What makes Aardvark unique, OpenAI noted, is its combination of reasoning, automation, and verification. Rather than simply highlighting potential vulnerabilities, the agent promises multi-stage analysis — starting by mapping an entire repository and building a contextual threat model around it. From there, it continuously monitors new commits, checking whether each change introduces risk or violates existing security patterns.

Additionally, upon identifying a potential issue, Aardvark attempts to validate the exploitability of the finding in a sandboxed environment before flagging it. This validation step could prove transformative. Traditional static analysis tools often overwhelm developers with false alarms — issues that may look risky but aren’t truly exploitable. “The biggest advantage is that it will reduce false positives significantly,” noted Jain. “It’s helpful in open source codes and as part of the development pipeline.”

Once a vulnerability is confirmed, Aardvark integrates with Codex to propose a patch, then re-analyzes the fix to ensure it doesn’t introduce new problems. OpenAI claims that in benchmark tests, the system identified 92 percent of known and synthetically introduced vulnerabilities across test repositories, a promising indication that AI may soon shoulder part of the burden of modern code auditing.

The FCC’s January 2025 declaratory ruling came in response to attacks by China, including the Salt Typhoon infiltration of major telecom providers such as Verizon and AT&T. The Biden-era FCC found that the Communications Assistance for Law Enforcement Act (CALEA), a 1994 law, “affirmatively requires telecommunications carriers to secure their networks from unlawful access or interception of communications.”

“The Commission has previously found that section 105 of CALEA creates an affirmative obligation for a telecommunications carrier to avoid the risk that suppliers of untrusted equipment will “illegally activate interceptions or other forms of surveillance within the carrier’s switching premises without its knowledge,’" the January order said. “With this Declaratory Ruling, we clarify that telecommunications carriers’ duties under section 105 of CALEA extend not only to the equipment they choose to use in their networks, but also to how they manage their networks.”

With the “dislikes” beta rolling out soon, Bluesky will take into account the new signal to improve user personalization. As users “dislike” posts, the system will learn what sort of content they want to see less of. This will help to inform more than just how content is ranked in feeds, but also reply rankings.

The company explained the changes are designed to make Bluesky a place for more “fun, genuine, and respectful exchanges” — an edict that follows a month of unrest on the platform as some users again criticized the platform over its moderation decisions. While Bluesky is designed as a decentralized network where users run their own moderation, some subset of Bluesky users want the platform itself to ban bad actors and controversial figures instead of leaving it up to the users to block them. Bluesky, however, wants to focus more on the tools it provides users to control their own experience.

Even before Azure had a global failure this week, Austria’s Ministry of Economy had taken a decisive step toward digital sovereignty. The Ministry achieved this status by migrating 1,200 employees to a Nextcloud-based cloud and collaboration platform hosted on Austrian-based infrastructure. This shift away from proprietary, foreign-owned cloud services, such as Microsoft 365, to an open-source, European-based cloud service aligns with a growing trend among European governments and agencies. They want control over sensitive data and to declare their independence from US-based tech providers.

European companies are encouraging this trend. Many of them have joined forces in the newly created non-profit foundation, the EuroStack Initiative. This foundation’s goal is " to organize action, not just talk, around the pillars of the initiative: Buy European, Sell European, Fund European.” What’s the motive behind these moves away from proprietary tech? Well, in Austria’s case, Florian Zinnagl, CISO of the Ministry of Economy, Energy, and Tourism (BMWET), explained, “We carry responsibility for a large amount of sensitive data — from employees, companies, and citizens. As a public institution, we take this responsibility very seriously. That’s why we view it critically to rely on cloud solutions from non-European corporations for processing this information.”

Austria’s move and motivation echo similar efforts in Germany, Denmark, and other EU states and agencies. The organizations include the German state of Schleswig-Holstein, which abandoned Exchange and Outlook for open-source programs. Other agencies that have taken the same path away from Microsoft include the Austrian military, Danish government organizations, and the French city of Lyon. All of these organizations aim to keep data storage and processing within national or European borders to enhance security, comply with privacy laws such as the EU’s General Data Protection Regulation (GDPR), and mitigate risks from potential commercial and foreign government surveillance.

