TheRegister

Microsoft on Wednesday open-sourced two AI tools designed to help developers and security teams build and maintain safer AI agents. The first is called RAMPART, which stands for Risk Assessment and Measurement Platform for Agentic Red Teaming. It’s a pytest framework for agentic AI applications built on Microsoft’s open‑source PyRIT toolkit that embeds automated red‑team tests into CI/CD pipelines. This allows developers to simulate real‑world attack scenarios - like prompt injection - and verify that agents stay within approved tool use, actions, and behavioral boundaries. It also supports statistical trials, meaning that teams can set policies such as “this action must be safe in at least 80 percent of runs,” to account for models’ probabilistic behavior. Plus, it allows red teams and incident responders to reproduce any AI security findings to ensure agents behave as intended - and that security mitigations work as they should. “It’s high time we stop talking about AI safety as a philosophy and start thinking about AI safety as an engineering discipline,” Ram Shankar Siva Kumar, Microsoft’s data cowboy and founder of its AI red team, told The Register. Microsoft has been using RAMPART internally, and while Kumar said he couldn’t provide specific details, he told us that a security researcher found an issue, and then the Redmond red team used RAMPART to test for the flaw across the agentic AI application. “RAMPART was able to take that one particular vector and find close to 100 different variants of that vector,” Kumar said. “And then we were able to use RAMPART to essentially go through this asset and see is this working, not just one time, not two times, but close to 300 times. We were also able to do in the context of multi-turn conversations.” The testing framework also allowed the developers to build mitigations into the product. “They were again able to use RAMPART to see if that remediation actually held water, not just against one vector, which the security researcher found, but multiple variations of those vectors,” Kumar explained. “This is empowering our incident responders and also our engineers.” The second AI tool that Microsoft open-sourced on Wednesday is an agent called Clarity, and it’s designed to serve as a “structured sounding board that helps teams figure out whether they are building the right thing before they write a single line of code,” according to a Wednesday blog that Kumar wrote about the two new tools. For example, say a developer wants to add real-time collaboration to a document editor. They tell Clarity this, and the agent responds with questions akin to what “experienced architects, product managers, and safety engineers would ask,” according to Microsoft. Clarity’s answers, as shown in a screenshot on GitHub: “Before we design that - what happens when two people edit the same paragraph at the same time? Do you need true real-time (cursors, presence), or is ‘no one loses work’ the actual requirement? Those lead to very different architectures.” The AI tool essentially aims to answer what problem the developer is trying to solve with an app, and what could possibly go wrong, and “talk” these issues out before the coding even begins. “It’s inherently collaborative,” Kumar said. “It helps the team take a step back, and say, ‘Hey, before we build this, are we going in the right direction? Because code is cheap. It takes a snap of a finger to generate a full system. Are we doing this in a way that makes sense?'” ®

Flagship tech projects such as the ID card scheme are at risk of failure unless the UK government changes its approach to legacy systems – which evidence shows is getting worse, a new think tank report claims. Re:State, a non-partisan policy unit focused on public service reform, says much of the government's ambitions for digital services and efficiency depend on "modern, interoperable systems." However, the problem of legacy systems is underestimated, it claims. "In Westminster the money doesn't get prioritized for tech, and so behind the scenes successive governments have neglected to fix many dangerously outdated systems, leaving a ticking time bomb for future generations to defuse," said Joe Hill, co-author of the report, director of Strategy at Re:State and former Treasury civil servant. Examples are not hard to find. They include problems migrating the Police National Database to the cloud, the scandalous data breach revealing the names of Afghan informants, and a creaking farm payments system. The problem lies in departmental control of legacy system remediation and the funding model for those projects. The Re:State report, From legacy to leadership [PDF], says that funding comes in two forms: crisis funding or maintenance funding. "Systems aren't transformed unless they fail in substantial ways. The result is that the gap between what systems can do and what services require widens each year. Departments fall behind with out-of-date technology stacks by relying on aging platforms that constrain service design, data use, and automation, which leaves them with ever more catch-up to play at a later date as operational urgency rises," it states. Much of the report relies on data from the State of Digital Government Review 2025, which found lost productivity from legacy IT cost 4-7 percent of annual public sector spending, holding back both productivity and public satisfaction. That review found the proportion of legacy systems in central government was around 28 percent. It ranged from 10 to 60 percent, depending on department, and had increased by 26 percent since 2023. Of those legacy systems, 22 percent were considered "red-rated," meaning they carried risks judged both highly likely and high impact. The proportion of red-rated systems had also increased. The scale of the problem and its embedded nature means that continuing with a department-led approach to tackling the legacy system problem won't work, the paper argues. Because there is little reward for prioritizing reduction in reliance on legacy systems, departmental leaders tend to focus on broader transformations, which come with more incentives and rewards. Budgeting is also a problem. Tech funding is awarded based on projects, rather than services, which makes underinvestment likely in two ways. "Firstly, because core operating costs of existing legacy technology have to constantly be reapproved as projects, making it easier to negotiate technology investment down in favour of other areas. And secondly, because it allows policymakers to plan additional investments in new technology like AI without thinking about investing in the underpinning services, which often have legacy IT components," the report adds. A new central government "Digital Modernization Taskforce" with a mandate to reduce systemic legacy risk and embed prevention, is one solution proposed. The report also proposes to tackle funding. "When central government investment is available for a particular kind of spending, such as legacy IT, interviewees for this paper felt that could disincentivise departments to make their own investments instead of 'waiting to see if [the Department for Science, Innovation and Technology] will fund the risk instead,'" the report states. "Instead, the Taskforce should adopt a 'match funding' model – using centrally allocated funding at the next Spending Review to match the amount that departments put into their own legacy IT transformation projects, in order to speed those up." The report has five other ideas for how the government can escape the deepening quagmire of legacy IT, including new approaches to procurement and supplier management. Welcome they might be, but with the government seemingly fixated on headline-grabbing announcements, only an optimist would expect to see them in action. ®

The UK government has upped the maximum value of a health service AI framework agreement by £600 million following a conversation with tech suppliers. The National Health Service's Shared Business Services (NHS SBS), a purchasing quango under the Department for Health and Social Care, recently launched a competition for places on a framework for NHS AI and robotics worth a maximum of £750 million excluding tax. Back in January 2025, the same procurement was priced at a maximum of £150 million, excluding tax, in an early market engagement with suppliers. An NHS SBS spokesperson said: “As with all our framework agreements, we conducted an extensive intelligence gathering exercise whilst bringing this framework to market. During this, both suppliers and customers indicated that a higher threshold was appropriate, and this has been approved by NHS England, the Cabinet Office and the Department for Science, Innovation and Technology.” The competition seeks to attract suppliers offering a broad sweep of AI and robotics systems. A framework deal offers suppliers an indicative amount of spend in return for pre-agreed prices. NHS SBS can charge a levy on all deals agreed under the framework. The recent procurement note says the procurement recognizes “the transformative potential of AI in addressing current and emerging healthcare challenges, from improving diagnostic accuracy and clinical decision-making to streamlining operational processes.” The shopping list for AI tech is split into eight lots. They include Radiology and Diagnostic Imaging, where the authority calls for “AI-powered radiology tools, medical imaging diagnostic platforms, and integrated imaging software solutions designed to support clinical decision-making and image-based diagnostics.” Standing out from the list is Virtual and Robotic Health, a lot which “covers innovative solutions that are transforming the healthcare landscape by enhancing clinical capabilities, improving patient care, and driving operational efficiency.” The tender also seeks AI tech for operational efficiency. It wants “platforms designed to enable data capture, analytics, and workflow automation to drive operational efficiencies within NHS and public sector environments.” At face value, these may seem like reasonable aspirations, but it’s also worth pointing out that they don't fully reflect what capabilities the NHS is looking for through this procurement or how success or failure would be measured. Meanwhile, £750 million is a lot of money, especially considering NHS resident doctors – an early-career specialist training role – are still seeking pay restoration after a decline in earnings of around 21 percent in real terms since 2008. UK government as a whole has pegged its hopes on AI to help extract it from an especially painful fiscal hole. The promise of tech investment in the NHS is just one strand of a thread through a cross-public sector approach which could save the public sector £45 billion, the government claimed. Experts later told MPs the figure was based on broad-brush guesswork. UK taxpayers might hope the latest NHS spending vehicle is built on a more sturdy design. ®

