Every few years, a piece of open-source software arrives that rewires how the industry thinks about computing. Linux did it for servers. Docker did it for deployment. OpenClaw — the autonomous AI agent platform that went from niche curiosity to the fastest-growing open-source project in history in a matter of weeks — may be doing it for software itself.

Nvidia CEO and co-founder Jensen Huang made his position plain at GTC 2026 this week: “OpenClaw is the operating system for personal AI. This is the moment the industry has been waiting for — the beginning of a new renaissance in software.” And Nvidia wants to be the company that makes it enterprise-ready.

At its annual large GTC 2026 conference in San Jose this week, Nvidia unveiled NemoClaw, a software stack that integrates directly with OpenClaw and installs in a single command. Along with it came Nvidia OpenShell, an open-source security runtime designed to give autonomous AI agents — or “claws”, as the industry is increasingly calling them — the guardrails they need to operate inside real enterprise environments. Alongside both, the company announced an expanded Nvidia Agent Toolkit, a full-stack platform for building and running production-grade agentic workflows.

The message from Jensen Huang was unambiguous. “Claude Code and OpenClaw have sparked the agent inflection point — extending AI beyond generation and reasoning into action,” the Nvidia CEO said ahead of the conference. “Employees will be supercharged by teams of frontier, specialized and custom-built agents they deploy and manage.” Watch my video overview of it below and read on for more:

Why ‘claws’ — and why it matters that Nvidia is using the word

The terminology shift happening inside enterprise AI circles is subtle but significant. Internally, teams building with OpenClaw and similar platforms have taken to calling individual autonomous agents claws — a nod to the platform name, but also a useful shorthand for a new class of software that differs fundamentally from the chatbots and copilots of the last two years.

As Kari Briski, Nvidia’s VP of generative AI software, put it during a Sunday briefing: “Claws are autonomous agents that can plan, act, and execute tasks on their own — they’ve gone from just thinking and executing on tasks to achieving entire missions.”

That framing matters for IT decision-makers. Claws are not just assistants. They are persistent, tool-using programs that can write code, browse the web, manipulate files, call APIs, and chain actions together over hours or days without human input. The productivity upside is substantial. So is the attack surface. Which is precisely the problem Nvidia is positioning NemoClaw to solve.

The enterprise demand is not hypothetical. Harrison Chase, founder of LangChain — whose open-source agent frameworks have been downloaded more than a billion times — put it bluntly in a recent episode of VentureBeat’s Beyond the Pilot podcast: “I guarantee that every enterprise developer out there wants to put a safe version of OpenClaw onto onto their computer or expose it to their users.” The bottleneck, he made clear, has never been interest. It has been the absence of a credible security and governance layer underneath it. NemoClaw is Nvidia’s answer to that gap — and notably, LangChain is one of the launch partners for the Agent Toolkit and OpenShell integration.

What NemoClaw actually does — and what it doesn’t replace

NemoClaw is not a competitor to OpenClaw (or the now many alternatives). It is best understood as an enterprise wrapper around it — a distribution that ships with the components a security-conscious organization actually needs before letting an autonomous agent near production systems.

The stack has two core components. The first is Nvidia Nemotron, Nvidia’s family of open models, which can run locally on dedicated hardware rather than routing queries through external APIs. Nemotron-3-Super, scored the highest out of all open models on PinchBench, a benchmark that tests the types of tasks and tools calls needed by OpenClaw.

The second is OpenShell, the new open-source security runtime that runs each claw inside an isolated sandbox — effectively a Docker container with configurable policy controls written in YAML. Administrators can define precisely which files an agent can access, which network connections it can make, and which cloud services it can call. Everything outside those bounds is blocked.

Nvidia describes OpenShell as providing the missing infrastructure layer beneath claws — giving them the access they need to be productive while enforcing policy-based security, network, and privacy guardrails.