“Last week Disney used the threat of a blackout on YouTube TV as a negotiating tactic to force deal terms that would raise prices on our customers,” YouTube said in an announcement on its blog. “They’re now following through on that threat, suspending their content on YouTube TV.” YouTube added that Disney’s decision harms its subscribers while benefiting its own live TV products, such as Hulu+Live TV and Fubo.

In a statement sent to the Los Angeles Times, however, Disney accused Google’s YouTube TV of choosing to deny “subscribers the content they value most by refusing to pay fair rates for [its] channels, including ESPN and ABC.” Disney also accused Google of using its market dominance to “eliminate competition and undercut the industry-standard terms” that other pay-TV distributors have agreed to pay for its content.

In response to an inquiry, Amazon explained that it has always worked to ban piracy from its app store. As part of an expanded program led by the ACE, it is now blocking apps that demonstrably provide access to pirated content, including those downloaded outside the app store. This builds on Amazon’s ongoing efforts to support creators and protect customers, as piracy can also expose users to malware, viruses, and fraud.

[…] The sideloading option will remain available on Fire TV devices running Amazon’s new operating system, Vega OS. However, it is generally limited to developers here. In this context, the company emphasized that, contrary to rumors, there are no plans to upgrade existing Fire TV devices with Fire OS as the operating system to Vega OS.

Denmark’s justice minister on Thursday said he will no longer push for an EU law requiring the mandatory scanning of electronic messages, including on end-to-end encrypted platforms. Earlier in its European Council presidency, Denmark had brought back a draft law which would have required the scanning, sparking an intense backlash. Known as Chat Control, the measure was intended to crack down on the trafficking of child sex abuse materials (CSAM). After days of silence, the German government on October 8 announced it would not support the proposal, tanking the Danish effort.

Danish Justice Minister Peter Hummelgaard told reporters on Thursday that his office will support voluntary CSAM detections. “This will mean that the search warrant will not be part of the EU presidency’s new compromise proposal, and that it will continue to be voluntary for the tech giants to search for child sexual abuse material,” Hummelgaard said, according to local news reports. The current model allowing for voluntary scanning expires in April, Hummelgaard said. “Right now we are in a situation where we risk completely losing a central tool in the fight against sexual abuse of children,” he said. “That’s why we have to act no matter what. We owe it to all the children who are subjected to monstrous abuse.”

Is installing Windows 11 with a local account or on unsupported hardware harmful or dangerous? YouTube’s AI moderation system seems to think so, as it has started pulling videos that show users how to sidestep Microsoft’s setup restrictions.

Tech YouTuber Rich White, aka CyberCPU Tech, was the first to go public about the issue on October 26, when he posted a video reporting the removal of a how-to he published on installing Windows 11 25H2 with a local account instead of a Microsoft account. In the video, White expressed concern that YouTube’s automated flagging process may be the root of the problem, as he found it hard to believe that “creating a local account in Windows 11 could lead to serious harm or even death,” as YouTube reportedly alleged when it removed the video.

When he appealed, White said that YouTube denied the request within 10 to 20 minutes, early on a Sunday morning, which led him to speculate that there wasn’t a human in the loop when the request was shut down. That wasn’t his only video removed, either. The next day, White uploaded his video for this week on installing Windows 11 25H2 on unsupported hardware, which was removed hours after being posted. YouTube justified the removal on similar grounds. […] At least two other YouTubers - Britec09 and Hrutkay Mods - have released videos alleging much of the same.

The feature is built using the Bluetooth Low Energy (LE) audio codec, and it’s rolling out in preview to Windows 11 Insiders in the Dev and Beta channels. Shared audio comes in handy if you’re watching a movie on a laptop with your friend or family member, or just want to show them new music that you can both stream inside your own wireless headsets. You can use shared audio by connecting Bluetooth LE-supported devices to your Windows 11 PC and then selecting the Shared audio (preview) button in your quick settings menu. Microsoft introduced an LE Audio feature on Windows 11 in August, enabling higher audio quality while using a wireless headset in a game or call.

