Computerworld.com [Hacking News]

Long before Taco Tuesday became part of the pop-culture vernacular, Tuesdays were synonymous with security — and for anyone in the tech world, they still are.  Patch Tuesday, as you most likely know, refers to the day each month when Microsoft releases security updates and patches for its software products — everything from Windows to Office to SQL Server, developer tools to browsers.

The practice, which happens on the second Tuesday of the month, was initiated to streamline the patch distribution process and make it easier for users and IT system administrators to manage updates.  Like tacos, Patch Tuesday is here to stay.

In a blog post celebrating the 20th anniversary of Patch Tuesday, the Microsoft Security Response Center wrote: “The concept of Patch Tuesday was conceived and implemented in 2003. Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner.”

Patch Tuesday will continue to be an “important part of our strategy to keep users secure,” Microsoft said, adding that it’s now an important part of the cybersecurity industry.  As a case in point, Adobe, among others, follows a similar patch cadence.

Patch Tuesday coverage has also long been a staple of Computerworld’s commitment to provide critical information to the IT industry. That’s why we’ve gathered together this collection of recent patches, a rolling list we’ll keep updated each month.

In case you missed a recent Patch Tuesday announcement, here are the latest six months of updates.

For January, Patch Tuesday starts off with a bang

The first Patch Tuesday release of 2026 addresses 112 CVEs across Microsoft’s product portfolio, including eight rated critical and three zero-day vulnerabilities. One zero-day (CVE-2026-20805), an information disclosure flaw in the Desktop Window Manager, is already under active exploitation, prompting CISA to add it to the Known Exploited Vulnerabilities catalog with a remediation deadline of Feb. 3, 2026. (Note: 95 of the vulnerabilities affect Windows.)

Ho ho ho! December’s Patch Tuesday delivers three zero-days

The December Patch Tuesday update addresses three zero-days (CVE-2025-64671, CVE-2025-54100, and CVE-2025-62221) but includes surprisingly few total patches (just 57). Notably, Microsoft has not published any critical updates for the Windows platform this month. That said, given the zero-days, we recommend a “Patch Now” release schedule for Windows and Microsoft Office. More info on Microsoft Security updates for December 2025.

Be thankful: November’s Patch Tuesday has just one zero-day

This November Patch Tuesday release offers a much reduced set of updates, with just 63 Microsoft patches and (only) one zero-day (CVE-2025-62215) affecting the Windows desktop platform. Windows desktops this month require a “Patch Now” plan, and while the severity of these security vulnerabilities is less than it was in October, the testing requirements are still extensive. More info on Microsoft Security updates for November 2025.

For October’s Patch Tuesday, a scary number of fixes

Microsoft this week released 175 updates affecting Windows and Office and .NET, including server-based updates for Microsoft SQL Server and Exchange server. There are also four zero-day fixes (CVE-2025-24052, CVE-2025-24990, CVE-2025-2884 and CVE-2025-59230), leading to a “Patch Now” recommendation for Windows.

General support for Windows 10 ended Oct. 14, with Microsoft advising: “At this point technical assistance, feature updates and security updates are no longer provided. If you have devices running Windows 10, we recommend upgrading them to Windows 11.” More info on Microsoft Security updates for October 2025.

For September, Patch Tuesday means fixes for Windows, Office and SQL Server

Microsoft released 86 patches this week with updates for Office, Windows, and SQL Server. But there were no zero-days, so there’s no “patch now” recommendation from the Readiness team this month. This is an incredible sign of success for the Microsoft update group.  To reinforce this fact, we have patches for Microsoft’s browser platform that have (perhaps for the first time) been rated at a much lower “moderate” security rating (as opposed to critical or important). More info on Microsoft Security updates for September 2025.

For August, a ‘complex’ Patch Tuesday with 111 updates

Microsoft’s August Patch Tuesday release offers a rather complex set of updates, with 111 fixes affecting Windows, Office, SQL Server and Exchange Server — and several “Patch Now” recommendations. 

Publicly disclosed vulnerabilities in Windows Kerberos (CVE-2025-53779) and Microsoft SQL Server (CVE-2025-49719) require immediate attention. In addition, a CISA directive about a severe Microsoft Exchange vulnerability (CVE-2025-53786) also requires immediate attention for government systems. And Office is on the “Patch Now” update calendar due to a “preview pane” vulnerability (CVE-2025-53740). More info on Microsoft Security updates for August 2025.

The first Patch Tuesday release of the new year addresses 112 CVEs across Microsoft’s product portfolio, including eight rated critical and three zero-day vulnerabilities. One of the  zero-days (CVE-2026-20805), an information disclosure flaw in the Desktop Window Manager, is already under active exploitation. That prompted CISA to add it to the Known Exploited Vulnerabilities catalog with a remediation deadline of Feb. 3, 2026. 

Enterprise teams should prioritize Windows and Office updates this cycle (both have Patch Now recommendations), particularly since the Preview Pane attack vectors allow code execution without fully opening malicious documents. To help navigate the latest changes, the team from Readiness has provided this useful infographic detailing the risks of deploying updates to each platform.  (More information about recent Patch Tuesday releases is available here.)

Known issues 

Microsoft published several known issues this month. Focusing on actionable issues affecting later versions (non-ESU), the following deserve attention:

• After installing KB5074109, KB5073455, or KB5073724, users connecting to Azure Virtual Desktop or Windows 365 Cloud PCs via the Windows App could experience authentication errors and credential prompt failures. Microsoft is preparing an out-of-band fix. In the meantime, enterprise teams should direct affected users to connect via the Remote Desktop client for Windows (MSRDC) or the Windows App Web Client.
• A small number of users might notice that the password icon on the Windows login screen is not visible. This has been an ongoing issue since the August 2025 update. Microsoft published a Known Issue Rollback (KIR) to address Pro and Home users. Enterprise deployments should use an updated Group Policy to restore the icon.

This update intentionally removes legacy Agere and Motorola soft modem drivers (agrsm64.sys, agrsm.sys, smserl64.sys, smserial.sys) to address CVE-2023-31096, an elevation of privilege vulnerability. Notably, the mere presence of these drivers — even without a modem connected — rendered systems vulnerable. Hardware dependent on these drivers will no longer function after applying the January updates.

As we noted in December, the 2011 certificates currently used by most Windows devices will begin expiring in June, with a second batch expiring this coming October. Devices that do not receive the updated 2023 certificates could fail to boot securely or stop receiving future Secure Boot security fixes. 

Resolved issues

This is a new section to our monthly rundown. Depending on future Microsoft updates, this section may evolve or get integrated in platform specific sections. The January release resolves several issues that had been affecting enterprise environments:

• An issue where applications such as Outlook, Teams, Edge, Chrome, and Excel would close unexpectedly when entering text has been fixed in KB5073455 for Windows 11 23H2 users.
• The NPU battery drain issue affecting AI PCs — where Neural Processing Units remained powered during system idle — has been resolved in KB5074109.
• WSL networking failures causing “No route to host” errors over VPN connections have been addressed in KB5074109.
• RemoteApp connection failures in Azure Virtual Desktop environments have been fixed in KB5074109.

Major revisions and mitigations

Microsoft has (so far) published one revision and an Office platform mitigation for this release:

• CVE-2023-31096: Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability. This revision addresses a vulnerability originally documented by MITRE in 2023 that remained unpatched for nearly three years. Rather than issuing a security fix, Microsoft has removed the vulnerable drivers entirely (agrsm64.sys, agrsm.sys, smserl64.sys, smserial.sys). These drivers shipped natively with Windows, meaning systems were vulnerable even without modem hardware connected. After applying the January cumulative updates, any soft modem hardware dependent on these drivers will no longer function. Administrators should audit their managed devices for legacy modem dependencies before deployment.

• CVE-2026-20952, CVE-2026-20953, CVE-2026-20944: Microsoft Office Remote Code Execution Vulnerabilities. These critical vulnerabilities (CVSS 8.4) can be exploited via the Preview Pane in Outlook and File Explorer, allowing code execution without users fully opening malicious documents. According to the Zero Day Initiative, organizations that cannot immediately deploy Office updates should disable the Preview Pane as a temporary mitigation.

Windows lifecycle and enforcement updates 

Microsoft Teams administrators should note that messaging safety defaults rolled out on Jan. 12. Organizations using default configurations now have three protections automatically enabled: weaponizable file type blocking, malicious URL scanning, and user reporting for false positives.

The Secure Boot enforcement phase remains scheduled for “not before January 2026,” with Microsoft committing to at least six months’ advance notice. When enforcement begins, the Windows Production PCA 2011 certificate will be automatically revoked and added to the Secure Boot UEFI Forbidden (DBX) List on capable devices. This enforcement (as we noted in December) will be programmatic with no option to disable.

Looking ahead, several Windows lifecycle milestones are approaching this year. Windows Server 2012 and 2012 R2 reach the end of their third and final Extended Security Update year on July 14. Windows 10 LTSB 2016 also loses support on that date. 

Each month, the team at Readiness analyzes the latest Patch Tuesday updates and provides detailed, actionable testing guidance. This month’s release includes a high-risk update to the Desktop Window Manager, alongside security hardening for network file sharing and deployment services. Organizations should prioritize visual and personalization testing given the DWM changes.

Graphics and display 

The Desktop Window Manager updates this month were marked as high risk by Microsoft and  affect how Windows renders visual elements. Apply theme changes and verify accent colors render correctly on window borders, including:

• Test taskbar color customization and transparency settings.
• Validate DirectComposition-based applications render without artifacts.
• Switch between light and dark modes and confirm UI consistency.
• Test multi-monitor configurations with different DPI scaling.

Network File Sharing

SMB (Server Message Block) components received security updates affecting both modern and legacy protocols; testing should include: 

• Accessing SMB shares configured with mandatory signing and verified connectivity.
• Testing encrypted SMB connections between clients and servers.
• Validating SMB share access across domain trust boundaries.
• And, if SMBv1 is still required in your environment, testing legacy share access with signing enabled.

Windows Deployment Services

Security hardening changes affect unattended OS deployment scenarios. New registry controls modify default behavior. Testing should include:

• Performing network-based OS deployments using existing unattended configurations.
• Verifying that hands-free deployment workflows complete successfully.
• Reviewing event logs for new security-related warnings during deployment.
• Testing deployment scenarios with various security configurations.

Window management

Core window management components received updates affecting application behavior; the following need testing:

• Minimize, maximize, and restore applications to verify correct behavior.
• Move and resize windows, confirming smooth transitions.
• Close applications and reopen to verify window position persistence.
• Test window operations in Remote Desktop sessions.

Office applications

Security updates address vulnerabilities in Excel, Word, and SharePoint Server components.

Test Scenarios:

• Open and edit complex Excel workbooks with formulas and macros.
• Test Word document formatting and embedded object handling.
• Validate SharePoint document library operations and co-authoring.
• Verify Office add-ins continue to function after patching.

The Readiness team suggests you focus testing efforts on the Desktop Window Manager changes first. Secondary priority should be given to SMB testing if your environment relies heavily on network file shares with signing or encryption requirements. SQL Server 2022 and 2025 also received GDR updates. If you manage SQL Server environments, follow your standard patching and validation procedures for these cumulative updates.

Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings: 

• Browsers (Microsoft IE and Edge) 
• Microsoft Windows (both desktop and server) 
• Microsoft Office
• Microsoft Exchange and SQL Server 
• Microsoft Developer Tools (Visual Studio and .NET)
• Adobe (if you get this far) 

Browsers

Microsoft Edge version 143.0.3650.139, released Jan. 9, incorporates critical upstream Chromium security fixes. The most significant is CVE-2026-0628, a high-severity vulnerability involving insufficient policy enforcement in the WebView tag. This flaw could allow a malicious extension to bypass security controls and inject scripts into privileged pages. Add these browser changes to your standard release calendar.

Microsoft Windows

Microsoft released patches for 95 Windows-specific vulnerabilities this month, including three rated critical by Microsoft. The bulk of fixes address elevation-of-privilege flaws, which account for roughly half of this month’s patches. Key affected components include:

• CVE-2026-20840 and CVE-2026-20922: Windows NTFS heap-based buffer overflow RCE vulnerabilities
• CVE-2026-20820: Windows Common Log File System (CLFS) Driver EoP
• CVE-2026-20817: Windows Error Reporting Service EoP
• CVE-2026-20816: Windows Installer EoP
• CVE-2026-20843: Windows Routing and Remote Access Service (RRAS) EoP
• CVE-2026-20860: Windows Ancillary Function Driver for WinSock EoP
• CVE-2026-20871: Desktop Window Manager EoP

The three critical-rated vulnerabilities are CVE-2026-20822, a use-after-free in the Windows Graphics Component (CVSS 7.8); CVE-2026-20876, a heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave (CVSS 6.7); and CVE-2026-20854, a remote code execution vulnerability in Microsoft’s LSASS security authority (CVSS 7.5).

This month’s actively exploited zero-day is CVE-2026-20805, an information disclosure vulnerability in Desktop Window Manager. Despite its relatively modest CVSS score of 5.5, Microsoft and CISA confirm active exploitation in the wild with a remediation deadline of Feb 3, 2026. Add these Windows updates to your “Patch Now” schedule.

