells lining the skin, lungs, and digestive tracts, or those involved in kidney cancer.

As for Angela, the initial flu-like symptoms from the treatment were worth it. In her mid-40s, her cancer has been gone for three years. When asked if it’s because of the vaccine or drug, she told Nature: “I’m just happy to be cancer-free.”

Image Credit: Diana Polekhina / Unsplash

Exploit attempts for ‘devastating’ vulnerabilities already underway

Thought last year's MOVEit hellscape was well and truly behind you? Unlucky, buster. We're back for round two after Progress Software lifted the lid on fresh vulnerabilities affecting MOVEit Transfer and Gateway.…

The recent discovery of a backdoor in Linux's xz compression tool has shed light on cybercriminals' ingenious methods of gaining entry and remaining undetected within critical infrastructure foundations. The xz backdoor presents an acute threat to security and system integrity, and its creators leveraged sophisticated methods to remain undetected.

Příběhy civilizací, které nezvládly svůj vlastní růst a zkolabovaly, tvoří nedílnou součást alarmovacího repertoáru ekologických aktivistů • Jako názorný příklad je uváděn kolaps populace na Velikonočním ostrově • Tento omyl se drží v povědomí mnoha lidí navzdory objevům dokazujícím opak

Oživeno 26. června | Odborníkům se stále nepodařilo vyřešit problém s úniky helia, které negativně ovlivňují systém trysek RCS kosmické lodi Starliner. NASA proto opět byla nucena odložit její cestu zpět na Zemi. Nové datum tentokrát již nebylo stanoveno, takže zatím není jasné, jak dlouho ještě ...

Oživeno 26. 6. | Konec. Ještě včera bylo možné stáhnout klientskou aplikaci, připojit se a chatovat, dnes už ICQ nefunguje. Ruský majitel pouze upozorňuje, ale lidé místo toho začali používat VK Messenger nevo WorkSpace. ICQ se tak zařadilo po bok AOL Instant Messengeru (AIM), Yahoo! Messengeru, ...

Psal se 26. červen 1974. V supermarketu Marsh's v Ohiu vytáhl zaměstnanec Clyde Dawson z košíku balíček žvýkaček Wrigley's Juicy Fruit a pokladní Sharon Buchanan ho v 8:01 naskenovala pomocí čtečky čárových kódů. Významnost tohoto okamžiku spočívala v tom, že se jednalo o historicky první komerční ...

Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023. While one cluster of activity has been associated with the ChamelGang (aka CamoFei), the second cluster overlaps with activity previously attributed to Chinese and North Korean

Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023. While one cluster of activity has been associated with the ChamelGang (aka CamoFei), the second cluster overlaps with activity previously attributed to Chinese and North Korean Newsroomhttp://www.blogger.com/profile/[email protected]

New Copilot+ PCs are officially on the shelves and Microsoft’s marketing is all about explaining that these laptops include Windows 11 AI features you can only use on this sort of system.

But what exactly does that mean in practical terms? Here’s exactly what you get on one of these “next-generation AI PCs” today.

Copilot+ PCs are more than just “AI”

Before we get to the AI features, there’s one thing to know: the marketing isn’t focusing on the most interesting things about these PCs. AI hype aside, these are the first truly competitive Arm-based Windows PCs. They offer dramatically improved battery life and performance.

With Qualcomm’s Snapdragon X Elite hardware, it looks like the PC world finally has hardware that will go toe to toe with Apple’s Arm-based M-series Macs. And that’s making Intel sweat, too: Just look at the huge battery life improvements Intel is teasing for its next-generation Lunar Lake chips.

While everyone’s talking about AI, the big story is all-day battery life with snappy performance — all with compatibility with most existing Windows apps. That’s a big deal for business users (and a big deal for PC users in general).

That’s good news, because the AI features on these Copilot+ PCs feel a bit like a work in progress. They’re more of a demonstration of what’s possible: Application developers will be able to tap into the fast neural processing unit (NPU) to add AI features into their Windows applications.

There’s just one problem: Most AI tools do all the hard processing work in the cloud, which means you could just as easily run them on a Chromebook or iPad as you could on a powerful Windows PC. Will lots of applications switch to doing that AI number-crunching on your PC hardware instead?

