Computerworld.com [Hacking News]

“The future of AI should be accessible, available, and open to people and builders everywhere, and it should not require an absurd amount of resources only available to a handful of cloud providers,” Paolo Ardoino, CEO, Tether.

About 700 million people use generative AIs like Gemini and ChatGPT weekly, but adoption is far from uniform. McKinsey’s 2025 State of AI survey found that nearly half of respondents from companies with more than $5 billion in revenue have reached the AI scaling phase, compared with just 29 percent of those from companies with less than $100 million in revenue, a gap that only widens further down the chain, locking out smaller businesses, developers, and everyday users.

Retail and small businesses are limited to basic AI utilities that their facilities can power, such as text-based inference and multimedia generation, using base models. That is billions of end users, and developers locked out of full utilization and development of intelligent software due to high infrastructure demands.

Tether’s edge-first LoRA fine-tuning framework for Microsoft’s Bitnet LLM is an important step towards developing an infrastructure system that supports billions of AI agents and intelligent machines. By reducing the computational overhead of machine learning and enabling consumer-grade devices to perform advanced operations, Tether’s edge-first approach ensures greater leverage for the larger population.

Imagine a 13-billion-parameter model being fine-tuned on everyday handheld devices like Samsung S25 and iPhone 16, as well as on regular personal computers. The breakthrough combines resource-efficiency and platform-agnostic techniques to develop a fine-tuning framework for the ternary-quantized LLM.

Behind Tether’s Bitnet fine-tuning framework

Bitnet LLM was born out of the vision of an intelligent AI model that doesn’t consume outrageous computing resources even at full precision. Earlier attempts at resource-efficient AI relied on trade-offs, such as running small-parameter models at higher precision or larger-parameter models at lower precision, but neither approach fully solved the problem.

Bitnet takes a more fundamental approach. The result is a model that achieves linear efficiency while consuming only a fraction of the computing resources traditionally required.

The challenge, however, is that contemporary GPUs are optimized for the very floating-point operations Bitnet eliminates, creating a hardware compatibility gap. Compounding this, Bitnet was originally confined to its own Bitnet.cpp inference engine, limiting its broader utility. Tether’s breakthrough addresses both constraints at once by integrating a Vulkan and Metal GPU backend that unlocks true cross-platform capabilities for BitNet inference and LoRA fine-tuning on heterogeneous consumer GPUs, including mobile GPUs. Bitnet can now run on more mature, widely supported inference engines without sacrificing its efficiency advantages.

Vulkan’s cross-platform nature is key here. Unlike CUDA, which ties developers to NVIDIA hardware, Vulkan runs across a broad range of GPUs and operating systems, opening Bitnet to genuinely multi-platform deployment. Tether’s Bitnet fine-tuning framework implements a dynamic tiling technique to mitigate limitations in Vulkan driver buffer allocation on mobile GPUs.

The dynamic tiling algorithm technique was first applied in the fine-tuning framework for QVAC Fabric LLM, the AI model that powers Tether’s QVAC Workbench application.

This implementation demonstrates the efficiency of this approach: fine-tuning a 13-billion-parameter model across a range of consumer devices with varying GPU configurations.

The Bitnet LLM Fine-tuning framework is Tether’s latest achievement and part of a broader expansion into open-source AI and communication technologies that challenge current, slow, fragile, and controlled systems. These developments are open-sourced and packaged as modules in the QVAC SDK for easy deployment and to help developers build edge-first AI applications without needing anyone’s permission.

Tether envisions superintelligence as a foundational element possessed by its owner and is enforcing this through:

Local-first AI

Synonymous with decentralized AI, “Local-first” AI aims to create sovereign AI solutions that do not rely on centralized infrastructure, such as data centers, to operate. They are considered cost-effective, relatively more sustainable, and unarguably more private than centralized AI. Tether is building AI applications that rely entirely on the device’s resources. These applications store data in device memory and use its processors for advanced operations, such as fine-tuning and inference.

P2P computing network for AI inference

Tether’s AI applications are built on the Pear runtime. Pear is a tooling platform for fully P2P applications that can operate without servers. Pear leverages the Holepunch tech stack. Holepunch is purpose-built for stable, direct communication between devices. Pear enables delegated inference for AI applications such as QVAC Workbench. Delegated inference enables a unified, dynamic workstation architecture where compute tasks are fluidly distributed between mobile and desktop environments, allowing either device to offload high-intensity processing to the most capable system. That is, you can start a task on your mobile device and delegate it to your desktop or laptop for completion.

AI for everyone

The only way to scale intelligence to the needs of a ten-billion-strong society is to push it to the edge. This, in turn, depends on the progress made by experiments aimed at cost-effectively localizing AI computation.

Billions of AI agents and countless AI applications deployed by developers in every region of the world, running effectively on user-owned resources, is the only way we can democratize superintelligence and avoid creating another ‘luxury’ cutting-edge technology controlled by unicorns and fully accessible only to elites.

Tether is pioneering limitless superintelligence for an ever-growing society and applications. Follow the journey to truly local and edge-first AI solutions

Apple publishes its App Store fraud prevention report every year,. And when it does, the company presses the point that its curated system brings much value to developers and customers, including highly effective protection against fraud. It says it prevented more than $2.2 billion in potentially fraudulent transactions in 2025 alone.

A tax worth paying

The company said it has prevented $11.2 billion in such fraud in the last six years. That’s a lot of value for the 15% or lower commission that all but the biggest-selling developers are required to pay on their store sales.

Don’t believe the hype, as most developers are not generating the $1 million a year required before the 30% payment kicks in.

You might reflect that if there is an Apple Tax, it’s a progressive tax in which those with the broadest shoulders help support the wider developer community, which is probably why some tech billionaires don’t like it. 

But I’m not here to write about taxation; I’m here to highlight the value the App Store brings. Apple diligently works to protect customers and developers against the ever-growing threat of cybercrime at a scale few other companies could hope to match. That matters in an environment dominated by ever more sophisticated attacks, including scenarios in which a developer submits a benign app for review and then modifies it once the app is online to commit financial fraud.

More than fraud prevention

It’s not just fraud Apple protects App Store customers from. It also attempts to protect privacy. Look, we know that tech firms now exist for whom privacy is a roadblock to profit; they want to take all your information for free to sell it for money, or worse. Apple stands against this and has done so for years, which is why it is under steady attack by entities that want privacy destroyed to boost their bottom line. Nation states and nation-state-adjacent attacks don’t help in the battle for your private digital life, throwing huge resources at undermining personal protections.

Apple’s report gives you a solid glimpse at the anti-privacy environment. App Store rejected 443,000 app submissions for privacy violations; it also rejected 22,000 apps for holding undocumented anti-privacy features. 

The upshot is that while Apple’s protections aren’t 100% perfect, they’re still industry leading. Where incidents do take place, they are resolved swiftly, and the bait-and-switch approach (in which an app pretends to be benign but carries malware) remains the biggest threat. That’s why customers should always verify they trust a developer before downloading apps.

