Agregátor RSS

Evropská rada vydavatelů (EPC) předložila Evropské komisi stížnost na americkou internetovou společnost Google kvůli její službě AI Overviews (AI souhrny), která při vyhledávání na internetu zobrazuje shrnutí informací ze zpravodajských serverů vytvořená pomocí umělé inteligence (AI). Evropská komise již v prosinci oznámila, že v souvislosti s touto službou začala firmu Google vyšetřovat. Google obvinění ze strany vydavatelů odmítá. EPC tvrdí, že Google pomocí souhrnů vytvářených AI změnil svůj vyhledávač ze služby poskytující odkazy na systém vytvářející odpovědi, který nahrazuje původní obsah vydavatelů a udržuje uživatele v systému Googlu. Varuje, že by to v první fázi mohlo vytlačit z trhu menší, regionální a specializované vydavatele zpravodajského obsahu.

Last-minute problems might have cropped up that will require Apple to slow the rollout of its Google Gemini-boosted Siri; though the improved smart assistant will still ship this year, it might not arrive as expected this spring.

These claims come from the eerily accurate fingers of Bloomberg’s Mark Gurman, and mean Apple will have to continue to do its level best to manage the damage of its slow progress in generative AI (genAI). To be fair, the company does have a good story to tell when it comes to machine learning and intelligence and the application of those technologies in its devices, such as Hypertension Warnings on Apple Watch. 

Gurman explains how Apple had originally intended to release the new Gemini-augmented capabilities in iOS 26.4 next month, but will now introduce these improvements across future software updates. He explains that testing has revealed reliability problems, challenges with query processing accuracy, and slow response times. 

The queue at the store

To put this into context, it’s important to remember that Apple only revealed its Gemini deal in January after months of speculation. The company had been working with its own models in advance of this, and it seems it will continue to do so, introducing its own AI services for specific tasks when doing so makes any sense. 

Gurman warns that the contextual Siri, capable of using your personal data to inform useful responses and contextual answers to your queries, will be the last improvement to appear. Voice-based control of in-app actions is also running late, he said. 

That won’t matter much to Apple’s market competitors, critics, and commentators, who will continue to point out that the company originally promised these features would arrive with iOS 18 in 2024. 

That promise turned out to be built on sand. The Information even reported that most of the advanced features Apple originally promised at WWDC had not even been developed at the time the promise was made. (An Apple ad showing these features was removed, though you can still find it online.)

This caused grave concern across Apple’s senior leadership, with major changes and new management all put in place across Apple’s AI teams as a result. Despite the retirement of Apple’s then-AI leader John Giannandrea, reputational damage was done — and news of a further delay will likely tarnish Apple’s shine a bit more.

When it comes to Siri and AI, we’ve grown accustomed to delay and disappointment – something Apple doesn’t want to share with Siri’s millions of users. One in four smartphones are iPhones, and 19% of iPhone users interact with Siri daily.

Snatching victory one improvement at a time

That’s not a good place for Apple to be, but I can see how the company can turn it into something like a victory by doing as Gurman suggests — steadily shipping improved AI services as they are ready. This should make for real usability improvements for Apple’s customers and will also allow Apple the luxury of exploiting the best of these new services within wider launches; it could potentially introduce one or two of these in-development features at WWDC, along with the iPhone 17e and with new Macs, for example. 

For Apple, of course, the secondary risk is that the AI it is hoping to implement across its platforms might already seem outclassed by the capabilities other AI tools have by then achieved. After all, now that we have AI developing itself, the pace of change is accelerating. Can Apple keep up? Or will the company’s strategic approach — in which it provides the world’s best platforms for personal, private AI along with support for all the world’s leading AI services — emerge as the correct one in the long run. 

Right now, we can’t ask Siri about that. And while we’ll be waiting a little longer than expected until we can, it is reassuring to know that Apple is now dealing with challenges in tech it has actively got working in the labs, rather than making promises based on some fantasy wish list written on a desk in Cupertino.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Researchers say breaches link identity abuse, SaaS compromise, and ransomware into a cascading cycle

Cybercriminals are turning supply chain attacks into an industrial-scale operation, linking breaches, credential theft, and ransomware into a "self-reinforcing" ecosystem, researchers say.…

The German Federal Cabinet has approved a draft legislation to implement the EU’s AI Act, designating the Federal Network Agency (Bundesnetzagentur) as the country’s central AI supervisory authority.

