<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Newzlet</title>
    <description>The latest articles on DEV Community by Newzlet (@newzlet_news).</description>
    <link>https://dev.to/newzlet_news</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4004965%2Fb0216068-214f-4323-8d77-645bad5e05c9.png</url>
      <title>DEV Community: Newzlet</title>
      <link>https://dev.to/newzlet_news</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/newzlet_news"/>
    <language>en</language>
    <item>
      <title>Bose QuietComfort Ultra: Best All-Around Headphones?</title>
      <dc:creator>Newzlet</dc:creator>
      <pubDate>Fri, 17 Jul 2026 01:10:06 +0000</pubDate>
      <link>https://dev.to/newzlet_news/bose-quietcomfort-ultra-best-all-around-headphones-29ka</link>
      <guid>https://dev.to/newzlet_news/bose-quietcomfort-ultra-best-all-around-headphones-29ka</guid>
      <description>&lt;h2&gt;
  
  
  The Problem With Most Headphone Deals: They're Built for One Thing
&lt;/h2&gt;

&lt;p&gt;Most premium headphones are engineered around a single job. Sony's WH-1000XM5 targets frequent flyers who need maximum noise cancellation on long-haul routes. Beyerdynamic's DT 770 Pro exists almost exclusively for studio monitoring. Jabra's sport-focused lines prioritize sweat resistance and secure fit above everything else. Each of these is an excellent product — inside its lane. Step outside that lane and the compromises pile up fast.&lt;/p&gt;

&lt;p&gt;This design philosophy creates a real problem for the average buyer, who doesn't live inside a single use case. A person who edits video during the day, commutes on a crowded subway, and squeezes in a gym session before dinner needs headphones that can keep up with all three — not just one. Most people don't own three separate pairs of quality headphones, and they shouldn't have to.&lt;/p&gt;

&lt;p&gt;That's exactly where the "jack-of-all-trades" label matters, and where it needs scrutiny rather than blind acceptance. The Bose QuietComfort Ultra 2nd Gen carries that description explicitly: plush enough for all-day wear, functional as workout headphones, capable for focused work like video editing, and immersive enough for extended streaming sessions. That's a wide-ranging claim, and during Prime Day it becomes a loaded one.&lt;/p&gt;

&lt;p&gt;Prime Day is engineered for impulse decisions. Countdown timers, limited quantities, and percentage-off badges create urgency that bypasses rational evaluation. Shoppers routinely buy headphones based on the size of the discount rather than fit with their actual listening habits, and those headphones end up in a drawer within a month.&lt;/p&gt;

&lt;p&gt;The QuietComfort Ultra 2nd Gen forces a different question before checkout: does a multi-role wireless headphone actually match how you use audio gear day-to-day, or do you have a dominant single use case that something more specialized handles better? A deal only delivers value when the product earns its place in your actual life. The noise-canceling headphone market is crowded with strong competitors at every price point, and a sale price doesn't automatically make any one pair the right pair for every buyer.&lt;/p&gt;

&lt;h2&gt;
  
  
  What 'Jack-of-All-Trades' Actually Means in Practice
&lt;/h2&gt;

&lt;p&gt;"Jack-of-all-trades" gets thrown around in headphone reviews as a compliment that doubles as a dodge. For the Bose QuietComfort Ultra 2nd Gen, it actually describes a set of deliberate engineering decisions that either align with how you use headphones or don't.&lt;/p&gt;

&lt;p&gt;Start with comfort. The QC Ultra 2nd Gen uses Bose's PlushComfort ear cushion design — soft memory foam wrapped in synthetic protein leather — and keeps the total weight low enough that extended wear doesn't create pressure points along the headband. "All-day wear" isn't a vague promise here; it's the direct result of prioritizing cushion depth and even clamping force over a tighter acoustic seal. That trade-off matters.&lt;/p&gt;

&lt;p&gt;The workout claim is where most ANC headphone coverage gets lazy. Premium active noise cancellation systems typically rely on delicate internal microphone arrays tuned for stillness. Bose built the QC Ultra 2nd Gen to handle sweat and movement without degrading that microphone performance — a durability compromise that studio-focused competitors like the Sony WH-1000XM5 don't make to the same degree.&lt;/p&gt;

&lt;p&gt;The hardest claim to accept at face value is the dual-use audio performance: accurate enough for video editing, immersive enough for streaming. These are genuinely competing requirements. Flat, reference-adjacent sound reproduction helps editors catch tonal imbalances in a cut. Immersive entertainment — the kind that makes binging Love Island feel absorbing rather than just audible — benefits from elevated low-end response and spatial audio processing. The QC Ultra 2nd Gen handles both through its Immersive Audio mode, which adds head-tracking and spatial staging for entertainment, while the standard listening mode pulls back toward a flatter, more neutral response. Switching between modes is the actual mechanism behind the "jack-of-all-trades" behavior. It's not that the headphones sound the same in every context — it's that they're tunable enough to serve different contexts without swapping hardware.&lt;/p&gt;

&lt;p&gt;That distinction matters for buyers deciding between the QC Ultra 2nd Gen and a specialized pair. You're not getting one perfect tool. You're getting one pair that performs well across multiple real-world scenarios because Bose built the flexibility in deliberately.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Missing Context: How the 2nd Gen Differs From the Original
&lt;/h2&gt;

&lt;p&gt;Both generations of the Bose QuietComfort Ultra are actively on sale during Prime Day right now, and that simultaneous discounting is creating real confusion for buyers who assume "2nd Gen" automatically means "buy this one." The original QuietComfort Ultra sits at $269 during the sale — a significantly lower price point — while the 2nd Gen commands a higher ask even with the discount applied. Deal roundups acknowledge both exist but rarely stop to explain what changed between them or why the price gap should or shouldn't matter to a specific buyer.&lt;/p&gt;

&lt;p&gt;That gap is the actual story. For someone already owning the first-generation QuietComfort Ultra, the upgrade decision is not obvious. The existing owner needs to know whether Bose improved ANC performance, audio tuning, multipoint Bluetooth handling, battery life, or the Immersive Audio spatial feature introduced with the original. None of the available deal coverage answers that question directly. Coverage consistently praises the 2nd Gen as a "jack-of-all-trades" — comfortable enough for all-day wear, capable during workouts, effective for focused work like video editing, and immersive enough for passive media consumption — but those descriptors applied to the first-generation model as well.&lt;/p&gt;

&lt;p&gt;The practical consequence: a buyer searching for "Bose QuietComfort Ultra deal" during Prime Day will land on coverage that mentions both models, notes the original is "arguably the better value depending on what you care about most," and then moves on without defining what those priorities should be or what the 2nd Gen actually upgraded. That is a real information gap dressed up as a deal recommendation.&lt;/p&gt;

&lt;p&gt;New buyers entering the Bose over-ear headphone ecosystem for the first time face a simpler choice — pick a price point. But existing QC Ultra owners evaluating whether a Prime Day discount finally justifies the jump to the second generation are left making a several-hundred-dollar decision with incomplete specifications. The sale price creates urgency. The missing upgrade context removes the ability to act rationally on that urgency.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why Prime Day 2026 Is a Legitimate Moment to Buy — Not Just Marketing Noise
&lt;/h2&gt;

&lt;p&gt;Prime Day has a reputation problem. Years of manufactured urgency — countdown timers, "limited quantities" warnings on items with infinite stock — have trained savvy shoppers to scroll past the noise. The Bose QuietComfort Ultra 2nd Gen deal breaks that pattern for a specific reason: flagship ANC headphones at this price tier routinely hold their retail price for months between sale windows. Bose doesn't slash prices on premium wireless headphones every other week. Prime Day and Black Friday are the structural buying windows that actually exist, which makes acting during one of them a rational timing decision rather than a panic response to a flashing banner.&lt;/p&gt;

&lt;p&gt;The financial case sharpens when you account for what a true multi-use headphone replaces. Someone who currently owns a dedicated pair of noise-canceling headphones for flights, a separate pair of workout earbuds, and a comfortable over-ear option for long editing sessions is maintaining three products, three charging cables, and three depreciation curves. The QuietComfort Ultra 2nd Gen handles all three roles — the plush fit survives all-day wear, the ANC holds up during focused work like video editing, and the headphones are comfortable enough for extended passive listening sessions. Consolidating into one pair of premium Bluetooth headphones offsets a meaningful chunk of the purchase price before the sale discount even enters the calculation.&lt;/p&gt;

&lt;p&gt;The recommendation that comes with this deal is framed correctly: it's an easy call &lt;em&gt;if you've already been considering an upgrade&lt;/em&gt;. That framing matters. Prime Day is a timing opportunity for someone already in the market for high-quality over-ear headphones, not a reason for someone who's perfectly happy with their current setup to manufacture a need. If the QuietComfort Ultra 2nd Gen has been on your shortlist, the combination of a genuine price drop on a headphone that rarely discounts and the consolidation value of replacing multiple specialized pairs makes this a straightforward decision. If it wasn't on your list before today, the sale price alone isn't a good enough reason to add it.&lt;/p&gt;

&lt;h2&gt;
  
  
  Who Should Actually Put These in Their Cart — and Who Shouldn't
&lt;/h2&gt;

&lt;p&gt;The clearest buyer for the Bose QuietComfort Ultra 2nd Gen is someone whose day refuses to stay in one lane. Remote workers who hop from morning calls to afternoon deep-focus sessions to evening streaming aren't buying a headphone for one job — they're buying a daily tool that removes friction across all three. The plush ear cushion design handles six, seven, eight hours of continuous wear without the pressure buildup that kills productivity on cheaper pairs. Frequent travelers face the same equation: one carry-on, one set of headphones, multiple environments. The QC Ultra 2nd Gen handles subway noise, open-plan office chaos, and in-flight cabin drone without requiring a gear swap.&lt;/p&gt;

&lt;p&gt;Commuters who also edit video, answer Slack messages, and decompress with TV at night represent exactly the kind of multi-context user this headphone was built around. The "jack-of-all-trades" label, which tends to read as a mild insult in audio circles, is actually a feature description for this audience.&lt;/p&gt;

&lt;p&gt;Two categories of buyer should hesitate. Serious audiophiles chasing flat frequency response and studio-accurate playback will find that dedicated over-ear monitors from the likes of Sennheiser or Beyerdynamic outperform at similar or higher price points — and those buyers typically already know this. The versatility trade-off doesn't serve someone who optimizes every listening session for sound quality above all else.&lt;/p&gt;

&lt;p&gt;Dedicated athletes present a similar mismatch. The QC Ultra 2nd Gen are described as "solid workout headphones," which is accurate but not the same as purpose-built. Sport-specific options with IP68 water resistance ratings, secure-fit ear hooks, and lighter chassis designs exist precisely because gym and trail use punish general-purpose gear. Someone training daily needs a headphone engineered around sweat and movement, not one that tolerates it.&lt;/p&gt;

&lt;p&gt;For everyone else — the remote employee logging long hours, the business traveler in back-to-back flights, the hybrid worker toggling between noise-canceling focus blocks and casual listening — the QuietComfort Ultra 2nd Gen earns its price. Headphone fatigue is real, underreported, and directly affects how long people actually use what they buy. All-day comfort paired with strong active noise cancellation solves a documented problem that most specialized headphones ignore entirely.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;Originally published at &lt;a href="https://newzlet.com/gadgets/bose-quietcomfort-ultra-best-all-around-headphones/" rel="noopener noreferrer"&gt;Newzlet&lt;/a&gt;.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>technology</category>
      <category>news</category>
      <category>gadgets</category>
    </item>
    <item>
      <title>ChatGPT-5.6 Models Sol, Terra, Luna Explained</title>
      <dc:creator>Newzlet</dc:creator>
      <pubDate>Fri, 17 Jul 2026 00:40:06 +0000</pubDate>
      <link>https://dev.to/newzlet_news/chatgpt-56-models-sol-terra-luna-explained-32jp</link>
      <guid>https://dev.to/newzlet_news/chatgpt-56-models-sol-terra-luna-explained-32jp</guid>
      <description>&lt;h2&gt;
  
  
  The Launch: What Actually Shipped and Where
&lt;/h2&gt;

&lt;p&gt;OpenAI didn't ship a single model. It shipped three.&lt;/p&gt;

&lt;p&gt;ChatGPT-5.6 is a family of variants — Sol, Terra, and Luna — each carrying a distinct name that signals differentiated tuning rather than a one-size-fits-all release. Most headlines skipped past this detail, treating the launch as a straightforward upgrade. It isn't. The three-model architecture reflects a deliberate product strategy: different workloads, different compute profiles, different use cases baked in from the start.&lt;/p&gt;

&lt;p&gt;The rollout hit ChatGPT, Codex, and the OpenAI API simultaneously. That simultaneous deployment across consumer and developer surfaces is the tell. This isn't a chatbot refresh — it's an infrastructure-level release targeting the engineers and product teams who build on top of OpenAI's models as much as the everyday users who prompt them directly. Developers accessing the API get the same generation of intelligence as someone chatting through the consumer app, which closes a gap that has frustrated builders waiting on parity.&lt;/p&gt;

&lt;p&gt;OpenAI announced the ChatGPT-5.6 family on June 26, then executed a deliberate teaser cadence before the actual drop — a pattern borrowed straight from consumer tech playbooks that Apple and Google have refined over decades. The pre-release drumbeat generated coverage cycles before a single user could access the models, extending the launch window without extending the wait. The global rollout was staged, with full availability promised within 24 hours of the initial release notice.&lt;/p&gt;

&lt;p&gt;That sequencing matters beyond marketing optics. OpenAI has faced criticism for chaotic releases and uneven capability rollouts. A named announcement date followed by a teased launch window followed by a staged global deployment signals a maturing product operation — one built to handle scale without the infrastructure stumbles that plagued earlier releases. For users, the practical result is that the ChatGPT-5.6 model family arrived with fewer surprises than previous launches. For OpenAI's competitive position against Google Gemini and Anthropic Claude, a cleaner launch cadence reinforces the narrative that the company running the most-used AI assistant also runs the most predictable one.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Missing Context: Why Three Variants Instead of One
&lt;/h2&gt;

&lt;p&gt;OpenAI released ChatGPT-5.6 as three distinct variants — Sol, Terra, and Luna — not as a single model. That structural choice is the detail most coverage glossed over, and it deserves a harder look.&lt;/p&gt;

&lt;p&gt;The celestial naming scheme signals a tiered architecture almost certainly built around the same tradeoffs that define every multi-model AI portfolio: speed, cost, and raw capability. But OpenAI has not publicly specified what each variant optimizes for. Users and developers are left to infer the hierarchy from the names alone, which is an unusual gap for a company that typically publishes detailed system cards and benchmark comparisons at launch.&lt;/p&gt;

&lt;p&gt;That gap looks less unusual when you zoom out. Anthropic structures its Claude lineup into Haiku, Sonnet, and Opus — fast-and-cheap to slow-and-powerful. Google does the same with Gemini Flash, Pro, and Ultra. Both companies use three tiers. OpenAI now uses three tiers. The pattern is not coincidental. Competitive pressure from Anthropic and Google is shaping how AI products get packaged and deployed, independent of whatever technical architecture sits underneath.&lt;/p&gt;

&lt;p&gt;This is the part of the ChatGPT-5.6 story that matters most for anyone building on or with AI systems. A single flagship model is a product. A three-model family is a portfolio strategy. It lets OpenAI capture enterprise customers who need maximum capability through one variant, developers who need low-latency API responses through another, and cost-sensitive deployments through a third. The same intelligence gets monetized three times across three different customer segments.&lt;/p&gt;

&lt;p&gt;Most early coverage treated the release as an incremental capability upgrade — a newer ChatGPT that does things better. The more accurate framing is that OpenAI is restructuring how its large language model technology reaches users, building a deployment architecture that mirrors its two main competitors while giving developers finer control over the cost-performance tradeoff. What OpenAI still owes the public is a clear technical explanation of what Sol, Terra, and Luna each actually do differently.&lt;/p&gt;

&lt;h2&gt;
  
  
  What This Means for Regular ChatGPT Users
&lt;/h2&gt;

&lt;p&gt;OpenAI confirmed the ChatGPT-5.6 model family will reach all users globally within 24 hours of launch — a rollout pace that applies to both free-tier accounts and paid subscribers. That speed matters, but it sidesteps a more pressing question: which of the three variants — Sol, Terra, or Luna — each user type actually gets access to.&lt;/p&gt;

&lt;p&gt;For most people who open ChatGPT to draft an email, summarize a document, or get a quick answer, the version number change from 5 to 5.6 will register as background noise. The real shift is structural. A three-model architecture means OpenAI can route different requests — or different users — to different underlying systems without changing anything visible on the interface. Someone on a free plan asking a straightforward question may get Luna. A Plus subscriber running a complex coding task may get Sol. The user sees "ChatGPT." The model doing the work is a different story.&lt;/p&gt;

&lt;p&gt;OpenAI has not publicly specified which subscription tiers unlock which variants. That ambiguity creates a real trust gap. If the AI a free user interacts with on Monday is meaningfully less capable than what a Pro subscriber gets on the same question, users deserve to know that — and right now, no clear disclosure mechanism exists.&lt;/p&gt;