The threats coming over the hill

The thing is, all of these threats are evolving, and Apple is equipped to evolve in parallel with them. In part, that’s because it has scale, in part because it has that huge 2.2-billion-device ecosystem, in part because the company entered the app store race with deep understanding of how online transactions were evolving in the first place. It didn’t run iTunes for years only to learn nothing.

Coming up over the hill we can see new-breed quantum-based threats. Along with artificial intelligence, that combination will likely spawn a mass attack of AI-generated, malware-infested apps being built and submitted at a record pace. 

We will also likely see increased attacks made against developers in order to extract their Developer ID to help in the submission of such apps. And we will see increasingly sophisticated algorithmic hacks to attack security, identity, and even app ownership. Protecting against those consequential evolutions will be neither easy nor cheap. Doing so will require near state-level protection, a degree of security no small entity can meet. We have no idea if smaller app stores can even visualize such protection — and the EU doesn’t know, either.

In time, hopefully, new businesses will emerge offering quantum-safe security to protect online purchases. But for now, we’ll mostly need to look to large entities such as Apple, or payment services providers, to make the grade. 

Near state-level protection

Will Apple put protection at scale in place to protect against these incoming threats against its App Store? It seems likely, given it is already investing in OS-level mitigations to protect encryption on its services, including around encrypted communications. 

It is also in Apple’s interest to future-proof protection around payment services, ergo also the App Store. At the same time, as Apple’s latest fraud report confirms, the threat landscape remains highly volatile. Time will show that the store’s degree of protection is well worth the cost of Apple’s progressive App Store tax. 

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

For years, software developers on H-1B visas benefited from steady demand among US technology employers. That market is becoming more selective as companies redirect spending toward AI and rely more heavily on coding assistants.

Recent layoffs at companies including Meta and Amazon have added to the uncertainty, with engineering and software roles affected even as major technology companies continue to deepen investments in AI.

Developers and analysts say traditional engineering roles are becoming harder to land, recruiters are asking more often for AI-related experience, and workers are being pushed to keep pace with tools such as GitHub Copilot, Claude, and ChatGPT.

The shift is being driven by both AI investment and broader economic uncertainty, according to Pareekh Jain, CEO of Pareekh Consulting. Companies are changing the profile of the developers they want, hiring fewer people in some areas while paying more for AI talent.

“AI investments are changing company hiring strategy,” Jain said. “They require a different profile, fewer numbers, and also across geographies.”

This shift is colliding with a tougher sponsorship environment for H-1B developers.

Jain said companies are more selective about hiring visa-dependent workers than they were two or three years ago, especially when permanent residents and US citizens are more available in the market.

“Companies are not looking for H-1B now,” Jain said. “They are building a local workforce and preferring green card holders and citizens.”

Employers may now be more likely to consider H-1B candidates only when they have immediate project needs, rather than building a longer-term bench of visa-dependent workers.

Concerns are visible in public forums used by technology workers. In one January post on Blind, an anonymous senior software engineer with seven years of experience said she had been laid off while on an H-1B visa and was “not interview-ready,” highlighting how quickly job loss can become a visa problem for H-1B workers in the US.

Junior developers face the squeeze

The combination of AI tools and tighter hiring is hitting early-career developers hardest, said Adarsh ML, a product engineer at Ather Energy who tracks global engineering hiring trends.

“Companies are increasingly looking for specialized engineers with machine learning and data science skills,” Adarsh said. “Job opportunities for people with zero to three or four years of experience are not really there anymore.”

The shift is also changing team structures, Adarsh said. Earlier, one manager may have had two or three interns and several freshers reporting to them. Now, many of those roles are being replaced by AI agents.

“Companies now want people who understand software well enough to catch the mistakes these AI agents make,” Adarsh said.

That creates a longer-term risk for the software talent pipeline.

“If companies only want people with five years of experience to manage AI agents today, who will have that experience five years from now?” he said. “There may not be enough experienced developers left.”

AI literacy becomes baseline

The impact is not the same for every role. Sophia James, an Indian software professional based in the US who works in database monitoring, said AI has not significantly changed her team’s daily workflow. But AI literacy is becoming a management expectation.

“Managers are trying to understand whether we are keeping up with the changes happening in the market,” James said. “Recently graduated students, whether BS or MS, are finding it difficult to get jobs. But people who already have jobs, like us, are not facing that much of an issue in terms of projects continuing.”

Jain also stressed that AI literacy is now becoming a baseline expectation for software developers, even outside AI-focused roles.

“Being AI-literate is a must now, even if the role is not directly in AI development,” he said. “This is like knowing Excel even if you are not from finance in the earlier era.”

Fewer developers required

Jain said AI coding tools are likely to reduce the number of developers companies need for similar tasks, making the technology deflationary for some software work.  

But Jain added the impact may not be entirely negative. Enterprises will need to invest in data, cloud, and modernization to become AI-ready, creating new work. AI could also encourage companies to build more applications internally instead of buying from SaaS providers, potentially creating opportunities for IT services firms.

The effect is already visible in hiring decisions. Nikhil Dhiman, head of engineering at CarInfo, said AI is changing the economics of early-stage software development, particularly when companies are building proofs of concept or testing new ideas.

“Some companies are very cautious now,” he said. “They want to leverage AI more and hire less. They just want to see the impact first.”

Navigating the new hiring market

Familiarity with tools such as ChatGPT and GitHub Copilot is now a baseline requirement for developers, said Sanchit Vir Gogia, chief analyst at Greyhound Research.

Developers need deeper expertise in areas such as cloud infrastructure and data engineering, as well as security and AI governance, he said. Those skills are closer to the systems enterprises need to validate and scale, rather than the routine coding work AI tools are starting to compress.

“The engineer who only produces output grows easier to replace as the output grows easier to generate,” Gogia said. “The engineer who can validate it, secure it, situate it in a real business, and stand behind the result becomes harder to replace.” For H-1B developers, he said, adaptation also requires visa planning. Developers should understand portability rules and employer sponsorship timelines before a job loss forces urgent decisions.

“A high-skilled worker has up to 60 days after a role ends, and the right to begin new employment the moment a valid portability petition is filed,” Gogia added. “The strategic error is treating that window as a safety net rather than a planning horizon.”

The article originally appeared on InfoWorld.

Over the past decade, there’s something I’ve hinted at, mentioned in passing as a part of broader discussions, and told more people than I can count privately via email and other one-on-one conversations.

And now, as the writer of the internet’s longest-standing Android column and newsletter — a fancy way of saying someone who is apparently now old as molasses — I feel like I’d be doing a disservice if I didn’t just come out and say it as prominently and plainly as possible:

There is no valid reason anyone should be buying Motorola Android devices in 2026. None.

It’s a shame, too, ’cause Motorola has a heck of a history within Android and the mobile realm in general. And, to its credit, the company does still make some impressive-looking and at times quite interesting hardware.

But the compromises that come with that package are just too serious and consequential to be forgiven. That’s been the case for some time now, truth be told — but with yet another facepalm-inducing infraction being added onto the list now, it’s time to say it loud and clear:

Please stop buying Motorola Android phones. And please join me in telling everyone you know the same thing. 

Trust me: You’ll be doing them a major favor. And here, with no punches pulled and absolutely no sugarcoating, is exactly why.

