Agregátor RSS

Tech companies seem to be falling over each other these days in firing people to either replace them with AI or to pay to build AI infrastructure. Wouldn’t it be nice if they at least waited until AI actually worked for business?

On the one hand, top tech businesses such as Amazon, Block, Cisco, Cloudflare, and Meta have all announced that they’re slashing payrolls — either because AI can do the same work as people or they need the cash to build out their AI infrastructure. Isn’t that great? All together, of the 37,638 tech job cuts so far this year, 47.9% — almost half —  can be tracked back to AI. 

On the other hand, despite all the AI hype and hysteria, no one has yet proven that AI is, generally speaking, really all that helpful for businesses. Oh, I know, I know. You did great things with OpenClaw vibe programming. Microsoft’s CEO, Satya Nadella, claims 20% to 30% of the company’s code was written by AI. And Nvidia assures us that 88% of its surveyed customers report AI has increased their revenues. 

But really, what else would they say? “Dear Board, we just blew half a billion bucks on Nvidia GPUs, and we’re losing money hand over fist?” I don’t think so.

The truth is, as an IDC study reports, a mind-boggling 88% of proof-of-concept AI projects never reach production. Lest we forget, MIT’s The GenAI Divide: State of AI in Business 2025 study found that 95% of AI projects fail to deliver measurable P&L impact. 

Now, I have to acknowledge that AI is finally becoming truly helpful in business. As a guy who knows a thing or two about programming, Linus Torvalds, creator of Linux and Git, said at Open Source Summit North America, “I’m personally 100% convinced that AI is changing programming.” He estimates that “AI will increase your productivity by a factor of 10.” 

But is that reason enough to slash make workforce cuts of between 10% to 40%? (Short answer: No. Longer answer: Noooo!)

It’s not just the mass firings. Workers who are either awaiting the axe, or have escaped it for the moment, are miserable. As one Meta employee told The San Francisco Standard, “I tend to cry in the shower,” and, “A lot of my feelings about my job are about the general chaos and not just the layoffs. ” 

So, explain this to me: When everyone knows AI-driven layoffs are coming, exactly how well do you expect them to work? You really think they can give their best? 

Making matters worse, it’s an open secret that IBM, Google, and Meta are having their employees train their AI replacements. As a popular meme puts it, workers are now “building your own coffin.” Is it any wonder that a lot of people — 29% of all employees and 44% among Gen Z workers —  are deliberately sabotaging work when the boss insists they train their AI replacements?

It also sure doesn’t help office morale when the CEO keeps saying AI will replace half of all employees. A particularly egregious example of this was when Standard Chartered CEO Bill Winters proclaimed his bank would slash thousands of jobs and replace “lower-value human capital” with AI.  

He’s since backed off the claim, but come on — we all know he meant it. Just like all the other CEOs who’ve said similar things, between FOMO and the knowledge that AI job news is sure to make the stock price jump, they’re eager to cut headcounts and boast about how successful AI will make them. 

What happens a few quarters down the road? Their attitude today seems to be let  tomorrow take care of tomorrow. I hate to tell them, but that really doesn’t work in the long run. (Not, mind you, that a future much farther ahead than the next quarter seems to matter much anymore to business executives.)

It should. As a recent Deloitte study stated: “Most respondents reported achieving satisfactory ROI on a typical AI use case within two to four years. This is significantly longer than the typical payback period of 7seven to 12 months expected for technology investments. Only 6% reported payback in under a year, and even among the most successful projects, just 13% saw returns within 12 months.” 

AI, in short, is not the miracle cure for what ails businesses that its fans claim. 

Will that stop businesses? I doubt it. While I appreciate that California Gov., Gavin Newsom is trying to bandage the AI job bleedout by mandating studies on subsidizing companies to keep employees rather than replace them with AI, I doubt that will do much to staunch the wound. 

At the Open Source Summit North America, Linux Foundation CEO Jim Zemlin was optimistic about AI and jobs. He pointed out that, thanks to AI becoming  “pretty damn good coders,” the number of open-source projects on GitHub has led to a “surge of new code and projects.” 

Zemlin also believes that while few developers will write code, “engineers will still design, review, secure, and integrate that code.” (He’s referring to what’s becoming  known as forward-deployed engineers.) This, in turn, will supposedly lead to tech job growth. 

I’d feel a lot better about that prediction if I believed the C-suite suits at most companies were capable of truly forward-looking thinking rather than focusing entirely on hiking the stock price by making the next quarter look good through staffing cuts. 

