Kategorie

A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues that leave critical energy infrastructure vulnerable to cyber threats. The findings are based on [email protected]

Over time on Windows systems, it’s inevitable that old device drivers get supplanted by new ones. Even on systems where drivers aren’t rigorously maintained, Windows Update will typically update at least a dozen drivers annually.

Those who pursue driver currency more vigorously may also use tools like the Intel Driver & Support Assistant (DSA), the NVIDIA App (which checks Nvidia graphics, sound, and 3D drivers), or general driver management tools such as ioBit’s Driver Booster or the SourceForge Snappy Driver Installer project to check and update drivers on Windows 10 or 11 PCs. Intel and Nvidia offerings concentrate on devices they make, whereas general-purpose driver update tools check all of them and point you at newer ones, with varying degrees of help and support in getting them installed.

Neither vendor-specific nor vendor-agnostic update tools remove old drivers as they cheerfully add new ones. Thus, while every driver update tool that I know of helps keep drivers up to date, they do nothing to relieve driver bloat. In fact, the Intel DSA is spectacularly good at adding to driver bloat, as you’ll see later in this story.

Unnecessary device drivers each up storage space. They may even slow down your system, so it’s good PC maintenance practice to clear out drive cruft.

Before I explain how to do that, let’s explore what’s involved when a driver gets installed under Windows.

What happens when you install a Windows driver?

This is actually quite a fascinating process and involves a lot of behind-the-scenes action in Windows. For this discussion, I’ll stick to so-called Plug and Play (PnP) devices. These are purpose-built to announce themselves to Windows so that it can assist in finding a device driver to use, if not always the latest and greatest one. My information comes courtesy of the terrific Microsoft Press book Windows Internals (7th edition in 2 volumes, as of this writing).

Here’s the process:

1. A bus driver informs the PnP manager about a device it discovers during enumeration using a device instance identifier (DIID).
2. The PnP manager checks the registry for a corresponding function driver. When it fails to find one, it tells the user-mode PnP manager about that device using its DIID.
3. The user-mode PnP manager tries to perform an automatic install without user input or intervention. For installers that involve posting of dialog boxes requiring user input, the PnP manager executes a Hardware Installation Wizard to oversee such task(s) if the logged-in user has admin privileges. (If not, this activity will be deferred until an admin-level user next logs in.)
4. The Hardware Installation Wizard uses Setup and CfgMgr (Configuration Manager) API functions to locate INF files that correspond to drivers that are compatible with the detected device. Mostly, this involves accessing such files from the local file system (or media like a CD or DVD) at the user’s direction.
5. Installation proceeds in two steps: (a) The third-party driver installer imports a driver package into the driver store, and (b) the OS performs the actual driver installation, using the Drvinst.exe process (the executable for which resides in %SystemRoot%System32). As part of that process, .inf and .cat files are deposited in the driver store associated with a DIID that takes the form of oemnnn.inf, where nnn represents a one- to three-digit decimal number. (Note: if you want to find this nnn number for any driver in the store — known as an index — you must use NirSoft’s excellent DriverView utility. The tool I recommend in this story won’t show it to you.)

This driver-handling process as documented says nothing about cleaning up older drivers present in the Windows driver store (in %SystemRoot%System32DriverStoreFileRepository). Hence, this article focuses on investigating the contents of that driver store and removing older and/or obsolete items to reduce its on-disk footprint.

Warning! There’s an important downside to consider when removing elements from the driver store. If you remove all drivers except for the most recent one(s), you will not be able to use the Roll Back Driver option in the Properties window for the related device in Device Manager. That’s provided to help users revert to an earlier version of the driver, should the current one prove unstable.

Indeed, when only one driver is present for a Windows device, the Roll Back Driver button is grayed out and inaccessible (see Figure 1) in its properties window.

Figure 1: When only one driver version resides in the Windows Store, rollback is unavailable.

Ed Tittel / Foundry

A more conservative approach to pruning your driver store might therefore be to keep the two most current drivers for any given device, rather than only the most current one. I myself do not follow this approach, except for drivers that are updated frequently or when using a beta driver. Those who maintain deployment images would be well-advised to follow this advice when testing drivers (and candidate deployment images). But all extraneous files, including duplicate or obsolete drivers, should indeed be pruned from images prior to deployment.

Getting the lowdown on device drivers in Windows 10 and 11

For modern Windows versions (10 and 11) there’s an excellent tool available to explicitly observe and manage the Windows driver store. That tool comes from GitHub, and it’s called Driver Store Explorer (also known as RAPR.exe). Version 0.12.135, the current version as of this writing, works quite well with both Windows 10 and 11.