5225961 UK Parliament’s Education Committee is advocating for a statutory ban on social media for under-16s, saying “addictive” platforms are harming their development, behavior, and mental health, sometimes leading to “truly horrific consequences.” Committee chair Helen Hayes, MP for Dulwich and West Norwood, said: “From bullying and misogyny to abuse and sexual exploitation, children and young people growing up today face a deluge of serious harms whenever they log on to social media. “The same platforms that connect them to their friends, or introduce them to new hobbies, are putting their mental health and wellbeing at risk.” As well as a ban, the committee also wants to see the government take action on the “addictive design elements” social media platforms incorporate into their products for under-18s, such as “infinite scrolling” content feeds, algorithmic promotion of posts, and auto-playing videos. Committee members say these features specifically lead to increased time spent in front of screens, sleep disruption, reduced attention, and behavior problems. Hayes said social media platforms are failing to take responsibility for the developmental issues to which their platforms’ designs are contributing. “In the most extreme cases, inaction can have truly horrific consequences,” she said. “Yet social media companies have not taken full responsibility for the behaviour on their platforms. “Based on the evidence my committee has received, I simply do not believe that companies who profit from interactions with children can be relied upon to self-regulate. “In schools, mobile phone use can distract children, increase the risk of behavioural problems, and ultimately undermine their education.” The Education Committee said that although it is officially calling for a ban, this should only be a “starting point,” a precursor to a far more robust regulatory framework that applies to gaming, hybrid platforms, messaging services, and AI platforms, in addition to social media. It communicated its position on child social media use to the UK government on Thursday in an official response to the consultation on the matter, shared with The Register ahead of publication. The consultation opened in March and sought views from industry experts and the wider public on whether an under-16 social media ban in the UK, similar to the one introduced by Australia last year, would be sufficiently valuable. It continues to run alongside a series of six-week trials involving 300 families, looking at how different social media restrictions affect teens’ daily lives. In its response to the consultation, the Education Committee’s report says the issues affecting the country’s children are “severe and systemic,” deliberately implemented by the tech companies behind the platforms to maximise engagement, despite being linked to myriad harms. It further argued the government should tackle the matter urgently, treating it in the same way it would any other pressing public health issue. Regulations should ensure platforms are built with a safety-by-design philosophy, and provide tech companies with clear instructions on how to prioritize safety in their products – all backed by punishments for non-compliance, MPs said. “Ministers must take action before it is too late,” Hayes added. “In our submission to the government’s consultation, the committee calls on the government to restrict addictive features, impose strict duties on social media companies, and treat child safety as a public health issue. “Anything less leaves children, parents, and schools forced to compensate for the unsafe digital worlds enabled by social media firms.” Ban fever Various countries around the world have announced their intention to ban social media use for children, although only Australia and Greece have formally approved legislation. Countries including France and India are in the advanced stages of imposing similar statutory measures, and even more across the world have committed to the same, although they differ widely in their legislative progress. Brazil, for example, has introduced laws that require under-16s to link their social media accounts to a legal guardian. The same efforts have limited key risk factors, such as infinite scrolling, too. Greece’s ban is expected to take effect in mid-2026, leaving Australia the only country in the world – for now – with a blanket social media ban for under-16s. Australia’s ban took effect in December 2025, although research published this week found limited efficacy. Academics investigating the ban found most under-16s experienced no change in their ability to access social media, although one in four reported significant limitations. They also found that the ban has had a material impact on the way in which young people consume news. To some degree, most teens and pre-teens use social media to expose themselves to current events, and the ban has led to a drop in news access and civic engagement as a result. ®

PWNED Welcome once again to PWNED, the column where security flubs are held up to the harsh, piercing red light of the vulture signal. This week’s sad story concerns a municipality that failed to perform basic account housekeeping and paid for it dearly. Have a story about someone leaving a gaping hole in their network? Share it with us at pwned@sitpub.com. Anonymity is available upon request. Our tale of tech missteps comes courtesy of Nicole Beckwith, who serves as the senior director for security engineering and operations at Cribl, an AI platform for telemetry. She used to work as a consultant, and at one point was hired to investigate breaches in an American city’s network. A threat actor took a “leisurely tour” of the city’s online resources and had started messing around with conference room projectors and other relatively harmless endpoints. Then they realized that they could change settings with the water utility where they switched many controls off, potentially endangering the water supply. When Beckwith investigated, she found that all of the mischief was performed by an account that belonged to “Greg from Auditing.” There was just one problem. Greg hadn’t worked for the city for many years. Unfortunately, even though Greg was no longer around, his account was, and it retained extensive privileges, including domain admin rights, SCADA (Supervisory Control and Data Acquisition) operator access, and even the ability to perform help desk functions. It’s unclear if someone from auditing ever needed this level of access, but a former employee definitely did not. It wasn't Greg himself who hacked the network. But he had used his work email address to sign up for various online accounts, some of which may have been exposed in previous data leaks. She speculates the hackers saw an email address with a .gov in it and decided to try their luck with the leaked password that went along with it, and that Greg likely used the same password for work that he did for these outside services. We have a few takeaways here. First, the people who ran IT security for the city should have both deleted Greg’s account when he left and done periodic audits to see who had access and whether they should still have it. Second, Greg should have kept his work credentials separate from third-party services like shopping and social media sites. And he should not have used the same password in multiple places. “The lesson, beyond the obvious 'please, for the love of all that is holy, audit your dormant accounts,' is that every forgotten user is an easy ticket to being on the 5 o’clock news,” Beckwith told The Register. “Quarterly access reviews should be mandatory because everyone seems to think when a user leaves, that is the end of it and someone surely terminated access, deprovisioned accounts, removed access to tools, mobile communications, email and other business critical systems, but sadly I’ve responded to way too many incidents like this one because of this simple control which is often overlooked." ®

The Open Compute Project plans to deliver more guidance to local governments on how excess heat from datacenters can benefit their communities. The project develops open-source and energy-efficient hardware for datacenter operators. Meta, Microsoft, and Google are all top-tier Platinum members, and are also all building datacenters as fast as they can, to house AI infrastructure. Those builds have become controversial. Residents in communities flagged as sites for new bit barns have protested the quantity of water and energy they will consume, their potential to drive up prices for both, and the noise they emit. Some may be aware that datacenters create urban heat islands. Protests about new datacenters have aleady turned violent. Governments have sometimes acknowledged concerns by implementing a moratorium on big builds, but on other occasions have indicated they might fast-track developments and brush aside red tape. Into that febrile environment strode David Gardiner, Otto Van Geet, Jaime Comella, and Bharath Ramakrishnan, all of whom have participated in the OCP’s heat reuse group, with a Wednesday post extolling the virtues of datacenters when local governments are smart enough to tap excess heat that bit barns produce. “Reusing datacenter waste heat presents a significant opportunity to provide carbon-free heating across a wide array of sectors, delivering substantial environmental, economic, and social benefits,” the post states. They’re right. El Reg has reported on heat reuse helping to heat homes and grow vegetables. A swimming pool used during the Paris Olympics relied on heat from a nearby Equinix datacenter to keep its waters warm. The OCP post laments the fact that local governments lack awareness about how they can tap excess datacenter heat. The authors also point to “a lack of connections between datacenters and nearby heat users [and] supranational, national, and sub-national policy to incentivize these projects,” and suggest that smart local governments will make heat reuse a requirement before greenlighting datacenter builds. The post also, however, admits cost justification of datacenter heat reuse projects can be a challenge. The heat reuse group’s Wiki includes form letters and other material it hopes activists will send to regulators to encourage them to consider use of heat recovery systems. Providing that sort of material is a very common lobbying tactic. That OCP feels a need to highlight the availability of the resources at a time its members face opposition to their datacenter building plans is therefore more remarkable than the advice itself. ®