Want more Windows advice — plus tips and tricks for making the most of your PC? Sign up for my free Windows Intelligence newsletter to get three things to try every Friday and free Windows Field Guides as a special welcome bonus.

The Microsoft Recall factor

Then there’s this: The Copilot+ PC’s biggest and splashiest feature, Recall, isn’t even available at launch. Faced with privacy and security-related criticism, Microsoft frantically scrambled to remove Recall days before launch so it could be delayed.

Microsoft still says Recall will launch on these PCs in the coming months. But first, it will be tested in preview form with Windows Insiders.

When it launches, Recall will take screenshots of your PC’s display every five seconds. Then, you can choose to use plain language queries to search those Recall snapshots. You’ll be able to type things like, “Find that PowerPoint presentation about the quarterly budget. It had a chart with some orange bars.”

Without Recall, the Copilot+ AI PC features aren’t extremely impressive — they’re neat and nice to have, but there’s nothing here you’d race out and buy a new PC for (except the long battery life, which is impressive — but that has nothing to do with AI).

Paint Cocreator upgrades your drawings with AI The Cocreator tool in Paint makes for a great on-stage demo, but you’ll get more professional and realistic results with a cloud-based AI image creation tool.

Chris Hoffman, IDG

On Copilot+ PCs, Microsoft Paint has a “Cocreator” feature that will upgrade your drawings with AI as you draw. This feature uses the NPU hardware in a Copilot+ PC to do the AI-image-generating.

This is different from the existing “Image Creator” feature in Microsoft Paint, which uses Microsoft’s Image Creator — ultimately relying on OpenAI’s DALL-E 3 model running on cloud servers. All Windows 11 PCs have access to that, while Copilot+ PCs have both buttons on Paint’s toolbar.

Here’s the catch: To use this feature, you have to sign into a Microsoft account. While it uses a Copilot+ PC’s local hardware, it doesn’t work offline. For “AI safety” — to ensure the image generation model doesn’t generate anything terrible — the image your PC generates is sent to Microsoft’s cloud servers and only shown to you if it’s approved.

So, while this is neat, it does seem like you might as well just use some kind of cloud-based AI image generation tool. You could likely get better, higher-quality, more realistic results.

Restyle Image in Photos The Restyle tool requires a Microsoft account and an internet connection. 

Chris Hoffman, IDG

The edit view in Windows 11’s Photos app gains an “AI” button on Copilot+ PCs. This launches a tool that lets you “restyle” your photos, using generative AI to change them. For example, you could transform them into the style of an impressionist painting, watercolor art, anime, or cyberpunk.

Once again, this is a neat parlor trick, but this feature is also dependent on Microsoft’s cloud servers for safety checking. You can’t use it offline. And, while I haven’t spent a lot of time trying to fine-tune the prompts, it does seem like the results are much less impressive than you’d get with a state-of-the-art AI image generation model running on more powerful cloud servers, particularly when it comes to professional, business purposes.

Image Creator in Photos The built-in Image Creator requires an internet connection – so why not just use a cloud-based image generation tool?

Chris Hoffman, IDG

The Photos app also gains an Image Creator tool, which you can access from its sidebar. Once again, this AI image generator just isn’t producing the quality of results that you see from a state-of-the-art cloud-based AI image generator, like the results we’re seeing from Midjourney or Adobe Firefly.

As with all the other AI image tools, this won’t work offline — it does the AI image generation work on your Copilot+ PC but has to phone home to Microsoft’s servers before it shows you the image.

Live Captions for real-time transcription and translation Live Captions are displayed on a floating bar at the top of your PC’s screen.

Chris Hoffman, IDG

On a Copilot+ PC, you can get live captions of any audio — audio playing on your PC or spoken audio picked up via your microphone. It adds real-time captions to anything. Just launch the “Live Captions” application from the Start menu.

This does work entirely offline. In fact, that’s one of the advantages: Your average Windows 11 PC has Live Captions, too. The main difference with a Copilot+ PC is that the translation happens on your PC’s hardware itself, so it works offline and will be snappier under bad network conditions.

Additionally, on a Copilot+ PC, this experience has built-in translations. Live Captions can understand 44 different languages and will translate them to English subtitles — something that could be very advantageous in the right sort of business scenario.

Windows Studio Effects for your webcam Windows Studio Effects are neat, but most of them can also be found on Intel laptops released earlier this year.