To operate on the driver store, you must run RAPR.exe with administrative privileges (right-click the filename and then select “Run as administrator” from the resulting pop-up menu). Next, you must enumerate the items in the driver store, which produces a display that looks like Figure 2.

Figure 2 shows my Lenovo ThinkStation P3 Ultra 2’s driver store after cleaning it up with RAPR. Before cleanup, it had 925 drivers; after cleanup there were 906 left. Thus, 19 were removed. This reduced the size of the Driver Store from 6.44GB to 5.91GB, to recover 0.53GB of disk space, based on properties for the FileRepository folder in which driver files reside. Then I went looking for and deleted duplicate entries: that brought the count down to 897, and the size to 5.87GB (an additional savings of 0.04GB, for a total 0.57GB).

Figure 2: After cleanup, the P3 Ultra dropped 19 drivers; removing dupes dropped 9 more.

Ed Tittel / Foundry

To give you an idea of what can happen to this repository for driver files, I’ve seen the total item count on this same machine go as high as 1200, of which more than 150 items were duplicated Intel drivers of one sort or another (mostly Bluetooth or Wi-Fi). If you click on any of the column heads shown in this display, the listing will re-sort itself based on values in that column.

As I mentioned earlier, the Intel DSA and Nvidia apps are the worst offenders when it comes to causing driver bloat. Intel’s tool seems particularly prone to deposit up to dozens of copies of the same driver in the driver store. My example cleanup, depicted in Figure 3 later on, shows seven instances for each of two Bluetooth USB devices. All are named “ibtusb.inf” because the target PC has two sets of USB ports, and each one uses a separate driver instance.

Note: For whatever reason, if you have multiple instances of devices on (or in) your PC, you must indeed have a separate copy of a driver package (oemnnn.inf) for each one — that’s why you shouldn’t always remove what might look like unnecessary duplicates of the same driver on a PC. But high counts of the same driver — or worse, high counts of multiple versions of drivers for the same device — usually warrant cleanup. Fortunately, RAPR can handle this on your behalf.

Clearing out excess drivers using RAPR

To prune old drivers, click the Select Old Driver(s) button at the top right, then click Delete Driver(s). RAPR handles the rest for you.

And don’t worry: RAPR will not delete any drivers currently in use. That’s what the “Force Deletion” option is for, but you’ll seldom need it. The only times I’ve ever used RAPR’s force delete capability is when multiple sources of good advice have urged removal of a bad or questionable driver so that it can be replaced with a different, working, and older version. This is especially likely for printer drivers, for some reason.

Figures 3 and 4 show a before and after sequence to illustrate what typical cleanups involve.

Figure 3: The P3 Ultra shows 18 copies of ibtusb.inf and two of ibtpci.inf.

Ed Tittel / Foundry

Figure 4: After cleanup, just two copies of itbusb.inf and one of ibtpci.inf.

Ed Tittel / Foundry

Multiple devices each require a separate driver instance. Turns out the P3 Ultra has two sets of Bluetooth USB devices, so two drivers stay behind even though I tried to delete one of those. When you consider that typical graphics adapters can exceed 1GB in size, and ordinary devices range from 2MB to 35MB, it’s easy to understand how dropping unneeded entries frees up real space.

There’s one thing about RAPR worth recognizing: if a system includes multiple copies of the same up-to-date driver, the Select (Old Drivers) button won’t remove them automatically. In such cases, you’ll have to do that manually. I usually do so one section at a time, leaving the topmost instance of the same driver behind. FWIW, that seems to work pretty well.

Special note: Windows printer drivers, old and new

In March 2021, Microsoft unleashed its Universal Print architecture. Since then, most printers work with the same, simple set of print drivers. These are easily obtained and maintained through Windows Update, and they work reliably and well. For PCs or networks with older printers, one must still visit the maker’s website to download drivers tailored to run on specific printers (and printer configurations, in some cases).

Older printer drivers may stubbornly resist removal, even in RAPR, and even using its force deletion capabilities. The secret is to remove the printer from what’s visible (or connected to) a PC before messing with drivers. Then, you can more easily remove old ones. Indeed, new ones will nearly always install themselves once you hook up to or establish a connection with the printers whose drivers you wish to update. Consider this a word to the wise.

When is driver store cleanup needed?

An old internet saying also applies to Windows system optimization and cleaning: YMMV, an acronym for “your mileage may vary.” This means that different systems or deployment images will exhibit different behaviors, values, and so forth.