Under the draft AI Market Surveillance and Innovation Promotion Act (KI-MIG), Germany will establish its national framework for regulating AI system development and deployment. The draft law will now head to the Bundestag (lower house of parliament) and Bundesrat (upper house of parliament) for parliamentary approval.

“With this law, we are implementing European requirements in a maximally innovation-friendly way and creating lean AI supervision with a clear focus on the needs of the economy,” Federal Digital Minister Karsten Wildberger said in a statement.

Distributed oversight model

Under the draft law, the Federal Network Agency will serve as the central coordinator, market surveillance authority, and the notifying body. The Bonn-based agency already coordinates Germany’s EU Digital Services Act implementation and supervises platforms including Facebook, Instagram, YouTube, TikTok, and X.

The draft law assigns AI oversight to established regulators, including the Federal Cartel Office, the Federal Financial Supervisory Authority (BaFin), and data protection authorities at federal and state levels, the statement added.

“The supervisory map has changed shape. It is no longer sensible to think in terms of a single regulator relationship for AI,” said Sanchit Vir Gogia, chief analyst at Greyhound Research. “Germany has chosen to anchor coordination inside the Federal Network Agency. That gives the system a centre of gravity. But it has not centralised enforcement power in one place.”

The distributed approach creates complexity for enterprises, Gogia said. A scoring model used in HR, credit, or embedded in a regulated device does not travel through the same supervisory channel. “That means enterprises need a classification and routing capability internally,” he said.

Germany’s approach reflects a broader EU pattern. France is moving toward coordinated decentralization, while Spain has invested in sandbox experimentation. Italy enacted a national AI law preserving sector supervision channels. “Structurally, central coordination plus sector execution is not unique to Germany. It is becoming the operating pattern,” Gogia said.

Industry pushes for EU-level reforms

Industry groups welcomed Germany’s implementation approach while calling for fundamental changes to the EU AI Act itself.

“We welcome the proposed structure, which gives the Federal Network Agency a significant coordinating role while retaining the expertise built up by the sectoral market surveillance authorities,” Sarah Bäumchen, managing director of the German Electrical and Digital Industries Association (ZVEI) told ComputerWorld. “However, since the AI Act is a European regulation, the pragmatic German implementation law is unable to address its severe shortcomings.”

The August 2026 deadline is a major concern for companies, Bäumchen said. “Key elements, such as harmonised European standards which specify how companies can comply with high-risk requirements, are not yet available. A postponement of the implementation deadline by 24 months is therefore necessary to prevent companies from delaying or even cancelling the introduction of AI features.”

ZVEI is calling for industrial AI to be excluded from the Act entirely. “The necessary guardrails for a safe use of AI in industrial contexts are already in place,” Bäumchen said, citing the Machinery Regulation and Medical Devices software regulations.

The AI Act creates legal uncertainties by not aligning with existing product safety laws, the Cyber Resilience Act, and the Data Act, she said. Neither AI regulatory sandboxes nor the AI Service Desk “can provide large-scale legal certainty” to keep compliance costs acceptable, Bäumchen added.

Enterprise compliance priorities

Under the EU AI Act, companies must assess AI system risk levels and implement corresponding transparency and security measures. The regulation prohibits AI programs that perform social behavior assessments and bans emotion recognition in workplaces and educational institutions. Companies developing or using high-risk AI systems must comply with requirements covering transparency, data governance, documentation, robustness, and cybersecurity when obligations take effect in the next six months.

For enterprises operating in Germany, the immediate priority is building what Gogia called “a functioning compliance operating system” ahead of the August 2026 deadline.

“Most enterprises still do not have a complete inventory of AI systems across internal builds, vendor-embedded features, and informal deployments across business units,” Gogia said. Vendor governance represents a critical pressure point, as enterprises must ensure suppliers can produce technical documentation and evidence of conformity assessment.