&lt;p&gt;This is not a hypothetical UX problem. When AI systems silently serve different model tiers based on subscription level, users lose the ability to calibrate their expectations or evaluate the quality of what they're receiving. A student relying on ChatGPT-5.6 for research help and a developer stress-testing the same interface for production use may both believe they're talking to the same system. They likely are not.&lt;/p&gt;

&lt;p&gt;OpenAI's multi-model deployment strategy is efficient from an infrastructure standpoint. For everyday ChatGPT users, it introduces a layer of opacity that the company has not yet committed to addressing.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Developer Angle: Codex and API Access Change the Equation
&lt;/h2&gt;

&lt;p&gt;OpenAI shipped ChatGPT-5.6 Sol, Terra, and Luna directly to the OpenAI API and Codex on launch day — the same day consumer access began rolling out globally. That simultaneous release eliminates the weeks-long gap that has historically separated public product launches from developer availability, letting engineering teams start building integrations immediately rather than waiting for a staged rollout.&lt;/p&gt;

&lt;p&gt;The Codex inclusion carries a specific signal. Codex is OpenAI's platform for autonomous coding agents, and routing the ChatGPT-5.6 family through it confirms that at least one variant — almost certainly Sol or Terra, given their positioning in the family's capability hierarchy — is optimized for multi-step, agentic workflows rather than simple prompt-response interactions. Developers building AI coding assistants, automated testing pipelines, or software agents now have access to models explicitly designed for that kind of sustained, task-oriented reasoning.&lt;/p&gt;

&lt;p&gt;The three-variant structure creates a new architectural decision for any business building on OpenAI's infrastructure. Previously, enterprises picked a model tier and built around it. Now they have to evaluate whether their product needs Sol's top-tier reasoning, Terra's mid-range balance of speed and capability, or Luna's efficiency for high-volume, lower-complexity tasks. Each choice carries different API pricing, latency profiles, and infrastructure costs — and the wrong call at the design stage means expensive rework later.&lt;/p&gt;

&lt;p&gt;For startups and enterprises already embedded in the OpenAI ecosystem, this is both an opportunity and a genuine complication. The ability to mix variants across different functions inside a single product — say, Luna handling customer-facing chat while Sol powers back-end document analysis — unlocks more efficient cost structures. But it also demands a sharper understanding of each model's performance envelope before committing to a production architecture. Teams that treat all three variants as interchangeable will overpay, underperform, or both.&lt;/p&gt;

&lt;h2&gt;
  
  
  Four Years In: How This Release Reflects OpenAI's Larger Trajectory
&lt;/h2&gt;

&lt;p&gt;ChatGPT launched in late 2022 as a proof of concept that shocked the world into paying attention. Nearly four years later, OpenAI is no longer trying to prove that large language models are useful — it is executing a platform strategy with the same deliberateness that Apple or Microsoft brings to a product cycle.&lt;/p&gt;

&lt;p&gt;The ChatGPT-5.6 family, with its three named variants Sol, Terra, and Luna, signals that shift explicitly. OpenAI is not releasing a single flagship model and asking users to take it or leave it. It is segmenting its AI deployment across capability tiers, pricing bands, and use cases — the same playbook that defined how cloud software companies built durable market positions in the 2010s. That is a fundamentally different business than running a research lab.&lt;/p&gt;

&lt;p&gt;The release cadence reinforces the point. OpenAI announced the ChatGPT-5.6 model family on June 26, teased the launch date publicly, then shipped within days. That announcement-preview-release rhythm is how consumer electronics companies generate anticipation and media coverage before a product hits shelves. It is disciplined marketing, not just engineering.&lt;/p&gt;

&lt;p&gt;OpenAI has maintained its lead on total users despite intensifying pressure from Google and Anthropic, both of which have released competitive AI assistants and developer APIs. Staying ahead now requires more than raw model performance. It requires ecosystem depth — integrations across ChatGPT, Codex, and the OpenAI API — and a product naming strategy that gives enterprises and developers a clear framework for choosing which model fits their workflow and budget.&lt;/p&gt;

&lt;p&gt;The three-variant family also locks in a vocabulary. When developers start building around Sol for high-stakes tasks or Luna for cost-sensitive pipelines, switching costs accumulate. That is how platforms retain users even when competitors close the technical gap. Four years in, OpenAI is building a moat, not just a model.&lt;/p&gt;

&lt;h2&gt;
  
  
  What We Still Don't Know — and Should Be Asking
&lt;/h2&gt;

&lt;p&gt;The launch announcement for ChatGPT-5.6 Sol, Terra, and Luna confirms availability across ChatGPT, Codex, and the OpenAI API — but stops well short of the technical transparency users and developers need to make informed decisions. No benchmark data comparing the three variants has been published. No safety evaluations have been released. No detailed capability breakdowns explain what Sol handles that Terra does not, or where Luna's efficiency gains come from and at what cost to accuracy. For a model family positioned as a foundational shift in how AI gets deployed, that omission is significant.&lt;/p&gt;

&lt;p&gt;API pricing is the other gap that will define this release's actual impact. OpenAI has not disclosed what developers will pay to access Sol versus Terra versus Luna at scale. That number matters enormously. If Sol — the highest-capability variant — carries a premium price point that only well-funded teams can absorb, then the three-tier architecture functions less as democratization and more as segmentation. The ChatGPT-5.6 family could genuinely expand access to advanced AI capabilities, or it could quietly reserve the best performance for enterprise contracts while free and low-cost users default to the lighter models.&lt;/p&gt;

&lt;p&gt;The 24-hour global rollout window OpenAI announced is an ambitious target. Promising simultaneous access to all users worldwide is a testable commitment. The concrete questions are straightforward: Do users in Southeast Asia, sub-Saharan Africa, and Latin America get the same model variant as users in the United States on day one? Does language support extend equally across Sol, Terra, and Luna, or do non-English speakers land on degraded versions by default?&lt;/p&gt;

&lt;p&gt;OpenAI has built a reputation on rapid deployment, but the ChatGPT-5 generation — and now the 5.6 family — operates at a scale where rollout decisions carry real consequences. The absence of published safety evaluations for a multi-variant AI system this widely distributed should be the loudest open question in the room.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;Originally published at &lt;a href="https://newzlet.com/ai/chatgpt-5-6-sol-terra-luna-models-explained/" rel="noopener noreferrer"&gt;Newzlet&lt;/a&gt;.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>technology</category>
      <category>news</category>
      <category>ai</category>
    </item>
    <item>
      <title>Helsing's $18B Valuation Reshapes European AI Defense</title>
      <dc:creator>Newzlet</dc:creator>
      <pubDate>Fri, 17 Jul 2026 00:10:06 +0000</pubDate>
      <link>https://dev.to/newzlet_news/helsings-18b-valuation-reshapes-european-ai-defense-h9l</link>
      <guid>https://dev.to/newzlet_news/helsings-18b-valuation-reshapes-european-ai-defense-h9l</guid>
      <description>&lt;h2&gt;
  
  
  The Numbers: Why $18B Is a Landmark, Not Just a Headline
&lt;/h2&gt;

&lt;p&gt;Helsing's $1.8 billion Series E round closed at an $18 billion valuation — a number that reframes what European defense technology is capable of attracting. For context, that valuation puts the German AI defense company in direct financial territory with legacy contractors that have spent decades accumulating government contracts, manufacturing infrastructure, and political relationships. Helsing built to that figure in a fraction of the time.&lt;/p&gt;

&lt;p&gt;The round structure itself signals something beyond routine venture activity. Ten new and returning investors participated, including JPMorgan Chase, General Catalyst, Lightspeed, and Iconiq. That breadth is unusual. Defense-focused raises of this size typically consolidate around one or two strategic anchors. A ten-investor syndicate at Series E indicates that institutional capital — financial, not just strategic — has decided that AI-powered defense is a durable asset class, not a geopolitical moment trade.&lt;/p&gt;

&lt;p&gt;Series E classification matters here. This is not seed-stage ideology or Series B growth narrative. Late-stage rounds get priced on near-term revenue visibility, existing contracts, and realistic paths to profitability. Investors putting capital into Helsing at this stage are not betting on a concept. They are pricing in deployable products, signed agreements, and sovereign customers who are already paying. The valuation reflects that.&lt;/p&gt;

&lt;p&gt;For European defense tech as a sector, $18 billion is a landmark data point. Most European technology startups never approach that figure across their entire lifetime. The fact that a Munich-founded, AI-native defense firm reached it through a single financing event tells institutional investors — and governments — that European autonomous defense systems can attract the same capital gravity as American counterparts. That signal moves markets, shapes procurement conversations, and pulls more venture dollars toward the continent's emerging military AI ecosystem.&lt;/p&gt;

&lt;h2&gt;
  
  
  Who Is Helsing? The Flagship Product Most Coverage Glosses Over
&lt;/h2&gt;

&lt;p&gt;Most headlines about Helsing's $1.8 billion Series E stop at the valuation number — $18 billion — then move on to the investor list. That framing buries the part that actually justifies the number.&lt;/p&gt;

&lt;p&gt;Helsing is a German defense technology company, and its centerpiece is the CA-1 Europa, a 36-foot autonomous jet aircraft with a maximum takeoff weight of four tons. This is not a software dashboard bolted onto existing military hardware. It is not a drone kit assembled from commercial components. The CA-1 Europa is a full autonomous combat-capable platform that Helsing designs, develops, and intends to manufacture at scale.&lt;/p&gt;

&lt;p&gt;That last word matters. The company describes the aircraft's design as deliberately affordable and suited to high-volume production — which signals an industrial ambition well beyond what most AI defense startups attempt. Traditional aerospace primes like Lockheed Martin or BAE Systems spend decades and billions reaching this stage. Helsing is a startup doing it in years.&lt;/p&gt;

&lt;p&gt;The autonomous flight and decision-making capabilities running on the CA-1 Europa are powered by a Helsing-built software platform called Centaur. The aircraft and the AI system are co-developed, not patched together from third-party sources. That integration — proprietary airframe plus proprietary AI — is precisely what separates Helsing from companies selling software subscriptions to governments or operating purely in the unmanned systems advisory space.&lt;/p&gt;

&lt;p&gt;Understanding this product is the only way to make sense of why investors including JPMorganChase, General Catalyst, Lightspeed, and Iconiq wrote checks at an $18 billion valuation. They are not funding a defense-adjacent SaaS company. They are funding what may become Europe's first AI-native aerospace prime — a company positioned at the intersection of autonomous weapons systems, military AI software, and sovereign defense manufacturing capacity at a moment when European governments are rethinking every assumption they held about security.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Missing Context: Europe's Strategic Push for Defense Tech Sovereignty
&lt;/h2&gt;

&lt;p&gt;Helsing is headquartered in Munich. That detail matters more than most coverage acknowledges. When a German company builds autonomous combat aircraft and closes an $18 billion valuation round, it signals something specific: Europe is engineering its own answer to a question it no longer trusts others to answer for it.&lt;/p&gt;

&lt;p&gt;The urgency driving that calculation is not abstract. Russia's war in Ukraine exposed a structural vulnerability across NATO's eastern flank and forced European governments to confront how dependent they are on American defense platforms, American AI infrastructure, and American political will. That dependence looked manageable when U.S. security commitments were treated as fixed. They no longer are. NATO spending pressure has intensified, and European capitals have responded by accelerating investment in indigenous military technology — AI-powered defense systems built, owned, and governed within European jurisdiction.&lt;/p&gt;

&lt;p&gt;Helsing positions itself directly inside that strategic gap. Its CA-1 Europa drone and Centaur autonomous flight software are not marketed as American-adjacent products. They are European-origin systems, designed to meet European operational requirements and subject to European export control logic. The name itself — Europa — is not subtle branding.&lt;/p&gt;

&lt;p&gt;What most reporting misses is that the Silicon Valley capital now flowing into Helsing, from General Catalyst, Lightspeed, and Iconiq, does not contradict the European sovereignty story. It complicates it. American venture capital is funding a company whose entire value proposition depends on being a credible alternative to American defense platforms. That tension — between the capital's origin and the product's purpose — is the underreported core of this moment.&lt;/p&gt;

&lt;p&gt;European AI defense development is accelerating precisely because the political window feels narrow. Helsing's timing reflects a continent recalculating who controls the technology that controls the skies.&lt;/p&gt;

&lt;h2&gt;
  
  
  Silicon Valley Comes to the Battlefield: What the Investor List Tells Us
&lt;/h2&gt;

&lt;p&gt;JPMorgan Chase, General Catalyst, Lightspeed, and Iconiq are not names that appear on the investor lists of Lockheed Martin or Raytheon. They are mainstream venture and financial capital — the kind that funds fintech, consumer software, and enterprise SaaS. Their participation in Helsing's $1.8 billion Series E marks a clear threshold: AI-powered defense has stopped being a niche bet and become a standard asset class.&lt;/p&gt;

&lt;p&gt;General Catalyst's involvement carries the most strategic weight. The firm has spent the past two years deliberately building a defense and national security portfolio, operating from a thesis that AI-native startups will displace legacy defense contractors the same way cloud software displaced on-premise enterprise systems. Helsing fits that thesis precisely. The company is not a traditional weapons manufacturer retrofitting old hardware with software — it was built from the ground up around autonomous systems and battlefield AI.&lt;/p&gt;

&lt;p&gt;What the funding announcement does not address is the regulatory surface area this investment creates. American capital flowing into a German defense AI company touches multiple overlapping frameworks: EU data sovereignty rules, NATO technology-sharing protocols, and U.S. export control law — specifically ITAR, the International Traffic in Arms Regulations, which governs the transfer of defense-related technology to foreign entities. The relationship runs both directions here. U.S. investors gain exposure to European autonomous weapons development. European military AI systems gain access to American capital networks. Neither dynamic is straightforward from a compliance standpoint.&lt;/p&gt;

&lt;p&gt;The investor list also signals something about where Silicon Valley stands on defense. A decade ago, internal employee pressure pushed Google to exit the Pentagon's Project Maven drone AI contract. Today, firms like General Catalyst compete for positions on the cap tables of autonomous weapons companies. The cultural shift inside American venture capital is now complete, and Helsing's $18 billion valuation is the price tag attached to that shift.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Ethical and Regulatory Minefield No One Is Talking About
&lt;/h2&gt;

&lt;p&gt;Helsing just closed a $1.8 billion Series E round at an $18 billion valuation, with JPMorgan Chase, General Catalyst, Lightspeed, and Iconiq among the backers. The press coverage focused almost entirely on the capital raise and the technical specs of the CA-1 Europa. What it did not focus on is the question that actually matters: who is legally responsible when an autonomous combat aircraft built by a private German startup kills someone?&lt;/p&gt;

&lt;p&gt;That question has no clean answer under existing law. International humanitarian law was constructed around state actors — governments, uniformed militaries, command chains with identifiable human decision-makers. A venture-backed company producing autonomous lethal aircraft for high-volume deployment does not fit that architecture. The CA-1 Europa, powered by Helsing's Centaur AI platform, is designed to operate with minimal human intervention. When accountability is diffuse by design, the legal frameworks governing armed conflict cannot assign it clearly.&lt;/p&gt;

&lt;p&gt;The regulatory gap is widening faster than anyone is moving to close it. Neither the European Union nor NATO has produced binding rules on autonomous weapons systems that would govern a private entity like Helsing. The EU AI Act categorizes certain AI applications as high-risk but carves out military uses almost entirely. NATO's 2023 principles on responsible use of AI in defense are voluntary. Helsing's fundraising timeline — from founding in 2021 to a $18 billion valuation in roughly four years — has outrun every governance process meant to address exactly this type of technology.&lt;/p&gt;

&lt;p&gt;The silence in coverage is not accidental. Investors have no financial incentive to surface accountability questions, and Helsing's communications emphasize sovereign capability and NATO alignment. But autonomous aerial combat systems operated under rules of engagement that no public body has reviewed represent a genuine regulatory blind spot. The harder conversation about human oversight thresholds, targeting authority, and liability for AI-driven lethal decisions is not happening in boardrooms, in Brussels, or in the defense press — and that absence is itself a policy choice with consequences.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Comes Next: Is Helsing a Template or an Outlier?
&lt;/h2&gt;

&lt;p&gt;At $18 billion, Helsing has crossed a threshold that makes the "startup" label functionally meaningless. The company now sits at a valuation comparable to mid-tier defense primes, positioning it to compete directly against Lockheed Martin, BAE Systems, and Airbus for sovereign contracts — not as a scrappy challenger, but as a peer. That competitive weight changes procurement conversations in Brussels, Berlin, and London.&lt;/p&gt;

&lt;p&gt;The Series E designation matters beyond the dollar figure. Late-stage venture rounds at this scale typically precede an IPO or a major acquisition within two to three years. Either outcome would mark a structural shift: autonomous weapons systems and AI-driven battlefield software, built entirely with private capital, moving into public markets or being absorbed into a legacy defense contractor's portfolio. Neither path keeps these technologies at the margins.&lt;/p&gt;