With that in mind, take a look at the properties for your driver store directory: if its size is over 5GB in Windows 10 or 10GB in Windows 11, I’d fire up RAPR and see what it can find. If it’s over 8GB in Win10 or 15GB in Win11, you’ll definitely want to see what’s in there and get rid of what you no longer need or want. I’ve seen some instances where the folder’s size exceeded 20GB. Trust me: you don’t want to let things go that far.

Note for admins: When you update a deployment image for distribution, you will often update items in the driver store. Because this does not automatically clean up older entries as you add new ones, you must use RAPR (or some equivalent command-line shenanigans) to clean out duplicate and obsolete entries. The only thing worse than extra, unneeded drivers in the store on one PC is as many such copies as you’ve got images running in your enterprise!

With Nvidia display drivers typically consuming 2 to 2.5GB per copy (or version), keeping older drivers around is a huge waste of space. You can keep two versions for safety if you like (simply uncheck the next-to-most-recent version after using RAPR’s Select Old Driver(s) option), but there’s no reason to keep more than two in the driver store. For a clean and tested deployment image, it should have only as many copies of any driver as it needs. (Before I started doing regular cleanups myself, I might find a dozen or more Nvidia display drivers on a PC with a one-to two-year-old OS image running.)

By policy, I schedule driver cleanups quarterly through a calendar reminder. In actual practice, I tend to check things more often than that. It’s not unusual for me to run RAPR after Patch Tuesday comes and goes, just to see what’s changed on my PCs. You can, of course, do as you like – just be sure to do this at least once or twice a year.

You really have to work at it to hurt yourself using RAPR, so you needn’t feel compelled to make an image backup before cleaning up your driver store. But because I’m a “belt-and-suspenders” kind of guy, I’ve gotten into that habit, just in case I accidentally remove something it turns out I really need. You can always reload that backup from the repair/recovery media for your PC if you wind up with a failing or unbootable machine after a too-aggressive cleanup. (Or you can mount the old image as a VM inside many backup utilities, such as Macrium Reflect Free, and pluck the drivers you need from that driver store using RAPR’s export and install tools.)

Who knows? Either could come in handy. With a backup you can clean up whatever you want, whenever you want without fear.

This article was originally published in November 2015 and most recently updated in January 2026.

Desktop as a Service (DaaS) has made some radical strides and improvements in recent years, making it a more compelling alternative to Virtual Desktop Infrastructure (VDI) — and to traditional PC deployment and management.

DaaS is a cloud-based offering where a provider hosts virtual desktops and streams them over the internet to users’ devices, delivering a complete desktop environment that includes the operating system, apps, files, and user settings from remote cloud servers instead of running them on local PCs.

That sounds an awful lot like VDI, but there are considerable differences. VDI is hosted in a company’s own data center, while DaaS is hosted in the cloud service provider’s data center. With VDI, it’s up to the customer to buy, deploy, and manage the infrastructure and provide the operating environment. With DaaS, the hosting, hardware, and software environment are all managed by the CSP. That translates to a lot less work for the customer.

​And Gartner sees a bright future for DaaS. In its recently released 2025 Magic Quadrant for Desktop as a Service report, the analyst firm predicted that by 2027, virtual desktops will be cost-effective for 95% of workers, compared to 40% in 2019, and in the same time frame, virtual desktops will be used as the primary workspace for 20% of workers, up from 10% in 2019.

Sunil Jason Kumar, a senior director and analyst with Gartner who co-authored the study, attributes this shift to improved offerings from CSPs. “A lot of the vendors are taking care of the management, so there’s less for the organization to have to do. You don’t need the high level of skill set that you needed in the past to get a virtual desktop environment up and running. That helps a lot,” he said.

Bye bye, VDI

Gartner forecasts DaaS spending to grow from $4.3 billion in 2025 to $6.0 billion by 2029, a 7.9% compound annual growth rate. The VDI market is shrinking as customers migrate on-premises workloads to DaaS, Kumar said.

“Gartner rarely speaks to an organization that is planning to deploy a new on-premises VDI solution,” the report stated. “Net-new deployments are almost exclusively using DaaS, and on-premises deployments are either migrating to DaaS or moving to a cloud control plane, except for a few land-locked use cases.”

Simplified deployment, management, and costs are key to DaaS’ appeal:

• For vendor-assembled and vendor-managed virtual desktops, the DaaS vendor is responsible for the delivery of the virtual desktop. With VDI, the customer is responsible for making sure that their users can connect to virtual desktops.
• With vendor-assembled and vendor-managed DaaS, organizations typically pay a fixed cost per user per month rather than a consumption-based cost. This makes management simpler and cheaper.
• VDI requires a virtualized server infrastructure. This was often handled by a different team than the end-user services / digital workplace team. DaaS solutions do not require this since the workloads are in the public cloud.
• Finally, most outsourced virtual desktop solutions were previously customized for each client. With vendor-managed DaaS, there are now scalable multi-tenant solutions where customers can offload most of the virtual desktop management to the vendor without having high up-front costs and commitments for a custom-built solution.

