Agregátor RSS

Let Agentic AI speak unto Agentic AI — but in some kind of mathematical code.

That’s the thinking behind the MATHBAC (Mathematics for Boosting Agentic Communication) project, which aims to develop a new area of AI communication, one in which AI agents will ‘talk’ to each other to understand how they collaborate and share information.

MATHBAC is being run by the US Defense Advanced Research Projects Agency (DARPA), one of the progenitors of the internet. It hopes the research will enable agentic AI models to collaborate to solve complex problems, and increase understanding of the mathematics that lies behind the ways that they function.

A key element of the project is discovering fundamentally new ways of working: Research that results only in incremental improvements in existing methods and models that already exist is specifically excluded from MATHBAC funding.

The project has been divided into two phases. The first will consider the derivation of the mathematics behind agentic AI and look at ways of improving communication between systems. The second, much more ambitious, will look to create tools to enable development of a new science, solving “fundamental scientific and mathematical problems underpinning collective agentic intelligence.”

DARPA expects to achieve all that in just 34 months, and is accepting proposals from organizations wishing to work on the project.

The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. [...]

Nevýhodou žebříčků postavených na sledovanosti je, že jsou plné prastarých kousků, které už každý viděl. Tady proto najdete pouze nové filmy a seriály (nebo jejich nové sezóny) z posledních měsíců. Vycházíme ze statistik aktuálního zájmu na webu IMDB, které dlouhodobě ukládáme a sami zpracováváme.

Though I reviewed Apple’s recently-introduced MacBook Neo, M5 MacBook Air, and M5 Max MacBook Pro, I didn’t look at Apple’s new displays. But it is noteworthy that even these products open up new opportunities for the company.

That’s because Apple this week gained FDA clearance for the Medical Imaging Calibration feature introduced in the Studio Display XDR. Just as the affordable MacBook Neo opens up a fresh mass market opportunity, this specialized product feature forges space in a new niche. 

Apple opens a new growth market

That niche will only become even more important once specialized AI medical tools to support treatment and diagnosis appear in the radiology space, as such tools inevitably will. (Inevitably? I mean, just look at this December research announcement from the Institute of Cancer Research, which demonstrated that combining artificial intelligence (AI) with state-of-the-art MRI imaging can revolutionize prostate cancer treatment.)

The combination means you don’t need a dedicated radiology workstation costing in excess of $15,000; you need only a Mac and a $2,899 Apple display. 

Once those things are in place, you can select your choice of imaging software — probably something like Visage Imaging 7, OsiriX MD, Falcon MD, or another of the solutions available for Mac. Even better, while privacy and data confidentiality concerns do exist, the Mac you use for this work can also be used for other tasks, like any other Mac. This democratizes access to tools of this kind; gives the medical profession all the Apple advantages around product resilience, TCO, and tech support; cuts budgets; and enables medical tech purchasers to get more for less.

On-device AI, an Apple advantage

Then we get to think about AI, and that’s where Apple’s strategic sensibility seems to be coming into play. I see it like this: it is obvious that AI for medical imaging will need to run on something. And what Apple has done with Apple Silicon, its approach to on-device AI, and this new medical image calibration feature on its displays all mean it now offers a trusted, highly usable, incredibly flexible solution to run future AI-augmented MRI imaging packages. Apple’s processors can simply shrug their way through that kind of work, while its new displays can give radiologists and other medical examiners the precise accuracy they need.

The new display feature also gives Apple an impressive story to tell in the $42.6 billion global market for medical imaging devices. That tale is tempered by Apple’s cast-iron commitment to privacy and the impressive capacity of Apple Silicon to run on-device LLMs. Apple’s introduction of MLX means you can easily imagine medical imaging deployments that rely on a new Studio Display and four Mac minis clustered via a single Thunderbolt 5 cable. Total cost? Not $15,000. 

Apple is cheap

Apple is cheap. That’s not an illusion. Look at the ecosystem. The entry level $599 MacBook Neo shows this, while all the TCO and tech support and security studies I’ve seen across the last decade show that once you begin using these platforms you end up spending a lot less keeping your investments going.