[Get level-headed knowledge in your inbox with my free Android Intelligence newsletter — three new things to try every Friday and tons of other tasty treats.]

The Motorola Android compromise: Part I

I won’t beat around the bush: The most pressing reason Motorola Android phones are completely inadvisable to buy is the reason that’s been present for the longest — and that’s the company’s complete and utter disregard for even minimally acceptable post-sales software support.

It’s something I’ve noted in my data-based Android Upgrade Report Cards for more years than I can even remember at this point, and it’s almost comically consistent: Year after year, upgrade cycle after upgrade cycle, Motorola simply does not give a damn about investing the time or the money to bring current Android versions to its existing customers in anything close to a timely manner. Once you’ve forked over your phone and put away your wallet, good luck: You’ll be lucky if you get a single software update from Motorola after that, half a year to a year after the fact — and you almost certainly won’t hear a single peep from the company about the progress (or lack thereof) at any point along the way.

Motorola has managed to score an almost impressive number of back-to-back “F” scores on my annual analyses; no other Android device maker even comes close to that record. And lest you think this is purely about pokiness in providing polish and surface-level progress, remember that practically every Android software update is packed with critically important changes around privacy, security, and performance — and the way apps are able to interact with both your data and your hardware.

Running outdated software isn’t just dangerous — it’s downright irresponsible, especially if you’re a professional using your phone for business purposes but even if you’re just a regular ol’ schmoe focused purely on personal stuff. No one who understands a thing about security would ever recommend that, and that’s exactly what you’re signing up for anytime you buy a Motorola-made device.

So that’s part one, and that’s the biggest problem with Motorola’s Android products. But it isn’t the end of this tale nor the reason I was finally moved to write this missive, with the hopes that it’d eventually reach any Android-interested phone-buyers with Motorola on their minds.

Motorola’s more recent Android offenses

All update-related issues aside, the problem with Motorola’s Android products is that they make all sorts of compromises that are all about lining Motorola’s pockets at the expense of your experience.

The most recent example and the straw that broke the Android columnist’s (increasingly creaky) back is the new discovery that Motorola had seemingly been indirectly hijacking the Amazon app on its devices and sneakily injecting an affiliate code into links. The end result of such actions, according to observations published this week, is generating unearned revenue from your day-to-day purchases.

That’s an underhanded and shady-seeming practice, to say the very least. It just feels icky and ethically reckless. And clearly, what was demonstrated was intended to go unnoticed, which is always a pretty apparent sign in my mind that someone’s doing something shifty.

Following the discovery and subsequent outcry, Moto released a statement saying that the behavior was “unintended” and the result of its partnership with a company called Device Native. According to Moto, it had teamed up with that organization to develop “an app search and suggestion experience for the Moto App Launcher.” You can choose to interpret that how you will, but the reality is that Device Native is a company that exists to inject personalized, native-seeming ads directly into the core Android software experience, as its website plainly establishes — with “no user opt-in required,” allowing for easier “scale” of “monetization globally.”

A screenshot from the Device Native website.Device Native / JR Raphael, Foundry

On some level, at least, Motorola evidently decided to work with this company and integrate its ad technology into the Android experience on its phones. Regardless of whether the Amazon code injection was truly deliberate, which organization caused it to happen, and who was or wasn’t aware of the actions, Motorola opted to place this ad-serving system into the phones it was selling and to allow the company behind it to exert this kind of control over its customers’ experiences — as well as, one would imagine, likely leaning on it for other forms of invasive system-level ad integration.

And sure, maybe Moto will back down from this practice and perhaps even distance itself from the partnership entirely if the outrage grows loud enough. But does someone stopping a shady-seeming practice simply because they got caught and people complained make for the kind of company you want to trust in general?

It’s similar to the way Moto lards up its devices with so much preinstalled bloatware that you actually have to fight to get through it or — Goog forbid — remove it and reclaim the product you paid hundreds of dollars to purchase. Heck, even the company’s top-of-the-line, nearly $2,000 folding Razr Fold phone is guilty of this sin, and that’s just embarrassing for a device of that price and caliber.

Even with Motorola’s lower-level phones, though, we’re talking about devices that often cost $500 or close to that. These aren’t bottom-of-the-barrel, heavily subsidized garbage gadgets. You could get one of Google’s Pixel 10a phones for that same price or often even less — without any of the bloatware, the link-hijacking and potential ad-injecting shenanigans, or the unforgivable software support failures. You’d get a full seven years of guaranteed timely and reliable software updates, from major Android versions to monthly security patches and the quarterly feature drops that accompany those. And that’s to say nothing of the superior camera experience and other assorted advantages.

You could go with one of Samsung’s midrange models, too, imperfect as those are in their own ways, and it’d still be a massive step up from the Motorola madness.

We’ve reached a point where there really is just no comparison — and, again, no reason why anyone should be buying a Motorola phone anymore. The issue, unfortunately, is that most of the people who are buying Moto devices are the same people who aren’t reading columns like these. They’re the people who waltz into a carrier store, see whatever model is featured on the shelf or pushed by a commission-earning, partnership-promoting salesperson, and walk out with whatever caught their eye or had the best promotional pricing on that particular day.

Make no mistake about it: These types of devices give Android a bad name and propagate the myth of the entire platform being a second-rate dumping ground for “folks who can’t afford iPhones.” Android is so much more and so much better than that. You deserve so much better than that.

Plain and simple, this isn’t the Motorola of yesterday. At this point, there’s no excuse — and no reason to keep setting yourself up for failure when so many better options exist.

Say goodbye, Moto. And make sure everyone you know who won’t be reading this column knows why they should do the same.

Get unmatched Android insight in your inbox with my free Android Intelligence newsletter — three new things to try and zero punches pulled every Friday.

The rise of generative AI (genAI) technology has prompted a growing debate about the future of software-as-a-service (SaaS) business models. 

Some of the fears are overblown: enterprises are unlikely to vibe-code their own applications to replace their SaaS suppliers anytime soon, while software vendors have yet to see per-seat sales fall off due to mass automation of white-collar jobs. (In fact, some now predict the opposite will happen.)

At the same time, AI has the potential to change the way work is carried out, with AI agents empowered to interact with software applications on behalf of users. For software vendors, that could mean a future where applications are accessed less through traditional user interfaces as AI agents connect via APIs. 

It’s an inevitable shift, says Box CEO Aaron Levie, and one that requires software vendors to adapt their existing products and business models to prepare for agent workflows. 

Computerworld recently spoke with Levie about how Box — and other SaaS vendors — can adapt as agentic AI threatens to upend existing business models. (This interview has been edited for clarity.)

Discussion about a “SaaS-pocalypse” has died down recently, and software stocks have rebounded. At the same time, it seems clear the adoption of AI agents could change how workers interact with software. How can companies like Box adapt to this new environment? If AI increasingly becomes the interface users interact with, where does the long-term value lie? “People are realizing that you’re not going to rebuild a lot of the systems that people were kind of claiming you would [with vibe-coding]; it just doesn’t make sense. So, that part is sort of dissipating. However, headless software and the ability to use your systems via AI is obviously going to happen, there’s no question. 