Microsoft Office

Microsoft addressed 16 vulnerabilities in Office products ], including five rated critical. The most urgent patches address remote code execution flaws exploitable via the Preview Pane in Outlook and (unfortunately) File Explorer. CVE-2026-20952 and CVE-2026-20953 are use-after-free vulnerabilities in Office that allow code execution without users fully opening malicious documents; simply previewing the file is sufficient. Organizations unable to deploy updates immediately should consider disabling the Preview Pane temporarily.

Word gets a critical patch for CVE-2026-20944, an out-of-bounds read vulnerability that could allow remote code execution when processing specially crafted documents. And for Excel this month, Microsoft addresses two critical (CVE-2026-20955 and CVE-2026-20957) and four important vulnerabilities. The remaining Excel patches address use-after-free, out-of-bounds read, and pointer dereference issues, plus a security feature bypass (CVE-2026-20949) that could allow attackers to circumvent Excel’s built-in protections.

SharePoint Server administrators should note five vulnerabilities, including two remote code execution flaws via SQL injection (CVE-2026-20947) and deserialization (CVE-2026-20963). These require authenticated access but merit attention in multi-tenant environments. Add these updates to your “Patch Now” schedule.

Microsoft Exchange and SQL Server

There were no updates for Exchange Server this month. SQL Server received a single patch: CVE-2026-20803, which addresses an elevation-of-privilege vulnerability (CVSS 7.2) caused by missing authentication for a critical function. The flaw affects SQL Server 2022 and 2025, allowing an authenticated attacker to elevate privileges over the network. Updates are available via both GDR and CU channels. Add this SQL Server update to your standard server release calendar.

Developer tools

The sole desktop-relevant fix is CVE-2026-21219, a remote code execution vulnerability in the Windows SDK’s Inbox COM Objects (Global Memory). This use-after-free flaw allows an attacker to execute code locally, earning a CVSS score of 7.0. Developers using the Windows SDK should update via the official SDK downloads page. Add this to your standard developer release schedule.

Adobe (and third-party updates)

There were no Adobe updates this month — and no third-party updates either. Since we  added the Resolved Issues section this month, I’m hoping we can retire this section. Let’s see what happens in February.

The gold rush across the high-end processor market might help Apple’s processor manufacturing partner, TSMC, drive harder bargains than in the past. That’s because Apple’s huge appetite for processors is being met by fast-growing demand for chips for servers. As a result, the cost of the chips used inside Macs, iPads, and iPhones will likely increase, putting even more inflationary pressure on Cupertino’s bottom line.

Sitting in the iTree, Apple and TSMC

Apple has been TSMC’s biggest customer for years. The relationship began with the iPhone, expanded into chips for iPads, and got a pretty cherry popped on top when Macs adopted Apple Silicon chips — also made by TSMC. Apple leads the industry, so in the last few years, demand for Arm-based chips grew swiftly as the industry chased in its wake. 

This is particularly evident in servers for artificial intelligence; companies like Nvidia and AMD are knocking at TSMC’s doors, demanding chips for servers that haven’t yet been built for AI server farms not yet deployed to meet anticipated demand for an industry now using money it will have to pay back to investors. (That’s likely to continue until the AI bubble bursts.)

What it means

At present, the growing competition for TSMC’s manufacturing output means even Apple’s huge orders don’t carry the kind of price negotiation weight they have in the past. The impact so far seems to be that Apple has had to agree to higher prices, and is struggling for production capacity, Culpium claims.

“Apple, which once held a dominant position on TSMC’s customer list, now needs to fight for production capacity. With the continuing AI boom, and each GPU from clients like Nvidia and AMD taking up a larger footprint per wafer, the iPhone maker’s chip designs are no longer guaranteed a place among TSMC’s almost two dozen fabs.”

Life on the edge

The shift is driving record revenue for TSMC — up 35% — and comes as growth in demand for smartphones plateaus. Now that Apple has resolved its Apple Intelligence strategy with a new deal with Google for Gemini, the company will be investing in further server capacity to serve its billion users, which will likely raise the profile of Apple’s TSMC order book. Recent reporting suggests Apple is about to make deep investments in server capacity to meet its own anticipated AI demand.

At present, chips for Apple are being made at a dozen TSMC factories. TSMC is also investing $165 billion in new US factories, and doubtless wants to see that significant investment generate an equally significant return.

Coming up on the horizon, Apple has ordered much of the production of TSMC’s upcoming 2-nanometer processors for use in future devices. We know that’s going to mean even more performant and power efficient chips in iPhones, iPads, Macs, and Vision devices. And we also know that the power and performance of these systems will give Apple an even broader path toward deployment of AI at the edge. 

But a little reality check

I don’t expect Apple to have a major problem obtaining the chips it requires. They might cost a little more, and we’ve all heard the speculation some Apple chips could eventually be manufactured in the US by former processor partner, Intel. But Apple is consistent, reliable, and even if demand for smartphones isn’t increasing at the rate it once was, there are still hundreds of millions of them made each year. 

That demand means Apple can consistently place massive orders. It spent $24 billion with TSMC in 2025. TSMC will not leave this important customer in the cold, particularly as so much of the server side demand it faces might yet prove misplaced as the AI bust beckons. With this in mind, reports Apple might end up unable to get parts will likely turn out to be exaggerated. It’s just going to have to pay a little more.

Which means so will you.

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon, and MeWe. 

Google this week announced the public rollout of a beta Gemini feature called Personal Intelligence. It gives Gemini access to your Gmail, Google Photos, YouTube, and Google Search data, if you grant permission, which you can do individually (for example, you can grant permission for YouTube access but not Gmail). 

The rollout will take place over the coming weeks, and the feature is exclusive to English-speaking Google AI Pro or AI Ultra plan holders in the U.S. 

What that means in practice is that when you ask Gemini for help planning a trip, it knows your flights, which airlines you have status on, what your seating preferences are, and so on, and thus can offer more relevant help. 

If you want advice on getting a car repair, it knows the make and model of your car, where you live, and your car’s history of repairs. 

And it improves upon the already pretty good search in Google Photos by enabling you to search for pictures with specific objects in them, or even dredge up specific account numbers or amounts in documents you’ve photographed. 

Google claims that Personal Intelligence does not use your data to train its models. The company also says it doesn’t make a copy of your existing stored data, but rather leaves it where it is in the current encrypted state. When the system extracts data to answer a query, that data is protected by Application Layer Transport Security. 

Google’s data advantage

You likely have a Google account, and it’s probably packed with personal data. In fact, Google probably stores more of your personal information than any other company by far. 

Consider that Google theoretically “knows”:

• Every word and number in your email for as long as you’ve used Gmail.
• All your contacts and relationships through Contacts. 
• Where you live and work, and everywhere you’ve gone since using Google Maps. 
• Everyone you’ve take pictures of with Photos. 
• The contents of all your Google Docs, as well as spreadsheets and slides. 
• Everything you’ve ever searched for in Google Search, and which results you clicked on. 

And a lot more.

>If you downloaded a personal assistant app that requested permission to access all this data, you probably wouldn’t grant it. But Google’s access to your personal data was granted long ago, and you’re used to the fact that it already has that access. 

Contrast Google’s situation with Amazon’s. The eCommerce giant acquired San Francisco-based AI wearables startup Bee in July 2025. Bee makes a $50 bracelet (which can be also worn as a clip) that listens and converts the words it hears into insights about your life, plus gives you a to-do list and reminders. (It also requires a $20-per-month subscription.)

Amazon says it hopes the Bee will deliver the kind of personal data harvesting outside the home that Alexa does inside the home. Compared to companies like, say, Apple, which has high trust among customers for the protection of user data, Amazon’s trust level is very low. 

I even have a friend who was an active Bee user, but stopped using it when Amazon bought the company. 

Google’s hardware and platform advantage

Google has another big advantage: Glasses. The company has probably spent more time and money on research and prototypes for smart glasses than any other tech firm. And it plans to release two AI glasses products this year — 12 years after being first to market with Google Glass. 

And Google rolled out its Android XR operating system last May. Android XR is Google’s glasses and goggles operating system for both its own and partners’ hardware. The company is already on the Preview 3 version of its Android XR SDK. 

Google is working with XREAL on its tethered Project Aura glasses, which are more akin in usage to Apple Vision Pro than to Meta Ray-Ban Display glasses. Project Aura is expected to result in a shipping product late this year. 

The company is also partnering with Samsung on a headset and glasses project often called Galaxy XR or Project Moohan. 

And while Google is fast-tracking products to market, its DeepMind group is doing some of the best research in the industry with Project Astra. The goal is to create a seamless, wearable, multi-modal, spatial, and personalized AI wearable that uses Gemini to harvest video, sounds, location and other context to help guide you all day. 

I’ve been predicting for something like 13 years that Apple and Google would rise to dominate the future of smart and AI glasses — just as they have done with smartphone platforms. 

Hardware design, apps and other features are important. But one of the most under-appreciated factors is access to personal data. 

Apple has super high user trust, meaning if it asks for access to user data, users will be more inclined to grant access. But Google barely even needs to ask permission. It already has nearly all the user data. Plus, it has one of the top three AI models. 

Yes, there will be many AI glasses on the market. But the most successful ones will almost certainly be those made by Google and Apple, or running on Google software. 

Other AI wearables are going nowhere

Meanwhile, so many companies looking to introduce AI wearables are lost in the weeds, nursing delusions that the public will want to wear pins that poke a hole in their clothing and hang on their shirts, or will wear a necklace that swings around and looks ridiculous. 

Fortunately, I believe CES this month represented the last surge of AI wearable delusions. The onslaught of AI pins and necklaces showcased at the event in Las Vegas included Memories.ai‘s Project LUCI multimodal pin, the Plaud NotePin S note-taker, Motorola’s AI necklace prototype, and the Nirva AI companion pendant. 

These products will never go anywhere. 

As the future of all-day, every day AI glasses comes nearer, we can now safely make a few predictions. First, that future will be centered glasses, and to a lesser extent, watches. 

Second, permission to or access to personal data will make or break the products, determining how useful and agentic they can be. 

And third, based on the above, it’s going to be Google and Apple that dominate the AI glasses market for the rest of the decade, at least. 

AI copilots are incredibly intelligent and useful — but they can also be naive, gullible, and even dumb at times.

A new one-click attack flow discovered by Varonis Threat Labs researchers underscores this fact. ‘Reprompt,’ as they’ve dubbed it, is a three-step attack chain that completely bypasses security controls after an initial LLM prompt, giving attackers invisible, undetectable, unlimited access.

“AI assistants have become trusted companions where we share sensitive information, seek guidance, and rely on them without hesitation,” Varonis Threat Labs security researcher Dolev Taler wrote in a blog post. “But … trust can be easily exploited, and an AI assistant can turn into a data exfiltration weapon with a single click.”

It’s important to note that, as of now, Reprompt has only been discovered in Microsoft Copilot Personal, not Microsoft 365 Copilot — but that’s not to say it couldn’t be used against enterprises depending on their copilot policies and user awareness. Microsoft has already released a patch after being made aware of the flaw.

How Reprompt silently works in the background

Reprompt employs three techniques to create a data exfiltration chain: Initial parameter to prompt (P2P injection), double request, and chain-request.

P2P embeds a prompt directly in a URL, exploiting Copilot’s default ‘q’ URL parameter functionality, which is intended to streamline and improve user experience. The URL can include specific questions or instructions that automatically populate the input field when pages load.

Using this loophole, attackers then employ double-request, which allows them to circumvent safeguards; Copilot only checks for malicious content in the Q variable for the first prompt, not subsequent requests.

For instance, the researchers asked Copilot to fetch a URL containing the secret phrase “HELLOWORLD1234!”, repeating the request twice. Copilot removed the secret phrase from the first URL, but the second attempt “worked flawlessly,” Taler noted.

From here, attackers can kick off a chain-request, in which the attacker’s server issues follow-up instructions to form an ongoing conversation. This tricks Copilot into exfiltrating conversation histories and sensitive data. Threat actors can provide a range of prompts like “Summarize all of the files that the user accessed today,” “Where does the user live?” or “What vacations does he have planned?”

This method “makes data theft stealthy and scalable,” and there is no limit to what or how much attackers can exfiltrate, Taler noted. “Copilot leaks the data little by little, allowing the threat to use each answer to generate the next malicious instruction.”

The danger is that reprompt requires no plugins, enabled connectors, or user interaction with Copilot beyond the initial single click on a legitimate Microsoft Copilot link in a phishing message. The attacker can stay in Copilot as long as they want, even after the user closes their chat.

All commands are delivered via the server after the initial prompt, so it’s almost impossible to determine what is being extracted just by inspecting that one prompt. “The real instructions are hidden in the server’s follow-up requests,” Taler noted, “not from anything obvious in the prompt the user submits.”

What devs and security teams should do now

As in usual security practice, enterprise users should always treat URLs and external inputs as untrusted, experts advised. Be cautious with links, be on the lookout for unusual behavior, and always pause to review pre-filled prompts.

“This attack, like many others, originates with a phishing email or text message, so all the usual best practices against phishing apply, including ‘don’t click on suspicious links,’” noted Henrique Teixeira, SVP of Strategy at Saviynt.

Phishing-resistant authentication should be implemented, not only during the initial use of a chatbot, but throughout the entire session, he emphasized. This would require developers to implement controls when first building apps and embedding copilots and chatbots, rather than adding controls later on.

End users should avoid using chatbots that are not authenticated and avoid risky behaviors such as acting on a sense of urgency (such as being encouraged to speedily completing a transaction), replying to unknown or potentially nefarious senders, or oversharing personal info, he noted.

