1. Deezer says AI song uploads have nearly overtaken human music  The Verge
2. Deezer: AI-generated tracks now represent 44% of all new uploaded music  Deezer Newsroom
3. Deezer says 44% of songs uploaded to its platform daily are AI-generated  TechCrunch
4. Deezer says 44% of new music uploads are AI-generated, most streams are fraudulent  Ars Technica
5. AI music goes crazy with nearly 50 percent of monthly uploads  pickr.com.au

1. Prego Has a Dinner-Conversation-Recording Device, Capisce?  WIRED
2. Pass the Prego, and the Device Recording Your Conversations at the Dinner Table?  PCMag
3. Prego's $20 recorder aims to save family dinner talk without screens  Stock Titan
4. In yet another brand pivot, Prego does tech now  Yahoo Tech
5. New York Families Are Saving Dinner Conversations Forever  cnynews.com

1. Galaxy Z Fold 8 Wide Listed with Snapdragon 8 Gen 5 and One UI 9  Geeky Gadgets
2. Phones can't replace laptops. But tri-foldables could, and Samsung might give it a shot  PhoneArena
3. Galaxy Z Flip 8 rumored to skip these very important upgrades  SamMobile
4. Samsung confirms July 22 London launch for Galaxy Z Fold 8  MSN
5. Samsung Galaxy Z Flip 8 vs. Galaxy Z Flip 6: It's probably time to upgrade soon  inkl

1. These smartwatches look like Apple Watch, but can last a week on a single charge  Android Authority
2. Too Busy to Work Out? Huawei's New Smartwatch Has a Feature Just for You  Android Headlines
3. Huawei Watch Fit 5 series goes official with bigger display, smarter sports features  Huawei Central
4. Huawei Watch Fit 5, Watch Fit 5 Pro Launched With AMOLED Screens, HarmonyOS and Up to 10 Days Battery Lif...  Gadgets 360
5. Athlete-Targeted Aluminum Smartwatches  Trend Hunter

1. Fitbit Air reportedly launching May 16, could cost around $100 with several bands & colors  9to5Google
2. Google’s Fitbit Air Will Come in 3 Colors, Several Band Options  Droid Life
3. Sources: 'Fitbit Air' is a screen-less Whoop competitor debuting with 'Google Health' subscription  9to5Google
4. Google's Upcoming Whoop-Like Fitness Tracker Is Probably the Fitbit Air  PCMag
5. Forget Whoop: A screenless ‘Fitbit Air’ could arrive this summer — and cost just $99  Tom's Guide

1. NASA Welcomes Latvia as Newest Artemis Accords Signatory  NASA (.gov)
2. Latvia joins the Artemis Accords  SpaceNews
3. Malaysia to the moon  Free Malaysia Today
4. Sixty nations have signed  upstatetoday.com
5. NASA Invites Media to Latvia Artemis Accords Signing Ceremony  NASA (.gov)

1. WhatsApp tests ‘Plus’ subscription that adds stickers and more for a few bucks a month  The Verge
2. WhatsApp Joins Instagram in Selling New Premium Subscriptions  Bloomberg
3. WhatsApp is testing a premium subscription, but it is mainly cosmetic  TechCrunch
4. Meta is testing a WhatsApp Plus subscription that mostly focuses on cosmetic upgrades  Engadget
5. ‘WhatsApp Plus’ subscription launching soon with new features  9to5Mac

1. Sony Has Global Plans For PlayStation Age Verification - Report  GameSpot
2. Sony will require age checks in the UK and Ireland to access PlayStation communication features  Engadget
3. Sony begins rolling out age verification for PlayStation in UK and Ireland  GamesIndustry.biz
4. PS5 Could Become Unusable If You Don't Follow Sony's Latest Instructions  GAMINGbible
5. PlayStation’s age-gating restrictions are coming to UK consoles  The Verge

1. Tune In to Assassin’s Creed Black Flag Resynced Showcase on April 23  Ubisoft
2. Ubisoft will officially reveal the Assassin's Creed Black Flag remake on April 23  Engadget
3. Assassin’s Creed: Black Flag Resynced Releases July 9, 2026  Insider Gaming
4. Black Flag Resynced is skipping the RPG format  Boing Boing
5. Assassin's Creed Black Flag Resynced, "Gaming's Worst-Kept Secret," Is Finally Being Revealed Soon  GameSpot

1. The 2026 Ford Mustang Dark Horse SC Pumps Out 795 Horsepower  Road & Track
2. Ford Finally Revealed the Mustang Dark Horse SC Horsepower Output and It Doesn't Match the GTD  Car and Driver
3. Ford Mustang Dark Horse SC Packs 795 HP at a Fraction of GTD Price  Autoblog
4. Confirmed: The Ford Mustang Dark Horse SC Has 795 Horsepower  Motor1.com
5. Ford Mustang Dark Horse SC Output Revealed: How Can The Next-Gen Chevy Camaro Compete With That?  GM Authority

1. Microsoft Teams and Outlook are getting significant changes soon  Neowin
2. Microsoft Teams is trying to fix accidental hand-raising  The Verge
3. Microsoft Teams is redesigning its meeting toolbar to stop you from accidentally raising your hand  XDA
4. What’s New in Microsoft 365 – April 2026  Seton Hall
5. Microsoft Teams fixes embarrassing hand-raise mishaps  The Tech Buzz

1. Apple Apparently Sees Camera Control as Key Foldable iPhone Feature  MacRumors
2. How the iPhone Fold and the Galaxy Z Fold 8 differ, according to leaks  Mashable
3. New Apple iPhone Fold Decision Changes Smartphones Forever  Forbes
4. iPhone Ultra is coming: Six new features in Apple’s high-end model  9to5Mac
5. iPhone Fold leak may have revealed final design and confirmed MagSafe — here's what we know  Tom's Guide

1. Apple to Focus Hardware Team on Five Areas Under Johny Srouji  Bloomberg
2. Johny Srouji named Apple’s Chief Hardware Officer  Apple
3. Apple refocuses hardware team on five key areas under new chief hardware officer Johny Srouji (AAPL:NASDAQ)  Seeking Alpha
4. Johny Srouji Taking Over as Apple's Chief Hardware Officer as John Ternus Transitions to CEO  MacRumors
5. New Apple hardware chief wastes little time in introducing five underlings  AppleInsider

1. Pragmata surpasses 1m copies sold in just two days  Eurogamer.net
2. All-New IP PRAGMATA Surpasses One Million Units Sold in Two Days!  CAPCOM
3. An Uncanny ‘Sad Dad’ Game With a Robot Child  The New York Times
4. Pragmata's big launch is giving me hope for single-player games  Polygon.com
5. Pragmata's tale of AI slop, humanity, & lunar conquest makes it the timeliest sci-fi game of the year  Space

1. Top Racers Need Top Gear – Introducing the Forza Horizon 6 Limited Edition Controller and Headset  Xbox Wire
2. Forza Horizon 6-Themed Xbox Controllers and Headsets Are Up for Preorder  IGN
3. Xbox has officially announced its Forza Horizon 6 wireless controller and headset  Video Games Chronicle
4. Forza Horizon 6′ s Xbox Controller Is A Hideous Neon Mess And I Love It  Kotaku
5. Forza Horizon 6 Controller And Headset Are Extremely Colorful, Preorders Now Live  GameSpot

1. Game Pass Is Adding Five Day-One New Releases In The Next Few Weeks  GameSpot
2. Coming to Xbox Game Pass: Kiln, Aphelion, Final Fantasy V, and More  Xbox Wire
3. Three Games Are Available Today Across Various Tiers Of Xbox Game Pass (April 21)  Pure Xbox
4. Vampire Crawlers, Kiln and more to join Xbox Game Pass  KitGuru
5. Xbox Game Pass getting five day one releases for free, but I'm more worried about what's leaving the service  t3.com

1. iPhone 18 coming later than usual with new cost-cutting measures, per leaker  9to5Mac
2. Latest iPhone rumors: iPhone 18 colors and cameras appear in new leaks  Mashable
3. Leaker: Apple Downgrading iPhone 18 to Cut Costs  MacRumors
4. Spring 2027 iPhone 18 & iPhone 18e may be more alike than different  AppleInsider
5. iPhone 18 Pro release date: Here’s when Apple’s new flagship is coming  9to5Mac

1. Sony’s major Xperia 1 VIII redesign looks unconvincing in a new leaked render  PhoneArena
2. Xperia 1 VIII Flagship Leak Reveals What Sony Refuses to Change  Android Headlines
3. Sony Xperia 1 VIII's FCC certification hints at retained 3.5mm audio jack - GSMArena.com news  GSMArena.com
4. Sony Xperia 1 VIII FCC filing confirms headphone jack, wireless charging  MSN
5. (VIDEO) Sony Xperia 1 VIII Release Date 2026: Flagship Launch Expected in May or June With Bold New Design  International Business Times Australia

1. 'Shimmering-Free 4K at a Silky-Smooth 60fps': Anime Open World NTE Will Push PS5 Pro  Push Square
2. April’s Massive GTA-Clone May Finally Make Me Love Gacha Games  comicbook.com
3. NTE (Neverness to Everness) Codes for April 2026  Beebom
4. [April 20 News Brief] No 'Pity-Breakers', Urban Open-World RPG 'Project Mugen  Inven Global
5. 'Anime GTA 6' Launch Nears, Free-To-Play PC and PS5 Alternative Hype Builds  GAMINGbible

1. Vampire Survivors’ new spinoff switches genres but keeps the good vibes  The Verge
2. Vampire Crawlers Review: Crawling in My Skin  Restart.run
3. Vampire Crawlers Review - Pixel-Perfect Pandemonium  GameSpot
4. Review: Vampire Crawlers: The Turbo Wildcard From Vampire Survivors (Switch) - An Expert Adaptation Of Excess  Nintendo Life
5. Vampire Crawlers releases today and it just got Steam Deck Verified, so here's when you can play in your region  PC Guide

1. Microsoft tests Windows Explorer speed, performance improvements  BleepingComputer
2. Microsoft Expands Xbox Mode to Windows Laptops, PCs, and Tablets  TechPowerUp
3. KB5083631: Microsoft explains how Windows 11 will get significantly faster soon  Neowin
4. Microsoft confirms Windows 11 speed boost for May with faster clipboard, startup apps, Explorer, and more  Windows Latest
5. Microsoft releases Xbox mode in Insider Canary build for Windows 11: Report  Business Standard