“So, I think the conversation is shifting from ‘AI disrupts software’ to ‘AI is going to be the biggest consumer and user of software going forward.’ And for that, the main thing is: can you have a business model that allows you to actually monetize the consumption of those agents using your underlying tools? We’re fortunately built for that; we’ve had an API business model basically forever, so we’re well prepared.

“There’ll be some companies that have to pivot a little bit more significantly over time — there’s no question that will happen in a bunch of organizations. We’re big believers that AI will be the biggest user and interface for the future of software.”

How important is it for Box to retain that interaction with human workers, rather than becoming more of the underlying layer AI agents interact with? “I would say that we’re totally comfortable with that shift. When you have AI agents, you still need a place to be able to secure the data — you need to protect it, you need to govern it, you need to make sure you know who’s accessing it. None of that changes in the world of AI. In fact, if anything, it actually increases. 

“We don’t really care if it’s an agent using the data, an application using the data, a person using the data — we want to be the best content management system that connects your information to all of those applications.”

How does that perspective feed into your product development and roadmap “It basically means that we need to be a headless platform. That means customers need to be able to access their data via MCP inside of ChatGPT, inside of Claude, inside of all these systems. It means that we care as much about our APIs and access to those APIs as we now do our user experience. We have to make sure that both of those environments are as simple and clean as possible, and as usable as possible.

“It’s basically as if there’s another constituent now in our ecosystem that we have to go and pay attention to.

“We need to be the best place to manage your content, and then wherever you want to work with it from, we’re totally fine. So, if you want to work with your files from your desktop, from Claude Cowork, from ChatGPT Codex — we just want to make sure we are universally accessible across every single place that people want to work with their data.”

Could that mean changes around how you price access to your software? Do you expect a shift to usage-based pricing? “Not as much as is probably being talked about online, because seats still make sense for the employee and the end user. Even when an agent is doing work on your data, it’s still you invoking that agent. It sort of makes sense that the seat is still attached to the underlying end user employee, even though an agent is going to be doing work on your data.

“We think the seat model will be quite durable over time. What this does is just add another business model, where you have agent-only interactions; those will be primarily coming through the API, and then that will be a consumption model.”

What are your thoughts on outcome-based pricing? Is that something you look at? “We do one thing that’s close to that — we have the Box Agent that does things like data extraction. It extracts your data and we charge based on the number of pages that you want to extract data from. So there are some things that approximate outcomes, but not at the level of resolving a customer service ticket or something like that, that maybe has been talked about. We’re probably going to be more aligned to…the amount of compute that that is used.”

What are your conversations with customers around moving to a usage-based model? A lot of organizations are used to fixed monthly subscriptions — can metered AI agents become problematic? “I think it definitely can be. This is sort of a common tension in general.… We saw this with cloud computing, for instance. The difference with cloud computing is that cloud was relatively centralized, versus the use of AI and tokens are much more diffuse. That’s a big difference that companies have to think about.

“There’s always this tension: you can pre-buy and have a subscription, but then you might be overpaying for periods where you’re not using it as much. Or you can only pay for what you use, in which case you might have some volatility in the pricing of what happens.”

How are customers progressing in adopting AI agents — particularly, the move from pilot projects to production. What are some of the biggest barriers to wider deployment of agents? “We’re very much moving from coding agents to the rest of knowledge work: this is the jump that’s starting to occur. In that, one of the big questions and challenges is how companies get agents the right context and information to work with — how do they enable agents with the right level of constraints in their organization from a security and compliance standpoint? This is our kind of reason to exist, and what we’re helping our customers on.

“Overall, it’s just a transformational moment in the enterprise. Every customer that I talk to, every dinner that we have with customers, every CIO meeting I’m in, every CEO meeting I’m in, it’s all about agents.

“Agents have thrown the whole world into this kind of dynamic period of, ‘What does the shape of your organization look like? What’s the future of a manager versus an individual contributor? What are the workflows that you can go and execute on?’ There are so many different ways that this is starting to change.”

You were part of another major industry transition with the adoption of cloud computing. Are there similarities you see or major differences that customers can learn from? “The big difference between [them] is that, with cloud, you could centralize the deployment of and management of.Cloud really only affected 3% of your organization that was moving from the data center to the cloud, and then every employee got better products and experience as a result of that. The change was really kind of fairly concentrated. AI affects every single employee in the company. It’s a radically different type of transformation of what work looks like.

“There are only so many analogies you can make to cloud before quickly you realize, no, this is actually a different transformation. Maybe it’s even closer to the PC, in the sense of every single worker has to change what they’re doing to be productive. It’s not a technology delivery shift, it’s a fundamental reworking of every workflow in the enterprise. And so that’s I think what most companies are going through right now.”

Over the next three to five years, both governments and the private sector will need to rapidly adapt identification and mitigation protocols as adversaries move from AI-assisted to AI-enabled sanctions evasion and proliferation financing (PF), a new research paper warns.

The report, Algorithms of Evasion: The Rise of AI-Enabled Proliferation Financing, from the Royal United Services Institute (RUSI), a UK-based defense and security think tank, defines PF as the use of funds or financial services to acquire, develop or otherwise deal in weapons of mass destruction (WMD). It states, “North Korea and Iran are now developing and deploying AI models to aid with sanctions evasion activities.”

Key findings include the fact that AI is now capable of mass producing high-quality fraudulent documents, as well as automating what the report describes as “the administrative minutia of managing extensive shell company  networks.” AI powered systems, it states, can also “analyze blockchain patterns in real time to dynamically adjust cryptocurrency mixing strategies, effectively evading detection tools.”

In addition, it says, “[tools such as generative AI] which can produce sophisticated fraudulent identification documents, for example, have helped North Korea perpetrate phishing attacks against Western companies.”

Dr. Aaron Arnold, senior associate fellow with the Centre for Finance and Security at RUSI, who authored the paper, said in an email that what prompted it was an uptick over the last year in North Korea’s use of AI to facilitate and enhance its cyber operations, in the form of phishing schemes designed to generate revenue for the country’s ballistic missile and nuclear weapons programs.

He advised enterprise IT managers who need to protect their organizations from becoming victims of sanction evasion activities that “[it] means largely adapting to a landscape where traditional human-focused security boundaries are being bypassed by automated technologies.”

For IT managers, said Arnold, “this might entail incorporating defensive AI, the use of behavior-based analytics, using ‘circuit breakers’ when there is heavy use of API or MCPs, updating personnel training, and hardening identity verification, especially for any remote hiring.” 

Distinction between AI-assisted and AI-enabled activity is ‘central’

Sanchit Vir Gogia, chief analyst at Greyhound Research, said that the RUSI report matters “because it names the right structural shift. AI is not creating sanctions evasion from thin air, it is compressing and scaling methods that already work.”

He pointed out that none of the sanction-evading techniques such as fraudulent documents, synthetic identities, shell companies, hidden beneficial ownership, crypto laundering, and others are new. “What changes is the speed, quality, volume and coordination with which these methods can now be assembled,” he said.

According to Gogia, “the distinction between AI-assisted and AI-enabled activity is central. AI-assisted evasion uses AI for discrete tasks: writing a better email, producing a cleaner document, generating a stronger false profile, translating a pitch, summarizing regulations or preparing a plausible job application. AI-enabled evasion is more serious.”

