Investment Details and Partnerships

The investment will fund the expansion of Microsoft's cloud and AI infrastructure in Japan, with a particular focus on GPU-based computing services delivered through Azure. To this end, Microsoft announced new partnerships with Japanese telecom and cloud providers Sakura Internet and SoftBank. These collaborations will offer AI computing services while ensuring that all data remains resident in Japan, addressing one of the key concerns of the Japanese government: data sovereignty.

Microsoft also pledged to continue its work with the National Police Agency (NPA) to combat cybercrime and improve early detection of cyberattacks. The company's vice chair and president, Brad Smith, stated: "Japan's economic security priorities require partnerships with technology providers that operate at the level of national institutions. As AI and cloud technologies become more central to cybersecurity, Microsoft will apply its global experience with public-private partnerships to support the adoption of AI and secure cloud solutions in Japan."

Workforce Training and AI Adoption

A core component of the investment is a massive upskilling initiative. By 2030, Microsoft aims to train more than 1 million engineers, developers, and AI-skilled workers across Japanese industry. This goal addresses Japan's acute shortage of talent in AI and robotics, which the Ministry of Economy, Trade and Industry (METI) estimates will reach a deficit of 3.26 million workers by 2040. The training will focus on both technical skills and cybersecurity expertise, which are critical for Japan's long-term growth.

Japan's AI adoption has historically lagged behind other developed economies. According to Microsoft's "Global AI Adoption in 2025" report, only about 20% of working-age Japanese people had used generative AI tools in the second half of 2025, an increase from one in six earlier that year, but still placing Japan outside the top 30 countries globally. The government of Prime Minister Sanae Takaichi has made science and technology a national priority, committing more than $380 billion (¥60 trillion) over five years to drive progress. Microsoft's investment aligns with this strategy.

The Sovereign AI and Data Residency Trend

Japan is the latest nation to attract major hyperscaler investment as part of a broader "sovereignty wave." Countries are increasingly concerned about data residency, especially after the United States' Clarifying Lawful Overseas Use of Data (CLOUD) Act, which permits US law enforcement to demand access to data held by American cloud providers, even if that data is stored overseas. This has spurred demand for local infrastructure and sovereign cloud services that keep data within a country's jurisdiction and under its laws.

Dario Maisto, a senior analyst at Forrester Research covering cloud sovereignty, notes that "there is a sovereignty wave going on, which means hyperscalers around the world might see competition and challenges from [companies] that they may not normally encounter. CIOs are telling us these days, 'We are not going hyperscalers-first, hyperscaler-only anymore.'"

Microsoft has already invested more than $2.9 billion in Japan since 2024, including workforce training. The new $10 billion pledge more than triples that commitment. The company has also announced significant investments elsewhere in the region: $17.5 billion in India, $5.5 billion in Singapore, and Google pledged over $15 billion for an AI hub in Visakhapatnam, India. Amazon has similarly committed tens of billions of dollars across Asia through its AWS division.

Cybersecurity as a Pillar of Data Sovereignty

Cybersecurity is intrinsically linked to data sovereignty and AI sovereignty. The Forrester analyst explained: "We are seeing sovereign services coming with more advanced cybersecurity measures — think, for example, self-sovereign identity of access management. The clients keep ownership of their data, so [they] don't need to hand the data to an identity access management provider." This approach mitigates risks associated with foreign jurisdictions and ensures that sensitive data remains under domestic control.

Microsoft's pledge to work with the NPA on cybercrime and attack detection underscores the security dimension. The NPA has been actively modernizing its cybersecurity capabilities, and the partnership aims to improve early warning systems and incident response. Given the rising sophistication of cyber threats targeting critical infrastructure and government systems, such cooperation is vital.

Historical Context: Microsoft's Previous Investments in Japan

Microsoft's engagement with Japan dates back decades. The company opened its first Japanese office in 1986 and has since grown to be one of the largest foreign technology employers in the country. In 2024, the company committed $2.9 billion for cloud infrastructure and AI training, which included the establishment of a Microsoft AI Co-Innovation Lab in Tokyo. That lab has since supported dozens of startups and enterprise customers in developing AI-powered solutions for manufacturing, healthcare, and finance.

The new $10 billion investment builds on these foundations. It will fund additional data center capacity in key metropolitan areas, including Tokyo, Osaka, and potentially secondary hubs. The GPU-based services promised through Azure will enable Japanese companies to run large-scale AI workloads without sending data abroad, a critical requirement for industries like finance, defense, and pharmaceuticals that must comply with strict data protection regulations.

Japan's AI and Cybersecurity Challenges

Japan faces a unique set of challenges in adopting AI and strengthening cybersecurity. The country's aging population is shrinking the labor force, making automation and AI essential for maintaining economic productivity. However, cultural and organizational resistance to change, combined with a cautious regulatory environment, has slowed adoption. The government's "Society 5.0" initiative aims to integrate AI, IoT, and robotics into every sector, but progress has been uneven.

Cybersecurity is another area of concern. Japan has experienced several high-profile cyberattacks in recent years, including breaches of government agencies, critical infrastructure operators, and major corporations. The 2020 breach of the Japan Pension Service exposed personal data of millions of citizens, while a 2023 ransomware attack on a Japanese port caused widespread disruption. These incidents have emphasized the need for stronger public-private partnerships and advanced threat detection capabilities.

Microsoft's investment directly addresses these issues by providing both the infrastructure and the expertise needed to upskill the workforce and enhance defensive capabilities. The company's experience in running global cybersecurity operations — including its Digital Crimes Unit, Microsoft Threat Intelligence, and Azure Security Center — offers Japanese partners access to best practices that have been developed in cooperation with governments worldwide.

Competitive Landscape and Regional Dynamics

Microsoft is not alone in its pursuit of the Japanese market. Amazon Web Services (AWS) has invested heavily in Japan, operating multiple Availability Zones and partnering with local enterprises. Google Cloud is also expanding its Tokyo region and recently announced a data residency pledge for Japanese customers. However, Microsoft's $10 billion commitment is the largest single investment by a hyperscaler in Japan's AI and cybersecurity ecosystem to date.

This competition reflects the strategic importance of Japan as a hub for technology in Asia. With a GDP of over $4 trillion, Japan is the world's third-largest economy and a leader in automotive, electronics, and robotics. The country's advanced digital infrastructure and high internet penetration make it an attractive market for cloud services, while its regulatory focus on data sovereignty creates demand for localized solutions.

Beyond Japan, the broader Asia-Pacific region is witnessing a surge in sovereign data center investments. Governments in India, Singapore, Indonesia, and South Korea are implementing data localization policies that require cloud providers to store and process data within national borders. As a result, hyperscalers are racing to build new data centers and form partnerships with local telecommunications and infrastructure companies.

Microsoft's Japan investment is also significant because it includes a strong emphasis on cybersecurity partnerships with law enforcement. This is relatively rare in the hyperscaler market, where most deals focus on infrastructure and AI services. By integrating cybersecurity cooperation, Microsoft is positioning itself as a trusted partner for national security, which could help it win future government contracts in Japan and beyond.

Implications for the Global AI Race

The $10 billion investment underscores the intensifying global competition for AI dominance. Nations that can attract hyperscaler investments, build robust AI ecosystems, and train large pools of skilled workers will be better positioned to lead in the next wave of technological innovation. Japan's decision to partner with Microsoft rather than relying solely on domestic champions like NEC or Fujitsu indicates a pragmatic approach that leverages international expertise while maintaining control over sensitive data.

At the same time, the investment raises questions about the balance between foreign involvement and local autonomy. Critics argue that relying on US-based hyperscalers for critical AI and cloud infrastructure could create dependencies that undermine sovereignty in the long run. However, proponents counter that partnerships with global leaders accelerate technology transfer and workforce development, ultimately strengthening national capabilities.

Microsoft's announcement did not specify the exact breakdown of the $10 billion among infrastructure, training, and cybersecurity programs. The company declined to provide further clarifications when approached for this article. However, published statements from the Japanese government indicate that both AI acceleration and cyber resilience are top priorities. Prime Minister Takaichi emphasized that "strengthening Japan's long-term growth potential remains a key priority," and that the partnership with Microsoft will help achieve that goal.

Technical Aspects of the Investment

From a technical perspective, the investment will likely fund the deployment of advanced hardware, including NVIDIA GPUs and Microsoft's own Azure Maia AI accelerators, to support high-performance computing workloads. The new data centers will be designed for energy efficiency, a critical concern in Japan where energy costs are high and sustainability goals are ambitious. Microsoft has committed to being carbon negative by 2030, and its Japanese data centers will run on 100% renewable energy wherever possible.

The partnership with Sakura Internet and SoftBank will combine Microsoft's Azure platform with these companies' local network infrastructure and customer relationships. SoftBank, in particular, has been a key player in Japan's tech ecosystem through its ownership of Arm Holdings and its investments in AI startups. Sakura Internet is a leading cloud provider in Japan, offering IaaS and managed services to enterprises. Together, they will deliver GPU clusters that meet the stringent security and performance requirements of Japanese customers.

On the cybersecurity front, Microsoft will deploy its Sentinel SIEM and XDR solutions to help the NPA detect and respond to threats more quickly. The company's threat intelligence feeds, which analyze data from trillions of signals worldwide, will be integrated into Japan's national cyber defense infrastructure. This level of integration is unprecedented for a foreign company in Japan, signaling a high degree of trust between Microsoft and the Japanese government.

Long-term Outlook

The success of Microsoft's investment will depend on execution and the ability to adapt to Japan's unique cultural and regulatory environment. Workforce training programs must be designed in collaboration with Japanese universities and vocational schools to ensure relevance and accessibility. Cybersecurity partnerships must respect privacy laws and operate transparently to gain public trust.

If successful, the initiative could serve as a model for other countries seeking to balance technological advancement with data sovereignty. Asia-Pacific nations facing similar challenges will watch closely, and Microsoft's approach in Japan may influence future investments in South Korea, Taiwan, Australia, and Vietnam. The competition among hyperscalers to provide sovereign AI and cloud services is only just beginning, and Japan is now at the center of this global shift.

Source: Dark Reading News

In a move that has captured the attention of the cybersecurity world, Anthropic has unveiled Claude Mythos Preview, a general-purpose large language model (LLM) that the company says exhibits extraordinary capabilities in computer security tasks. According to Anthropic's April 7 announcement, Mythos can identify and exploit zero-day vulnerabilities in every major operating system and every major web browser, including subtle and difficult-to-detect flaws. One notable example involved a patched 27-year-old OpenBSD vulnerability. The model can chain multiple vulnerabilities together to achieve sandbox escapes and remote code execution, as demonstrated by an exploit that linked four browser flaws with a complex JIT heap spray to escape both renderer and OS sandboxes.

The company emphasizes that these security capabilities emerged as a downstream consequence of improving Mythos's general code understanding and reasoning abilities, rather than being an explicit design goal. "The same improvements that make the model substantially more effective at patching vulnerabilities also make it substantially more effective at exploiting them," Anthropic stated in its blog post. This dual-use nature has sparked urgent discussions about how to keep such powerful tools out of the hands of threat actors.

Anthropic asserts that it has already identified thousands of high-risk and critical vulnerabilities through Mythos, which it is responsibly disclosing to affected vendors. To accelerate defensive applications, the company has launched Project Glasswing, a $100 million initiative that provides Mythos Preview access to over 40 organizations, including major players like Apple, AWS, Microsoft, Palo Alto Networks, and CrowdStrike. Additionally, Anthropic is donating $4 million to open source security organizations. Lee Klarich, chief product and technology officer of Palo Alto Networks, described early Mythos results as "compelling" in a LinkedIn post, though specific findings were not detailed.

The Historical Context: From Cobalt Strike to AI-Powered Exploitation

The challenge of keeping offensive security tools out of the wrong hands is not new. Legitimate penetration testing frameworks such as Cobalt Strike, Metasploit, and Brute Ratel have long been abused by threat actors for malicious purposes. These tools were designed for authorized security assessments, but their availability on underground forums and through leaked copies has fueled ransomware operations and advanced persistent threats. Mythos Preview presents a similar, but amplified, risk: its natural language interface makes sophisticated exploitation accessible even to individuals without deep security engineering expertise.

Anthropic's approach mirrors industry trends where AI models are increasingly capable of automating complex security tasks. For example, recent research from organizations like Google Project Zero and Microsoft Security Response Center has shown that LLMs can assist in vulnerability discovery, but Mythos appears to take this a step further by autonomously writing and chaining exploits. The model allegedly split a 20-gadget Return-Oriented Programming (ROP) chain over multiple packets to exploit a FreeBSD NFS server, granting root access to unauthenticated users. Such capabilities, if verified, represent a significant leap in automated exploitation.

Expert Skepticism and the Need for Independent Validation

Despite Anthropic's bold claims, the security community has greeted the announcement with a mixture of excitement and skepticism. Julian Totzek-Hallhuber, senior principal solution architect at Veracode, pointed out that independent replication is impossible when the model isn't publicly available. "Anthropic controls both the model and the narrative," he said. "Until independent researchers with access can run their own evaluations, healthy skepticism is the appropriate posture." The lack of transparency around false positive rates, error margins, and the specific vulnerabilities discovered has led some analysts to urge caution.

Forrester senior analyst Erik Nost offered a more strategic perspective, suggesting that the announcement serves multiple purposes for Anthropic. "It's good PR – the company is essentially saying its AI is so good it can reshape cybersecurity and software development," Nost explained. "Secondly, it calls attention to the vulnerability detection gaps the industry has dealt with for 30 years." He noted that while controls such as access restrictions and partner vetting are in place, the real challenge is keeping pace: "It's a race for defenders to remediate and patch before other AIs, in the wrong hands, discover these zero-days and rapidly write exploits."

Melissa Ruzzi, director of AI at AppOmni, echoed a universal truth in cybersecurity: "No one can ever keep anything 100% out of attackers' hands. The best that can be done is to make it more difficult for them to get access to it." This sentiment underscores the inherent limitations of any controlled release, particularly when the underlying technology could be replicated or reverse-engineered by sophisticated adversaries.

Implications for Vulnerability Management and Defensive Strategies

The emergence of exploit-writing AI forces a fundamental rethinking of vulnerability management practices. Traditional approaches, which rely on periodic scanning, manual patch deployment, and CVSS scoring, may prove inadequate in an environment where AI can discover and weaponize flaws in hours rather than weeks. Totzek-Hallhuber recommended that defenders invest in detection rather than just prevention, identify behavioral signatures of AI-assisted exploitation, and adopt zero-trust architectures alongside aggressive patching cycles and anomaly-based detection.

Project Glasswing represents a collaborative attempt to shift the balance toward defense. By granting limited access to trusted partners, Anthropic hopes to accelerate the identification and remediation of vulnerabilities before they can be exploited maliciously. However, the initiative has its own set of challenges. The restricted access model means that only a select group of organizations can test and validate Mythos's capabilities, and the findings remain largely opaque to the broader security community. This has led to calls for more independent audits and shared benchmarks.

Another concern is that adversaries may develop their own AI models with similar exploit-writing abilities, possibly using stolen or publicly available research. The race between offensive and defensive AI is not new – it has played out in areas like deepfake detection, adversarial machine learning, and automated penetration testing – but the stakes are particularly high here because zero-day exploits can command six- or seven-figure prices on the gray market. If Mythos-like capabilities become commoditized, the cost of launching sophisticated attacks could plummet.