In the long run, sure, AI will make us more productive. But, we’re not there yet. For now, companies need to keep employees happy, not shove AI down their throats — and work out carefully and thoughtfully how AI will really work for business. 

If ever there were a lawsuit in which a jury and judge should have ruled against both the accuser and the defendants, Elon Musk’s suit against OpenAI and Microsoft was it. 

The high-profile legal battle pitted the world’s richest man against a company worth more than $3 trillion, another that might soon launch a $1 trillion IPO, and tech execs claiming to have only the good of the world in mind, not mere filthy lucre, while they develop a technology some fear could eventually destroy humankind.

The lawsuit was eventually thrown out, but only on technical grounds. Meanwhile, unregulated AI marches on, with Musk, OpenAI and Microsoft all getting richer.

The only winner in this suit was hypocrisy. Here’s why.

Back to the beginning

To understand how this unfolded, we need to go back to OpenAI’s beginnings. The company was founded by current CEO Sam Altman, Musk and others in 2015 — back when AI was a niche technology, used primarily for image and speech recognition, robotics, and experiments in self-driving cars.

The founders funded OpenAI out of their own pockets as a nonprofit company aimed at developing AI for the good of the world. Then, as the technology evolved, Altman, Musk and others grew worried it might become so powerful that, without serious guardrails, it could pose a danger to humans. They feared what might happen if AI reached the level of a super-powerful artificial general intelligence (AGI) system, superior to humans on a variety of tasks, with general problem-solving skills rather than narrowly targeted ones – and the ability to think for itself rather than heeding humans. 

In an earlier version of Musk’s suit against OpenAI and Microsoft, Musk put their fears this way: “A.G.I. poses a grave threat to humanity — perhaps the greatest existential threat we have today.”

Early on, OpenAI wasn’t on many people’s radar. When Microsoft invested $1 billion in the company in 2019, few outside the tech industry took notice. Between 2021 and 2023 Microsoft invested $2 billion more, still without drawing a lot of attention.

Then in November 2022, OpenAI released ChatGPT, launching the generative AI (genAI) revolution — and all the disruption that has followed since. Eventually, as it became clear how important and valuable genAI technology would become, Microsoft’s investment ballooned to $13 billion.

Nonprofit no more

OpenAI insiders were convinced several years before ChatGPT’s release that the company could become tremendously profitable. With potentially trillions of dollars at stake, in 2017 they started looking for a way to turn the nonprofit operation into a for-profit company.

It was at that point, OpenAI says, that Musk pushed to gain majority equity in the company if it went public, take control of the board, and become CEO. When the other founders balked, Musk withheld funding.

Last year, OpenAI released copies of emails he sent to it during the height of their in-fighting. In one, in February 2018, he lobbied for the creation of a for-profit arm, pointing out that, “a for-profit pivot might create a more sustainable revenue stream over time and would, with the current team, likely bring in a lot of investment.” 

Musk then suggested that OpenAI “attach to Tesla as its cash cow.” When the other founders dismissed the idea, Musk threw a fit and quit the company. OpenAI went ahead and launched a for-profit arm, becoming a hybrid of a for-profit and nonprofit company in 2019.

Years later, in 2024, Musk filed suit, targeting OpenAI, Altman, OpenAI co-founder and president Greg Brockman, and Microsoft — accusing them of “stealing a charity” by creating the for-profit arm of OpenAI, and taking the $13 billion Microsoft investment. He claimed they had all illegally enriched themselves through the profit/nonprofit setup and sought $150 billion in damages. (OpenAI fired back last year with a counter suit.)

It took only two hours for the jury to rule against Musk, though the ruling didn’t address his actual claims. Rather, the suit was thrown out because it had been filed after the statute of limitations had run out.

Cynicism and hypocrisy win out

Everyone in this case was driven by venality. Altman portrayed himself as only wanting to develop AI to help humanity — and as evidence, pointed out he has no equity in OpenAI. What he neglected to add, though, is that he has more than a $2 billion stake in companies that have deals with OpenAI, and stands to gain billions more if those deals grow after any IPO.

Microsoft, meanwhile, has used its investments in OpenAI to become a multi-trillion-dollar company. And if, as expected, OpenAI becomes a trillion-dollar company when it files its IPO later this year, Microsoft’s 27% ownership stake in the company would make it $270 million richer. That’s not a bad payoff for turning a blind eye to the way in which OpenAI performed a bait-and-switch from nonprofit to for-profit company. 