That matters in any business, of course. But when it comes to the kind of industries Medical Imaging Calibration is meant for, that can be life-saving. Who wants urgent surgery to be delayed by an operating system crash or another Crowdstrike-like moment?

There might be problems getting this message through to every medical provider across the planet, but check out Emory University and its Department of Radiology and Imaging Sciences. There, you can peruse a white paper explaining most of the steps radiologists and imaging practices must take to integrate Apple’s displays and systems into their clinical workflows. 

As explained here, the paper praises the CPU/GPU performance of Macs used in the test, which rival or exceed traditional workstations at a fraction of the cost. The white paper also opens a second dimension in medical practice, thanks to visionOS and the capacity to create new workflows that have the headset using new surgical apps from the likes of Stryker and Storz. Add AI to that equation and you can see that Apple has raised a very, very large flag depicting a very large Apple logo on part of the future of medical care. 

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe. Also, now on Mastodon.

Posted by Jiacheng Lu, Software Engineer, Google Pixel Team

Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the cellular baseband modem against exploitation. Recognizing the risks associated within the complex modem firmware, Pixel 9 shipped with mitigations against a range of memory-safety vulnerabilities. For Pixel 10, Google is advancing its proactive security measures further. Following our previous discussion on "Deploying Rust in Existing Firmware Codebases", this post shares a concrete application: integrating a memory-safe Rust DNS(Domain Name System) parser into the modem firmware. The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying the foundation for broader adoption of memory-safe code in other areas.

Here we share our experience of working on it, and hope it can inspire the use of more memory safe languages in low-level environments.

Why Modem Memory Safety Can’t Wait

In recent years, we have seen increasing interest in the cellular modem from attackers and security researchers. For example, Google's Project Zero gained remote code execution on Pixel modems over the Internet. Pixel modem has tens of Megabytes of executable code. Given the complexity and remote attack surface of the modem, other critical memory safety vulnerabilities may remain in the predominantly memory-unsafe firmware code.

Why DNS?

The DNS protocol is most commonly known in the context of browsers finding websites. With the evolution of cellular technology, modern cellular communications have migrated to digital data networks; consequently, even basic operations such as call forwarding rely on DNS services.

DNS is a complex protocol and requires parsing of untrusted data, which can lead to vulnerabilities, particularly when implemented in a memory-unsafe language (example: CVE-2024-27227). Implementing the DNS parser in Rust offers value by decreasing the attack surfaces associated with memory unsafety.

Picking a DNS library

DNS already has a level of support in the open-source Rust community. We evaluated multiple open source crates that implement DNS. Based on criteria shared in earlier posts, we identified hickory-proto as the best candidate. It has excellent maintenance, over 75% test coverage, and widespread adoption in the Rust community. Its pervasiveness shows its potential as the de-facto DNS choice and long term support. Although hickory-proto initially lacked no_std support, which is needed for Bare-metal environments (see our previous post on this topic), we were able to add support to it and its dependencies.

Adding no_std support

The work to enable no_std for hickory-proto is mostly mechanical. We shared the process in a previous post. We undertook modifications to hickory_proto and its dependencies to enable no_std support. The upstream no_std work also results in a no_std URL parser, beneficial to other projects.

• https://github.com/hickory-dns/hickory-dns/pull/2104
• https://github.com/servo/rust-url/pull/831
• https://github.com/krisprice/ipnet/pull/58

The above PRs are great examples of how to extend no_std support to existing std-only crates.

Code size study

Code size is the one of the factors that we evaluated when picking the DNS library to use.

Code size
by category Rust implemented Shim that calls Hickory-proto on receiving a DNS response 4KB core, alloc, compiler_builtins
(reusable, one-time cost) 17KB Hickory-proto library and dependencies 350KB

Sum 371KB

We built prototypes and measured size with size-optimized settings. Expectedly, hickory_proto is not designed with embedded use in mind, and is not optimized for size. As the Pixel modem is not tightly memory constrained, we prioritized community support and code quality, leaving code size optimizations as future work.