“Lastly and super importantly is to not blame the victim in these instances,” said Teixeira. App owners and service providers using AI must build apps that do not allow prompts to be submitted without authentication and authorization, or with malicious commands embedded in URLs. “Service providers can include more prompt hygiene and basic identity security controls like continuous and adaptive authentication to make apps safer to employees and clients,” he said.

Further, design considering insider-level risk, says Varonis’ Taler. “Assume AI assistants operate with trusted context and access. Enforce least privilege, auditing, and anomaly detection accordingly.”

Ultimately, this represents yet another example of enterprises rolling out new technologies with security as an afterthought, other experts note.

“Seeing this story play out is like watching Wile E. Coyote and the Road Runner,” said David Shipley of Beauceron Security. “Once you know the gag, you know what’s going to happen. The coyote is going to trust some ridiculously flawed Acme product and use it in a really dumb way.”

In this case, that ‘product’ is LLM-based technologies that are simply allowed to perform any actions without restriction. The scary thing is there’s no way to secure it because LLMs are what Shipley described as “high speed idiots.”

“They can’t distinguish between content and instructions, and will blindly do what they’re told,” he said.

LLMs should be limited to chats in a browser, he asserted. Giving them access to anything more than that is a “disaster waiting to happen,” particularly if they’re going to be interacting with content that can be sent via e-mail, message, or through a website.

Using techniques such as applying least access privilege and zero trust to try to work around the fundamental insecurity of LLM agents “look brilliant until they backfire,” Shipley said. “All of this would be funny if it didn’t get organizations pwned.”

It’s important to put into context Apple’s decision to turn its industry standard creative apps into a subscription-based service. The context is that people are more prepared than ever to pay for access, rather than ownership — a mantra that’s been muttered in the back rooms of content creation since before Napster.

One way to get some sense of how this transformation manifests itself is to consider the latest app market data from Appfigures (via TechCrunch). That data tells us that while app downloads via the App Store and Google Play are declining (down 2.7% year-over-year), spending increased 21.6%, representing a move to in-app and subscription-based purchases for the fifth consecutive year. 

There is still plenty of life in the app market, of course, which generated an estimated 106.9 billion downloads last year, but the money – and consumer acceptance – is shifting. It also matters that spending on non-game apps now exceeds the value of the mobile games side of the market, which tells us app shoppers are ready to pay for the value of access to productivity apps.

Acceptance, but not at any price

Combine the trends and it’s evident that not only are people more prepared to subscribe to apps than in the past, but that they’re beginning to see the value in doing so. (That doesn’t excuse greed — how many users winced at recent price increases for Office 365, for example? Who else using creative apps feels as if the price they’re paying is far more painful than any “Apple tax”?)

Apple’s Creator Studio comprises two of the world’s most widely used creative apps, along with Photoshop competitor Pixelmator Pro. The suite also includes specialized tools for audio and video, and Apple’s own Office-compatible apps for spreadsheets, presentations, documents, and collaboration. The cost? $12.99 a month.

We can only speculate for now about the probable success of the bundle once it launches later this month, but we can already take an objective look at the timing of the release:

1. It comes as consumers are more ready than ever to subscribe to apps.
2. It arrives as many content creators recognize the value of app subscriptions.
3. It also walks into the room as consumers everywhere express deep dissatisfaction with the prices other leading app developers charge for subscriptions.

In other words, Creator Studio’s release seems well timed.

Cooking with Tim

Apple CEO Tim Cook saw it coming way back when he began to focus on services. “Our goal is to double the size of the services business in the next four years,” he said at that time. Apple achieved that in two years, and this side of its business generated more than $100 billion in revenue at roughly 75% margins in 2025. 

In early 2026, Eddy Cue, Apple’s senior vice president of services, confirmed that more than 850 million people use at least one Apple service each week. That’s not only a living example of market penetration, it’s also an illustration of market reach. It shows that every week, one in 10 of all the humans alive today use an Apple service of some kind.

We know that in today’s market reality – characterized by conflict and polarization, political differences and international tension – it makes more sense than ever to build business around ultra-portable goods that are relatively easy to replicate. That’s the beauty of digital. 

For business it can also be about turning existing physical products and services into digital products that provide predictable, recurring income. Apple has done this (I remember Final Cut in a box), and it’s not alone. Everything from supermarket loyalty to diet and fitness apps illustrates the shift.

Apple’s latest decision highlights the extent to which the app industry has come of age. 

Life after the App Store

It should also be understood in a second context: life after the App Store. We learn once again just how dumb all governments have become each time we read the news, so it’s no surprise that regulation is chipping away at the App Store model. 

The eventual end product of this continued erosion will likely be a proliferation of App Stores, most of which will be led by companies building such outlets around their key and popular apps. (We’ll also gain higher prices and less security, but regulators seem to think that’s just fine.)

That’s why the publishers of those apps, including some games developers, have been so vehement in campaigning for app market liberalization. They aren’t doing it for your benefit, but to create new vehicles for capital accumulation for themselves.

What Apple has done by introducing its own Creative Studio product is play those incoming opponents at the same game. Sure, there may be many app stores, but if you want to use Apple’s industry standard products, you’ll subscribe at Apple’s store.

Eventually, Apple will extend the monetization of those products and services with in-app purchases, likely starting with premium templates and Canva-like AI-augmented design tools. In other words, by creating the new suite, Apple is also building an approach for life after the App Store. 

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon, and MeWe. 

Companies struggling to keep up with the arrival of AI agents should buckle up: even more complicated technologies are quickly coming down the pike.

That includes physical AI, which includes robots — and which Nvidia pegs as a multibillion-dollar market —and quantum computing. Both are likely to disrupt a number of industries in the coming years. 

Companies can either adapt quickly and stay ahead of the curve or they will remain left behind, according to Joe Depa, chief innovation officer for Ernst & Young (EY).

Not surprisingly, the tax and advisory firm is taking a big interest in future looking technologies. The company has a history of embracing new technologies and advising clients on how to handle them.

Computerworld sat down recently with Depa to get his take on AI projects in the enterprise, the role of consultants and how companies can adapt to new technologies beyond AI agents. 

Many surveys show lots of AI proofs-of-concept, but very few get to production. What are you seeing on the ground right now? “The speed of technology evolution is accelerating. We’re moving from generative AI to agentic AI to physical AI, with quantum right behind it. ChatGPT was invented three years ago, and you’re seeing headlines around not getting value out of AI, but you’re also seeing clients get value.

“Some experimentation is standard for any technology life cycle, which is innovation theater in the beginning. But you’re now getting tangible use cases where AI is having impact.

“When we talk about agentic AI, we have use cases focused not just on productivity —particularly in back-office functions like finance, procurement, HR. Agentic AI is disrupting the software development life cycle. That area is ripe for agentic AI. Then physical AI is coming soon.”

Is AI adoption more like a sequential journey — getting one technology right before moving to the next — or is everything happening simultaneously? “The convergence of technology is happening all at once. You’ve got new processes being put in place while simultaneously replacing legacy infrastructure. You’ve got new technology, new talent being rolled into this convergence. Meanwhile, physical AI and quantum are coming quickly on top of agentic.

“Adaptability is the new job security. The ability to adapt is the most important skill for employees and the most important organizational differentiator. Organizations that can adapt quickly to new technology, redefining processes and training — that’s how they’ll differentiate. The ones that can’t will fall behind.”

With so many technologies emerging, how do you prepare for business changes that people can’t even yet anticipate? “It’s becoming not a technology issue as much as a business and process issue. The technology — whether AI, agentic AI, physical AI, or quantum — mostly exists to solve today’s problems. The issue is training, people, and adoption.

“Take healthcare. Robotic surgeries can be performed in some key categories at or better than human surgery. The robotic surgeon, if trained appropriately, isn’t tired, takes out the human emotional element, and performs surgery with laser-like precision.

“There’s a doctor shortage everywhere. Robotic surgeries remove some compression on the system and provide better health outcomes. But getting surgeons to adopt robotic surgery is a challenge. How do I train doctors on these robots? 

“In some cases, there’s resistance because they don’t think robots can do it as well, even if you show them data. The technology’s there, we know it works. But if I can’t get hospitals and doctors to adopt it, it doesn’t matter. It’s less of a technology challenge, more of a change management challenge.”

How do you educate customers? Do you focus on solving the data problem first, or are people rushing to get agents in place either way? “It’s a combination. Some industries, like financial services and healthcare [and] precision medicine — financial services has over-invested for decades in data and data quality for compliance reasons. They can use it for AI and quantum. Precision medicine is another category with high data quality.

“But without the right data, infrastructure, and sandbox, you’ll spread yourself too thin. You may try things, but it doesn’t get you value. Without a defined use case and focus area, you create innovation theater.

“Companies are getting focused on that first step: What use case am I trying to solve? If I can get specific around the use case or business outcome, then the next question is, ‘Do I have the right data’? 

“If I have the right data, let’s simulate and use this technology to produce the outcome. And if we have the right outcome, is it going to change behavior in your organization? What action are we taking? It’s the use case, the data, the simulation, and there has to be actual outcome or action to get out of innovation theater.”

What role do partners and consultants play in AI deployment? How does consulting fit in when AI is supposedly replacing consultants? “What’s starting to happen is an open innovation ecosystem. The world’s moving quickly, so you have to leverage alliance partners more closely. If you want to experiment with quantum, your best bet is not to build your own quantum computer. Partner with somebody.

“We pick a few partners we trust with similar business strategies. We create an open innovation ecosystem where we’re lockstep in how we go to market. That’s important because it provides the speed you need.

“When you ask about consulting, what people need is really smart people that understand technology, data and AI, that can help identify business problems and solve them using technology more efficiently.

“If consulting services changes, it’ll change to deliver services more effectively. It comes down to talent. Do you have people that know how to deploy AI and agentic AI? Do you have people that orchestrate across multi-vendor environments? Do you have people that understand regulatory risk compliance? 

“Consulting firms with the right talent are going to see great success. You’ll see more opportunity, but also bifurcation. Without that, those consulting services will go away.”

Lately, I’ve tried more overhyped, overly ambitious apps than I can even remember — all of ’em with lofty promises of completely changing my life and/or the way I get stuff done.

Spoiler alert: None of those has lived up to that promise or really even stuck as something I’m still actively using in any significant way, as of this current moment.

At the same time, the app that is absolutely blowing my mind and genuinely making my work and personal routine noticeably easier is a tiny little off-the-beaten-path tool that does one small job and does it remarkably well.

It doesn’t replace my main Android calendar app, and it isn’t intended to dramatically alter any of my existing workflows. All is does is make the act of scheduling new appointments delightfully simple by removing the silly friction that typically exists in that area.

It’s hands-down the most helpful, consequential app I’ve added into my Android line-up in ages. And I’d be willing to wager it might just make a world of difference for you, too.

[Get fresh Googley goodies in your inbox with my free Android Intelligence newsletter. Three new things to try every Friday!]

New app, familiar feelings

Now, fair warning: This tale, like most great sagas of our modern era, has a twist.

The calendar power-up of which we speak is new, in a sense — but it actually has a familiar past, at least if you’ve been following my mumbly musings for long.

The app got its start, y’see, as an element within other apps — specifically, WhatsApp, Telegram, Line, and (insert pause for momentary retching) Apple Messages.

That’s how it worked when I first stumbled onto it and profiled it in my Cool Tools newsletter way back in the prehistoric time of 2024, some 77 or so years ago, I believe. (I also ended up including it in a roundup of AI-powered apps that actually save you time here at Computerworld that same year!) Back then, it wasn’t even an app, technically, but rather an interesting chat-centric add-on called Dola. You’d connect it to your chat app of choice, and it’d then exist as a contact within that app that you could “message” and ask to handle various calendar-related chores for you.

It was incredibly clever and effective — but personally, I don’t use any of the chat apps it worked alongside. So while I absolutely appreciated it and eagerly shared it as a suggestion worth considering, it wasn’t something that landed for me, myself, and/or I as a part of my own personal tech setup.

Over the months since then, the team behind Dola decided to broaden their focus and expand the same concept into a more universally useful and less platform-dependent form.

The result is Toki, a standalone app for Android (and iOS, too, if you must) that is the intelligent on-the-go scheduling assistant I’ve long been yearning to see.

Toki picks up where Dola left off, but it’s so much more useful in this newly unshackled and simultaneously expanded context. In short, it’s a better and infinitely faster way to add any event onto your calendar without all the usual hassle and heavy lifting.

And there are two main scenarios where its powers really shine.

1. On-demand event-adding

The first Toki advantage is the simplest: When you find yourself facing a need to create an event from your phone and you don’t have any specific information about the event in front of you — in an email, a text, a website, an image, whatever — you can just fire up the app (or even use its instant-on Android app shortcut) and tell it whatever it is you need to create.

You can do this in pure plain language, too, without any fuss or funky formatting required. Quite literally, you just say what you want:

• a follow-up with Jed Schmidt about the work proposal next Tuesday at 10am
• a checkup with Dr. Riemenschneider March 4th at 2pm
• a meeting with Theo, Thad, and Thalia on the first Monday in February at noon — actually, make it 1pm, and make it at the CPK on Figueroa downtown with a note to bring my Grammy Gertrude’s famous biscuit recipe (my goodness, those biscuits were scrumptious!)

You can just talk or type to Toki in any way that feels natural, and it’ll figure out what you mean and format your event for you.