For organizations that have been watching OpenClaw’s rise with a mixture of excitement and dread, this is a meaningful development. OpenClaw’s early iterations were, by general consensus, a security liability — powerful and fast-moving, but essentially unconstrained. NemoClaw is the first attempt by a major hardware vendor to make that power manageable at enterprise scale.

The hardware angle: always-on agents need dedicated compute

One aspect of NemoClaw that deserves more attention than it has received is the hardware strategy underneath it. Claws, by design, are always-on — they do not wait for a human to open a browser tab. They run continuously, monitoring inboxes, executing tasks, building tools, and completing multi-step workflows around the clock.

That requires dedicated compute that does not compete with the rest of the organization’s workloads. Nvidia has a clear interest in pointing enterprises toward its own hardware for this purpose.

NemoClaw is designed to run on Nvidia GeForce RTX PCs and laptops, RTX PRO workstations, and the company’s DGX Spark and DGX Station AI supercomputers. The hybrid architecture allows agents to use locally-running Nemotron models for sensitive workloads, with a privacy router directing queries to frontier cloud models when higher capability is needed — without exposing private data to those external endpoints.

It is an elegant solution to a real problem: many enterprises are not yet ready to send customer data, internal documents, or proprietary code to cloud AI providers, but they still need model capability that exceeds what runs locally. NemoClaw’s privacy router architecture threads that needle, at least in principle.

What claws actually look like in the enterprise 

Before evaluating the platform, it helps to understand what a claw doing real work looks like in practice. Two partner integrations announced alongside NemoClaw offer the clearest window into where this is heading.

Box is perhaps the most illustrative case for organizations that manage large volumes of unstructured enterprise content.

Box is integrating Nvidia Agent Toolkit to enable claws that use the Box file system as their primary working environment, with pre-built skills for Invoice Extraction, Contract Lifecycle Management, RFP sourcing, and GTM workflows.

The architecture supports hierarchical agent management: a parent claw — such as a Client Onboarding Agent — can spin up specialized sub-agents to handle discrete tasks, all governed by the same OpenShell Policy Engine.

Critically, an agent’s access to files in Box follows the exact same permissions model that governs human employees — enforced through OpenShell’s gateway layer before any data is exchanged. Every action is logged and attributable; no shadow copies accumulate in agent memory. As Box puts it in their announcement blog, “organizations need to know which agent touched which file, when, and why — and they need the ability to revoke access instantly if something goes wrong.”

Cisco’s integration offers perhaps the most visceral illustration of what OpenShell guardrails enable in practice. The Cisco security team has published a scenario in which a zero-day vulnerability advisory drops on a Friday evening.

Rather than triggering a weekend-long manual scramble — pulling asset lists, pinging on-call engineers, mapping blast radius — a claw running inside OpenShell autonomously queries the configuration database, maps impacted devices against the network topology, generates a prioritized remediation plan, and produces an audit-grade trace of every decision it made.

Cisco AI Defense verifies every tool call against approved policy in real time. The entire response completes in roughly an hour, with a complete record that satisfies compliance requirements.

“We are not trusting the model to do the right thing,” the Cisco team noted in their technical writeup. “We are constraining it so that the right thing is the only thing it can do.”

An ecosystem play: the partners behind the stack

Nvidia is not building this alone. The Agent Toolkit and OpenShell announcements came with a significant roster of enterprise partners — Box, Cisco, Atlassian, Salesforce, SAP, Adobe, CrowdStrike, Cohesity, IQVIA, ServiceNow, and more than a dozen others — whose integration depth signals how seriously the broader software industry is treating the agentic shift.

On the infrastructure side, OpenShell is available today on build.nvidia.com, supported by cloud inference providers including CoreWeave, Together AI, Fireworks, and DigitalOcean, and deployable on-premises on servers from Cisco, Dell, HPE, Lenovo, and Supermicro. Agents built within OpenShell can also continuously acquire new skills using coding agents including Claude Code, Codex, and Cursor — with every newly acquired capability subject to the same policy controls as the original deployment.