&lt;p&gt;If Helsing's trajectory holds, the European defense AI market won't stay a one-company story. The same conditions that made Helsing possible — geopolitical urgency, NATO spending commitments, a talent pool willing to work on defense applications, and U.S. venture capital searching for non-American bets — exist across Poland, Estonia, Romania, and into the Indo-Pacific. General Catalyst and Lightspeed, both Helsing investors, now have the template. Expect both firms, alongside competitors, to accelerate searches for the next autonomous systems company operating outside Silicon Valley.&lt;/p&gt;

&lt;p&gt;The CA-1 Europa drone and the Centaur AI platform give Helsing a hardware-software stack that is genuinely difficult to replicate quickly. But the funding mechanics, the go-to-market approach through sovereign partnerships, and the framing around European strategic autonomy are all exportable. The next wave of defense AI investment won't ask whether to follow this model. It will ask which geography to bet on first.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;Originally published at &lt;a href="https://newzlet.com/ai/helsing-18-billion-valuation-european-ai-defense/" rel="noopener noreferrer"&gt;Newzlet&lt;/a&gt;.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>technology</category>
      <category>news</category>
      <category>ai</category>
    </item>
    <item>
      <title>Are All-in-One PCs Worth Buying in 2026?</title>
      <dc:creator>Newzlet</dc:creator>
      <pubDate>Thu, 16 Jul 2026 08:40:05 +0000</pubDate>
      <link>https://dev.to/newzlet_news/are-all-in-one-pcs-worth-buying-in-2026-2pep</link>
      <guid>https://dev.to/newzlet_news/are-all-in-one-pcs-worth-buying-in-2026-2pep</guid>
      <description>&lt;h2&gt;
  
  
  The AIO Renaissance: Why This Category Is Relevant Again
&lt;/h2&gt;

&lt;p&gt;All-in-one desktop computers spent most of the early 2020s collecting dust in the shadow of ultrabooks and compact mini PCs. Buyers who wanted power went modular. Buyers who wanted portability went mobile. The AIO sat in an awkward middle — compromised on performance, limited on upgradability, and priced like a premium product that didn't always earn that label.&lt;/p&gt;

&lt;p&gt;That calculus has shifted in 2026.&lt;/p&gt;

&lt;p&gt;The latest generation of integrated desktop computers ships with processors and thermal designs that genuinely close the gap with traditional tower builds. Independent reviewers at outlets like ZDNET now put top AIO models through rigorous hands-on testing — benchmarking real-world performance, display quality, and thermal management — and the results no longer require apologists. These machines hold their own for creative workloads, multitasking, and everyday productivity without the rats' nest of cables that a monitor-plus-tower setup demands.&lt;/p&gt;

&lt;p&gt;Hybrid work deserves significant credit for the resurgence. When your kitchen table doubles as a conference room three days a week, aesthetics become functional requirements. A single-unit desktop presents a clean, professional backdrop on video calls. There are no dangling power bricks, no external hard drives perched on stacks of books, no visible cable runs. The workspace composes itself.&lt;/p&gt;

&lt;p&gt;Home office buyers and creative professionals are the two groups driving renewed interest in all-in-one PCs most visibly. Designers and video editors gain large, color-accurate displays built directly into their workstation. Remote workers gain a setup they can actually keep tidy in a shared living space. Both groups benefit from the built-in webcam, microphone array, and speaker systems that ship standard on most 2026 AIO models — hardware that would cost extra when assembling a comparable desktop system from components.&lt;/p&gt;

&lt;p&gt;Mainstream tech coverage has been slow to reflect this shift. The narrative around desktop-integrated computers still leans on criticisms that were legitimate in 2021 but increasingly don't apply to what manufacturers are shipping now. Buyers who dismissed this category based on outdated impressions owe it a second look.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Expert Testing Actually Reveals (Beyond the Marketing)
&lt;/h2&gt;

&lt;p&gt;Expert reviewers at ZDNET spend hours in hands-on testing, cross-referencing vendor claims against benchmark data and independent assessments before recommending any all-in-one desktop. That process consistently exposes a gap between what manufacturers advertise and what buyers actually experience on day one.&lt;/p&gt;

&lt;p&gt;The spec sheet is the first place reality diverges from marketing. A processor listed at a high boost clock means little if the chassis can't sustain that speed under load. Thermal management — how well the machine dissipates heat inside a sealed, space-constrained enclosure — determines whether a desktop computer delivers consistent performance or throttles itself into mediocrity within minutes of a demanding task. Reviewers flag this as the single factor that separates genuinely capable all-in-one PCs from ones that coast on impressive-sounding numbers.&lt;/p&gt;

&lt;p&gt;Port selection is the second make-or-break variable. Many integrated desktop systems arrive with a clean, minimal aesthetic and a correspondingly minimal I/O array. Real-world use — connecting external drives, peripherals, a second display — exposes that limitation fast. Reviewers who test AIO computers across multiple workdays consistently rank port availability above display resolution in practical importance.&lt;/p&gt;

&lt;p&gt;Customer review data adds a layer that benchmark scores miss entirely. Across leading models, buyers repeatedly flag three issues: fan noise that becomes intrusive under sustained load, display glare that renders screens difficult to use near windows, and the frustration of discovering that RAM or storage cannot be upgraded after purchase. That last point carries long-term cost implications that the purchase price alone doesn't reflect.&lt;/p&gt;

&lt;p&gt;Most consumer coverage of all-in-one computers leads with processor generation, RAM capacity, and display size. Expert testing methodology — hours of use, benchmark comparison, and aggregated owner feedback — redirects attention toward the factors that determine daily satisfaction: sustained thermal performance, accessible ports, and upgrade flexibility. Buyers who anchor their decision to those three criteria make a smarter investment than those who chase top-line specifications alone.&lt;/p&gt;

&lt;h2&gt;
  
  
  The AI Factor: How On-Device Intelligence Is Reshaping the AIO Value Proposition
&lt;/h2&gt;

&lt;p&gt;2026 is the first year where dedicated neural processing units ship as standard silicon in mid-range and premium all-in-one PCs, not just flagship outliers. Apple's M4-series chip, Intel's Core Ultra 200 processors, and Qualcomm's Snapdragon X Elite all include NPUs capable of sustained on-device AI workloads — measured in TOPS (tera operations per second) — that run inference locally without pinging a remote server.&lt;/p&gt;

&lt;p&gt;That distinction matters in practice. Real-time background noise cancellation, auto-framing webcams that track a speaker across a room, and adaptive display calibration that adjusts color temperature based on ambient light now operate at the hardware level in machines from Apple, HP, and Dell. Users who previously paid for software subscriptions like Krisp or NVIDIA RTX Voice to handle noise suppression are getting equivalent functionality baked into the machine itself.&lt;/p&gt;

&lt;p&gt;The problem most AIO buying guides skip over: NPU performance varies dramatically between chips sitting at the same price point, and the variation determines which AI tasks actually run locally. Apple's M4 delivers approximately 38 TOPS. Intel's Core Ultra 7 258V pushes around 47 TOPS. Qualcomm's Snapdragon X Elite reaches roughly 45 TOPS. Those numbers sound close until you examine what each architecture handles natively — Apple's unified memory gives its NPU a significant advantage on sustained generative tasks like real-time transcription and on-device image generation, while Intel's platform handles Windows AI features including live captions and Studio Effects without cloud dependency.&lt;/p&gt;

&lt;p&gt;Buyers comparing integrated all-in-one desktop computers at the $1,200 to $1,800 range need to ask one specific question before purchasing: which AI workloads run entirely on-chip, and which ones require an active internet connection to function? Manufacturers rarely answer this directly in spec sheets. A machine that offloads its headline AI features to the cloud introduces latency, privacy exposure, and subscription risk — three factors that undercut the appeal of an all-in-one's clean, self-contained design. Scrutinize the NPU TOPS rating alongside the software stack it supports before assuming any AI feature works offline.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Upgrade and Longevity Problem Nobody Talks About
&lt;/h2&gt;

&lt;p&gt;RAM is soldered to the motherboard in virtually every all-in-one desktop shipping in 2026. Storage follows the same pattern. Apple, Dell, HP, and Lenovo all ship their current AIO lineups with components fixed at the factory, meaning the configuration you select on the product page is the configuration you live with for the machine's entire lifespan.&lt;/p&gt;

&lt;p&gt;This is the detail that mainstream buying guides consistently bury in footnotes, if they mention it at all. For a traditional tower desktop, buying 16GB of RAM today and upgrading to 32GB next year costs roughly $60 and twenty minutes. For an AIO buyer who made the same initial choice, that upgrade path simply does not exist. The only options are accepting the limitation or replacing the entire machine.&lt;/p&gt;

&lt;p&gt;Expert reviewers who test all-in-one PCs regularly make the same recommendation: treat the configuration decision with the same seriousness you would apply to buying a car. Spec up at purchase, because you cannot spec up later. For most workloads in 2026, that means seriously considering 32GB of unified or soldered RAM as a baseline rather than a luxury, and choosing SSD storage that leaves genuine headroom — not just enough for the operating system and current files.&lt;/p&gt;

&lt;p&gt;Repairability is a separate problem that compounds the upgrade issue. Most integrated desktop computers receive repairability scores in the two-to-four range on a ten-point scale from independent assessors. Manufacturer support timelines — the period during which a company guarantees software updates and available replacement parts — vary dramatically between brands and rarely appear in side-by-side comparison charts. A consumer desktop PC with a five-year support window has a fundamentally different total cost of ownership than one guaranteed for only three years, regardless of how similar their spec sheets look.&lt;/p&gt;

&lt;p&gt;Budget-conscious buyers in particular tend to anchor on purchase price while ignoring these downstream costs. An all-in-one computer priced $200 less than a competitor but supported for two fewer years, and built with components that cannot be serviced locally, is often the more expensive machine over a five-year ownership window. Calculate that math before checkout, not after.&lt;/p&gt;

&lt;h2&gt;
  
  
  How to Match the Right AIO to Your Actual Use Case
&lt;/h2&gt;

&lt;p&gt;Most AIO buying guides hand you a single "best overall" pick and move on. That approach fails the moment you ask who, exactly, it's best for — because the answer changes completely depending on how you actually use a computer.&lt;/p&gt;

&lt;p&gt;Creative professionals and anyone editing video, grading photos, or working in design tools like Adobe Premiere or DaVinci Resolve should treat display specifications as the primary filter. A panel with at least 95% DCI-P3 colour coverage, 4K resolution, and a calibrated factory colour profile matters far more to a photo editor than raw CPU clock speed. A fast processor paired with a washed-out display is a liability in colour-sensitive work, not an asset.&lt;/p&gt;

&lt;p&gt;Remote workers and people running demanding applications — including local AI tools, virtual machines, or large spreadsheet models — need to flip that priority. For these users, processing headroom and RAM capacity (32GB as a practical minimum for AI workloads) determine daily performance, while display quality beyond a clean 1080p or 2K panel is largely irrelevant.&lt;/p&gt;

&lt;p&gt;Students and light home users browsing, streaming, and managing documents are consistently oversold. They pay a premium for specifications they never stress. A mid-range all-in-one desktop in the $700–$1,100 range handles these tasks without compromise, yet this tier gets less attention than either entry-level machines that struggle with multitasking or $2,000-plus flagship models loaded with features that sit unused.&lt;/p&gt;

&lt;p&gt;That mid-range sweet spot — machines built around processors like the AMD Ryzen 7 or Intel Core Ultra 5, paired with 16GB RAM and a sharp IPS or OLED display — represents the best price-to-performance ratio in the entire AIO desktop category right now. Buyers who anchor on flagship branding from Apple or Lenovo without auditing their actual workload routinely overspend by $600 or more.&lt;/p&gt;

&lt;p&gt;Match the machine to the workload first. Display quality leads for creatives and media consumption. Processing power leads for demanding applications. Everyone else should ignore both extremes and buy into the middle.&lt;/p&gt;

&lt;h2&gt;
  
  
  What to Demand From Reviews Before You Buy
&lt;/h2&gt;

&lt;p&gt;Not all buying guides are created equal, and in 2026, the gap between rigorous AIO computer reviews and thinly disguised affiliate content has never been wider.&lt;/p&gt;

&lt;p&gt;Start by demanding a documented testing methodology. Credible outlets like ZDNET cross-reference vendor and retailer listings against independent review sites, log hours of hands-on testing, and fold in customer feedback from people who actually own the machines. That multi-source approach matters because all-in-one desktop specs on paper routinely diverge from real-world performance — especially under sustained workloads where thermal throttling and fan noise become the deciding factors most spec sheets never mention.&lt;/p&gt;

&lt;p&gt;Watch for these red flags. A buying guide that ranks integrated desktop computers without disclosing how they were tested is almost certainly pulling specs directly from manufacturer pages and optimizing for affiliate clicks rather than buyer outcomes. If a roundup lists a price without noting when it was verified, treat it as stale — AIO pricing shifts frequently as retailers run promotions and new configurations enter the market. A launch-day price attached to a machine that has since been discounted or discontinued tells you nothing useful.&lt;/p&gt;

&lt;p&gt;Even a well-researched expert roundup has limits. Use tested recommendations to build a shortlist of three to five all-in-one PCs, then pressure-test that list in two additional ways. First, visit a physical retailer and spend at least 15 minutes with each candidate — keyboard feel, display brightness in ambient light, and fan audibility under a realistic task load all require direct contact. Second, read long-term owner reviews on retailer platforms and community forums, filtering specifically for posts written three to six months after purchase, when early enthusiasm has faded and real reliability patterns emerge.&lt;/p&gt;

&lt;p&gt;This discipline matters more with all-in-one systems than with most consumer electronics. Unlike a tower PC, an AIO desktop is nearly impossible to upgrade after purchase, and return windows at major retailers typically close within 15 to 30 days. A decision made on incomplete information is expensive to reverse.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;Originally published at &lt;a href="https://newzlet.com/tech/are-all-in-one-pcs-worth-buying-2026/" rel="noopener noreferrer"&gt;Newzlet&lt;/a&gt;.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>technology</category>
      <category>news</category>
      <category>tech</category>
    </item>
    <item>
      <title>How T2's ILM Team Built the VFX Tools That Shaped Hollywood</title>
      <dc:creator>Newzlet</dc:creator>
      <pubDate>Thu, 16 Jul 2026 08:10:06 +0000</pubDate>
      <link>https://dev.to/newzlet_news/how-t2s-ilm-team-built-the-vfx-tools-that-shaped-hollywood-14ce</link>
      <guid>https://dev.to/newzlet_news/how-t2s-ilm-team-built-the-vfx-tools-that-shaped-hollywood-14ce</guid>
      <description>&lt;h2&gt;
  
  
  The Problem Nobody Had Solved Before: Animating Liquid Metal
&lt;/h2&gt;

&lt;p&gt;When James Cameron described the T-1000 to ILM's visual effects supervisor Dennis Muren, he was describing something that had never been rendered before: a humanoid made of liquid metal capable of morphing, splitting, and reassembling in real time. Muren recognised immediately that nothing in ILM's existing software library could handle it. The problem was not a matter of pushing familiar tools harder — the tools simply did not exist.&lt;/p&gt;

&lt;p&gt;What followed was less a visual effects production than a research and development programme operating under blockbuster deadlines. ILM's computer graphics department, based in San Rafael and still remarkably small by any modern standard, had to architect new software from the ground up before a single frame of the T-1000 could be rendered. Tools like Make Sticky and Body Sock — names that sound almost casual — were purpose-built solutions to specific, previously unsolved problems in CGI character animation: how to keep a morphing surface coherent across frames, and how to wrap a simulated skin convincingly over a transforming geometry.&lt;/p&gt;

&lt;p&gt;The scale of the CGI work in T2 is routinely misread. The film contains a surprisingly small number of computer-generated shots. That low count is not a sign of modest ambition — it reflects how much foundational engineering each individual shot demanded. Every sequence required new pipeline decisions. There was no established workflow for simulating reflective liquid-metal surfaces, no shader library for chrome morphing, no precedent for blending a photorealistic digital double with practical photography at this level of complexity.&lt;/p&gt;

&lt;p&gt;That context reframes what T2 actually represents in the history of digital visual effects. The film did not scale an existing process. It forced the invention of processes that the broader VFX industry would absorb, adapt, and build on for decades. The morphing algorithms, the surface-tracking approaches, the methods for rendering highly reflective organic geometry — these did not disappear when the production wrapped. They became the substrate on which later digital character work was constructed, from fluid simulation in feature animation to the muscle and skin systems used in contemporary digital humans.&lt;/p&gt;

&lt;h2&gt;
  
  
  'Make Sticky' and 'Body Sock': The Software Nobody Writes About
&lt;/h2&gt;

&lt;p&gt;Ask any working VFX technical director to name the software tools that shaped modern character deformation pipelines, and you will almost certainly not hear "Make Sticky" or "Body Sock." That obscurity is precisely the problem. Both tools were built by ILM's computer graphics department in San Rafael during production on &lt;em&gt;Terminator 2: Judgment Day&lt;/em&gt;, both solved problems that had no existing solution in production CG, and both seeded concepts that would become standard architecture in rigging and geometry systems used today.&lt;/p&gt;