However, the additional code size may be a blocker for other embedded systems. This could be addressed in the future by adding additional feature flags to conditionally compile only required functionality. Implementing this modularity would be a valuable future work.

Hook-up Rust to modem firmware

Before building the Rust DNS library, we defined several Rust unit tests to cover basic arithmetic, dynamic allocations, and FFI to verify the integration of Rust with the existing modem firmware code base.

Compile Rust code to staticlib

While using cargo is the default choice for compilation in the Rust ecosystem, it presents challenges when integrating it into existing build systems. We evaluated two options:

1. Using cargo to build a staticlib before the modem builds. Then add the produced staticlib into the linking step.
2. Directly work with rustc and integrate the Rust compilation steps into the existing modem build system.

Option #1 does not scale if we are going to add more Rust components in the future, as linking multiple staticlibs may cause duplicated symbol errors. We chose option #2 as it scales more easily and allows tighter integration into our existing build system. Our existing C/C++ codebase uses Pigweed to drive the primary build system. Pigweed supports Rust targets (example) with direct calls to rustc through rust tools defined in GN.

We compiled all the Rust crates, including hickory-proto, its dependencies, and core, compiler_builtin, alloc, to rlib. Then, we created a staticlib target with a single lib.rs file which references all the rlib crates using extern crate keywords.

Build core, alloc, and compiler_builtins

Android’s Rust Toolchain distributes source code of core, alloc, and compiler_builtins, and we leveraged this for the modem. They can be included to the build graph by adding a GN target with crate_root pointing to the root lib.rs of each crate.

Pixel modem firmware already has a well-tested and specialized global memory allocation system to support some dynamic memory allocations. alloc support was added by implementing the GlobalAlloc with FFI calls to the allocators C APIs:

use core::alloc::{GlobalAlloc, Layout}; extern "C" { fn mem_malloc(size: usize, alignment: usize) -> *mut u8; fn mem_free(ptr: *mut u8, alignment: usize); } struct MemAllocator; unsafe impl GlobalAlloc for MemAllocator { unsafe fn alloc(&self, layout: Layout) -> *mut u8 { mem_malloc(layout.size(), layout.align()) } unsafe fn dealloc(&self, ptr: *mut u8, layout: Layout) { mem_free(ptr, layout.align()); } } #[global_allocator] static ALLOCATOR: MemAllocator = MemAllocator;

Pixel modem firmware already implements a backend for the Pigweed crash facade as the global crash handler. Exposing it into Rust panic_handler through FFI unifies the crash handling for both Rust and C/C++ code.

#![no_std] use core::panic::PanicInfo; extern "C" { pub fn PwCrashBackend(sigature: *const i8, file_name: *const i8, line: u32); } #[panic_handler] fn panic(panic_info: &PanicInfo) -> ! { let mut filename = ""; let mut line_number: u32 = 0; if let Some(location) = panic_info.location() { filename = location.file(); line_number = location.line(); } let mut cstr_buffer = [0u8; 128]; // Never writes to the last byte to make sure `cstr_buffer` is always zero // terminated. let (_, writer) = cstr_buffer.split_last_mut().unwrap(); for (place, ch) in writer.iter_mut().zip(filename.bytes()) { *place = ch; } unsafe { PwCrashBackend( "Rust panic\0".as_ptr() as *const i8, cstr_buffer.as_ptr() as *const i8, line_number, ); } loop {} } Link Rust staticlib

The Pixel modem firmware linking has a step that calls the linker to link all the objects generated from C/C++ code. By using llvm-ar -x to extract object files from the Rust combined staticlib and supplying them to the linker, the Rust code appears in the final modem image.