A ‘structural asymmetry’

This tactic, he said, “begins to coordinate the system itself. It links identity, documents, ownership structures, payment routes, cloud access, crypto wallets, API calls and timing. The difference is not whether AI helps someone fake a document. The difference is whether AI begins to orchestrate the deception.”

That is why the report’s findings should worry enterprise leaders, he noted: “Many organizations still assume the bad actor is mostly human, mostly linear and mostly slow. That assumption is expiring. AI lets adversaries run more attempts, with fewer errors, across more channels, in more languages, with better paperwork and greater patience than most enterprise review processes can absorb. This is not a tale of genius criminals discovering magic. It is the story of ordinary controls meeting industrialized plausibility.”

The evidence today, he pointed out, is strongest around tactics such as identity fraud, document fraud, synthetic personas, remote-worker deception, phishing, social engineering, crypto obfuscation and workflow abuse. “Fully autonomous evasion networks sit on the horizon,” he said. “They are serious, but they are not yet the everyday baseline.”

This distinction matters, said Gogia: “If enterprises obsess over cinematic autonomous agent scenarios while leaving remote hiring, vendor onboarding, payment approvals, and document review full of holes, they will lose in the most prosaic way imaginable.”

The report, he said, also gets the “asymmetry” right. “Offensive actors can learn across the ecosystem,” he said. “They can scrape open information, reuse leaked records, study enforcement patterns, test onboarding forms, inspect public procurement data, watch court filings, probe compliance thresholds and [use the information to] refine their behavior.”

Defenders, by contrast, are hemmed in by privacy rules, fragmented data, explainability requirements, jurisdictional boundaries, conservative operating models and siloed technology estates. “Offensive AI learns broadly,” he said. “Defensive AI often learns from fragments. That is the structural asymmetry.”

He explained that the regulatory landscape also amplifies the problem, in that regulatory bodies “still speak in separate dialects. [For example] the EU AI Act pushes organizations toward stronger obligations for high-risk AI. NIST-style frameworks push risk management, transparency, and governance.”

A trust architecture problem

Financial Action Task Force (FATF) expectations push national risk assessment and counter-proliferation controls, he noted, while banking regulators focus on model risk, accountability and operational resilience. “None of these streams is irrelevant. The trouble is that criminals do not organize themselves around regulatory workstreams. They organize around outcomes.”

What that means, said Gogia, “is that enterprise cannot wait for a clean global rulebook. It will not arrive in time. CIOs, CISOs, compliance officers and boards need a working governance model now. They need privacy-preserving analytics, controlled data environments, audit trails, legal safeguards and clear model-risk accountability.”

He said that enterprise IT managers should treat the situation as a trust architecture problem rather than a narrow sanctions-screening problem. “The uncomfortable truth is that AI is not simply helping bad actors write better phishing emails or forge tidier documents,” he noted. “It is helping them manufacture legitimacy across a chain of enterprise workflows.”

Likely outcome an ‘AI arms race’

Report author Arnold also noted that there are signs that cyber criminals have discovered new AI technologies and abilities that legitimate enterprises could adopt for legitimate applications.

History, he said, “is replete with [criminals] developing novel solutions to tough problems, [which are] later adopted by law enforcement. Much of our anti-financial crime policy is effectively a response to bad actors exploiting systems or using technology in novel ways to perpetrate crimes. In this scenario, I think an ‘AI arms race’ between enforcement authorities and bad actors is the most likely outcome.”

Gogia added, “the baddies are not teaching enterprises how to invent AI. They are teaching enterprises where trust is leaking. That is the lesson worth taking seriously.”

This article originally appeared on CIO.com.

Apple has spent billions of dollars to develop satellite connectivity for iPhone; I very much doubt it did so solely to rescue stranded hikers. The company will most certainly have had a bigger prize in its sights when it first began working with GlobalStar (now owned by Amazon).

The most logical reason to invest in satellite coverage for its devices is the most obvious — to provide network infrastructure for new breeds of device and new service models. You don’t acquire access to massive amounts of bandwidth for nothing. And Apple’s steady introduction of new satellite-supported services shows it is interested in introducing these services, even though the offer isn’t extensive enough yet to require iPhone users to pay for access, yet.

The decision not to charge for those satellite services suggests they’re just the thin end of the company’s plans for satellite deployment.

It’s possible the company’s ambitions were limited by GlobalStar’s ability to put satellite constellations in orbit. That work was ongoing last time I looked, and I fully expect existing Apple satellite services will be extended to new nations, even under Amazon’s watch.

Amazon enters the room

Amazon’s recent $11.6 billion acquisition of GlobalStar is interesting. You can see that Apple is now forced to work with its old frenemy, even as both partners already profit from strong, steady Apple hardware sales via the online retailer. So they know they can make money together.

“Apple and Amazon have a long and proven track record of working together through Amazon’s core infrastructure services, and we look forward to building on that collaboration with Amazon Leo,” Greg Joswiak, Apple’s senior vice president of worldwide product marketing, said when the deal was announced. (The transaction isn’t expected to close until next year.)

Making money together is often seen as a strength in business relationships and Amazon has agreed to continue supporting Apple products and to collaborate with Apple on future satellite services.

When it comes to mobile telecoms, Amazon isn’t the only game in town, and neither is Starlink. Cellular operators are inking deals with satellite providers all over the world, all with the intention of bringing network access to those who otherwise can’t get a decent connection.

Just today in the UK, Virgin Media O2 announced plans to switch on the O2 Satellite service for iPhone users tomorrow, enabling customers — particularly in rural areas — to get a satellite connection where traditional cellular coverage is unavailable. It could simply identify new ways to enhance the Find My service.

Orange last year offered its own satellite comms to French customers, while Deutsche Telekom partners with others to provide SMS via satellite in Europe and the US. You’ll find similar alliances in most key territories, including Australia and Japan. The direction of travel exposes an industry embracing satellite as a way to widen existing cellular infrastructure, which makes sense given the relative cost of installing conventional masts in some regions. 

Many ways to crack it

There’s speculation Apple could become a satellite carrier, a move that would put it in competition with carrier partners. But Apple doesn’t need to do to provide satellite communication services to iPhone users, nor would it want to relinquish the symbiotically profitable relationships it’s developed with carriers.

It could, for example provide satellite calling as a hardware feature available with every iPhone across all supported carriers, possibly as an additional service that guarantees customers can get a connection, even in the countryside. It could evangelize the service as being “Private by Design,” and supplement this with data over satellite to support apps, particularly agentic AI apps. 

Combined with the next wave of AI enhancements Apple is expected to deliver for its systems, the combination of an always-on, resilient, private data connection and AI could prove invaluable to many customers. That’s particularly true for enterprise customers seeking global solutions that respect sovereign data, privacy, data retention policy and managed AI services – especially as terrestrial infrastructure becomes an attack target. Such scenarios will only become more widely understood as 6G emerges, with its built-in support for satellite infrastructure.

What will Apple do?