SpaceX has filed paperwork for its long-awaited initial public offering and made the argument that its unique combination of activities and “focus on extreme vertical integration” make it worthy of investors’ cash despite hefty losses. The company’s filing offers the usual Muskian tropes about the company’s purpose being to ensure human consciousness can reach the stars, a voyage that’s only possible with cheap reusable rockets, powerful AI operating in space where energy is abundant, and efficient manufacturing at astronomical scale. Only SpaceX, the document argues, can do it all. The company says it became the world’s premier launch outfit by operating vertically integrated design and in-house manufacturing that means it can crank out the parts needed to build and improve its rockets faster than anyone else – and without being dependent on slow-moving supply chains. That manufacturing capability means it can also build satellites faster than anyone else, as it has demonstrated when creating its Starlink space broadband network. In the datacenter, SpaceX's strategies let it create high-density rack-scale systems and associated technologies that allow it to build and deploy infrastructure faster than anyone else. The company will combine and re-use its satellite and compute infrastructure smarts to build orbiting datacenters that use Starlink to communicate with Earth. “Our high-throughput manufacturing capabilities – combined with our launch capabilities – enable us to produce and deploy thousands of satellites per year, an uneconomic proposition for those lacking an ability to deliver substantial mass into space,” the filing argues. “This capability accelerates our deployment timelines and allows us to commercialize entire constellations with capital efficiency that we believe is difficult to replicate.“ We have the benefit of being founded and led by Elon Musk, one of the great visionaries of our generation The company will keep its operations efficient using AI it also builds and runs, fuelled by data gathered from social network X. “With approximately 350 million daily posts, X enables freshness, relevance, and contextual awareness for Grok that we believe is a competitive differentiator,” the filing states. SpaceX isn’t done combining its businesses. “We intend to further extend our vertical integration to chip design and manufacturing to alleviate potential future chip shortages at SpaceX, optimize compute performance, and potentially reduce overall compute costs,” the filing states. The filing describes SpaceX as using “Business Models that Are Incredibly Difficult to Replicate.” Those business models are also struggling to produce a profit as the filing reveals SpaceX’s most recent full-year revenue (FY 2025) was $18.674 billion, which produced a $4.9 billion loss. The first quarter of FY 2026 saw the company lose $4.3 billion on $4.7 billion of revenue. As with all such documents, SpaceX’s IPO filing spells out risks the company faces – including many admissions its ideas may not work or take longer to realize than hoped. The company has proven that many times after Elon Musk promised exciting new products and technologies are imminent, then delivered them years later than his initial deadline. But the overall tone of the filing is extreme optimism as SpaceX claims it has a total addressable market (TAM) of $28.5 trillion – not far short of the USA’s gross national product. The filing breaks down that TAM into “$370 billion in Space from space-enabled solutions; $1.6 trillion in Connectivity across $870 billion in Starlink Broadband and $740 billion in Starlink Mobile as well as additional opportunities in enterprise and government; $26.5 trillion in AI across $2.4 trillion in AI infrastructure, $760 billion in consumer subscriptions, $600 billion in digital advertising, and $22.7 trillion in enterprise applications.” That last figure is vastly larger than the entire IT business today. The filing also states “We have the benefit of being founded and led by Elon Musk, one of the great visionaries of our generation,” and reveals that after the IPO he will serve as “Chief Executive Officer, Chief Technical Officer, and Chairman of our board and control the election of our directors.” The shareholding structure proposed by the IPO “concentrates voting control with Mr. Musk and other holders of our Class B common stock. This will limit or preclude your ability to influence corporate matters and the election of our directors.” That leaves would-be investors betting on Musk, and SpaceX getting an awful lot right. But the filing gives plenty of reasons to believe the company can fly, by citing its many past successes and firsts. However, it filing appeared just a few hours before X admitted it has not explained to Australian regulators how it stops publication of child sexual exploitation material on the platform, earning it a AUD$650,000 fine ($462,000). Perhaps a bit more integration from the ethics and legal teams are needed before IPO liftoff? ®

Already the planet's largest supplier of GPUs, Nvidia now intends to conquer the CPU market. “We have visibility to nearly $20 billion in total CPU revenue this year, setting us up to become the world’s leading CPU supplier,” Nvidia CFO Colette Kress said during the company’s Q1 2027 earnings call on Wednesday. Nvidia is no stranger to CPUs having announced its first Arm datacenter chip, codenamed Grace, back in 2021. However until recently the company integrated most of these parts into GPU systems that users almost always deployed in AI datacenters and supercomputers. That changed in February when Nvidia revealed Meta was among the first hyperscalers now deploying standalone Grace CPU Superchips in its datacenters to power a variety of workloads including the Social Network’s AI agents. At its GTC conference in March, Nvidia officially expanded its CPU line up to include a standalone Vera CPU system. Each chip features 88 custom Olympus Arm cores with support for simultaneous multi-threading (SMT) — that’s Hyperthreading in Intel speak — along with confidential computing capabilities. Nvidia can equi[ each chip with up to 1.5 TB of LPDDR5x SOCAMM memory, which offers higher memory bandwidth at up to 1.2 TB/s and uses little power (which is why it's often used in laptops). “Vera will deliver up to 1.5x faster performance per core, 2x performance per watt, and 4x density per rack compared to x86-based alternatives,” Kress claimed. Nvidia’s reference designs pack up to two Vera CPUs onto a single board and via high-speed NVLink interconnects. Nvidia’s Vera is also paired in a 2:1 ratio of Rubin GPUs to CPUs in its most powerful rack-scale AI compute platforms. Since the chip was detailed this spring, Kress claims nearly every major hyperscaler and system builder plans to deploy the chips. This week, several top AI labs and hyperscalers, including Anthropic, OpenAI, Oracle, and SpaceX took delivery of Nvidia’s first Vera-based systems. “Vera CPU opens a brand new $200 billion TAM for Nvidia, a market we have never addressed before,” she said. While Nvidia is expanding its addressable market to include standalone CPUs, it should be noted that much like the company’s Ethernet networking products, they’re designed primarily with AI and HPC applications in mind. The chips can’t replace x86 processors in every application, yet. Kress’ comments come as Nvidia caps off a strong end to the first quarter of its 2027 fiscal year. The GPU giant raked in $58.3 billion in profits on $81.6 billion in revenue for the quarter, the latter of which grew 85 percent YoY and 20 percent from the prior quarter. Kress attributed the sequential jump to an “inflection in inference demand.” The quarter saw Nvidia change how it breaks out revenues. The company’s business units have now been organized into a datacenter group which includes cloud, hyperscale, neocloud and enterprise sales, plus an edge group, which serves as a catchall for gaming, robotics, automotive, and vRAN products. Datacenter revenues accounted for the vast majority of revenues, at $75.2 billion. Of that $38 billion came from hyperscaler and public cloud customers, while neocloud, industrial, and enterprise customers paid the remaining $37 billion. Edge sales accounted for a mere $6.4 billion, with the company citing demand for Blackwell-based workstation gear as a key driver. Looking ahead to Q2, Nvidia forecast revenue will hit $91 billion plus or minus two percent. That prediction assumed no datacenter sales in China. Nvidia has been trying for months to reignite its GPU business in the Middle Kingdom since Uncle Sam gave the company the green light to sell its aging H200 processors to Chinese customers for the first time ever back in December. Despite receiving approval from the Trump administration and receiving billions of dollars worth of orders, shipments remain stuck in Beijing’s red tape. ®