1. Take-Two CEO Takes Aim at Elon Musk Over GTA 6 AI Comments, Says Grand Theft Auto 6 Cannot Be Replaced  GamerBraves
2. GTA 6 Company Boss Says AI Can Be Used For Evil, But "Woe Is Me" Risk Is Overblown  GameSpot
3. Take-Two boss says AI meets company's business tenants, reiterates tech won't replace creatives and artists  TweakTown
4. Will AI take your job? Take-Two CEO says no, else Elon Musk would be jobless right now  India Today
5. Two weeks after laying off AI team, GTA 6 boss says we must embrace the technology  PCGamesN

1. Cyberpunk 2077 Prequel Night City 2045 Officially Revealed, Coming June 2026  Comic Book Resources
2. Cyberpunk 2077: Night City 2045 officially announced in major update  Polygon.com
3. Cyberpunk 2077 Prequel Announced, Night City 2045 Coming This Year  GAMINGbible
4. Cyberpunk 2077 Prequel Night City 2045 Revealed, Launches June 2026  Shane the Gamer
5. RPG: Cyberpunk Unleashes ‘Night City 2045’  Bell of Lost Souls

1. Report Says Memory Shortage Could Delay Release of New Macs  Gizmodo
2. The next Mac Studio and MacBook Pro releases could be postponed by several months  Engadget
3. We might have to wait a little longer for the first touchscreen MacBook  Macworld
4. Top Stories: 'iPhone Ultra' Rumors, Mac Mini and Mac Studio Shortages, and More  MacRumors
5. The Mystery of Why You Can’t Buy a Mac Mini Right Now  WSJ

1. Unleash the Astra Militarum motor pool with new Detachments from Armageddon  Warhammer Community
2. Astra Militarum rules revealed – Commissar Graves and new vehicles  Warhammer Community
3. Warhammer 40K: Astra Militarum Commissar Graves & New Vehicle Rules Reveal  Bell of Lost Souls

1. All Samsung smartphones that are getting Galaxy S26 AI features with One UI 8.5  SamMobile
2. Samsung To Release New Free Upgrade To Millions Of Galaxy Phones  Forbes
3. Samsung brings the Galaxy S26 AI features to the Galaxy S24 and Galaxy Z Fold7 - GSMArena.com news  GSMArena.com
4. One UI 8.5 will bring four Galaxy S26 AI features to Galaxy S24  SamMobile
5. The Galaxy S26’s best features are already landing on these older Samsung phones  Android Authority

1. Leica Partners With Gpixel to Make Its Next-Generation Image Sensor  PetaPixel
2. Why the Golden Age of Leica is About to Return  The Phoblographer
3. Leica Camera and Gpixel Partner on Sensor Development | Business | Apr 2026  Photonics Spectra
4. Is Leica Working on a Medium Format Mirrorless Camera With Gpixel Sensor?  Y.M.Cinema Magazine
5. Leica & Gpixel team up to build a next-generation sensor for future cameras  Digital Camera World

1. Ball x Pit's next update adds 11 more balls to the fray on April 27  Engadget
2. Ball x Pit: Shadow Update arrives April 27  PlayStation.Blog
3. Ball X Pit's Second Free Content Update Arrives Next Week, Here's What's Included  Nintendo Life
4. Ball x Pit's massive Shadow Update adds two new characters and 11 time-warping balls  Eurogamer.net
5. One of 2025's Best PS5 Roguelikes Set to Receive Another Huge Free Update Next Week  Push Square

1. #New40k – Chaplain with Jump Pack Revealed  Warhammer Community
2. Warhammer 40K: New Jump Pack Chaplain Revealed  Bell of Lost Souls
3. #New40k – Ork Weirdboy Revealed  Warhammer Community
4. A miniature Chaplain with jump pack from the "Armageddon" set for Warhammer 40,000 has been unveiled  ixbt.games
5. Warhammer 40K: You Should Be Excited for the WAZZDAKKA!  Bell of Lost Souls

Apple's hardware that works with the 26-generation operating systems - Image Credit: Apple

• iOS 26.5 build 3 is 23F5059e, replacing 23F5054h



Continue Reading on AppleInsider | Discuss on our Forums
• Best Apple deals: $99 AirPods 4, $56 AirTag 4-Pack, $2,499 M5 Pro 16-inch MacBook Pro Mon, 20 Apr 2026 15:36:19 +0000
  Fresh deals are in effect this Monday, with a 4-pack of first-gen AirTags on sale for $56.99, while AirPods 4 are back down to $99. The new M5 Pro 16-inch MacBook Pro is also $200 off.
  
  
  
  Grab a steeper price drop on Apple's new 16-inch MacBook Pro today.
  
  We're following fresh price drops on new and blowout Apple gear this Monday, with standout deals on AirTags, AirPods, and 2026 MacBook Pros.
  
  
  Continue Reading on AppleInsider | Discuss on our Forums
• Tariff refunds have started, but Apple won't see cash back for months Mon, 20 Apr 2026 15:12:52 +0000
  The feds are gearing up to pay out refunds to businesses affected by the Trump administration's reciprocal tariffs, but Apple won't see one dime of the $3.2 billion it has already paid likely until July 2026.
  
  
  
  Trump launching his tariffs in April 2205
  
  On Monday, U.S. Customs and Border Protection (CBP) announced that it has begun developing a refund program to pay back some of the import duties imposed under the International Emergency Economic Powers Act (IEEPA). The program is known as Consolidated Administration and Processing of Entries (CAPE).
  
  CAPE is voluntary, and Importers of Record (IORs) and Customs brokers will need to apply via the ACE portal to get the refunds. The process seems quite involved.
  
  
  Continue Reading on AppleInsider | Discuss on our Forums
• An expected iPhone model will probably drop off the iOS 27 compatibility list Mon, 20 Apr 2026 15:06:10 +0000
  A plausible leak claims to have the complete list of iPhones that will support the forthcoming iOS 27, and which ones will forever remain on iOS 26.
  
  
  
  Apple's iPhone 11 will not run iOS 27, claims leaker
  
  Apple does work to make its newest releases of iOS work on as many generations of its iPhones as possible, but there is always a limit. With iOS 26, for instance, the iPhone XS, iPhone XS Max, and iPhone XR were dropped.
  
  Now while Apple has yet to provide a compatibility list, and won't until WWDC 2026, a leaker claims to have all of the details. According to leaker Instant Digital on the Weibo Chinese social media site, iOS 27 will be supported on these iPhones:
  
  
  Rumor Score: 🤯 Likely
  
  
  Continue Reading on AppleInsider | Discuss on our Forums
• Epic 'Earthset' video was shot on iPhone, and is a must-watch Mon, 20 Apr 2026 15:01:51 +0000
  NASA astronaut Reid Wiseman has shared a spectacular "Earthset" video from the Artemis II mission, shot on iPhone. You really need to watch it.
  
  
  
  Earthset, shot on iPhone - Image Credit: Reid Wiseman
  
  The Artemis II mission has been a big marketing boon for Apple, due to the astronauts being supplied the iPhone 17 Pro Max for the round-Moon flight. While there have been stunning images shared from the mission, with some short on the iPhones, one just-released video has taken space imaging to another level.
  
  Posted to X on Monday, Commander Reid Wiseman shared a vertical video shot through a window. The 53-second clip shows the horizon of the Moon as the astronauts flew by, with the Earth peeking around the side.
  
  
  Continue Reading on AppleInsider | Discuss on our Forums
• Apple TV audio issues, testing Aqara P100 & more on Smart Home Insider Mon, 20 Apr 2026 14:57:24 +0000
  On this week's episode of the Smart Home Insider podcast, an Amazon Fire TV hardware update, testing the Aqara P100 multi-sensor, setting up Apple TV audio properly, and more exciting home automation news.
  
  
  
  Smart Home Insider Podcast
  
  Amazon kicked off the news with several updates to its Fire TV lineup. Most notable was the $35 Fire Stick HD that is now 30% faster and can be powered directly from a TV's USB port.
  
  It is running Amazon's new operating system Vega that will be on all Fire devices going forward. Plus, it has Alexa+ built-in to help with your TV watching as well as control your smart home devices.
  
  
  Continue Reading on AppleInsider | Discuss on our Forums
• Mac sales on the rise, prior to RAM & SSD pricing hammering PC market Mon, 20 Apr 2026 14:22:16 +0000
  Apple's Mac shipments outpaced the PC market in the first quarter of 2026, but the growth reflects a mix of product timing and industry-wide pressure rather than a clean demand rebound.
  
  
  
  A stack of MacBooks
  
  In the first quarter of 2026, global PC shipments hit 63.3 million units, marking a 3.2% increase compared to 2025. The rise was driven by consumers and businesses rushing to buy PCs before anticipated memory price hikes.
  
  Additionally, the large number of existing Windows 10 systems prompted many to upgrade, affecting both the consumer and commercial sectors.
  
  
  Continue Reading on AppleInsider | Discuss on our Forums
• Apple TV reaping the benefits of stale content on bigger streamers Mon, 20 Apr 2026 13:24:00 +0000
  Apple TV is gaining ground in the U.S. streaming market. Here's how much Apple TV viewership has grown over the last few years, and how the gap is narrowing among the top platforms.
  
  
  
  Apple TV 4K
  
  Streaming spent the last decade rewarding scale, with Netflix and Prime Video building libraries so large that finding something to watch became a chore. Scale still defines the top tier, but oversized catalogs now slow people down instead of pulling them in.
  
  New Q1 2026 data from JustWatch, based on more than 35 million U.S. streaming interactions between January 1 and March 31, shows the gap beginning to tighten. Netflix leads at 19% and Prime Video follows at 17%, while Disney+ holds 16% and Apple TV has climbed to 12%.
  
  
  Continue Reading on AppleInsider | Discuss on our Forums
• These are rumored to be the four iPhone 18 Pro colors Mon, 20 Apr 2026 12:10:30 +0000
  The rumor mill is still churning on the iPhone 18 Pro colors, with a new leak showing what the colors may be.
  
  
  
  Four possible colors of iPhone 18 Pro
  
  The iPhone rumor mill has been on a bit of a color kick lately, with multiple rumors claiming to know which Apple will use in 2028. For the iPhone 18 Pro, it seems that there could be four colors on the way.
  
  The image shared by Weibo leaker Ice Universe shows what appear to be rear camera plateaus for the iPhone 18 Pro. It is unclear where they were sourced from, but they may be shots gathered from an accessory maker, rather than the actual Apple supply chain.
  
  
  Continue Reading on AppleInsider | Discuss on our Forums
• India says Apple can't delay investigation of a potential $38 billion fine Mon, 20 Apr 2026 11:58:02 +0000
  Regulators in India have set a final hearing date over the country's potential $38 billion antitrust fine against Apple and the App Store. Apple is apparently not cooperating.
  