But Gartner is not predicting the outright demise of VDI. There are still a good number of organizations that have an on-premises environment, and some are reluctant to change from VDI to DaaS.

“If anybody is going to be a holdout, it’s going to be more security-conscious type organizations,” Kumar said. “But I’m seeing more and more organizations adopt the cloud, and it’s just become more commonplace,” whereas “in the past there was some resistance.”

Considering TCO

For companies deciding between traditional PC purchases and DaaS, a core consideration is total cost of ownership. One factor that may tip the balance in favor of DaaS for some IT buyers nowadays is the inclusion of analytics and automation tools. With end-user services like DaaS, digital employee experience (DEX) tools are commonly deployed to perform analytics, automation, and self-healing for employee devices.

Gartner estimates that the TCO of a laptop with no analytics or self-healing tools (in a typical laptop deployment) to be around $2,440 per device per year, while a laptop with analytics and self-healing tools (offered by the DaaS provider) has an annual TCO of $1,936.

With automated support and self-healing, that means less human interference is needed. And because DaaS is provided and hosted by a third party, that’s an expense the customer does not have to endure. Microsoft — or another DaaS provider — is managing, repairing, and upgrading your desktops so you don’t have to.

Microsoft has two main DaaS offerings. First is Azure Virtual Desktop (AVD), the lower-cost self-assembled DaaS offering first introduced in 2019. It offers a consumption model without virtual desktop software licenses, so costs are infrastructure related, such as for compute, storage, and networking. 

Second is Windows 365, a vendor-assembled DaaS offering that offloads some of the virtual desktop management, including the delivery of the virtual desktop. Windows 365 runs in Microsoft’s tenant rather than the customer tenant, making it easier to get up and running for organizations that do not already have a presence in Azure.

Other leading DaaS vendors include AWS, which offers Amazon WorkSpaces; Omnissa (formerly VMware EUC) with Omnissa Horizon, and Citrix, which has both VDI and DaaS offerings. Google Cloud is focused on virtual apps rather than virtual desktops, Kumar said.

Golden opportunity

Going into 2026, there has never been a better opportunity for DaaS to gain significant ground. A major PC refresh cycle is predicted to take place, for a few reasons. Many laptops deployed during the COVID lockdown are now five years old and coming off warranty. And Microsoft has ended support for Windows 10, which will also drive upgrades of older machines.

DaaS is also getting a boost as more companies hire people globally, says Dvir Shapira, chief product officer for Venn, which makes secure workspace software for remote users. That includes Venn itself. “We’re hiring people in in Eastern Europe, in South America. There’s great talent [there], and it’s much more cost effective [to use DaaS],” he said.

In most organizations, of course, DaaS is not an all-or-nothing strategy. The question is which users should move to DaaS and which should remain on traditional desktops and notebooks.

Kevin Greenway, CTO at 10ZiG Technology, which specializes in thin-client and no-client endpoints, says it can vary from company to company, as well as by sector/vertical. Common practice is to select a combination of the most complex or “noisy” users (those who are open to providing feedback/complaints) and users who work at a specific location or within a specific department to pilot DaaS, he said.

These are typically made up of knowledge workers who require office and productivity applications, including communication and collaboration apps like Microsoft Teams, Zoom, or Cisco Webex. 

Venn’s Shapira said DaaS is rolled out selectively in most organizations, with the first to receive it generally the users with the most leverage or visibility. “Executives and other high-priority roles often get access to multiple endpoint options, whether a company-issued device or a personal device with DaaS, because their productivity needs tend to carry more weight,” he said.

Then deployment usually expands to teams handling sensitive data, such as developers working with personally identifiable information (PII), followed by geographically distributed groups or offshore teams that benefit from standardized access. Employment status also factors in. For example, full-time employees are typically covered earlier than contractors, said Shapira.

Users who typically wouldn’t get a DaaS setup include those with requirements for offline capability, those who work in remote locations with unreliable connectivity, any roles with low latency requirements, and users with heavily complex display requirements, said Gartner’s Kumar.

The AI factor

AI is permeating every sector of technology, and user devices are no exception. Greenway is bullish on the role of AI in a DaaS environment. “AI is geared around data center models, and that’s essentially what DaaS is — workloads are running on cloud-based data centers already equipped with Nvidia GPUs,” he said.