As for Musk…, well, what can you say about someone who claims he wants to save humankind from the evils of AI, while at the same time lobbying for OpenAI to become a for-profit company and milking it like a cash cow? 

He’s shown he’s not only the world’s wealthiest man. He’s also the world’s most hypocritical. 

Sociální sítě používají miliardy lidí a stále jim věnují přes dvě hodiny času denně. Přesto se po letech růstu začíná ukazovat, že nekonečné scrollování možná narazilo na svůj strop. Statistiky také ukazují, že sociální sítě už nejsou jen zábava, ale jeden z určujících fenoménů moderní společnosti.

Ministerstvo dopravy vybralo finální podobu Suchdolského mostu • Šestipruhový dálniční most dlouhý 606 metrů spojí Sedlec se Zámky • Unikátní konstrukce bez pilířů v údolí vyjde na tři a půl miliardy korun

Po roce o prvních zprávách o výrobě Zen 7 na A14 procesu TSMC a vydání v roce 2028 přichází nezávislé zdroje, které to potvrzují. CEO AMD Lisa Su navštívila firmy, které výrob Zen 7 zajistí…

Lazygit byl vydán ve verzi 0.62.0. Jedná se o TUI (Text User Interface) nadstavbu nad gitem.

Jiří Eischmann se v příspěvku na svém blogu o rozepsal o tom, kam se vyhledávání v jeho očích posledních 10 let posunulo, jaké má zkušenosti s AI vyhledáváním, proč na něm nechce záviset a jaké vyhledávací služby ho v poslední době zaujaly.

Microsoft is previewing a new automatic device isolation capability in Defender for Endpoint’s auto attack disruption tool to help security pros contain cyber attacks in progress on their IT networks.

The company announced the capability earlier this month in a column about new features in Defender. There’s no word on when automatic device isolation will be in full production.

However, a new SANS Institute research paper warns that, in certain conditions, an attacker could leverage the new function to disable all user accounts.

The lesson, said Johannes Ullrich, the institute’s dean of research, is that autonomous AI action tools have to be tuned and tested like any other automation capability.

“Automatic isolation and attack disruption are not new concepts,” Ullrich said in an email, “but ideas like these have been used in the past in open source and commercial tools. This feature is most important in organizations with under-resourced IT security teams, as it automates attack response. However, these features must be carefully tuned. If they are left unconfigured, attackers can use them to delay response by disrupting accounts used by administrators.”

Nonetheless, in today’s environment, tools like these are important. Robert Enderle, IT consultant and head of the Enderle group, noted that modern automated malware and ransomware attacks move at machine speed, which means human response times are effectively obsolete.

By the time an analyst even sees a red flag, he said, the attacker has already established persistence or started encrypting files. Microsoft’s automatic device isolation acts as “a rapid, logical air gap. It instantly severs the device’s network connections, cutting off the attacker’s command and control (C2) and halting data exfiltration dead in its tracks. You have to bring an automated defense to an automated fight.”

He said a secondary benefit, often the more critical one for enterprise survival, is containing the blast radius. Attackers invariably use a compromised PC as a beachhead to move laterally across the corporate network, hunting for higher-value targets like domain controllers, he pointed out.

“By instantly quarantining that initial endpoint, you trap the threat where it stands. You ensure a single compromised laptop doesn’t metastasize into an enterprise-wide catastrophe,” he said.

There’s also is a massive forensic advantage, Enderle added. “In the old days, the instinct was often to literally pull the power plug, which destroys critical volatile memory, or physically yank the network cable, which completely blinds your remote security team. Logically isolating the device while maintaining a secure lifeline to security services preserves the crime scene. It prevents the attacker from deploying wiper malware or destroying logs, and it gives the Security Operations Center (SOC) the breathing room they need to safely investigate and remediate the machine without the panic of an actively spreading infection.”

How automatic attack disruption works

Automatic attack disruption is offered to organizations that subscribe to Microsoft Defender XDR, a unified cloud-based security suite that detects and investigates cyberattacks against PC, server, and IoT endpoints. It also manages hybrid identities and protects email and collaboration tools. As such, it correlates data to identify and respond to attacks.

The soon-to-be-delivered auto-isolation capability blocks most network traffic while keeping the device connected to security services. The action is time-limited and scoped to the incident, Microsoft said; security operators can release isolation at any time.