&lt;p&gt;Make Sticky addressed one of the most technically punishing aspects of animating the liquid-metal T-1000: keeping the character's CG geometry coherently attached to a reference surface as the mesh transformed. Without it, the polygonal surface would drift, shear, or detach from its underlying anchor during a morph sequence, destroying the illusion of a continuous, cohesive material. Make Sticky enforced mesh continuity by binding geometry to a reference surface in a way that held through transformation — a problem of surface tracking and deformation constraint that animators and TDs working in the early 1990s had no off-the-shelf tool to solve. The software essentially invented the concept of sticky surface binding in a production pipeline context.&lt;/p&gt;

&lt;p&gt;Body Sock operated one level up from that foundation. Rather than constraining geometry to a surface, it functioned as a deformation wrapper — a system that let animators drive complex, large-scale changes across a character model without manually keyframing individual geometry points. The computational cost and time involved in hand-animating thousands of vertices across a T-1000 transformation shot would have made the work impossible to complete on schedule. Body Sock abstracted that control, allowing high-level animation inputs to propagate through the mesh automatically. The conceptual architecture of that approach — wrapping a high-resolution target inside a lower-resolution deformation cage — is directly recognizable in the lattice deformers, wrap deformers, and cage-based rigging systems that populate every major 3D package used in production today.&lt;/p&gt;

&lt;p&gt;Neither tool was documented formally. Neither was commercialized. They were built fast, used on one film, and left behind in ILM's internal codebase. The ideas, however, did not stay there.&lt;/p&gt;

&lt;h2&gt;
  
  
  How ILM Organised an Invention Factory Under Production Pressure
&lt;/h2&gt;

&lt;p&gt;Dennis Muren ran ILM's visual effects operation on T2 less like a traditional production department and more like a skunkworks lab with a release date. His CG group in San Rafael was small — genuinely small, by any standard — yet he gave individual engineers and technical directors unusual freedom to prototype solutions without requiring proof of concept before work began. That management philosophy rarely gets named as a factor in the film's success, but it was structural. Without it, tools like Make Sticky and Body Sock would never have existed in time to matter.&lt;/p&gt;

&lt;p&gt;The process those TDs actually lived through was prototype, fail, rebuild, and ship — all within a single production cycle. An engineer would identify a problem the liquid metal terminator shots demanded, write a first-pass tool, watch it break against real animation and lighting conditions, and iterate. There was no separate R&amp;amp;D phase insulated from production pressure. The research was the production. Some tools went from initial concept to use in final-quality renders within the same compressed timeline that governed every other department on the film.&lt;/p&gt;

&lt;p&gt;That model of embedded innovation — where experimental software development runs concurrently with live shot production rather than preceding it — is precisely what studios like Pixar and Weta Digital later institutionalised as deliberate policy. At ILM in 1991, it was a necessity driven by schedule. The oral histories from the artists who built those CG morphing and surface-deformation systems make clear that no off-the-shelf software package could handle what the T-1000 required. Every significant tool in the pipeline was written from scratch, tested on actual Terminator 2 sequences, and either proved itself or was replaced fast.&lt;/p&gt;

&lt;p&gt;Muren's latitude gave technical artists ownership over their solutions. That ownership accelerated decision-making in ways that top-down engineering management could not. The engineers knew what the shots needed because they were embedded in the shot-making process, not consulting on it from the outside. The result was a VFX pipeline methodology — iterative, production-integrated, creatively empowered — that predates the formal innovation frameworks modern studios now build into their studio infrastructure by design.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Most Coverage Gets Wrong: Spectacle Over Engineering
&lt;/h2&gt;

&lt;p&gt;Thirty years of retrospectives on &lt;em&gt;Terminator 2: Judgment Day&lt;/em&gt; follow the same script. Writers reach for the chrome sheen of the T-1000, the floor-tile morphing sequence, the moment Robert Patrick's face reassembles from a pool of liquid metal. Those images are genuinely extraordinary. They are also the wrong place to stop looking.&lt;/p&gt;

&lt;p&gt;What mainstream film journalism consistently omits is the software architecture that generated those images in the first place. ILM's computer graphics department in San Rafael — a unit that was, by any measure, astonishingly small for the scale of the problem it was solving — did not open an existing toolbox to build the T-1000. Tools like &lt;em&gt;Make Sticky&lt;/em&gt; and &lt;em&gt;Body Sock&lt;/em&gt; did not exist before production began. The team wrote them specifically because the creative problems demanded solutions that commercial software in 1991 simply could not provide. That is a software story, an engineering story, a research-and-development story. Film criticism has spent three decades treating it as a cinematography story.&lt;/p&gt;

&lt;p&gt;The distinction carries real consequences. The development methodology ILM established on T2 — building production tools in-house, on-demand, as creative problems surface — is now standard practice at every major visual effects studio. Weta Digital, DNEG, Framestore, and ILM itself operate on exactly this principle. When a pipeline breaks or a shot requires a capability that no commercial package offers, technical directors write the tool. That workflow did not emerge from nowhere. It was pressure-tested and institutionalized during the making of &lt;em&gt;Terminator 2&lt;/em&gt;.&lt;/p&gt;

&lt;p&gt;The engineers and technical directors who built that toolkit — whose names do not appear alongside James Cameron's or Dennis Muren's in most anniversary pieces — built something more durable than any single visual effect. They built a model for how VFX production operates. Focusing exclusively on the spectacle of the liquid-metal Terminator while ignoring the CG pipeline innovations and proprietary software development behind it is not just an oversight. It is a systematic misreading of where the film's actual legacy lives.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Ripple Effect: T2's Toolkit in the Context of Modern VFX
&lt;/h2&gt;

&lt;p&gt;Body Sock's logic — wrapping a control mesh around a character to drive surface deformation — is the direct ancestor of the blend-shape and cage-deformer systems that became standard across every major 3D package through the 1990s and 2000s. When Weta Digital built the digital creatures pipeline for &lt;em&gt;The Lord of the Rings&lt;/em&gt; trilogy between 1999 and 2003, the deformation rigs controlling Gollum's skin drew on exactly this principle: a secondary mesh influencing a hero surface, with simulation layered on top. James Cameron's own &lt;em&gt;Avatar&lt;/em&gt; (2009) pushed that inheritance further still, using simulation-driven muscle and fatty-tissue systems that are recognizable descendants of the same core problem ILM's engineers were solving in San Rafael in 1990.&lt;/p&gt;

&lt;p&gt;That lineage is rarely documented with any precision, because the engineers who wrote the original code were not the people being interviewed on press junkets. Oral history work — going directly to the programmers and technical directors who built tools like Make Sticky and Body Sock — surfaces institutional knowledge that lives nowhere else. When those practitioners retire or die, the knowledge goes with them. The VFX industry has no equivalent of the source-code archives or oral history projects that exist in, say, the games industry or academic computer science. Foundational decisions made at ILM in the early 1990s, decisions that shaped how every subsequent character effects pipeline was architected, exist primarily in the memories of a shrinking group of people now in their 50s, 60s, and 70s.&lt;/p&gt;

&lt;p&gt;In 2024, that warning is immediately relevant. Generative AI tools are being folded into VFX production workflows right now, at speed, by small teams working under deadline pressure — exactly the conditions under which T2's toolkit was invented. The practitioners building these new pipelines are moving faster than any journalist or industry historian is documenting them. T2 demonstrates the cost of that gap: it took more than 25 years after the film's release for anyone to conduct a systematic technical oral history of how its effects were actually made. The industry cannot afford another 25-year delay before it understands what is being built today.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;Originally published at &lt;a href="https://newzlet.com/tech/how-t2-ilm-built-vfx-tools-that-shaped-modern-pipelines/" rel="noopener noreferrer"&gt;Newzlet&lt;/a&gt;.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>technology</category>
      <category>news</category>
      <category>tech</category>
    </item>
    <item>
      <title>How VCs Use Due Diligence Meetings to Steal Startup Ideas</title>
      <dc:creator>Newzlet</dc:creator>
      <pubDate>Thu, 16 Jul 2026 07:40:06 +0000</pubDate>
      <link>https://dev.to/newzlet_news/how-vcs-use-due-diligence-meetings-to-steal-startup-ideas-1agm</link>
      <guid>https://dev.to/newzlet_news/how-vcs-use-due-diligence-meetings-to-steal-startup-ideas-1agm</guid>
      <description>&lt;h2&gt;
  
  
  What Fizz Is Actually Alleging — And Why It's Bigger Than One Meeting
&lt;/h2&gt;

&lt;p&gt;Fizz isn't accusing Jerry Lu of accidentally forwarding the wrong email. The college social app's latest legal filing makes a pointed, specific claim: Lu, an investor at venture capital firm Maveron, requested a meeting with Fizz under the pretense of evaluating a potential investment, then shared the confidential, non-public information he gathered directly with Sidechat — Fizz's direct competitor in the anonymous college social app market.&lt;/p&gt;

&lt;p&gt;That framing matters. This is not a case of a carelessly shared pitch deck or a loose-lipped associate talking out of turn at a conference. Fizz is alleging deliberate deception — that Lu entered the due diligence process without genuine investment intent, using the standard investor-founder meeting as a vehicle for competitive intelligence gathering. If the allegation holds, the due diligence meeting wasn't a fundraising conversation. It was a sanctioned extraction.&lt;/p&gt;

&lt;p&gt;The accusation lands inside a lawsuit that was already significant before this development. Fizz and Sidechat have been locked in litigation over unfair competition practices for years, with the two platforms competing directly for the same user base: anonymous social networking for college students. The Maveron angle is a new layer on top of that existing conflict — and a legally and reputationally consequential one. It shifts the dispute from a startup-versus-startup fight into a question about investor conduct and the structural vulnerabilities built into venture fundraising.&lt;/p&gt;

&lt;p&gt;Founders routinely open their books during investor due diligence — sharing user growth figures, retention data, product roadmaps, and strategic plans that never appear in public filings. The entire process runs on an assumption of good faith. Fizz's filing challenges that assumption directly, alleging that the institutional framework surrounding startup investment created a blind spot that a bad actor could exploit. The case now forces a harder question: when a VC firm's representative sits across from a founder, what stops that meeting from becoming opposition research?&lt;/p&gt;

&lt;h2&gt;
  
  
  The Structural Problem: VC Due Diligence Has Almost No Guardrails
&lt;/h2&gt;

&lt;p&gt;Venture capital due diligence operates almost entirely on trust — and founders are the ones absorbing all the risk. When Fizz sat down with Maveron investor Jerry Lu, the college social app shared non-public business information under the reasonable assumption that the meeting was confidential. According to Fizz's legal filing, Lu then passed that information directly to Sidechat, Fizz's direct competitor in the anonymous campus social space. No regulation stopped him. No industry body will sanction him. The legal system is now the only recourse Fizz has, and litigation is slow, expensive, and uncertain.&lt;/p&gt;

&lt;p&gt;This is the structural reality of startup fundraising. Founders hand over growth metrics, unreleased product roadmaps, user retention data, and market expansion strategies during early investor meetings — frequently before a single NDA has been signed. Asking for a confidentiality agreement before pitching carries its own penalty: it signals distrust and makes founders look difficult to work with. In a funding environment where warm introductions and reputation drive deal flow, that perception can kill a raise before it starts.&lt;/p&gt;

&lt;p&gt;The conflict-of-interest problem runs deeper than any single bad actor. Venture firms routinely hold portfolio positions across competing companies in the same vertical. A firm with stakes in two rival anonymous social apps — or two competing fintech platforms, or two logistics startups — faces divided loyalty by design. Founders sitting across the table from these investors rarely know about those existing relationships. Disclosure is voluntary, inconsistently practiced, and carries no enforcement mechanism.&lt;/p&gt;

&lt;p&gt;The power asymmetry makes self-protection nearly impossible. A seed-stage founder negotiating with a Tier 1 VC does not have equal standing to demand protective terms before sharing sensitive data. Pushing back on information requests, insisting on pre-meeting NDAs, or asking an investor to disclose competing portfolio companies can end the conversation immediately. Founders know this. Investors know this. The entire fundraising process depends on founders accepting vulnerability as the cost of access to capital.&lt;/p&gt;

&lt;p&gt;The Fizz-Sidechat lawsuit names a specific investor and a specific firm. But the behavior it describes — using due diligence as competitive intelligence gathering — has no guardrails preventing it from happening across the venture capital ecosystem every day.&lt;/p&gt;

&lt;h2&gt;
  
  
  Who Are Fizz and Sidechat — And Why This Market Was Always Going to Get Ugly
&lt;/h2&gt;

&lt;p&gt;Fizz and Sidechat are direct competitors chasing the same narrow prize: dominance over anonymous social networking on American college campuses. Both apps let students post without attaching their real names to content, and both built their entire growth strategies around locking in individual universities before a rival could. That campus-by-campus land grab is the whole game. Once a critical mass of students at a given school adopts one platform, switching costs spike and the losing app effectively dies on that campus. Network effects in anonymous college social apps are not gradual — they are sudden and permanent.&lt;/p&gt;

&lt;p&gt;That winner-take-all dynamic transforms competitive intelligence into something close to a weapon. Knowing which campuses a rival is targeting next, how fast it is converting new users, what product features it is testing, or how much runway it has left is not routine market research. In this space, that information is a roadmap for undermining a competitor before they can establish the network density that makes them unbeatable. The stakes explain why the alleged conduct — an investor passing confidential pitch information from Fizz to Sidechat — would have been worth the legal and ethical exposure it now appears to carry.&lt;/p&gt;

&lt;p&gt;The sector itself has already proven brutal. High-profile anonymous social platforms, including Yik Yak and After School, collapsed under a combination of moderation failures, user attrition, and advertiser pressure. Investors and founders operating in this space know the window to build a durable anonymous social network for students is historically short. That urgency accelerates every competitive decision, including, apparently, decisions about how information gathered during due diligence meetings gets used.&lt;/p&gt;

&lt;p&gt;Fizz claims Maveron partner Jerry Lu met with the company under the premise of evaluating a potential investment, collected non-public operational data, then shared that data with Sidechat. If true, the pitch meeting — one of the most information-rich interactions a startup ever has — became a covert intelligence transfer between rivals. In a market where knowing your competitor's campus expansion plans could determine who survives, that alleged transfer was not incidental. It was strategically significant.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Most Coverage Is Missing: The Liability Gap for VCs
&lt;/h2&gt;

&lt;p&gt;Most coverage of the Fizz-Sidechat dispute focuses on the competitive rivalry between two anonymous college social apps. The more significant story is what the filing exposes about a structural gap in how venture capital operates.&lt;/p&gt;

&lt;p&gt;Venture capitalists face no unified fiduciary framework governing what they can do with information gathered during exploratory meetings. Corporate executives answer to boards and shareholders. Financial advisors operate under SEC regulations and formal duty-of-care standards. A VC sitting across from a founder in a pitch meeting carries none of those obligations by default. The entire process runs on trust, handshake norms, and the founder's willingness to believe that sharing proprietary metrics, growth data, and strategic roadmaps won't come back to hurt them.&lt;/p&gt;

&lt;p&gt;Legal recourse for founders is genuinely difficult to pursue. Any claim hinges on three things: whether a confidentiality or NDA agreement existed before the meeting, what the agreement actually covered, and whether information transfer can be proven in court. All three are hard to establish. Startups in early fundraising rounds often skip formal NDAs entirely — experienced VCs routinely refuse to sign them — and even when agreements exist, tracing exactly how non-public information moved from a pitch meeting to a competitor's product decisions is an evidentiary challenge.&lt;/p&gt;

&lt;p&gt;Fizz's legal team appears to understand this problem. The new filing names Jerry Lu individually, not just Maveron as the institutional firm. That's a deliberate choice. By targeting a named individual, Fizz is attempting to create personal liability in a space where institutional accountability has historically been nonexistent. VC firms absorb reputational risk collectively and diffuse it. Individual partners rarely face direct legal exposure for conduct during investor due diligence.&lt;/p&gt;

&lt;p&gt;Whether the strategy succeeds legally is an open question. What it already accomplishes is forcing a conversation the startup funding ecosystem has avoided: when a venture investor requests a pitch meeting, founders have almost no formal protection against the information they share being used against them.&lt;/p&gt;

&lt;h2&gt;
  
  
  What This Case Could Mean for Founder-Investor Trust Going Forward
&lt;/h2&gt;

&lt;p&gt;The Fizz-Maveron lawsuit lands at a moment when founder-investor trust is already fragile. If Fizz's allegations against Jerry Lu hold up in court, the fallout will push beyond this single case. Founders across the startup ecosystem will have a documented legal precedent to point to when demanding formal non-disclosure agreements before any substantive due diligence conversation begins. That norm shift carries real costs — NDAs add friction, slow term sheets, and complicate the informal relationship-building that early-stage venture capital runs on — but the alternative is a fundraising process where founders share proprietary growth metrics, product roadmaps, and user data with no enforceable protection against that information reaching a direct competitor.&lt;/p&gt;