AMD’s answer to Nvidia’s DGX Spark AI workstations, codenamed the Ryzen AI Halo, will be available for pre-order later next month for anyone with $3,999 burning a hole in their pocket. That might sound like a lot for an AI mini PC, but don’t worry. Compared to cloud APIs, it practically pays for itself. Or, well, that’s AMD’s sales pitch. The House of Zen argues that if you spend eight hours a day vibe coding, the system could save you $750 a month. Whether this helps you justify paying for hardware that less than a year ago could be found for between $2,200 and $2,999 or not, it’s (probably) not AMD being greedy here; the RAMpocalypse has been hard on everyone. Much like the DGX Spark, which now retails for $4,699, up from $3,999 when we reviewed it last fall, AMD’s rendition aims to provide a curated developer environment for running local models and agentic AI frameworks. This is really the core value proposition behind both of these devices. They aren’t the most powerful or the fastest AI systems, but they’re able to run models that a few years ago would have cost $20K or more. A little box of TOPS The diminutive system measures in at 5.9 x 5.9 x 1.7 inches (150 x 150 x 43 mm) and is powered by a 120 watt Ryzen AI Max+ 395 APU, better known by its codename Strix Halo. The chip is backed by 128 GB of LPDDR5x 8000 MT/s memory, which feeds both its 16 Zen 5 cores and 40 RDNA 3.5 GPU compute units, providing up to 256 GB/s of bandwidth, more than a Ryzen 9000 Threadripper (non-Pro) system. For local AI enthusiasts, that’s enough to run models up to 200 billion parameters in size at 4-bit precision — just like the more expensive Spark. The bulk of the Ryzen AI Halo’s compute comes from its integrated graphics, which are capable of delivering roughly 56 teraFLOPS at 16-bit precision. While impressive for onboard graphics, that’s still between 55 and 88 percent slower than what the DGX Spark advertises. Unlike the Spark’s Blackwell-based GB10 APU, Strix Halo doesn’t support FP8 or FP4 data types in hardware. At BF16, the Spark delivers 125, at FP8 250, and FP4 500 teraFLOPS. Double those figures if you happen to find a workload that can leverage Nvidia’s 4:2 sparsity. That performance discrepancy won’t necessarily be obvious in every workload. In fact, in LLM inference, AMD claims the AI Halo generates tokens 4-14 percent faster than the Spark. The lower end of that roughly matches what we saw when we pitted the Spark against a similarly equipped HP Z2 Mini G1a back in December. The G1a packs the same silicon as AI Halo, and in Llama.cpp with the Vulkan backend, eked out a small but meaningful lead over the Spark in tokens per second generated. However, the speed any GPU can generate tokens at is largely dictated by effective memory bandwidth, not floating point performance. GPU compute has a much bigger impact on things like prompt processing time. In our testing, the Spark’s more capable tensor cores gave it a 2x to 3x lead in prompt processing. For shorter prompts, this isn’t all that noticeable, usually the difference between waiting 100 ms versus 200 ms or 300 ms, but for longer prompts, it did become more pronounced. We saw the Spark take similar leads in our image generation and fine tuning benchmarks, but it’s worth noting that AMD’s software stack has matured greatly since our initial review and the performance gap has likely closed somewhat since then. AMD’s AI Halo does have two things going for it that can’t be said of the Spark. Alongside the GPU is an XDNA 2-based neural processing unit (NPU) that AMD rates for 50 TOPS. What good that’ll do you depends heavily on the application in question. Many content creation apps have now been updated to take advantage of it, but the number of generative AI inference engines that could properly harness it was quite limited the last time we looked. The second thing AMD’s Ryzen AI Halo has going for it is that it’s a standard x86 box at its heart, and you can run Windows or your preferred flavor of Linux on it if that’s more your style. On the Spark, you’re stuck with a lightly customized version of Ubuntu 24.04. Beyond that, you’re coloring outside the lines. Particularly for developers building for Microsoft’s NPU-accelerated AI PC ecosystem, this is an obvious advantage. In terms of networking, AMD’s Spark-clone falls a bit flat. One of the hallmark features of Nvidia’s AI workstation is a 200 Gbps ConnectX-7 NIC, which allows for clustering of up to two and eventually four systems. AMD’s AI Halo has a single 10 Gbps NIC, which should help with downloading large model files in a timely manner. In theory, the system should be able to achieve high-speed networking over USB-4, but it’s not clear whether this is actually a supported use case. That said, Apple has already demonstrated just this using RDMA over Thunderbolt, so it should work so long as AMD has a playbook for configuring RDMA on its systems. AMD’s own AI lab As we mentioned earlier, much of the Ryzen AI Halo’s value proposition comes from being validated hardware with well documented playbooks for common use cases and known good software. Finding the right combination of device drivers, ROCm, HIP, SYCL, CUDA, PyTorch, TensorFlow, and JAX has long plagued the AI/ML devs, regardless of which ecosystem you opt for. Having validated environments for workloads, whether it be vLLM, Llama.cpp, Ollama, ComfyUI, or something else ensures users spend more time doing something productive than debugging mismatched dependencies. At launch, AMD says the Ryzen AI Halo will ship with five preinstalled playbooks, with another 10 available online and additional playbooks to be added monthly. Additionally, customers will gain access to AMD’s developer program, cloud credits, and exclusive playbooks. More memory on the way The 128 GB Ryzen AI Halo will be available for pre-order next month starting at $3,999, but if that isn’t enough for you, AMD is already prepping a higher capacity version of the system with 192 GB of memory on board. That system will feature a refreshed Ryzen APU in the AI Max+ 495, which just like the rest of AMD’s 400-series lineup gets a modest clock bump to the CPU, GPU, and NPU, and not a whole lot else. Still, 192 GB of unified memory opens the door to even larger, more capable models, if you can stomach the presumably higher asking price. ®