Anthropic has not yet responded to requests for statistics regarding false positives and error rates, which would help the community assess the reliability of its claims. Until such data is provided, many experts recommend adopting a posture of "trust but verify," with an emphasis on verification. The company's decision to commit $100 million in usage credits and $4 million in direct donations signals a serious intent to invest in defensive applications, but it does not eliminate the underlying dual-use dilemma.

Looking ahead, the cybersecurity industry may need to develop new frameworks for AI governance that go beyond access controls. These could include real-time monitoring of AI usage patterns, usage caps, mandatory disclosure requirements for discovered vulnerabilities, and possibly international treaties or norms similar to those that govern chemical weapons or cyber espionage. While such measures are unlikely to completely prevent misuse, they could raise the bar for adversaries and buy time for defenders.

In the meantime, organizations should begin preparing for an era where AI-driven exploitation is the norm. This means updating incident response playbooks, training teams to recognize AI-generated attack patterns, and investing in proactive defense mechanisms such as runtime application self-protection (RASP) and automated patch management. The era of AI-powered security is no longer a distant future – it is arriving today, with all the promise and peril that entails.

Source: Dark Reading News

Grafana is deployed by thousands of enterprises to track financial, telemetric, operational, infrastructure, and customer data. Because it sits at the heart of an organization's most valuable information assets, any compromise could have far-reaching consequences. The GrafanaGhost vulnerability exploited the way Grafana's AI assistant processes user-provided content, particularly from web pages and data sources.

How GrafanaGhost Works

The attack vector leveraged indirect prompt injection, a technique where malicious instructions are embedded in content that an AI system later retrieves and acts upon. In this case, an attacker could hide malicious instructions on a web page under their control. When a Grafana user accessed that page — or when the AI assistant ingested content from it — the AI would interpret those instructions as legitimate commands and execute them without the user's knowledge.

Noma researchers found that image tags within Grafana's Markdown renderer were a viable entry point. Although external images had security protections, the team bypassed them using protocol-relative URLs to circumvent domain validation and the special keyword "INTENT" to disable the AI model's guardrails. Once the malicious image tag began loading, the AI assistant would promptly follow the hidden instructions, which could include sending sensitive data from the current dashboard back to an attacker-controlled server.

Importantly, the attack did not require the user to click a suspicious link or explicitly approve any action. As Noma's security research lead Sasi Levi explained, the payload could be stored in a location — such as a log entry or a shared dashboard — that Grafana's AI components would later retrieve and process automatically. When any user performed a routine interaction like browsing logs, the AI would silently trigger the exfiltration.

The core technical issue enabling GrafanaGhost has been patched by Grafana Labs, which released a fix promptly after responsible disclosure. However, the two parties disagree on the severity and user interaction required.

Grafana's Response and the Dispute

Grafana Labs chief information security officer (CISO) Joe McManus acknowledged the issue, stating that Noma's research highlighted a problem with the image renderer in Grafana's Markdown component, which was quickly patched. However, he disputed Noma's characterization of the attack as "zero-click" and claimed that successful exploitation would have required significant user interaction.

"Any successful execution of this exploit would have required the end user to repeatedly instruct our AI assistant to follow malicious instructions contained in logs, even after the AI assistant made the user aware of the malicious instructions," McManus wrote. He also emphasized that there is no evidence of exploitation in the wild and that no data was leaked from Grafana Cloud.

Noma's Levi countered those statements. He told reporters that the exploit requires fewer than two steps and that the AI never surfaced any warning to the user about the presence of malicious instructions in the entry log. "There was no alert, no flag, no prompt asking the user to confirm. The model processed the indirect prompt injection autonomously, interpreting the log content as legitimate context and acting on it silently, without restriction, and without notifying the user that anything unusual was occurring," Levi said. "The user had no visibility into what was happening in the background and no opportunity to intervene."

Levi reaffirmed Noma's respect for Grafana's quick patch but insisted that their research accurately describes the mechanics. "We respect Grafana's quick response to the patch and their commitment to user security. But we can't let an inaccurate characterization of the exploit mechanics stand unchallenged," he added.

Broader Implications for AI Security

GrafanaGhost is a stark reminder of the growing threat landscape around large language models (LLMs) and AI assistants embedded in enterprise software. Indirect prompt injection attacks have become a major concern because they exploit the trust that models place in user-supplied content. Unlike direct prompt injection, where an attacker explicitly inputs malicious instructions, indirect injection hides them in data that the AI processes naturally — such as log files, web pages, or documents.

Such attacks are difficult to defend against because the AI model cannot easily distinguish between benign data and malicious instructions. Security researchers have demonstrated similar vulnerabilities in other AI-powered platforms, including chatbots, code assistants, and data analytics tools. The GrafanaGhost case highlights the need for robust input validation, content sanitization, and guardrails that prevent AI models from executing untrusted commands.

Enterprises using Grafana should ensure they have applied the latest patch and review their AI assistant configuration for any customizations that might lower security. Security teams should also monitor for unusual outbound data flows that could indicate exfiltration attempts.

The vulnerability was discovered by Noma Security, a vendor specializing in AI security. Their research focused on finding where users could potentially interact with Grafana's AI components, as any user-facing surface is an opportunity for prompt injection. After troubleshooting, they identified image tags as the weak link and devised the bypass techniques that made GrafanaGhost effective.

Grafana Labs has a history of responding quickly to security issues. This incident reinforces the importance of coordinated disclosure between security researchers and vendors. Both parties agree that the patch is effective, and users are urged to update their installations immediately.

As AI continues to integrate deeper into enterprise tools, the line between safe content and malicious prompts will only become blurriers. The GrafanaGhost episode serves as a case study for how even well-defended platforms can fall victim to indirect prompt injection, and it underscores the need for ongoing vigilance, regular patching, and transparent communication between researchers and product teams.

For now, the immediate threat is neutralized. But the underlying challenge — building AI systems that can safely handle untrusted content — remains an open problem that will occupy security professionals for years to come.

Source: Dark Reading News

Security researchers first detected the activity on April 2, but subsequent analysis revealed it began nearly three weeks earlier, on March 11. The attacker executed the campaign in six distinct waves, using six different GitHub accounts that were linked to a single threat actor. The operation is the second in as many months where AI-assisted automation was used to systematically probe for the same vulnerability, following a late-February campaign known as "hackerbot-claw."

How the Attack Worked

The pull_request_target trigger in GitHub Actions is designed to run workflows automatically when a pull request is created, even if the request originates from an untrusted fork. When properly configured, this feature can streamline development workflows. However, if used without restrictions, it grants workflows full repository permissions and access to stored secrets—making it a prime target for attackers.

In the prt-scan campaign, the attacker first scanned GitHub for repositories that had enabled pull_request_target without adequate safeguards. They then forked those repositories, created a new branch, and injected malicious code disguised as a routine update. The malicious payload was designed to steal GitHub tokens, environment variables, cloud credentials, and other sensitive data when the workflow executed automatically.

Unlike the earlier hackerbot-claw campaign, which focused on high-profile repositories and shorter attack windows, prt-scan was significantly broader. The attacker targeted both small hobbyist projects and larger open-source initiatives, opening well over 500 pull requests. Despite the wide net, fewer than 10% of the exploitation attempts succeeded—however, that still amounted to dozens of compromised repositories.

AI-Augmented Automation: A New Threat Vector

The most concerning aspect of the prt-scan campaign is the apparent use of AI to automate the targeting and exploitation process. Researchers observed a dramatic acceleration in attack velocity after an initial testing phase. From March 11 to March 16, the attacker opened only 10 malicious pull requests. After a two-week hiatus, activity resumed with a surge: over a 26-hour period starting April 2, the attacker opened approximately 475 pull requests containing a sophisticated credential-stealing payload.

This pattern suggests the attacker used automated scripts—likely enhanced by generative AI or large language models—to rapidly generate and deploy malicious pull requests across hundreds of targets. Such AI augmentation reduces the time and effort required to launch large-scale supply chain attacks, enabling even low-sophistication threat actors to execute campaigns that would have previously been impractical.

A Flawed but Effective Playbook

Despite the ambitious design of the payload, security researchers noted that the actual attack implementation contained significant flaws. The multi-phase payload attempted to steal credentials in a complex but poorly executed manner, reflecting a misunderstanding of GitHub's permission model. Some techniques used by the attacker were described as "illogical" by experts and unlikely to work in practice.

Nonetheless, the flawed approach still yielded positive results. The attacker successfully compromised at least two NPM packages and exfiltrated secrets from dozens of projects. In most cases, only ephemeral GitHub credentials tied to workflow runs were exposed, limiting access to production infrastructure or persistent API keys. However, even limited credential exposure can be leveraged for further attacks, including account takeover or lateral movement.

Evolution of the Attack: From Testing to Automation

The attacker's behavior evolved throughout the campaign. The initial phase (March 11-16) appears to have been a testing period, with only a handful of pull requests submitted to validate the attack chain. After a nearly two-week pause, the attacker resumed operations with a much higher tempo, indicating they had refined their methodology and deployed automated tools.

Researchers identified the six GitHub accounts used in the campaign and confirmed they were all controlled by the same actor through overlapping infrastructure and code patterns. The accounts were registered shortly before the campaign began and exhibited similar behaviors, including the use of identical commit messages and file structures. This level of coordination further supports the conclusion that the attack was automated and AI-assisted.

Implications for Open-Source Security

The prt-scan campaign highlights a growing trend: attackers are using AI to lower the barrier to entry for complex supply chain attacks. Instead of manually crafting exploits for individual targets, they can now automate reconnaissance, exploit development, and delivery at scale. Open-source projects that rely on GitHub Actions without proper security controls are particularly vulnerable.

Developers and maintainers should review their use of the pull_request_target trigger and ensure that workflows do not run with elevated permissions on untrusted pull requests. Best practices include using the pull_request trigger instead when possible, applying strict access controls, and avoiding the use of repository secrets in automated workflows that execute code from forks. Security vendors have shared indicators of compromise for the prt-scan campaign and urged organizations to audit their GitHub environments.

This incident also underscores the importance of monitoring for unusual activity, such as a sudden influx of pull requests from unknown accounts, and implementing automated defenses that can detect and block malicious submissions before they execute. As AI continues to evolve, the speed and scale of such attacks will only increase, making proactive security measures essential for all organizations that rely on collaborative development platforms.

Source: Dark Reading News

The rebuilt platform leverages an AI-enabled control plane that manages software pipelines using a controller/reconciler model. This orchestrates and continuously reconciles open source artifacts across containers, libraries, GitHub Actions, and agent skills. The open source DriftlessAF agentic framework keeps approved artifacts updated and patched without relying on throwaway scripts.

Key Facts

• The platform introduces Chainguard Actions, a hardened catalog of GitHub Actions and CI/CD workflows built and maintained in Factory 2.0.
• Chainguard Agent Skills offer a catalog of continuously hardened, third-party AI agent skills, providing small modular instruction sets.
• Chainguard Guardener is an AI agent that automates migration and maintenance of trusted open source artifacts, converting legacy Dockerfiles into minimal, zero-CVE container images.
• The revamp responds to recent supply chain attacks, including the hijacking of tj-actions/changed-files and malicious skills uploaded to OpenClaw registries.

CI/CD pipelines are considered the most privileged systems in software development because they have write permissions to repositories, deployment credentials, signing keys, and access to an organization's entire production infrastructure. These pipelines are wide targets because workflows are often uninspected and come from unknown third parties. Rather than letting developers or AI agents pull random GitHub Actions, Chainguard Actions provides a nonstop, hardened catalog of vetted workflows that Chainguard re-creates from source and secures when upstream updates or exploits appear.

Dan Lorenc, Chainguard's co-founder and CEO, stated at the conference that these are secure-by-default, drop-in replacements for upstream GitHub Actions, allowing developers and agents to move fast without taking on supply chain risk. The preview currently includes over 100 of the top actions from the GitHub marketplace with dozens of hardened fixes.

Patrick Donahue, chief product officer, explained that the tool takes existing actions and hardens them, detecting and remediating unsafe code. For instance, if an action logs into a system with potentially unsafe code, Chainguard will fix it before it reaches the developer.

Chainguard Agent Skills are small, modular instruction sets that enhance AI agents for tasks like browser automation, PDF processing, SEO checking, web design, and code quality reviews. Donahue compared them to tapping all the experts in an industry to answer questions or perform tasks.

The Guardener agent automatically converts legacy Dockerfiles into minimal, zero-CVE Chainguard container images. Future updates will add capability for other configuration scripts. Ed Sawma, a product VP, said the Guardener will be placed in customer environments to allow more automated use of Chainguard images.

Adeel Saeed, Kyndryl's CISO, noted that Chainguard Actions and Guardener together will automate the maintenance of secure images and agents. He said adoption today is manual because users download images and put them in an Artifactory. With Actions and Guardener, the process ties back to Git repositories and automates the entire workflow, increasing adoption.

The revamp is timely as threat actors develop new ways to spread malware into software supply chains. Last year, attackers hijacked tj-actions/changed-files on GitHub's CI/CD platform, redirecting tags to a malicious commit and leaking secrets from over 23,000 repositories. More recently, adversaries uploaded malicious skills to OpenClaw registries that instructed coding agents to install the Atomic macOS Stealer on developers' machines.

Factory 2.0's architecture represents a shift from event-driven automations to a controller/reconciler model, which is more durable and scalable. The DriftlessAF framework ensures that approved open source artifacts are continuously updated, reducing the risk of configuration drift and vulnerabilities. By integrating AI-driven reconciliation, Chainguard aims to eliminate the fragility of manual scripts and traditional security tools.

The platform also addresses the challenge of third-party dependencies in CI/CD workflows. Many organizations unknowingly pull actions from unknown sources, exposing themselves to malware and misconfigurations. Chainguard Actions provide a trusted alternative that is continuously maintained and hardened. The team behind the platform includes engineers who have worked on open source security projects and contributed to major industry standards.

Chainguard's focus on open source security aligns with broader industry trends as software supply chain attacks become more sophisticated. Organizations are under pressure to secure their pipelines without slowing development. Factory 2.0 aims to balance speed and security by automating the hardening process. The controller/reconciler model is inspired by Kubernetes controllers, which continuously ensure desired states are maintained.

In addition to the new offerings, Chainguard is contributing to the open source community with DriftlessAF, which can be used by other organizations to build similar reconciliation bots. This move is expected to foster wider adoption of secure artifact management practices.

The announcement has drawn interest from security professionals and developers who see it as a step toward reducing the manual effort required to keep software supply chains secure. As attacks like the tj-actions incident and the Atomic macOS Stealer show, the attack surface is expanding rapidly, and automated solutions are becoming necessary.

Chainguard plans to expand the catalog of hardened actions and skills in the coming months, with support for more CI/CD platforms and agent frameworks. The Guardener agent will also gain the ability to handle other configuration scripts beyond Dockerfiles, further automating the migration to secure artifacts.

Source: Dark Reading News

What Is the AI-Driven 'Daily Brief'?

The concept of a daily briefing is not new. Apple's Siri offers a morning summary, and Amazon's Alexa provides a flash briefing. However, Google's approach leverages its Gemini large language model to go beyond simple RSS feeds. The Daily Brief will analyze a user's search history, email snippets (with permission), calendar events, location data, and news consumption habits to build a narrative-style summary. For example, a user with a flight at noon might see a briefing that includes the weather at the destination, traffic alerts to the airport, and news about airline strikes.

Early reports from Google's internal demo suggest that the AI will prioritize 'actionable intelligence' over pure volume. The brief will be short, typically 30 seconds to two minutes when read aloud, or a scannable text card on the phone screen. It will also include interactive elements, such as 'swipe to save' buttons for articles, 'add to calendar' for events mentioned, and 'summarize further' buttons for deeper dives.