Will Apple move in that direction, or maintain its focus on the consumer markets? Will it decide that rather than deploying its own part-owned satellite constellations as it was with GlobalStar, it is better to work with carrier partners? Will it wait for 6G with its enhanced, standards-based support for satellite communications? 

Those are answers we don’t yet have. But it is quite clear that as satellite communications truly enter the mass market, Apple has put together many of the technical, hardware, software and infrastructure pieces it will need to ensure the iPhone is a peer player in whatever use cases emerge. 

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Google’s shiny new Android 17 update may be on the brink of making its way out into world, but one of the most consequential Android notification upgrades I’ve seen in ages is actually available for anyone, on any device, this instant.

It’s one of those things you don’t even realize is missing — and awkwardly has been, all this time — until you have it in front of you and see just how helpful and at times even invaluable it is.

And that’s the ability to have any or all of your notifications saved and restored whenever you restart whatever Android device you’re using — so that nothing important gets awkwardly tossed aside, lost, and forgotten, likely without your ever even noticing or being aware of what you’ve missed.

How many potentially important pending alerts have you lost as a result of that reboot trash chute? I couldn’t even begin to count, myself, and am slightly terrified to think of the answer. But with this easy new improvement in place, it’ll never happen again.

And best of all? It’ll take you roughly two minutes, once, to set up and then forget about and just know it’s working on your behalf from that moment forward.

Lemme show ya how.

[Keep the off-the-beaten-path knowledge coming with my free Android Intelligence newsletter — three new things to try every Friday and my Android Notification Power-Pack as a special welcome bonus!]   

Your new Android notification safety net

The secret sauce that makes this sorcery possible comes not from Google itself but from a crafty independent developer who’s been expanding our Android notification smarts for many a moon now.

His app is called BuzzKill. You’ve probably heard me rave about it before, with other noteworthy features and additions it’s introduced over time.

Whether you already have BuzzKill on your device or this is your first time encountering it, though, it’s well worth your while to take note of this new capability that snuck into the app not long ago.

First, a quick primer/refresher on what BuzzKill is, in case you aren’t already familiar: BuzzKill is essentially a way to create Gmail-like filters for your Android notifications. You use it to create simple custom rules for what happens when different types of notifications arrive — in an intuitive “if this, then that”-style form — with all kinds of interesting and advanced options for making your alerts more effective.

The latest addition to the app is an experimental option called, appropriately enough, “Restore after reboot.” And it does exactly what you’d expect: Anytime your device restarts, it automatically swoops in to save any active notifications that fit the parameters you select and then instantly restores ’em back into active status once your phone is back up and running.

Without such a system in place, any notifications that you either hadn’t yet looked at or maybe had glanced at and left pending as a reminder to deal with later would more often than not just vanish entirely — and you’d have no easily visible record of their presence or any real indication that they’d been there at all. That’s a dangerous recipe for forgetting something important, whether it’s an email you intended to engage with, a Slack message you needed to acknowledge, or even a task of some sort that had popped up for you to ponder.

The beauty of the BuzzKill approach to fixing this is that it really is a “set it and forget it” sort of system: You just create whatever rule you want now, get it up and running, and then rest easy knowing it’ll always find and restore any active notifications anytime your device restarts — as Android itself should but for whatever reason does not.

2 minutes to auto-restored Android notifications

All right — here are the specific steps to getting your new notification safety net in place:

• First, go download BuzzKill from the Play Store, if you don’t already have it.
  • The app costs four bucks as a one-time purchase, which — believe me — is nothing compared to the ongoing value it’ll give you with this and its many other notification-enhancing possibilities.
  • It doesn’t require any unusual permissions, doesn’t collect any form of data from your phone, and doesn’t have any manner of access to the internet — meaning it’d have no way of sharing your information even if it wanted to. 
• Once you’ve gone through the app’s initial setup and made your way to its main screen, tap on the circular button in the lower-right corner of the screen to create a new rule.
• On the screen that comes up next, consider which specific sorts of notifications you want to have restored whenever your device restarts.
  • You could always start with any and all notifications and then go back in to refine and limit the rule more once you see how it works. You might eventually want to ask it to avoid restoring alerts from certain low-priority apps — like, say, Google Photos — so that it doesn’t bother bringing back stuff that you don’t actually need.
  • If/when you want to create any such restrictions, tap the text that says “any app” to change which apps will be included and/or tap the text that says “contains anything” if you want to restrict based on what specific text a notification does or doesn’t include.
  • If you don’t want to create any limitations and just want all of your active notifications to be restored, at least to start, leave those lines alone and mosey on down to our next step.

BuzzKill’s simple “if this, then that” formatting gives you lots of flexibility with how and when your rule works.

JR Raphael, Foundry

• Tap the line that says “do nothing” and scroll down to find the “Restore after reboot” option. It’ll be toward the bottom of the list, within the “System actions” section.

The “Restore after reboot” action is described as experimental, but it seems to work quite well in my experience so far.

JR Raphael, Foundry

• Tap that, then tap “Pick action” to confirm.
• And last but not least, tap “Save rule” to, y’know, save your rule and set it into action.

The BuzzKill notification restoration equation, in its simplest possible form.

JR Raphael, Foundry

You should then see the rule showing up as active and running on the main BuzzKill screen.

Notification restoration — active and ready to spring into action whenever your phone restarts.

JR Raphael, Foundry

And that really is all there is to it: Whenever your phone next restarts, any notifications that were visible and active at the time of the restart should just show back up via BuzzKill as soon as things boot back up. If you want to get fancy, you could even make certain especially important notifications “sticky” in general, so that if you inadvertently swipe ’em away while your phone is running normally, they’ll automatically come right back even in that scenario.

It’s not the flashiest feature you’ll see this year, and it doesn’t have any whizbang AI shenanigans to make it seem headline-worthy by current-day standards. But it will work and quite possibly be one of the most practical, actually helpful additions you make to your phone all year — even if and arguably especially if you only think about it once in a great while, when you notice it working its magic and saving you from losing something significant.

Discover even more life-enhancing Android treasures with my free Android Intelligence newsletter — three new things to try every Friday and my free Android Notification Power-Pack today.

Tech companies seem to be falling over each other these days in firing people to either replace them with AI or to pay to build AI infrastructure. Wouldn’t it be nice if they at least waited until AI actually worked for business?

On the one hand, top tech businesses such as Amazon, Block, Cisco, Cloudflare, and Meta have all announced that they’re slashing payrolls — either because AI can do the same work as people or they need the cash to build out their AI infrastructure. Isn’t that great? All together, of the 37,638 tech job cuts so far this year, 47.9% — almost half —  can be tracked back to AI. 

On the other hand, despite all the AI hype and hysteria, no one has yet proven that AI is, generally speaking, really all that helpful for businesses. Oh, I know, I know. You did great things with OpenClaw vibe programming. Microsoft’s CEO, Satya Nadella, claims 20% to 30% of the company’s code was written by AI. And Nvidia assures us that 88% of its surveyed customers report AI has increased their revenues. 

But really, what else would they say? “Dear Board, we just blew half a billion bucks on Nvidia GPUs, and we’re losing money hand over fist?” I don’t think so.