JR Raphael, Foundry

All you’ve gotta do is ramble off whatever you’re thinking, and Toki will turn it into a neatly formatted event in your calendar — then let you confirm what it did to make sure it’s right and, if you’d like, even switch your event into a different sub-calendar within your Google Calendar setup with a couple quick taps. If you need to add or adjust anything, you can just say whatever it is that you want. You can even enable an extra can’t-miss alert by asking the app to actually call your phone as a reminder when the time for the event arrives.

The instant confirmation and opportunity to adjust — including moving an event to a different sub-calendar — is one of Toki’s most useful assets.

JR Raphael, Foundry

Notably, the scheduling part of this is something that Google’s own Android-native Gemini assistant can also manage — at least in theory — but Toki is just so much better at it, both in its ability to understand and interpret anything and in its consistency with actually getting it right. Plus, unlike Gemini, it makes it impossibly easy to move your event between calendars — or even Google Calendar accounts, if you’re using more than one (or using more than one type of calendar account, too, if your work and personal lives are spread across the Google and Microsoft and/or even (gag) Apple ecosystems).

No exaggeration: It’s such a refreshing improvement, you’ll wonder how you ever lived without it.

And the best part is what’s next.

2. A super sharing superpower

In addition to allowing easy on-the-fly event input, Toki — just as of a matter of days ago — can now act as an Android sharing target.

That sounds like a bunch of mumbo-jumbo, I know, so let me elaborate and translate back to plain English: When you find yourself looking at an email, a text message, a web page, or even a photo with event-related info on it, you can simply snap a swift screenshot and then tap the system-level share command that pops up and select Toki from the list of available options.

Capture a screenshot of anything, share it to Toki — and your work is essentially over.

JR Raphael, Foundry

With one more tap, Toki will read and interpret whatever’s visible there — even if there’s all sorts of unrelated gobbledygook alongside what actually matters — and turn it into a neatly formatted event on your preferred calendar for you.

This took about two seconds to make happen.

JR Raphael, Foundry

For me, this is where Toki has been especially game-changing. I’m constantly coming across things I want to add on my calendar in other places while swiping around on my phone, and now, I can do it in a mere matter of seconds — with barely any active effort — simply by snagging that screenshot and then sending the info over to Toki to let it handle everything.

If there’s a physical card or sign somewhere in the real world, I can also just snap a fast photo of it and then send that over to Toki for processing. And, again, I can then confirm what it interpreted and make sure it’s on the exact sub-calendar within the right account, right then and there.

Appointment cards, posters, flyers, you name it — snap a photo, send it to Toki, and you’re done.

JR Raphael, Foundry

Once more, Gemini does something vaguely similar to this, but it’s not nearly as consistent or effective. And it doesn’t give you that instant on-screen confirmation and ability to move an event easily to another calendar. As someone who both has multiple Google accounts and religiously uses Google Calendar’s sub-calendars to stay organized, this alone has been downright transformative.

It’s also something I’ve written about before, in concept, when discussing a spectacular tool called Agenda Hero. Agenda Hero is actually quite similar on the surface and in what it aims to do for you — but on Android, its current app just isn’t exceptional. It’s mostly a shell that takes you to the service’s website, and it’s consequently a little clunky to use — with more steps and awkward interactions than what Toki offers up in the same environment.

Where Agenda Hero really shines is on the desktop, and that’s an arena where Toki is currently altogether absent. So I keep Agenda Hero around as a resource on my computer, where it’s invaluable, but now rely on Toki for the same smart scheduling feats on my phone. Together, the two make a powerful pairing and the best damn upgrade I’ve introduced into my calendar management cadre in recent memory.

Toki is free for casual use — with up to 14 event additions per week and up to two active calendars (which means those specific sub-calendars within any Google Calendar or other platform’s account). For most people and purposes, that’ll probably be plenty and all you’ll ever need.

If you want to lift those limits and support the app’s development, you can bump up to a premium plan starting at $3.59 a month or 36 bucks a year.

With an app this good, it almost makes the sting of all those grand AI disappointments a little easier to stomach.

Craving even more zesty Android knowledge? Check out my free Android Intelligence newsletter to get three new things to try in your inbox every Friday — and my Android Notification Power-Pack as a special welcome bonus.

In what appears to be a case of diplomatic mind games in action, one day after the US government issued a regulation clearing the way for Nvidia to sell its H200 artificial intelligence processors to Chinese companies on a case-by-case basis, a published report has revealed Chinese custom officers have been told not to let them into the country.

The ruling announced Monday by the US commerce department’s Bureau of Industry and Security (BIS), the primary agency that oversees export controls, represents a revision to its licensing policy for semiconductor exports to China, it said in a release.

The BIS will now review license applications for Nvidia H200 and similar chips providing that certain security requirements are met, including the stipulation that exporting these products to China will not reduce global semiconductor production capacity currently available to US customers.

Nvidia expressed appreciation for the ruling. A spokesperson told NetworkWorld, “we applaud President Trump’s decision to allow America’s chip industry to compete to support high paying jobs and manufacturing in America. Offering H200 to approved commercial customers, vetted by the Department of Commerce, strikes a thoughtful balance that is great for America.”

But the script changed on Wednesday when Reuters reported, “Chinese customs authorities told customs agents this week that [the chips] are not permitted to enter China, according to three people briefed on the matter.”

More symbolic

“The impact of these flip-flop policies should be minimal to the enterprise,” said Scott Bickley, advisory fellow at Info-Tech Research Group. “The volumes of chips involved are not material to the Nvidia allocation from TSMC. This is more a symbol of the ongoing trade war between the US and China, with the latter indicating they don’t need US chips at scale for AI development.”

He noted, “the broader implications and potential impacts may signal to enterprise customers of Nvidia that perhaps they don’t need the latest and greatest GPUs from [them] either to achieve acceptable results across select AI workloads. It is doubtful that Nvidia would commission additional production issues for H200 without China as the customer willing to pay a premium price. Other customers will happily purchase this stock in lieu of China.”

And last month, Charlie Dai, VP and principal analyst at Forrester, said renewed H200 access is likely to have only a modest impact on global supply, as China is prioritizing domestic AI chips and the H200 remains inferior to Nvidia’s latest Blackwell-class systems in both performance and appeal.

He pointed out, “while some allocation pressure may emerge, most enterprise customers outside China will see minimal disruption in pricing or lead times over the next few quarters.”

H200 now pulled onto the ‘geopolitical chessboard’

Forrester senior analyst Alvin Nguyen said Wednesday that he agrees with Dai’s assessment, especially with the recent developments of the US now permitting and China moving to effectively ban the import of H200 chips.

“This is older AI technology; it is still useful, but adding a premium to it when the Chinese AI ecosystem is catching up or caught up to what is being offered will make it a target for capacity rather than a first choice for enterprises in China,” he said.

“For global enterprises with Nvidia in their AI tech stack, it makes sense to maintain standards across regions/locations if they are able to bring in H200s into China,” Nguyen said. “Outside of China, this could lead to longer lead times and costs not decreasing, but global enterprises are already plagued by uncertainty and will adjust.”

Sanchit Vir Gogia, chief analyst at Greyhound Research, had a different point of view, saying “the H200 situation matters because it has become a case study in how enterprise assumptions about infrastructure availability can be invalidated by policy volatility, not product lifecycle.”

A new category of risk

The H200, he said, “is not the most powerful chip in Nvidia’s portfolio, and wasn’t at the top of any CIO’s wish list. That’s precisely why it was attractive. It sat in the tier that enterprises could reasonably expect to access without bidding wars or global competition.”

He explained, “it had enough capability for mid-scale inference and internal fine-tuning, especially for firms not building frontier models. And yet, it has now been pulled onto the geopolitical chessboard, first through a highly conditional US approval and then a sudden, informal block at Chinese customs.”

The real story here, he said, “is not whether H200 itself makes or breaks enterprise AI plans. The story is that even legacy silicon is no longer safe from last-minute policy swings. Enterprises used to worry about whether chips were fast enough or cost-effective enough. Now they have to worry whether the rules will even allow those chips to ship, integrate, or support remote workloads in different geographies.”

This creates a new category of risk, Gogia said. “It is not technical. It is regulatory, interpretive, and highly political,” he said. “For enterprise CIOs and procurement heads, it means that AI infrastructure can no longer be built around static assumptions. What matters today is not just the specs of a chip, but the geopolitical narratives surrounding it.”

He added, “when something as structurally stable as a two-year-old GPU can be tossed into policy limbo, that sends a very clear message: infrastructure planning needs to be engineered for volatility, not just for scale or speed.”

This article originally appeared on NetworkWorld.

Chinese company Zhipu AI has trained image generation model entirely on Huawei processors, demonstrating that Chinese firms can build competitive AI systems without access to advanced Western chips.

The model, released on Tuesday, marks the first time a state-of-the-art multimodal model completed its full training cycle on Chinese-made chips, Zhipu said in a statement. The Beijing-based company trained the model on Huawei’s Ascend Atlas 800T A2 devices using the MindSpore AI framework, completing the entire pipeline from data preprocessing through large-scale training without relying on Western hardware.

The achievement carries strategic significance for Zhipu, which the US Commerce Department last year added to a list of entities acting contrary to US national security or foreign policy interests over its alleged ties to China’s military. The designation effectively cut the company off from Nvidia’s H100 and A100 GPUs, which have become standard for training advanced AI models, forcing Chinese firms to develop alternatives around domestic chip architectures.

Followign that listing, Zhipu began collaborating with Huawei on GLM-Image. Huawei’s Ascend processors have become the primary alternative for Chinese AI companies restricted from purchasing Nvidia’s hardware. The model’s successful training on Ascend chips provides a data point that Chinese firms can develop competitive AI systems despite restricted access to Western chips.

“This proves the feasibility of training high-performance multimodal generative models on a domestically developed full-stack computing platform,” Zhipu’s statement added.

Zhipu has made GLM-Image available through an API for 0.1 yuan (approximately $0.014) per generated image. The company released the model weights on GitHub, Hugging Face, and ModelScope Community for independent deployment.

The pricing positions GLM-Image as a cost-effective option for enterprises generating marketing materials, presentations, and other text-heavy visual content at scale.

Technical approach and benchmark performance

GLM-Image employs a hybrid architecture combining a 9-billion-parameter autoregressive model with a 7-billion-parameter diffusion decoder, according to Zhipu’s technical report. The autoregressive component handles instruction understanding and overall image composition, while the diffusion decoder focuses on rendering fine details and accurate text.

The architecture addresses challenges in generating knowledge-intensive visual content where both semantic understanding and precise text rendering matter, such as presentation slides, infographics, and commercial posters.

On the CVTG-2K benchmark, which measures accuracy in placing text across multiple image locations, GLM-Image achieved a Word Accuracy score of 0.9116, ranking first among open-source models. The model also led the LongText-Bench test for rendering extended text passages, scoring 0.952 for English and 0.979 for Chinese across eight scenarios including signs, posters, and dialog boxes.

The model natively supports multiple resolutions from 1024×1024 to 2048×2048 pixels without requiring retraining, the report added.

Hardware optimization strategy

Training GLM-Image on Ascend hardware required Zhipu to develop custom optimization techniques for Huawei’s chip architecture. The company built a training suite that implements dynamic graph multi-level pipelined deployment, enabling different stages of the training process to run concurrently and reducing bottlenecks.

Zhipu also created high-performance fusion operators compatible with Ascend’s architecture and employed multi-stream parallelism to overlap communication and computation operations during distributed training. These optimizations aim to extract maximum performance from hardware that operates differently from the Nvidia GPUs most AI frameworks target by default.

The technical approach validates that competitive AI models can be trained on China’s domestic chip ecosystem, though at what cost in development time and engineering effort remains unclear.

Zhipu did not say how many processors or how long it took to train its model, nor how the requirements compared to equivalent Nvidia-based systems.

Implications for global AI development

For multinational enterprises operating in China, GLM-Image’s training on domestic hardware provides evidence that Chinese AI infrastructure can support state-of-the-art model development. Companies with Chinese operations may need to evaluate whether to develop strategies around platforms like Huawei’s Ascend and frameworks like MindSpore.

The release comes as Chinese companies invest in domestic AI infrastructure alternatives. Whether export controls will slow or accelerate the development of parallel AI ecosystems remains a subject of policy debate.

This article first appeared on Infoworld.

Apple on Tuesday confirmed that it’s working with Google Gemini to build AI Foundation Models used across its platforms. As the joint statement explained it: “Apple and Google have entered into a multi-year collaboration under which the next generation of Apple Foundation Models will be based on Google’s Gemini models and cloud technology. These models will help power future Apple Intelligence features, including a more personalized Siri coming this year.

“After careful evaluation, Apple determined that Google’s Al technology provides the most capable foundation for Apple Foundation Models and is excited about the innovative new experiences it will unlock for Apple users. Apple Intelligence will continue to run on Apple devices and Private Cloud Compute, while maintaining Apple’s industry-leading privacy standards.”

What is the partnership structure?

The announcement confirms that Apple and Google have entered into a multi-year collaboration partnership in which the next generation of Apple Foundation Models will be based on Google’s Gemini models.

Is it an exclusive deal?

The arrangement allows Apple to work with other AI providers, including OpenAI, if it wants.

What about the money?