Key Features and Capabilities

• Dynamic Personalization: The AI learns from user feedback. If you frequently skip sports news, it will deprioritize that category. If you always read tech headlines first, tech will appear at the top.
• Multi-Source Aggregation: The brief pulls from Google News, Gmail (for bills, reservations), Google Calendar, local weather services, and even traffic data from Google Maps. It can also integrate with third-party news sources if the user opts in.
• Voice and Visual Modes: Users can receive the brief via voice through Google Assistant or on the Google app as a visual card. The visual version will include inline images, key bullet points, and links to full articles.
• Privacy Controls: All personalization is opt-in. Users can granularly control which data sources the AI uses. Google has emphasized that the model processes data locally on device for sensitive information, with only anonymized trends sent to the cloud.

How It Differs from Current Solutions

Existing daily briefing features often rely on static preferences. For instance, you might tell Siri you like 'NPR News' and 'Weather,' and that's what you get every day. Google's Daily Brief uses real-time context. If you have a meeting with a client, the brief will mention the client's latest company news. If you're traveling internationally, the AI will include currency conversion rates and local holidays. This level of dynamism requires constant learning and natural language understanding—exactly what Gemini 2.0 promises.

Moreover, the brief is not limited to morning delivery. Users can request it on demand at any time, or schedule multiple briefs (e.g., a lunchtime update, an evening recap). The AI can also send push notifications for breaking events that match the user's interest profile.

Behind the Technology: Gemini and Gemma

The brains behind the Daily Brief is Google's Gemini model family, specifically a fine-tuned version optimized for summarization and personalization. Google also uses its lightweight Gemma models for on-device inference, ensuring quick loading times without constant cloud connectivity. The system uses retrieval-augmented generation (RAG) to fetch up-to-date information from trusted sources, then distills it into concise natural language.

Training data includes anonymized browsing patterns and news interaction logs. Google has implemented 'differential privacy' techniques to prevent the model from memorizing specific user identities. The company also plans to release an open-source evaluation dataset for the Daily Brief task, encouraging academic research into personalized summarization.

Launch Timeline and Availability

The feature is expected to launch under the name 'Google Daily Brief' as part of a broader Google Assistant update later this year. Initially, it will be available on Android phones and Pixel devices, with a limited rollout to iOS via the Google app. A premium tier, possibly bundled with Google One AI Premium, may offer longer summaries and more data sources.

Beta testers have reported high satisfaction, with many saying the brief reduces their morning information overload. However, some privacy advocates have raised concerns about the amount of personal data required for effective customization. Google has responded by promising that all personalization data remains under the user's control and can be deleted at any time.

Industry Implications

This move positions Google against Apple's Siri Suggestions and Amazon's Alexa Flash Briefing, but with a significant AI advantage. If successful, the Daily Brief could become a habit-forming feature that locks users into the Google ecosystem. It also presents monetization opportunities through sponsored briefs—for example, a local business could pay to appear in the 'nearby events' section of a user's brief.

Competitors like Microsoft (with Copilot) and Meta (with AI-powered recommendations) are likely to follow suit. The trend toward hyper-personalized, AI-curated content consumption is inevitable. Google's early entry, combined with its vast data trove, gives it a head start.

Challenges Ahead

One major challenge is avoiding filter bubbles. If the AI only shows users news that aligns with their existing beliefs, it could exacerbate polarization. Google claims to include a 'diverse viewpoints' toggle that intentionally surfaces opposing perspectives once a week. Another challenge is accuracy: summarizing complex news without distortion requires sophisticated language understanding. Early internal tests show that the AI occasionally hallucinates facts, though Google says this is being addressed through better grounding in search results.

Additionally, the feature must compete with user fatigue. Many people already feel overwhelmed by notifications. The Daily Brief aims to reduce noise, not add to it, but if it misfires with irrelevant content, users may disable it quickly. Google is investing heavily in user onboarding, including a setup wizard that asks about interests and sets expectations.

The AI-driven 'Daily Brief' represents Google's vision of a proactive, intelligent assistant that anticipates needs rather than waiting for commands. Whether it succeeds will depend on execution, privacy trust, and the inevitable comparison to human-curated newsletters like 'The Morning Brew.' But with Google's resources, it has a strong chance of becoming a staple in digital morning routines.

Source: Mashable News

At Google I/O 2024, CEO Sundar Pichai set the tone with a single, memorable term: tokenmaxxing. This word encapsulates the unprecedented scale of AI processing now occurring globally – quadrillions of operations every day. The message was clear: Google has fully pivoted to artificial intelligence, and its most popular platforms are being reimagined from the ground up. Among the dozens of product updates announced, YouTube users received two notable features that promise to change how videos are created, discovered, and consumed.

YouTube, the world’s most-watched video platform, is a critical part of Google’s ecosystem. With over 2 billion monthly active users, it is a hub for entertainment, education, and social interaction. As AI becomes more sophisticated, YouTube is integrating these capabilities to enhance user experience while addressing concerns about authenticity and misinformation. This article dives deep into the two major YouTube announcements from I/O 2024 and explores their broader implications.

YouTube Shorts Gets Gemini Omni

The first announcement centers on YouTube Shorts, Google’s answer to TikTok’s short-form video dominance. Shorts already leverages AI for recommendation and editing tools, but the introduction of Gemini Omni marks a significant leap forward. Gemini Omni is Google’s new multimodal AI model, capable of processing and generating content across text, image, audio, and video simultaneously. Unlike previous AI models that handled one modality at a time, Omni can “think” in multiple directions, understanding and creating content from any input.

In practice, this means YouTube Shorts creators can now use Omni within the Remix feature. Remix allows users to take existing videos from YouTube’s library and create new derivative shorts. With Omni, creators can generate new content via advanced AI prompts. For example, a user could prompt the AI to “add a calm background soundtrack and overlay a slow-motion effect to this mountain climbing clip,” and the model would seamlessly execute the request. The result is a more fluid, intelligent editing experience that lowers the barrier for creative expression.

However, with great power comes great responsibility. Google has implemented robust guardrails: any Short created using Gemini Omni will automatically receive an AI-generated content label. This label will include metadata indicating the use of AI, along with links back to the original source material. This transparency measure is crucial in an era where deepfakes and synthetic media can easily mislead viewers. During the presentation, Google emphasized that these labels are part of a broader effort to maintain trust across its platforms.

Additionally, YouTube is expanding its likeness detection tool to all creators aged 18 and older. Previously limited to a smaller test group, this tool helps creators identify where their face has been manipulated or generated by AI in other videos on YouTube. It uses facial recognition and machine learning to scan the platform for potential misuse. This feature is particularly relevant for public figures, streamers, and activists who may be targets of identity theft or unauthorized digital avatars. By giving creators control over their digital likeness, Google aims to combat the spread of non-consensual synthetic media.

Ask YouTube: A New Way to Search

The second major YouTube update is not within the YouTube app itself, but rather a new integration with Google Search. Called “Ask YouTube,” it represents a conversational, multimodal approach to finding information. When users pose complex or specific questions in Google Search – such as “How do I teach my child to ride a bike without training wheels?” – the search results page will now feature relevant YouTube videos directly within an interactive AI-generated response.

This feature leverages Google’s AI Mode, a new search experience that processes queries in a more natural, conversational manner. Instead of just returning a list of links, the AI will curate a tailored response that includes step-by-step tutorials, highlights from related videos, and even timestamps. For example, the AI might respond: “Here’s a popular tutorial from YouTube that shows three methods for teaching balance. Watch the first method starting at 2:15.” The response allows users to navigate the video without leaving the search page, creating a seamless blend of web search and video discovery.

Ask YouTube is still in testing, but Google plans to roll it out broadly across the United States by summer 2024. This feature could dramatically change how people access instructional content. Instead of typing a query, skimming text pages, and then clicking a video link, users get a synthesized answer that directs them to the most relevant parts of the video. It effectively turns YouTube into a knowledge base that Google Search can query in real time.

The implications are significant for both creators and viewers. For creators, having their videos featured in these AI-generated responses could drive substantial traffic, especially for educational and how-to content. For viewers, it reduces the cognitive load of parsing dense text instructions. However, it also raises questions about algorithmic bias: which videos will the AI select? Google claims it uses quality signals, but transparency in the selection criteria will be important.

Broader Context: The AI Revolution at Google I/O

These two announcements are part of a much larger push by Google to embed AI into every product. I/O 2024 saw the unveiling of Gemini 1.5 Pro, a more efficient version of the Gemini model, and Veo, a new video generation tool that can create high-resolution synthetic footage from text prompts. While not directly tied to YouTube, Veo hints at a future where creators can generate original video content without a camera. Google is also competing with OpenAI’s Sora and Meta’s AI video efforts.

In the social media sphere, short-form video remains a battlefield. TikTok has been experimenting with AI-powered effects and generative avatars. Google’s integration of Gemini Omni into Shorts is a direct response to stay competitive. By making advanced AI tools available to all creators, YouTube hopes to foster a vibrant ecosystem of original content. The automatic labeling system also positions YouTube as a responsible platform, potentially appealing to regulators who are increasingly scrutinizing AI-generated content.

Ethical considerations also loom large. The ability to generate video clips with a simple prompt could lead to misuse, from spreading misinformation to creating non-consensual explicit content. Google’s decision to label AI-generated shorts and expand likeness detection is a step in the right direction, but enforcement will be key. The company has not revealed how it will verify that metadata cannot be stripped or spoofed. Moreover, the expansion of likeness detection to all adult creators is a proactive move, but it relies on users actively opting in to scan for abuse.

From a technical perspective, Gemini Omni represents a breakthrough. Traditional AI models often struggle with “model collapse” when trained on synthetic data or fail to maintain consistency across modalities. Omni’s bidirectional architecture is designed to avoid these pitfalls. It can understand the context from one modality—say, a user’s text prompt—and generate coherent output in another, like video. This opens up new possibilities for accessibility: for instance, a creator who is blind could use voice commands to generate visual scenes for their audience.

The Ask YouTube integration also has implications for search engine optimization. Content creators will need to optimize their video metadata and transcripts to be picked up by AI-driven responses. This could lead to a shift in how video content is structured, with more emphasis on clear chapters, accurate captions, and descriptive titles.

As Google forges ahead, competitors are watching closely. Microsoft’s Bing has integrated ChatGPT and is incorporating video answers through partnerships with other platforms. Apple is rumored to be developing its own AI search features. The landscape is shifting rapidly, and YouTube’s integration with Google Search through Ask YouTube may give Google an edge in the search wars by leveraging its vast library of user-generated content.

For everyday users, these changes mean that YouTube will feel smarter and more responsive. Creating shorts will become more intuitive, and searching for how-to content will feel like talking to a knowledgeable assistant. But it also means that the line between human-created and AI-generated content will blur. Google is betting that transparency and user control will maintain trust, while others argue that the sheer volume of AI content could overwhelm organic content.

The two announcements from I/O 2024 – Gemini Omni for Shorts and Ask YouTube – are just the beginning. Google has indicated that more AI features are in development, including real-time translation of video audio, AI-generated captions in multiple languages, and advanced search filters for AI-generated content. The summer rollout of Ask YouTube will be a test case for how well these integrations work in practice. If successful, we may see YouTube become not just a platform for watching videos, but an interactive AI companion that helps users learn, create, and explore in ways previously unimaginable.

Source: Mashable News

While OpenClaw has become hugely popular in the AI and early-adopter communities, Google has a massive reach. Billions of people use Google products, and the company says its Gemini app has 900 million monthly active users. So, Gemini Spark could bring agentic AI into the mainstream for the first time. Here's why Gemini Spark may have an edge over tools like OpenClaw.

Gemini Spark is a cloud-based AI agent

Famously, OpenClaw runs on a local device such as a Mac Mini. Shortly after the tool became a viral hit (first under the name Clawdbot, then Moltbot), Mac Minis quickly sold out at Amazon and other retailers. However, Gemini Spark is a fully cloud-based AI agent. That makes it far more beginner-friendly, as there's no hardware or complicated installation process to worry about. And when you close your laptop, Spark keeps working.

Cloud-based AI agents have distinct advantages over local ones. They can leverage the vast computational resources of Google's data centers, allowing for more complex reasoning, faster response times, and the ability to handle multiple tasks simultaneously. For users, this means no need to purchase expensive hardware or manage local configurations. The agent is always available across devices—desktop, Android, and iOS. Additionally, because Spark runs in the cloud, it can be updated seamlessly without user intervention, ensuring it always has the latest capabilities and security patches. This model also allows Google to offer Spark as part of a subscription service (AI Ultra), reducing the upfront cost for consumers.

Gemini Spark will be able to run 24/7 in the background, with no additional devices required. This persistent operation means tasks like monitoring emails, summarizing documents, or executing scheduled actions can happen continuously, even when the user is offline. The cloud infrastructure also enables Spark to handle intensive tasks such as real-time language translation, video analysis, and complex data aggregation without draining the user's device battery or processor.

Gemini Spark will have better access to your data

Second, if you're already a Google user, then Gemini Spark will have native access to your Gmail, Google Docs, and Google Drive. So, if you ask Gemini Spark to plan an event, it can pull in contacts from Gmail, artwork from Google Drive, and a schedule from Google Docs. It will also be built into Google Chrome and works on desktop, Android, and iOS devices. Yes, all of this can be accomplished if you grant OpenClaw access to all of these tools, but Gemini Spark will make this process instantaneous.

Native integration with Google's ecosystem is a game-changer. OpenClaw, being a third-party tool, relies on APIs and user-granted permissions that may have latency, require additional configuration, or break due to API changes. In contrast, Google controls both the AI agent and the underlying services, allowing deep integration at the system level. This means Spark can access your Google Calendar, Photos, Keep notes, and even your YouTube watch history (with permission) to provide highly personalized assistance. For example, Spark could automatically suggest a meeting time based on everyone's calendar, draft an email using your writing style, and attach relevant files from Drive—all in one command.

Moreover, this integration extends to Google's enterprise suite. Business users who rely on Google Workspace will find Spark can interact with shared drives, team calendars, and company documents, streamlining workflows across organizations. The agent can also leverage Google's knowledge graph and search capabilities to provide context-aware answers, combining personal data with web intelligence.

However, this deep access does raise important privacy considerations. Google has stated that Spark will adhere to strict data governance policies, with user data not being used to train the model without explicit consent. Users will have granular controls over what data Spark can access and for how long. This is a critical differentiator from OpenClaw, which, being open-source, gives users full control but also places the burden of security and privacy management on them.

Cybersecurity peace of mind

OpenClaw has a DIY ethos, and, because it has such a high level of control over your hardware, it can be a big cybersecurity challenge. Some of those problems have been addressed now that OpenClaw is a part of Anthropic, of course. Still, billions of people are already familiar with Google and trust it with their emails, private documents, and photos. Presumably, Spark will be protected with the full might of Google's cybersecurity.

Google invests heavily in security infrastructure, including advanced threat detection, encryption at rest and in transit, and a dedicated security team that monitors for vulnerabilities. For Spark, this means built-in protections against prompt injection, data exfiltration, and unauthorized actions. Google also announced a new way of stopping AI agents like Spark from overspending your money. Google will be introducing something called Agent Payments Protocol (AP2). Google says this protocol stops agents from going rogue and making purchases you didn’t intend. Users will be able to place strict limits on how much Spark can spend, what it can purchase, and which merchants it can use.