Chris Hoffman, IDG

Copilot+ PCs offer Windows Studio Effects for real-time webcam effects in your meetings. You can blur your background or fake eye contact so it looks like you’re always looking directly at your webcam.

These particular features aren’t new, and they’re found on those first-generation AI PCs powered by Intel Meteor Lake chips as well. On a Copilot+ PC, however, there are also “Illustrated,” “Animated,” and “Watercolor” options that can add a generative AI-powered filter to your webcam image in real time. Your mileage may vary, but I found those creative filter effects to be very subtle. And they seem more relevant for playful, personal purposes than for professional company calls.

Overall, though, Windows Studio Effects are nice to have for online meetings — especially tweaks like eye contact and background blurring. And, because they use the NPU, they don’t slow down your PC or drain its battery.

What about Copilot? Copilot doesn’t use Copilot+ PC hardware to do anything extra.

Chris Hoffman, IDG

Like first-generation AI PCs, Copilot+ PCs have a Copilot key on their keyboard for quickly launching Microsoft’s Copilot AI assistant. That’s all they have. The Copilot experience doesn’t use the Copilot+ PC hardware in any way. It all runs entirely on Microsoft’s cloud servers, just as it does on current Windows 11 or Windows 10 PCs.

In fact, the Copilot PC is less integrated with Windows 11 in some ways. These machines have the “new” Copilot application Microsoft recently announced — it’s not a sidebar anymore, it’s a floating window. However, it’s also a progressive web application, and it doesn’t integrate with Windows at all. That means you can’t say “Turn on dark mode,” or “Empty my recycle bin.” Perhaps those features will arrive in the future. Either way, all Windows 11 PCs will get this new Copilot app experience eventually. But there’s nothing special here for Copilot itself.

Third-party NPU experiences

Microsoft and Qualcomm are proud of the neural processing unit (NPU) in these Copilot+ PCs. They’re capable of 40+ TOPS — that’s “trillion operations per second.”

Beyond features integrated into Windows itself, the idea is that this baseline level of NPU performance allows app developers to integrate AI features in their Windows apps. While a Copilot+ PC is something unique now, future hardware from Intel (with Lunar Lake, launching later this year) and AMD (with Strix Point, also launching later this year) will deliver that kind of NPU performance as well. At that point, all new Windows PCs will meet this requirement.

It’s not just about Windows. It’s about what third-party apps can do with this hardware.

There’s not a lot available yet. For example: While Adobe Photoshop does now have a native Arm version that can run better on the Snapdragon X Elite hardware, the Adobe Firefly AI image generation features built into Photoshop still uses Adobe’s cloud servers — not the NPU.

Should you buy a Copilot+ PC?

The big reason to buy one of these first Copilot+ PCs is for the combination of battery life and strong day-to-day performance. If it’s time for a new PC, they’re worth a look.

If you’re just looking for AI, I would consider waiting — there’s not a lot here yet. And if you’re particularly interested in Recall, good news: It’s not out yet, and when it does arrive in a few months, there’s a good chance you’ll be able to pick up a Copilot+ PC on sale. Score.

Eventually, though, all new Windows laptops — whether they have Intel or AMD x86 chips, Qualcomm Arm chips, or an Arm chip from another manufacturer — will meet these “Copilot+ PC” specifications and be capable of running these AI experiences.

The only question is if you want to be an early adopter.

Let’s stay in touch! Sign up for my free Windows Intelligence newsletter — I’ll send you three things to try every Friday. Plus, get free copies of Paul Thurrott’s Windows 11 and Windows 10 Field Guides (a $10 value) as soon as you sign up.

To get things done using the power of the US government, President Theodore Roosevelt used to advise, “Speak softly and carry a big stick.” No need to rage and roar to accomplish what you want — instead, rely on the considerable power of the federal government to get things done.

How things have changed. These days when it comes to reining in Big Tech, the motto of Congress has essentially become “Speak loudly and carry a small stick.” Call a public hearing, rant and rave about the untrammeled power of major tech players — then do nothing.

Take, for example, the recent mid-June hearing in which the House Committee on Homeland Security grilled Microsoft President Brad Smith about how the company allowed Chinese government-supported hackers to carry out what The New York Times calls “a devastating hack of federal government networks” while maintaining its business presence on Chinese soil.