We do not know the financial terms of the deal. Bloomberg at one point claimed Apple intended to pay around $1 billion a year to use Gemini, but the actual terms weren’t disclosed, nor are they likely to be. But both companies can already anticipate additional scrutiny on their financial statements in the coming months.

What is the deployment model?

Apple’s plan is to use its own self-customized version of Gemini, tweaked to make sure queries are handled in Apple’s preferred fashion. Apple Insider reports the absence of any mention of Google or Gemini in the UI. Essentially, Apple will use Gemini to form the base of Apple Foundation Models it will make for itself. Apple can also ask Google to tweak aspects of how the Gemini models work.

What price privacy?

Apple cares about privacy. That is why the AI features will run either on-device or using Apple’s Private Cloud Compute, not on Google’s servers. It will be possible to use third-party cloud services for complex problems, if required. But the use of Apple’s own servers means Google won’t have direct access to user data.

What will happen as a result?

With Gemini as its foundation, Apple can now deliver:

• A major Siri overhaul, rolling out this spring.
• Even more evolved on-device contextual understanding that will follow in months, as Apple Intelligence becomes able to figure out data, such as identifying your relatives, on your behalf.
• A Siri that’s better at conversational responses and also more likely to at least try to find the correct response, rather than saying it doesn’t understand.
• The ability to create documents, and eventually remember past conversations and make proactive suggestions based on information from your apps

It is important to note that as Apple builds future Foundation Models on the foundation of Gemini, Apple developers will likely also gain access to using those models within their apps. 

Why Gemini?

Apple is relying on Gemini to form the base model for its own AI development. It will then tweak and train those models to create its own agent. Max Weinbach has written an excellent review of how this could work. He estimates that Apple is effectively covering the cost of Google’s future models within the deal.

Why did this happen?

We’ve had months of reporting about how and why Apple seemingly missed a trick with AI, and at least one technical problem has been publicly disclosed. Craig Federighi, Apple’s vice president for software, told staffers that Apple had intended to merge its existing automation systems with generative AI. “We initially wanted to do a hybrid architecture, but we realized that approach wasn’t going to get us to Apple quality,” he said.

We’ve also heard about internal conflicts, poor leadership, and unexpected challenges in the work. This may not matter now as Apple leans into Gemini.

What analysts say

“For Apple, partnering, rather than building an end-to-end AI proprietary model stack, could compress time-to-market and reduce execution risk by leveraging mature, already-deployed technology.” — Anisha Bhatia, senior technology analyst at GlobalData.

“For the people asking if the Apple-Google deal means there is no differentiation, think about it in F1 terms: multiple teams run the same engine, yet deliver vastly different results based on design and setup. Same here.” — Creative Strategies analyst Carolina Milanesi.

“Apple’s decision to use Google’s Gemini models for Siri shifts OpenAI into a more supporting role, with ChatGPT remaining positioned for complex, opt-in queries rather than the default intelligence layer.” — Parth Talsania, CEO of Equisights Research.

What is the rollout schedule?

Apple will introduce some new features this spring, aiming to keep to earlier promises. More sophisticated features, including proactive AI, will likely be announced at WWDC for introduction later this year, The Information reports.

What next?

Ask Siri in spring.

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon, and MeWe. 

Expect this year to be filled with flux and uncertainty, thanks to lightning-fast changes wrought by AI, and by a Trump Administration that rules by whim and fiat rather than facts and law. So, I know it’s something of a fool’s game to make predictions about what the year ahead might bring for Microsoft.

That said, I’ve never worried about being called a fool. So here are my five predictions for what Microsoft can expect in 2026.

The AI bubble won’t burst — at least, not for Microsoft

There have been plenty of worries about what people believe is an AI bubble. As a McKinsey report cautions: “Nearly eight in 10 companies report using gen AI — yet just as many report no significant bottom-line impact.” Then there was that MIT report, The GenAI Divide: State of AI in Business 2025, which found that 95% of genAI pilots fail. 

Despite that, Microsoft can’t keep up with demand for AI services. Its finance chief, Amy Hood, said during the company’s most recent earnings call, “I thought we were going to catch up [with demand]. We are not. Demand is increasing. It is not increasing in just one place. It is increasing across many places.”

She added that Microsoft has $400 billion under contract for future sales. “That’s for booked business,” she said. “Today.” (That number doesn’t include $250 billion in computing power for AI that OpenAI has agreed to buy from Microsoft.)

So while some AI companies will go under this year, Microsoft most likely won’t be affected. When it comes to AI, it’s full speed ahead for the company.

Moving to a new generation of AI 

OpenAI laid the foundation for the generative AI (genAI) boom in November 2022 when it released ChatGPT, which eventually became the brains behind Microsoft’s Copilot. GenAI took off like a supercharged rocket, and that’s where most of the investment and publicity is at the moment. But it’s not at all clear there’s a big financial payoff from the technology. 

Gary Marcus, a professor emeritus at New York University and founder of the AI startup Geometric Intelligence, argues in a New York Times opinion piece that genAI like ChatGPT and Copilot is not AI’s future, and may never pay off. He points to a report by Bain & Co that found there will be a $800 billion revenue shortfall for AI companies by the end of 2030 as evidence that another kind of AI is needed.

“If the strengths of AI are truly to be harnessed, the tech industry should stop focusing so heavily on these one-size-fits-all tools and instead concentrate on narrow, specialized AI tools engineered for particular problems,” Marcus wrote.

Microsoft believes the same thing. In late 2025, it laid out its vision of AI’s future, what it calls “Humanist Superintelligence.” Microsoft AI CEO and executive vice president Mustafa Suleyman argued that it will “solve real concrete problems and do it in such a way that it remains grounded and controllable. We are not building an ill-defined and ethereal superintelligence; we are building a practical technology explicitly designed only to serve humanity.”

Those are not just high-minded-sounding words — he said Microsoft has begun on what he calls Medical Superintelligence. Following that will be work on designing plentiful, clean, inexpensive energy.

Don’t be surprised if the first fruits of those labors start to show up this year.

Microsoft’s get-out-of-jail card

Apple, Amazon, Google, and Meta have all been hit with serious federal antitrust lawsuits during both the Biden and Trump administrations. But Microsoft, which was laid low by the mother of all antitrust suits back in 1998, has largely avoided them. In the one exception, the Federal Trade Commission (FTC) sued Microsoft because of the company’s purchase of Activision Blizzard. The agency lost. But even if it had won, the core of Microsoft’s business would have remained intact.

Still, Microsoft feared its core business would be targeted by the feds because in late November 2024, the FTC launched a broad antitrust investigation into the company’s AI, cloud computing, security, Teams, and AI products.

It’s been more than a year since that probe got under way, and there hasn’t been a peep about it. So it’s most likely dead. In addition, Trump has become Big AI’s biggest protector — he ordered the Justice Department to hit hard against any states that try to regulate AI. 

So don’t expect him to target Microsoft for prosecution.

Copilot here, there and everywhere — for free

Although Microsoft has said its future AI plans will expand well beyond genAI, the company will likely push its genAI chatbot Copilot harder than ever in 2026. Microsoft says the chatbot will be included for free in all business versions of Microsoft 365 starting July 1. The price is currently up to $33.50 per user per month for businesses, depending on licensing arrangements and whether Microsoft is offering discounts. (Non-business versions of Microsoft 365 already include Copilot for free.)

Also free will be the ability to use Copilot to create agents to automate tasks and workflows, though advanced capabilities are only available at an extra cost. 

Why is Microsoft doing it? It recognizes that companies can no longer charge for basic AI tools — there’s too much competition. Google Workspace, for example, already includes the use of its genAI tool, Gemini.

Intellectual property theft and AI training

GenAI tools like Copilot and ChatGPT require vast amounts of text to train them. OpenAI, Microsoft and other AI companies grab tremendous amounts of text from copyrighted material in newspapers, magazines, books, and other sources — and don’t pay the copyright owners for it.

Microsoft and other AI companies claim that doing so follows “fair use” guidelines for using copyrighted materials. Owners of the copyrighted materials call it theft. (I’m among the latter, because at least two dozen of my books have been used to train AI without my permission, and without payment. I’ll have more to say about that in a future column.)

There have already been many lawsuits about this issue. The most important one was brought in 2023 by The New York Times, nine other newspapers, and the Center for Investigative Research against Microsoft and OpenAI. Don’t expect that lawsuit to be settled in 2026. It might not even be heard in 2027. 

And even if it is heard, expect appeals all the way to the US Supreme Court. The result? Microsoft, OpenAI, and other AI companies will be able to continue to take whatever content they want with impunity this year.

Microsoft 365 (and Office 365) subscribers get more frequent software updates than those who have purchased Office without a subscription, which means subscribers have access to the latest features, security patches, and bug fixes. But it can be hard to keep track of the changes in each update and know when they’re available. We’re doing this for you, so you don’t have to.

Following are summaries of the updates to Microsoft 365/Office 365 for Windows over the past year, with the latest releases shown first. We’ll add info about new updates as they’re rolled out.

Note: This story covers updates released to the Current Channel for Microsoft 365/Office 365 subscriptions. If you’re a member of Microsoft’s Office Insider preview program or want to get a sneak peek at upcoming features, see the Microsoft 365 Insider blog.

Version 2512 (Build 19530.20144)

Release date: January 13, 2026

This build fixes a number of bugs, including one that caused Excel, PowerPoint, and Word to become unresponsive when profile card-related activities were performed.

It also plugs a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2512 (Build 19530.20144).

Version 2512 (Build 19530.20138)

Release date: January 8, 2025

This build offers, in Microsoft’s words, “Various fixes to functionality and performance.”

Get more info about Version 2512 (Build 19530.20138).

Version 2511 (Build 19426.20218)

Release date: December 16, 2025

This build offers, in Microsoft’s words, “Various fixes to functionality and performance.”

Get more info about Version 2511 (Build 19426.20218).

Version 2511 (Build 19426.20186)

Release date: December 9, 2025

This Patch Tuesday build offers, in Microsoft’s words, “Various fixes to functionality and performance.” The build also has a variety of security updates (see details).

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2511 (Build 19426.20186).

Version 2511 (Build 19426.20170)

Release date: December 3, 2025

This build includes, in Microsoft’s words, “Various fixes to functionality and performance.”

Get more info about Version 2511 (Build 19426.20170).

Version 2510 (Build 19328.20244)

Release date: November 20, 2025

This build fixes a bug in Outlook that caused users to see “Contacting the server for information” repeatedly when loading some emails.

Get more info about Version 2510 (Build 19328.20244).

Version 2510 (Build 19328.20232)

Release date: November 18, 2025

This build includes, in the words of Microsoft, “various fixes to functionality and performance.”

Get more info about Version 2510 (Build 19328.20232).

Version 2510 (Build 19328.20190)

Release date: November 11, 2025

This Patch Tuesday build fixes a bug in Outlook that caused some recipients to be unable to access OneDrive links shared with them via email. The build also has a variety of security updates (see details).

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2510 (Build 19328.20190).

Version 2510 (Build 19328.20178)

Release date: November 4, 2025

This build fixes a single bug, in which @mention searches produced no results in Office apps.

Get more info about Version 2510 (Build 19328.20178).

Version 2510 (Build 19328.20158)

Release date: October 30, 2025

This build introduces a new Get Data dialog in Windows that simplifies finding and using external data, and adds Analyze Data to the Data tab.

The build also fixed an bug in Outlook that prevented users from downloading web add-ins in some virtualized environments.

Get more info about Version 2510 (Build 19328.20158).

Version 2509 (Build 19231.20216)

Release date: October 21, 2025

This build has, in Microsoft’s words, “various fixes to functionality and performance.”

Get more info about Version 2509 (Build 19231.20216).

Version 2509 (Build 19231.20194)

Release date: October 14, 2025

This build has a variety of security updates (see details), along with various fixes to functionality and performance.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2509 (Build 19231.20194).

Version 2509 (Build 19231.20172)

Release date: October 7, 2025

This build has, in Microsoft’s words, “various fixes to functionality and performance.”

Get more info about Version 2509 (Build 19231.20172).

Version 2509 (Build 19231.20156)

Release date: October 1, 2025

This build fixes two bugs, one in Excel in which ribbon controls were not rendered when rejoining Office sessions in a virtual machine, Azure Virtual Desktop, or remote desktop environment, and another that caused Outlook to terminate unexpectedly when starting.

Get more info about Version 2509 (Build 19231.20156).

Version 2508 (Build 19127.20264)

Release date: September 23, 2025

This build has, in Microsoft’s words, “various fixes to functionality and performance.”

Get more info about Version 2508 (Build 19127.20264).

Version 2508 (Build 19127.20240)

Release date: September 16, 2025

This build has, in Microsoft’s words, “various fixes to functionality and performance.”

Get more info about Version 2508 (Build 19127.20240).

Version 2508 (Build 19127.20222)

Release date: September 9, 2025

This build has multiple security updates (see details), along with various fixes to functionality and performance.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2508 (Build 19127.20222).

Version 2508 (Build 19127.20192)

Release date: September 3, 2025

This build fixes a bug in which some Outlook add-ins were getting “Office.auth.getAccessToken is not a function” errors.

Get more info about Version 2508 (Build 19127.20192).

Version 2508 (Build 19127.20154)

Release date: August 26, 2025

This build fixes a bug that caused Outlook to terminate unexpectedly when sending a meeting invite with an encryption label. It also adds support for pixelated rendering of embedded images in SVG assets for the entire Office suite.