&lt;p&gt;The case also sharpens pressure on venture capital firms to establish written information-handling policies, particularly when a firm is simultaneously running conversations with startups competing in the same vertical. Maveron was talking to both Fizz and Sidechat, two companies fighting for the same anonymous college social networking market. That scenario is not rare. VCs evaluate competing startups constantly, and currently no industry-wide code of conduct governs what they do with the intelligence they gather. Some firms have internal policies; most rely on reputation alone.&lt;/p&gt;

&lt;p&gt;Reputation as an accountability mechanism has always had a structural flaw: it protects well-connected founders and punishes first-timers who lack the network to broadcast a warning. The whisper network only works if you already know the right people. Litigation is blunt and expensive, but it is public. Fizz filing these allegations in court removes the quiet settlement option that has historically let bad behavior disappear. Other founders can now read the complaint, see the specific conduct described, and make informed decisions about who gets access to their pitch deck.&lt;/p&gt;

&lt;p&gt;The VC community now operates knowing that confidential information misuse is no longer just a reputational risk — it is a litigation risk. That awareness alone changes how conversations about competitor intelligence happen inside firms.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;Originally published at &lt;a href="https://newzlet.com/business/vc-due-diligence-meetings-startup-idea-theft-fizz-maveron/" rel="noopener noreferrer"&gt;Newzlet&lt;/a&gt;.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>technology</category>
      <category>news</category>
      <category>business</category>
    </item>
    <item>
      <title>How Tailscale Replaces Your VPN Without a Sysadmin</title>
      <dc:creator>Newzlet</dc:creator>
      <pubDate>Thu, 16 Jul 2026 07:10:04 +0000</pubDate>
      <link>https://dev.to/newzlet_news/how-tailscale-replaces-your-vpn-without-a-sysadmin-3f2j</link>
      <guid>https://dev.to/newzlet_news/how-tailscale-replaces-your-vpn-without-a-sysadmin-3f2j</guid>
      <description>&lt;h2&gt;
  
  
  The Problem Tailscale Is Actually Solving
&lt;/h2&gt;

&lt;p&gt;Traditional VPNs were engineered for a specific reality: workers in a fixed office, connecting through a central hub to access company resources. That architecture made sense in 2003. It falls apart when your team is spread across four time zones, your infrastructure runs on AWS and Fly.io, and nobody has a dedicated network administrator on payroll.&lt;/p&gt;

&lt;p&gt;WireGuard changed the underlying math. Released as a production-ready protocol in 2020, WireGuard delivers faster handshakes and a dramatically smaller attack surface than legacy protocols like OpenVPN or IPsec. Its codebase clocks in at roughly 4,000 lines — compared to the hundreds of thousands in OpenVPN — making it auditable in a way that older VPN software simply isn't. The cryptography is modern and well-chosen: Curve25519 for key exchange, ChaCha20 for encryption, Poly1305 for authentication.&lt;/p&gt;

&lt;p&gt;But raw WireGuard puts the entire configuration burden on the user. Every peer needs a keypair. Public keys must be distributed manually. Network topology — who can reach whom and on which ports — lives in static config files. For a solo developer connecting two machines, that's manageable. For a team of ten with laptops, cloud servers, and containerized workloads spread across multiple providers, it becomes a maintenance project in itself.&lt;/p&gt;

&lt;p&gt;Tailscale removes that burden entirely. The open-source tailscaled daemon, available on Linux, Windows, macOS, FreeBSD, and OpenBSD, handles key generation and exchange automatically through a coordination server. Device authentication integrates with existing identity providers like Google, GitHub, and Okta. The result is a mesh VPN — a software-defined private network — where every device gets a stable IP address in the 100.x.x.x range and can reach every other authorized device directly, without traffic routing through a central gateway.&lt;/p&gt;

&lt;p&gt;Installing Tailscale takes minutes. Configuring peer-to-peer encrypted tunnels between a developer's MacBook, a DigitalOcean droplet, and a Raspberry Pi on a home network used to require real networking expertise. Now it requires an account and a single command.&lt;/p&gt;

&lt;h2&gt;
  
  
  What 'Open Source' Actually Means Here — and What It Doesn't
&lt;/h2&gt;

&lt;p&gt;Tailscale throws around the term "open source" prominently, and the claim is real — but it's not the whole picture.&lt;/p&gt;

&lt;p&gt;The core of Tailscale's client software lives in a public GitHub repository at github.com/tailscale/tailscale. That repo includes &lt;code&gt;tailscaled&lt;/code&gt;, the daemon that runs the actual WireGuard-based encrypted tunnel on Linux, Windows, macOS, FreeBSD, and OpenBSD, along with the &lt;code&gt;tailscale&lt;/code&gt; CLI tool. For anyone routing sensitive traffic across a private mesh network, this auditability matters. Security researchers, developers, and cautious teams can read the networking code, verify how peer-to-peer connections are established, and confirm that the client isn't doing anything unexpected with their data.&lt;/p&gt;

&lt;p&gt;That's a genuine trust signal. But the open-source story fragments the moment you pick up your phone.&lt;/p&gt;

&lt;p&gt;The iOS and Android apps pull code from the main repository, but the mobile GUI code itself lives in separate repos — the Android interface, for instance, is maintained at github.com/tailscale/tailscale-android. This isn't hidden, but it means the open-source footprint is scattered across multiple repositories rather than consolidated in one auditable place. Most write-ups about Tailscale's transparency skip this detail entirely.&lt;/p&gt;

&lt;p&gt;The bigger caveat is the coordination server. Tailscale's architecture separates the data plane — where your actual encrypted traffic flows directly between devices — from the control plane, which brokers how those devices find and authenticate each other. The coordination server handles that brokering, and it is not open source. Users who deploy Tailscale for remote access, homelab networking, or team VPN replacement are trusting Tailscale's proprietary infrastructure to manage device identity and connection coordination, full stop.&lt;/p&gt;

&lt;p&gt;For many teams, this tradeoff is acceptable. The client code is auditable, the underlying WireGuard protocol is battle-tested, and Headscale — a community-built open-source reimplementation of the coordination server — exists for teams that want full self-hosted control. But "open source" and "fully auditable end-to-end" are not synonyms here, and understanding that distinction is essential before building any security-sensitive infrastructure around Tailscale's platform.&lt;/p&gt;

&lt;h2&gt;
  
  
  Cross-Platform Reality: Where It Works and Where It Gets Complicated
&lt;/h2&gt;

&lt;p&gt;Tailscale's &lt;code&gt;tailscaled&lt;/code&gt; daemon runs natively on Linux, Windows, and macOS — the three platforms that cover the overwhelming majority of developer workstations, cloud servers, and CI environments. On these systems, installation is straightforward and the full feature set is available out of the box. A developer spinning up a private WireGuard-based mesh network across a Linux server, a Windows desktop, and a MacBook can expect everything to work without platform-specific workarounds.&lt;/p&gt;

&lt;p&gt;FreeBSD and OpenBSD tell a different story. Tailscale explicitly describes support for those systems as partial, which is a meaningful distinction for anyone managing network appliances, pfSense-based firewalls, or security-hardened infrastructure that commonly runs on BSD variants. Partial support means feature parity is not guaranteed, and teams relying on those platforms should audit exactly what works before committing Tailscale to a production networking role.&lt;/p&gt;

&lt;p&gt;The repository structure reveals something important about the "runs everywhere" promise that Tailscale makes in its marketing. The Android client lives in a completely separate repository — tailscale/tailscale-android — as do platform-specific packages for Synology NAS devices and QNAP hardware. That fragmentation is not a flaw, but it is a signal. Maintaining a unified zero-trust networking layer across general-purpose operating systems, mobile platforms, and embedded NAS appliances requires distinct codebases, separate release cycles, and independent testing pipelines. Edge-case platforms will inevitably lag behind the core Linux and macOS builds when engineering resources are finite.&lt;/p&gt;

&lt;p&gt;For small teams evaluating Tailscale as a self-hosted VPN alternative or a replacement for traditional remote access infrastructure, the practical takeaway is direct: if your stack runs on Linux, Windows, or macOS, Tailscale delivers on its cross-platform claims. If your infrastructure touches FreeBSD, OpenBSD, or specialized NAS hardware, verify current support status against the relevant repository before treating this peer-to-peer networking tool as a drop-in solution.&lt;/p&gt;

&lt;h2&gt;
  
  
  Two-Factor Authentication as a Network-Level Primitive
&lt;/h2&gt;

&lt;p&gt;Traditional VPNs treat two-factor authentication as a checkpoint — you prove your identity at login, the gate opens, and the network trusts you until the session ends. Tailscale discards that model entirely. Instead of bolting 2FA onto a login screen, Tailscale embeds identity verification into the network layer itself, so that every device on a Tailscale mesh network carries continuous authenticated credentials rather than a one-time access token. The daemon running on each node — whether Linux, Windows, macOS, Android, or iOS — maintains that identity state persistently, not just at the moment of first connection.&lt;/p&gt;

&lt;p&gt;This distinction matters more than it sounds. Conventional perimeter security assumes that anything inside the network boundary is trustworthy. Tailscale assumes the opposite: no device is trusted by default, and access rights attach to verified identities rather than IP addresses or physical locations. That is the operational definition of zero-trust networking — a security architecture that large enterprises have spent years and millions of dollars trying to implement using products from vendors like Zscaler, Palo Alto Networks, and Cisco.&lt;/p&gt;

&lt;p&gt;Tailscale delivers the same structural guarantees through its open-source WireGuard-based stack, and it does so without requiring a dedicated security team to configure or maintain it. A three-person startup gets the same identity-aware access controls that a Fortune 500 company pays enterprise licensing fees to approximate. The free tier supports up to 100 devices across three users, which covers the majority of small development teams outright.&lt;/p&gt;

&lt;p&gt;The practical result is that private network security stops being a project and becomes a property of the tool itself. Developers installing the Tailscale client on a home lab server or a cloud VM aren't making a conscious decision to implement zero-trust principles — they're just setting up remote access, and the cryptographic identity model comes with it. For small teams operating without a full-time sysadmin, that embedded security posture closes attack vectors that would otherwise remain open indefinitely simply because nobody had time to address them.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Missing Context: Who This Really Disrupts
&lt;/h2&gt;

&lt;p&gt;Tailscale's most obvious competitors look like Cisco AnyConnect or Palo Alto GlobalProtect — bloated enterprise VPN stacks that require dedicated hardware, licensing teams, and months of deployment cycles. But the quieter disruption lands somewhere else entirely: the freelance and boutique DevOps market built around configuring WireGuard by hand.&lt;/p&gt;

&lt;p&gt;Raw WireGuard is powerful and genuinely fast, but standing up a mesh network with it means writing configuration files, managing key distribution, handling NAT traversal manually, and maintaining all of it as nodes come and go. That complexity created real consulting work. Tailscale automates exactly those steps — peer discovery, key rotation, authentication via existing identity providers — collapsing a multi-day engagement into a fifteen-minute install. Developers who previously hired someone to build and babysit their WireGuard setup now do it themselves on a free tier.&lt;/p&gt;

&lt;p&gt;The disruption extends upward into cloud infrastructure. AWS VPC peering, GCP Cloud VPN, and Azure's private networking tools all assume you're staying inside one provider's ecosystem. Cross-cloud connectivity through native tools means stitching together provider-specific configurations that break the moment your architecture changes. Tailscale's mesh networking works across AWS, GCP, Azure, and on-premises hardware simultaneously, with no cloud vendor owning the control plane. That's a direct challenge to upsell revenue cloud providers generate from their private networking products.&lt;/p&gt;

&lt;p&gt;The self-hosting angle adds another layer of competitive tension. Because Tailscale publishes the client code — including the tailscaled daemon and CLI — on GitHub under an open-source license, organizations can pair it with Headscale, a community-built open-source reimplementation of Tailscale's coordination server. A team running Headscale gets the mesh networking client without ever touching Tailscale's commercial infrastructure. Tailscale is navigating this carefully: the client is open, the coordination layer is not, and the company bets that its managed control plane, reliability guarantees, and integrations are worth paying for. That bet works until Headscale matures enough for risk-tolerant teams to stop caring about the difference.&lt;/p&gt;

&lt;h2&gt;
  
  
  What to Watch Next
&lt;/h2&gt;

&lt;p&gt;Three developments will determine whether Tailscale stays a developer favorite or becomes critical infrastructure.&lt;/p&gt;

&lt;p&gt;The first is the coordination server. Tailscale's client-side code — the tailscaled daemon, the CLI, the mobile libraries — lives in a public GitHub repository that any engineer can audit. The control plane that orchestrates node discovery and key distribution does not. For security teams evaluating zero-trust network access tools against frameworks like SOC 2 or FedRAMP, that gap is a hard blocker. If Tailscale opens the coordination server to external audit or publishes a Headscale-compatible open specification, enterprise procurement conversations change immediately. Until then, organizations with strict compliance mandates will self-host through Headscale and accept the operational overhead that comes with it.&lt;/p&gt;

&lt;p&gt;The second is platform depth. The tailscaled daemon runs fully on Linux, Windows, and macOS. FreeBSD and OpenBSD support exists but sits in a different tier — the repository describes it explicitly as "varying degrees" of functionality. As Tailscale pushes into homelab servers, BSD-based firewalls, and embedded infrastructure roles, closing that gap is not optional. The Android and iOS apps ship from separate repositories, which creates release coordination complexity that mobile teams notice. Full parity across all these surfaces is what separates a mesh VPN tool from a serious private network fabric.&lt;/p&gt;

&lt;p&gt;The third is regulatory timing. Zero-trust architecture has moved from NIST guidance into executive-level policy in the United States federal government, and the private sector is following. When auditors begin treating microsegmentation and device-authenticated access as baseline requirements rather than gold-standard practices, small teams using Tailscale for peer-to-peer encrypted networking will find themselves ahead of competitors still running legacy VPN concentrators. That shift could happen inside a single compliance cycle.&lt;/p&gt;

&lt;p&gt;Tailscale's open-source WireGuard implementation gives it a technically credible foundation. Whether it earns the trust of regulated industries depends on decisions the company makes about transparency, not technology.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;Originally published at &lt;a href="https://newzlet.com/security/how-tailscale-replaces-vpn-without-sysadmin/" rel="noopener noreferrer"&gt;Newzlet&lt;/a&gt;.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>technology</category>
      <category>news</category>
      <category>security</category>
    </item>
    <item>
      <title>Why Jest Runs Slow: The Over-Isolation Problem Fixed</title>
      <dc:creator>Newzlet</dc:creator>
      <pubDate>Thu, 16 Jul 2026 06:40:04 +0000</pubDate>
      <link>https://dev.to/newzlet_news/why-jest-runs-slow-the-over-isolation-problem-fixed-1p8d</link>
      <guid>https://dev.to/newzlet_news/why-jest-runs-slow-the-over-isolation-problem-fixed-1p8d</guid>
      <description>&lt;h2&gt;
  
  
  The Dirty Secret of Modern Test Runners: Over-Isolation by Default
&lt;/h2&gt;

&lt;p&gt;Here is the uncomfortable truth: your test suite isn't slow because you have too many tests. It's slow because your test runner is doing expensive work your code never asked for.&lt;/p&gt;

&lt;p&gt;Every major frontend testing framework — Jest, Vitest, Playwright, and their peers — applies aggressive isolation by default. Before each test runs, the framework spins up a fresh environment, resets global state, and sandboxes execution so nothing bleeds between tests. That sounds responsible. The problem is that this machinery fires whether your test touches shared state or not. A pure function that transforms a string gets the same isolation treatment as a stateful authentication flow. The overhead is identical. The necessity is not.&lt;/p&gt;

&lt;p&gt;The cost compounds fast. Spin-up time, module re-evaluation, environment teardown — multiply that across hundreds or thousands of tests and the numbers get ugly. A suite of 1,000 tests running in 30 seconds isn't suffering from test volume. It's paying the isolation tax 1,000 times in a row, mostly unnecessarily.&lt;/p&gt;

&lt;p&gt;Preact's test suite makes this visible. All 1,003 tests — running in a real browser against a real DOM — complete in approximately one second. That result caused genuine shock when it circulated online, which itself reveals how normalized slow test execution has become. Developers accepted two-minute CI feedback loops as the price of thoroughness. They aren't. They're the price of uncritical defaults.&lt;/p&gt;

&lt;p&gt;Test isolation is not inherently bad. State leakage between tests causes flaky, unreliable results, and catching that matters. The failure is treating isolation as a zero-cost universal requirement rather than a targeted tool. When frameworks bake maximum isolation into every test run by default, they shift the burden onto developers to opt out — and most developers never do, either because they don't know they can or because the configuration cost feels high. The result is entire codebases running unit tests for stateless utilities through the same heavyweight gauntlet designed for integration tests. Speed is the casualty.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Preact Actually Did: Opt-In Isolation Instead of Opt-Out
&lt;/h2&gt;

&lt;p&gt;Preact's entire test suite — 1,003 tests — completes in approximately one second. Those tests run in a real browser against the real DOM. There is no JSDOM simulation, no synthetic environment papering over browser quirks, no shortcuts that trade accuracy for speed. The fidelity is full, and the speed is still there.&lt;/p&gt;