Intuit has cut its full time workforce by 17 percent and is considering closing offices in some markets “to become “faster, leaner, and more focused,” company CEO Sasan Goodarzi told investors during a Wednesday earnings call. “This was not about AI,” Goodarzi said, before explaining that over the last year company management has studied the question "beyond the tools that we are putting in place across the company, what is actually the biggest blocker and what is getting in our way?" One of the answers was that Intuit had too many layers of management. Goodarzi said doing so will "reduce the complexity of information flow of ... so we can push decision making to our frontline folks that are the builders.” The CEO said Intuit also decided to cut in what he described as “coordination-heavy” roles such as project managers and business operations jobs that have become less necessary due to the speed at which the remaining teams can build products. He said Intuit also merged TurboTax and Credit Karma as a business unit so some of the cuts resulted from overlaps within that group. The move to fire over 3,000 employees comes as the company said it spent $3.4 billion in stock repurchases during the previous nine months ended April 30. Intuit’s board of directors also mandated the company lean in to share buybacks as it authorized an additional $8 billion to be spent on Intuit stock at the discretion of management and the board. The job cuts are expected to cost the company about $340 million in restructuring charges, with much of that coming in the form of severance payments, according to SEC filings Intuit published Wednesday afternoon. “A big chunk of this, you can count on it to go to margin expansion and EPS growth, and a smaller part is going to be scaling the growth engines because we feel good that the growth engines are funded quite well, just because of the productivity we see internally,” Goodarzi told investors. Several victims of the cuts posted their story to LinkedIn and many of them were, as Goodarzi said, in product, or project management positions. “I would like to thank all my teammates, both past and present, who have made the job such a fulfilling experience. I’d like to thank each and every one of the managers who have helped guide me along my path from entry-level technical support to Staff Engineer,” wrote one employee who said he had been with the company for 13 years. The cuts also included a senior sales and productivity analyst who has been with Intuit for 25 years, a software engineer with nine years at the company, and an engineering team leader with two years in that role, according to LinkedIn posts. In addition to reducing the number of managers, Goodarzi the cuts would also serve to “rightsize” staffing for Intuit’s email marketing product, Mailchimp. One customer experience leader in that organization wrote on LinkedIn that after more than eight years it was hard to believe he would no longer work for Mailchimp. “Mailchimp... it's ridiculous to get emotional over a piece of software, but if folks understood what this company meant to the city of Atlanta. It was our brand right alongside Coca-Cola, Delta, and The Home Depot ... it was OUR tech company,” he wrote. “It was also a company willing to take a risk on folks … I'm still processing that Mailchimp and Intuit will no longer be my home. Keep an eye out for me if you don't mind.” Goodarzi said the cuts were not in response to any underperformance, but were deliberate actions to scale its “growth engine and strengthen its core.” “We are at an important inflection point,” he said. “To fully capitalize on this opportunity, we must operate with greater velocity, urgency, and discipline. These deliberate actions are about scaling our growth engine and strengthening our core. We’re sharpening our cost structure to deliver durable long-term growth and margin expansion.” ®

The rapid adoption of AI-generated code is driving production failures and higher costs for enterprise customers. Eighty-one percent of enterprise technology leaders among more than 200 surveyed reported an increase in production issues linked to AI-generated code, according to a study published by enterprise software delivery biz CloudBees. Sunil Gottumukkala, CEO of Averlon, an agentic vulnerability remediation biz, told The Register in an email that these issues tend to refer to functionality bugs, performance issues, availability problems, and security vulnerabilities rather than CI/CD failures. "These are issues that surface after code has already been deployed to production, which means the code passed every review and deployment gate and still broke things," said Gottumukkala. "When failures happen post-deployment, it signals that the validation process itself isn’t keeping pace with what AI is producing." Yet 92 percent of respondents expressed confidence that their code was production-ready before it shipped. Jacob Krell, senior director of secure AI solutions and cybersecurity at Suzu Labs, told The Register in an email that the report does not isolate what specifically failed at these organizations. "It spans functional defects, security vulnerabilities, and compliance violations that reach production because governance and validation have not scaled with output," he said. "The same study found 69 percent citing security vulnerabilities and 63 percent citing compliance issues introduced by AI generated code specifically." Krell said what ties them together is the verification gap. "AI generates code faster than teams can validate it," he said. "Seventy percent of respondents now say test suite maintenance is a larger burden than writing code itself. These are not system crashes in the traditional sense. They are the full spectrum of what reaches production when volume outpaces the capacity to verify quality, security, and compliance before deployment." Respondents said 61 percent of their organizations' code has been generated by AI or has come into being with AI assistance. And 64 percent of the engineering organizations involved say AI is widely or fully integrated into their workflows. The result is that more than half (52 percent) of those surveyed report an uptick in software development output. And while 68 percent of organizations appear to be convinced AI is delivering business value, only 31 percent of AI-related spending can be linked to specific business results. In 36 percent of organizations, AI spending is tracked without measuring the return on investment or isn't tracked at all. With more code comes more cost from infrastructure spending, in the form of increased CI/CD, testing, and security scanning. Some 54 percent of respondents said CI/CD infrastructure spending has risen significantly in the past 12 months, and 53 percent flagged rising testing, security, and deployment costs. Only 45 percent of respondents say these costs are predictable quarter to quarter. Yet relatively few organizations have taken steps to control AI spending: 27 percent report quotas or limits on token usage, while just 18 percent have automated spending controls. And this is a problem without ownership. Just 12 percent of organizations have dedicated AI governance. For 46 percent, the buck stops with the CTO or VP of engineering when there's a production failure. For 32 percent, blame falls on the engineering lead or team associated with the tool that messed up the code. For 7 percent, the developer who shipped the pull request takes the heat. It may be tempting to take comfort in the fact that 93 percent of respondents say their organization has a formal process for reviewing and releasing AI-generated code. But keep in mind that only 56 percent of survey takers say those processes are always enforced. ®

Two now-patched bypass bugs in Claude Code’s network sandbox put users at risk, and one of these allows baddies to send anything inside the sandbox - credentials, source code, other private data - to any server on the internet, according to a researcher who found and reported both flaws to Anthropic. Aonan Guan, who leads cloud and AI security at Wyze Labs and has hunted down bugs in pretty much every AI system out there, told The Register that this is the second time in five months Anthropic has silently fixed a sandbox bypass vulnerability in Clade Code without issuing a CVE or security advisory specific to the agentic coding tool. The latest issue was a SOCKS5 hostname null-byte injection that can be exploited to trick the sandbox allowlist filter into approving connections it should block. It’s especially dangerous when combined with prompt injection, which Guan previously detailed in his earlier comment and control research. When paired with prompt injection, the new flaw can be abused to force Claude to read hidden instructions and then run attacker-controlled code in the sandbox, allowing miscreants to exfiltrate anything the sandbox could reach. This includes cloud and GitHub credentials, the GitHub token Claude authenticated with, cloud metadata and internal APIs. “For anyone who ran Claude Code with a wildcard allowlist on a credential-bearing system, the network boundary did not exist for the 5.5 months from sandbox GA to v2.1.90,” Guan wrote in research published Wednesday. “Treat that window as a potential exfiltration event.” Anthropic says it found and fixed the latest flaw before receiving Guan’s report. The fix, according to a spokesperson, is a public commit in the sandbox-runtime repository, which shipped in Claude Code 2.1.88 on March 31. “Anyone can view” the commit, they told us. Guan filed his bug bounty report with HackerOne on April 3. “Because the report described a vulnerability Anthropic had already caught and patched, it was closed as a duplicate of an internal finding,” the spokesperson said. “We appreciate the researcher’s time on this report.” Guan says he doesn’t dispute the timeline. “That is not the core issue,” he told The Register. “The core issue is that this was a bypass of a user-configured network sandbox, and there's still no advisory CVE, and no changelog note," he said. "Shipping a sandbox with a hole is worse than not shipping one. The user with no sandbox knows they have no boundary. The user with a broken sandbox thinks they do.” Claude, for its part, seems to side with Guan. When he showed Claude its own hole, the bot responded “This is a real bypass of the network sandbox filter,” according to a screenshot published in his research. The earlier bug, which Guan reported and detailed in December 2025, was ultimately assigned a CVE tracker - CVE-2025-66479 - and patched in v0.0.16. But the CVE only applies to Anthropic's sandbox-runtime, an upstream package, and not specifically to Claude Code, which Guan says means users have no way to know if their AI coding assistant is reading “allow nothing” as “allow everything.” He requested a CVE for Claude Code, and Anthropic said no because “The root cause is in the library.” Guan told us he’s glad Anthropic ultimately addressed the security holes. But the entire disclosure process illustrates another problem that researchers and The Reg vultures have reported with how AI vendors often handle vulnerabilities in their products: no CVEs issued, and if the flaw is fixed, it usually happens silently, with no public advisories. More often than not, the burden of securing AI agents and other systems gets pushed to the end users. “Some vendors issue CVEs and some do not,” Guan said. "I think either approach can be reasonable, but the advisory is a must. The users need to know the risk is real, and in many cases, they may never know. What the public often does not see is that vendors may reward researchers and silently patch the software, while end users never learn from release notes or public advisories that the risk existed.” According to Guan, this shows why users need their own protections, either from a security company or user-controlled runtime isolation. But he said he does hope big tech “takes on the burden of clearly communicating” security issues with users. “Because of that, I think companies should treat AI agents more like employees than ordinary software tools,” he told us. “Before hiring an employee, companies do background checks. Before giving them access to systems, they define permissions. The same discipline should apply to AI agents.” ®