There was a performance issue we experienced due to weak symbols during linking. The inclusion of Rust core and compiler-builtin caused unexpected power and performance regressions on various tests. Upon analysis, we realized that modem optimized implementations of memset and memcpy provided by the modem firmware are accidentally replaced by those defined in compiler_builtin. It seems to happen because both compiler_builtin crate and the existing codebase defines symbols as weak, linker has no way to figure out which one is weaker. We fixed the regression by stripping the compiler_builtin crate before linking using a one line shell script.

llvm-ar -t <rust staticlib> | grep compiler_builtins | xargs llvm-ar -d <rust staticlib> Integrating hickory-proto Expose Rust API and calling back to C++

For the DNS parser, we declared the DNS response parsing API in C and then implemented the same API in Rust.

int32_t process_dns_response(uint8_t*, int32_t);

The Rust function returns an integer standing for the error code. The received DNS answers in the DNS response are required to be updated to in-memory data structures that are coupled with the original C implementation, therefore, we use existing C functions to do it. The existing C functions are dispatched from the Rust implementation.

pub unsafe extern "C" fn process_dns_response( dns_response: *const u8, response_len: i32, ) -> i32 { //... validate inputs `dns_response` and `response_len`. // SAFETY: // It is safe because `dns_response` is null checked above. `response_len` // is passed in, safe as long as it is set correctly by vendor code. match process_response(unsafe { slice::from_raw_parts(dns_response, response_len) }) { Ok(()) => 0, Err(err) => err.into(), } } fn process_response(response: &[u8]) -> Result<()> { let response = hickory_proto::op::Message::from_bytes(response)?; let response = hickory_proto::xfer::DnsResponse::from_message(response)?; for answer in response.answers() { match answer.record_type() { hickory_proto::RecordType:... => { // SAFETY: // It is safe because the callback function does not store // reference of the inputs or their members. unsafe { callback_to_c_function(...)?; } } // ... more match arms omitted. } } Ok(()) }

In our case, the DNS responding parsing function API is simple enough for us to hand write, while the callbacks back to C functions for handling the response have complex data type conversions. Therefore, we leveraged bindgen to generate FFI code for the callbacks.

Build third-party crates

Even with all features disabled, hickory-proto introduces more than 30 dependent crates. Manually written build rules are difficult to ensure correctness and scale poorly when upgrading dependencies into new versions.

Fuchsia has developed cargo-gnaw to support building their third party Rust crates. Cargo-gnaw works by invoking cargo metadata to resolve dependencies, then parse and generate GN build rules. This ensures correctness and ease of maintenance.

Conclusion

The Pixel 10 series of phones marks a pivotal moment, being the first Pixel device to integrate a memory-safe language into its modem.

While replacing one piece of risky attack surface is itself valuable, this project lays the foundation for future integration of memory-safe parsers and code into the cellular baseband, ensuring the baseband’s security posture will continue to improve as development continues.

Special thanks to Armando Montanez, Bjorn Mellem, Boky Chen, Cheng-Yu Tsai, Dominik Maier, Erik Gilling, Ever Rosales, Hungyen Weng, Ivan Lozano, James Farrell, Jeffrey Vander Stoep, Jiacheng Lu, Jingjing Bu, Min Xu, Murphy Stein, Ray Weng, Shawn Yang, Sherk Chung, Stephan Chen, Stephen Hines.

Dosažení hranice jedné miliardy uživatelů trvá dnes nepoměrně kratší dobu • Moderní aplikace umělé inteligence dokážou tento milník překonat nejrychleji • Pozor ale na odchylky v metodologii počítání stažení a uživatelů

Analysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defenders can patch them. [...]

Wii, jako jedna z nejúspěšnějších konzolí od Nintenda, toho za svoji dlouhou existenci zažilo už hodně. A teď na seznam přibyla další položka.

Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovered in an Open VSX extension named "specstudio.code-wakatime-activity-tracker," which masquerades as WakaTime, a Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

When voters in the forthcoming Hungarian election assess the current government, its record on internet security will not be one of its proudest achievements.