Financial services will see scrutiny of credit scoring and underwriting automation, while employment systems are likely to generate complaint-driven enforcement due to their direct impact on individuals, Gogia said. Germany’s implementation includes a central complaint intake pathway, meaning “enforcement does not rely solely on regulator initiative. It can be triggered externally.”

Germany missed the EU’s August 2, 2025 deadline for establishing national supervisory structures due to early federal elections. The Federal Network Agency established an AI Service Desk in July 2025 and published AI literacy guidance in June 2025. More than 1,000 change proposals were considered during drafting, the ministry statement said.

Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how access is gained versus how it’s used. Initial entry points are getting simpler, while post-compromise

Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how access is gained versus how it’s used. Initial entry points are getting simpler, while post-compromise Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Hráči si už nemusí herní notebook kupovat, ale půjčí si ho. • HP v USA odstartovalo program Omen Gaming Subscription. • Předplatné stojí od 50 do 130 dolarů měsíčně.

There are important accounts to secure, and then there are important accounts to secure. Your Google account falls into that second category, maybe even with a couple of asterisks and some neon orange highlighting added in for good measure.

I mean, really: When you stop and think about how much stuff is associated with that single sign-in — your email, your documents, your photos, your files, your search history, maybe even your contacts, text messages, and location history, if you use Android — saying it’s a “sensitive account” seems like an understatement. Whether you’re using Google for business, personal purposes, or some combination of the two, you want to do everything you possibly can to keep all of that information locked down and completely under your control.

And guess what? Having a password that you hastily set seven years ago isn’t enough. With something as priceless as your personal data, that single key is only the start of a smart security setup. And even it might be due for an upgrade.

Take 10 minutes to go through these steps, then rest easy knowing your Google account is as guarded as can be.

Part I: Reinforce your front door Step 1: Check up on your Google account password

We’ll start with something simple but supremely important — that aforementioned Google account password. Consider the following questions:

• Is your Google password based on your name, the name of your partner or child, your birthday, your street address, or anything else someone could easily figure out by Googling you?
• Does your Google password revolve around a common word or easily guessable pattern?
• Is your Google password short — less than eight characters, at a minimum?
• Do you use your Google password (or any variation of it) to sign into any other app, website, or service?

If the answer to any of those questions is yes, first, bop yourself firmly on the nose. Then use this link to go change your password immediately — preferably to something long, complex, and not involving any easily discoverable personal info, any common words or patterns, or anything you use anywhere else.

(And note: This is also where a reliable password manager — whether the basic Google Password Manager or a more fully featured third-party option — can make all the difference in the world.)

Got it? Good. Next:

Step 2: Give your Google account a second layer of protection

No matter how strong your Google account password is, there’s always still the chance someone could crack it — but you can exponentially reduce the risk of anyone actually getting into your virtual property by enabling two-factor authentication on your account.

With two-factor authentication, you’ll be prompted for a second form of security in addition to your password — ideally something that requires a physical object that’d only ever be in your presence. In its simplest effective form, that could be a prompt or a code generated by your phone. If you want to get really fancy, it could be a button pressed on an actual key you carry (which could be a special USB- or Bluetooth-based dongle or even something built into your phone) — sometimes even called a “passkey,” which is basically just a confusing and overcomplicated way to say the same thing. There’s also an option to have codes sent to you via text message, but that method is relatively easy to hijack and thus not generally advisable to use.

Whatever path you choose, having that second layer in place will make it incredibly difficult for anyone to get into your Google account, even if they do somehow know your password.

Two-factor authentication makes it significantly more difficult for anyone to get into your Google account.

JR Raphael / Foundry

If you don’t have it set up yet, go to Google’s 2-Step Verification page to get started.

Step 3: Make sure you’re prepared to prove your identity

If Google ever detects some sort of suspicious activity on your account, it might require you to verify your identity before it lets you sign in. And if you haven’t looked at your account verification settings in a while (or ever, for that matter), there’s a decent chance the necessary info might be out of date or missing altogether.

Take a minute now to open up Google’s account security site and look in the section labeled “How you sign in to Google.” There, among other things, you should see two options:

• Recovery phone
• Recovery email

If the value next to either option is not current and correct, click it and update it immediately.

And with that, we’re ready to move on to our next level of Google account protection.