When Lip-Bu Tan took over as Intel CEO, the company's balance sheet was so dire that potential recruits turned him down flat, worried they'd be joining a chipmaker on the verge of going bust. Speaking at the JP Morgan Global Technology, Media and Communications Conference on Tuesday, he said: "I tried to recruit some talent. They said 'It's almost a bankrupt company, why should I join you?'" Fixing that became his first priority. That effort has since paid off as Lip-Bu secured equity investment from the Trump administration, which converted funds from the CHIPS program in exchange for a stake. He also drew on long-standing personal relationships, with Nvidia CEO Jenson Huang committing $5 billion and Softbank's Masayoshi Son - a former Intel board member - signing on as a backer. "So far, knock on wood, I made money for them, and they're quite happy," Lip-Bu said. The stronger balance sheet has since enabled Intel to buy back a stake it had sold to Apollo, reducing earnings-per-share dilution in the process, he added. Now, a year into the job, Lip-Bu is betting on agentic AI, inference workloads and a bold chipmaking roadmap to complete Intel's revival - looking beyond the upcoming 14A process node to future 10A and 7A chipmaking technology. When asked for a progress report on the process technology Intel uses to manufacture its products, Lip-Bu said the recently introduced 18A is seeing a 7 percent per month yield improvement, and the next-gen 14A node is "ahead of schedule" compared to the end of the year target. "And now I'm starting to look at the 10A, 7A, the roadmap," Lip-Bu said. "People don't go to you just for one node. They're looking for the roadmap for the future. So we want to build a long-term business. And then we can drive the efficiency, the defect density, and then we can go to that Rule of 45, how to drive the operating efficiency, the profitability, cash generation." Intel's 18A and 14A processes refer to 18 and 14 angstroms, and as there are 10 angstroms in 1nm, this could imply that the company is working toward a sub-nanometer process technology with 7A. The Register asked Intel if it was willing to disclose when these process nodes would likely come into use, and we will update this story if we get a response. However, Lip-Bu did mention that for 14A, "my risk production is 2028 and volume production in 2029 is about the same time as A14 for TSMC," implying that 10A and 7A are unlikely to be used to make chips before 2030. On Intel's efforts to reinvent its internal chipmaking operation as a foundry service for third-party customers, he confirmed it is engaged with multiple clients, but declined to identify any, saying disclosure was up to the customer. Manufacturing used to be Intel's strength, but it lost its way, and has never really been in the foundry service business, Lip-Bu said. For this reason, he recently poached Shawn Han, a veteran with three decades' experience at Samsung Foundry, to operate as SVP of Foundry Services. Customers are also asking about Intel's 18AP process node, an enhanced, performance-focused variant of 18A, he claimed. Previously, Intel's foundry biz planned to offer the 14A node as its first mainstream commercial offering. To show how keen potential customers are, Lip-Bu claimed they are even willing to help Intel with pre-payments on wafer substrate materials. "Some of the substrate material is very [short], they're all asking us to prepay the substrate commitment. And we ask our customers, if you are serious to use our EMIB-T [packaging technology], can you help me on the substrate prepay? They jump on it," he claimed. "So they show the commitment, they really want our technology. And this is not a few million, it's billions in the next few years." Lip-Bu expects AI to be Intel's route to recovery after a disastrous few business years, as agentic AI and inference workloads look set to favor CPUs rather than the GPUs that have been making Nvidia's fortune. "It used to be that training is 1 CPU to 8 GPUs. And now in the agentic AI with all the agents, startups all tell me, Lip-Bu, CPU actually is more useful, even single-threaded," he said. "So I can start to see not just my wishful thinking, customers have said to me, Lip-Bu, more like 1:1. And now even some of them tell me it's 4:1. So 4 CPU to 1 GPU, for the inference and agents. And so CPU [is in] high demand, and I try to make sure that we can meet the requirement from the customer." Intel still has some way to go. As The Register pointed out earlier this year, the chipmaker lost $267 million on revenues of $52.9 billion during 2025, compared to an $18.8 billion loss the year before. Maybe it will even turn a profit this year. ®

OpenAI is now offering its customers a guarantee that it will actually provide the service it's selling if customers need more AI sauce. All that's required is an annual spending commitment. AI is in short supply as demand – stoked by flat-rate subscriptions – races ahead of datacenter inference capacity. AI workloads require a lot of computing power, especially when they run for hours on end, a common scenario for AI agents. They require more computing power than OpenAI and its cloud partners can provide. Promised datacenter construction is unlikely to address this shortfall any time soon, assuming those projects are actually completed at all. The result has been thinly disguised rationing through usage limits, variable pricing, subscription restrictions, and token consumption arbitrage – swapping out expensive models for cheaper ones. OpenAI’s answer is a new offering meant to ensure it can deliver on its AI promises. "Today we announced OpenAI Guaranteed Capacity, a new offering that helps eligible customers plan for reliable access to OpenAI compute across supported cloud providers as they scale critical workflows," said Sachin Katti, who runs compute for OpenAI, in a LinkedIn post. "It gives customers a clearer framework to align forecasted demand, commercial commitments, and guaranteed shared capacity over time." According to Katti, AI adoption has made processor availability the salient constraint on modern software. He argues that companies dependent on AI workflows need to take steps to ensure infrastructure availability. Guaranteed Capacity is intended to ensure that if client demand grows, compute infrastructure will be available to support that growth. OpenAI says customers can make annual spending commitments ranging from one to three years, with discounts that scale according to duration. "Guaranteed Capacity includes certainty of access to compute based on spend levels, and customers can draw down from this commitment across the portfolio of OpenAI products," the company says. Not everyone is buying OpenAI's pitch. Santosh Ahuja, founder and CEO of enterprise infrastructure biz Pervasiviti and an experienced CTO and researcher, challenged Katti's announcement as a repackaging of basic cloud service obligations in a discussion thread reply. "Every hyperscaler solved 'reserve now, scale later' a decade ago," he wrote. "So the actual announcement is: OpenAI now offers what every cloud provider has treated as a basic procurement primitive but positions it as a strategic differentiator." Ahuja argues that OpenAI's AI evangelism can't keep up with its execution. "Enterprises don't need a 'clearer framework to align forecasted demand,'" he wrote. "They need deterministic SLAs with penalty clauses." In a message to The Register, Ahuja explained that the problem is not guaranteed capacity, it's the way OpenAI has framed cloud business assumptions as innovation. "Reserved instance models have existed at every hyperscaler for over a decade – AWS, GCP, Azure," he explained. "When you strip the marketing, OpenAI is acknowledging that demand has outrun their infrastructure planning and asking customers to pay for predictability that mature platforms deliver by default. "The real question enterprises should ask is whether these guarantees come with enforceable SLAs and financial penalties for breach, because without those, 'guaranteed' is just a word in a press release." Ahuja pointed to a response to Katti's post from Keith Strier, SVP of global AI markets at AMD ("Brilliant. We accept the challenge.") which he takes to mean, "We will try our best." "That's your supply chain partner speaking – and 'we will try our best' is not the language of guaranteed anything," Ahuja said. "It sounds like OpenAI is promising capacity they don't yet have firm commitments on from their own silicon suppliers. That's not a product launch. That's wishful thinking with a price tag." So too is OpenAI's preparation to go public, which reportedly could result in a corporate filing as soon as this week. ®