Gartner hasn’t seen AI have much of an impact on virtual desktops so far, according to Kumar. “Essentially, no, it is not having an impact,” he said. “It certainly may in the future.”

Shapira said the arrival of AI is driving the need for greater desktop control. “The workforce is changing because of AI,” he said. “I don’t think there are any developers right now who are not using AI in their development process, so AI is now touching your code base. It introduces another level of risk, and I think that is something that is definitely going to drive people towards environments like DaaS or VDI, because IT is losing more and more control over where their data is going.”

Kumar said if there is a challenger to DaaS, it’s cloud-based apps like those offered with Microsoft 365. IT may decide to make it very easy to manage its Windows laptops by delivering a browser, Teams, and the Microsoft 365 suite virtually.

“Organizations that can take a step further and move to virtual applications, as opposed to virtual desktops, can get better cost savings, because it’s not consuming as much in the cloud, and you have a little bit better redundancy,” he said.

More from Andy Patrizio:

• AGI explained: Artificial intelligence with humanlike cognition
• Does agentic AI spell doom for SaaS?
• Should you buy AI PCs for your workforce?

Beyond the direct impact of cyberattacks, enterprises suffer from a secondary but potentially even more costly risk: operational downtime, any amount of which translates into very real damage. That’s why for CISOs, it’s key to prioritize decisions that reduce dwell time and protect their company from risk.  Three strategic steps you can take this year for better results: 1. Focus on today's

Beyond the direct impact of cyberattacks, enterprises suffer from a secondary but potentially even more costly risk: operational downtime, any amount of which translates into very real damage. That’s why for CISOs, it’s key to prioritize decisions that reduce dwell time and protect their company from risk.  Three strategic steps you can take this year for better results: 1. Focus on today'[email protected]

SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE). The list of vulnerabilities is as follows - CVE-2025-40536 (CVSS score: 8.1) - A security control bypass vulnerability that could allow an unauthenticated

SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE). The list of vulnerabilities is as follows - CVE-2025-40536 (CVSS score: 8.1) - A security control bypass vulnerability that could allow an unauthenticated Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Google on Wednesday announced that it worked together with other partners to disrupt IPIDEA, which it described as one of the largest residential proxy networks in the world. To that end, the company said it took legal action to take down dozens of domains used to control devices and proxy traffic through them. As of writing, IPIDEA's website ("www.ipidea.io") is no longer accessible. It

Google on Wednesday announced that it worked together with other partners to disrupt IPIDEA, which it described as one of the largest residential proxy networks in the world. To that end, the company said it took legal action to take down dozens of domains used to control devices and proxy traffic through them. As of writing, IPIDEA's website ("www.ipidea.io") is no longer accessible. It Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

The US Department of Energy (DoE) program that would see three new experimental commercial nuclear reactors launched by July 4 is the driver behind the secret rewriting of nuclear safety and security standards, says a report released Wednesday by NPR.

It said, “sweeping changes [which have not been made public] were made to accelerate development of a new generation of nuclear reactor designs” known as small modular reactors (SMRs).

The report also noted that the project is being “backed by billions in private equity, venture capital and public investments. Backers of the reactors, including tech giants Amazon, Google and Meta, have said they want the reactors to one day supply cheap, reliable power for artificial intelligence.”

NPR stated that it had obtained copies of over a dozen of the new orders, which “slash hundreds of pages of requirements for security at the reactors.”

Rules watered down

The news organization said that the revised set of rules includes:

• Loosened groundwater rules: “Protection of groundwater is no longer a ‘must.’ Rather companies must give ‘consideration’ to ‘avoiding or minimizing’ radioactive contamination. Requirements for monitoring and documentation are also softened.” The requirement to use the “best available technology” to protect water supplies was also removed, and the words “should be” or “may be” were substituted for “prohibited” and “must” in the regulations.
• Environmental protections stripped: “Rather than requiring protection of the environment, the new order suggests ‘minimizing’ environmental impacts ‘if practical.’”
  For example,  “radiological activities that have the potential to impact the environment must be conducted in a manner that protects populations of aquatic animals, terrestrial plants, and terrestrial animals in local ecosystems from adverse effects due to radiation and radioactive material released from DOE operations” became the watered-down “consideration may be given to avoiding or minimizing, if practical, potential adverse impacts to aquatic animals, terrestrial plants, and terrestrial animals in local ecosystems from radiation and releases of radioactive material, using a graded approach.”
• Security rules slashed: Hundreds of pages of security rules were trimmed from the new orders. More than 500 pages of documentation was reduced to a 23-page order, reducing several critical areas to bullet points.
• Radioactive waste management guidelines truncated: The NPR noted that a 59-page manual was condensed into a 25-page order that omitted requirements for waste packaging and monitoring.