  
  
  Tim Cook in a previous visit to India — image credit: Apple
  
  The Competition Commission of India (CCI) determined in July 2024 that Apple has "significant influence" over digital products and services, and that it has abused its market dominance. Consequently, the CCI imposed a fine, but in March of the same year, revised laws came into effect which meant that this fine could be much greater.
  
  Apple is challenging the law which lets India set fines based on global turnover instead of local. According to Reuters, has so far not submitted financial details that the CCI says it needs to calculate the fine.
  
  
  Continue Reading on AppleInsider | Discuss on our Forums
• Sunday Reboot: Japan ads, AI assistance, and a nice retirement Sun, 19 Apr 2026 20:05:13 +0000
  In this week's "Sunday Reboot," Apple Japan shines with its delightful ads, Siri engineers learn about AI, and a feel-good Apple executive retirement story.
  
  
  
  Ads, AI, and retirement
  
  Sunday Reboot is a weekly column covering some of the lighter stories within the Apple reality distortion field from the past seven days. All to get the next week underway with a good first step.
  
  This week, users were scammed by a Freecash app that somehow got through App Store review, researchers came up with a way to steal $10,000 from a locked iPhone, and details surfaced about a paraplegic pilot's death for an Apple Immersive Video documentary.
  
  
  Continue Reading on AppleInsider | Discuss on our Forums
• iOS 27's home screen update will make customization even easier Sun, 19 Apr 2026 18:36:50 +0000
  Apple will be making it easier for users to lay out apps and widgets on the iPhone home screen, thanks to a new addition to the UI in iOS 27.
  
  
  
  You can already do a lot with the iOS home screen.
  
  In more recent updates to iOS and its other operating systems, Apple has made it gradually easier to personalize the home screen. If a report about iOS 27 is accurate, that release could make things even easier.
  
  According to Mark Gurman in his "Power On" newsletter for Bloomberg, Apple is testing a new home screen customization option. The tweak consists of new options in an existing menu, to allow users to revert mistakes.
  
  
  Continue Reading on AppleInsider | Discuss on our Forums
• Mac Studio, touchscreen MacBook Pro delayed by memory shortages Sun, 19 Apr 2026 14:55:00 +0000
  The M5 Mac Studio is now expected to be delayed from its summer launch, and the OLED MacBook Pro pushed to 2027, solely because of the industry-wide shortage of memory.
  
  
  
  The next Mac Studio may be delayed
  
  Apple has so far weathered the global RAM and SSD shortages better than most, but still it has raised some prices and ceased selling certain Mac configurations. Now according to Bloomberg, the shortage is going to mean that key new Macs will be delayed.
  
  Specifically, the updated Mac Studio that Bloomberg recently claimed was due for summer 2026, is now more likely to come in October. Then while the OLED touchscreen MacBook Pro wasn't expected until near the end of 2026, the report claims that it will now most probably be launched in 2027.
  
  
  Rumor Score: 🤔 Possible
  
  
  Continue Reading on AppleInsider | Discuss on our Forums
• WWDC 2026's focus will be on iOS 27's Siri overhaul Sun, 19 Apr 2026 14:43:24 +0000
  Apple's WWDC event will have a major focus on the long-awaited Siri overhaul, as well as a more blown-out white-light appearance in iOS 27.
  
  
  
  The glowing 26 in the WWDC logo is a hint of what Siri will become in iOS 27
  
  Apple will be holding its Worldwide Developers Conference from June 8 through to June 12. It will be the main preview event for all of Apple's major operating system updates arriving in the fall, including iOS 27, iPadOS 27, and macOS 27.
  
  However, while there will be changes across the board, Mark Gurman for Bloomberg has seized upon the WWDC 2026 logo as an indicator for Siri changes. The logo, he writes on Sunday, teases Siri's new look.
  
  
  Rumor Score: 🤔 Possible
  
  
  Continue Reading on AppleInsider | Discuss on our Forums
• Crime blotter: Second suspect sought in $2 million iPhone theft Sun, 19 Apr 2026 11:26:11 +0000
  iPads are stolen from a Best Buy, G-Love is caught up in the fake Ledger app scam, and AirTags solve two thefts, all in this week's Apple Crime Blotter.
  
  
  
  Man in handcuffs. Image Credit: Pixabay
  
  The latest in an occasional AppleInsider series, looking at the world of Apple-related crime.
  
  
  Continue Reading on AppleInsider | Discuss on our Forums
• B&H's $299 Samsung 32-inch M8 USB-C monitor deal ends today Sun, 19 Apr 2026 05:08:47 +0000
  B&H's flash Deal Zone offers a $400 discount on Samsung's M8 32-inch 4K Smart Monitor, which pairs well with Macs.
  
  
  
  Grab Samsung's 32-inch M8 USB-C Monitor for just $299.99 today only.
  
  You can pick up the Samsung M8 Smart Monitor for just $299.99 today only during B&H's Deal Zone savings event.
  
  Buy Samsung M8 for $299.99
  
  
  Continue Reading on AppleInsider | Discuss on our Forums
• ICE monitoring app takedowns violated the First Amendment Sat, 18 Apr 2026 15:18:33 +0000
  A court has stopped the U.S. government from forcing Apple to take down ICE reporting apps from the App Store, due to it being a violation of the First Amendment.
  
  
  
  Image credit: TheFire.org
  
  In February, a lawsuit from the Foundation for Individual Rights and Expression (FIRE) took aim at the U.S. government over the right to report the activities of the Immigration and Customs Enforcement agency (ICE).
  
  The preliminary finding, issued on April 17, lands in FIRE's favor, with the Department of Homeland Security and Department of Justice being prevented from coercing Apple and Facebook into removing apps and interfering with communications.
  
  
  Continue Reading on AppleInsider | Discuss on our Forums
• USITC won't allow Masimo to bring back the Apple Watch ban Sat, 18 Apr 2026 14:07:43 +0000
  The USITC has denied a request by Masimo to reinstate a ban on the Apple Watch, closing its case on alleged blood oxygen patent infringement.
  
  
  
  The rear sensor of the Apple Watch
  
  The long-running lawsuit over the Apple Watch has continued, this time with a partial win for Apple. In the latest development, which saw Masimo accuse Apple of infringing on its blood oxygen patents, the medical tech firm was denied a review of a preliminary ruling.
  
  On March 19, the U.S. Court of Appeal for the Federal Circuit backed the original ruling by the International Trade Commission. However, on March 18, the ITC made a ruling that Apple wouldn't have to do anything else to remedy the case.
  
  
  Continue Reading on AppleInsider | Discuss on our Forums

The standard guidelines for building large language models (LLMs) optimize only for training costs and ignore inference costs. This poses a challenge for real-world applications that use inference-time scaling techniques to increase the accuracy of model responses, such as drawing multiple reasoning samples from a model at deployment.

To bridge this gap, researchers at University of Wisconsin-Madison and Stanford University have introduced Train-to-Test (T²) scaling laws, a framework that jointly optimizes a model’s parameter size, its training data volume, and the number of test-time inference samples.

In practice, their approach proves that it is compute-optimal to train substantially smaller models on vastly more data than traditional rules prescribe, and then use the saved computational overhead to generate multiple repeated samples at inference.

For enterprise AI application developers who are training their own models, this research provides a proven blueprint for maximizing return on investment. It shows that AI reasoning does not necessarily require spending huge amounts on frontier models. Instead, smaller models can yield stronger performance on complex tasks while keeping per-query inference costs manageable within real-world deployment budgets.

Conflicting scaling laws

Scaling laws are an important part of developing large language models. Pretraining scaling laws dictate the best way to allocate compute during the model's creation, while test-time scaling laws guide how to allocate compute during deployment, such as letting the model “think longer” or generating multiple reasoning samples to solve complex problems.

The problem is that these scaling laws have been developed completely independently of one another despite being fundamentally intertwined.

A model's parameter size and training duration directly dictate both the quality and the per-query cost of its inference samples. Currently, the industry gold standard for pretraining is the Chinchilla rule, which suggests a compute-optimal ratio of roughly 20 training tokens for every model parameter.

However, creators of modern AI model families, such as Llama, Gemma, and Qwen, regularly break this rule by intentionally overtraining their smaller models on massive amounts of data.

As Nicholas Roberts, lead author of the paper, told VentureBeat, the traditional approach falters when building complex agentic workflows: "In my view, the inference stack breaks down when each individual inference call is expensive. This is the case when the models are large and you need to do a lot of repeated sampling." Instead of relying on massive models, developers can use overtrained compact models to run this repeated sampling at a fraction of the cost.

But because training and test-time scaling laws are examined in isolation, there is no rigorous framework to calculate how much a model should be overtrained based on how many reasoning samples it will need to generate during deployment.

Consequently, there has previously been no formula that jointly optimizes model size, training data volume, and test-time inference budgets.

The reason that this framework is hard to formulate is that pretraining and test-time scaling speak two different mathematical languages. During pretraining, a model's performance is measured using “loss,” a smooth, continuous metric that tracks prediction errors as the model learns.

At test time, developers use real-world, downstream metrics to evaluate a model's reasoning capabilities, such as pass@k, which measures the probability that a model will produce at least one correct answer across k independent, repeated attempts.

Train-to-test scaling laws

To solve the disconnect between training and deployment, the researchers introduce Train-to-Test (T²) scaling laws. At a high level, this framework predicts a model's reasoning performance by treating three variables as a single equation: the model's size (N), the volume of training tokens it learns from (D), and the number of reasoning samples it generates during inference (k).

T² combines pretraining and inference budgets into one optimization formula that accounts for both the baseline cost to train the model (6ND) and the compounding cost to query it repeatedly at inference (2Nk). The researchers tried different modeling approaches: whether to model the pre-training loss or test-time performance (pass@k) as functions of N, D, and k.

The first approach takes the familiar mathematical equation used for Chinchilla scaling (which calculates a model's prediction error, or loss) and directly modifies it by adding a new variable that accounts for the number of repeated test-time samples (k). This allows developers to see how increasing inference compute drives down the model's overall error rate.

The second approach directly models the downstream pass@k accuracy. It tells developers the probability that their application will solve a problem given a specific compute budget.

But should enterprises use this framework for every application? Roberts clarifies that this approach is highly specialized. "I imagine that you would not see as much of a benefit for knowledge-heavy applications, such as chat models," he said. Instead, "T² is tailored to reasoning-heavy applications such as coding, where typically you would use repeated sampling as your test-time scaling method."