Separately, Nvidia announced the Nemotron Coalition — a collaborative initiative bringing together Mistral AI, Perplexity, Cursor, and LangChain to co-develop open frontier models. The coalition’s first project is a base model co-developed with Mistral that will underpin the upcoming Nemotron 4 family, aimed specifically at agentic use cases.

What enterprise leaders should be watching

The NemoClaw announcement marks a turning point in how enterprise AI is likely to be discussed in boardrooms and procurement meetings over the next twelve months. The question is no longer whether organizations will deploy autonomous agents. The industry has clearly moved past that debate. The question is now how — with what controls, on what hardware, using which models, and with what audit trail.

Nvidia’s answer is a vertically integrated stack that spans silicon, runtime, model, and security policy. For IT leaders evaluating their agentic roadmap, NemoClaw represents a significant attempt to provide all four layers from a single vendor, with meaningful third-party security integrations already in place.

The risks are not trivial. OpenShell’s YAML-based policy model will require operational maturity that most organizations are still building. Claws that can self-evolve and acquire new skills — as Nvidia’s architecture explicitly enables — raise governance questions that no sandbox can fully resolve. And the concentration of agentic infrastructure in a single vendor’s stack carries familiar platform risks.

That said the direction is clear. Claws are coming to the enterprise. Nvidia just made its bet on being the platform they run on — and the guardrails that keep them in bounds.

Bowers & Wilkins isn’t pretending this is a breakthrough and that’s exactly the point. The British luxury audio brand has expanded its flagship Pi8 true wireless earbuds and Px7 S3 noise-cancelling headphones with a slate of new premium finishes, leaning into a trend that’s been quietly reshaping the high-end audio category: color as innovation. The Pi8 now arrives in Dark Burgundy and Pale Mauve, bringing the total to six finishes, while the Px7 S3 adds a new Vintage Maroon option to its growing lineup.

If that sounds familiar, it should. Last year, I pointed out how a long list of premium audio brands had started treating industrial design and colorways not as afterthoughts, but as a legitimate product cycle strategy; extending relevance without touching the underlying acoustics. Bowers & Wilkins is now fully committed to that playbook. The hardware hasn’t changed and it didn’t need to, but the visual refresh keeps both models firmly in the conversation in a market that’s running out of meaningful spec-sheet upgrades.

Available starting March 19, the new finishes don’t come cheap: $499 for the Pi8 in Pale Mauve or Dark Burgundy, and $479 for the Px7 S3 in Vintage Maroon. Same award-winning sound, new wardrobe. Whether that counts as innovation or just smart business depends on how easily you’re seduced by a better shade of red.

What Are the Bowers & Wilkins Pi8?

The Bowers & Wilkins Pi8 are the company’s flagship true wireless earbuds, positioned as a no-compromise attempt to deliver genuine high-end sound in a category that usually prioritizes convenience over fidelity. In our review, the Pi8 stand out for their refined tuning, clarity, and sense of control, offering a presentation that feels closer to a compact hi-fi system than a typical pair of wireless earbuds. They’re designed for listeners who actually pay attention to what they’re hearing and not just how easily it connects.

At their core, the Pi8 combine carbon cone drivers, advanced DSP, and support for aptX Lossless to push beyond the limitations that have traditionally defined Bluetooth audio. Bowers & Wilkins also includes a smart charging case with retransmission capability, allowing wired sources to be streamed directly to the earbuds; an unusually practical feature that adds real-world flexibility. It’s a more thoughtful approach than most, focusing on how people actually use their gear rather than chasing feature checklists.

That said, the Pi8 don’t try to win on every front. As we noted in our review, the emphasis is clearly on sound quality, materials, and overall refinement, rather than class-leading noise cancellation or mass-market pricing. If overall sound quality, comfort, and strong but not class leading ANC matter most, these are among the best options available.

What Are the Bowers & Wilkins Px7 S3?