&lt;p&gt;The reason comes down to a single architectural decision: isolation is opt-in, not opt-out.&lt;/p&gt;

&lt;p&gt;Most modern test frameworks treat isolation as a universal default. Every test gets a fresh module registry, a clean environment, and a hard boundary separating it from every other test. The logic sounds reasonable — isolation prevents tests from contaminating each other. The problem is that this protection has a cost, and that cost gets paid whether the test needs the protection or not. Spinning up isolated contexts, reloading modules, and resetting state on every single test adds overhead that compounds across a suite. Run 1,000 tests that way and the milliseconds stack into seconds, then tens of seconds.&lt;/p&gt;

&lt;p&gt;Preact's approach inverts the default. Tests share an environment unless a specific test has a genuine reason to demand its own isolated scope. The vast majority of test cases — the ones checking rendering behavior, DOM output, component lifecycle, event handling — do not produce state that bleeds into neighboring tests. They run, they assert, they finish. No teardown theater, no module reloading ceremony.&lt;/p&gt;

&lt;p&gt;When a test actually requires isolation — because it mutates globals, patches module internals, or tests behavior that genuinely cannot coexist with shared state — that test opts in. It pays the isolation cost intentionally, because the cost is justified.&lt;/p&gt;

&lt;p&gt;This is not a trick for making test execution faster at the expense of correctness. The JavaScript test performance gains come from eliminating waste, not from weakening guarantees. Shared-environment test execution at this scale demonstrates that the overhead baked into popular frontend testing tools reflects a philosophical assumption — that isolation is always necessary — rather than a technical requirement. Preact's suite proves that assumption wrong 1,003 times per second.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why This Matters Beyond Preact: The Developer Feedback Loop Problem
&lt;/h2&gt;

&lt;p&gt;Test-driven development only works when the feedback loop is tight enough to change developer behavior. When a test suite takes five minutes to run, developers stop running it after every change. They batch their work, run tests at natural breakpoints, and discover bugs later — sometimes much later. That delay is where debugging time compounds and confidence in refactoring erodes.&lt;/p&gt;

&lt;p&gt;Preact's 1,003-test suite completing in approximately one second is not just a performance curiosity. It demonstrates what becomes possible when testing speed matches the rhythm of active coding. At that latency, running tests after every meaningful edit costs nothing psychologically. Developers don't schedule test runs — they just run tests, constantly, the same way they save files. Regressions surface within seconds of introduction rather than at the end of a sprint.&lt;/p&gt;

&lt;p&gt;The reaction to Preact's numbers spreading on social media was revealing. Many working frontend developers said they had never experienced a test suite that fast. That's a significant admission. It means an entire generation of developers has normalized slow continuous integration pipelines and multi-minute local test execution as the baseline cost of software quality. They've built workflows around waiting — and those workflows quietly reduce how often they verify correctness.&lt;/p&gt;

&lt;p&gt;This problem isn't unique to Preact's ecosystem or to JavaScript frameworks. Any codebase where the automated test suite runs in minutes rather than seconds carries the same hidden tax on developer productivity. The unit testing cycle, integration testing cadence, and the overall test execution speed all shape whether test-driven workflows are genuinely sustainable or just theoretically endorsed.&lt;/p&gt;

&lt;p&gt;The practical implication is that test suite speed is not a secondary concern — it's a first-order design decision that determines how closely quality verification tracks actual development. A sub-second feedback loop turns tests into a real-time safety net. Anything slower turns them into a checkpoint, which is a fundamentally different and less effective tool.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Most Coverage Is Missing: This Is a Design Philosophy, Not a Performance Trick
&lt;/h2&gt;

&lt;p&gt;The conversation around faster test execution almost always lands in the same place: better hardware, smarter caching, more parallelism. Preact's 1-second run across 1,003 tests arrives from a completely different direction. The speed is a byproduct of a deliberate design decision — not a technical optimization layered on top of an existing architecture.&lt;/p&gt;

&lt;p&gt;The decision is this: most code does not require the level of test isolation that modern test runners apply by default. Popular frontend testing frameworks treat maximum isolation as the safe universal baseline. Every test file gets its own module registry, its own environment spin-up, its own teardown cycle. That overhead is justified when tests genuinely need it. Applied universally, it becomes a tax on every test in your suite, including the thousands that never needed that protection in the first place.&lt;/p&gt;

&lt;p&gt;This is defensive over-engineering institutionalized as a default. The tooling ecosystem built for worst-case test scenarios and then shipped that configuration to everyone. Developers running unit tests against pure functions pay the same isolation overhead as developers testing genuinely stateful, side-effect-heavy code. The costs compound silently across every test run, every save, every CI pipeline trigger.&lt;/p&gt;

&lt;p&gt;What Preact demonstrates is precision engineering in the opposite direction. Isolation is opt-in, applied where the specific test actually requires it. The test environment matches the real problem: browser-based execution against a real DOM, with shared context where sharing is safe. That calibration — matching tool capability to actual requirement rather than theoretical maximum requirement — is what produces the benchmark, not raw compute speed.&lt;/p&gt;

&lt;p&gt;The practical implication for software development workflows is significant. When test feedback cycles stretch from seconds into minutes, developers stop running tests continuously. They batch their runs, context-switch away, lose the tight loop between writing code and verifying behavior. A test suite philosophy built on selective isolation restores that loop. The speed is a consequence of accuracy — accurately identifying what each test actually needs, and refusing to spend resources on isolation overhead it does not.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Developers and Teams Should Take Away Right Now
&lt;/h2&gt;

&lt;p&gt;The first thing to audit is not your CI pipeline or your hardware — it's your assumptions. Walk through your existing test suite and ask a blunt question about each test: does this actually need a fresh browser context, a new module scope, or a clean global state? Most tests don't. They inherit full isolation because the test runner applies it by default, not because the test logic demands it. That distinction is where most of the performance is hiding.&lt;/p&gt;

&lt;p&gt;Treat test suite execution time as a first-class engineering metric, the same way you treat code coverage percentages and assertion correctness. A test suite that takes three minutes to run is not a sign of a thorough test suite — it is a sign of misconfigured tooling. Slow feedback loops compress the number of times a developer runs tests locally, which compounds into slower iteration cycles, more context-switching, and bugs that survive longer than they should. Speed is not a luxury concern; it is a reliability concern.&lt;/p&gt;

&lt;p&gt;The Preact test suite makes this concrete and reproducible. One thousand and three tests, running against the real DOM in a real browser, completing in approximately one second. That result exists today, using existing browser technology, without exotic infrastructure. The gap between that benchmark and what most frontend testing frameworks deliver by default is not explained by test complexity — it is explained by default isolation settings that no one has revisited.&lt;/p&gt;

&lt;p&gt;The practical starting point for any team is categorization. Separate tests that genuinely require isolated state from tests that simply tolerate it. Opt into per-test or per-file isolation only where contamination between tests is a real risk. Shared module scope and shared DOM context, cleaned up manually between tests where needed, dramatically reduce the per-test overhead that accumulates across large suites.&lt;/p&gt;

&lt;p&gt;Fast test execution, accurate test results, and genuine browser environment fidelity are not trade-offs. Preact's approach demonstrates they coexist. The barrier is not technical — it is the unquestioned acceptance of slow defaults.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;Originally published at &lt;a href="https://newzlet.com/tech/why-jest-runs-slow-over-isolation-test-runners/" rel="noopener noreferrer"&gt;Newzlet&lt;/a&gt;.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>technology</category>
      <category>news</category>
      <category>tech</category>
    </item>
    <item>
      <title>How Anthropic's AI Interpretability Research Builds Trust</title>
      <dc:creator>Newzlet</dc:creator>
      <pubDate>Thu, 16 Jul 2026 06:10:05 +0000</pubDate>
      <link>https://dev.to/newzlet_news/how-anthropics-ai-interpretability-research-builds-trust-734</link>
      <guid>https://dev.to/newzlet_news/how-anthropics-ai-interpretability-research-builds-trust-734</guid>
      <description>&lt;h2&gt;
  
  
  What Anthropic actually found—stripped of the hype
&lt;/h2&gt;

&lt;p&gt;Anthropic has published new mechanistic interpretability research claiming it can observe something meaningful about how its Claude models process information and reach conclusions. The finding generated significant media coverage, but the actual scope of the discovery is considerably narrower than most headlines communicated.&lt;/p&gt;

&lt;p&gt;Mechanistic interpretability is the technical discipline of examining what happens inside a neural network during inference—not just what answer comes out, but what computational steps produced it. Anthropic invests more heavily in this area than virtually any other AI lab, and this latest research represents a genuine step forward in that work. The company says it has identified a method that reveals patterns in how its models arrive at responses, offering what it describes as a new window into AI reasoning and decision-making.&lt;/p&gt;

&lt;p&gt;That window, however, is small and clouded. The research does not give Anthropic—or any researcher—the ability to fully trace an AI model's reasoning chain or read its internal states with confidence. What exists is a partial, probabilistic view of model behavior, not a complete map of machine cognition. The difference between "a new signal" and "genuine transparency" is significant, and conflating the two misleads anyone trying to evaluate AI safety progress.&lt;/p&gt;

&lt;p&gt;MIT Technology Review senior editor Will Douglas Heaven, who reviewed the research directly, flagged what the discovery explicitly does not show—a caveat that most coverage either buried or skipped entirely. Anthropic's method surfaces correlations and patterns within the model's computations, but it cannot confirm whether those patterns represent the actual causal mechanism behind a given output. A model could produce an observable interpretability signal while the real driver of its answer remains hidden.&lt;/p&gt;

&lt;p&gt;For AI safety and AI alignment research, that distinction is not academic. Tools that appear to explain model behavior without actually doing so can create false confidence in oversight systems. Anthropic's research is a genuine contribution to the field of neural network interpretability—but treating it as proof that AI inner workings are now readable would be a significant and potentially dangerous overreach.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why Anthropic keeps publishing this kind of strange, heady research
&lt;/h2&gt;

&lt;p&gt;Anthropic publishes research that most AI companies quietly shelve. Investigations into whether its models experience something like pain, internal debates about when to end conversations with users deemed to be mistreating the chatbot, deep technical excavations of how neural networks form and store concepts—none of this fits the typical product-launch playbook. It fits a different one: building a company identity around foundational AI safety research that competitors simply don't prioritize.&lt;/p&gt;

&lt;p&gt;That identity carries real strategic weight. Anthropic is currently the world's most valuable AI company, with a valuation approaching $1 trillion. At that scale, the reputational stakes of appearing reckless or opaque are enormous. Publishing mechanistic interpretability work—research focused on understanding &lt;em&gt;why&lt;/em&gt; AI models produce the outputs they do, not just &lt;em&gt;what&lt;/em&gt; those outputs are—signals to investors and regulators that the company treats transparency as a core operating principle, not a PR afterthought.&lt;/p&gt;

&lt;p&gt;The field Anthropic has staked out, mechanistic interpretability, sits at the intersection of AI safety, cognitive science, and systems engineering. It asks whether researchers can map the internal reasoning processes of large language models precisely enough to predict, audit, and correct their behavior. No other major AI lab spends comparable resources here. That gap gives Anthropic a durable advantage in the "trustworthy AI" narrative—one that shapes regulatory conversations, enterprise procurement decisions, and public perception simultaneously.&lt;/p&gt;

&lt;p&gt;The science may not fully deliver on its most ambitious promises yet. Understanding how a frontier model processes a complex query remains genuinely hard, and each discovery tends to reveal new layers of complexity rather than clean answers. But Anthropic publishing this research openly changes the terms of debate. It positions the company as the lab doing the hard, unglamorous work of AI transparency, which is a claim that OpenAI, Google DeepMind, and Meta cannot easily counter without matching the investment. In a regulatory environment growing more demanding by the month, being first to show your internal work is not just good science—it's good business.&lt;/p&gt;

&lt;h2&gt;
  
  
  The missing context: interpretability research is still in its infancy
&lt;/h2&gt;

&lt;p&gt;Anthropic calls its latest mechanistic interpretability findings a "new window" into how Claude reasons. That framing is doing a lot of work—and most headlines accepted it without pushback.&lt;/p&gt;

&lt;p&gt;A window lets you observe. It does not let you steer, diagnose, or guarantee anything. Current interpretability tools, including the circuit analysis and feature attribution methods Anthropic uses, are exploratory instruments. Researchers apply them to generate hypotheses about model behavior, not to certify that a given AI system is safe or aligned. The distinction matters enormously when the same research gets cited as evidence that AI companies are making progress on the transparency problem.&lt;/p&gt;

&lt;p&gt;The field also lacks agreed-upon benchmarks for what "understanding" an AI model actually means. There is no standardized test that a mechanistic interpretability finding must pass before it qualifies as a genuine insight into model cognition versus a plausible-sounding artifact of the analysis method itself. Without that standard, it becomes difficult to compare results across labs, across papers, or even across time within the same research group. Coverage that treats Anthropic's announcement as a milestone skips this gap entirely.&lt;/p&gt;

&lt;p&gt;The generalizability problem compounds the issue. Findings derived from studying one transformer architecture—Claude's, in this case—do not automatically transfer to GPT-series models, Gemini, Llama, or any other system built with different training pipelines and design choices. Experts outside Anthropic have raised this concern repeatedly. Neural network interpretability research has a history of producing results that look robust until tested against a different model family, at which point the explanatory framework breaks down.&lt;/p&gt;

&lt;p&gt;None of this makes Anthropic's research worthless. Mechanistic interpretability is one of the few serious attempts to move AI transparency beyond behavioral benchmarks. But the gap between "we found a new way to look inside one model" and "we can reliably audit AI reasoning for safety purposes" is wide—and right now, the field has not closed it.&lt;/p&gt;

&lt;h2&gt;
  
  
  What this means for AI safety—the stakes hiding in plain sight
&lt;/h2&gt;

&lt;p&gt;The real prize in Anthropic's interpretability work isn't academic—it's the possibility of catching a dangerous reasoning chain before it produces a harmful output. If researchers could train tools to reliably flag when a model is mid-thought on something destructive, that would fundamentally change how AI safety works in practice. We aren't there yet. Current mechanistic interpretability methods reveal fragments of the reasoning process, not a complete, auditable trail from input to output. The gap between "we can see some things happening inside the model" and "we can guarantee what the model will do" remains wide.&lt;/p&gt;

&lt;p&gt;That gap matters enormously to regulators who are no longer willing to treat AI systems as black boxes. The EU AI Act mandates explainability requirements for high-risk AI applications, and U.S. federal agencies including the FTC and NIST have been pushing for transparency standards that go beyond post-hoc testing. Anthropic's research feeds directly into those policy conversations, giving lawmakers concrete evidence that neural network interpretability is a solvable engineering problem—even if the solution isn't complete.&lt;/p&gt;

&lt;p&gt;The sharpest danger right now is a false sense of security. Partial visibility into AI reasoning can look like full accountability if the audience doesn't know what's missing. A developer who can point to interpretability dashboards and chain-of-thought traces may believe their system is understood and controlled. Boards, regulators, and the public may believe the same thing. Neither belief is warranted at the current state of the science.&lt;/p&gt;

&lt;p&gt;Anthropic deserves credit for publishing this research openly rather than treating it as a competitive asset. But the company's nearly $61 billion valuation and its commercial products running on Claude create a tension: the same organization funding the safety research is selling the systems that research hasn't yet fully explained. Interpretability tools that work on toy problems or isolated circuits inside a model are not the same as a certified safety mechanism. Treating incremental progress as mission accomplished is the specific failure mode that makes partial transparency more dangerous than honest opacity.&lt;/p&gt;

&lt;h2&gt;
  
  
  What informed readers should watch for next
&lt;/h2&gt;

&lt;p&gt;Anthropic published this interpretability research publicly, which means outside researchers can now attempt to replicate it. That replication process is the real filter. If independent teams—academics, safety researchers at other labs, or government-funded institutes—can reproduce the findings with different models or different datasets, the "window into AI thinking" claim gains credibility. If they can't, the window may be narrower or more distorted than Anthropic's announcement suggests. Watch for peer-reviewed follow-up work specifically testing whether the mechanistic patterns Anthropic identified in Claude generalize beyond Anthropic's own systems.&lt;/p&gt;

&lt;p&gt;The second signal worth tracking is whether this research changes anything inside Anthropic's own development pipeline. Interpretability findings that stay confined to research papers do not make AI systems safer. Concrete implementation looks like modified training objectives, new monitoring dashboards that flag anomalous reasoning chains before deployment, or documented changes to how Claude's behavior is evaluated during safety testing. Announcements without those specifics are still just announcements.&lt;/p&gt;

&lt;p&gt;The third and largest question is a pacing problem. AI model capabilities are scaling faster than the tools humans have to understand them. Anthropic's interpretability work represents genuine progress in neural network transparency and AI behavior analysis, but the gap between what researchers can explain and what frontier models can do keeps widening. Each new generation of large language models adds complexity that existing interpretability methods were not built to handle. Understanding how a current model reasons does not automatically transfer to understanding the next one.&lt;/p&gt;