An analysis by open source investigation organization Bellingcat has revealed that the passwords for almost 800 Hungarian government email accounts are circulating online, many of them associated with national security. These breaches in security are not down to high-tech attacks but rather are the result of poor email hygiene among government employees. The security leaks were widespread: 12 out of 13 government departments were affected.

Hungarian Prime Minister Viktor Orban’s administration likes to present itself as firm protector of Hungarian borders, resisting foreign interference, but this doesn’t seem to apply to its computing prowess. Among those whose details were revealed were an officer responsible for information security and a counter-terrorism expert.

Bellingcat found that government officials have been using weak passwords such as variations of the word “Password” or the number sequence “1234567, while another simply used his surname.

The Hungarian government is not alone in its laxity.  Earlier this year, Specops found that 6 billion logins had been exposed online and found that number sequences and ‘password’ featured highly in the list of the most compromised logins.

The vulnerabilities inherent in the Hungarian example are a warning to all CSOs that they should be reminding their staff to tighten their security credentials. Many choose simple, short memorable passwords because they’re easy to remember but using a password manager or deploying passkeys will immediately strengthen employees’ ability to protect data.

This article first appeared on CSO.

Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. [...]

Six-hour breach turned trusted links into a coin toss between legit tools and credential stealers

Visitors to the CPUID website were briefly exposed to malware this week after attackers hijacked part of its backend, turning trusted download links into a delivery mechanism for something far less welcome.…

Amazon končí podporu nejstarších čteček e-knih. • Na Kindlech z let 2007 až 2012 již nepůjde kupovat a stahovat knihy. • Nestanou se z nich těžítka, soubory do nich půjde nahrávat ručně.

Microsoft Windows Insider members will soon have an easy way to select which new features they test. Until now, Windows Insiders have had to wait for Microsoft to randomly assign them news features for testing through its Controlled Feature Rollout program or enable the features themselves through third-party software such as ViVeTool.

The new Windows setting, Feature Flags, will be a boon for administrators of Microsoft products who want to get a handle on the innovations relevant to their enterprise. Microsoft has not officially announced the new functionality, but an eagle-eyed user spotted the Feature Flags setting buried in the latest Windows Insider software build.

Microsoft Windows design and research leader Marcus Ash responded congratulating the spotter on their speed, adding that he would be “Excited to share more about WIP settings next week.”

He followed that up with a post to a Microsoft blog that changes were on the way, saying that users will “ have more control” over features they care about.

The Windows Insiders who wish to delve into the new settings are out of luck for now: They are not enabled yet. But messages contained in the latest build of the software say “these features are still in development and may change” and that “turning them on or off could affect performance or stability.”

So, while there are plenty of hints about the forthcoming release, users will still have to wait for an official announcement from Microsoft and there is no indication as to when that will be.

Meta Platforms is reportedly pulling top software engineers from across the company into a newly created AI unit on a mandatory basis, with the stated goal of eventually having autonomous agents perform the bulk of the work of building, testing, and shipping its products, and human engineers serving only to monitor them.

The development was based on an internal company memo authored by Maher Saba, a vice president in Meta’s Reality Labs division and a longtime associate of Chief Technology Officer Andrew Bosworth, who leads the new Applied AI (AAI) Engineering organization, reported Reuters. According to the report, Saba created AAI last month and initially sought volunteers to join. This week, he told selected employees their transfers are no longer a choice.

“AAI is one of the company’s highest priorities and we’re resourcing it by moving our strongest talent to address it. Therefore, the transfers aren’t optional,” Saba wrote in the memo, the report added.

The unit’s mandate goes significantly beyond building AI productivity tools. According to the memo AAI’s stated end goal is for autonomous AI agents to perform the bulk of the work required to build, test, and ship Meta’s products and infrastructure with human engineers monitoring rather than executing.

Gartner predicts that AI agents will require 80% of the engineering workforce to upskill by 2027, and separately forecasts that 40% of enterprise applications will embed task-specific AI agents by year-end 2026, up from less than 5% in 2025.