Step 4: Get by with a little help from your friends

Effective online security is all about an endless array of “what if”-style scenarios, and this next Google account security strengthener is no exception. Now that we’ve confirmed you are set up to recover your own Google account if you ever got locked out, it’s time to ponder one more possible path out of that nightmare and allow someone else you know to lend a helping hand.

Specifically, if you’re ever locked out of your Google account and for some reason unable to confirm your own identity via the email and/or phone number we just went over, you can now authorize a trusted friend or family member to step in and confirm your identity for you.

It’s something Google just recently launched called Recovery Contacts, and it’s incredibly easy to set up:

• First, open up the official Google Recovery Contacts settings page.
• Follow the prompt to confirm your password and authenticate.
• Then click the button to add a new recovery contact onto the account.

The person you specify will have to acknowledge and accept the request within a week before they’re confirmed and active — but once that happens, if you’re ever locked out, they’ll be able to confirm a special one-time recovery code on their secured device to authenticate for you.

(In short: After failing to sign in, Google would allow you to select the contact, and you’d then see a random number on your screen. At the same time, your contact would receive three different numbers on their device. In order to confirm and authenticate, they would have to select which of those numbers matches the number you’re seeing and relaying to them — while communicating with you and thus verifying that the request was actually legitimate and triggered by you — in order to complete the authentication.)

Again, this would only come up if you were completely locked out of the account and unable to receive the same sort of code directly on your own. And your contact wouldn’t actually have access to any of your Google account info. They’d just be an extra pathway for you to confirm your identity and get back into your own account in a worst-case scenario.

Setting up a Recovery Contact is possible only on an individual Google account — not a company-managed Workspace account, since in that situation, your company’s admin would already be able to help facilitate any account recovery for you.

Part II: Clamp down on connections Step 5: Review the third-party services with access to your account

When you set up an app that interacts with Google in some way — on your phone, on your computer, or even within a Google service such as Gmail or Docs — that app gets granted a certain level of access to your Google account data.

Depending on the situation, that could mean it’s able to see some of your activity within specific Google services; it could mean it’s able to see everything in your Gmail, Google Calendar, or Google Drive; or it could mean it’s able to see everything across your entire Google account.

It’s all too easy to click through confirmation boxes without giving it careful thought — so look back now and see exactly what apps have access to what types of information. Visit Google’s third-party app access overview and look through the list of connected services. If you see anything there you no longer use or don’t recognize, click its line and then click the button to remove it.

Review your third-party app list and remove any items that no longer need access to your Google account.

JR Raphael / Foundry

Allowing apps you know and trust to access your account is perfectly fine, but you want to be sure to revisit the list regularly and keep it as current and concise as possible.

Step 6: Review the devices with access to your account

In addition to apps, you’ve almost certainly signed into your Google account on a variety of physical devices over the past several months (and beyond). And often, once you’ve signed in at the system level, a device remains connected to your account and able to access it — no matter how long it’s been since you’ve actually used the thing.

You can close that loop and take back control by going to Google’s device activity page. If you see any device there that you no longer use or don’t recognize, click the three-dot menu icon within its box and sign it out of your account right then and there.

Step 7: Look over app permissions on your phone

Another important app-related consideration: If you’re using Android, some system-level permissions — such as those connected to your contacts and calendar — can effectively control access to areas of your Google account data, since services such as Google Contacts and Google Calendar sync that data between your phone and the cloud.

Head into the Security & Privacy section of your phone’s system settings and look for the line labeled “Permission manager.” (Depending on your device, you might have to tap a line labeled “Privacy controls” before you see it.) If you can’t find it, try searching your system settings for the phrase permission manager instead.

Once you get there, you can look through each type of permission and see which apps are authorized to access it — and, with a couple more taps, revoke the permission from any apps where that level of access doesn’t seem necessary.

Android makes it easy to review and adjust an app’s permission, if you know where to look.

JR Raphael / Foundry

Step 8: Look over extension permissions in your browser

On the desktop, extensions added into Chrome or any other browser have the potential to expand your browser’s capabilities — but they also have the potential to put your privacy at risk.

Extensions could require access to anything from your complete browsing history to your system clipboard. They can often read and change data on sites you’re actively viewing, too — either any and all sites or only specific pertinent URLs, depending on the specific permissions requested.