The Bowers & Wilkins Px7 S3 are the brand’s latest over-ear wireless noise-cancelling headphones, sitting just below the Px8 S2 but very much aimed at the same crowd that shops Sony, Bose, and Sennheiser at the top of the category. In our review, they come across as a deliberate refinement of what Bowers & Wilkins has been building for over a decade; premium materials, a more mature design language, and a clear focus on sound quality first. This isn’t a lifestyle headphone trying to fake it. It’s a high-end hi-fi product that just happens to be wireless. 

Where the Px7 S3 separates itself is in how it sounds relative to its competition. As noted in the review, it delivers audiophile-grade clarity, deep and controlled bass, and a level of detail that outpaces most rivals in this price range, including the usual suspects from Sony, Bose, and Apple. Bowers & Wilkins has also refined the internal driver design and overall tuning, while adding modern essentials like aptX Lossless and a more flexible EQ. The result is a presentation that feels more composed and revealing than what you typically get from mainstream ANC headphones.

That said, like the Pi8, the Px7 S3 doesn’t try to dominate every category. The review makes it clear that while ANC is improved and competitive, it’s not the class leader, and comfort is very good without being the lightest or most effortless in the segment. This is a headphone built around priorities: sound quality, build, and long-term listening satisfaction. If that’s what matters most, it’s one of the strongest all-around options available right now and one of the few that still feels like it was tuned by people who actually prioritise sound quality over ANC and connectivity features.

The Bottom Line

New colors are not innovation, but they do make the Pi8 and Px7 S3 feel fresher and harder to ignore. More importantly, this kind of refresh signals longevity these models are not going anywhere. Same excellent sound, now with a little more swagger.

Where to buy:

Tip: These new finishes add to the existing colors which include back, white, blue and jade green. Currently the new colors are only available at the Bowers & Wilkins website.

Related Reading:

from the great-orange-hope dept

Shortly after Trump took office for a second time, his administration made it clear that it felt constitutional rights were merely privileges it would extend only to those who fully supported whatever the hell the administration happened to be doing.

At the time, the administration was not only engaged in a full-blown, bigoted war against migrants, but throwing all of its support behind Israel’s ongoing anti-Palestinian efforts, which look a whole lot like actual genocide.

Last April, the administration stated it would no longer consider anti-Israel speech to be protected by the First Amendment, especially if said speech was uttered by immigrants, legal or otherwise:

U.S. Citizenship and Immigration Services has announced it will begin screening immigrants’ social media for evidence of antisemitic activity as grounds for denying immigration benefit requests. The screenings will affect people applying for permanent residence status as well as foreigners affiliated with educational institutions. The policy will go into effect immediately.

In a statement issued Wednesday morning, the Department of Homeland Security said it will “protect the homeland from extremists and terrorist aliens, including those who support antisemitic terrorism, violent antisemitic ideologies and antisemitic terrorist organizations such as Hamas, Palestinian Islamic Jihad, Hezbollah, or [the Houthis].”

Advertisement

But, in true MAGA fashion. Trump’s anti-antisemitic efforts only affected people who were more brown than white. A month later, Trump was opening the immigration door to South African “refugees,” but only the white ones. This decision was presumably based on lizard brain analysis of out-of-context clips shown on social media and/or Fox News that pretended whites in South Africa were being persecuted by the Black residents they’d persecuted for decades under apartheid.

And that included white South Africans who engaged in antisemitic speech, who were given a free pass to play their version of the race card to gain unvetted admittance to the Land of Opportunity.

Nine months later, the doors have been thrown wide open for white South Africans, with the administration yet again claiming — without facts in evidence — that these particular South Africans were more deserving of expedited asylum proceedings than anyone from any country where actual violence and persecution targets residents who are not white enough for the administration to consider worthy of naturalization.

The U.S. aims to process 4,500 refugee applications from white South Africans per month, far above President Donald Trump’s stated refugee program cap, and is installing trailers on embassy property in Pretoria to support the effort, a U.S. contracting document said.

While both versions of the Trump administration may have rendered satire mostly obsolete, it can’t eradicate irony. And here’s where it gets absolutely hilarious. White South Africans are now thinking their homeland is a better option than living here under this administration, as Reuters reports.