At the hearing, Congress members demanded that Microsoft harden its security, and questioned its commercial presence in China. Then the hearing ended. Congress had spoken loudly — perhaps not nearly as loudly as it should have, but at least it was more than a whisper.

After that? No big stick. In fact, no stick at all. Microsoft continues to have the largest share of the federal government’s IT budget. And it still hasn’t faced any consequences for allowing Chinese hackers to run wild through government networks. 

However, there’s some evidence that Microsoft might finally face real pushback from the feds, including possible revenue losses. To see why that may happen, let’s first take a deeper look at the Chinese hack and Microsoft’s presence in China.

Storm-0558 runs amok

A year ago, the Chinese-government sponsored espionage group Storm-0558 conducted an audacious feat of hacking — it broke into the email accounts of high-level government officials, including Commerce Secretary Gina Raimondo, Ambassador to China Nicholas Burns, and Rep. Don Bacon (R-NE), all of whom help oversee the US relationship with China.

That was just the tip of the iceberg. Some 25 US government agencies were hit; 60,000 emails from the State Department alone were stolen by the hackers.

As I detailed earlier this year, the attack was made possible by stunning acts of incompetence. The Chinese hackers used a cryptographic key to carry out the exploit — a key created in 2016 that was supposed to have been retired in 2021 but wasn’t. Why didn’t Microsoft retire it? Because the company couldn’t make its consumer keys more secure, and so rather than solve the problem, it left the key lying around in an insecure place. Storm-0558 stole it, used it to forge user credentials, and then used those credentials to hack into government email accounts.

In April, the US Department of Homeland Security (DHS) delivered a  blistering report, blaming the hack on a “cascade of Microsoft’s avoidable errors.” The report said the company “failed to detect the compromise of its cryptographic crown jewels on its own, relying instead on a customer to reach out to identify anomalies the customer had observed.”

The report, according to The Washington Post, exposed Microsoft’s “shoddy cybersecurity practices, lax corporate culture and a lack of transparency.”

Microsoft’s presence in China

Meanwhile, while China hacks Microsoft, Microsoft keeps a presence in China. Smith told Congress that the company’s commercial presence there accounts for an estimated 1.4% to 1.5% of its overall sales. That might not sound like much, but the company’s revenue for the fiscal year ending in March 2024 was $236.6 billion, meaning Microsoft took in approximately $1.5 billion from its Chinese office.

Given Chinese hacking of Microsoft and its customers, including the federal government, Congress members at the hearing asked why the company kept its presence in China, especially since the revenue represents such a small part of the company’s overall sales.

“Is it worth it?” Rep. Carlos Gimenez, (R-FL), asked bluntly.

Smith gave an answer only a lawyer could love — or understand, for that matter. The Times paraphrased the answer this way: “Mr. Smith argued that Microsoft’s business in China served American interests by protecting the trade secrets of Microsoft’s American customers operating there and learning from what’s going on in the rest of the world.”

Got it? Me, neither. The real reason is simpler: Microsoft didn’t become the world’s most valuable company (or second-most valuable company, depending on the day) by leaving money on the table, even if it’s only 1.4% of its total sales.

The ‘not-a-gotcha’ hearing

Smith’s grilling was pretty tame. Rep. Bennie Thompson, (D-MS), telegraphed that before the questioning began. “This is not a gotcha hearing,” he assured Smith.

After it was over, not much seemed to have changed. Microsoft continues to be a target for Chinese hackers, and the company still has a Chinese office. And Microsoft continues to reap billions from the federal government including, ironically, for cybersecurity services.

But there are some small signs that perhaps Microsoft could eventually face consequences for lax security practices.  Multiple tech industry groups that include Microsoft competitors have launched a lobbying campaign, arguing that having the federal government rely so heavily on a single vendor for tech products and services is inherently a cyber risk.

In a letter to top government officials and Congress, they argued that best security practices require that the government “switch to a multi-vendor environment” —  in other words, stop relying so heavily on Microsoft and let other companies in on the action.

There’s evidence that at least some in Congress are listening. In late May, Sens. Eric Schmitt, (R-MO), and Ron Wyden, (D-OR), sent a sharp letter asking the Pentagon to back off from a plan to expand its use of Microsoft products: “We write with serious concern that the Department of Defense (DoD) is doubling down on a failed strategy of increasing its dependence on Microsoft at a time when Congress and the administration are reviewing concerning cybersecurity lapses that led to a massive hack of senior U.S. officials’ communications….