None of this is necessarily bad, so long as the extension in question is reputable and requesting only the permissions it genuinely requires for the function it provides. But sometimes, even the most well-intending developers can get lazy and go with a broader permission than what their software actually needs. And in such an instance, an extension that does something as simple as enhancing the Gmail interface or allowing you to save articles for later could have access to everything you do in your browser — and the sort of broad data that’s typically kept under lock and key inside your Google account could be shared with external entities for no good reason.

So let’s do a quick little assessment, shall we? If you’re using Chrome, type chrome:extensions into your browser’s address bar. If you’re using another browser, look in its main menu to find the equivalent option for managing extensions or add-ons, as they’re sometimes also called.

Once you’re looking a list of all your installed extensions, click the “Details” or “Options” button for every extension on the page. Peek at the “Permissions” section within each one and then take a close look at the “Site access” section, in particular. Think carefully about the level of access that’s granted there and whether it’s genuinely needed — or whether it’d make sense to bring it down a notch and make it more limited in nature.

With Chrome and other Chrome-based browsers — like Microsoft Edge and Vivaldi — if the extension seems like it really only needs access to a specific site or domain and it’s requesting access to your activity on all sites, click the dropdown menu in that area and change its setting from “On all sites” to “On specific sites” (which lets you provide a specific, limited list of URLs on which the extension will have full visibility).

Chrome and other Chrome-based browsers make it easy to view and adjust the permissions for any browser extension you’re using.

JR Raphael / Foundry

Just remember that many extensions do legitimately need certain levels of access in order to operate — so make these changes cautiously and only after carefully thinking through the potential implications. Worst-case scenario, though, if you bring an extension’s access down and then find it’s no longer working as expected, you can always come back to this same area of your browser’s settings later and change it back.

Firefox, incidentally, doesn’t allow this level of granular permission-granting — so if you find an extension there is accessing more than you’re comfortable with, your only real option is to uninstall it entirely.

Speaking of which…

Step 9: Get rid of any mobile apps and browser extensions you don’t need

While you’re thinking about third-party add-ons for your computer and phone, take a moment to review everything you have installed on both fronts and consider how many of those programs you actually still use. The fewer cracked windows you allow on your Google account, the better — and if you aren’t even using something, there’s no reason to keep it connected.

And with that, we’re ready for our final two parts of account-protecting possibilities.

Part III: Plan for the worst Step 10: Set up or confirm your virtual Google will

Thinking about worst-case scenarios is never particularly pleasant — I’d much rather be eating crumpets, myself — but just as it’s important to have a plan in place for your physical and financial possessions, creating a virtual will for your Google account will make matters infinitely easier for your loved ones if and when you ever develop a mild case of death.

For company-managed Google Workspace accounts, someone at your organization would be able to take control of your account in the event that you were no longer able to access it. But with an individual Google account, no such system for passing along access exists.

Google has a simple system in place to manage this: Open up the Inactive Account Manager, and you’ll find tools for determining exactly what should happen if your account ever becomes inactive for a certain period of time. You can specify the number of months that must go by without any sign of your presence, along with the email addresses and phone numbers Google should use to contact you for confirmation. And then, you can give Google the email addresses of any people you want to be notified once it’s clear that you’re no longer available.

From there, you can specify exactly what types of information your chosen contacts will be able to access. You’ll even be able to leave a message for those people, if you want, and optionally create a broad autoreply that’ll be sent to anyone who emails you once your inactive period has begun (creepy!).

Google’s Inactive Account Manager is like a virtual estate planning tool for all of your account-associated data.

JR Raphael / Foundry

Even if you’ve gone through this process before, it’s worth going back in and revisiting your preferences occasionally to confirm the info is all still complete and accurate — not only in the specific contacts you have set to be notified but also in what specific areas of your account those people will be able to access, if this situation ever actually arises.

For that latter piece of the puzzle, be sure to click the email address of each person you have listed, then click the “Edit apps & services” option on the screen that comes up next. That’ll show you a list of account-related areas — everything from Contacts and Calendar to Google Chat, Google Photos, and even your location history (if you’re using a device that contributes to such a collection) — and let you both see which areas are currently selected and add or remove any areas you want from the list.