Andrew Veitch left South Africa after being held up at gunpoint in his car. But now he feels there are greater threats in the United States, ​he said, citing mass shootings in public places as well as violence by U.S. immigration officers.

“People are being shot in broad daylight. American citizens are being shot and killed,” said ‌the 53-year-old, who moved to California in 2003. “I don’t want to live in a place like this.”

It’s a valid point — one that people who have lived here for their entire lives are making, albeit without the easily available option of just pressing CTRL-Z on their temporary protected status. Veitch isn’t the only one wanting to return to the allegedly-hyper-violent country of South Africa, rather than continue to live in the Land of Opportunity that is daily being rebranded as the Land of Impending Martial Law.

Other South African (white) “refugees” are heading back home because the financial climate is preferable, even if they choose to ignore the threat Trump poses to every freedom Americans hold dear. After 20 years of US residence, it’s the Trump administration that’s encouraging South African (white) migrant Naomi Saphire to return to her homeland.

[Saphire] had ⁠been settled in the United States for two decades when she came back for a holiday and realized how much she missed home.

Last year, she left North Carolina for a seaside town in South Africa’s Western Cape, where she said her three children spend more time outdoors, health insurance is affordable and she prefers the schools.

Advertisement

“My heart is just full of gratefulness to be here,” the 46-year-old said from her home in Plettenberg Bay. “The U.S. has been really good to me (but) I just felt like I was depriving my kids of this life.”

As for the supposed violence targeting white South Africans Trump is now pretending to “save” from their misery with his “let’s get a bunch more whites in here” immigration policies, it’s as mythical as divorced from reality as Trump’s self-perception as the smartest, savviest businessman/politician to ever grace the Earth with his presence:

Crime and joblessness are major issues in ​South Africa, but the unemployment rate is 35% for Black ​people compared with 8% for whites, according to ⁠the latest figures from the national statistics agency Stats SA.

Police statistics released last year showed that even farm murders, which Trump has focused on, killed more Black people than whites. Reuters has found that photos and videos Trump has presented on the matter were taken out of context or misrepresented.

While this might seem like the most useless of anecdotal evidence, there’s reason to believe white South Africans will either ignore the Trump’s invitation to further whiten the US, or head back home where things are still pretty fucking good for whites, but without having to deal with a megalomaniac chaos agent who seems to believe World War III will finally allow Truth Social to turn a profit.

White South Africans have been rejecting the United States since 2022, when a law allowed them to regain their citizenship after it was stripped by a post-apartheid law passed in 1995. 15,000 white South Africans took advantage of that to return to their homeland. Now that Trump’s back in office, even more whites are exiting than entering the United States, despite the administration’s warm welcome of white migrants into its white Christian nationalism plans.

Home Affairs Minister Leon Schreiber ​said 1,000 people had reclaimed their citizenship, a number he expected to grow significantly as the programme takes off.

One of the main reasons for exiting the US was “lower cost of living,” something Trump has actively worked against achieving, starting with his indiscriminate (and apparently unlawful) tariffs and continuing through his destabilization of the world economy by (1) being buddies with Russia, (2) starting yet another forever war in the Middle East, (3) refusing to engage honestly with inflation and joblessness, and (4) decreasing American productivity by forcibly ejecting hundreds of thousands of people who work harder, pay more in taxes, and commit fewer crimes than US citizens.

And now it’s clear this administration is so inept and inherently dangerous it can’t even convince white people to live here. Let that sink in for a bit.

Filed Under: bigotry, dhs, ice, immigration, mass deportation, south africa, trump administration, whites only

But sir, it is wafer-thin. That’s how they get you! Just when you couldn’t possibly justify building another keyboard, let alone owning one, along comes the Kambala by [aroum2].

Now, ‘Kambala’ means a few things, but here it refers to fish, as evidenced by logo and matching themed PCB key chain shown in the gallery.