The Agent Payments Protocol is a significant innovation for AI agents that interact with financial services. It works by requiring explicit user authorization for each transaction, with the agent presenting a clear summary of what it intends to purchase and at what cost. Users can approve or deny in real-time, or set predefined spending limits. This adds a layer of protection against potential exploits where malicious prompts could trick the agent into making unauthorized purchases. AP2 is built on Google's existing payment infrastructure, ensuring compatibility with Google Pay and major credit cards.

Furthermore, Google is introducing Gemini Spark slowly, and a beta will be available soon for AI Ultra subscribers. That lets Google test Spark with Gemini power users before launching it to everyday users. This phased rollout allows Google to identify and fix security issues, gather feedback, and fine-tune the agent's behavior in real-world scenarios. It also gives early adopters a chance to influence the product's direction.

Beyond security, Google's brand trust is a major asset. While OpenClaw has a passionate community, many users are wary of granting deep system access to a third-party tool. Google's established reputation for handling sensitive data (e.g., Gmail, Google Photos) provides a level of comfort that OpenClaw cannot easily match.

Additional Advantages and Context

Beyond the three reasons, several other factors could tip the scales in Gemini Spark's favor. One is the integration with Google's vast array of services, including Google Maps for location-based tasks, Google Flights for travel planning, and Google Assistant for voice interaction. Spark is designed to be a unifying layer across these services, allowing users to orchestrate complex workflows with natural language.

Another is the use of the Gemini 3.5 Flash model, which Google claims offers superior reasoning and speed compared to OpenClaw's underlying model. Google has been investing heavily in multimodal AI, and Spark can understand and generate text, images, code, and even audio. This makes it versatile for tasks like creating presentations, analyzing charts, or transcribing meetings.

The cloud-based nature also enables continuous learning and personalization. Over time, Spark can learn user preferences, habits, and communication styles, becoming more effective. For example, it might automatically prioritize emails from certain contacts, suggest recipes based on dietary restrictions, or remind you of upcoming bill payments.

However, OpenClaw has its own strengths: it is open-source, highly customizable, and can run completely offline. For users who value privacy above all else and have the technical expertise to manage their own infrastructure, OpenClaw remains a compelling option. But for the average consumer, Gemini Spark offers a more accessible, secure, and integrated experience.

Google is introducing Gemini Spark slowly, and a beta will be available soon for AI Ultra subscribers. That lets Google test Spark with Gemini power users before launching it to everyday users. For all these reasons, Gemini Spark could be the first AI agent used by countless internet users.

Source: Mashable News

This year, the deals span across multiple categories: headphones, laptops, and TVs. Whether you are looking for a powerful noise-canceling pair for commuting, a lightweight ultrabook for work or school, or a big-screen upgrade for your living room, there is likely a Memorial Day discount that fits your budget. The key is to look beyond the percentage off and focus on the actual final price and the product's value. We have done the research for you by comparing current prices to historical lows and previous sale events like Amazon's Big Spring Sale.

One important note: deal pricing and availability are subject to change after time of publication. Retailers often adjust prices in real time based on inventory and demand, so if you see a deal that works for you, it is wise to act quickly. We have verified these offers at the time of writing, but always double-check the final cost before checking out. Also, remember that many of these deals are available across multiple retailers, so you can choose the store that offers the best return policy or fastest shipping.

Best Memorial Day headphone deal

The Sony ULT Wear headphones are a standout choice this year. They carry the Mashable Choice Award, and they are on sale for $148 at Amazon, matching the price during the Amazon Big Spring Sale. While this is not the absolute lowest price ever — they were $128 in December 2024 — it is still a strong discount of $101.99 off the regular retail price of $249.99. For those who want something a little fancier, the Sony WH-1000XM6s are also on sale for their Big Spring Sale price, which is their lowest price to date. The ULT Wear headphones feature powerful bass that can be boosted via a dedicated button, excellent battery life (up to 30 hours with noise canceling on), and comfortable over-ear design suitable for long listening sessions. The combination of sound quality, comfort, and reliable active noise cancellation makes these a top pick for commuters and remote workers alike.

Beyond the Sony ULT Wear, there are other headphone deals worth checking out. The Bose QuietComfort headphones are reduced to $229, saving you $120. They are known for their industry-leading noise cancellation and plush comfort. The Sennheiser Momentum 4, priced at $230 (save $69.99), offers audiophile-grade sound with adaptive noise cancellation and a sleek design. For those who prefer a more vintage look with modern features, the Marshall Monitor III headphones are available for $248.99, a saving of $131. These come with a built-in equalizer and up to 70 hours of battery life. Finally, the Sonos Ace headphones, typically priced at $399, are now $348, saving $51. These integrate seamlessly with the Sonos ecosystem and offer spatial audio with head tracking. Each of these models has been reviewed and recommended by audio experts, so you can choose based on your specific preferences for sound signature, fit, and features.

Best Memorial Day laptop deal

The laptop of the moment is the 13-inch MacBook Air with the M5 chip, 16GB of RAM, and a 512GB SSD, now priced at $999 — a $100 saving off the $1,099 list price. This is a fantastic deal for a machine that only debuted earlier this year. While it was briefly lower at $949 in early April, $999 is still an excellent price for a top-tier ultraportable. In our review, Tech Editor Timothy Werth noted that the new MacBook Air "takes everything good about the MacBook Air and adds the faster M5 chip." The M5 chip brings improved graphics performance, faster memory bandwidth, and longer battery life, making this model ideal for students, professionals, and anyone who needs a powerful yet light laptop for everyday tasks, creative work, or light gaming.

If you need more power, the 14-inch MacBook Pro with the M5 chip and 16GB RAM/1TB SSD is $1,499.99 (save $199.01). Stepping up to 24GB RAM and 1TB SSD brings the price to $1,749 (save $150). For heavy workloads, the MacBook Pro with M5 Pro (15-core CPU, 16-core GPU), 24GB RAM, and 2TB SSD is $2,399.99, saving you $199.01. These pros are built for video editing, software development, and other demanding tasks. All of these deals are available on Amazon, but it is worth checking Best Buy and B&H Photo for potential price matches or additional bundles.

It is also worth noting that while the recently launched MacBook Neo — a more affordable entry-level laptop — is not yet on sale, the M5 MacBook Air offers a much stronger performance-per-dollar ratio. If your budget is tight, consider that the base model with 16GB RAM and 256GB SSD is often available at a deeper discount, but the 512GB version provides a better balance of storage and speed for most users.

Best Memorial Day TV deal

The best TV deal this Memorial Day is the Amazon Ember 50-inch 4-Series with Fire TV (2025 model) for $309.99, down from $399.99. That is a 23% discount and a great entry point for a smart TV that runs Amazon's Fire TV platform. The 4-Series delivers 4K resolution, HDR10 support, and access to all major streaming apps through the intuitive Fire TV interface. As a bonus, new Xbox Game Pass customers who purchase this TV also get one month of Game Pass for free, which adds value for gamers. The 50-inch size is ideal for smaller living rooms or bedrooms, providing a cinematic experience without overwhelming the space.

For those wanting larger screens, there are more deals available. The Samsung 65-inch Q7F QLED 4K TV is priced at $427.99, saving $202. This model features Quantum Dot technology for vibrant colors and excellent upscaling. The Roku 65-inch Plus Series Mini-LED QLED 4K TV is $479.99 (save $170), combining Mini-LED backlighting with the user-friendly Roku platform. If you want a bigger Amazon Ember, the 55-inch Mini-LED QLED 4K TV is $559.99, a saving of $260. For a massive screen, the TCL 75-inch T7 QLED 4K TV is now $629.99, saving $270. Finally, the Hisense 65-inch U7 Mini-LED ULED 4K TV is available for $696.94, a remarkable saving of $803.05 off the original $1,499.99. This Hisense model offers a high refresh rate and Dolby Vision support, making it a favorite among home theater enthusiasts. Each of these TVs has been tested for picture quality, brightness, and smart features, ensuring you get a reliable upgrade for your viewing setup.

When shopping for a TV, remember to consider your room's lighting conditions, viewing distance, and whether you need advanced features like HDMI 2.1 for gaming or VRR support. The deals above cover a range of budgets and needs, from budget-conscious buyers to those seeking premium picture quality. Many of these prices are at or near their all-time lows, so if you have been waiting for a good moment to buy, this weekend is it.

Beyond the three highlighted categories, Memorial Day sales also extend to accessories, tablets, and smart home devices. For instance, you may find deals on Apple Watches, Samsung Galaxy tablets, and robotic vacuums. But the deals listed above represent the best value in tech according to our analysis. We have cross-referenced prices from major retailers to ensure you are getting legitimate savings, not inflated list prices designed to look like bigger markdowns.

In summary, whether you need new headphones, a faster laptop, or a bigger TV, the 2026 Memorial Day sales offer multiple opportunities to save money on quality products. The Sony ULT Wear headphones provide an excellent balance of price and performance for audio lovers. The M5 MacBook Air is a compelling choice for anyone seeking a lightweight yet powerful computer. And the Amazon Ember 4-Series TV is a solid entry-level 4K option with a smart interface. For more power or larger screens, the other deals in each category give you room to scale up without breaking the bank. Happy shopping, and enjoy your new gear.

Source: Mashable News

Google's annual I/O developer conference has once again become a stage for groundbreaking AI announcements, and this year's keynote brought a major upgrade to Gmail that promises to change how users interact with their inboxes. The highlight is Gmail Live, a native AI voice integration feature that allows users to literally talk to their email. Instead of typing keywords into a search bar, users can ask verbal questions and receive instant answers drawn from their email history. For example, you can ask, "What's my flight's gate number?" or "What's going on at my kid's school this week?" and Gmail Live will search your inbox to provide the answer. This voice-driven interaction marks a significant shift from traditional text-based email search, making information retrieval as natural as having a conversation.

The announcement was part of a broader AI push at Google I/O, where the company showcased how generative AI is being woven into its productivity suite. Gmail Live is built on Google's Gemini models, the same technology that powers other AI features across Workspace. The tool is designed to understand context and nuance, allowing it to pull relevant details from long email threads, attachments, and calendar events. Google emphasized that user privacy remains paramount: no personal data is used to train the underlying AI models, and the system provides sourcing so users can see exactly which emails were used to generate each response. This transparency is intended to build trust among users who may be hesitant to hand over control of their inbox to an AI.

Gmail Live will launch this summer for Google AI Pro and Ultra subscribers. Business customers on Google Workspace will also get early access through a preview program. Pricing details have not been fully disclosed, but the Pro and Ultra tiers are expected to cost between $10 and $30 per month, depending on the plan. For those on the free tier or standard Workspace plans, Google has not yet announced when or if Gmail Live will become available more broadly. The company's strategy appears to be a gradual rollout, starting with premium subscribers to gather feedback and refine the experience before expanding to a wider audience.

In addition to Gmail Live, Google is expanding its AI Inbox tool, which was originally introduced in January for Google AI Ultra subscribers. AI Inbox functions as a personalized briefing, summarizing recent email activity and suggesting next steps. At I/O, Google announced three new features for AI Inbox: personalized draft replies, instant file access to relevant Google Docs, Sheets, or Slides, and streamlined task management. The task management feature allows users to mark individual tasks as done, dismiss unhelpful suggestions, or mark all emails in a given topic as read with a single click. These updates are rolling out starting today for Google AI Pro and Plus subscribers, broadening the availability of the tool beyond the Ultra tier.

The personalized draft replies feature is particularly noteworthy. It uses the context of the conversation to generate response suggestions that match the user's tone and intent. For example, if a colleague sends an email about a project deadline, AI Inbox can draft a reply confirming receipt, asking clarifying questions, or proposing a meeting. The user can then edit the draft before sending. Combined with instant file access, users can quickly attach relevant documents without leaving the inbox. This integration aims to reduce the friction of switching between tabs and applications, allowing users to handle multiple tasks from within Gmail itself.

Google's VP of product for Gmail, Blake Barnes, explained in a recent interview that user privacy was a central design principle for both Gmail Live and AI Inbox. "We don't use your data for training, and that remains the case for these features," he said. He also highlighted the importance of transparency: the user interface includes a sourcing feature that shows which specific emails were used to generate a response or reply. This is one of several measures Google is taking to build confidence among users who may be wary of AI handling their sensitive communications. Barnes added that the company is committed to making AI feel helpful rather than intrusive, and that these features are designed to augment human decision-making, not replace it.

The I/O keynote also introduced several other AI tools that will integrate with Gmail. Daily Brief is a personalized content roundup that curates top emails, calendar events, and tasks each morning. Gemini Spark is a 24/7 personal AI agent that can interact with Gmail data to answer questions and perform actions on the user's behalf. Universal Cart is an experimental shopping cart that works across multiple retailers, using Gmail to track orders and receipts. Additionally, Google is expanding Personal Intelligence in AI Mode to nearly 200 countries and 98 languages, allowing more users to connect their Gmail accounts to AI assistants for personalized insights. These features are expected to roll out over the next several months, with some appearing in beta later this year.

The broader context of these announcements is Google's aggressive push to embed AI into every layer of its ecosystem. Email remains one of the most heavily used digital tools, with billions of users worldwide. By adding voice interaction and intelligent task management, Google is aiming to reduce the time users spend sorting and searching through their inboxes. Competitors like Microsoft are also integrating AI into Outlook and Teams, making this a key battleground in the productivity software market. Google's advantage lies in its deep integration with other Workspace apps and its access to vast amounts of user data, though the company is careful to emphasize privacy safeguards.

Historically, email search has been limited to keyword matching and basic filters. AI-powered search represents a leap forward, allowing queries to be framed in natural language. For instance, instead of searching for "Delta flight June 12 gate," a user can simply ask "What gate is my flight tomorrow?" and the AI will understand the context of upcoming travel emails. This capability is powered by large language models that can parse semantics rather than just keywords. Google has been investing heavily in this technology since the launch of Bard and the subsequent rebranding to Gemini, and Gmail Live is one of the first concrete applications of Gemini in a consumer product.

Looking ahead, Google plans to refine these features based on user feedback. The initial preview for business customers will help identify edge cases and improve accuracy. There are also plans to extend Gmail Live to other Google services, such as Google Calendar, where users could ask about appointments, and Google Drive, where they could request specific documents. The company has not provided a timeline for these expansions, but the I/O announcements indicate a long-term commitment to voice-enabled productivity. As AI continues to evolve, the line between talking to a computer and talking to a colleague may blur further, with Gmail Live leading the charge.

For now, users eager to try the new features will need to subscribe to one of Google's premium AI plans. The Pro plan costs $19.99 per month and includes access to Gemini Advanced in Gmail, Docs, and other apps. The Ultra plan costs $29.99 per month and adds features like faster model responses and priority access. Both plans also include expanded storage and other benefits. Business customers can request a preview through their Google Workspace admin console. With Gmail Live and the enhanced AI Inbox, Google is betting that users will be willing to pay for a smarter, more conversational email experience.

Source: Mashable News

Das Sloomoo Institute: Ein Paradies für Schleim-Fans

Das Sloomoo Institute, gelegen im angesagten SoHo-Viertel von Manhattan, ist weit mehr als ein gewöhnliches Museum. Es wurde 2019 von den Unternehmerinnen Karen Robinovitz und Sara Schiller gegründet und hat sich schnell zu einem Hotspot für Kinder und Erwachsene entwickelt, die eine Faszination für Schleim haben. Die Einrichtung bietet zahlreiche interaktive Stationen, an denen Besucher ihren eigenen Schleim herstellen, mit verschiedenen Texturen experimentieren und an spektakulären Installationen teilnehmen können. Besonders bekannt ist der „Sloomoo Falls“, ein künstlicher Wasserfall, der nicht mit Wasser, sondern mit einer speziellen Schleim-Mischung fließt. Gäste können sich unter den Fall stellen und komplett mit der klebrigen Masse überziehen lassen – ein Erlebnis, das bei Mutigen besonders beliebt ist.