Virtually every time I’ve ever looked at that, I’ve found a handful of newer account-related areas weren’t selected to be shared — presumably because they didn’t exist when I had last reviewed the options. I had to manually check them all to be sure they’d be included in any post-consciousness account sharing.

Part IV: Turn your protection up to the max Step 11: Think about Google’s Advanced Protection Program

Last but not least is a step that won’t be right for everyone but could be hugely consequential for certain types of Google users. For anyone at a higher risk of a targeted attack, Google offers an elevated form of account security called the Advanced Protection Program.

The program is described as being appropriate for business leaders, IT admins, activists, journalists, and anyone else who’s in the public eye and likely to be sought out by someone looking to do damage. It puts a series of heavy-duty restrictions on your Google account to make it especially difficult for anyone else to gain access — but as a result, it also makes things a bit more difficult for you.

The core part of the Advanced Protection Program is a requirement to have a physical security key the first time you sign into your account on any new device. That means in addition to your password, you’ll need that specific form of two-factor authentication — either an approved key built into your phone or a standalone dongle — in order to access your email, documents, or any other area of your Google account.

As part of the added security, you also won’t be able to connect most third-party apps to your Google account — including those that require access to your Gmail or Google Drive in order to operate. That could create some challenges (such as signing into an Android TV device, curiously enough) and require some compromises (such as no longer being able to use most third-party email clients with Gmail). And if you ever can’t get into your account for any reason, you’ll have to go through an extra-involved, multiday recovery process in order to restore access. You can read more about what the Advanced Protection Program is like to live with in this thoughtful overview.

Ultimately, only you can decide if the added inconveniences are worth the extra assurance. If you want the utmost in security for your Google account, though — and particularly if you’re someone who’s at a higher-than-average risk of being targeted — it’s something well worth considering.

If you do want to make the leap and add this extra layer of intense security onto your Google account, head over to Google’s Advanced Protection Program website to get started. With a personal account, you’ll be able to get yourself up and running in a matter of minutes. With an account that’s part of a paid company Workspace plan, your plan administrator will have to enable Advanced Protection for the organization before you’re able to do it. Once you start the enrollment process, you’ll see pretty quickly if it’s already available for your account or not — and if not, you can contact your company admin to ask about the possibility of allowing it.

And with that, give yourself a pat on the back: Now that these 11 steps are behind you, your Google account security is officially in tiptop shape — and you shouldn’t have to devote an ounce of thought to this area again anytime soon.

Just set yourself a reminder to revisit this page and review the steps within it once a year for good measure. (I’ll continue to update and expand the specific instructions as needed over time.) Do the same with security smarts in other areas — like your Android security settings, if you’re using an Android device of any sort — and then rest easy knowing your most important digital info is as secure as it can possibly be.

This article was originally published in February 2020 and most recently updated in February 2026.

Pohyb náklaďáku a zpětný výstřel se vůči zemi vyruší • Speciální pneumatické dělo na korbě museli synchronizovat s rychlostí vozu • Kaskadér po výstřelu v 80 km/h zůstal stát na místě a přežil

A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuous Threat Exposure Management (CTEM) demonstrate 50% better attack surface visibility, 23-point

A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuous Threat Exposure Management (CTEM) demonstrate 50% better attack surface visibility, 23-point [email protected]

A new fine-tuning technique aims to solve “catastrophic forgetting,” a limitation that often complicates repeated model updates in enterprise deployments.

Researchers at MIT, the Improbable AI Lab, and ETH Zurich have introduced a fine-tuning method designed to let models learn new tasks while preserving previously acquired capabilities.

To prevent degrading existing capabilities, many organizations isolate new tasks into separate fine-tuned models or adapters. That fragmentation increases costs and adds governance complexity, requiring teams to continually retest models to avoid regression.

The new technique, called self-distillation fine-tuning (SDFT), is designed to address that tradeoff.

The researchers said that SDFT “leverages in-context learning by using a demonstration-conditioned model as its own teacher, generating on-policy training signals that preserve prior capabilities while acquiring new skills.”