“Meta’s move signals that AI is now being fundamentally positioned within engineering as a core execution infrastructure, rather than just as a productivity layer,” said Ishi Thakur, senior analyst at Everest Group. “Competitive advantage will hinge less on access to models and more on how deeply organizations can embed AI into real-world engineering workflows.”

But analysts caution that the path there is far from straightforward. “For Meta-scale firms, agent-led engineering is achievable only in tightly scoped domains today,” said Charlie Dai, VP and principal analyst at Forrester. “Before reducing hands-on developer responsibility, enterprises must establish robust evaluation harnesses, policy-as-code controls, deterministic build pipelines, and explicit human escalation paths.”

What AAI is building

AAI will work alongside Meta’s Superintelligence Lab, headed by former Scale AI CEO Alexandr Wang, to build what Saba described as “the data engine that helps our models get better, faster,” according to the report. The organization consists of two teams: one focused on interfaces and tooling, and a second responsible for executing tasks, generating data, and providing evaluations that feed back to Meta’s modeling teams.

“This reflects a growing belief that traditional management layers will become less relevant as AI absorbs coordination and execution tasks,” said Thakur. “Value is concentrated in high-skill individual contributors augmented by AI.”

Dai cautioned that the structure carries significant governance risk. “If provenance tracking, gated approvals, and automated security testing are not mandatory, AI-generated code can overwhelm oversight and erode accountability for quality, compliance, and audits,” he said.

On Meta’s Q4 2025 earnings call in January, CEO Mark Zuckerberg said 2026 would be “the year that AI starts to dramatically change the way that we work.” Susan Li, Meta’s chief financial officer, said on the same call that output per engineer had already risen 30% since the start of 2025, driven largely by AI coding agents, with power users recording an 80% year-over-year productivity increase.

For Meta, AAI is the next step in embedding that trajectory deeper into its engineering infrastructure.

Workforce reductions ongoing

Separately, Meta has been reducing its overall headcount in 2026. The company has already cut approximately 10% of its Reality Labs division in January, affecting around 1,000 employees, and laid off several hundred more in late March across recruiting, sales, global operations, and Facebook social teams.

Meta’s capital expenditure for 2026 is projected between $115 billion and $135 billion, nearly double its 2025 spend, driven by investments in data centers, chips, and AI infrastructure. The company formalized that infrastructure drive with the launch of Meta Compute, consolidating its global data center and network operations under a single leadership structure.

“The dominant barrier is organizational,” said Dai. “Enterprises have not yet redefined ownership, incentives, and liability when software is produced by agents. Until accountability frameworks catch up, leadership caution will continue to slow adoption.”

Thakur put it plainly: “The real constraint is no longer technological capability, but whether organizations can evolve their operating models fast enough to responsibly absorb this level of autonomy.”

Meta did not immediately respond to a request for comment.

A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. [...]

In the first quarter of 2026, 65.6 million PCs were sold worldwide, according to data released this week by IDC. That represents a 2.5% increase compared to the same quarter a year ago. The research firm attributed the increase to customers moving to buy PCs now ahead of expected significant price hikes.

The fact that computer sales are rising despite the uncertain global situation and a worldwide shortage of RAM is seen as a positive sign, but the industry faces uncertainty in the months ahead.

“The conflict in the Middle East has introduced a new layer of volatility to the fragile computer market, which is weighing on global logistics with a double-edged sword of rising energy and transportation costs,” Isaac Ngatia, senior research analyst, IDC Devices Research, said in a statement.

As usual, Lenovo, HP, and Dell were the top PC sellers, followed by Apple and Asus. The latter accounted for the largest increase — specifically, up 17.1%.

Just what FOSS developers need – a flood of AI-discovered vulnerabilities

Opinion  Anthropic describes Project Glasswing as a coalition of tech giants committing $100 million in AI resources to hunt down and fix long-hidden vulnerabilities in critical open source software that it's finding with its new Mythos AI program. Or as The Reg put it, "an AI model that can generate zero-day vulnerabilities."…