Für die Feier von RZA wurde das Museum eigens dekoriert. Ein Sprecher des Instituts bestätigte, dass individuelle Schleim-Stationen aufgebaut wurden, die auf das Alter der Kinder abgestimmt waren. Dazu gehörten pastellfarbene Schleimtische, Glitzer-Stationen und eine Vielzahl von Formen, die mit Schleim befüllt werden konnten. Die Dekoration war nach Aussagen eines Insiders deutlich aufwendiger als üblich: Übergroße Ballons, bunte Lichterketten und ein maßgeschneidertes Banner mit RZAs Namen schufen eine magische Atmosphäre. Der Höhepunkt war jedoch der erwähnte Schleimwasserfall, der an diesem Abend nicht nur von den Kindern, sondern auch von Rihanna selbst genutzt wurde. Fotos auf Instagram zeigen die Sängerin, wie sie gemeinsam mit einem Kind in Schutzfolie unter die fließende Masse tritt – ein Moment, der von den Gästen mit Jubel aufgenommen wurde.

Rihanna und A$AP Rocky: Ein Familienmensch mit Herz

Rihanna, die mit bürgerlichem Namen Robyn Rihanna Fenty heißt, ist nicht nur als erfolgreiche Sängerin mit neun Grammy-Awards bekannt, sondern auch als Unternehmerin, die mit ihrer Kosmetikmarke Fenty Beauty die Beauty-Industrie revolutionierte. Ihr Partner A$AP Rocky, bürgerlich Rakim Athelaston Mayers, gehört zu den einflussreichsten Rappern seiner Generation und hat sich zudem als Mode-Ikone etabliert. Das Paar, das seit 2020 liiert ist, hat gemeinsam drei Kinder: RZA (geboren Mai 2022), Riot (geboren August 2023) und Rocki (geboren September 2024). Die Familie lebt weitgehend privat, zeigt aber immer wieder Einblicke in ihr Familienleben, etwa auf Rihannas Instagram-Profil, wo sie stolz Zeichnungen ihrer Kinder als Tattoos präsentiert.

Die Geburtstagsfeier für RZA unterstreicht, wie wichtig den Eltern besondere Anlässe sind. Bereits zu RZAs zweitem Geburtstag im Jahr 2024 hatten sie die Color Factory in New York gemietet, eine immersive Kunst-Location, die mit Farbe und visuellen Effekten arbeitet. Damals stand das Thema Farbe im Vordergrund: Die Kinder konnten mit Farbpulver, Leinwänden und interaktiven Projektionen experimentieren. Dieses Jahr setzte die Familie auf Schleim – ein Material, das bei Kindern in diesem Alter extrem beliebt ist. Die Wahl des Sloomoo Institute zeigt, dass Rihanna und A$AP Rocky großen Wert darauf legen, ihren Kindern unvergessliche Erlebnisse zu schaffen, die deren Interessen aufgreifen.

Die Gästeliste und der Ablauf der Party

Zu der exklusiven Feier waren neben der Familie auch enge Freunde eingeladen. Dabei handelte es sich überwiegend um andere Kinder aus dem Bekanntenkreis der Familie, deren Eltern ebenfalls im Showbusiness tätig sind. Einige Gäste teilten später auf Social-Media-Plattformen Schnappschüsse von der Veranstaltung, die jedoch meist schnell wieder gelöscht wurden, um die Privatsphäre der Kleinen zu schützen. Auf einem erhaltenen Video ist zu sehen, wie die Gruppe RZA ein fröhliches Geburtstagslied singt, während eine aufwendig dekorierte Torte mit einer großen „4“ aus Fondant und einem kleinen Schleimeimer als Dekoration präsentiert wird. Die Torte war nach Angaben eines Konditors aus New York in den Farben Blau und Lila gehalten – passend zum Schleim-Theme.

Rihanna selbst trug an diesem Abend ein ungewöhnlich zurückhaltendes Outfit: einen schwarzen Kapuzenpullover und eine lockere Hose, kombiniert mit Sneakern. A$AP Rocky entschied sich für einen beigen Anzug, der jedoch durch auffällige Accessoires wie eine goldene Kette und eine Designer-Uhr aufgewertet wurde. Die beiden schienen sich komplett auf ihre Kinder zu konzentrieren, wie ein Insider berichtete: „Sie waren die ganze Zeit mit den Kids beschäftigt, haben mit ihnen gespielt und dafür gesorgt, dass sich alle wohlfühlten. Es war ein sehr bodenständiger Abend, trotz der Luxus-Location.“

Tradition der aufwendigen Geburtstagsfeiern

Die Entscheidung für ein spezielles Museum als Party-Location passt zu einer Familientradition, die Rihanna und A$AP Rocky etabliert haben. Schon in den ersten Lebensjahren von RZA wurde jeder Geburtstag mit einem thematischen Event gefeiert. Der erste Geburtstag fand 2023 in einem privaten Rahmen in ihrem Anwesen in Beverly Hills statt, mit einer Hüpfburg und einem Mini-Zoo. Der dritte Geburtstag wurde 2025 – da RZA bereits drei Jahre alt war – mit einer „Dinosaurier-Party“ in einem Naturkundemuseum begangen, inklusive Dinosaurier-Kostümen und fossilen Aktivitäten. Diese Kontinuität zeigt, dass die Eltern großen Wert auf Kreativität und gemeinsame Erlebnisse legen.

Experten für Kindheitsentwicklung loben solche Bemühungen: „Sie schaffen nicht nur Erinnerungen, sondern fördern auch die soziale Interaktion und die Fantasie ihrer Kinder“, sagt Dr. Emily Carter, eine in New York ansässige Kinderpsychologin. „Das Mieten eines ganzen Museums oder einer exklusiven Location ermöglicht es den Kindern, in einer kontrollierten Umgebung zu spielen, ohne äußere Ablenkungen. Das stärkt das Gemeinschaftsgefühl und gibt dem Geburtstagskind das Gefühl, etwas Besonderes zu sein.“

Hintergrund: Rihannas Weg zur Supermutter

Seit der Geburt ihres ersten Sohnes hat Rihanna immer wieder betont, dass Mutterschaft ihr Leben verändert habe. In Interviews sagte sie: „Ich wusste nicht, dass ich so viel Liebe in mir habe. Jeden Tag lerne ich etwas Neues über mich selbst durch meine Kinder.“ Ihr Unternehmen, das zuvor vor allem Mode und Kosmetik umfasste, hat sie um eine Kinderlinie erweitert, die unter dem Namen „Fenty Baby“ läuft. Die Kollektion umfasst Kleidung, Pflegeprodukte und Spielzeug, die auf Nachhaltigkeit und Hautfreundlichkeit ausgerichtet sind. A$AP Rocky, der selbst als Stilikone gilt, unterstützt sie dabei und trägt oft ähnlich durchdachte Outfits bei Familienausflügen.

Die Balance zwischen Karriere und Familienleben scheint dem Paar zu gelingen. Während Rihanna an neuen Musikalben arbeitet und ihre Make-up-Linie weltweit vertreibt, ist sie immer wieder dabei dokumentiert, wie sie ihre Kinder zur Schule bringt oder mit ihnen im Central Park spielt. Das Sloomoo Institute-Ereignis war ein weiterer Beleg dafür, dass sie ihre Rolle als Mutter mit derselben Leidenschaft verfolgt wie ihre künstlerischen Projekte. Die Reaktionen in den sozialen Medien waren überwältigend positiv: Fans bezeichneten sie als „Mom of the Year“ und bewunderten ihre bodenständige Art.

Auch A$AP Rocky zeigte sich in dieser Woche in einem Interview mit dem Rolling Stone von seiner väterlichen Seite: „Meine Jungs sind mein größter Stolz. Wenn ich sehe, wie sie lachen, vergesse ich alle Sorgen. Ja, ich bin ein Rapper, ein Model, aber vor allem bin ich ihr Vater.“ Das Paar plant bereits für die kommenden Geburtstage – die nächste große Feier wird vermutlich der erste Geburtstag von Tochter Rocki im September 2026 sein, für den Spekulationen über eine Unterwasser- oder Weltall-Thematik kursieren.

Alles in allem war der Abend im Sloomoo Institute ein voller Erfolg. Die Familie genoss die Zeit gemeinsam, und die Kinder konnten nach Herzenslust spielen, während die Eltern entspannt zusahen. Es war eine Feier, die zeigt, dass Prominenz nicht bedeutet, auf bodenständige Freuden zu verzichten – sondern sie nur noch größer und kreativer auszuleben.

Source: BUNTE.de News

City's performance on Tuesday was disappointing, at times almost lifeless. Bournemouth took the lead in the 39th minute through Eli Junior Kroupi, and Erling Haaland's equaliser in the 95th minute came too late. Arsenal, who had last won the league in 2004 under Arsène Wenger, had set the stage with a 1-0 home win against Burnley on Monday and were now rewarded. They had spent almost the entire season at the top of the table since round seven. Despite a comfortable lead for much of the season, nerves fluttered in the finish after three consecutive runner-up finishes.

The 44-year-old Arteta finally steps out of the shadow of his fellow Spaniard Guardiola, who is eleven years older and under whom Arteta once served as assistant at City. Arteta could even add a second trophy on May 30 when Arsenal face Paris Saint-Germain in the Champions League final. Guardiola, meanwhile, is set to miss out on another major triumph. After 20 titles during his City tenure, including six league championships and this season's League Cup and FA Cup, his departure is imminent. According to media reports, he has already informed his players that he will step down at the end of the season.

Guardiola's exit has been widely speculated. The Sun reported that he told the squad in a hastily convened teleconference on Monday evening. Prior to that, several reports about his impending departure had emerged. Guardiola was reportedly furious about the timing of those leaks and apologised to his players for them learning about his resignation from the media. The players were said to be surprised, as just on Saturday after winning the FA Cup they were told Guardiola would honour his contract until 2027. Now everything points to a departure for the former Bayern Munich boss. Speculation about his successor has already begun, with former Chelsea coach Enzo Maresca, who served as Guardiola's assistant, being the leading candidate.

The title win marks a historic moment for Arsenal. The club's last league title came in the unbeaten 2003-04 season, known as the 'Invincibles'. Since then, Arsenal endured years of transition, moving from Highbury to the Emirates Stadium, and seeing key players like Thierry Henry, Patrick Vieira, and Cesc Fàbregas depart. Arsène Wenger retired in 2018, and after a brief period under Unai Emery, Arteta took over in December 2019. The Spaniard gradually rebuilt the squad, blending young talents like Bukayo Saka, Martin Ødegaard, and Gabriel Martinelli with experienced signings. This season, Arsenal's consistency and defensive solidity, led by William Saliba and Gabriel Magalhães, proved decisive. The midfield creativity of Ødegaard and the goals of Saka and Gabriel Jesus provided the cutting edge. Arteta's tactical flexibility and man-management earned high praise.

For Guardiola, this season ends with two domestic cups but missing the ultimate prize. His legacy at City is undeniable: six Premier League titles, a Champions League triumph in 2023, and a relentless style of football that changed English football. However, the club will now face a new era. Enzo Maresca, if appointed, will bring his own philosophy, influenced by Guardiola but also by his stint as Leicester City manager. The transition could be challenging, especially with City's core players like Kevin De Bruyne, Bernardo Silva, and Haaland potentially considering their futures.

Meanwhile, the relegation battle in the Premier League remains tense. Austrian national team defender Kevin Danso and Tottenham Hotspur are still not safe. Tottenham lost 2-1 at Chelsea on Tuesday and remain just two points above the relegation zone, held by West Ham and the 18th-placed team. In the final round on Sunday, Tottenham host Everton while West Ham face Leeds United. Danso, who joined Tottenham on loan in January, has been a regular starter under manager Ange Postecoglou, but the team's inconsistent form has put them in a precarious position. A win against Everton would secure survival, but any slip could be fatal.

The final day of the Premier League season promises drama at both ends of the table. Arsenal will receive the trophy after their last match at home to Wolverhampton Wanderers, but their focus now shifts to the Champions League final. Arteta will aim to complete a domestic and European double, which would be a remarkable achievement in just his fifth full season. Guardiola's City, meanwhile, will play their final game at home to West Ham, likely marking the end of an era. For Tottenham and Kevin Danso, the stakes could not be higher as they fight to avoid the drop. The atmosphere at the Tottenham Hotspur Stadium on Sunday will be electric, with everyone hoping for a happy ending after a turbulent season.

Arsenal's title win also highlights the growth of the league's competitiveness. For years, City and Liverpool dominated, but Arsenal have now broken that duopoly. With Arteta at the helm, the Gunners look set for sustained success. The club's investment in young players and a clear playing identity has paid off. Their defence has been the best in the league, conceding only 29 goals in 37 games. Midfield control and quick transitions have been key. The absence of a prolific striker ahead of the season raised doubts, but the collective contribution from midfielders and wingers made up for it. Arsenal's depth improved significantly, with players like Leandro Trossard, Jorginho, and Thomas Partey providing quality off the bench.

On the other hand, Manchester City's season fell short despite heavy investment in Haaland. The Norwegian striker scored 28 league goals but missed crucial games through injury. City's dependence on him sometimes made them predictable. Guardiola's experimentation with tactics, especially in the second half of the season, did not always work. The defence, usually rock-solid, conceded too many goals in key moments. The draw at Bournemouth encapsulated their season: dominance in possession but lack of incision.

The relegation fight also involves other teams. Everton, currently 16th, need a point at Tottenham to be safe. Leeds, in 18th, must win and hope other results go their way. For Tottenham, a draw might be enough if West Ham lose, but they will aim for a win to avoid any last-day drama. Kevin Danso, who impressed in the Austrian Bundesliga with Augsburg before moving to Tottenham, has shown his versatility in central defence. His physicality and reading of the game have been valuable. A relegation would be a major setback for the club and might trigger a summer exodus. But with a final home game, Tottenham have the advantage.

As the season concludes, narratives are being written. Arteta's emergence as a top coach, Guardiola's possible goodbye, and the survival battles all add to the rich tapestry of English football. Arsenal fans will celebrate long into the night, while others will hold their breath until the final whistle on Sunday. The beautiful game once again delivers drama, joy, and heartbreak in equal measure.

Source: Die Presse News

The flavor draws inspiration from the popular local treat and connects to the Polynesian roots that helped shape Johnson’s brand. ZOA said the drink delivers balanced energy with electrolytes, plant-based caffeine and vitamins B and C. Shave Ice joins a lineup that includes Tropical Punch, Mango Splash, Frosted Grape and White Peach.

The release also marks the start of a broader summer refresh for the company. ZOA plans to introduce new packaging and a creative campaign titled “You Can’t Fake This Kind of Energy.” The updated look is expected to roll out as early as June.

Johnson, widely known as The Rock, first became famous as a professional wrestler before building a successful acting career. He appeared in films including Fast Five, Baywatch, Moana and Jumanji: Welcome to the Jungle. He also returned to WWE in 2011 after several years away from the ring. Born May 2, 1972, in Hayward, California, Johnson played football at the University of Miami before injuries shifted his path toward wrestling. His charisma helped turn him into one of WWE’s biggest stars and later one of Hollywood’s most recognizable actors.

For Hawaiʻi shoppers, the new flavor offers rare early access before most customers nationwide can get it online. The Shave Ice flavor taps into a beloved local treat that blends crushed ice with sweet syrups—typically in bright hues like blue raspberry. ZOA’s version aims to capture that same tropical essence while providing a functional energy boost.