When Coinbase’s quarterly earnings call wrapped up Thursday, its chief executive, Brian Armstrong, didn’t finish with profit guidance or statements of confidence. He closed it out with a list: “Bitcoin, Ethereum, blockchain, staking and Web3.” Those weren’t random buzzwords. They were part of an $84,000 betting market [non-paywalled source].

Across prediction market platforms Kalshi and Polymarket, users had wagered on which words would be spoken during the call — part of a niche category known as mention markets, where the outcome isn’t tied to earnings, price moves or sports games, but to what people say in some public forum. With the final analyst question complete, several terms listed in contracts were still unsaid. Armstrong ticked them off one by one.

“I was a little distracted because I was tracking the prediction market about what Coinbase will say on their next earnings call,” he said in his parting remarks. “I just want to add here the words Bitcoin, Ethereum, blockchain, staking, and Web3 — to make sure we get those in before the end of the call.” The exchange’s CEO had just moved a market — even if only a small one.

Mention markets are one of the more curious byproducts of the broader prediction market boom, but also one of the more controversial. Platforms like Kalshi, which is regulated by the Commodity Futures Trading Commission, and Polymarket, which is in the process of returning to the US market, let users wager on the outcomes of real-world events. That can mean elections, policy decisions, or sports — but also, increasingly, corporate rituals and even common jargon.

Judging from the number of times the lawsuit talks about 1) ridicule and 2) harassment, it seems like the case quickly became a personal one for Proven’s owner and employees, who felt either mocked or threatened. That’s understandable, but being mocked is not illegal and should never have led to a lawsuit or a copyright claim. As for online harassment, it remains a serious and unresolved issue, but launching a personal vendetta — and on pretty flimsy legal grounds — against McNally himself was patently unwise. (Doubly so given that McNally had a huge following and had already responded to DMCA takedowns by creating further videos on the subject; this wasn’t someone who would simply be intimidated by a lawsuit.)

In the end, Proven’s lawsuit likely cost the company serious time and cash — and generated little but bad publicity.

The rush to secure electricity has intensified as tech companies look to spend trillions of dollars building data centers. There’s an industry that consumes even more power than many tech giants, and it has largely escaped the same scrutiny: suppliers of industrial gases.

Everyday items like toothpaste and life-saving treatments like MRIs are among the countless parts of modern life that hinge on access to gases such as nitrogen, oxygen and helium. Producing and transporting these gases to industrial facilities and hospitals is a highly energy-intensive process. Three companies — Linde, Air Liquide and Air Products and Chemicals — control 70% of the $120 billion global market for industrial gases. Their initiatives to rein in electricity use or switch to renewables aren’t enough to rapidly cut carbon emissions, according to a new report from the campaign group Action Speaks Louder.

“The scale of the sector’s greenhouse gas emissions and electricity use is staggering,” said George Harding-Rolls, the group’s head of campaigns and one of the authors of the report. Linde’s electricity use in 2024 exceeded that of Alphabet’s Google and Samsung Electronics as well as oil giant TotalEnergies, while the power use of Air Liquide and Air Products was comparable to that of Shell and Microsoft. Yet unlike fossil fuel and tech companies, these industrial gas companies are far from household names because their customers are the world’s largest chemicals, steel and oil companies rather than average consumers.

The industry relies on air-separation units, which use giant compressors to turn air into liquid and then distill it into its many components. These machines are responsible for much of the industry’s electricity demand, and their use alone is responsible for 2% of carbon dioxide emissions in China and the US, the world’s two largest polluters.

Vinay Prasad, who oversees gene therapies at the Food and Drug Administration, said scientific advances, like Crispr, have forced the agency to relax some of its strict rules. As an example, he cited the case of 10-month-old KJ Muldoon, who this year became the first person in history to have his genes custom edited to cure an inherited disease.

“Regulation has to evolve as fast as science evolves,” Prasad said in an interview with Bloomberg News. The agency is “going to be extremely flexible and work very fast with the scientists who want to bring these therapies to kids who need it.” Prasad plans to publish a paper in early November outlining the FDA’s new approach. He predicted it will spark interest in developing treatments for conditions that may affect only a handful of people.