Get more info about Version 2508 (Build 19127.20154).

Version 2507 (Build 19029.20208)

Release date: August 19, 2025

This build fixes a variety of bugs.

Get more info about Version 2507 (Build 19029.20208).

Version 2507 (Build 19029.20184)

Release date: August 12, 2025

This build fixes a bug which required users to restart Outlook to open a .msg file after initially accessing it once. The build also includes a variety of security updates (see details).

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2507 (Build 19029.20184).

Version 2507 (Build 19029.20156)

Release date: August 5, 2025

This build fixes a single bug, in which users had to restart Outlook to open a .msg file after initially accessing it once.

Get more info about Version 2507 (Build 19029.20156).

Version 2507 (Build 19029.20136)

Release date: July 30, 2025

This build fixes a wide variety of bugs, including in which Outlook closed unexpectedly shortly after launch, and another in Word in which the word count sometimes displayed incorrectly.

Get more info about Version 2507 (Build 19029.20136).

Version 2506 (Build 18925.20184)

Release date: July 22, 2025

This build fixes two bugs, one that caused the Copilot Command Center to continue to be visible after disabling the Copilot user interface, and another in which when creating handouts in PowerPoint, certain characters (full-width numbers) couldn’t be properly transferred to the handout.

Get more info about Version 2506 (Build 18925.20184).

Version 2506 (Build 18925.20168)

Release date: July 15, 2025

This build fixes two bugs, one that caused Visio 32-bit to close unexpectedly when using the Drawing control, particularly in setups involving COM components or .NET integrations, and another in Word in which copying and pasting content between documents sometimes changed the applied style unexpectedly.

Get more info about Version 2506 (Build 18925.20168).

Version 2506 (Build 18925.20158)

Release date: July 8, 2025

This Patch Tuesday build fixes several bugs in Outlook, PowerPoint, Word, and the whole Office suite, including one that caused the Copilot icon to unexpectedly display in Outlook when Copilot had been disabled by the admin in government cloud.

The release also includes a variety of security updates (see details).

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2506 (Build 18925.20158).

Version 2506 (Build 18827.20176)

Release date: July 1, 2025

This build fixes a wide variety of bugs, including one in Word in which print preview sometimes stopped working when printing long emails.

Get more info about Version 2506 (Build 18827.20176).

Version 2505 (Build 18827.20176)

Release date: June 26, 2025

This build introduces several new features, including one in Excel in which the PivotTables dialog box interface has been replaced by a redesigned panel, making it easier to view all of your options and simpler to change your data selection before inserting a recommended PivotTable.

Get more info about Version 2505 (Build 18827.20176).

Version 2505 (Build 18827.20164)

Release date: June 17, 2025

This build fixes a bug that caused the “Try the new Outlook” toggle to be enabled when working in Classic Outlook side by side with the new Outlook.

Get more info about Version 2505 (Build 18827.20164).

Version 2505 (Build 18827.20150)

Release date: June 10, 2025

This build fixes several bugs, including one for the entire Office suite in which a Save As attempt on an existing file didn’t complete successfully, and subsequent attempts continued to encounter issues when trying to save to a file that no longer existed.

This Patch Tuesday release also includes a variety of security updates: see details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about  Version 2505 (Build 18827.20150).

Version 2505 (Build 18827.20140)

Release date: June 3, 2025

This build offers a variety of bug and performance fixes.

Read about Version 2505 (Build 18827.20140).

Version 2504 (Build 18730.20186)

Release date: May 20, 2025

This build introduces a new PowerPoint feature: Notification emails for mentions, tasks, comments, and replies will now contain context previews even when the source document is encrypted, and the email will inherit the document’s security policies.

Get more info about Version 2504 (Build 18730.20186).

Version 2504 (Build 18730.20168)

Release date: May 13, 2025

This build fixes a bug in which users were seeing high CPU usage when typing in Outlook. It also includes a variety of security updates: see details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2504 (Build 18730.20168).

Version 2504 (Build 18730.20142)

Release date: May 6, 2025

This build includes various bug and performance fixes.

Get more info about Version 2504 (Build 18730.20142).

Version 2504 (Build 18730.20122)

Release date: April 29, 2025

This build fixes a wide variety of bugs, including one in which PowerPoint was unable to open a file from a network mapped drive from File Explore, another in which Word closed unexpectedly when opening .doc files, and another for the entire Office suite in which large 3D files couldn’t be inserted.

Get more info about Version 2504 (Build 18730.20122).

Version 2503 (Build 18623.20208)

Release date: April 17, 2025

This build fixes a bug that could cause Excel to stop responding.

Get more info about Version 2503 (Build 18623.20208).

Version 2503 (Build 18623.20178)

Release date: April 8, 2025

This build fixes a single bug in Word in which users may have encountered an issue with saving, seeing the message “saving…” in the title bar. It  also includes a variety of security updates. Go here for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2503 (Build 18623.20178).

Version 2503 (Build 18623.20156)

Release date: April 2, 2025

This build lets you use Dark Mode in Excel, which darkens your entire sheet, including cells, and may reduce eye strain. It also fixes several bugs, including one in Word in which opening specific files that contain many tracked changes and comments resulted in poor performance, and one in PowerPoint in which the app was not displaying the icon for an inserted PDF object.

Get more info about Version 2503 (Build 18623.20156).

Version 2502 (Build 18526.20168)

Release date: March 11, 2025

This build fixes several bugs, including one in which some Word files with numerous tracked changes and comments were slow. It also includes a variety of security updates: see details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2502 (Build 18526.20168).

Version 2502 (Build 18526.20144)

Release date: March 5, 2025

This build fixes a wide variety of bugs, including one in Word in which the default font size may not be 12pt as expected, and another in which PowerPoint automatically closed when the system went into hibernate or sleep mode.

Get more info about Version 2502 (Build 18526.20144).

Version 2501 (Build 18429.20158)

Release date: February 11, 2025

This build removes the option to display Track Changes balloons in left margin in Word. It also includes a variety of security updates. See “Release notes for Microsoft Office security updates” for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2501 (Build 18429.20158).

Version 2501 (Build 18429.20132)

Release date: January 30, 2025

In this build, the advanced Track Changes option to set the margin for balloons in Word has been removed.

A wide variety of bugs have also been fixed, including one in which ActiveX controls used an excessive amount of GDI handles in PowerPoint, and another for the entire Office suite in which images couldn’t be pasted from SharePoint.

 Get more info about Version 2501 (Build 18429.20132).

Version 2412 (Build 18324.20194)

Release date: January 16, 2025

This build fixes one bug, in which apps would exit unexpectedly when running on Windows Server 2016.

Get more info about Version 2412 (Build 18324.20194).

Version 2412 (Build 18324.20190)

Release date: January 14, 2025

This build fixes a bug in Word in which the layout of tables were changed unexpectedly. It also includes a variety of security updates. See Release notes for Microsoft Office security updates for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2412 (Build 18324.20190).

Version 2412 (Build 18324.20168)

Release date: January 7, 2025

This build makes tables in Outlook more accessible for screen readers. It also fixes a wide variety of bugs, including one in Word in which a document saved to a network shared folder and set to “Always Open Read-Only” would open in “Editing” mode, and another for the entire Office suite in which application didn’t render the grid properly after switching from page break preview to normal view.

Get more info about Version 2412 (Build 18324.20168).

Version 2411 (Build 18227.20162)

Release date: December 10, 2024

This build fixes a bug in Word and Outlook where characters didn’t render correctly when using Save Selection to Text Box Gallery. It also includes a variety of security updates. See Release notes for Microsoft Office security updates for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2411 (Build 18227.20162).

Version 2411 (Build 18227.20152)

Release date: December 5, 2024

This build fixes a wide variety of bugs, including one in Excel in which some cells might not be rendered properly upon scrolling in a worksheet using freeze panes, one in Word which prevented emails with linked SVG content from saving or sending, and one in which some PowerPoint presentations created by third-party tools didn’t open correctly and some content was removed.

Get more info about Version 2411 (Build 18227.20152).

Version 2410 (Build 18129.20158)

Release date: November 12, 2024

This build fixes a variety of bugs, including one in Word in which all characters didn’t appear correctly when creating an Outlook task from OneNote, and one in PowerPoint in which embedded BMP images in the PowerPoint slide were not opening.

This build also includes a variety of security updates. See Release notes for Microsoft Office security updates for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2410 (Build 18129.20158).

Version 2410 (Build 18129.20116)

Release date: October 28, 2024

This build enables filtering capabilities for the comment pane in Excel and fixes a variety of bugs, including one in Word in which the title bar no longer showed a “Saved” status for locally saved files, and one in PowerPoint in which a graphics-related issue caused the app to close unexpectedly at times.

Get more info about Version 2410 (Build 18129.20116).

Version 2409 (Build 18025.20160)

Release date: October 15, 2024

This build fixes a single bug in Word, in which emails with linked SVG content couldn’t be saved or sent.

Get more info about Version 2409 (Build 18025.20160).

Version 2409 (Build 18025.20140)

Release date: October 8, 2024

This build fixes a variety of bugs, including one in Word in which text wasn’t clearly visible in High Contrast Mode when using “Draft with Copilot” and referencing a meeting under “Reference your content.”

This build also includes multiple security updates. See Release notes for Microsoft Office security updates for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2409 (Build 18025.20140).

Version 2409 (Build 18025.20104)

Release date: September 25, 2024

This build fixes a single bug, in which when you saved a file in Word, the save status was missing from the Title bar.

Get more info about Version 2409 (Build 18025.20104).

Version 2409 (Build 18025.20096)

Release date: September 23, 2024

This build improves the user experience for selecting which users should have which permissions when a sensitivity label configured for user-defined permissions is applied to a file or when configuring standalone Information Rights Management through the Restrict Access feature. This change affects Excel, PowerPoint, and Word.

The build also fixes a variety of bugs, including one in Word in which Document Mode would switch from “editing” to “viewing” if user enabled “Track Changes” and set “For Everyone.”

Get more info about Version 2409 (Build 18025.20096).

Version 2408 (Build 17928.20156)

Release date: September 10, 2024

This update will remove Flip video support when the service goes offline on October 1, 2024. The build also includes a variety of security updates. Go here for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2408 (Build 17928.20156).

Version 2408 (Build 17928.20114)

Release date: August 26, 2024

This build allows you to disable connected experiences for privacy concerns without impacting data security policies, such as sensitivity labels. Services associated with Microsoft Purview (e.g., sensitivity labels and rights management) are no longer controlled by policy settings to manage privacy controls for Microsoft 365 Apps. Instead, these services will rely on their existing security admin controls in Purview portals.

The build also fixes a variety of bugs, including one in Outlook that caused default SMIME labels to fail to apply when a user replied to or forwarded an unlabeled message, and one for the entire suite in which people couldn’t install Microsoft 365 apps on an enrolled device.

Get more info about Version 2408 (Build 17928.20114).

Version 2407 (Build 17830.20166)

Release date: August 13, 2024

This build includes a variety of security updates for Excel, Outlook, PowerPoint, Project, Visio, and the entire Office suite. See Microsoft’s Release notes for Office security updates for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2407 (Build 17830.20166).

Version 2407 (Build 17830.20138)

Release date: August 1, 2024

This build fixes a wide variety of bugs, including one in which coauthoring on text boxes in Excel sometimes gave unexpected results, another in PowerPoint in which line widths were not preserved when exporting arrow shapes to PDF, and another in Word in which revisions were sometimes skipped when reviewing using VBA.

Get more info about Version 2407 (Build 17830.20138).

Version 2406 (Build 17726.20160)

Release date: July 9, 2024

This build fixes several bugs, including one in Word and Excel in which characters don’t appear correctly in Text Box Gallery. It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2406 (Build 17726.20160).

Version 2406 (Build 17726.20126)

Release date: June 26, 2024

This build fixes a wide variety of bugs, including one in which Excel documents might be unexpectedly edited when a mandatory sensitivity label has not been applied, one that caused Outlook to exit unexpectedly shortly after launch for some users, and one in which pasting data from Word or Excel to an Outlook template as a link would cause an error message to appear.

Get more info about Version 2406 (Build 17726.20126).

Version 2405 (Build 17628.20164)

Release date: June 19, 2024

This build includes a variety of unspecified bug and performance fixes.

Get more info about Version 2405 (Build 17628.20164).

Version 2405 (Build 17628.20144)

Release date: June 11, 2024

This build fixes one bug, which prevented users from sending mail for a few hours after updating add-ins with on-send events. It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2405 (Build 17628.20144).

Version 2405 (Build 17628.20110)

Release date: May 30, 2024

This build fixes a wide variety of bugs, including one in Excel in which an embedded workbook in .xls format might not have closed properly, one that that caused Outlook to close when using Copilot Summarize, one in Word in which content controls may have been removed when coauthoring, and one for the entire Office suite in which the Organization Chart Add-In for Microsoft programs was not loading properly.

Get more info about Version 2405 (Build 17628.20110).

Version 2404 (Build 17531.20152)

Release date: May 14, 2024

This build fixes a number of bugs, including one in Word where content controls might be removed when coauthoring, and one that caused Sovereign users to be unable to create ToDo tasks from Outlook.

It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2404 (Build 17531.20152).

Version 2404 (Build 17531.20140)

Release date: May 7, 2024

This build fixes two bugs in Outlook, one in which it closed unexpectedly using the Scheduling Assistant when creating a new meeting or viewing an existing meeting, and another that caused add-in developers to hit timeouts when retrieving notifications from an Outlook client context.