The truth is, as an IDC study reports, a mind-boggling 88% of proof-of-concept AI projects never reach production. Lest we forget, MIT’s The GenAI Divide: State of AI in Business 2025 study found that 95% of AI projects fail to deliver measurable P&L impact. 

Now, I have to acknowledge that AI is finally becoming truly helpful in business. As a guy who knows a thing or two about programming, Linus Torvalds, creator of Linux and Git, said at Open Source Summit North America, “I’m personally 100% convinced that AI is changing programming.” He estimates that “AI will increase your productivity by a factor of 10.” 

But is that reason enough to slash make workforce cuts of between 10% to 40%? (Short answer: No. Longer answer: Noooo!)

It’s not just the mass firings. Workers who are either awaiting the axe, or have escaped it for the moment, are miserable. As one Meta employee told The San Francisco Standard, “I tend to cry in the shower,” and, “A lot of my feelings about my job are about the general chaos and not just the layoffs. ” 

So, explain this to me: When everyone knows AI-driven layoffs are coming, exactly how well do you expect them to work? You really think they can give their best? 

Making matters worse, it’s an open secret that IBM, Google, and Meta are having their employees train their AI replacements. As a popular meme puts it, workers are now “building your own coffin.” Is it any wonder that a lot of people — 29% of all employees and 44% among Gen Z workers —  are deliberately sabotaging work when the boss insists they train their AI replacements?

It also sure doesn’t help office morale when the CEO keeps saying AI will replace half of all employees. A particularly egregious example of this was when Standard Chartered CEO Bill Winters proclaimed his bank would slash thousands of jobs and replace “lower-value human capital” with AI.  

He’s since backed off the claim, but come on — we all know he meant it. Just like all the other CEOs who’ve said similar things, between FOMO and the knowledge that AI job news is sure to make the stock price jump, they’re eager to cut headcounts and boast about how successful AI will make them. 

What happens a few quarters down the road? Their attitude today seems to be let  tomorrow take care of tomorrow. I hate to tell them, but that really doesn’t work in the long run. (Not, mind you, that a future much farther ahead than the next quarter seems to matter much anymore to business executives.)

It should. As a recent Deloitte study stated: “Most respondents reported achieving satisfactory ROI on a typical AI use case within two to four years. This is significantly longer than the typical payback period of 7seven to 12 months expected for technology investments. Only 6% reported payback in under a year, and even among the most successful projects, just 13% saw returns within 12 months.” 

AI, in short, is not the miracle cure for what ails businesses that its fans claim. 

Will that stop businesses? I doubt it. While I appreciate that California Gov., Gavin Newsom is trying to bandage the AI job bleedout by mandating studies on subsidizing companies to keep employees rather than replace them with AI, I doubt that will do much to staunch the wound. 

At the Open Source Summit North America, Linux Foundation CEO Jim Zemlin was optimistic about AI and jobs. He pointed out that, thanks to AI becoming  “pretty damn good coders,” the number of open-source projects on GitHub has led to a “surge of new code and projects.” 

Zemlin also believes that while few developers will write code, “engineers will still design, review, secure, and integrate that code.” (He’s referring to what’s becoming  known as forward-deployed engineers.) This, in turn, will supposedly lead to tech job growth. 

I’d feel a lot better about that prediction if I believed the C-suite suits at most companies were capable of truly forward-looking thinking rather than focusing entirely on hiking the stock price by making the next quarter look good through staffing cuts. 

In the long run, sure, AI will make us more productive. But, we’re not there yet. For now, companies need to keep employees happy, not shove AI down their throats — and work out carefully and thoughtfully how AI will really work for business. 

If ever there were a lawsuit in which a jury and judge should have ruled against both the accuser and the defendants, Elon Musk’s suit against OpenAI and Microsoft was it. 

The high-profile legal battle pitted the world’s richest man against a company worth more than $3 trillion, another that might soon launch a $1 trillion IPO, and tech execs claiming to have only the good of the world in mind, not mere filthy lucre, while they develop a technology some fear could eventually destroy humankind.

The lawsuit was eventually thrown out, but only on technical grounds. Meanwhile, unregulated AI marches on, with Musk, OpenAI and Microsoft all getting richer.

The only winner in this suit was hypocrisy. Here’s why.

Back to the beginning

To understand how this unfolded, we need to go back to OpenAI’s beginnings. The company was founded by current CEO Sam Altman, Musk and others in 2015 — back when AI was a niche technology, used primarily for image and speech recognition, robotics, and experiments in self-driving cars.

The founders funded OpenAI out of their own pockets as a nonprofit company aimed at developing AI for the good of the world. Then, as the technology evolved, Altman, Musk and others grew worried it might become so powerful that, without serious guardrails, it could pose a danger to humans. They feared what might happen if AI reached the level of a super-powerful artificial general intelligence (AGI) system, superior to humans on a variety of tasks, with general problem-solving skills rather than narrowly targeted ones – and the ability to think for itself rather than heeding humans. 

In an earlier version of Musk’s suit against OpenAI and Microsoft, Musk put their fears this way: “A.G.I. poses a grave threat to humanity — perhaps the greatest existential threat we have today.”

Early on, OpenAI wasn’t on many people’s radar. When Microsoft invested $1 billion in the company in 2019, few outside the tech industry took notice. Between 2021 and 2023 Microsoft invested $2 billion more, still without drawing a lot of attention.

Then in November 2022, OpenAI released ChatGPT, launching the generative AI (genAI) revolution — and all the disruption that has followed since. Eventually, as it became clear how important and valuable genAI technology would become, Microsoft’s investment ballooned to $13 billion.

Nonprofit no more

OpenAI insiders were convinced several years before ChatGPT’s release that the company could become tremendously profitable. With potentially trillions of dollars at stake, in 2017 they started looking for a way to turn the nonprofit operation into a for-profit company.

It was at that point, OpenAI says, that Musk pushed to gain majority equity in the company if it went public, take control of the board, and become CEO. When the other founders balked, Musk withheld funding.

Last year, OpenAI released copies of emails he sent to it during the height of their in-fighting. In one, in February 2018, he lobbied for the creation of a for-profit arm, pointing out that, “a for-profit pivot might create a more sustainable revenue stream over time and would, with the current team, likely bring in a lot of investment.” 

Musk then suggested that OpenAI “attach to Tesla as its cash cow.” When the other founders dismissed the idea, Musk threw a fit and quit the company. OpenAI went ahead and launched a for-profit arm, becoming a hybrid of a for-profit and nonprofit company in 2019.

Years later, in 2024, Musk filed suit, targeting OpenAI, Altman, OpenAI co-founder and president Greg Brockman, and Microsoft — accusing them of “stealing a charity” by creating the for-profit arm of OpenAI, and taking the $13 billion Microsoft investment. He claimed they had all illegally enriched themselves through the profit/nonprofit setup and sought $150 billion in damages. (OpenAI fired back last year with a counter suit.)

It took only two hours for the jury to rule against Musk, though the ruling didn’t address his actual claims. Rather, the suit was thrown out because it had been filed after the statute of limitations had run out.