What it means for developers

To validate the T² scaling laws, the researchers built an extensive testbed of over 100 language models, ranging from 5 million to 901 million parameters. They trained 21 new, heavily overtrained checkpoints from scratch to test if their mathematical forecasts held up in reality. They then benchmarked the models across eight diverse tasks, which included real-world datasets like SciQ and OpenBookQA, alongside synthetic tasks designed to test arithmetic, spatial reasoning, and knowledge recall.

Both of their mathematical models proved that the compute-optimal frontier shifts drastically away from standard Chinchilla scaling. To maximize performance under a fixed budget, the optimal choice is a model that is significantly smaller and trained on vastly more data than the traditional 20-tokens-per-parameter rule dictates.

In their experiments, the highly overtrained small models consistently outperformed the larger, Chinchilla-optimal models across all eight evaluation tasks when test-time sampling costs were accounted for.

For developers looking to deploy these findings, the technical barrier is surprisingly low.

"Nothing fancy is required to perform test-time scaling with our current models," Roberts said. "At deployment, developers can absolutely integrate infrastructure that makes the sampling process more efficient (e.g. KV caching if you’re using a transformer)."

KV caching helps by storing previously processed context so the model doesn't have to re-read the initial prompt from scratch for every new reasoning sample.

However, extreme overtraining comes with practical trade-offs. While overtrained models can be notoriously stubborn and harder to fine-tune, Roberts notes that when they applied supervised fine-tuning, "while this effect was present, it was not a strong enough effect to pull the optimal model back to Chinchilla." The compute-optimal strategy remains definitively skewed toward compact models.

Yet, teams pushing this to the absolute limit must be wary of hitting physical data limits. "Another angle is that if you take our overtraining recommendations to the extreme, you may actually run out of training data," Roberts said, referring to the looming "data wall" where high-quality internet data is exhausted.

These experiments confirm that if an application relies on generating multiple test-time reasoning samples, aggressively overtraining a compact model is practically and mathematically the most effective way to spend an end-to-end compute budget.

To help developers get started, the research team plans to open-source their checkpoints and code soon, allowing enterprises to plug in their own data and test the scaling behavior immediately. Ultimately, this framework serves as an equalizing force in the AI industry. 

This is especially crucial as the high price of frontier models can become a barrier as you scale agentic applications that rely on reasoning models.

"T² fundamentally changes who gets to build strong reasoning models," Roberts concludes. "You might not need massive compute budgets to get state-of-the-art reasoning. Instead, you need good data and smart allocation of your training and inference budget."

A rogue AI agent at Meta passed every identity check and still exposed sensitive data to unauthorized employees in March. Two weeks later, Mercor, a $10 billion AI startup, confirmed a supply-chain breach through LiteLLM. Both are traced to the same structural gap. Monitoring without enforcement, enforcement without isolation. A VentureBeat three-wave survey of 108 qualified enterprises found that the gap is not an edge case. It is the most common security architecture in production today.

Gravitee’s State of AI Agent Security 2026 survey of 919 executives and practitioners quantifies the disconnect. 82% of executives say their policies protect them from unauthorized agent actions. Eighty-eight percent reported AI agent security incidents in the last twelve months. Only 21% have runtime visibility into what their agents are doing. Arkose Labs’ 2026 Agentic AI Security Report found 97% of enterprise security leaders expect a material AI-agent-driven incident within 12 months. Only 6% of security budgets address the risk.

VentureBeat's survey results show that monitoring investment snapped back to 45% of security budgets in March after dropping to 24% in February, when early movers shifted dollars into runtime enforcement and sandboxing. The March wave (n=20) is directional, but the pattern is consistent with February’s larger sample (n=50): enterprises are stuck at observation while their agents already need isolation. CrowdStrike’s Falcon sensors detect more than 1,800 distinct AI applications across enterprise endpoints. The fastest recorded adversary breakout time has dropped to 27 seconds. Monitoring dashboards built for human-speed workflows cannot keep pace with machine-speed threats.

The audit that follows maps three stages. Stage one is observe. Stage two is enforce, where IAM integration and cross-provider controls turn observation into action. Stage three is isolate, sandboxed execution that bounds blast radius when guardrails fail. VentureBeat Pulse data from 108 qualified enterprises ties each stage to an investment signal, an OWASP ASI threat vector, a regulatory surface, and immediate steps security leaders can take.

The threat surface stage-one security cannot see

The OWASP Top 10 for Agentic Applications 2026 formalized the attack surface last December. The ten risks are: goal hijack (ASI01), tool misuse (ASI02), identity and privilege abuse (ASI03), agentic supply chain vulnerabilities (ASI04), unexpected code execution (ASI05), memory poisoning (ASI06), insecure inter-agent communication (ASI07), cascading failures (ASI08), human-agent trust exploitation (ASI09), and rogue agents (ASI10). Most have no analog in traditional LLM applications. The audit below maps six of these to the stages where they are most likely to surface and the controls that address them.

Invariant Labs disclosed the MCP Tool Poisoning Attack in April 2025: malicious instructions in an MCP server’s tool description cause an agent to exfiltrate files or hijack a trusted server. CyberArk extended it to Full-Schema Poisoning. The mcp-remote OAuth proxy patched CVE-2025-6514 after a command-injection flaw put 437,000 downloads at risk.

Merritt Baer, CSO at Enkrypt AI and former AWS Deputy CISO, framed the gap in an exclusive VentureBeat interview: “Enterprises believe they’ve ‘approved’ AI vendors, but what they’ve actually approved is an interface, not the underlying system. The real dependencies are one or two layers deeper, and those are the ones that fail under stress.”

CrowdStrike CTO Elia Zaitsev put the visibility problem in operational terms in an exclusive VentureBeat interview at RSAC 2026: “It looks indistinguishable if an agent runs your web browser versus if you run your browser.” Distinguishing the two requires walking the process tree, tracing whether Chrome was launched by a human from the desktop or spawned by an agent in the background. Most enterprise logging configurations cannot make that distinction.

The regulatory clock and the identity architecture

Auditability priority tells the same story in miniature. In January, 50% of respondents ranked it a top concern. By February, that dropped to 28% as teams sprinted to deploy. In March, it surged to 65% when those same teams realized they had no forensic trail for what their agents did.

HIPAA’s 2026 Tier 4 willful-neglect maximum is $2.19M per violation category per year. In healthcare, Gravitee’s survey found 92.7% of organizations reported AI agent security incidents versus the 88% all-industry average. For a health system running agents that touch PHI, that ratio is the difference between a reportable breach and an uncontested finding of willful neglect. FINRA’s 2026 Oversight Report recommends explicit human checkpoints before agents that can act or transact execute, along with narrow scope, granular permissions, and complete audit trails of agent actions.

Mike Riemer, Field CISO at Ivanti, quantified the speed problem in a recent VentureBeat interview: “Threat actors are reverse engineering patches within 72 hours. If a customer doesn’t patch within 72 hours of release, they’re open to exploit.” Most enterprises take weeks. Agents operating at machine speed widen that window into a permanent exposure.

The identity problem is architectural. Gravitee's survey of 919 practitioners found only 21.9% of teams treat agents as identity-bearing entities, 45.6% still use shared API keys, and 25.5% of deployed agents can create and task other agents. A quarter of enterprises can spawn agents that their security team never provisioned. That is ASI08 as architecture.

Guardrails alone are not a strategy

A 2025 paper by Kazdan and colleagues (Stanford, ServiceNow Research, Toronto, FAR AI) showed a fine-tuning attack that bypasses model-level guardrails in 72% of attempts against Claude 3 Haiku and 57% against GPT-4o. The attack received a $2,000 bug bounty from OpenAI and was acknowledged as a vulnerability by Anthropic. Guardrails constrain what an agent is told to do, not what a compromised agent can reach.

CISOs already know this. In VentureBeat's three-wave survey, prevention of unauthorized actions ranked as the top capability priority in every wave at 68% to 72%, the most stable high-conviction signal in the dataset. The demand is for permissioning, not prompting. Guardrails address the wrong control surface.

Zaitsev framed the identity shift at RSAC 2026: “AI agents and non-human identities will explode across the enterprise, expanding exponentially and dwarfing human identities. Each agent will operate as a privileged super-human with OAuth tokens, API keys, and continuous access to previously siloed data sets.” Identity security built for humans will not survive this shift. Cisco President Jeetu Patel offered the operational analogy in an exclusive VentureBeat interview: agents behave “more like teenagers, supremely intelligent, but with no fear of consequence.”

VentureBeat Prescriptive Matrix: AI Agent Security Maturity Audit

Sources: OWASP Top 10 for Agentic Applications 2026; Invariant Labs MCP Tool Poisoning (April 2025); CrowdStrike RSAC 2026 Fortune 50 disclosure; Meta March 2026 incident (The Information/Engadget); Mercor/LiteLLM breach (Fortune, April 2, 2026); Arkose Labs 2026 Agentic AI Security Report; VentureBeat Pulse Q1 2026.

The stage-one attack scenario in this matrix is not hypothetical. Unauthorized tool or data access ranked as the most feared failure mode in every wave of VentureBeat’s survey, growing from 42% in January to 50% in March. That trajectory and the 70%-plus priority rating for prevention of unauthorized actions are the two most mutually reinforcing signals in the entire dataset. CISOs fear the exact attack this matrix describes, and most have not deployed the controls to stop it.

Hyperscaler stage readiness: observe, enforce, isolate

The maturity audit tells you where your security program stands. The next question is whether your cloud platform can get you to stage two and stage three, or whether you are building those capabilities yourself. Patel put it bluntly: “It’s not just about authenticating once and then letting the agent run wild.” A stage-three platform running a stage-one deployment pattern gives you stage-one risk.

VentureBeat Pulse data surfaces a structural tension in this grid. OpenAI leads enterprise AI security deployments at 21% to 26% across the three survey waves, making the same provider that creates the AI risk also the primary security layer. The provider-as-security-vendor pattern holds across Azure, Google, and AWS. Zero-incremental-procurement convenience is winning by default. Whether that concentration is a feature or a single point of failure depends on how far the enterprise has progressed past stage one.

Status as of April 15, 2026. GA = generally available. Preview/Beta = not production-hardened. “What’s Missing” column reflects VentureBeat’s analysis of publicly documented capabilities; gaps may narrow as vendors ship updates.

No provider in this grid ships a complete stage-three stack today. Most enterprises assemble isolation from existing cloud building blocks. That is a defensible choice if it is a deliberate one. Waiting for a vendor to close the gap without acknowledging the gap is not a strategy.