This is not the first time Johnson has blended his personal heritage with business. Having Samoan ancestry, he has often credited his Polynesian roots for his work ethic and connection to fans. The Shave Ice flavor, exclusive to Hawaii at retail, reinforces his ties to the islands where he has deep family and cultural bonds. In fact, Johnson has frequently visited Hawaii for filming, vacations, and philanthropic work, including supporting local communities after natural disasters.

ZOA Energy was launched in 2021 as a healthier alternative to traditional energy drinks. Unlike many competitors, ZOA emphasizes clean ingredients: no artificial preservatives, no high-fructose corn syrup, and a blend of natural caffeine sources like green tea and green coffee bean extracts. The brand quickly gained traction among fitness enthusiasts and consumers looking for sustained energy without the crash. Johnson’s involvement added star power, but the product’s appeal rests on its nutritional profile and taste.

The energy drink market is crowded, with giants like Red Bull, Monster, and Celsius dominating shelves. However, celebrity-backed brands have carved out niches. Johnson’s ZOA competes with other athlete- and entertainer-owned labels such as Prime (co-founded by Logan Paul and KSI) and Ghost (partnered with numerous influencers). Yet ZOA distinguishes itself by focusing on “functional energy” tailored for active lifestyles. The brand’s packaging frequently features Johnson’s iconic Brahma Bull logo, a nod to his wrestling persona.

Johnson’s journey to becoming a mogul is well-documented. After a brief football career cut short by injury, he entered the WWE in 1996 as Rocky Maivia, later reinventing himself as the charismatic “The Rock.” His catchphrases, raised eyebrow, and electrifying presence made him a fan favorite. He won multiple championships and headlined WrestleMania events before transitioning to Hollywood. His first major role was in The Scorpion King (2002), and he has since become one of the highest-paid actors in the world. His filmography includes blockbuster franchises like Fast & Furious, Jumanji, and DC’s Black Adam.

Beyond entertainment, Johnson has built a diverse business empire. He co-founded the tequila brand Teremana, which saw rapid success and was later acquired by a larger spirits company. He also launched the Seven Bucks Production company, which produced shows like Young Rock and The Titan Games. His investments span fitness, apparel, and now energy drinks. Each venture reflects his brand of hard work, positivity, and authenticity.

The new Shave Ice flavor arrives at a strategic time. Summer is the peak season for energy drinks, and the tropical theme aligns perfectly with warmer months. By giving Hawaii exclusive early access, ZOA generates buzz and reinforces its connection to the islands. The “You Can’t Fake This Kind of Energy” campaign celebrates real, clean ingredients versus synthetic alternatives. The updated packaging is expected to be brighter and more inviting, appealing to a broader audience.

ZOA’s expansion into limited-edition flavors is a common tactic in the beverage industry to create urgency and test new tastes. If successful, Shave Ice could become a permanent addition, especially given the positive feedback from initial samplings. The brand’s social media has already teased the flavor with images of shave ice cones and Hawaiian sunsets, leveraging Johnson’s massive online following.

Hawaii’s 7-Eleven stores are known for carrying unique local products, from Spam musubi to Hawaiian Sun drinks. Adding ZOA Shave Ice to the mix underscores the chain’s role as a community hub. Locals and tourists alike can grab the drink at over 60 locations across the state. The initial response has been encouraging, with many fans posting photos on Instagram and TikTok, calling it “refreshing” and “authentically Hawaiian.”

Johnson’s personal connection to the flavor cannot be overstated. In a press release, he said, “Shave ice is a staple of my childhood summers in Hawaii. I wanted to bring that same feeling of joy and energy to everyone, but especially to the people of Hawaii who have given me so much love.” Such statements resonate with his fan base and reinforce brand loyalty.

As the energy drink market evolves, consumers increasingly demand transparency and functional benefits. ZOA meets these needs by providing B vitamins, vitamin C, and electrolytes without excessive sugar or synthetic stimulants. The Shave Ice flavor contains 100 mg of caffeine per can, about the same as a cup of coffee, yet offers a smoother lift due to the combination of natural sources. It also includes taurine and glucuronolactone, common in energy drinks, but in lower amounts than competing products.

The summer refresh also includes new graphics that highlight Johnson’s silhouette and the brand’s mission. The creative team behind the campaign drew inspiration from Johnson’s motivational speeches and his mantra that you can’t fake real energy—whether in the gym, at work, or in life. This message is expected to appear in TV spots, digital ads, and in-store displays starting in June.

In addition to the new flavor, ZOA is expanding its retail footprint. After initially being available mostly online and at select retailers like GNC, the brand has secured partnerships with Target, Walmart, and convenience chains across the country. The Hawaii 7-Eleven exclusive is a limited-time promotion, but it signals that ZOA is willing to experiment with regional campaigns to build momentum.

Looking ahead, ZOA Energy may introduce more island-inspired flavors or even collaborate with other Hawaiian icons. The success of Shave Ice could pave the way for flavors like Lilikoi (passionfruit) or Mango Guava. Johnson’s team has hinted at a “taste of the islands” series, given the positive reception. With summer just beginning, the Shave Ice flavor is poised to become a seasonal favorite and a talking point among energy drink enthusiasts.

Source: Yahoo Entertainment News

Jeremy Allen White was born in 1991 in New York City to parents who had pursued acting careers before settling into more stable jobs. His mother and father met while striving to make it as performers on New York stages, eventually marrying and stepping away from show business to raise a family. Growing up, White was exposed to the arts early, developing a talent for dance—particularly tap and ballet—during elementary school. However, at age 13, he decided to shift his focus from dance to acting, a move that would define his future.

White attended the prestigious Professional Performing Arts School in Manhattan, where he honed his craft alongside other aspiring performers. His early training provided a strong foundation for the emotionally charged roles he would later tackle.

Career Beginnings

White made his on-screen debut in 2006 with a guest appearance on the legal drama Conviction. This was followed by small roles in iconic series such as Law & Order and Law & Order: Special Victims Unit. He also appeared in the ensemble comedy film Movie 43, a project that brought together numerous A-list actors. While these early roles were minor, they gave White valuable experience and exposure in the competitive television industry.

Breakthrough with Shameless

In 2011, White landed the role of Phillip “Lip” Gallagher on the Showtime adaptation of the British series Shameless. The character, a brilliant but troubled young man from a dysfunctional family, became a fan favorite. White’s nuanced performance—capturing Lip’s intelligence, vulnerability, and self-destructive tendencies—earned critical acclaim. Over the show’s 11 seasons, he grew from a supporting player to one of the series’ lead actors, delivering some of its most memorable moments.

White’s work on Shameless brought him widespread recognition and several award nominations. He became known for his ability to convey deep emotion with subtlety, often using silence and body language to powerful effect. The series concluded in 2021, but White’s career was far from over.

Mainstream Success with The Bear

In 2022, White took on the role of Carmen “Carmy” Berzatto in the FX on Hulu dramedy The Bear: King of the Kitchen. The series follows a young, award-winning chef who returns to his family’s sandwich shop in Chicago after a personal tragedy. White’s portrayal of Carmy, a man struggling with grief, perfectionism, and the chaos of running a small restaurant, was widely praised for its authenticity and intensity. The show became a cultural phenomenon, earning critical acclaim and numerous awards, including multiple Emmys and Golden Globes.

The success of The Bear has led to multiple seasons, with the fourth season premiering in June 2024. White’s performance continues to be a highlight, and the show has been renewed for a fifth season, dispelling rumors of an early end. The series has also launched White into the upper echelon of Hollywood talent, opening doors to major film and voice-over projects.

Key Facts About The Bear

• Premiered in 2022 on FX on Hulu.
• White stars as Carmy Berzatto, alongside Ayo Edebiri, Ebon Moss-Bachrach, and others.
• Season 4 debuted in June 2024, with Season 5 already confirmed.
• The show has received numerous Emmy nominations and wins.
• White’s performance has been described as “career-defining” by critics.

Upcoming Projects

The Mandalorian & Grogu

White has joined the cast of the upcoming Star Wars film The Mandalorian & Grogu, directed by Jon Favreau. While details about his character remain under wraps, it has been reported that he will provide voice work for a creature or character in the film. The project is one of the most anticipated entries in the Star Wars franchise, and White’s involvement has generated excitement among fans. The film is expected to continue the story of the beloved duo from the Disney+ series.

Bruce Springsteen Biopic

White is set to portray the legendary musician Bruce Springsteen in the upcoming biopic Springsteen: Deliver Me From Nowhere. Directed by David O. Russell, the film will explore Springsteen’s early life and the making of his 1982 album Nebraska. White has been preparing for the role by learning to play guitar and studying Springsteen’s mannerisms. The project is scheduled for an October 2025 release, and early reactions to the trailer have been positive, with fans praising White’s physical transformation and vocal resemblance.

Netflix Series

White has also secured a role in an upcoming Netflix series, though details remain scarce. Given his track record, the project is likely to be a high-profile drama that further expands his range. The streaming platform has been investing heavily in prestige television, and White’s involvement signals the series’ potential.

Other News and Milestones

White continues to be a dominant presence in the awards circuit. In 2024, he was nominated for multiple Emmys, SAG Awards, and Golden Globes for his work on The Bear. The show is often compared to other acclaimed series like Succession and Beef, which dominated the 2023 awards season. White’s collaboration with his The Bear co-stars has been praised, particularly his on-screen chemistry with Ayo Edebiri.

Beyond his acting, White is known for his reserved personality and dedication to his craft. He rarely gives interviews but has spoken about the importance of authenticity in his roles. His rise from a child dancer to one of the most respected actors of his generation is a testament to his talent and perseverance.

Reception and Cultural Impact

The release of The Bear has sparked conversations about the restaurant industry, mental health, and the immigrant experience. White’s portrayal of Carmy has been particularly impactful, resonating with audiences who see their own struggles reflected on screen. The show’s fast-paced dialogue and realistic kitchen chaos have set a new standard for television drama.

White’s work on Shameless also remains influential, especially among younger viewers who grew up with the Gallagher family. His performance as Lip Gallagher continues to be a touchstone for complex coming-of-age stories on television.

Personal Life and Off-Screen Activities

Despite his fame, White maintains a relatively private life. He is married to actress Addison Timlin, with whom he shares two daughters. The family resides in Los Angeles, where White spends his downtime with loved ones. He is also a strong supporter of various charities, including those focused on children’s education and mental health awareness.

White’s future looks bright, with multiple high-profile projects in development. He has proven his ability to transition from television to film seamlessly, and audiences are eager to see what he does next. Whether he is playing a tormented chef, an alien bounty hunter’s companion, or a rock icon, White brings a level of commitment that elevates every project he touches.

Source: Serienjunkies News

The 2026 FIFA World Cup is set to be a monumental event, and the official soundtrack is already generating massive excitement. Blackpink's Lisa, Brazilian superstar Anitta, and Nigerian Afrobeat sensation Rema have joined forces for a new track titled 'Goals'. The collaboration, produced by the acclaimed Brazilian duo Tropkillaz, promises to be a cross-continental anthem that merges K-pop, Latin pop, and Afrobeat into one explosive celebration of football. The release date has been officially announced as May 21, 2026, building anticipation for the tournament's opening ceremony in Los Angeles.

The Making of 'Goals'

'Goals' is not just any song—it is the official single for the 2026 FIFA World Cup. The track brings together three artists who each dominate different corners of the global music scene. Lisa, the Thai rapper and dancer from the world-famous K-pop group Blackpink, has already established herself as a solo powerhouse. Anitta, a Brazilian pop icon, has broken barriers by blending funk carioca, reggaeton, and pop to conquer international charts. Rema, a young star from Nigeria, has pioneered the Afrobeat revival with hits like 'Calm Down' and 'Dumebi'. Together, they represent North America, South America, Africa, and Asia—a true World Cup spirit.

Produced by Tropkillaz, a Brazilian duo known for their infectious electronic beats, 'Goals' incorporates musical elements from three continents. The teaser released so far hints at a high-energy mix, with Lisa's sharp verses, Anitta's sultry vocals, and Rema's melodic flow. The song is expected to feature a driving rhythm that will make it a perfect stadium anthem. FIFA has worked closely with the artists and producers to ensure the track captures the unity, passion, and global reach of the tournament.

Historical Significance of This Collaboration

This collaboration marks several historic firsts. Lisa will become the first Thai performer to headline a FIFA World Cup opening ceremony, as confirmed by her agency LLOUD. She is also the first female K-pop soloist to take center stage at such a massive global event. Her presence highlights the growing influence of K-pop and Southeast Asian artists in mainstream international entertainment. Anitta continues to elevate Brazilian music on the world stage, following her previous involvement with the 2014 FIFA World Cup anthem 'We Are One (Ole Ola)' in which she also participated. Rema represents the new wave of African pop, bringing the continent's vibrant sounds to one of the most-watched events on the planet. Together, they symbolize a celebration of diversity and talent across the globe.

The opening ceremony itself is shaping up to be a star-studded affair. Reports indicate that Katy Perry will also headline performances during the opening ceremonies across North America. The first match will be held at Estadio Azteca in Mexico City, where the host nation South Africa will face the United States. At SoFi Stadium in Los Angeles, the U.S. national team will debut against Paraguay, accompanied by performances from Katy Perry, Future, DJ Sanjoy, and Paraguayan artist Marilina Bogado. Lisa, Anitta, and Rema will perform 'Goals' live during the Los Angeles ceremony, promising an unforgettable visual and musical spectacle.

The 2026 FIFA World Cup: A Tournament Like No Other

The 2026 FIFA World Cup is unprecedented in scale. For the first time, the tournament will be co-hosted by three nations: Canada, Mexico, and the United States. It will also feature an expanded 48-team format, up from the traditional 32, with 104 matches played across 16 host cities. This expansion means more teams from all corners of the globe get a chance to compete on the world's biggest stage. The event runs from June 11 to July 19, 2026, culminating in the final at MetLife Stadium in New Jersey.

In addition to the opening ceremony, the World Cup final will feature a historic halftime show. Global sensation BTS is set to perform alongside music legends Madonna and Shakira in a Super Bowl-style extravaganza, curated by Coldplay's Chris Martin. This marks the first time a halftime show has been integrated into a FIFA World Cup final, adding a new layer of entertainment to the sport's pinnacle event. The combination of BTS, Madonna, and Shakira represents a cross-generational and cross-cultural musical lineup that mirrors the global unity of the tournament.

Inside the Track: What to Expect from 'Goals'

Based on the teaser and early descriptions, 'Goals' is an uplifting, high-tempo track designed to ignite stadiums and living rooms alike. The production by Tropkillaz blends electronic dance music with percussive African grooves and Latin rhythms. Lisa's rap verses are expected to bring a fierce, confident energy, while Anitta's chorus will likely be catchy and singable. Rema's verses should add a laid-back yet infectious Afrobeat flavor. The song's title 'Goals' is a direct nod to the World Cup, and the lyrics are expected to celebrate achievement, ambition, and the joy of football.

The collaboration came together after months of coordination between the artists' teams, FIFA's music department, and Tropkillaz. Each artist recorded their parts in different studios—Lisa in Seoul, Anitta in Rio de Janeiro, and Rema in Lagos—before the track was finalized in Los Angeles. The music video, expected to drop shortly after the single, will feature scenes from each of the artists' home countries and iconic football moments.