Cynicism and hypocrisy win out

Everyone in this case was driven by venality. Altman portrayed himself as only wanting to develop AI to help humanity — and as evidence, pointed out he has no equity in OpenAI. What he neglected to add, though, is that he has more than a $2 billion stake in companies that have deals with OpenAI, and stands to gain billions more if those deals grow after any IPO.

Microsoft, meanwhile, has used its investments in OpenAI to become a multi-trillion-dollar company. And if, as expected, OpenAI becomes a trillion-dollar company when it files its IPO later this year, Microsoft’s 27% ownership stake in the company would make it $270 million richer. That’s not a bad payoff for turning a blind eye to the way in which OpenAI performed a bait-and-switch from nonprofit to for-profit company. 

As for Musk…, well, what can you say about someone who claims he wants to save humankind from the evils of AI, while at the same time lobbying for OpenAI to become a for-profit company and milking it like a cash cow? 

He’s shown he’s not only the world’s wealthiest man. He’s also the world’s most hypocritical. 

Microsoft is previewing a new automatic device isolation capability in Defender for Endpoint’s auto attack disruption tool to help security pros contain cyber attacks in progress on their IT networks.

The company announced the capability earlier this month in a column about new features in Defender. There’s no word on when automatic device isolation will be in full production.

However, a new SANS Institute research paper warns that, in certain conditions, an attacker could leverage the new function to disable all user accounts.

The lesson, said Johannes Ullrich, the institute’s dean of research, is that autonomous AI action tools have to be tuned and tested like any other automation capability.

“Automatic isolation and attack disruption are not new concepts,” Ullrich said in an email, “but ideas like these have been used in the past in open source and commercial tools. This feature is most important in organizations with under-resourced IT security teams, as it automates attack response. However, these features must be carefully tuned. If they are left unconfigured, attackers can use them to delay response by disrupting accounts used by administrators.”

Nonetheless, in today’s environment, tools like these are important. Robert Enderle, IT consultant and head of the Enderle group, noted that modern automated malware and ransomware attacks move at machine speed, which means human response times are effectively obsolete.

By the time an analyst even sees a red flag, he said, the attacker has already established persistence or started encrypting files. Microsoft’s automatic device isolation acts as “a rapid, logical air gap. It instantly severs the device’s network connections, cutting off the attacker’s command and control (C2) and halting data exfiltration dead in its tracks. You have to bring an automated defense to an automated fight.”

He said a secondary benefit, often the more critical one for enterprise survival, is containing the blast radius. Attackers invariably use a compromised PC as a beachhead to move laterally across the corporate network, hunting for higher-value targets like domain controllers, he pointed out.

“By instantly quarantining that initial endpoint, you trap the threat where it stands. You ensure a single compromised laptop doesn’t metastasize into an enterprise-wide catastrophe,” he said.

There’s also is a massive forensic advantage, Enderle added. “In the old days, the instinct was often to literally pull the power plug, which destroys critical volatile memory, or physically yank the network cable, which completely blinds your remote security team. Logically isolating the device while maintaining a secure lifeline to security services preserves the crime scene. It prevents the attacker from deploying wiper malware or destroying logs, and it gives the Security Operations Center (SOC) the breathing room they need to safely investigate and remediate the machine without the panic of an actively spreading infection.”

How automatic attack disruption works

Automatic attack disruption is offered to organizations that subscribe to Microsoft Defender XDR, a unified cloud-based security suite that detects and investigates cyberattacks against PC, server, and IoT endpoints. It also manages hybrid identities and protects email and collaboration tools. As such, it correlates data to identify and respond to attacks.

The soon-to-be-delivered auto-isolation capability blocks most network traffic while keeping the device connected to security services. The action is time-limited and scoped to the incident, Microsoft said; security operators can release isolation at any time.

The broad automatic attack disruption capability uses AI to limit attackers’ lateral movement. “Attack disruption uses the full breadth of our extended detection and response (XDR) signals, taking the entire attack into account to act at the incident level,” Microsoft said in a detailed column describing the tool. “This capability is unlike known protection methods such as prevention and blocking based on a single indicator of compromise.”

To use automatic attack disruption, IT has to, at the least, enable Microsoft Defender for Endpoint Plan 2. It becomes more effective if Defender for Identity, Defender for Office 365 and Defender for Cloud apps are also deployed. Admins also have to configure appropriate permissions and monitoring.

Possible operational disruption

The SANS Institute’s academic paper by student Marcio Enriquez noted that AI systems that perform autonomous decisions like containment do improve response times and scalability. But they also rely on threshold-based logic derived from telemetry. “Even when operating on enterprise-wide data, they do not consistently account for system-level impact in their enforcement decisions,” the paper said, and thus can cause unintended disruptions when activated at scale. “This creates a gap between the need for rapid defensive actions and the organization’s ability to maintain operational continuity.”

It examined that gap by evaluating how threshold-driven autonomous containment actions can result in what it refers to as “large-scale operational disruption.”

Enriquez saw an example of this during a real security incident in the spring of 2025. A user in an organization was fooled by a phishing message and entered their credentials on a malicious website. Defender detected this, and within minutes initiated automated containment measures, including disabling the affected account, forcing a password reset and restricting logins across multiple managed devices.

However, because security analysts didn’t realize this was automated enforcement, they initially thought there had been lateral movement or widespread compromise. That triggered an emergency escalation involving security leadership, until further investigation realized that the propagation of containment controls was due to Defender.

“The event demonstrates the effectiveness of autonomous containment in rapidly interrupting active threats,” wrote Enriquez. “At the same time, it illustrates how automated response actions can generate enterprise-wide operational effects that are not immediately transparent to human operators.”

Could be weaponized

To test the ability of a threat actor to take advantage of a weakness in Defender XDR’s automatic attack disruption capability, Enriquez created a hybrid enterprise environment with 18 “users” and executed adversarial activity simulating hands-on-keyboard behavior across multiple identities to trigger high-confidence detection thresholds in Defender, through an attack tactic he calls Autonomous Defense Induced Disruption (ADID). In essence, it tricks the automatic disruption capability of Defender into giving a high-confidence score that the network is under attack.

“The results showed that when detection confidence thresholds were met, automated actions disabled all [18] Active Directory identities, including the local domain administrator, rendering the domain inaccessible,” Enriquez wrote.

“The research highlights the need for governance controls, privilege-aware safeguards, and system-level constraints to prevent autonomous containment from causing operational disruption,” he concluded.

Microsoft guidance: Keep auto attack disruption enabled

A Microsoft spokesperson said that the company has no comment on the research paper.

However, they said that Microsoft’s guidance is to keep automatic attack disruption enabled by default. “Opting out materially increases risk, particularly for multi-domain, multi-stage attacks such as HumOR [human intelligence operations, like social engineering], BEC [business email compromise] and AiTM [adversary in the middle], where even minutes of additional dwell time can translate into significant business impact.”

“At the same time,” Microsoft noted, “we recognize that security teams require control over autonomous actions. That’s why the capability is designed with granular controls. Security administrators can tune automation levels by device group and selectively exclude users, devices, or IP ranges based on operational needs. The recommended approach is targeted, intentional configuration, not a blanket opt-out. Customers retain full visibility into actions taken and have the ability to reverse automated responses at any time.”

This article originally appeared on CSOonline.