The threshold for accident investigations has also been changed. NPR stated, “the new order raises the bar for an official accident investigation from incidents that expose workers to two times the legal dose of radioactive material, to those at four times.”

It said that the DoE’s justification for the changes was, “the reduction of unnecessary regulations will increase innovation in the industry without jeopardizing safety.”

However, NPR noted, “The new orders strip out some guiding principles of nuclear safety, notably a concept known as “As Low As Reasonably Achievable” (ALARA), which requires nuclear reactor operators to keep levels of radiation exposure below the legal limit whenever they can. The ALARA standard has been in use for decades at both the Department of Energy and the Nuclear Regulatory Commission.”

It pointed out, “Removing the standard means that new reactors could be constructed with less concrete shielding, and workers could work longer shifts, potentially receiving higher doses of radiation.” That could lower construction and operating costs for the new plants.

Not just a regulatory decision

Sanchit Vir Gogia, chief analyst at Greyhound Research, said, “[the DoE’s] quiet dismantling of foundational nuclear safety protocols is not just a regulatory decision, it’s a wholesale redrafting of how enterprise infrastructure risk will be allocated in the years ahead. Historically, nuclear safety has been defined not only by engineering rigor but by layered governance, independent oversight, and traceability across systems.”

Enterprise leaders that are evaluating SMR-backed power solutions, he said, “must now accept that the reactor fueling their AI cluster may be governed by internal directives that are not published, independently audited, or publicly challengeable.”

Gogia pointed out, “this is not a risk that sits at the grid edge. It flows all the way into boardrooms, risk registers, and business continuity plans. The absence of oversight is not neutral. It functions as a debt instrument, with interest accumulating until the moment failure occurs.”

He said, “[it is] now incumbent on CIOs, infrastructure leaders, and sustainability officers to recreate that risk scaffolding contractually, procedurally, and operationally or prepare to inherit the consequences when design intent is outrun by operational ambiguity.”

Hyperscalers may have reason to be worried

Brian Jackson, principal research director at Info-Tech Research Group, said, “the only way to look at this from a tech angle is to put yourself in the shoes of the hyperscalers that are directly incentivized to find ways to power their AI data centers. So they are funding the development of these modular nuclear reactors, and now we hear that perhaps safety shortcuts are being taken to produce them more quickly.”

He pointed out, “[if] I am Google / Meta / Amazon, I’m worried about this. It’s not that we expect these data center sites to host nuclear reactors, so it’s not about the direct risk of a radioactive event. But since they are funding them, there’s reputational risk if the reactors melt down and harm people or the environment.”

Jackson said that there is already a lot of social pushback against the expansion of data centers for AI. There are environmental concerns about the use of water, the amount of power to be consumed, and the possible emissions that go along with it. Funding nuclear power sources, he said, “is supposed to be a way [for hyperscalers] to mitigate those reputational risks, since they don’t contribute to carbon emissions. But if the nuclear power plant negatively impacts worker or citizen safety, or contaminates the environment, that’s an issue.”

The process by which the regulations have been changed is also an issue. Matt Kimball, VP and principal analyst with Moor Insights & Strategy, said that he does not think that anyone likes to see rules and regulations rewritten or edited behind closed doors. “These kinds of actions make it easy for the public to be suspicious. And it is a little difficult to fully comment on the rule changes implemented, as they appear significant.” 

However, he added, “if these rule changes were made to enable an accelerated path to employing small modular reactors (SMRs), I can see where perhaps some changes were required, or a separate set of rules [needed] around deploying an SMR. When it comes to SMR technology, it is designed to be less impactful on the environment. Partly because of size (significantly less fuel) and partly because of design.”

‘Referee now plays for the home team’

Kimball pointed out that while an SMR works on the same principle as a large-scale nuclear plant, using controlled fission to generate heat which is then converted to electricity, its design reduces environmental impacts such as groundwater contamination, water use, and the impact in the event of failure. For example, he said, the integral reactor design in an SMR, with all components in a single vessel, eliminates external piping. This means that accidents would be self-contained, reducing the environmental impact.

In addition, he said, SMRs can be air-cooled, which greatly reduces the amount of water required. “These are just a couple of examples of how an SMR differs from the large industrial nuclear power plants we think of when we think of nuclear power.” 

Because of differences like this, said Kimball, “I can see where rules generated/strengthened in the post-Three Mile Island era might need to be revisited for this new nuclear era. But it is really difficult to speak to how ‘loose’ these rules have become, and whether distinctions between SMRs and large-scale nuclear plants comprise the majority of the changes reported.”