&lt;p&gt;For anyone following AI safety and model alignment closely, these three benchmarks—external replication, internal implementation, and pacing against capability growth—are the practical tests that separate meaningful interpretability progress from well-funded research theater. The next twelve months of published work, from Anthropic and from outside critics, will clarify which category this discovery belongs in.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;Originally published at &lt;a href="https://newzlet.com/ai/anthropic-ai-interpretability-research-safety-trust/" rel="noopener noreferrer"&gt;Newzlet&lt;/a&gt;.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>technology</category>
      <category>news</category>
      <category>ai</category>
    </item>
    <item>
      <title>Why QR Code Phishing Bypasses MFA and Email Filters</title>
      <dc:creator>Newzlet</dc:creator>
      <pubDate>Thu, 16 Jul 2026 01:40:06 +0000</pubDate>
      <link>https://dev.to/newzlet_news/why-qr-code-phishing-bypasses-mfa-and-email-filters-2012</link>
      <guid>https://dev.to/newzlet_news/why-qr-code-phishing-bypasses-mfa-and-email-filters-2012</guid>
      <description>&lt;h2&gt;
  
  
  The old tricks are back — with a new disguise
&lt;/h2&gt;

&lt;p&gt;Phishing is older than most of the people falling for it. The inheritance email, the frozen-account warning, the fake lottery notification — these formats have circulated since the dial-up era, and they still work because the underlying psychology has never changed. Urgency, authority, and reward are reliable levers. Quishing does not replace that playbook. It repackages it inside a format that carries almost no cultural suspicion.&lt;/p&gt;

&lt;p&gt;That repackaging matters more than it might seem. Between 2020 and 2023, QR codes migrated from niche retail tool to everyday infrastructure. Restaurants replaced paper menus with them. Airports used them for boarding passes. Vaccine programmes ran on them. Payment apps built entire UX flows around a single scan. That saturation trained hundreds of millions of people to treat scanning a QR code as a reflex — the same low-thought action as tapping a light switch. A malicious link sitting naked in an email now triggers hesitation in a way it did not five years ago. A QR code in the same email does not.&lt;/p&gt;

&lt;p&gt;Attackers also get a technical bonus that goes beyond psychology. Email security gateways — tools built to catch URL-based phishing — analyse hyperlinks, check domains against threat-intelligence feeds, and sandbox suspicious destinations. A QR code is an image. It carries no clickable URL for those filters to inspect. The malicious destination is encoded inside a visual pattern that conventional scanners read as a jpeg or png attachment and wave through without scrutiny. Security researchers call this the "image gap," and it turns a decades-old email security architecture into a near-useless checkpoint for QR phishing attacks.&lt;/p&gt;

&lt;p&gt;The result is a threat that combines the proven manipulation techniques of classic phishing scams with a delivery mechanism that sidesteps the infrastructure built to stop them. Cybercriminals distributing QR code scams via email are not innovating for the sake of it. They are exploiting a specific and measurable blind spot, and they are doing it at scale precisely because the blind spot is reliable.&lt;/p&gt;

&lt;h2&gt;
  
  
  How a quishing attack actually works — step by step
&lt;/h2&gt;

&lt;p&gt;Attackers build a quishing campaign in three deliberate moves, and each one exploits a different blind spot in conventional email security.&lt;/p&gt;

&lt;p&gt;First, the attacker generates a QR code that encodes a malicious URL, then embeds that code as an image inside an email body or a PDF attachment. Most enterprise email gateways and secure email gateways scan for suspicious text strings, blacklisted domains, and malicious hyperlinks — but a QR code is just a JPEG or PNG to those systems. The encoded URL is invisible to text-based threat detection, so the message lands cleanly in the target's inbox, often dressed as an invoice, a multi-factor authentication notification, or a parcel delivery update.&lt;/p&gt;

&lt;p&gt;Second, the victim scans the code using their personal smartphone. The device's camera app reads the pixel pattern, decodes the URL, and opens a browser session — all in under three seconds. That browser session lands on a spoofed login page built to mirror Microsoft 365, a bank portal, or a courier service like FedEx or DHL with pixel-level accuracy. The victim enters their username and password. The attacker's credential-harvesting kit captures both in real time, sometimes also intercepting session tokens to bypass MFA entirely.&lt;/p&gt;

&lt;p&gt;Third — and this is the structural advantage that makes QR code phishing so dangerous — the entire credential-entry event happens on a personal mobile device outside corporate controls. That phone has no endpoint detection and response agent, no corporate VPN forcing traffic through an inspected gateway, and no mobile device management profile giving IT any visibility. The defender's detection window collapses to near zero. Security teams monitoring corporate endpoints and network traffic see nothing, because nothing happened on the corporate network. The compromise is complete before anyone receives an alert.&lt;/p&gt;

&lt;p&gt;This device-switching tactic transforms a standard phishing attempt into a mobile phishing attack that operates in a blind spot most organizations have not instrumented. The victim returns to their laptop, enters the freshly stolen credentials, and business continues as normal — except an attacker now holds valid access to the account.&lt;/p&gt;

&lt;h2&gt;
  
  
  The MFA myth: why your second factor is not a safety net here
&lt;/h2&gt;

&lt;p&gt;Multi-factor authentication stops credential stuffing. It stops brute-force attacks. It does not stop quishing, and the distinction matters enormously for organisations that have staked their security posture on MFA as a headline control.&lt;/p&gt;

&lt;p&gt;The mechanism quishing exploits is not the password layer — it is the session layer. Adversary-in-the-middle proxy frameworks, including tools like Evilginx2 and Modlishka, sit between the victim and the legitimate service in real time. When a user scans a malicious QR code, lands on the spoofed login page, and completes MFA — entering the one-time passcode or approving the push notification — the proxy captures the authenticated session token instantly and relays it to the attacker before it expires. The attacker now holds a valid, post-authentication session. The password was never stolen. The MFA code was never cracked. The second factor did exactly what it was designed to do, and the account is still compromised.&lt;/p&gt;

&lt;p&gt;This is the critical flaw in mainstream security guidance. Telling employees to enable MFA addresses a different class of attack entirely. QR code phishing attacks are engineered specifically to operate downstream of authentication, making the advice not wrong but dangerously incomplete.&lt;/p&gt;

&lt;p&gt;The risk compounds in environments with strong MFA adoption. Security teams that have invested heavily in rolling out authenticator apps or hardware tokens across the workforce frequently treat MFA as a closed chapter — a problem solved. That confidence creates a blind spot. Quishing attacks targeting Microsoft 365, Salesforce, or corporate VPN portals can succeed precisely because the target organisation's defences look robust on paper. The attacker does not need to break the lock; they let the user open the door and walk through it alongside them.&lt;/p&gt;

&lt;p&gt;Phishing-resistant MFA standards like FIDO2 and passkeys do close this session-hijacking gap, because they bind authentication cryptographically to the legitimate domain and cannot be proxied. But FIDO2 adoption across enterprise environments remains limited. Until that changes, QR code phishing sits in a gap that most security checklists have not yet caught up to.&lt;/p&gt;

&lt;h2&gt;
  
  
  What most coverage gets wrong: it's not just an email problem
&lt;/h2&gt;

&lt;p&gt;Most security coverage frames quishing as an inbox problem — a malicious QR code buried in a phishing email, waiting for an unsuspecting employee to scan it. That framing is too narrow, and it leaves organizations blind to two fast-growing attack surfaces.&lt;/p&gt;

&lt;p&gt;The first is physical. Attackers print fraudulent QR code stickers and paste them directly over legitimate codes on parking meters, restaurant tables, bike-share stations, and public noticeboards. No email server, no spam filter, no digital delivery mechanism at all. A person walks up to a parking meter in a rush, scans what looks like the payment code, and hands their card details to a criminal. The attack requires nothing more than a cheap printer and a few minutes of unsupervised access. Cities including San Francisco and Austin have already issued public warnings after tampered meter codes were discovered, yet this physical-world variant barely registers in enterprise security briefings.&lt;/p&gt;

&lt;p&gt;The second underreported vector runs through trusted platforms. Attackers embed QR codes inside legitimate-looking PDF attachments, SharePoint file-sharing notifications, and calendar invites. Because these arrive through platforms organizations already trust and use daily, they clear both technical filters and the human suspicion threshold. A calendar invite with a QR code asking you to "verify your identity before joining" looks routine. That's precisely why it works.&lt;/p&gt;

&lt;p&gt;Cutting across both vectors is the real conversation the industry keeps sidestepping: the smartphone is the attack surface, and it is largely undefended. Mobile browsers truncate URLs, showing users only the domain root rather than the full destination path. Tap behavior on mobile is faster and less deliberate than click behavior on desktop. Corporate mobile device management policies — where they exist at all — routinely lag behind the endpoint detection and web filtering controls applied to laptops. Security training built around hovering over links before clicking translates poorly to a device where hovering is not an option.&lt;/p&gt;

&lt;p&gt;QR code phishing succeeds not because users are careless, but because the entire mobile interaction model was built for speed and convenience, not scrutiny.&lt;/p&gt;

&lt;h2&gt;
  
  
  Spotting a quishing attempt: practical red flags to know
&lt;/h2&gt;

&lt;p&gt;Recognising a quishing attempt follows the same logic as spotting a suspicious email link — the instincts are identical, even if the delivery mechanism looks different.&lt;/p&gt;

&lt;p&gt;Unsolicited QR codes are the clearest warning sign. If a QR code arrives without prior context — an unexpected email claiming your parcel is held for customs, a text warning your account has been suspended, or a message demanding you scan to reset an expiring password — treat it as hostile by default. Attackers rely on urgency to override caution. The tighter the deadline in the message, the more carefully you should pause before your camera app opens.&lt;/p&gt;

&lt;p&gt;Before scanning anything, check the destination URL. Most modern smartphone cameras on iOS and Android display a preview of the link before launching the browser. Most users ignore this preview entirely, which is precisely the gap QR code phishing attacks exploit. A malicious URL often contains random character strings, misspelled brand names, or unfamiliar domains — none of which belong in a legitimate communication from your bank, delivery provider, or employer. If the preview URL looks wrong, do not proceed.&lt;/p&gt;

&lt;p&gt;Physical QR codes require a second layer of scrutiny. Tampered codes in the real world — on restaurant tables, parking meters, public noticeboards, or retail point-of-sale terminals — are a documented attack vector. Run your finger across the surface: a sticker placed over an original printed code has a raised edge. Look at alignment — a fraudulent code layered over genuine signage rarely sits perfectly flush with the surrounding design. Any misalignment, bubbling, or inconsistency in the printed material is a reason to walk away.&lt;/p&gt;

&lt;p&gt;The overarching rule is simple: context justifies a QR scan, and the absence of context disqualifies it. A code you sought out — on a product you purchased, a venue you chose to enter — carries a different risk profile than one that arrived uninvited demanding immediate action. Treating QR codes with the same critical eye already applied to suspicious hyperlinks closes the primary recognition gap that makes quishing attacks so effective.&lt;/p&gt;

&lt;h2&gt;
  
  
  What individuals and organisations can actually do right now
&lt;/h2&gt;

&lt;p&gt;The security gap quishing exploits is fixable, but closing it requires action on two fronts simultaneously: organisational infrastructure and individual behaviour.&lt;/p&gt;

&lt;p&gt;On the infrastructure side, email security teams need to deploy QR-code-aware scanning tools that actively decode QR images embedded in messages and attachments, then run the extracted URLs through the same reputation checks, blocklist comparisons, and sandbox analysis already applied to standard hyperlinks. Most enterprise email filters in production today skip this step entirely — they scan text and links but treat QR codes as inert images. That blind spot is precisely what attackers are exploiting at scale. Vendors including Proofpoint, Abnormal Security, and Microsoft have begun adding QR decoding capabilities to their platforms, so procurement teams should verify whether this feature is active, not just listed on a spec sheet.&lt;/p&gt;

&lt;p&gt;Security awareness training programmes need a hard reset on this topic. QR code phishing cannot remain a single slide buried inside a general phishing module. Training must cover the full threat surface: malicious codes arriving by email, embedded in PDF attachments, printed on fake parking notices, and stuck over legitimate codes in restaurants and airports. Physical-world scenarios are where training most often fails, and attackers know it.&lt;/p&gt;

&lt;p&gt;For individuals, the rule is straightforward: any QR code that leads to a login page demands the same scepticism as an unsolicited link in an email. Do not enter credentials on any page you reached by scanning a code you did not initiate yourself. Instead, verify the request through an independent channel — call the company directly using a number from their official website, or type the URL manually into your browser. A convincing landing page is not evidence of legitimacy; quishing attacks routinely clone Microsoft 365, PayPal, and bank login screens with pixel-level accuracy. The sophistication of the page is irrelevant. The origin of the request is everything.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;Originally published at &lt;a href="https://newzlet.com/security/qr-code-phishing-bypasses-mfa-email-filters/" rel="noopener noreferrer"&gt;Newzlet&lt;/a&gt;.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>technology</category>
      <category>news</category>
      <category>security</category>
    </item>
    <item>
      <title>Apple vs. OpenAI: The AI Hardware Trade Secret War</title>
      <dc:creator>Newzlet</dc:creator>
      <pubDate>Thu, 16 Jul 2026 01:10:05 +0000</pubDate>
      <link>https://dev.to/newzlet_news/apple-vs-openai-the-ai-hardware-trade-secret-war-f0p</link>
      <guid>https://dev.to/newzlet_news/apple-vs-openai-the-ai-hardware-trade-secret-war-f0p</guid>
      <description>&lt;h2&gt;
  
  
  The Lawsuit in Plain Terms: What Apple Is Actually Alleging
&lt;/h2&gt;

&lt;p&gt;Apple filed suit against OpenAI and its chief hardware officer Tang Tan, accusing them of running a coordinated campaign to strip Apple of its most sensitive hardware secrets. The complaint zeroes in on a specific, methodical pattern: OpenAI allegedly encouraged employees who were departing Apple — or simply considering it — to take proprietary materials with them on the way out the door.&lt;/p&gt;

&lt;p&gt;What those materials include makes this case especially serious. Apple alleges that stolen assets encompass physical unreleased parts, working prototypes, confidential design documents, and details tied to projects Apple had not yet made public. This is not a dispute over abstract intellectual property or vague competitive intelligence. Apple is saying its next-generation hardware roadmap — the kind of product pipeline that takes years and billions of dollars to build — may now be in OpenAI's hands.&lt;/p&gt;

&lt;p&gt;Tang Tan sits at the center of the allegations. Tan spent 24 years at Apple, where he held senior responsibility over iPhone product design. Apple claims Tan did not simply leave and bring general expertise with him. The lawsuit alleges he actively coached recruits on how to bypass Apple's data security protocols and directed candidates to bring confidential Apple hardware to job interviews at OpenAI.&lt;/p&gt;

&lt;p&gt;That detail reframes the entire case. Apple's trade secret litigation here is as much about institutional knowledge and insider access as it is about physical documents. A 24-year veteran who ran iPhone design programs carries an intimate understanding of Apple's engineering culture, supplier relationships, and unreleased product strategy — none of which shows up in a single document but all of which represents competitive advantage in the AI hardware race.&lt;/p&gt;

&lt;p&gt;Apple's complaint summarizes the stakes bluntly, describing OpenAI's nascent hardware business as built on a foundation "rotten to its core" by illegal reliance on misappropriated Apple trade secrets. The language signals that Apple is not treating this as a routine employee departure dispute. It is treating it as an existential threat to its hardware development pipeline.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Missing Context: Apple and OpenAI Are Supposed to Be Partners
&lt;/h2&gt;

&lt;p&gt;Here is the section text:&lt;/p&gt;

&lt;p&gt;Most headlines frame this as a clean corporate espionage story — Apple catches a thief, Apple sues. That framing misses the most uncomfortable detail sitting in plain sight: Apple and OpenAI are active business partners right now.&lt;/p&gt;

&lt;p&gt;When Apple launched iOS 18 and Apple Intelligence, it didn't build a competing large language model. It embedded ChatGPT directly into the operating system, giving OpenAI a distribution channel that reaches over a billion iPhone users. That partnership is live. It generates real traffic and real visibility for OpenAI's consumer products. The two companies share a commercial relationship that neither has publicly moved to terminate.&lt;/p&gt;

&lt;p&gt;And yet Apple filed this lawsuit anyway.&lt;/p&gt;

&lt;p&gt;That decision tells you more about Apple's strategic calculations than any product roadmap leak ever could. Apple clearly separates software integration — where OpenAI serves as a vendor inside Apple's ecosystem — from hardware competition, where OpenAI now represents a direct rival. Tang Tan spent 24 years inside Apple, overseeing iPhone product design at the highest levels. When he moved to OpenAI as chief hardware officer and allegedly helped recruits smuggle out unreleased parts, prototypes, and confidential design documents, Apple concluded the threat had crossed a line that the ChatGPT partnership couldn't offset.&lt;/p&gt;

&lt;p&gt;Apple's own lawsuit language reflects this clearly. The company states that OpenAI's hardware business "rests on the shakiest of foundations, rotten to its core" — language that signals existential alarm, not routine IP enforcement.&lt;/p&gt;