Get more info about Version 2404 (Build 17531.20140) .

Version 2404 (Build 17531.20120)

Release date: April 29, 2024

This build reduces workbook size bloat from unnecessary cell formatting with a new “Check Performance” task pane. In addition, it fixes a wide variety of bugs, including one in Excel in which the default font could not be set; one in Outlook in which custom forms from MAPI form servers stopped responding; one in PowerPoint in which online videos did not play in some cases; one in which when opening certain Word documents would cause the error, “Word experienced an error trying to open the file”; and one in which the Office update installer appeared to be unresponsive.

Get more info about Version 2404 (Build 17531.20120) .

Version 2403 (Build 17425.20176)

Release date: April 9, 2024

This build fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2403 (Build 17425.20176).

Version 2402 (Build 17328.20184)

Release date: March 12, 2024

This build fixes three bugs: one in which Access closed unexpectedly, one in which Excel closed unexpectedly when opening files with pivot tables and table design in macro-enabled files, and one in which Word closed unexpectedly when the undo function was used.

This build also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2402 (Build 17328.20184).

Version 2402 (Build 17328.20162)

Release date: March 4, 2024

This build fixes several bugs, including one that crashed Outlook when a link was clicked on, and another for the entire Office suite in which opened Office apps didn’t automatically start when a laptop was reopened, and an error message appeared after manual relaunch.

Get more info about Version 2402 (Build 17328.20162).

Version 2402 (Build 17328.20142)

Release date: February 28, 2024

This build fixes a variety of bugs, including one that caused Outlook to exit unexpectedly when expanding a conversation in the search results from a search of “All Mailboxes,” and another in which users were not able to create a bullet list with hyphens in PowerPoint.

Get more info about Version 2402 (Build 17328.20142).

Version 2401 (Build 17231.20236)

Release date: February 13, 2024

This build fixes several bugs, including one in which macros were being corrupted when saving Excel files and another that affected the entire Office suite in which add-ins would not load after Click trust for content add-in was selected.

This build also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2401 (Build 17231.20236).

Version 2401 (Build 17231.20194)

Release date: February 1, 2024

This build fixes a single bug in which expanded groups in the message list collapsed when users changed which column they were arranged by.

Get more info about Version 2401 (Build 17231.20194).

Version 2401 (Build 17231.20182)

Release date: January 30, 2024

This build fixes a wide variety of bugs, including one in which Excel would stop responding when saving changes, one in PowerPoint in which Notes and Slide layout would open with incorrect proportions when a file was opened from a protected view, and one in Word in which comment cards appeared too wide and cut off text when changing or switching the screen in use.

Get more info about Version 2401 (Build 17231.20182).

Version 2312 (Build 17126.20132)

Release date: January 9, 2024

This build fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2312 (Build 17126.20132).

Version 2312 (Build 17126.20126)

Release date: January 4, 2023

This build introduces a new sensitivity toolbar in Word, Excel, and PowerPoint that helps users understand the security policies that apply to their documents. It’s available when users are creating copies of their documents in File / Save As. In addition, Office now had a new default theme, which Microsoft says is “more modern and accessible.”

It also fixes a wide variety of bugs, including one in Excel in which Custom Menu text was truncated when right-clicking in a cell, one in PowerPoint in which restoring a previous version of a presentation was not working as expected when using Version History, and one in Word in which the content control end tag was marked at the end of the document automatically if the document was edited in Word Online and then opened in Word desktop.

Get more info about  Version 2312 (Build 17126.20126).

Version 2311 (Build 17029.20108)

Release date: December 12, 2023

This build fixes one bug in Outlook, in which the message list was blank when switching between the “Focused” and “Other” views.

It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2311 (Build 17029.20108).

Version 2311 (Build 17029.20068)

Release date: November 29, 2023

This build automatically inserts image captioning for Excel’s images. When you insert an image into a spreadsheet, accessibility image captioning is automatically generated for you.

It also fixes a wide variety of bugs, including one in Excel in which list box controls would not respond to mouse clicks after scrolling using the mouse wheel, and one in Word in which the language of a presentation was not retained when saving or exporting the presentation to a PDF file.

Get more info about Version 2311 (Build 17029.20068).

Version 2310 (Build 16924.20150)

Release date: November 14, 2023

This build fixes several bugs, including one in which Outlook failed to comply with the default browser settings for some users, and another in which new lines were added to an Outlook signature when pressing Enter in the body of the email.

It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2310 (Build 16924.20150).

Version 2310 (Build 16924.20124)

Release date: Oct. 31, 2023

This build fixes a bug that caused Outlook to exit unexpectedly when clicking the More link in the Search results list.

Get more info about Version 2310 (Build 16924.20124).

Version 2310 (Build 16924.20106)

Release date: Oct. 25, 2023

In this build, the Teams Meeting App works in Outlook, too. With it, you’ll be able to configure a meeting app while scheduling an invite in Outlook. The meeting app will be ready to use when you chat or join the meeting on Teams.

A wide variety of bugs have also been fixed, including one in Excel where certain Pivot Tables would load slowly; one in which OneNote would close unexpectedly when rapidly navigating from one .PDF file to another .PDF file between different sections, or when performing an undo operation on a .PDF printout insertion; and one in the entire Office suite that caused unexpected black borders to appear around screen captures added with the Insert Screenshot functionality.

Get more info about Version 2310 (Build 16924.20106).

Version 2309 (Build 16827.20166)

Release date: October 10, 2023

This build fixes two bugs, one in which users were missing their Outlook add-ins, and another in Word in which subheading numbering with a custom Style would disappear if the file was saved and reopened. It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2309 (Build 16827.20166).

Version 2309 (Build 16827.20130)

Release date: September 28, 2023

This build introduces two new features, including the ability to disable specific types of automatic data conversions in Excel and support for the “Present in Teams” button to present local files in PowerPoint Live in Microsoft Teams.

Several bugs have also been fixed, including one in which the setting to control how Outlook opens previous items at start-up was missing from the Options window, and another in Word in which the Add-ins tab was not visible when using custom toolbar information.

Get more info about Version 2309 (Build 16827.20130).

Version 2308 (Build 16731.20234)

Release date: September 12, 2023

This build fixes several bugs, including one that caused Outlook to close unexpectedly when viewing an email, and another in PowerPoint in which the presenter view slide section zoomed in and out when zooming in the notes section.

It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2308 (Build 16731.20234).

Global PC shipments rose by 9.6% in the fourth quarter of 2025, according to IDC’s latest Worldwide Quarterly Personal Computing Device Tracker, however, it is unlikely those increases will continue, due in part to a pending memory shortage that will impact both enterprise and consumer markets.

IDC stated in a release that it expects that the PC market will be far different in 12 months, given how quickly the memory situation is evolving. “The results cap off a tumultuous year for the PC market, marked by the end of support for Windows 10, which drove a wave of upgrade demand, and early year tariff concerns that prompted vendors to pull forward more inventory than originally planned,” it said.

Memory shortages, said Jitesh Ubrani, research manager with IDC’s Worldwide Mobile Device Trackers, “are affecting the entire industry, and the impact will likely reshape market dynamics over the next two years.”

In a report released last month, IDC stated, “the global semiconductor ecosystem is experiencing an unprecedented memory chip shortage with knock-on effects for the device manufacturers and end users that could persist well into 2027. DRAM prices have surged significantly as demand from AI data centers continues to outstrip supply, creating a supply/demand imbalance.”

Demand will keep PC prices high this year

The memory market, the authors of the report stated, is at “an unprecedented inflexion point, with demand materially outpacing supply. For an industry that has long been characterized by boom-and-bust cycles, this time is different. The rapid expansion of AI infrastructure and workloads is exerting significant pressure on the memory ecosystem.”

Soaring RAM prices may impact the enterprise PC market for some time; Theo Antoniadis, principal advisory director at Info-Tech Research Group, said he expects that demand will keep prices high through 2026 and well into 2027, “which may impact the PC prices by up to 20%. I suspect that there will be winners and losers in the PC and smartphone space.”

He said, “[vendors] that have set up hedging (for example, long-term supply contracts) and are shipping higher volumes and sitting on larger cash reserves will win. Those that rely on price as their competitive advantage, living on low margins, or [are] smaller players will suffer through this period.”

Asked whether large enterprises are still renewing their laptop fleets every three years and desktops every five or if they are making them last longer, he replied that he suspects they’re in denial. “I have not heard many clients discussing this, as their budgets for 2026 were set last quarter (Q4 2025).”

However, added Antoniadis, “I suspect there will be some pivoting and reduced purchases when sticker shock hits on their refresh quotes. Unless the pricing starts to reduce, my dark horse bet for 2027 is a resurgence in VDI with very light PCs and another push for cloud-based solutions to counter potential productivity loss for obsolete PCs.”

Jean Philippe Bouchard, research vice president with IDC’s Worldwide Mobile Device Trackers, said, “beyond the obvious pressure on prices of systems already announced by certain manufacturers, we might also see PC memory specifications lowered on average to preserve memory inventory on hand. The year ahead is shaping up to be extremely volatile.”

As last month’s IDC report stated, “the shortage threatens to derail the industry’s growth narrative around AI PC. IDC defines the AI PC as any PC with an NPU. Crucially, these devices tend to have more RAM (Microsoft’s Copilot+ PCs require a minimum of 16GB).”

As more small language models and large language models move onto the device, its authors wrote, “memory becomes even more important, with many higher-end systems shifting toward 32GB or higher. Just as the industry is seeing a need to add more RAM, it has become prohibitively expensive to do so, even if they can get supply. This will result in higher prices, lower margins, or a potential downmix in the amount of RAM in new systems at the worst possible time for this to occur.”

In addition, Ubrani said the demand for AI PCs within the enterprise over the past one to two years “has been somewhat wavering even without the memory shortage. A lot of that has been because cloud options are so good, many people can’t tell the difference between cloud AI versus on-device AI.”

He predicted that, as a result of the shortage, vendors will “start to push a story that is more about hybrid AI,” because due to the memory shortage, “some of these systems may not be able to run the latest AI applications.”

But will large enterprises pay a premium for AI PCS (or Copilot PCs) or, conversely, attempt to strong-arm their suppliers into making lower-cost SKUs available should they opt to head in that direction? Antoniadis said, “I don’t think [they] have the leverage to counter market forces for AI PCs. The fortunate ones are going to be those who have existing long-term vendor agreements in place.”

Slack has launched the revamped version of Slackbot, with generative AI (genAI) features that let workers more easily find information and create documents. 

The feature is generally available for certain paid Slack plans as of today, the company announced Tuesday. Down the road, it will coordinate other AI agents to complete tasks in other apps.

“The new Slackbot release addresses a common AI challenge: generating accurate responses that are informed by relevant context,” said Wayne Kurtzman, research vice president at IDC. “Since Slack is often integrated across a large number of enterprise applications, it a logical choice to create an enterprise search that lives within the flow of work.”

There are already numerous AI assistants available to office workers, from general purpose assistants such as OpenAI’s ChatGPT and Anthropic’s Claude to the AI tools built into productivity apps sold by Google, Microsoft, Notion, Zoom, and others. 

Slackbot’s strength is that it’s built natively into Slack’s collaboration app, said Rob Seaman, chief product officer and interim CEO at Slack. This means it immediately has knowledge of a user’s work life, with access to conversation and files, as well as enterprise data from connected sources. 

“The advantages are proximity and context,” Seaman said in an interview. “It knows what you’re working on, and it knows what your company’s priorities are because it can access what you have access to within Slack.” 

Slackbot has been around since Slack launched more than a decade ago. Slack users will likely have received notifications via the bot, or used it for simple tasks such as setting reminders. The previous version relied on rule-based automation, while the updated assistant is powered by a large language model (LLM). (Slack declined to say which LLM it uses; CNBC and Venturebeat reported that it relies on  Claude.)

Slack users can converse with Slackbot in natural language as they do with most AI assistants. One of the primary use cases is search: Slackbot can query all data a user is permitted to access across Slack and Salesforce, as well as connected enterprise sources such as Google Drive and OneDrive. This can help users track down files, or get a summary of the progress of a particular project, for instance. 

Slackbot can also generate Slack canvas documents based on user prompts, and check calendars to help set up meetings between coworkers.

Salesforce, Slack’s parent company, trialed the AI assistant internally prior to launch, with 25,000 weekly active users in just a few weeks “through word of mouth,” said Seaman. “We didn’t do any in-product nudging.”

Seaman highlighted some of the ways the AI assistant has been used by the Slack product engineering team. Before a recent all-hands meeting, for instance, he asked Slackbot check the meeting deck and provide guidance on how to pronounce the names of more than 60 new hires. The AI assistant has also been used to collate product development feedback from a Slack channel. 

“In seconds, I have a summarized view of the feedback — positive and negative — which would have taken a product manager hours or maybe a week historically,” he said. Slackbot then turned the feedback into a product brief and a sprint plan, creating canvas documents with information for the engineering team, he said. And sales teams at the company used Slackbot to get a quick rundown of clients they haven’t spoken to yet in relation to a particular product. 

Seaman also described plans to enable Slackbot to interact with other AI agents. 