The grid above covers hyperscaler-native SDKs. A large segment of AI builders deploys through open-source orchestration frameworks like LangChain, CrewAI, and LlamaIndex that bypass hyperscaler IAM entirely. These frameworks lack native stage-two primitives. There is no scoped agent identity, no tool-call approval workflow, and no built-in audit trails. Enterprises running agents through open-source orchestration need to layer enforcement and isolation on top, not assume the framework provides it.

VentureBeat’s survey quantifies the pressure. Policy enforcement consistency grew from 39.5% to 46% between January and February, the largest consistent gain of any capability criterion. Enterprises running agents across OpenAI, Anthropic, and Azure need enforcement that works the same way regardless of which model executes the task. Provider-native controls enforce policy within that provider’s runtime only. Open-source orchestration frameworks enforce it nowhere.

One counterargument deserves acknowledgment: not every agent deployment needs stage three. A read-only summarization agent with no tool access and no write permissions may rationally stop at stage one. The sequencing failure this audit addresses is not that monitoring exists. It is that enterprises running agents with write access, shared credentials, and agent-to-agent delegation are treating monitoring as sufficient. For those deployments, stage one is not a strategy. It is a gap.

Allianz shows stage-three in production

Allianz, one of the world’s largest insurance and asset management companies, is running Claude Managed Agents across insurance workflows, with Claude Code deployed to technical teams and a dedicated AI logging system for regulatory transparency, per Anthropic’s April 8 announcement. Asana, Rakuten, Sentry, and Notion are in production on the same beta. Stage-three isolation, per-agent permissioning, and execution-chain auditability are deployable now, not roadmap. The gating question is whether the enterprise has sequenced the work to use them.

The 90-day remediation sequence

Days 1–30: Inventory and baseline. Map every agent to a named owner. Log all tool calls. Revoke shared API keys. Deploy read-only monitoring across all agent API traffic. Run mcp-scan against every registered MCP server. CrowdStrike detects 1,800 AI applications across enterprise endpoints; your inventory should be equally comprehensive. Output: agent registry with permission matrix, MCP scan report.

Days 31–60: Enforce and scope. Assign scoped identities to every agent. Deploy tool-call approval workflows for write operations. Integrate agent activity logs into existing SIEM. Run a tabletop exercise: What happens when an agent spawns an agent? Conduct a canary-token test from the prescriptive matrix. Output: IAM policy set, approval workflow, SIEM integration, canary-token test results.

Days 61–90: Isolate and test. Sandbox high-risk agent workloads (PHI, PII, financial transactions). Enforce per-session least privilege. Require human sign-off for agent-to-agent delegation. Red-team the isolation boundary using the stage-three detection test from the matrix. Output: sandboxed execution environment, red-team report, board-ready risk summary with regulatory exposure mapped to HIPAA tier and FINRA guidance.

What changes in the next 30 days

EU AI Act Article 14 human-oversight obligations take effect August 2, 2026. Programs without named owners and execution trace capability face enforcement, not operational risk.

Anthropic’s Claude Managed Agents is in public beta at $0.08 per session-hour. GA timing, production SLAs, and final pricing have not been announced.

OpenAI Agents SDK ships TypeScript support for sandbox and harness capabilities in a future release, per the company’s April 15 announcement. Stage-three sandbox becomes available to JavaScript agent stacks when it ships.

What the sequence requires

McKinsey’s 2026 AI Trust Maturity Survey pegs the average enterprise at 2.3 out of 4.0 on its RAI maturity model, up from 2.0 in 2025 but still an enforcement-stage number; only one-third of the ~500 organizations surveyed report maturity levels of three or higher in governance. Seventy percent have not finished the transition to stage three. ARMO’s progressive enforcement methodology gives you the path: behavioral profiles in observation, permission baselines in selective enforcement, and full least privilege once baselines stabilize. Monitoring investment was not wasted. It was stage one of three. The organizations stuck in the data treated it as the destination.

The budget data makes the constraint explicit. The share of enterprises reporting flat AI security budgets doubled from 7.9% in January to 16% in February in VentureBeat's survey, with the March directional reading at 20%. Organizations expanding agent deployments without increasing security investment are accumulating security debt at machine speed. Meanwhile, the share reporting no agent security tooling at all fell from 13% in January to 5% in March. Progress, but one in twenty enterprises running agents in production still has zero dedicated security infrastructure around them.

About this research

Total qualified respondents: 108. VentureBeat Pulse AI Security and Trust is a three-wave VentureBeat survey run January 6 through March 15, 2026. Qualified sample (organizations 100+ employees): January n=38, February n=50, March n=20. Primary analysis runs from January to February; March is directional. Industry mix: Tech/Software 52.8%, Financial Services 10.2%, Healthcare 8.3%, Education 6.5%, Telecom/Media 4.6%, Manufacturing 4.6%, Retail 3.7%, other 9.3%. Seniority: VP/Director 34.3%, Manager 29.6%, IC 22.2%, C-Suite 9.3%.

Anthropic today launched Claude Design, a new product from its Anthropic Labs division that allows users to create polished visual work — designs, interactive prototypes, slide decks, one-pagers, and marketing collateral — through conversational prompts and fine-grained editing controls. The release, available immediately in research preview to all paid Claude subscribers, is the company's most aggressive expansion beyond its core language model business and into the application layer that has historically belonged to companies like Figma, Adobe, and Canva.

Claude Design is powered by Claude Opus 4.7, Anthropic's most capable generally available vision model, which the company also released today. Anthropic says it is rolling access out gradually throughout the day to Claude Pro, Max, Team, and Enterprise subscribers.

The simultaneous launches mark a watershed for Anthropic, whose ambitions now visibly extend from foundation model provider to full-stack product company — one that wants to own the arc from a rough idea to a shipped product. The timing is also significant: Anthropic hit roughly $20 billion in annualized revenue in early March 2026, according to Bloomberg, up from $9 billion at the end of 2025 — and surpassed $30 billion by early April 2026. The company is in early talks with Goldman Sachs, JPMorgan, and Morgan Stanley about a potential IPO that could come as early as October 2026.

How Claude Design turns a text prompt into a working prototype

The product follows a workflow that Anthropic has designed to feel like a natural creative conversation. Users describe what they need, and Claude generates a first version. From there, refinement happens through a combination of channels: chat-based conversation, inline comments on specific elements, direct text editing, and custom adjustment sliders that Claude itself generates to let users tweak spacing, color, and layout in real time.

During onboarding, Claude reads a team's codebase and design files and builds a design system — colors, typography, and components — that it automatically applies to every subsequent project. Teams can refine the system over time and maintain more than one. The import surface is broad: users can start from a text prompt, upload images and documents in various formats, or point Claude at their codebase. A web capture tool grabs elements directly from a live website so prototypes look like the real product.

What distinguishes Claude Design from the wave of AI design experiments that have proliferated in the past year is the handoff mechanism. When a design is ready to build, Claude packages everything into a handoff bundle that can be passed to Claude Code with a single instruction. That creates a closed loop — exploration to prototype to production code — all within Anthropic's ecosystem. The export options acknowledge that not everyone's next step is Claude Code: users can also share designs as an internal URL within their organization, save as a folder, or export to Canva, PDF, PPTX, or standalone HTML files.

Anthropic points to Brilliant, the education technology company known for intricate interactive lessons, as an early proof point. The company's senior product designer reported that the most complex pages required 20 or more prompts to recreate in competing tools but needed only 2 in Claude Design. The Brilliant team then turned static mockups into interactive prototypes they could share and user-test without code review, and handed everything — including the design intent — to Claude Code for implementation. Datadog's product team described a similar shift, compressing what had been a week-long cycle of briefs, mockups, and review rounds into a single conversation.

Why Anthropic's chief product officer just resigned from Figma's board

The launch arrives against a backdrop that makes Anthropic's claim of complementarity with existing design tools difficult to take entirely at face value. Mike Krieger, Anthropic's chief product officer, resigned from the board of Figma on April 14 — the same day The Information reported Anthropic's next model would include design tools that could compete with Figma's primary offering.

Figma has collaborated closely with Anthropic to integrate the frontier lab's AI models into its products. Just two months ago, in February, Figma launched "Code to Canvas," a feature that converts code generated in AI tools like Claude Code into fully editable designs inside Figma — creating a bridge between AI coding tools and Figma's design process. The partnership felt like a mutual bet that AI would make design more essential, not less. Claude Design complicates that narrative significantly.

Anthropic's position, based on VentureBeat's background conversations with the company, is that Claude Design is built around interoperability and is meant to meet teams where they already work, not replace incumbent tools. The company points to the Canva export, PPTX and PDF support, and plans to make it easier for other tools to connect via MCPs (model context protocols) as evidence of that philosophy. Anthropic is also making it possible for other tools to build integrations with Claude Design, a move clearly designed to preempt accusations of walled-garden ambitions.

But the market read the signals differently. The structural tension is clear: Figma commands an estimated 80 to 90% market share in UI and UX design, according to The Next Web. Both Figma and Adobe assume a trained designer is in the loop. Anthropic's tool does not. Claude Design is not merely another AI copilot embedded in an existing design application. It is a standalone product that generates complete, interactive prototypes from natural language — accessible to founders, product managers, and marketers who have never opened Figma. The expansion of the design user base to non-designers is the real competitive threat, even if the professional designer's workflow remains anchored in Figma for now.

Inside Claude Opus 4.7, the model Anthropic deliberately made less dangerous

The model powering Claude Design is itself a significant story. Claude Opus 4.7 is Anthropic's most capable generally available model, with notable improvements over its predecessor Opus 4.6 in software engineering, instruction following, and vision — but it is intentionally less capable than Anthropic's most powerful offering, Claude Mythos Preview, the model the company announced earlier this month as too dangerous for broad release due to its cybersecurity capabilities.

That dual-track approach — one model for the public, one model locked behind a vetted-access program — is unprecedented in the AI industry. Anthropic used Claude Mythos Preview to identify thousands of zero-day vulnerabilities in every major operating system and web browser, as reported by multiple outlets. The Project Glasswing initiative that houses Mythos brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks as launch partners.

Opus 4.7 sits a deliberate step below Mythos. Anthropic stated in its release that it "experimented with efforts to differentially reduce" the new model's cyber capabilities during training and ships it with safeguards that automatically detect and block requests indicating prohibited or high-risk cybersecurity uses. What Anthropic learns from those real-world safeguards will inform the eventual goal of broader release for Mythos-class models. For security professionals with legitimate needs, the company has created a new Cyber Verification Program.

On benchmarks, the model posts strong numbers. Opus 4.7 reached 64.3% on SWE-bench Pro, and on Anthropic's internal 93-task coding benchmark, it delivered a 13% resolution improvement over Opus 4.6, including solving four tasks that neither Opus 4.6 nor Sonnet 4.6 could crack.