&lt;p&gt;The question no major outlet has answered directly: what happens to the iOS integration now? A prolonged legal battle between Apple and the company whose AI model ships inside every new iPhone creates real operational friction. Partnership agreements get renegotiated. Executive relationships corrode. The AI device race Apple and OpenAI are both sprinting toward makes their software collaboration increasingly awkward to maintain.&lt;/p&gt;

&lt;p&gt;Apple draws the line at hardware. OpenAI crossed it. The ChatGPT integration on iPhone is now the strange, suspended footnote to a lawsuit that could reshape both companies' trajectories in the physical AI device market.&lt;/p&gt;

&lt;h2&gt;
  
  
  Tang Tan: Why One Executive Is at the Center of Everything
&lt;/h2&gt;

&lt;p&gt;Tang Tan spent 24 years at Apple. He did not work on the margins — he held direct oversight of iPhone product design, one of the most consequential engineering roles in consumer hardware. When OpenAI hired him as chief hardware officer, it was a declaration. The company is not experimenting with physical devices. It is building them, and it recruited the person who understood better than almost anyone how Apple turns supply chains and silicon into products people buy by the hundreds of millions.&lt;/p&gt;

&lt;p&gt;Apple's lawsuit makes the story considerably darker. The complaint does not frame Tan's departure as a straightforward talent acquisition. It alleges that Tan actively coordinated a scheme to extract proprietary information from inside Apple — coaching departing employees on how to bypass Apple's data security protocols and directing recruits to carry confidential hardware, unreleased parts, and prototype components into OpenAI job interviews. That transforms the legal dispute from a standard non-compete or IP ownership fight into an alleged organized effort to hollow out a competitor's product pipeline from the inside.&lt;/p&gt;

&lt;p&gt;The legal parallel that matters most here is Waymo v. Uber. In 2018, a single executive — Anthony Levandowski — became the central figure in a trade secrets case that ultimately cost Uber roughly $245 million to settle. Levandowski allegedly took thousands of confidential files from Google before helping launch a competing self-driving venture that Uber then acquired. The structural similarity to the Apple-OpenAI situation is difficult to ignore: a senior technical leader departs, joins a direct competitor in an emerging hardware race, and a lawsuit follows alleging that proprietary IP made the journey along with him.&lt;/p&gt;

&lt;p&gt;Apple's own language in the complaint signals how seriously it views the threat. The filing describes OpenAI's hardware ambitions as "rotten to its core" by illegal reliance on misappropriated trade secrets. For a company that rarely litigates publicly against partners — Apple and OpenAI integrated ChatGPT into iOS just last year — that language reflects a calculated decision to treat this as an existential competitive threat, not a routine IP dispute.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Bigger Picture: Hardware Is Where the AI War Is Actually Won
&lt;/h2&gt;

&lt;p&gt;For most of the past five years, the AI race played out in data centers — bigger models, faster training runs, more parameters. That phase is ending. The next competition happens in your pocket, on your wrist, and eventually embedded in the walls around you. That is a battlefield Apple has been engineering for decades, and one OpenAI is scrambling to enter from a standing start.&lt;/p&gt;

&lt;p&gt;Apple's structural advantage in AI-native hardware runs deep. The company designs its own silicon — the A-series and M-series chips — controls its own operating systems, and ships hundreds of millions of devices annually that collect behavioral data at the edge. That vertical integration took 20-plus years to build. OpenAI has none of it. Hiring Tang Tan, a 24-year Apple veteran who oversaw iPhone product design, was the fastest way to compress that gap. The rumored collaboration with Jony Ive on a consumer AI device signals that OpenAI knows model quality alone will not win the next decade. Whoever owns the physical interface owns the user relationship — the attention, the data, the recurring revenue.&lt;/p&gt;

&lt;p&gt;Apple's lawsuit reads as a direct response to that threat. The company alleges Tan coached departing employees on how to evade Apple's data security systems and directed recruits to bring confidential hardware components — unreleased parts, proprietary prototypes, stealth project documents — to OpenAI job interviews. Apple's own filing frames the consequence bluntly: OpenAI's nascent hardware business rests on a foundation rotten with stolen intellectual property.&lt;/p&gt;

&lt;p&gt;The legal action sends a signal that extends well beyond this single case. Every AI lab pursuing custom chip design, ambient computing devices, or AI-integrated consumer electronics now operates with the knowledge that Apple will treat talent poaching as an existential threat, not a standard industry practice. The message to Google DeepMind, Anthropic, Meta's hardware teams, and anyone else eyeing Apple's engineering bench is explicit: take our people and our secrets together, and litigation follows. The hardware layer of the AI arms race just got significantly more expensive to enter.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Comes Next — and What Readers Should Watch
&lt;/h2&gt;

&lt;p&gt;The first legal hurdle Apple must clear is proving intent. Winning a trade secrets claim requires demonstrating that OpenAI and Tang Tan didn't passively receive stolen information — they actively orchestrated its extraction. Apple's complaint alleges Tan coached recruits on bypassing Apple's data security protocols and directed candidates to physically bring confidential hardware to job interviews. That specific, directed behavior is what separates a civil trade secret case from a simple wrongful termination dispute. Intent is notoriously difficult to prove without direct communications, which means discovery becomes the real battlefield.&lt;/p&gt;

&lt;p&gt;The business stakes extend well beyond the courtroom. Apple and OpenAI currently operate under a distribution partnership that embeds ChatGPT functionality directly into iOS 18 and Apple Intelligence. That arrangement gives OpenAI access to hundreds of millions of iPhone users — distribution no AI company can replicate through organic growth alone. A protracted lawsuit forces both sides to either renegotiate the terms of that deal or publicly explain why a company Apple is suing in trade secret litigation still deserves a privileged position inside Apple's operating system. That contradiction will be impossible to ignore.&lt;/p&gt;

&lt;p&gt;Watch the discovery process closely. Apple's complaint focuses on Tan and a defined group of former hardware employees, but subpoenas and depositions routinely surface names that never appear in the original filing. If other former Apple hardware engineers — particularly those who worked on unreleased device prototypes, custom silicon, or wearable technology programs — surface in OpenAI's corporate structure or its hardware venture, the scope of this AI intellectual property case expands dramatically. A single deposition can reframe an entire lawsuit.&lt;/p&gt;

&lt;p&gt;The Apple-OpenAI hardware dispute signals something larger about the AI device race: talent acquisition has become inseparable from technology acquisition. Every major AI lab building physical products now competes directly with the consumer electronics companies that trained their engineers. This case sets the precedent for how aggressively that competition gets policed.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;Originally published at &lt;a href="https://newzlet.com/ai/apple-openai-lawsuit-ai-hardware-trade-secrets/" rel="noopener noreferrer"&gt;Newzlet&lt;/a&gt;.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>technology</category>
      <category>news</category>
      <category>ai</category>
    </item>
    <item>
      <title>Why School Trip Apps Replace Webpages (And How to Fight Back)</title>
      <dc:creator>Newzlet</dc:creator>
      <pubDate>Thu, 16 Jul 2026 00:40:05 +0000</pubDate>
      <link>https://dev.to/newzlet_news/why-school-trip-apps-replace-webpages-and-how-to-fight-back-2c0e</link>
      <guid>https://dev.to/newzlet_news/why-school-trip-apps-replace-webpages-and-how-to-fight-back-2c0e</guid>
      <description>&lt;h2&gt;
  
  
  The App That Shouldn't Exist
&lt;/h2&gt;

&lt;p&gt;Travelbound is a mobile app that exists for one purpose: delivering a school trip itinerary. Dates, hotel details, coach times, destination information — the kind of static, read-only content that has lived comfortably on webpages since 1993. When parents at one performing arts school were told to download the Travelbound app to access travel arrangements for their children's Disneyland trip, one developer did the math and found it didn't add up.&lt;/p&gt;

&lt;p&gt;A school trip itinerary is a formatted document. It does not require push notifications, hardware sensor access, or a persistent process running on your phone. A URL handles it. A PDF handles it. A shared Google Doc handles it. What a mandatory native app download handles, it turns out, is something else entirely.&lt;/p&gt;

&lt;p&gt;The Travelbound app does two things a simple webpage would not do. It ties usage to your Google Account and sends tracking data back to the developers. It also serves advertisements — rebranded internally as "inspirations" — inside what users reasonably expect to be a functional travel tool. Neither of these is a feature from the user's perspective. Both are extraction mechanisms dressed up as convenience.&lt;/p&gt;

&lt;p&gt;This is the pattern behind a growing class of apps-that-should-be-websites: mobile applications with no meaningful interactive functionality, no offline capability that justifies installation, and no user benefit that a responsive web page couldn't replicate in a fraction of the storage footprint. Users who comply take on the full cost — device storage consumed, app permissions granted, a third-party ecosystem trusted — while the developer captures behavioral data and advertising inventory.&lt;/p&gt;

&lt;p&gt;The friction is the point. An app install creates a persistent data relationship. A webpage visit, especially one without a login wall, does not. Forcing a native app download for content that requires no native app is a UX decision made entirely in the developer's interest, not the user's. Calling it an "app" rather than a tracking and advertising product is the first misdirection. Requiring parents to install it for school trip access is the second.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Coverage Usually Misses: This Is a Design Choice, Not a Technical Necessity
&lt;/h2&gt;

&lt;p&gt;The conversation around app fatigue almost always stops at consumer frustration — too many apps, too much storage, too many passwords. What that framing conveniently skips is the question of why organisations choose to build native apps for content that static web delivery would handle without breaking a sweat.&lt;/p&gt;

&lt;p&gt;The answer is not technical. Mobile browsers have supported responsive design, offline caching, geolocation, and rich media for years. Progressive web apps can send push notifications, work without an internet connection, and load on any device without an app store in the middle. The capability gap that supposedly justifies a mandatory install closed a long time ago.&lt;/p&gt;

&lt;p&gt;What actually drives the decision is incentive alignment — and none of those incentives point toward the user. When a travel itinerary lives inside a native app rather than a URL, the publisher gains persistent access to a slot on your home screen, the ability to serve push notifications whenever they choose, and the data collection infrastructure to tie your behaviour to a persistent identity linked to your Google or Apple account. The Travelbound app, which one developer was required to install simply to view a school trip schedule for a Disneyland performance, illustrates this exactly. The app delivered two pieces of functionality beyond what a webpage would offer: it reported tracking data tied to Google accounts back to developers, and it served advertisements dressed up as "inspirations." Neither feature benefits the person reading the itinerary.&lt;/p&gt;

&lt;p&gt;This is not a design failure. It is a design choice, made deliberately, in favour of the publisher's monetisation and data strategy over the user's time and privacy. Calling it anything else — a technical requirement, an enhanced experience, a platform limitation — is a misdirection. The mobile web is not inadequate. It is simply less profitable to hand users something they can access, close, and walk away from without leaving a tracking footprint behind. Mandatory app installs for content-only experiences are a mechanism for converting a one-time transaction into an ongoing data relationship. Users pay the cost. Organisations collect the dividend.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Fix: Converting the App to a Webpage
&lt;/h2&gt;

&lt;p&gt;Rather than accept the friction, the developer did what most users can't: he built the alternative himself. After being told to install the Travelbound app to access a school trip itinerary for a Disneyland performance, he reverse-engineered the app's content and rebuilt it as a standard webpage. Same information. No download. No account creation. No permission requests.&lt;/p&gt;

&lt;p&gt;The result made the original product look embarrassing. The webpage was smaller and faster, loaded without installation, and handed users their travel details without demanding anything in return. Every step the app required — downloading from a store, signing in with a Google account, accepting data permissions — disappeared. What remained was the actual content: itinerary, travel arrangements, accommodation details. Presented as a document, the way the web was designed to work.&lt;/p&gt;

&lt;p&gt;This is where the rebuild becomes a damning piece of evidence. The Travelbound app offered nothing the webpage didn't, except the two features the developer explicitly called anti-features: tracking data tied to your Google account sent back to the developers, and advertisements dressed up as "inspirations." Strip those out and the app has no functional advantage over a basic HTML page. The app wasn't a better product. It was a data collection mechanism with a trip planner bolted on.&lt;/p&gt;

&lt;p&gt;The satisfaction of building a cleaner alternative is real, but it exposes an uncomfortable gap. This kind of pushback — reverse-engineering a bloated mobile app, replicating its core functionality as a lightweight web document — requires technical literacy that the vast majority of users simply don't have. Most people handed a QR code pointing to an app store download don't have the option to opt out and build something better. They install the app, hand over their data, and see the ads. The developer who can write the fix is rare. Everyone else is stuck with the version designed to extract value from them.&lt;/p&gt;

&lt;p&gt;That asymmetry is the point. App-first delivery isn't just an inconvenience for non-technical users — it's a structural lock-in that only technical users can escape.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Broader Pattern: App Stores as Gatekeepers
&lt;/h2&gt;

&lt;p&gt;Every time an organisation routes you through the App Store or Google Play to access a travel itinerary or event schedule, it hands Apple or Google something valuable: a verified user identity, behavioural data, and another hook into a third-party service's distribution chain. The app download is not a neutral technical choice. It is a toll booth, and the platform operators collect on both ends — from users through data harvesting and from developers through store fees and policy compliance.&lt;/p&gt;

&lt;p&gt;The Travelbound case makes the economics visible. The app's two distinguishing features over a simple webpage — Google Account tracking and an ad feed dressed up as "inspirations" — exist to extract value from users, not to serve them. That extraction happens because the app store model creates the infrastructure for it. A webpage with a URL serves content. An app with platform dependencies serves multiple masters simultaneously.&lt;/p&gt;

&lt;p&gt;Organisations that don't have those extraction motives still default to native apps for a different reason: app store presence reads as legitimacy. Having a listing in the App Store signals that a product passed some review process, carries a version number, and sits alongside recognisable brand names. For marketing departments, that perception of modernity outweighs any cost-benefit analysis of what users actually need to access.&lt;/p&gt;

&lt;p&gt;Progressive Web Apps exist specifically to collapse this false choice. A PWA can work offline, send push notifications, install to a home screen, and load fast on any device — all without touching Apple or Google's distribution infrastructure. The technology has been production-ready for years. The reason PWAs remain underdeployed is straightforward: bypassing the app store also bypasses the platform's incentive to promote your product. Apple in particular has historically throttled PWA capabilities on iOS, limiting features that work fine in Chrome on Android. That asymmetry is not accidental.&lt;/p&gt;

&lt;p&gt;The result is a web ecosystem where native mobile apps proliferate not because they serve users better, but because the distribution and monetisation incentives for every party except the user point toward the app store. Users pay with storage space, privacy permissions, and attention. The platforms profit. The organisations get a marketing asset. The webpage that would have done the job in three seconds never gets built.&lt;/p&gt;

&lt;h2&gt;
  
  
  What This Means for Everyday Users
&lt;/h2&gt;

&lt;p&gt;Every app installed on your phone is a small contract you didn't fully read. It can request access to your location, contacts, camera, and storage — permissions that a webpage simply cannot demand. When a school trip organiser forces you to download an app just to see a travel itinerary, those permissions exist to serve the app's business model, not your convenience. The Travelbound app, which one developer was told to install for a children's performing arts trip to Disneyland, exists to do two things a webpage cannot: track users via their Google Account and serve them advertisements dressed up as "inspirations." That is the entire value proposition — for the company, not the user.&lt;/p&gt;

&lt;p&gt;Multiply that dynamic across every venue ticketing system, every local gym, every parent-teacher platform, and every corporate event tool that demands a dedicated install, and you get a slow, cumulative erosion of the open web. The browser was designed to give users access to information without surrendering their device. Mandatory app ecosystems reverse that principle entirely. Each install is another foothold for a third-party data pipeline operating quietly in the background.&lt;/p&gt;

&lt;p&gt;The burden falls hardest on people with older devices, limited storage, or restricted data plans. A webpage loads and disappears. An app stays, updates itself, and keeps running. For users who don't scrutinise app permissions — which is most users — the privacy cost is invisible until it isn't.&lt;/p&gt;

&lt;p&gt;The practical counter-move is straightforward: ask the organisation why a webpage isn't sufficient. Push back when a school, venue, or service provider frames an app download as mandatory. In most cases, the functionality involved — schedules, maps, itineraries, booking confirmations — translates directly to a mobile-optimised webpage with zero additional software required. When organisations can't produce a genuine technical reason for requiring a native app, the real answer is almost always data collection or advertising revenue.&lt;/p&gt;

&lt;p&gt;The open web remains a powerful standard. Users who treat unnecessary app installs with the same scepticism they'd apply to an unsolicited email attachment will protect their own privacy and, collectively, push back against the quiet normalisation of apps-as-gatekeepers.&lt;/p&gt;




&lt;p&gt;&lt;em&gt;Originally published at &lt;a href="https://newzlet.com/tech/why-apps-replace-webpages-school-trips-ux/" rel="noopener noreferrer"&gt;Newzlet&lt;/a&gt;.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>technology</category>
      <category>news</category>
      <category>tech</category>
    </item>
  </channel>
</rss>