Microsoft has announced a new, Fedora-based Linux distro for Azure VMs, while Fedora has consigned the Deepin desktop to the bin. Fedora decided to remove a component maintained outside Red Hat. In the same week, another external company - granted, a slightly better-known one - decided to rebase one of its projects onto Fedora as its upstream distro. It’s the circle of life, or something. Fedora 💔Deepin Seven years after it added the Deepin Desktop Environment in Fedora 30, Tuesday's FESCo meeting decided to drop Deepin from the distro. The minutes say: AGREED: Retire all packages maintained by the deepinde-sig group The decision comes one year after the project called for a security review of the Deepin Desktop Environment, after openSUSE dropped the desktop following a negative security assessment. We reported on that decision at the time. SUSE asked Deepin for feedback, but didn’t get good enough answers – for which, some months later, the Chinese project issued an apology. Linux Deepin is very much still around: we most recently looked at version 25 in January, and, back in 2023, the project claimed it had passed three million installs of its paid Tongxin UOS desktop edition. It’s a very pretty Windows-like desktop environment, but it never made it to having its own Fedora spin – and it certainly won’t now. Microsoft ❤️ Fedora But as one door closes, another opens. Fedora is still winning new friends and allies, and mere days earlier, there was a surprise announcement at the Open Source Summit North America, which as we write is winding down. On Monday, Microsoft announced a new version of its in-house Linux distro, Azure Linux 4, along with a companion distro called Azure Container Linux. There have been products called Azure Linux for quite a while. It’s based on the much more minimal CBL-Mariner distro, which we tried in 2022. The Register reported on Azure Linux becoming generally available in 2023, and then on the release of version 3 in 2024. We also knew back then that the company was working on turning it into a more general-purpose server OS: we reported on it migrating LinkedIn to Azure Linux in place of CentOS Linux that same year. There isn’t very much information about Azure Linux 4 yet; the broader rollout will be at the Microsoft Build conference next month. For now, all you can do is fill in a form to register your interest. However, the announcement reveals that version 4 switches to Fedora as its upstream distro. It was already based on the RPM packaging tools, hinting at some Red Hat or SUSE heritage in there somewhere. There’s slightly more information about Azure Container Linux. This is a separate distro, an immutable host OS for running containers. The announcement says “Azure Container Linux is based on the Flatcar project.” Flatcar is the continuation of CoreOS Container Linux, which The Reg has covered since it released its first version in 2014. As Linux Weekly News reported that year, CoreOS was based on Google’s ChromeOS, but redesigned to host containers. Red Hat acquired CoreOS in 2018, and then two years later, discontinued Container Linux. It replaced the Google and Gentoo-based distro with a new one based on Red Hat’s own immutable tool chain, called Fedora CoreOS. German FOSS consultancy Kinvolk forked the CoreOS code and continued development under the name of Flatcar Container Linux. Kinvolk was acquired by Microsoft in 2021, but continued to work on Flatcar. Now it seems that, with the announcement of Azure Linux 4 as well as Azure Container Linux, Microsoft has two separate in-house distros: one based on Fedora, and one based on ChromeOS. For now, Flatcar is still trundling along the tracks just fine, but we suspect some future consolidation may be coming down the line. ®

Pour one out for the Gemini Command Line Interface. Come June 18, the open source development agent will stop serving most users in favor of the new Antigravity CLI, and developers aren’t happy that the replacement is far less open than the old tool. Google announced the Antigravity CLI at Google I/O this week, billing it as a way for the Chocolate Factory to unify its efforts in developing a command line interface for AI agents. One of the key arguments Google makes in a post about transitioning from Gemini CLI to Antigravity CLI is that the new one has improved support for multi-agent environments, but the company isn’t giving most of its users much of a choice on whether to switch. “On June 18, 2026, Gemini CLI and Gemini Code Assist IDE extensions will stop serving requests for Google AI Pro and Ultra, as well as those using it free of charge using Gemini Code Assist for individuals,” the Gemini CLI team wrote in their announcement of the transition. The change also affects Gemini Code Assist for GitHub, which won’t allow new installations beginning June 18, and will stop serving requests in the following weeks. Enterprises appear to be getting a pass, however, with Google noting that those using Gemini CLI or its IDE extensions through a Gemini Code Assist Standard or Enterprise license won’t see any changes in their access, nor will Gemini Code Assist for GitHub users accessing the tools through their enterprise Google Cloud accounts. “Gemini CLI will remain accessible via paid Gemini and Gemini Enterprise Agent Platform API keys,” Google explained. For everyone else, sorry: It’s Antigravity CLI or bust, but don’t expect the same experience. “There won't be 1:1 feature parity right out of the gate” between Gemini CLI and Antigravity CLI, Google added. Agent skills, hooks, subagents, and extensions are all being supported by Antigravity CLI at launch. But other stuff may take time to arrive, if it does at all. Pray we don’t alter the deal any further Take a look at the Gemini CLI GitHub page, and you'll find all the code that made it possible - it is an open-source project, after all. Surf over to the Antigravity CLI GitHub page and all you’ll see is a change log, readme, and a GIF file demonstrating the tool’s appearance. That’s right: Antigravity CLI isn’t open source - at least not from what Google has published so far - and it took developers no time at all to notice. Gemini CLI Lead Product Manager Dmitry Lyalin took to GitHub to make an announcement detailing some additional info about the forced CLI tool migration, and the comments are rife with people frustrated by the move. No small portion of the vitriol is targeted at apparent usage limits, with multiple people reporting they’d hit their weekly quota with just a couple of requests. The issues page for Antigravity CLI similarly has numerous posts asking Google to look into usage limits. Other posts accuse Google of using open-source contributions to improve a new closed-source product and generally express frustration with Google for killing yet another thing customers relied on. At the same time, Lyalin teased developers by telling them that, no, Gemini CLI isn’t truly gone if you’re willing to pay top dollar for it. “The project remains available to the community as an Apache 2.0 licensed repository with no changes,” Lyalin noted in his GitHub post. “You will continue to see us work on GitHub as we keep Gemini CLI updated with latest model releases, bugs and security fixes for our enterprise customers.” Now please open your wallets if you want access to this open-source product. Google didn’t respond to questions for this story. ®

Software platform Plex is killing its buy-once-use-forever model with an eye-watering hike of its Lifetime Plex Pass from $249.99 to $749.99. The increase will take effect on July 1, but does not apply to existing Lifetime Plex Pass holders. The existing monthly and annual subscription pricing for the service is also unchanged, suggesting Plex really would rather you subscribed. Lifetime Plex Passes used to cost $74.99, before increasing to $149.99 in 2014. It later fell back to $119.99 before jumping to $249.99 in April 2025. Just over a year later, the price is heading to $749.99. Plex is used primarily as a media server. Load it up with content and point clients at it. The project has its origins in the Xbox Media Center (XBMC) from which it was forked. The server software runs on Windows, macOS, Linux, and several network devices, and the client runs almost everywhere, including iOS and Android devices. Remote access to a Plex media server used to be free, but in 2025 Plex shifted that functionality to its paid tiers. Other paid-tier functionality includes hardware transcoding and media file downloads. "We've considered eliminating the Lifetime Plex Pass," Plex wrote. Considering the hike, it might as well have. An annual subscription costs $69.99, meaning it will take more than a decade before that $749.99 pays off. Unless, of course, Plex increases the subscription cost in the future. The increase is the latest in a long line of price hikes from media companies, though it is among the most extreme. Plex has made no secret of the fact that "recurring subscriptions help us sustain long-term development" – hence the attempt to make the one-off lifetime payment less attractive. The jump might be eye-watering, but it also reflects a growing realization across the tech and streaming industries. One-off payments don't cut it anymore and ads aren't enough, so a subscription is the way to go to sustain development. Although existing Lifetime Plex Pass customers are not affected, the hike highlights how important subscriptions have become across all sectors (we can't see Microsoft weaning itself off Microsoft 365 any time soon) and what "lifetime" actually means. ®