The vision improvements are substantial and directly relevant to Claude Design: Opus 4.7 can accept images up to 2,576 pixels on the long edge — roughly 3.75 megapixels, more than three times the resolution of prior Claude models. Early access partner XBOW, the autonomous penetration testing company, reported that the new model scored 98.5% on their visual-acuity benchmark versus 54.5% for Opus 4.6.

Meanwhile, Bloomberg reported that the White House is preparing to make a version of Mythos available to major federal agencies, with the Office of Management and Budget setting up protections for Cabinet departments — a sign that the government views the model's capabilities as too important to leave solely in private hands.

What enterprise buyers need to know about data privacy and pricing

For enterprise and regulated-industry buyers, the data handling architecture of Claude Design will be a critical evaluation criterion. Based on VentureBeat's exclusive background discussions with Anthropic, the system stores the design-system representation it generates — not the source files themselves. When users link a local copy of their code, it is not uploaded to or stored on Anthropic's servers. The company is also adding the ability to connect directly to GitHub. Anthropic states unequivocally that it does not train on this data. For Enterprise customers, Claude Design is off by default — administrators choose whether to enable it and control who has access.

On pricing, Claude Design is included at no additional cost with Pro, Max, Team, and Enterprise plans, using existing subscription limits with optional extra usage beyond those caps. Opus 4.7 holds the same API pricing as its predecessor: $5 per million input tokens and $25 per million output tokens. The pricing strategy mirrors the approach Anthropic took with Claude Code, which launched as a bundled feature and rapidly grew into a major revenue driver. Anthropic's reasoning is straightforward: the best way to learn what people will build with a new product category is to put it in their hands, then build monetization around demonstrated value.

Anthropic is also being transparent about the product's limitations. The design system import works best with a clean codebase; messy source code produces messy output. Collaboration is basic and not yet fully multiplayer. The editing experience has rough edges. There is no general availability date, and Anthropic says that is intentional — it will let the product and user feedback determine when Claude Design is ready for prime time.

Anthropic's bet that owning the full creative stack is worth the risk

Claude Design is the most visible expression of a trend that has been accelerating for months: the major AI labs are moving up the stack from model providers into full application builders, directly entering categories previously owned by established software companies. Anthropic now offers a coding agent (Claude Code), a knowledge-work assistant (Claude Cowork), desktop computer control, office integrations for Word, Excel, and PowerPoint, a browser agent in Chrome, and now a design tool. Each product reinforces the others. A designer can explore concepts in Claude Design, export a prototype, hand it to Claude Code for implementation, and have Claude Cowork manage the review cycle — all within Anthropic's platform.

The financial momentum behind this expansion is staggering. Anthropic has received investor offers valuing the company at approximately $800 billion, according to Reuters, more than doubling its $380 billion valuation from a funding round closed just two months ago. But building an application empire while simultaneously navigating an AI safety reputation, an impending IPO, growing public hostility toward the technology, and the diplomatic fallout of competing with your own partners is a balancing act that no technology company has attempted at this scale or speed.

When Figma launched Code to Canvas in February, the implicit promise was that AI coding tools and design tools would grow together, each making the other more valuable. Two months later, Anthropic's chief product officer has left Figma's board, and the company has shipped a product that lets anyone who can type a sentence create the kind of interactive prototype that once required years of design training and a Figma license. The partnership may survive. But the power dynamic just changed — and in the AI industry, that tends to be the only kind of change that matters.

For the past year, early adopters of autonomous AI agents have been forced to play a murky game of chance: keep the agent in a useless sandbox or give it the keys to the kingdom and hope it doesn't hallucinate a catastrophic "delete all" command.

To unlock the true utility of an agent—scheduling meetings, triaging emails, or managing cloud infrastructure—users have had to grant these models raw API keys and broad permissions, raising the risk of their systems being disrupted by an accidental agent mistake.

That tradeoff ends today. The creators of the open source sandboxed NanoClaw agent framework — now known under their new private startup named NanoCo — have announced a landmark partnership with Vercel and OneCLI to introduce a standardized, infrastructure-level approval system.

By integrating Vercel’s Chat SDK and OneCLI’s open source credentials vault, NanoClaw 2.0 ensures that no sensitive action occurs without explicit human consent, delivered natively through the messaging apps where users already live.

The specific use cases that stand to benefit most are those involving high-consequence "write" actions. That is, in DevOps, an agent could propose a cloud infrastructure change that only goes live once a senior engineer taps "Approve" in Slack.

For finance teams, an agent could prepare batch payments or invoice triaging, with the final disbursement requiring a human signature via a WhatsApp card.

Technology: security by isolation

The fundamental shift in NanoClaw 2.0 is the move away from "application-level" security to "infrastructure-level" enforcement. In traditional agent frameworks, the model itself is often responsible for asking for permission—a flow that Gavriel Cohen, co-founder of NanoCo, describes as inherently flawed.

"The agent could potentially be malicious or compromised," Cohen noted in a recent interview. "If the agent is generating the UI for the approval request, it could trick you by swapping the 'Accept' and 'Reject' buttons."

NanoClaw solves this by running agents in strictly isolated Docker or Apple Containers. The agent never sees a real API key; instead, it uses "placeholder" keys. When the agent attempts an outbound request, the request is intercepted by the OneCLI Rust Gateway. The gateway checks a set of user-defined policies (e.g., "Read-only access is okay, but sending an email requires approval").

If the action is sensitive, the gateway pauses the request and triggers a notification to the user. Only after the user approves does the gateway inject the real, encrypted credential and allow the request to reach the service.

Product: bringing the 'human' into the loop

While security is the engine, Vercel’s Chat SDK is the dashboard. Integrating with different messaging platforms is notoriously difficult because every app—Slack, Teams, WhatsApp, Telegram—uses different APIs for interactive elements like buttons and cards.

By leveraging Vercel’s unified SDK, NanoClaw can now deploy to 15 different channels from a single TypeScript codebase. When an agent wants to perform a protected action, the user receives a rich interactive card on their phone. "The approval shows up as a rich, native card right inside Slack or WhatsApp or Teams, and the user taps once to approve or deny," said Cohen. This "seamless UX" is what makes human-in-the-loop oversight practical rather than a productivity bottleneck.

The full list of 15 supported messaging apps/channels contains many favored by enterprise knowledge workers, including:

• Slack

• WhatsApp

• Telegram

• Microsoft Teams

• Discord

• Google Chat

• iMessage

• Facebook Messenger

• Instagram

• X (Twitter)

• GitHub

• Linear

• Matrix

• Email

• Webex

Background on NanoClaw

NanoClaw launched on January 31, 2026, as a minimalist and security-focused response to the "security nightmare" inherent in complex, non-sandboxed agent frameworks.

Created by Cohen, a former Wix.com engineer, and marketed by his brother Lazer, CEO of B2B tech public relations firm Concrete Media, the project was designed to solve the auditability crisis found in competing platforms like OpenClaw, which had grown to nearly 400,000 lines of code.

By contrast, NanoClaw condensed its core logic into roughly 500 lines of TypeScript—a size that, according to VentureBeat, allows the entire system to be audited by a human or a secondary AI in approximately eight minutes.

The platform’s primary technical defense is its use of operating system-level isolation. Every agent is placed inside an isolated Linux container—utilizing Apple Containers for high performance on macOS or Docker for Linux—to ensure that the AI only interacts with directories explicitly mounted by the user.

As detailed in VentureBeat's reporting on the project's infrastructure, this approach confines the "blast radius" of potential prompt injections strictly to the container and its specific communication channel.

In March 2026, NanoClaw further matured this security posture through an official partnership with the software container firm Docker to run agents inside "Docker Sandboxes".

This integration utilizes MicroVM-based isolation to provide an enterprise-ready environment for agents that, by their nature, must mutate their environments by installing packages, modifying files, and launching processes—actions that typically break traditional container immutability assumptions.

Operationally, NanoClaw rejects the traditional "feature-rich" software model in favor of a "Skills over Features" philosophy. Instead of maintaining a bloated main branch with dozens of unused modules, the project encourages users to contribute "Skills"—modular instructions that teach a local AI assistant how to transform and customize the codebase for specific needs, such as adding Telegram or Gmail support.

This methodology, as described on NanoClaw's website and in VentureBeat interviews, ensures that users only maintain the exact code required for their specific implementation.

Furthermore, the framework natively supports "Agent Swarms" via the Anthropic Agent SDK, allowing specialized agents to collaborate in parallel while maintaining isolated memory contexts for different business functions.

Licensing and open source strategy

NanoClaw remains firmly committed to the open source MIT License, encouraging users to fork the project and customize it for their own needs. This stands in stark contrast to "monolithic" frameworks.

NanoClaw’s codebase is remarkably lean, consisting of only 15 source files and roughly 3,900 lines of code, compared to the hundreds of thousands of lines found in competitors like OpenClaw.

The partnership also highlights the strength of the "Open Source Avengers" coalition.

By combining NanoClaw (agent orchestration), Vercel Chat SDK (UI/UX), and OneCLI (security/secrets), the project demonstrates that modular, open-source tools can outpace proprietary labs in building the application layer for AI.

Community reactions

As shown on the NanoClaw website, the project has amassed more than 27,400 stars on GitHub and maintains an active Discord community.

A core claim on the NanoClaw site is that the codebase is small enough to understand in "8 minutes," a feature targeted at security-conscious users who want to audit their assistant.

In an interview, Cohen noted that iMessage support via Vercel’s Photon project addresses a common community hurdle: previously, users often had to maintain a separate Mac Mini to connect agents to an iMessage account.

The enterprise perspective: should you adopt?

For enterprises, NanoClaw 2.0 represents a shift from speculative experimentation to safe operationalization.

Historically, IT departments have blocked agent usage due to the "all-or-nothing" nature of credential access. By decoupling the agent from the secret, NanoClaw provides a middle ground that mirrors existing corporate security protocols—specifically the principle of least privilege.

Enterprises should consider this framework if they require high-auditability and have strict compliance needs regarding data exfiltration. According to Cohen, many businesses have not been ready to grant agents access to calendars or emails because of security concerns. This framework addresses that by ensuring the agent structurally cannot act without permission.

Enterprises stand to benefit specifically in use cases involving "high-stakes" actions. As illustrated in the OneCLI dashboard, a user can set a policy where an agent can read emails freely but must trigger a manual approval dialog to "delete" or "send" one.