There are already many examples of customers deploying agents into Slack, he said, whether custom-built Agentforce agents or the likes of Atlassian, Cursor, Claude Code, and OpenAI Codex. “Users shouldn’t have to think about what agent to go to and for what task,” he said, stressing the company wants Slackbot to “act as a concierge and make hand-offs to the appropriate task or tool or agent in the moment.” That will mean Slackbot acting as a model context protocol (MCP) client as well as server, he said, though the “handoff” will be built into the Slack UI. 

“We think of it as a super agent that’s going to help you connect with these other agents … and ideally they speak to each other,” said Seaman.

These features are still under development and not currently available. 

Other planned capabilities include the ability for Slackbot to access a user’s screen (opt-in required) to view information such as a canvas document they are working on. 

Slackbot is now generally available to customers on Business+ and Enterprise+ plans. The rollout follows pricing changes last year that eliminated separate AI add-ons and raised the price of the Business+ tier to $15 per user per month.

Apple is going full throttle in the run-up to its Q1 FY26 fiscal call at the end of this month, boosting investor confidence with its AI partnership with Google and following that up with an announcement to inject even more growth into its all-important services division.

Introducing Apple Creator Studio

For decades, Apple has published two of the industry’s leading products for creative professionals, Final Cut Pro and Logic Pro. It has accompanied these with powerful tools such as Motion, Compressor, and Main Stage, and useful productivity apps including Pages, Keynote, and Numbers. (Apple also acquired Pixelmator Pro in 2024.)

All these apps have now been combined into one subscription-based product Apple calls Creator Studio. For just $12.99 per month, Apple customers can subscribe to and use all of these creative apps, including advanced tools not available in the free versions of some of the included applications. The apps are all available for Macs. most are available for the iPad, and some (such as Keynote or Pages) are also for iPhone users.

Apple continues to sell the Mac versions of Final Cut Pro, Pixelmator Pro, Logic Pro, Motion, Compressor, and MainStage as one-time purchases on the Mac App Store, while Keynote, Numbers, and Pages are also still available for free. And Apple’s powerful image editing application, Pixelmator Pro, is available for the iPad — and compatible with Apple Pencil.

One thing that should be clear is that with its industry leading creative tools, Creator Studio represents an immediate challenge to other far more expensive imaging, video, and audio suites on the market.

What you get in Apple Creator Studio 

In brief, the suite offers the following:

• Final Cut Pro, Logic Pro, and Pixelmator Pro on Macs and iPads.
• Motion, Compressor, and MainStage on the Mac.
• Intelligent features and premium content for Keynote, Pages, and Numbers, with Freeform support to follow.

While Mac users can continue to purchase one-time versions of all the apps, iPad users will need a subscription to access the suite. Apple stresses that Pages, Numbers, and Keynote will “remain free for all users to create, edit, and collaborate with others” and will also continue to receive updates.

“Apple Creator Studio is a great value that enables creators of all types to pursue their craft and grow their skills by providing easy access to the most powerful and intuitive tools for video editing, music making, creative imaging, and visual productivity — all levelled up with advanced intelligent tools to augment and accelerate workflows,” Eddy Cue, Apple’s senior vice president of internet software and services, said in a statement. 

“There’s never been a more flexible and accessible way to get started with such a powerful collection of creative apps for professionals, emerging artists, entrepreneurs, students, and educators to do their best work and explore their creative interests from start to finish,” he said.

What’s the approach?

So, if some of the apps are available free or as standalone purchases, why switch to a subscription? Apple’s approach is two-fold: 

• First, given the prevalence of piracy when it comes to powerful creative apps, making software available at prices people can more easily afford makes sense; $12.99 for leading tools for audio, video, and photography seems like an approachable price, which should go some way to preventing people from downloading malware invested versions of these apps from various dodgy file repositories. Security firms, including Jamf, have identified many instances in which pirated versions of Final Cut have been infested with malware. 
• Second, it looks as if Apple will field new tools and features for the subscription-based apps first. Keynote, Pages, Numbers, and Freeform users will be able to access new premium content and intelligent features across Macs, iPads, and iPhones, the company said.

With 2.5 million people already using Final Cut Pro, Apple must surely hope the suite will be a sufficiently compelling proposition to tempt them to switch to a subscription.

Now with Apple Intelligence (and friends)

Hot on the heels of news of its AI partnership with Google Gemini, it should be of no surprise that Apple is also weaving a series of intelligent new features into the Creator Studio apps. It is also easy to imagine how Apple will be able to augment all of its creative apps with smart features down the road.

Among the smart features within the current Creator Studio:

• You can search for specific soundbites across hours of video footage by typing the required phrase in Final Cut.
• You find specific clips and actions using Visual Search.
• Beat Detection uses AI to instantly analyze any music track to display on a grid in Final Cut to help align cuts to the music.
• You get a new AI driven Synth Player in Logic Pro.
• Chord ID can turn any audio or MIDI recording into a ready-to-use chord progression.
• You can search for specific or similar loops in Logic Pro tracks using written prompts.
• Keynote, Pages, and Numbers gain access to the Content Hub, a repository of high-quality images, graphics, and illustrations, along with new premium templates and themes. The three apps also gain advanced image creation and editing tools to craft high-quality images from text using generative models from OpenAI.
• Keynote subscribers will be able to use a smattering of in-development AI features, such as the ability to generate a first draft of a presentation from a text outline.

Apple’s services segment generated more than $100 billion in revenue in 2025. Developing this side of the multinational enterprise has been a big success for the company, particularly as the margins it generates on services are very high (75%). The decision to introduce Apple Creator Studio as a service can only drive these numbers higher.

The suite will be available beginning on Jan 28. In addition to the $12.99 per month price, users can opt to pay $129 a year. 

Please follow me on LinkedIn, Mastodon, or join me in the AppleHolic’s bar & grill group on MeWe.

According to a new report from the analyst firm Gartner, semiconductors worth $793 billion were sold in 2025, up 21 percent compared to the previous year.

One explanation for the increase is the high level of interest in AI chips and graphics processors, which is linked to the construction of new data centers around the world.

The report also shows that Nvidia sells the most semiconductors, followed by Samsung, SK Hynix, and Intel.

Nvidia’s sales increased by 63.9 percent in 2025, which is the largest increase of all ten companies on the top list.

This article originally ran on Computer Sweden.

Related reading:

• At CES, Nvidia launches Vera Rubin platform for AI data centers
• Nvidia moves deeper into AI infrastructure with SchedMD acquisition
• Intel under Tan: What enterprise IT buyers need to know
• Who are the winners and losers of the Intel-Nvidia deal?
  

Anthropic has released a new AI tool, Cowork, that allows users to collaborate with the AI model Claude directly in their computer files. Not just via text chat. The tool is based on the same technology as Claude Code, but is designed for non-programmers.

In Cowork, users can give Claude access to a selected folder on their computer. The AI can then read, create, and edit files, for example, sorting downloads, compiling expenses in a spreadsheet, or writing reports based on notes. Claude then acts more independently than in normal conversations and reports back to the user step by step. Cowork can also utilize Claude connections to external data sources and the Chrome browser.

However, Anthropic warns of risks such as incorrect instructions and “prompt injections” (attempts to manipulate the AI via text content), which can lead to deleted files, for example. Users are therefore advised to be cautious and give as clear instructions as possible.

Cowork is currently available in research preview for Claude Max users on Mac OS. The plan is to expand to Windows and add more features such as synchronization between devices. Users with other subscriptions can sign up for a waiting list to gain access to Cowork.

This article originally appeared on Computer Sweden.

More Anthropic news:

• Anthropic experiments with AI introspection
• Anthropic’s Claude Opus 4.5 pricing cut signals a shift in the enterprise AI market
• Now you can use Claude Code directly in Slack chat
  

Google has published the first draft of Universal Commerce Protocol (UCP), an open standard to help AI agents order and pay for goods and services online.

It co-developed the new protocol with industry leaders including Shopify, Etsy, Wayfair, Target and Walmart. It also has support from payment system providers including Adyen, American Express, Mastercard, Stripe, and Visa, and online retailers including Best Buy, Flipkart, Macy’s, The Home Depot, and Zalando.

Google’s move has been eagerly awaited by retailers according to retail technology consultant, Miya Knights. “Retailers are keen to start experimenting with agentic commerce, selling directly through AI platforms like ChatGPT, Gemini, and Perplexity. They will embrace and experiment with it. They want to know how to show up and convert in consumer searches.”

Security shopping list

However, it will present challenges for CIOs, in particular in maintaining security, she said. UCP as implemented by Google means retailers will be exposing REST (Representational State Transfer) endpoints to create, update, or complete checkout sessions. “That’s an additional attack surface beyond your web/app checkout. API gateways, WAF/bot mitigation, and rate limits become part of checkout security, not just a ‘nice-to-have’. This means that CIOs will have to implement new reference architectures and runtime controls; new privacy, consent, and contracts protocols; and new fraud stack component integration.”

Info-Tech Research Group principal research director Julie Geller also sees new security challenges ahead. “This is a major shift in posture. It pushes retail IT teams toward deliberate agent gateways, controlled interfaces where agent identity, permissions, and transaction scope are clearly defined. The security challenge isn’t the volume of bot traffic, but non-human actors executing high-value actions like checkout and payments. That requires a different way of thinking about security, shifting the focus away from simple bot detection toward authorization, policy enforcement, and visibility,” she said.

The introduction of UCP will undoubtedly mean smoother integration of AI into retail systems but, besides security challenges, there will be other issues for CIOs to grapple with.

Geller said that one of the issues she foresees with UCP is that “it works too well”. By this she means that the integration is so smooth that there are governance issues. “When agents can act quickly and upstream of traditional control points, small configuration issues can surface as revenue, pricing, or customer experience problems almost immediately. This creates a shift in responsibility for IT departments. The question stops being whether integration is possible and becomes how variance is contained and accountability is maintained when execution happens outside the retailer’s own digital properties. Most retail IT architectures were not designed for that level of delegated autonomy.”

Google’s AI rival OpenAI launched a new feature last October that allowed users to discover and use third-party applications directly within the chat interface, at the same time publishing an early draft of a specification co-developed with Stripe, Agentic Commerce Protocol, to help AI agents make online transactions.

Knights expects the introduction of UCP to accelerate interest in and adoption of agentic commerce among retailers. “Google said that it had already worked with market leaders Etsy, Wayfair, Target, and Walmart to develop the UCP standard. This will force competitors to accelerate their agentic commerce strategies, and will help Google steal a march on competitors, given that it is the market leader,” she said.

For online retailers’ IT departments, it’s going to mean extra work, though, in implementing the new protocols and in ensuring their e-commerce sites are visible to consumers and bots alike.

OpenAI has acquired San Francisco-based startup Torch Health in a move that analysts say is a strategic maneuver to boost its ChatGPT health initiative launched last week.

In a blog post last week, OpenAI detailed its vision of ChatGPT Health: to create a chatbot that allows users to connect their medical records and wellness apps, such as Apple Health, Function, and MyFitnessPal, and help them understand their recent test results, prepare for doctor appointments, and get advice on how to approach diets or understand tradeoffs of different insurance options based on their individual healthcare patterns.

Torch Health, too, according to its founders, was building an application that could help an individual make more sense of their medical records via AI by pulling data from doctor visits, lab reports, wearables, consumer wellness tests, and fragmented healthcare portals.

“We started Torch to build a medical memory for AI, unifying scattered records into a context engine that helps you see the full picture, connect the dots, and make sure nothing important gets lost in the noise again,” the company’s four-member team wrote in a note.

Torch Health’s technology will “accelerate the development of ChatGPT Health,” helping the LLM and chatbot provider refine domain-specific services around healthcare, said Akshat Tyagi, associate practice leader at HFS Research. The acquisition, according to Tyagi, will help OpenAI address data fragmentation challenges in healthcare, which is the most critical problem that needs solving, as it will become the base for any application to provide more authentic and accurate responses to queries, as healthcare is a risk-sensitive and regulated sector.

Anthropic, too, is betting on healthcare

OpenAI is not the only AI software and services provider that is making its foray into healthcare. Claude-provider and OpenAI rival Anthropic is making efforts in the same direction.

In a blog post published over the weekend, Anthropic announced that it was expanding its Claude for Life Sciences offering by adding Claude for Healthcare and adding new capabilities to Claude for Life Sciences.

Claude for Healthcare, the company wrote, is a complementary set of tools and resources that allow healthcare providers, payers, and consumers to use Claude for medical purposes through HIPAA-ready products.

Just a couple of days back, OpenAI, too, had launched a similar product under the name — OpenAI for Healthcare — that too contains similar tools targeted at different stakeholders in the healthcare industry.

Analysts say OpenAI and Anthropic’s foray into healthcare is a sign that LLM technology has matured enough to support healthcare use cases. They also see this as a battle to become the foundational intelligence layer for healthcare systems.

“Earlier models weren’t reliable enough. Today’s models can summarize clinical notes, support patient communication, assist with documentation, and surface relevant medical literature in ways that actually reduce cognitive or manual load for clinicians,” HFS Research’s Tyagi said.

The healthcare system, too, according to Tyagi, is looking for efficiency gains that don’t compromise care in the wake of rising costs and burnout.

In such a scenario, whoever becomes embedded early in these workflows gains a long-term strategic position, Tyagi pointed out, adding that once an AI system is trusted inside clinical or administrative processes, it will become very hard to displace.

Both OpenAI and Anthropic have said that they don’t want to replace clinicians or provide treatment, but assist them. OpenAI said it would not use users’ health data to train models.