They added that it consistently outperforms Supervised Fine Tuning (SFT) “across skill learning and knowledge acquisition tasks,” achieving higher new-task accuracy “while substantially reducing catastrophic forgetting.”

In experiments, the researchers found the method enables models to accumulate new skills sequentially while preserving performance on prior tasks, a capability that could simplify how enterprises update and specialize production models over time.

The need and the solution

Despite rapid advances in foundation models, most enterprise AI systems remain static once deployed. Prompting and retrieval can adjust behavior at inference time, but the model’s parameters do not change to internalize new skills or knowledge.

As a result, each new fine-tuning cycle risks catastrophic forgetting, where gains on a new task degrade performance on earlier ones.

“To enable the next generation of foundation models, we must solve the problem of continual learning: enabling AI systems to keep learning and improving over time, similar to how humans accumulate knowledge and refine skills throughout their lives,” the researchers noted.

Reinforcement learning offers a way to train on data generated by the model’s own policy, which reduces forgetting. However, it typically requires explicit reward functions, which are not easy in every situation.

SDFT suggests an alternative. Instead of inferring a reward function, it uses the model’s in-context learning ability to generate on-policy learning signals from demonstrations.

During training, the same model plays two roles. A teacher version is conditioned on both the query and expert examples. A student version sees only the query, reflecting real-world deployment. The student updates its parameters to align with the teacher’s predictions on its own generated outputs.

“In sequential learning experiments, SDFT enables a single model to accumulate multiple skills over time without performance regression, establishing on-policy distillation as a practical path to continual learning from demonstrations,” the researchers said.

Challenges to overcome

SDFT appears quite realistic as the technique removes the need for maintaining “model zoos” of separate adapters or fine-tuned variants, according to Lian Jye Su, chief analyst at Omdia.

However, whether this translates to commercial deployment remains to be seen as certain challenges persist.

For instance, SDFT requires significantly more training time and roughly 2.5 times the computing power of standard SFT. It also depends on sufficiently capable base models with strong in-context learning ability.

Sanchit Vir Gogia, chief analyst at Greyhound Research, also warned that SDFT does not eliminate the need for regression infrastructure. Because the model learns from its own generated rollouts, enterprises must ensure reproducibility through strict version control and artifact logging.

“Consolidation shifts operational complexity from model count to governance depth,” Gogia said.

The costs can be offset, according to Su, by avoiding catastrophic forgetting of key context and complex reward functions in reinforcement learning. But it may be a while before this reaches enterprises. “SDFT will most likely be experimented with first for internal developer tools and general assistants where the risk of a ‘self-taught error’ will be lower than in regulated domains like financial or medical decision-making,” said Faisal Kawoosa, founder and lead analyst at Techarc.

Whoever gets it will steer UK department's IT, AI strategy, and megabucks vendor deals

The UK Ministry of Defence (MoD) is offering between £270,000 to £300,000 for a senior digital leader who will oversee more than £4.6 billion in spending and more than 3,000 specialist staff.…

Vybrali jsme filmy, ve kterých velmi důležitou roli hraje automobil. Děj se nemusí vždy motat kolem automobilových závodů, ať už legálních či nelegálních, ale nikde nechybí rychlá jízda a adrenalin.

Další z výrobců notebooků projevil nespokojenost s dostupností a cenou Panther Lake. Spíš než za konkurenci APU Strix Point, jak procesor prezentoval Intel, ho vidí jako cenovou konkurenci Strix Halo…

Oživeno 12. února 2026 | Pořadí nejlepších textových AI se v žebříčku Arena.ai opět změnilo. První dvě místa s výrazným náskokem obsadil Claude se svým modelem Opus 4.6. Na prvním místě je jeho varianta Thinking, na druhém s minimálním odstupem základní verze. Pořadí najdete v tabulce, ale ještě ...

Procesor je jako mozek počítače. Jeho instalace je v základním principu triviální, ale při nedbalosti můžete poškodit základní desku i samotný procesor. Jak to udělat správně a na co si dát pozor? Instalace procesoru musí být precizní, je nutné jej značnou silou zatlačit do patice a jakákoliv ...

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and 9, 2026. An estimated 346

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and 9, 2026. An estimated 346 Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]