Because NanoClaw runs as a single Node.js process with isolated containers , it allows enterprise security teams to verify that the gateway is the only path for outbound traffic. This architecture transforms the AI from an unmonitored operator into a supervised junior staffer, providing the productivity of autonomous agents without forgoing executive control.

Ultimately, NanoClaw is a recommendation for organizations that want the productivity of autonomous agents without the "black box" risk of traditional LLM wrappers. It turns the AI from a potentially rogue operator into a highly capable junior staffer who always asks for permission before hitting the "send" or "buy" button.

As AI-native setups become the standard, this partnership establishes the blueprint for how trust will be managed in the age of the autonomous workforce.

Salesforce on Wednesday unveiled the most ambitious architectural transformation in its 27-year history, introducing "Headless 360" — a sweeping initiative that exposes every capability in its platform as an API, MCP tool, or CLI command so AI agents can operate the entire system without ever opening a browser.

The announcement, made at the company's annual TDX developer conference in San Francisco, ships more than 100 new tools and skills immediately available to developers. It marks a decisive response to the existential question hanging over enterprise software: In a world where AI agents can reason, plan, and execute, does a company still need a CRM with a graphical interface?

Salesforce's answer: No — and that's exactly the point.

"We made a decision two and a half years ago: Rebuild Salesforce for agents," the company said in its announcement. "Instead of burying capabilities behind a UI, expose them so the entire platform will be programmable and accessible from anywhere."

The timing is anything but coincidental. Salesforce finds itself navigating one of the most turbulent periods in enterprise software history — a sector-wide sell-off that has pushed the iShares Expanded Tech-Software Sector ETF down roughly 28% from its September peak. The fear driving the decline: that AI, particularly large language models from Anthropic, OpenAI, and others, could render traditional SaaS business models obsolete.

Jayesh Govindarjan, EVP of Salesforce and one of the key architects behind the Headless 360 initiative, described the announcement as rooted not in marketing theory but in hard-won lessons from deploying agents with thousands of enterprise customers.

"The problem that emerged is the lifecycle of building an agentic system for every one of our customers on any stack, whether it's ours or somebody else's," Govindarjan told VentureBeat in an exclusive interview. "The challenge that they face is very much the software development challenge. How do I build an agent? That's only step one."

More than 100 new tools give coding agents full access to the Salesforce platform for the first time

Salesforce Headless 360 rests on three pillars that collectively represent the company's attempt to redefine what an enterprise platform looks like in the agentic era.

The first pillar — build any way you want — delivers more than 60 new MCP (Model Context Protocol) tools and 30-plus preconfigured coding skills that give external coding agents like Claude Code, Cursor, Codex, and Windsurf complete, live access to a customer's entire Salesforce org, including data, workflows, and business logic. Developers no longer need to work inside Salesforce's own IDE. They can direct AI coding agents from any terminal to build, deploy, and manage Salesforce applications.

Agentforce Vibes 2.0, the company's own native development environment, now includes what it calls an "open agent harness" supporting both the Anthropic agent SDK and the OpenAI agents SDK. As demonstrated during the keynote, developers can choose between Claude Code and OpenAI agents depending on the task, with the harness dynamically adjusting available capabilities based on the selected agent. The environment also adds multi-model support, including Claude Sonnet and GPT-5, along with full org awareness from the start.

A significant technical addition is native React support on the Salesforce platform. During the keynote demo, presenters built a fully functional partner service application using React — not Salesforce's own Lightning framework — that connected to org metadata via GraphQL while inheriting all platform security primitives. This opens up dramatically more expressive front-end possibilities for developers who want complete control over the visual layer.

The second pillar — deploy on any surface — centers on the new Agentforce Experience Layer, which separates what an agent does from how it appears, rendering rich interactive components natively across Slack, mobile apps, Microsoft Teams, ChatGPT, Claude, Gemini, and any client supporting MCP apps. During the keynote, presenters defined an experience once and deployed it across six different surfaces without writing surface-specific code. The philosophical shift is significant: rather than pulling customers into a Salesforce UI, enterprises push branded, interactive agent experiences into whatever workspace their customers already inhabit.

The third pillar — build agents you can trust at scale — introduces an entirely new suite of lifecycle management tools spanning testing, evaluation, experimentation, observation, and orchestration. Agent Script, the company's new domain-specific language for defining agent behavior deterministically, is now generally available and open-sourced. A new Testing Center surfaces logic gaps and policy violations before deployment. Custom Scoring Evals let enterprises define what "good" looks like for their specific use case. And a new A/B Testing API enables running multiple agent versions against real traffic simultaneously.

Why enterprise customers kept breaking their own AI agents — and how Salesforce redesigned its tooling in response

Perhaps the most technically significant — and candid — portion of VentureBeat's interview with Govindarjan addressed the fundamental engineering tension at the heart of enterprise AI: agents are probabilistic systems, but enterprises demand deterministic outcomes.

Govindarjan explained that early Agentforce customers, after getting agents into production through "sheer hard work," discovered a painful reality. "They were afraid to make changes to these agents, because the whole system was brittle," he said. "You make one change and you don't know whether it's going to work 100% of the time. All the testing you did needs to be redone."

This brittleness problem drove the creation of Agent Script, which Govindarjan described as a programming language that "brings together the determinism that's in programming languages with the inherent flexibility in probabilistic systems that LLMs provide." The language functions as a single flat file — versionable, auditable — that defines a state machine governing how an agent behaves. Within that machine, enterprises specify which steps must follow explicit business logic and which can reason freely using LLM capabilities.

Salesforce open-sourced Agent Script this week, and Govindarjan noted that Claude Code can already generate it natively because of its clean documentation. The approach stands in sharp contrast to the "vibe coding" movement gaining traction elsewhere in the industry. As the Wall Street Journal recently reported, some companies are now attempting to vibe-code entire CRM replacements — a trend Salesforce's Headless 360 directly addresses by making its own platform the most agent-friendly substrate available.

Govindarjan described the tooling as a product of Salesforce's own internal practice. "We needed these tools to make our customers successful. Then our FDEs needed them. We hardened them, and then we gave them to our customers," he told VentureBeat. In other words, Salesforce productized its own pain.

Inside the two competing AI agent architectures Salesforce says every enterprise will need

Govindarjan drew a revealing distinction between two fundamentally different agentic architectures emerging in the enterprise — one for customer-facing interactions and one he linked to what he called the "Ralph Wiggum loop."

Customer-facing agents — those deployed to interact with end customers for sales or service — demand tight deterministic control. "Before customers are willing to put these agents in front of their customers, they want to make sure that it follows a certain paradigm — a certain brand set of rules," Govindarjan told VentureBeat. Agent Script encodes these as a static graph — a defined funnel of steps with LLM reasoning embedded within each step.

The "Ralph Wiggum loop," by contrast, represents the opposite end of the spectrum: a dynamic graph that unrolls at runtime, where the agent autonomously decides its next step based on what it learned in the previous step, killing dead-end paths and spawning new ones until the task is complete. This architecture, Govindarjan said, manifests primarily in employee-facing scenarios — developers using coding agents, salespeople running deep research loops, marketers generating campaign materials — where an expert human reviews the output before it ships.

"Ralph Wiggum loops are great for employee-facing because employees are, in essence, experts at something," Govindarjan explained. "Developers are experts at development, salespeople are experts at sales."

The critical technical insight: both architectures run on the same underlying platform and the same graph engine. "This is a dynamic graph. This is a static graph," he said. "It's all a graph underneath." That unified runtime — spanning the spectrum from tightly controlled customer interactions to free-form autonomous loops — may be Salesforce's most important technical bet, sparing enterprises from maintaining separate platforms for different agent modalities.

Salesforce hedges its bets on MCP while opening its ecosystem to every major AI model and tool

Salesforce's embrace of openness at TDX was striking. The platform now integrates with OpenAI, Anthropic, Google Gemini, Meta's LLaMA, and Mistral AI models. The open agent harness supports third-party agent SDKs. MCP tools work from any coding environment. And the new AgentExchange marketplace unifies 10,000 Salesforce apps, 2,600-plus Slack apps, and 1,000-plus Agentforce agents, tools, and MCP servers from partners including Google, Docusign, and Notion, backed by a new $50 million AgentExchange Builders Initiative.

Yet Govindarjan offered a surprisingly candid assessment of MCP itself — the protocol Anthropic created that has become a de facto standard for agent-tool communication.

"To be very honest, not at all sure" that MCP will remain the standard, he told VentureBeat. "When MCP first came along as a protocol, a lot of us engineers felt that it was a wrapper on top of a really well-written CLI — which now it is. A lot of people are saying that maybe CLI is just as good, if not better."

His approach: pragmatic flexibility. "We're not wedded to one or the other. We just use the best, and often we will offer all three. We offer an API, we offer a CLI, we offer an MCP." This hedging explains the "Headless 360" naming itself — rather than betting on a single protocol, Salesforce exposes every capability across all three access patterns, insulating itself against protocol shifts.

Engine, the B2B travel management company featured prominently in the keynote demos, offered a real-world proof point for the open ecosystem approach. The company built its customer service agent, Ava, in 12 days using Agentforce and now handles 50% of customer cases autonomously. Engine runs five agents across customer-facing and employee-facing functions, with Data 360 at the heart of its infrastructure and Slack as its primary workspace. "CSAT goes up, costs to deliver go down. Customers are happier. We're getting them answers faster. What's the trade off? There's no trade off," an Engine executive said during the keynote.

Underpinning all of it is a shift in how Salesforce gets paid. The company is moving from per-seat licensing to consumption-based pricing for Agentforce — a transition Govindarjan described as "a business model change and innovation for us." It's a tacit acknowledgment that when agents, not humans, are doing the work, charging per user no longer makes sense.

Salesforce isn't defending the old model — it's dismantling it and betting the company on what comes next

Govindarjan framed the company's evolution in architectural terms. Salesforce has organized its platform around four layers: a system of context (Data 360), a system of work (Customer 360 apps), a system of agency (Agentforce), and a system of engagement (Slack and other surfaces). Headless 360 opens every layer via programmable endpoints.

"What you saw today, what we're doing now, is we're opening up every single layer, right, with MCP tools, so we can go build the agentic experiences that are needed," Govindarjan told VentureBeat. "I think you're seeing a company transforming itself."

Whether that transformation succeeds will depend on execution across thousands of customer deployments, the staying power of MCP and related protocols, and the fundamental question of whether incumbent enterprise platforms can move fast enough to remain relevant when AI agents can increasingly build new systems from scratch. The software sector's bear market, the financial pressures bearing down on the entire industry, and the breathtaking pace of LLM improvement all conspire to make this one of the highest-stakes bets in enterprise technology.