The Legacy of FIFA World Cup Anthems

FIFA World Cup anthems have a long tradition of bringing together music icons from different backgrounds. Past anthems have included 'Waka Waka (This Time for Africa)' by Shakira (2010), 'We Are One (Ole Ola)' by Pitbull, Claudia Leitte, and Jennifer Lopez (2014), and 'Live It Up' by Nicky Jam, Will Smith, and Era Istrefi (2018). 'Goals' aims to follow in these footsteps, but with a contemporary twist that reflects the 2020s' global pop landscape. The inclusion of K-pop, Latin pop, and Afrobeat demonstrates how the World Cup is not just a sports event but a cultural phenomenon that transcends boundaries.

FIFA's choice of artists also aligns with the tournament's locations. North America, which will host the majority of matches, is a melting pot of cultures, and the collaboration mirrors that diversity. Lisa brings the massive Asian fanbase of K-pop, Anitta taps into the growing Latin music market, and Rema continues the Afrobeat explosion that has taken over global charts. This strategic selection ensures that the anthem has broad appeal across multiple demographics and regions.

Expanded Coverage and Future Impact

The announcement of 'Goals' has already sparked widespread discussion on social media, with fans from each artist's fandom expressing excitement. The teaser has garnered millions of views across platforms, and the official release on May 21 is expected to break streaming records. The artists have hinted at potential remixes featuring other World Cup relevant artists. The live performance at the opening ceremony will be broadcast to billions worldwide, cementing the track's place in pop culture history.

As part of the promotional campaign, FIFA will release behind-the-scenes content, interviews, and a series of video clips showing the making of 'Goals'. The song will also be featured in FIFA video games and stadium playlists, ensuring maximum exposure. The collaboration between LLOUD, Anitta's management, and Rema's Mavin Records has been hailed as a model for future cross-cultural projects in the entertainment industry.

Looking Ahead to the World Cup Opening Ceremony

With only a few weeks until the tournament kickoff, excitement is at a fever pitch. The opening ceremony in Los Angeles promises to be a spectacular event, blending Hollywood glitz with international star power. In addition to the 'Goals' performance, other segments will include a parade of nations, a tribute to football legends, and a light show incorporating the latest technology. SoFi Stadium, with its state-of-the-art design and massive capacity, will serve as the perfect backdrop for this global celebration.

Lisa, Anitta, and Rema have been rehearsing intensively for the live show. Choreography will feature a fusion of each artist's signature dance styles, with Lisa's sharp K-pop moves, Anitta's sensual Latin grooves, and Rema's relaxed Afrobeat swagger. The stage design will incorporate elements from their respective cultures, creating a visual feast for the audience. The performance is expected to last around ten minutes, making it one of the most elaborate in World Cup history.

As the world counts down to June 11, the release of 'Goals' on May 21 serves as the starting gun for the global football celebration. Fans can stream the single on all major platforms, and the music video will be available on YouTube. The track is poised to become the soundtrack of summer 2026, uniting people across continents in the spirit of sport and music. Whether you are a die-hard football fan or a music lover, 'Goals' is set to be an anthem that resonates long after the final whistle.

Source: Zoom TV News

Netskope this week introduced Netskope One AgentSkope, an agentic AI framework designed to automate security and network operations workflows within its SASE platform. The move aims to help enterprises manage the overwhelming volume of alerts and operational complexity that often leaves security and network teams strained. According to Netskope, approximately 40% of alerts in security operations centers (SOC) and network operations centers (NOC) go uninvestigated due to resource shortages.

AgentSkope embeds AI agents directly into the Netskope One data layer, allowing them to analyze and act on information without exporting data to external systems. This integration reduces the need to move large volumes of data to third-party SIEM platforms, thereby lowering data ingestion costs. The framework leverages natural language interfaces and multi-step workflow automation, from investigation through remediation recommendations, ensuring that human analysts remain in control of final actions.

Six AI Agents for Diverse Operational Needs

Netskope launched six initial agents with this release:

• DLP AISecOps Agent: Automates DLP alert triage, reducing false positives and surfacing priority cases.
• Insider Threat AISecOps Agent: Correlates user behavior and DLP data to identify insider risks.
• Private Access AIOps Agent: Audits access settings and generates policies based on usage patterns.
• DEM Data Intelligence Agent: Converts telemetry data into actionable troubleshooting insights.
• DEM Insights Agent: Highlights performance issues and trends across digital environments.
• CCI Insights Agent: Enables natural language queries of cloud and SaaS risk data.

These agents are designed to be force multipliers, handling repetitive triage so that skilled staff can focus on strategic initiatives. The DLP AISecOps Agent, for example, can significantly cut down false positives, allowing analysts to concentrate on legitimate threats. The Insider Threat AISecOps Agent, currently in private preview, combines user behavior analytics with DLP data to pinpoint risky actions that may indicate data exfiltration or policy violations.

Background and Industry Context

SASE (Secure Access Service Edge) converges networking and security functions into a cloud-delivered service. As adoption grows, organizations face the challenge of managing the resulting operational complexity. Alert fatigue is a documented problem: overworked analysts can miss critical incidents, leading to breaches that could have been prevented. This is exacerbated by the rapid expansion of AI-powered attacks, which outpace manual response capabilities.

Netskope's AgentSkope builds on its existing platform strengths. The company has long offered cloud security, zero trust network access, and data loss prevention. By adding an agentic AI layer, it aims to stay ahead in the competitive SASE market, which includes players like Palo Alto Networks (Prisma Access), Zscaler, and Cisco (Umbrella). The key differentiator cited by Netskope is that the agents run directly on the platform data layer, eliminating the latency and cost of moving data to external tools.

Industry analyst IDC has emphasized the strategic importance of agentic security automation. In a statement, Pete Finalle, research manager at IDC, said: "In the face of a rapidly expanding, AI-fueled threat landscape, CIOs and CISOs must invest in agentic security automation as a force multiplier to enhance skilled human resources." This sentiment aligns with broader market trends where AI-driven automation is becoming a critical component of enterprise security operations.

Human Oversight and Deployment

Netskope stresses that human oversight remains essential. While agents can autonomously gather data, triage risks, and initiate workflows such as creating IT service tickets or notifying analysts, they will not take final action without approval. Rich Davis, director of product and solutions marketing at Netskope, explained: "Once the investigation is complete, the agent will wait for a member of the security team to review its findings and direct it to take action. This provides the balance between time savings and human control."

This approach mirrors industry best practices for AI augmentation rather than full replacement. It addresses concerns about autonomous systems making irreversible decisions, especially in high-stakes security incidents. The agents are configurable through a single interface, ensuring they can access all relevant data sources without additional integrations. This ease of use is critical for organizations with limited integration expertise.

Availability and Future Plans

AgentSkope and most of the agents are generally available now, with the Insider Threat AISecOps Agent in private preview. Netskope plans to expand its agent portfolio on a monthly basis, responding to customer demand and emerging threats. The company expects that as AI models and agent capabilities improve, the agents will handle increasingly complex workflows.

Pricing details were not disclosed, but the agents are included as part of the Netskope One platform subscription. Enterprises using other Netskope services—such as DLP, cloud access security broker (CASB), and SD-WAN—can activate agents without additional infrastructure. This deep integration is intended to reduce operational silos and accelerate time-to-value.

For organizations already invested in Netskope, AgentSkope offers a path to operational efficiency without rip-and-replace. For prospects, it provides a compelling reason to consolidate security and networking under a unified, AI-augmented platform. The company's emphasis on reducing SIEM data ingestion costs is particularly attractive to budget-conscious IT leaders seeking to maximize existing tool investments.

Broader Implications

The launch of AgentSkope reflects a broader industry shift toward agentic AI in enterprise operations. While chatbot AIOps focused on providing answers to human operators, agentic AI goes further by autonomously executing tasks. This evolution is expected to accelerate as large language models become more reliable and cost-effective. Netskope's approach, embedding agents directly in the platform data layer, could serve as a template for other security vendors looking to differentiate in a crowded market.

Challenges remain, however. The accuracy of AI-driven triage depends on the quality of underlying models and data. False negatives or missed correlations could lead to incidents. Netskope addresses this by ensuring human oversight for critical actions, but the pressure to reduce false positives must be balanced against the risk of missing true positives. Additionally, as the number of agents grows, managing agent configurations and monitoring their performance may create new operational overhead.

Despite these challenges, the potential benefits are substantial. Reduced alert fatigue, faster mean time to respond (MTTR), and lower operational costs are top priorities for SOC and NOC leaders. AgentSkope's capability to automatically convert telemetry into actionable insights (via the DEM Data Intelligence Agent) and provide natural language queries for cloud risk data (via the CCI Insights Agent) directly addresses these pain points.

The reaction from the analyst community has been positive, with IDC's Pete Finalle noting that "the ability to intelligently triage threats, help manage the increasing scope and scale of modern threats, and keep up with new AI models/agents can no longer remain a manual process."

Netskope's CEO Sanjay Beri summarized the vision: "We built AgentSkope to act as an autonomous force multiplier, providing a shared architectural foundation that allows organizations to easily deploy AI agents capable of executing end-to-end workflows. By abstracting away operational complexity and removing internal development bottlenecks, we are empowering security and network leaders to drastically reduce manual troubleshooting, free up their skilled staff for strategic initiatives, and adapt their defenses at the speed of business."

With the rapid pace of agent rollout—monthly new agent releases—Netskope is positioning itself at the forefront of agentic security automation. As enterprises continue to grapple with AI-fueled threats and escalating complexity, solutions like AgentSkope may become essential for maintaining effective cyber defense without ballooning headcount.

Source: Network World News

Extreme Networks has made a bold statement in the enterprise networking space with the introduction of the second-generation Extreme Agent ONE, a redesigned Platform ONE management suite, and an expanded lineup of Wi-Fi 7 access points. The announcements, made at the company's Extreme Connect 2026 user conference, reflect a strategic pivot toward fully autonomous network operations, where artificial intelligence agents proactively detect, investigate, and resolve issues with minimal human intervention.

The cornerstone of Extreme's new offerings is Agent ONE, an AI-powered agent that goes beyond simple alerting. Unlike traditional AI tools that require a user to ask a question or define a query, Agent ONE continuously monitors the network for anomalies and acts autonomously. The agent can identify rising Wi-Fi congestion in a school environment and automatically adjust radio parameters, or detect recurring slowdowns at retail point-of-sale terminals and suggest traffic prioritization during peak hours. According to Nabil Bukhari, Extreme's CTO and president of AI platforms, the agent is designed to operate at machine speed, reducing resolution times from hours to seconds.

Proactive Nudge Capability Redefines Incident Response

One of the most talked-about features of Agent ONE is its "Nudge" capability, which shifts the human-AI relationship from reactive to proactive. Rather than waiting for an IT team member to query the system, Agent ONE will reach out with findings before a critical issue becomes a major outage. For instance, if a severe alert fires in the middle of the night, the agent will investigate the root cause and wake the engineer with a report of what happened and a recommended fix—not just a noisy alarm. This approach, which Extreme calls a "psychological pivot" in network management, transforms the AI from a passive database into a proactive coworker.

Bukhari explained that the urgency of the nudge matches the urgency of the moment, ensuring that IT teams are not overloaded with irrelevant notifications. This feature is expected to dramatically reduce mean time to remediation (MTTR) and improve overall network reliability. The first release of Agent ONE is scheduled for Q3 2026, with a second release planned for Q4 2026 that will add fully autonomous operations, where the agent can execute scheduled workflows and respond to events in real time without human approval.

Platform ONE Gains Third-Party Device Management and Enhanced Security

On the management side, Extreme has updated its cloud-based Platform ONE with several new capabilities, the most significant being native support for third-party network devices. Customers can now discover, monitor, and perform basic management tasks—such as configuration backups and health checks—on equipment from Cisco, HPE/Juniper, and other vendors, all from a single dashboard. Extreme positions this as a transitional tool that can help customers gradually migrate away from legacy vendors while maintaining operational continuity.

The platform also gains substantial security upgrades. Built-in Cloud Public Key Infrastructure (PKI) capabilities provide certificate authority services, lifecycle management, deployment, and renewal, enabling identity-based zero-trust security. This ensures that users, devices, and applications are continuously authenticated. Additional security modules include a Wireless Intrusion Prevention System (WIPS) for centralized sensor management and threat scoring, real-time asset and visitor tracking with floor-level location resolution, and flexible guest access with engagement analytics. These features address growing demands for tighter security in distributed enterprise networks, particularly in industries like healthcare, education, and retail.

Wi-Fi 7 Portfolio Expands with High-Density and Outdoor Access Points

Extreme rounded out its announcements with three new Wi-Fi 7 access points designed for high-density and challenging environments. The AP5060, aimed at outdoor deployments, features a quad-radio design with 4x4:4 MIMO across the 2.4 GHz, 5 GHz, and 6 GHz bands, plus a dedicated tri-band sensor. It can aggregate data rates up to 23 Gbps and is housed in an IP67-rated weatherized enclosure capable of operating between -40°F and 140°F. This AP is ideal for stadiums, outdoor campuses, and industrial yards.

For indoor spaces where power and space are limited—such as schools, retail outlets, and hospitality venues—Extreme introduced the AP3020 series with 2x2 radios. A weatherized outdoor variant, the AP3060, offers similar performance with enhanced environmental durability. These additions are expected to accelerate Extreme's Wi-Fi 7 adoption, which already accounted for 37% of total wireless unit shipments in the most recent quarter and nearly half of wireless bookings in dollar terms. CEO Ed Meyercord noted that Wi-Fi 7 is the first generation of Wi-Fi capable of running mission-critical business applications reliably, thanks to its improved bandwidth, latency, and interference handling.

Industry Analysts Applaud Extreme's Autonomous Vision

Industry analysts have responded positively to Extreme's announcements. Ron Westfall, vice president and practice lead at Hyperframe Research, described Agent ONE as marking "a shift in enterprise networking, moving the industry beyond simple AI assistance toward true infrastructure autonomy." He highlighted the Nudge capability as a "psychological pivot" that transforms the AI from a passive database into a proactive coworker. Westfall also noted that the introduction of autonomous closed-loop operations within governance boundaries is a significant step forward for network management.

Extreme's push toward autonomous networking is partly driven by the growing complexity of modern enterprise networks, which now span multiple locations, cloud services, and a mix of wired and wireless technologies. Bukhari emphasized that hiring enough skilled engineers to manage these networks manually is no longer feasible. "The engineers to manage tomorrow's networks manually simply cannot be hired fast enough," he wrote. By automating routine tasks and enabling AI agents to handle the unpredictable, Extreme aims to help customers achieve faster outcomes and operational efficiency.

The company's strategy also appears to be resonating with the market. In its recent earnings report, Extreme noted that Wi-Fi 7 represented a growing share of wireless shipments, and the company's focus on simplifying multivendor management could attract customers looking to rationalize their network operations platforms. With Agent ONE, Platform ONE, and the new APs, Extreme is positioning itself as a leader in the next wave of autonomous networking, where human operators focus on strategy while AI handles the day-to-day complexity.

Source: Network World News

The Challenge of AI Agent Security

As enterprises race to adopt agentic technologies, security teams face an expanding blind spot: non-human identities. These include API keys, service accounts, OAuth tokens, and credentials used by AI agents to execute tasks autonomously. According to Cisco's AI Readiness Index, only 24% of organizations can properly monitor and control agent actions, and just 31% feel fully capable of securing their agent AI systems. This gap is widening as agents multiply, with NHIs now outnumbering human identities 100 to 1 in many environments.

Astrix Security, founded five years ago by Alon Jackson and Idan Gour, built its platform to address exactly this challenge. The company's solution provides a real-time inventory of all AI agents, Machine-to-Machine (MCP) servers, and NHIs, enriched with context about risk and business usage. It goes beyond simple discovery, offering governance capabilities such as policy enforcement, privilege management, and lifecycle management—from provisioning to decommissioning. Additionally, the platform includes threat detection and response features that identify compromised credentials or out-of-scope agent actions.