The broad automatic attack disruption capability uses AI to limit attackers’ lateral movement. “Attack disruption uses the full breadth of our extended detection and response (XDR) signals, taking the entire attack into account to act at the incident level,” Microsoft said in a detailed column describing the tool. “This capability is unlike known protection methods such as prevention and blocking based on a single indicator of compromise.”

To use automatic attack disruption, IT has to, at the least, enable Microsoft Defender for Endpoint Plan 2. It becomes more effective if Defender for Identity, Defender for Office 365 and Defender for Cloud apps are also deployed. Admins also have to configure appropriate permissions and monitoring.

Possible operational disruption

The SANS Institute’s academic paper by student Marcio Enriquez noted that AI systems that perform autonomous decisions like containment do improve response times and scalability. But they also rely on threshold-based logic derived from telemetry. “Even when operating on enterprise-wide data, they do not consistently account for system-level impact in their enforcement decisions,” the paper said, and thus can cause unintended disruptions when activated at scale. “This creates a gap between the need for rapid defensive actions and the organization’s ability to maintain operational continuity.”

It examined that gap by evaluating how threshold-driven autonomous containment actions can result in what it refers to as “large-scale operational disruption.”

Enriquez saw an example of this during a real security incident in the spring of 2025. A user in an organization was fooled by a phishing message and entered their credentials on a malicious website. Defender detected this, and within minutes initiated automated containment measures, including disabling the affected account, forcing a password reset and restricting logins across multiple managed devices.

However, because security analysts didn’t realize this was automated enforcement, they initially thought there had been lateral movement or widespread compromise. That triggered an emergency escalation involving security leadership, until further investigation realized that the propagation of containment controls was due to Defender.

“The event demonstrates the effectiveness of autonomous containment in rapidly interrupting active threats,” wrote Enriquez. “At the same time, it illustrates how automated response actions can generate enterprise-wide operational effects that are not immediately transparent to human operators.”

Could be weaponized

To test the ability of a threat actor to take advantage of a weakness in Defender XDR’s automatic attack disruption capability, Enriquez created a hybrid enterprise environment with 18 “users” and executed adversarial activity simulating hands-on-keyboard behavior across multiple identities to trigger high-confidence detection thresholds in Defender, through an attack tactic he calls Autonomous Defense Induced Disruption (ADID). In essence, it tricks the automatic disruption capability of Defender into giving a high-confidence score that the network is under attack.

“The results showed that when detection confidence thresholds were met, automated actions disabled all [18] Active Directory identities, including the local domain administrator, rendering the domain inaccessible,” Enriquez wrote.

“The research highlights the need for governance controls, privilege-aware safeguards, and system-level constraints to prevent autonomous containment from causing operational disruption,” he concluded.

Microsoft guidance: Keep auto attack disruption enabled

A Microsoft spokesperson said that the company has no comment on the research paper.

However, they said that Microsoft’s guidance is to keep automatic attack disruption enabled by default. “Opting out materially increases risk, particularly for multi-domain, multi-stage attacks such as HumOR [human intelligence operations, like social engineering], BEC [business email compromise] and AiTM [adversary in the middle], where even minutes of additional dwell time can translate into significant business impact.”

“At the same time,” Microsoft noted, “we recognize that security teams require control over autonomous actions. That’s why the capability is designed with granular controls. Security administrators can tune automation levels by device group and selectively exclude users, devices, or IP ranges based on operational needs. The recommended approach is targeted, intentional configuration, not a blanket opt-out. Customers retain full visibility into actions taken and have the ability to reverse automated responses at any time.”

This article originally appeared on CSOonline.

Wayland kompozitor Labwc byl vydán ve verzi 0.20.0. Labwc je inspirován správcem oken Openbox. Postavený je na wlroots.

Linux Kernel - Local Privilege Escalation

Casdoor 3.54.1 - Arbitrary File Write via Path Traversal

EspoCRM 9.3.3 - SSRF

scramble - Remote Code Execution

MeiG Smart FORGE_SLT711 - OS Command Injection

Realtek rtl819x - Local Privilege

OpenCATS 0.9.7.4 - SQL Injection

For years, most software supply chain attacks focused on malicious dependencies and vulnerable open-source packages. Recent GitHub Actions compromises exposed a different problem entirely. Attackers increasingly target the automation systems responsible for building, testing, and deploying software because those systems often hold broader operational access than the applications themselves.

The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move.