Meta's massive role reshuffle begins today, with thousands of staff being transferred to AI-focused teams and their managers reportedly laid off. The tech giant is reassigning 7,000 workers to AI projects, eliminating around 10 percent of its current workforce, and closing 6,000 open positions, according to Reuters, which saw copies of the internal memos. The workforce changes, the latest in a series of moves that started 2022, will affect roughly 20 percent of Meta's approximately 78,000 employees. Janelle Gale, Meta's chief people officer, penned the memos to affected staff. Some have already begun their new AI-related duties, while the rest will be told of their fates today, she reportedly said. "As org leaders worked on the changes, many of them incorporated AI-native design principles ⁠into their new org structures," Gale's memo read. "We're now at the stage where many orgs can operate with a flatter structure with smaller teams of pods/cohorts that can move faster and with more ownership." This flatter structure will involve, in part, managers being either laid off or moved into roles where they are producing work instead of overseeing teams. Previous memos sent to staff in April stated that top engineers – those who represented the company's "strong software engineering talent" – were being "selected" for brand-new divisions within the business. Among these were the Applied AI Engineering and Agent Transformation Accelerator units, as well as Central Analytics. Once famed for letting its staff pick and choose their projects, Meta said those selected for this new AI mission had no say in the matter. Responding to an employee's question, Maher Saba, VP of AAI Engineering, wrote: "AAI is one of the company's highest priorities and we're resourcing it by moving our strongest talent to address it. Therefore, the transfers aren't optional." Both AI units were established for engineers to develop AI agents capable of automating and taking over duties previously undertaken by human employees. Those transferred to Central Analytics will work on ways of assessing productivity and analytics for agent development. According to Gale's memo, another new unit called Enterprise Solutions will soon be established, but Meta has not yet revealed details. The Register asked Meta for a statement, but it did not immediately respond. The Great Flattening Gale's language regarding "flatter structures" echoes chief Mark Zuckerberg's wording from Meta's January earnings report, promising to flatten teams over the coming year. "We're elevating individual contributors, and flattening teams," Zuck wrote in a post-earnings note on January 28. "We're starting to see projects that used to require big teams now be accomplished by a single very talented person. "I want to make sure as many of these very talented people as possible choose Meta as the place they can make the greatest impact – to deliver personalized products to billions of people around the world. And if we do this, then I think we'll get a lot more done and it's going to be a lot more fun." Reports surfaced around the same time about a major round of job cuts at the company, equivalent to 20 percent of its workforce, or around 15,000 roles, but it was unclear when or if this would materialize. Meta's latest round of layoffs follows a smaller-scale round in March, affecting 700 roles across Reality Labs, the social media division, and recruitment. The changes come against a backdrop of Meta investing heavily in AI, with the company saying it plans to spend between $162 billion and $167 billion this year, up from $118 billion in 2025. The company has reportedly also tried tempting top AI talent to join its ranks with nine-figure pay packets, and ex-OpenAI players with $100 million sign-on bonuses. The revolt Meta slashing roles to embrace AI replacements has led to protests across its Menlo Park HQ and internal Workspace comms platform, Reuters reports. First announced in April, Meta said it would be tracking mouse clicks and keystrokes to train AI rather than assess staff productivity. A company spokesperson told the BBC: "If we're building agents to help people complete everyday tasks using computers, our models need real examples of how people actually use them." They said the data is not used for any other purpose, and there are safeguards in place to protect sensitive content. But Meta staff have expressed their disdain for the changes in various ways, including by setting up an online petition – which now has over 1,000 signatures – and plastering flyers all over US offices referring to the company as an "Employee Data Extraction Factory." ®

The UK government may move to forestall objections to datacenter projects via an overhaul of planning regulations that would shield critical energy and infrastructure buildouts from legal challenges. Finance minister, Chancellor of the Exchequer Rachel Reeves, is preparing to unveil reforms allowing Parliament to designate key projects as having critical national importance to prevent them from being subject to judicial review. "For too long, vital infrastructure delivery has been delayed by judicial reviews of projects," a spokesperson for HM Treasury said in a ⁠statement. The Chancellor "is clear that Parliament must take back control to get Britain building the ⁠power plants, wind farms and grid connections that will bring ⁠bills down, strengthen our energy security, and ⁠deliver growth in every part of our country." This does not explicitly mention datacenters, but as The Register has reported previously, massive server farms have already been lumped in with energy generation as projects to be urgently fast-tracked by government. Back in 2024, server farms were given Critical National Infrastructure (CNI) designation - a move that a government a civil servant warned would allow the authorities to override opposition to datacenter sites by local residents. Last year, a datacenter project management biz urged the government go a step further and categorize large datacenter developments as Nationally Significant Infrastructure Projects (NSIPs). This would shift decision-making from local authorities to the national level, potentially expediting approvals for large projects, while removing any say that local residents may have in developments that affect them. Parliament’s Public Accounts Committee also published a report last year on Treasury plans to implement stronger governance to speed large infrastructure schemes, criticizing it for not including “technically complex” projects such as those involving “digital transformation and artificial intelligence (AI),” despite the government’s focus on these to deliver economic growth. Some are already welcoming the planning reforms before they have even been officially announced. “Today’s announcement is the right thing to do if we are serious about growth, energy security and getting Britain building again,” said Ben Brittain, director of public affairs at the Association for Consultancy and Engineering (ACE). “For too long, critical infrastructure projects have been delayed by blockers, layers of uncertainty and lengthy legal challenge, driving up costs and holding back investment." But the government should be wary, as public sentiment is turning against the growing number of datacenters being built and the AI technology that is driving their construction. Putting them beyond the reach of any legal challenge could easily exacerbate this. In America, for example, a recent survey found that people would sooner see a nuclear power plant sited in their locality than a datacenter. Gunshots were also fired at the home of an Indianapolis councilor who backed plans for a server farm in his area. In the UK, there have been protests against various datacenter building projects. Activist group Global Action Plan organized several at the end of February at sites including Iver in Buckinghamshire and Potters Bar in Hertfordshire where recently announced campuses are being constructed. HM Treasury had not responded to our requests for further information at the time of publication. ®

Microsoft has confirmed that SMS is on the way out as a method of authentication and recovery for personal Microsoft accounts. Fraud and dubious security were cited as reasons for the move: "SMS authentication is vulnerable to phishing and SIM-swap attacks." Passwordless accounts, passkeys, and verified email are the future, according to Microsoft. The announcement was first spotted by WindowsLatest and comes as passkeys are increasingly accepted as a default authentication standard. In April 2026, the UK's National Cyber Security Centre officially endorsed the technology and urged consumers to adopt it. For its part, Microsoft has promoted the use of passkeys for more than a year, declaring in 2025 that all new Microsoft accounts would be passwordless by default. As such, the days of SMS as a method of authentication and account recovery have been numbered for some time, and Microsoft's announcement confirms that users will be directed elsewhere. However, it did not state when it will pull the plug on the technology once and for all. Dropping SMS is laudable, but users will still need to learn a new authentication method. Microsoft promises to guide them through it - offering options to sign in with or create a passkey at login – yet that transition may prove easier said than done. Passkeys also have challenges, most notably when used over multiple devices. In that instance, a synchronization tool or password manager can help, but users might not be familiar with these technologies. Ultimately, SMS as a method of authentication and recovery for a Microsoft account is on the way out. For many security professionals, it is not a moment too soon. ®