Finally, he said, “I don’t think I need to spend too many words on articulating the value of nuclear to the hyperscale or AI data center. The era of the gigawatt datacenter is upon us, and the traditional means of generating power can’t support this insatiable demand. But we have to ensure we deploy power infrastructure, such as SMRs, in a responsible, ethical, and safe manner.” 

Further to that, Gogia pointed out that for CIOs and infrastructure architects, the risks extend well beyond potential radiation leaks. “What matters more immediately is that system anomalies — mechanical, thermal, software-related — may not be documented, investigated, or escalated with the diligence one would expect from an NRC-governed facility,” he said. “This has a direct impact on uptime guarantees, incident response, and the validity of disaster recovery protocols. Power stability becomes less predictable. Maintenance windows may widen. Root cause analysis becomes speculative, particularly in the absence of rigorous operational logs, comprehensive event tracking, or independent oversight.”

The most underappreciated change in this shift, Gogia added, ”is not what was cut, but who now decides what is good enough. The move from independent NRC oversight to internal DOE authorization creates a fundamental misalignment between how enterprise risk is managed and how reactor safety is being governed. In simple terms: the referee now plays for the home team.”

We've been telling ourselves that Snap apps are sandboxed, signed, and therefore low-risk. Not perfect, but good enough. That assumption has been holding for years, mostly because it hasn't been tested in a way that mattered to day-to-day operations.

A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access trojan to gain network access that could lead to ransomware attacks. [...]

The coordinated attack on Poland's power grid in late December targeted multiple distributed energy resource (DER) sites across the country, including combined heat and power (CHP) facilities and wind and solar dispatch systems. [...]

RAMP—the predominantly Russian-language online bazaar that billed itself as the “only place ransomware allowed”—had its dark web and clear web sites seized by the FBI as the agency tries to combat the growing scourge threatening critical infrastructure and organizations around the world.

Visits to both sites on Wednesday returned pages that said the FBI had taken control of the RAMP domains, which mirrored each other. RAMP has been among the dwindling number of online crime forums to operate with impunity, following the takedown of other forums such as XSS, which saw its leader arrested last year by Europol. The vacuum left RAMP as one of the leading places for people pushing ransomware and other online threats to buy, sell, or trade products and services.

I regret to inform you

“The Federal Bureau of Investigation has seized RAMP,” a banner carrying the seals of the FBI and the Justice Department said. “This action has been taken in coordination with the United States Attorney’s Office for the Southern District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice.” The banner included a graphic that appeared on the RAMP site, before it was seized, that billed itself as the “only place ransomware allowed.”

Read full article

Comments

MicroWorld Technologies, the maker of the eScan antivirus product, has confirmed that one of its update servers was breached and used to distribute an unauthorized update later analyzed as malicious to a small subset of customers earlier this month. [...]

Security researchers are warning of insecure deployments in enterprise environments of the Moltbot (formerly Clawdbot) AI assistant, which can lead to leaking API keys, OAuth tokens, conversation history, and credentials. [...]

The popular messaging app WhatsApp got a range of new security features Tuesday with the launch of “Strict Account Settings.” The security changes, which must be turned on, allow the app to block files and attachments from unknown senders, disable link previews, and silence calls from unknown callers.

The goal is to reduce the risk of users being hacked, scammed, or monitored. According to WhatsApp, the features are aimed particularly at vulnerable users such as activists and journalists.

Apple and Google have already added similar security features to iOS and Android, respectively, according to Reuters.

Just last month, a security firm in Czechia warned WhatsApp users of a simple way hackers could access a user’s conversations in real time by manipulating the app’s device pairing or linking routine.

With many AI projects failing, there’s no one-size-fits-all formula for advancing AI proofs of concept to real-world use in the corporate world. But two companies, Ernst & Young (EY) and Lumen, have had success — though they’ve tackled the issue in dramatically different ways.

EY, being in a regulated space of finance and tax, has embraced what it sees as a measured and responsible approach while managing the risks that come with rolling out new technology. Lumen has been more aggressive, working to create an AI culture at the company by giving all employees AI tools from day one.

“There’s become a bifurcation [in approaches]…, some experimentation is innovation theater…, but you’re now starting to get to tangible use cases,” said Joe Depa, global chief innovation officer at EY.

At EY, responsible AI projects with risk management

EY, the global tax and advisory firm, develops portable frameworks to help clients navigate AI adoption. The company has 30 million documented processes internally and 41,000 agents in production and uses its own knowledge to steer clients to success.