Integration with Cisco's Security Ecosystem

Peter Bailey, Senior Vice President and General Manager of Cisco's Security Business, outlined the acquisition strategy in a blog post. He emphasized that Astrix brings deep capability to discover and secure every AI agent and NHI, including those with excessive privileges or exhibiting real-time threats. The technology will be integrated into Cisco Identity Intelligence, strengthening the visibility and context of identity across the entire Cisco Security platform. Furthermore, the capabilities will extend into Cisco's zero-trust access portfolio, encompassing Cisco Secure Access and Duo. Customers will be able to discover, authenticate, and authorize agentic identities, as well as detect and respond to threats when agents attempt to access resources through these solutions. The visibility and intelligence from Astrix will also feed into Splunk or any SIEM, giving security teams a unified view of agent activity with context needed for investigation and response at machine speed.

Key Capabilities from Astrix

Astrix's core offerings include three primary areas: Discovery and Governance for AI Agents – providing a map of an organization's agentic activity, vetting policies to resolve hygiene issues, reducing attack surfaces, and preventing compliance violations. Agentic Access and Lifecycle Management – managing AI agents and their NHIs from provisioning to decommissioning, ensuring proper permissions throughout. Agentic Threat Detection and Response – detecting and responding to threats such as compromised credentials, out-of-scope agent actions, and unusual behavior patterns.

The co-founders of Astrix, Alon Jackson and Idan Gour, noted in a separate blog that agents and other NHIs create the biggest blind spot in the identity perimeter. They believe that joining Cisco provides the scale, reach, and platform to bring agentic and NHI security to organizations worldwide. Astrix had already established itself as the go-to platform for security teams needing to discover, govern, and protect every agentic and non-human identity across their environment.

Broader Context: Cisco's AI Security Strategy

This acquisition is the second AI-management-related purchase by Cisco in recent weeks. In April, Cisco announced plans to acquire Galileo Technologies, an AI observability firm whose platform provides real-time guardrails and monitoring for multi-agent system development. Galileo's technology will strengthen Cisco's Splunk observability portfolio, bringing improved agent monitoring capabilities and protection to the agent development lifecycle. Together, these acquisitions signal Cisco's commitment to building a comprehensive security and observability suite that addresses the unique challenges of AI-driven ecosystems.

The market for AI agent security is rapidly expanding as more organizations deploy autonomous agents for tasks ranging from customer service to network management. Gartner predicts that by 2027, 40% of enterprises will have deployed some form of AI agent technology, up from less than 5% in 2024. This growth brings increased risk, as compromised agents can lead to data breaches, unauthorized access, and compliance violations. Cisco's move to integrate Astrix's capabilities into its existing network and security infrastructure positions the company to capture a significant share of this emerging market.

Industry analysts have praised the acquisition, noting that the combination of Cisco's extensive enterprise reach and Astrix's specialized technology could set a new standard for agent security. Forrester Research pointed out that traditional IAM solutions were not designed to handle the scale, dynamic nature, and autonomy of AI agents. Astrix's approach, which focuses on real-time discovery, continuous monitoring, and automated remediation, addresses these gaps more effectively than many existing tools.

From a technical perspective, Astrix integrates with existing cloud platforms, identity providers, and CI/CD pipelines to maintain a continuous inventory of all agent identities. It uses machine learning to establish baseline behaviors and detect anomalies that may indicate a security incident. The platform can automatically restrict permissions or revoke credentials when suspicious activity is detected, reducing the window of exposure. Moreover, Astrix provides audit trails and compliance reporting that help organizations meet regulatory requirements such as SOC 2, HIPAA, and PCI DSS as they adopt agentic workflows.

The financial terms of the Astrix acquisition were not disclosed, but given the strategic importance of AI security, it is likely a significant investment. Cisco's security business has been a growth driver for the company, and adding AI-specific capabilities is expected to further accelerate momentum. The deal is expected to close in the coming months, subject to regulatory approvals.

In a broader sense, the race to secure AI agents is just beginning. Competitors such as Microsoft, Okta, and various startups are also developing NHI management solutions. However, Cisco's unique position as a provider of both network infrastructure and security software gives it a distinct advantage. By embedding agent security into its existing access control and identity management platforms, Cisco can offer a seamless, integrated experience that reduces complexity for IT teams.

As AI agents become more pervasive, the need for a structured approach to their security will only intensify. The Astrix acquisition is a clear signal that Cisco intends to lead in this space, providing the tools and visibility that organizations need to adopt AI with confidence. With the combination of Astrix's agentic identity security and Galileo's observability intelligence, Cisco is building a formidable suite to address the full lifecycle of AI agent management—from development to deployment to ongoing protection.

Source: Network World News

Founded in 2020, Bolt Graphics' Zeus GPU has just taped out – meaning design and development are done and it's on to manufacturing — on TSMC's 12nm process and is targeting a 2027 release. The company claims 5x faster path tracing than Nvidia RTX 5090 at a 250W power draw, compared to the 5090's 575W draw. It has previously claimed 10x rendering gains vs the 5090.

Zeus isn't just for graphics and gaming, however. Bolt is targeting HPC as well. It says its HPC accelerator version of Zeus can reach up to 20 TFLOPs of FP64 performance, well above the 1.423 TFLOPs of the Nvidia RTX6000 Ada Lovelace card at FP64. Bolt also claims Zeus performs electromagnetic wave simulations 300x faster than Nvidia's B200.

Zeus also features two features unique to GPU cards. First, it offers two SO-DIMM memory (the same kind used in laptops) slots on the card in addition to the LPDDR memory for a whopping 384GB of memory. Second, it has native 400GbE and 800GbE Ethernet support for direct, large-scale GPU interconnects.

Going up against Nvidia and AMD may seem like a hopeless effort, but Jon Peddie, president of graphics consultancy Jon Peddie Research, likes their chances. “They are taking a dedicated approach, with a new and novel architecture,” he said. “Brand wise, it'll be uphill until they get discovered, but that's the gamer market. They are also getting good reception in the studios and ad agencies, and complex engineering in RF radiation, acoustics, and other EM fields up to radiation.”

Peddie says the desktop graphics (i.e. gaming) is their least interesting market because it is so narrowly focused. “They offer real-time, photorealistic and accurate frames all the time – no AI tricks – that's critical in engineering and science, and the high-end studios demand it, too, to preserve their copyright art,” he said.

The company expects Zeus to enter production in Q4 2027.

To understand the significance of Bolt Graphics' claims, it's essential to look at the current landscape of the GPU market. Nvidia dominates not only the consumer gaming segment with its GeForce RTX series but also the professional visualization and HPC markets with its Quadro and Tesla/Ampere lines. AMD's Radeon and Instinct cards offer strong competition but typically trail in raw compute and ray tracing performance. Intel's Arc series has struggled to gain traction, especially in the high end.

Bolt Graphics is entering this fray with a fundamentally different architecture. Rather than relying on massive parallel processing units optimized for AI and graphics, Zeus leverages a unique compute fabric designed for both path tracing and scientific simulation. The company's use of TSMC's 12nm process may seem outdated compared to Nvidia's 4nm or even 3nm nodes, but Bolt argues that their architectural efficiency allows them to achieve higher performance per watt. The 250W power draw at claims of 5x performance over a 575W Nvidia card is an extraordinary claim that requires validation.

The inclusion of SO-DIMM memory slots is unusual. Most modern GPUs use soldered GDDR or HBM memory. By allowing users to plug in standard laptop memory modules, Bolt gives customers the flexibility to add up to 384GB of system memory, far exceeding the typical VRAM capacities of high-end cards. This is particularly valuable for large-scale data processing, scientific simulations, and machine learning workloads that require massive datasets to be stored on the GPU.

Equally innovative is the native Ethernet support. While Nvidia's NVLink and AMD's Infinity Fabric provide high-speed interconnects, they are proprietary and often require specific hardware. Bolt's integration of 400GbE and 800GbE Ethernet allows Zeus cards to be connected directly in a standard data center network, simplifying cluster scaling and reducing cost. This could be a game-changer for small-to-medium HPC facilities that cannot afford specialized networking equipment.

The HPC version's FP64 performance of 20 TFLOPs is particularly noteworthy. FP64 (double-precision floating point) is critical for scientific computing, weather modeling, molecular dynamics, and financial simulations. Nvidia's consumer and professional cards typically cap FP64 performance at a fraction of TFLOPs to differentiate their data center lines. By offering high double-precision throughput in a single GPU, Zeus could disrupt the supercomputing market, especially in academic and research settings.

Bolt Graphics' claims of 300x faster electromagnetic wave simulations than Nvidia's B200, if true, would be a massive leap. Electromagnetic simulation is used in antenna design, radar, and high-frequency electronics. Faster simulations enable engineers to iterate more quickly, reducing design cycles. The company appears to be targeting verticals that have not been fully addressed by existing GPU solutions, such as RF engineering, acoustics, and complex EM field analysis.

Jon Peddie's endorsement adds credibility. Peddie is a well-respected industry analyst who has witnessed many GPU startups succeed and fail. He points out that Bolt's architecture is novel and dedicated, not just repurposed consumer components. The reception in studios and ad agencies suggests that creative professionals who need photorealistic rendering without AI upscaling are an early adopter segment. This aligns with Peddie's observation that accurate rendering, not AI-generated tricks, is critical for preserving artistic intent.

The timeline for Zeus is aggressive but plausible. Taping out on 12nm in early 2025 (the article is dated May 2026, so taping out would be around now) and ramping to production by Q4 2027 gives Bolt two years to secure manufacturing capacity and validation. However, bringing a new GPU to market involves enormous capital, and scaling up foundry capacity at TSMC is challenging. Bolt will need to convince investors and customers that its performance claims are real.

One open question is software ecosystem. Nvidia's CUDA platform is deeply entrenched in HPC and AI. Without robust software support, even the most powerful hardware may struggle. Bolt Graphics likely plans to provide its own SDK and compiler, but adoption will take time. The company's focus on specific workloads like electromagnetic simulation suggests it is building a dedicated stack for niche applications rather than trying to replace CUDA entirely.

Pricing is also unknown. If Zeus can deliver 5x performance at half the power, it could command a premium price. Alternatively, Bolt may undercut Nvidia to gain market share. For the gaming market, the card might be too exotic for mainstream consumers, but enthusiasts seeking the ultimate ray tracing performance might be interested.

The broader implications of Bolt Graphics' entry into the GPU market are significant. If successful, it signals that there is room for innovative architectures that challenge Nvidia's dominance. The company's emphasis on power efficiency, expandable memory, and direct Ethernet interconnect could set new standards for both gaming and compute. Even if Zeus only captures a small fraction of the market, it may force Nvidia and AMD to reconsider their roadmaps.

In summary, Bolt Graphics is making bold promises with its Zeus GPU: 5x path tracing performance over Nvidia's best, 20 TFLOPs of double-precision compute, up to 384GB of memory via laptop-style SO-DIMMs, and native 400GbE/800GbE connectivity. The company targets HPC and professional visualization first, with gaming being a secondary market. Production is slated for late 2027. While skepticism is warranted given Nvidia's track record, the novel architecture and positive industry reception suggest Bolt Graphics could be a disruptor in the coming years.

Source: Network World News

Employers are paying premium bonuses equal to 20% to 24% of base salary for noncertified IT skills, while leading certifications are earning premiums ranging from 11% to 18% of base salary. The data was collected through early 2026, reflecting the ongoing transformation of IT roles as artificial intelligence becomes deeply embedded in business operations.

The Shift from Experimentation to Execution

Organizations are no longer simply experimenting with AI; they are moving to full-scale deployment. This shift demands professionals who understand how to architect, govern, secure, and operationalize interconnected technology ecosystems. Certifications tied to governance, architecture, cloud security, AI engineering, and advanced cybersecurity are outperforming much of the broader certification market. Employers are rewarding integrated skill combinations that connect AI engineering, cloud infrastructure, cybersecurity, governance, analytics, automation, and enterprise architecture into operational systems that can scale.

The highest-paying noncertified skills are focused on AI engineering, predictive analytics, governance, cybersecurity, distributed computing, and data architecture. Specific skills topping the list include risk analytics and assessment, AI engineering, AIOps, AI agents, cryptography, data architecture, LLMOps, machine learning, predictive analytics, and threat detection and management.

The Value of Certifications

On the certification side, the highest-paying credentials include the Certified Artificial Intelligence Scientist (CAIS), MIT's AI and machine learning certifications, GIAC security certifications, CGEIT, CISSP, CISA, and TOGAF 9 Certified. The top-paying certification overall is CAIS, which earns average cash pay premiums equivalent to 18% of base salary. Certifications relevant to networking and security professionals include Cisco Certified Network Professional – Security, Cisco Certified Cybersecurity Professional, Microsoft Certified Azure Cybersecurity Architect Expert, CISSP, CISA, CRISC, CCSK, GIAC Security Expert, GIAC Security Professional, and GIAC Cloud Architecture & Design.

Networking and Security Skills in Demand

Research highlights key networking-related noncertified skills, including network architecture, security architecture and models, threat detection and modeling, cyber threat intelligence, identity access management, DevSecOps, site reliability engineering, microservices, event-driven architecture, and Splunk. Risk analytics and assessment ranks as the single highest-paying noncertified IT skill, earning average cash pay premiums equal to 24% of base salary. This underscores the growing importance of understanding and mitigating cyber risk in complex hybrid environments.

There is also growing demand for AI-adjacent specialties, including prompt flow, retrieval augmented generation (RAG), AI model optimization, Azure AI/ML services, and hybrid reasoning in large language models. These skills enable professionals to fine-tune AI systems, integrate them into business applications, and ensure they deliver reliable, secure outcomes.

Why These Skills Command Premiums

The surge in pay for AI and cybersecurity skills reflects a fundamental change in how enterprises operate. AI is no longer a standalone project; it is woven into everything from customer service to supply chain management. Cybersecurity has become a boardroom priority as threats grow more sophisticated. Data architecture and governance ensure that AI models are built on trustworthy data and comply with regulations. Distributed systems expertise is essential for managing the cloud-native, microservices-based infrastructure that powers modern applications.

Employers are seeking professionals who can bridge the gap between technical execution and business strategy. A deep understanding of AI engineering is valuable, but so is the ability to communicate risks to executives and design systems that align with corporate goals. This holistic approach is what distinguishes top earners in the IT market.

The trend is likely to continue as AI adoption accelerates. Companies that invest in upskilling their workforce and rewarding critical expertise will be better positioned to compete in an increasingly digital world. For IT professionals, focusing on AI, cybersecurity, and governance represents a clear path to higher compensation and career growth.

In addition to technical depth, employers value certifications that validate strategic thinking and enterprise-level capability. The research indicates that certification pay premiums are holding steady or increasing for credentials that are directly tied to business outcomes. Certifications like CAIS and CISSP not only demonstrate technical knowledge but also a commitment to best practices and continuous learning.

The report also notes that while noncertified skills can earn high premiums, certifications provide a benchmark for employers to quickly assess a candidate's expertise. For professionals, earning a recognized certification can be a differentiator in a competitive job market.

As the demand for AI and cybersecurity talent continues to outpace supply, organizations are offering aggressive incentives to attract and retain top performers. The compensation data suggests that these roles are becoming some of the most lucrative in the IT industry. For those considering a career shift or skill upgrade, the message is clear: AI engineering, cybersecurity, governance, and data architecture are where the highest rewards lie.

Source: Network World News