But there is an irony embedded in Salesforce's predicament that Headless 360 makes explicit. The very AI capabilities that threaten to displace traditional software are the same capabilities that Salesforce now harnesses to rebuild itself. Every coding agent that could theoretically replace a CRM is now, through Headless 360, a coding agent that builds on top of one. The company is not arguing that agents won't change the game. It's arguing that decades of accumulated enterprise data, workflows, trust layers, and institutional logic give it something no coding agent can generate from a blank prompt.

As Benioff declared on CNBC's Mad Money in March: "The software industry is still alive, well and growing." Headless 360 is his company's most forceful attempt to prove him right — by tearing down the walls of the very platform that made Salesforce famous and inviting every agent in the world to walk through the front door.

Parker Harris, Salesforce's co-founder, captured the bet most succinctly in a question he posed last month: "Why should you ever log into Salesforce again?"

If Headless 360 works as designed, the answer is: You shouldn't have to. And that, Salesforce is wagering, is precisely what will keep you paying for it.

Enterprise AI is entering a new phase — one where the central question is no longer what can be built, but how to make the most of our AI investment.

At VentureBeat’s latest AI Impact Tour session, Brian Gracely, director of portfolio strategy at Red Hat, described the operational reality inside large organizations: AI sprawl, rising inference costs, and limited visibility into what those investments are actually returning.

It’s the “Day 2” moment — when pilots give way to production, and cost, governance, and sustainability become harder than building the system in the first place.

"We've seen customers who say, 'I have 50,000 licenses of Copilot. I don't really know what people are getting out of that. But I do know that I'm paying for the most expensive computing in the world, because it's GPUs,'" Gracely said. "'How am I going to get that under control?'"

Why enterprise AI costs are now a board-level problem

For much of the past two years, cost was not the primary concern for organizations evaluating generative AI. The experimental phase gave teams cover to spend freely, and the promise of productivity gains justified aggressive investment, but that dynamic is shifting as enterprises enter their second and third budget cycles with AI. The focus has moved from "can we build something?" to "are we getting what we paid for?"

Enterprises that made large, early bets on managed AI services are conducting hard reviews of whether those investments are delivering measurable value. The issue isn’t just that GPU computing is expensive. It is that many organizations lack the instrumentation to connect spending to outcomes, making it nearly impossible to justify renewals or scale responsibly.

The strategic shift from token consumer to token producer

The dominant AI procurement model of the past few years has been straightforward: pay a vendor per token, per seat, or per API call, and let someone else manage the infrastructure. That model made sense as a starting point but is increasingly being questioned by organizations with enough experience to compare alternatives.

Enterprises that have been through one AI cycle are starting to rethink that model.

"Instead of being purely a token consumer, how can I start being a token generator?" Gracely said. "Are there use cases and workloads that make sense for me to own more? It may mean operating GPUs. It may mean renting GPUs. And then asking, 'Does that workload need the greatest state-of-the-art model? Are there more capable open models or smaller models that fit?'"

The decision is not binary. The right answer depends on the workload, the organization, and the risk tolerance involved, but the math is getting more complicated as the number of capable open models, from DeepSeek to models now available through cloud marketplaces, grows. Now enterprises actually have real alternatives to the handful of providers that dominated the landscape two years ago.

Falling AI costs and rising usage create a paradox for enterprise budgets

Some enterprise leaders argue that locking into infrastructure investments now could mean significantly overpaying in the long run, pointing to the statement from Anthropic CEO Dario Amodei that AI inference costs are declining roughly 60% per year.

The emergence of open-source models such as DeepSeek and others has meaningfully expanded the strategic options available to enterprises that are willing to invest in the underlying infrastructure in the last three years.

But while costs per token are falling, usage is accelerating at a pace that more than offsets efficiency gains. It's a version of Jevons Paradox, the economic principle that improvements in resource efficiency tend to increase total consumption rather than reduce it, as lower cost enables broader adoption.

For enterprise budget planners, this means declining unit costs do not translate into declining total bills. An organization that triples its AI usage while costs fall by half still ends up spending more than it did before. The consideration becomes which workloads genuinely require the most capable and most expensive models, and which can be handled just fine by smaller, cheaper alternatives.

The business case for investing in AI infrastructure flexibility

The prescription isn't to slow down AI investment, but to build with flexibility being top of mind. The organizations that will win aren't necessarily the ones that move fastest or spend the most; they're the ones building infrastructure and operating models capable of absorbing the next unexpected development.

"The more you can build some abstractions and give yourself some flexibility, the more you can experiment without running up costs, but also without jeopardizing your business. Those are as important as asking whether you're doing everything best practice right now," Gracely explained.

But despite how entrenched AI discussions have become in enterprise planning cycles, the practical experience most organizations have is still measured in years, not decades.

"It feels like we've been doing this forever. We've been doing this for three years," Gracely added. "It's early and it's moving really fast. You don't know what's coming next. But the characteristics of what's coming next — you should have some sense of what that looks like.”

For enterprise leaders still calibrating their AI investment strategies, that may be the most actionable takeaway: the goal is not to optimize for today's cost structure, but to build the organizational and technical flexibility to adapt when, not if, it changes again.

The journey from a laboratory hypothesis to a pharmacy shelf is one of the most grueling marathons in modern industry, typically spanning 10 to 15 years and billions of dollars in investment.

Progress is often stymied not just by the inherent mysteries of biology, but by the "fragmented and difficult to scale" workflows that force researchers to manually pivot between the actual experimental design equipment, software, and databases.

But OpenAI is releasing a new specialized model GPT-Rosalind specifically to speed up this process and make it more efficient, easier, and ideally, more productive. Named after the pioneering chemist Rosalind Franklin, whose work was vital to the discovery of DNA’s structure (and was often overlooked for her male colleagues James Watson and Francis Crick), this new frontier reasoning model is purpose-built to act as a specialized intelligence layer for life sciences research.

By shifting AI’s role from a general-purpose assistant to a domain-specific "reasoning" partner, OpenAI is signaling a long-term commitment to biological and chemical discovery.

What GPT-Rosalind offers

GPT-Rosalind isn't just about faster text generation; it is designed to synthesize evidence, generate biological hypotheses, and plan experiments—tasks that have traditionally required years of expert human synthesis.

At its core, GPT-Rosalind is the first in a new series of models optimized for scientific workflows. While previous iterations of GPT excelled at general language tasks, this model is fine-tuned for deeper understanding across genomics, protein engineering, and chemistry.

To validate its capabilities, OpenAI tested the model against several industry benchmarks. On BixBench, a metric for real-world bioinformatics and data analysis, GPT-Rosalind achieved leading performance among models with published scores.

In more granular testing via LABBench2, the model outperformed GPT-5.4 on six out of eleven tasks, with the most significant gains appearing in CloningQA—a task requiring the end-to-end design of reagents for molecular cloning protocols.

The model’s most striking performance signal came from a partnership with Dyno Therapeutics. In an evaluation using unpublished, "uncontaminated" RNA sequences, GPT-Rosalind was tasked with sequence-to-function prediction and generation.

When evaluated directly in the Codex environment, the model’s submissions ranked above the 95th percentile of human experts on prediction tasks and reached the 84th percentile for sequence generation.

This level of expertise suggests the model can serve as a high-level collaborator capable of identifying "expert-relevant patterns" that generalist models often overlook.

The new lab workflow

OpenAI is not just releasing a model; it is launching an ecosystem designed to integrate with the tools scientists already use. Central to this is a new Life Sciences research plugin for Codex, available on GitHub.

Scientific research is famously siloed. A single project might require a researcher to consult a protein structure database, search through 20 years of clinical literature, and then use a separate tool for sequence manipulation. The new plugin acts as an "orchestration layer," providing a unified starting point for these multi-step questions.

• Skill Set: The package includes modular skills for biochemistry, human genetics, functional genomics, and clinical evidence.

• Connectivity: It connects models to over 50 public multi-omics databases and literature sources.

• Efficiency: This approach targets "long-horizon, tool-heavy scientific workflows," allowing researchers to automate repeatable tasks like protein structure lookups and sequence searches.

Limited and gated access

Given the potential power of a model capable of redesigning biological structures, OpenAI is eschewing a broad "open-source" or general public release in favor of a Trusted Access program.

The model is launching as a research preview specifically for qualified Enterprise customers in the United States. This restricted deployment is built on three core principles: beneficial use, strong governance, and controlled access.

Organizations requesting access must undergo a qualification and safety review to ensure they are conducting legitimate research with a clear public benefit.

Unlike general-use models, GPT-Rosalind was developed with heightened enterprise-grade security controls. For the end-user, this means:

• Restricted Access: Usage is limited to approved users within secure, well-managed environments.

• Governance: Participating organizations must maintain strict misuse-prevention controls and agree to specific life sciences research preview terms.

• Cost: During the preview phase, the model will not consume existing credits or tokens, allowing researchers to experiment without immediate budgetary constraints (subject to abuse guardrails).

Warm reception from initial industry partners

The announcement garnered significant buy-in from OpenAI parnters across the pharmaceutical and technology sectors.

Sean Bruich, SVP of AI and Data at Amgen, noted that the collaboration allows the company to apply advanced tools in ways that could "accelerate how we deliver medicines to patients".The impact is also being felt in the specialized tech infrastructure that supports labs:

• NVIDIA: Kimberly Powell, VP of Healthcare and Life Sciences, described the convergence of domain reasoning and accelerated computing as a way to "compress years of traditional R&D into immediate, actionable scientific insights".

• Moderna: CEO Stéphane Bancel highlighted the model's ability to "reason across complex biological evidence" to help teams translate insights into experimental workflows.

• The Allen Institute: CTO Andy Hickl emphasized that GPT-Rosalind stands out for making manual steps—like finding and aligning data—more "consistent and repeatable in an agentic workflow".

This builds on tangible results OpenAI has already seen in the field, such as its collaboration with Ginkgo Bioworks, where AI models helped achieve a 40% reduction in protein production costs.

What's next for Rosalind and OpenAI in life sciences?

OpenAI’s mission with GPT-Rosalind is to narrow the gap between a "promising scientific idea" and the actual "evidence, experiments, and decisions" required for medical progress.

By partnering with institutions like Los Alamos National Laboratory to explore AI-guided catalyst design and biological structure modification, the company is positioning GPT-Rosalind as more than a tool—it is meant to be a "capable partner in discovery".

As the life sciences field becomes increasingly data-dense, the move toward specialized "reasoning" models like Rosalind may become the standard for navigating the "vast search spaces" of biology and chemistry.