With agentic AI becoming more and more ubiquitous, even more foundational technologies are on the way that will further change enterprise IT operations. “The speed of technology evolution is only getting faster,” Depa said. “We’re moving from generative AI to agentic AI to physical AI. We’ve got quantum right behind it.”

Organizations now find themselves implementing new AI processes while replacing legacy infrastructure “that you still haven’t caught up with the last technology life cycle,” Depa said.

A critical part of success with AI is ensuring a solid data foundation, he said — otherwise, prototypes will likely fail before getting off the ground. (An EY client survey in late 2024 found that 83% of organizations at the time lacked the proper data foundation to take advantage of AI.)

“Whether we’re talking about generative AI or physical AI or quantum, your underlying data set is…a lifeblood in some cases, but also an inhibitor,” Depa said. He argued that governance and responsible AI frameworks are what make scaled deployment possible.

“What we found is that clients that have implemented responsible AI frameworks…into their workflows and processes and the way they train employees” reduced their compliance risk, Depa said. “But then they also saw greater growth and value out of AI.”

Responsible AI guardrails are important because they allow teams to experiment more freely. “They now feel comfortable experimenting in a safe sandbox,” Depa explained.

When clients struggle with AI rollouts, Depa asks about their training approach. “I’ve never heard any client say they’ve over-invested in training still,” he said, adding that a  successful deployment often means abandoning traditional training methods. 

”You have to train employees at the point of their application of AI solutions, so they truly learn on the spot,” Depa said.

He pointed to robotic surgery as an example. The technology can perform surgeries “at or better than human surgery” with laser-like precision, helping address physician shortages and improving health outcomes.

“But if I can’t get the hospitals, the doctors, to adopt this new technology, it doesn’t really matter,” Depa said. “It’s less of a technology challenge, more of a change management, people-process challenge.”

At Lumen, ‘culture eats strategy’

Lumen, which is expanding its network backbone to meet AI demands, has made AI adoption a board-level strategic commitment. The company uses what Sean Alexander, senior vice president of connected ecosystems, calls a “tops down, bottoms-up” approach.

“I’m a big believer that culture eats strategy for breakfast, and that’s even more important in the AI space,” Alexander said.

CEO Kate Johnson uses AI tools daily, and that interest in the technology flows down the workforce chain, with new employees getting AI tools on day one.

“We turn on Copilot Studio and Copilot Enterprise for everybody,” Alexander said. “For onboarding new employees, this is taking the traditional six months to realize your potential down to about four months.”

Alexander is also developing a “Copilot Studio in a day” program where teams spend half a day in training, then move into “hacking” to build confidence.

“We’ve installed a governance model focused on responsible adoption of AI that encourages a maker culture in terms of taking agency and solving problems, but making sure we’re starting off with a specific measurable metric that we want to move and then working back from that,” he said.

One sales leader records his weekly one-on-one conversations with direct reports, then feeds those transcripts into an large language model (LLM) he built with Copilot Studio. This allows him to identify “specific points of friction, areas of opportunity” and “drift in strategic planning,” Alexander said.

He offered a number of examples involving AI in production. The company, for example, built a migration buddy agent to help customers move from legacy products to strategic portfolios. The agent performs customer lookups, product validation, offer validation, compliance checks, and contract reviews.

“There’s a human in the middle taking a look at it, but [it] provides output to the sales agent, which is significantly reducing time involved in increasing responsiveness and customer satisfaction,” Alexander said.

“We put teams together and identify a specific problem, then both business leaders and technical leaders build up the agent and test before deployment,” he said.

Testing follows a careful rollout process with groups of about a dozen customers. “There’s a lot of A/B testing and controlled rollout to ensure we’re meeting the quality bar,” Alexander said.

For customer service, time-to-resolution is Lumen’s most important metric for network outages. One of Alexander’s peers converted what started as a “hack” into an LLM-based feature called “Ask Greg.”

The system solves network issues by reasoning over problems and providing resolution steps, pulling health monitoring, telemetry, and geospatial data from dozens of systems.

“We have about four million customer service requests per year,” Alexander said. “Our estimate is that this hack, which started as a pilot, is saving us about $10 million in cost per year.

Lumen also takes advantage of a knowledge graph based on Microsoft 365 data. The company organized its SharePoint data by department and security level. Copilot can augment conversations with understanding of Lumen’s products, services, and operations in near real-time.

“We’re changing the company. We’re transforming it daily,” Alexander said.

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host. [...]

Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the official Extension Marketplace that claims to be a free artificial intelligence (AI) coding assistant, but stealthily drops a malicious payload on compromised hosts. The extension, named "ClawdBot Agent - AI Coding Assistant" ("clawdbot.clawdbot-agent")