“We are deeply concerned that DoD is choosing not to pursue a multi-vendor approach that would result in greater competition, lower long-term costs, and better outcomes related to cybersecurity.”

The DoD, of course, doesn’t need to heed the letter. But Microsoft is clearly starting to feel some heat. Smith told Congress that in response to the Chinese hack, Microsoft launched what he calls “the single largest cybersecurity engineering project in the history of digital technology.” 

If that’s true, and if it stops future attacks like the Chinese one, Microsoft will likely be sitting pretty. I wouldn’t expect the feds to cut back on Microsoft contracts. But if he’s wrong and there’s another major hack, I’d bet that for once Congress will speak loudly, carry a big stick — and cut back on government contracts with the company.

In the US, artificial intelligence (AI) regulation is a hot mess.

There are about 650 proposed state bills in 47 states and more than 100 federal congressional proposals related to AI, according to Multistate.ai. New York alone is home to 98 bills and California has 55. Then there are the executive orders from President Joseph R. Biden Jr. that have spun off many working groups and galvanized several government regulatory agencies.

When regulations are codified in so many ways by so many sources in so many places, the chance for conflicting directives is high — and the result could stifle business and leave loopholes in protections.

AI’s complexity adds to the confusion as do the numerous aspects of AI that warrant regulation. The list is lengthy, including job protection, consumer privacy, bias prevention and discrimination, deepfakes, disinformation, election fraud, intellectual property, copyright, housing, biometrics, healthcare, financial services, and national security risks.

So far, the federal government has dragged its feet on AI regulation, seemingly more focused on party politics and infighting than in crafting useful measures. As a result, Congress has not been an effective tool for structuring regulation policy.

The time for congressional action on AI regulation was two or three years ago. But with little being done federally, the states, particularly California, are attempting to fill the breach.

California jumps out front

California is out in front on consumer protections for AI. In 2018 — even before the public arrival of generative AI (genAI) in late 2022 — the state passed a transparency law that requires disclosure when genAI tools are used for deceptive communications to incentivize a purchase or sale of goods or services in a commercial transaction, or to influence a vote in an election. California has also passed laws on bias prevention in AI-based pre-trial criminal justice tools, deepfake use in electoral campaigns, and banning the use of facial recognition to analyze images captured by police body cams. (The state is nearing the possible release of additional consumer protections introduced in draft form late last year.)

Among other bills, California is formulating a model-level-approach to AI regulation, known as CA SB-1047. The legislation sets its sights on frontier models and the big tech companies that are developing them.

OpenAI defines frontier models as “highly capable foundation models that could possess dangerous capabilities sufficient to pose severe risks to public safety.” SB-1047 would establish a new California agency to regulate large AI models and verify compliance. To be certified, developers would have to provide safeguards, security protections, prevention of critical harms, and built-in a facility that would enable a complete shutdown of the model.

This bill is the one being most closely watched by the tech industry.

Already, AI bills introduced by California and other states “are having a ripple effect globally,” according to The New York Times, quoting Victoria Espinel, CEO of the Business Software Alliance, a lobbying group representing big software companies. Causing its own ripple effect, the European Union adopted the comprehensive AI Act in March; it will be rolled out in stages beginning in 2025.

Follow the EU’s lead

What’s wrong with the US that it is unable to formulate and legislate a unified set of AI regulations like the EU? And do so in a timely manner? Senate Majority Leader Chuck Schumer, D-NY, has been working on AI regulation with industry leaders, but the effort doesn’t seem to be going anywhere quickly.

We’re well past the point of debating whether regulation is needed, yet many pundits are still arguing the point as if there were some doubt of its necessity. Those in the US in a position to foster comprehensive regulatory policies for AI should come together, roll up their sleeves, and craft policy.

California has done a great job, but its policies are not binding outside of its borders. The US is more freewheeling and supportive of business innovation than many other nations. That can be  one of this country’s strengths. But genAI, and AI in general, has the potential to be as destructive as it can be constructive. We ignore that risk at out peril.

The next 12 to 18 months will see significant AI legislation play out around the globe. The US is in danger of missing that timeframe. It’s time to catch up.