This catch is so flat because of the switches: PG1316S, and 42 of them. These are better known to some as Kailh butterfly switches, and are meant for laptops. But, this is Hackaday.

No matter what you call them, those switches are controlled by a nice!nano V2-compatible controller, which allows for ZMK firmware support. There’s a 110 mAh battery and four status LEDs, and best of all, the charging indicator is in the fish’s eyes.

[aroum2] might share the files later. Here’s hoping!

Let’s Talk DIY Palm Rests

Palm rests! Depending on the keyboard, they can be built right in. This here Kinesis Advantage comes to mind. That said, you can buy a pair of nice adhesive pads for your Kinesis once the ABS shine starts to bother you, or better yet, before that happens. Don’t make your own out of adhesive foam sheets. Just, trust me on this.

But oftentimes, especially with travel keyboards, palm rests aren’t included. And that’s fair, because people want different things. Before you go printing some, or even rendering a pair from zebrawood, consider cheap alternatives like a large car-washing sponge cut in half and covered with the fabric of your choice.

On the slightly more expensive side, many employ a pair of Purple mattress samplers, which have doubled in price since I bought some 2022, but are still worth it.

Depending on your desk, you could do something as simple as cutting a pool noodle in half and shoving it onto the edge. Maybe you’ve done something even more temporary that turned out to be permanent. Tell me in the comments!

Even if you have built-in palm rests, sometimes you need to temporarily insert something like a spiral notebook between your desk edge and keyboard, pushing the thing further away and putting your delicate elbows at risk. This is me right now, and each elbow is on a mouse bag. Simple and effective.

Another consideration is attached versus unattached. I mean, if a travel keyboard is going to have palm rests, they should attach rather than just be placed in front. Maybe that’s just me.

The Centerfold: Telegraph Key Macro Pad is Dashing

The system works! [Colin] sent a tip about his Telegraph Key Macro Pad, which is exactly what it sounds like. [Colin] says that his job these days mostly consists of copy/pasting from GPT, and it was quickly becoming a pain in the wrist. (Boy, can I relate.)

Using the thing is just as it should be: to copy, you long press the key like a Morse code dash. To paste, you do the short one. This enables [Colin] to paste many times, and quickly. [Colin] started with a Soviet-era telegraph key from the electronic bay, and a Pimoroni Tiny 2040 programmed with Arduino. It may be wildly overpowered for the application, but hey, it fits nicely in the base of the telegraph key.

The default is to make a sound when you do either action. [Colin] used a piezo disk so that it can handle different tones. This was done mostly for the luls, but it also lets him know when something is copied. There’s also a nifty silent mode that moves the mouse cursor in a quick loop-dee-loo when the deed is done.

Do you rock a sweet set of peripherals on a screamin’ desk pad? Send me a picture along with your handle and all the gory details, and you could be featured here!

Historical Clackers: the Crown Was a Machine for the Millions… Not!

You might wonder why I choose so many index typewriters for this portion of the program. I suppose it’s because they can be so differently designed, yet serve the same purpose. And that’s just cool to me.

The Crown index typewriter is no exception. Let’s start with the fact its creator, Byron Alden Brooks, was a celebrated inventor of early typewriters. You may have heard of the Brooks; he also had a hand in the People’s, the National, the Travis, and of course, the Crown index typewriter. Perhaps most unforgettable among his accomplishments, Brooks invented the Shift key.

The Crown was produced between 1888 and 1894, though it is thought that Brooks began work on it as early as 1881, evidenced by the date on the typewheel patent. It’s also thought that production really ceased in 1893.

That’s right, the Crown used a typewheel and a linear index from which the user selected each character. The ink came from a felt roller situated between the carriage and typewheel. Every time a character was selected, this roller would swing out of the way so the typewheel could strike the platen.

Originally, the Crown cost $20 (about $700 today), with the wooden case thrown in free. The price dropped to $16 by the middle of 1891. Despite being billed as ‘a machine for the millions’, the Crown was a failure.

Finally, There’s a Quiz To Find Your Switch Type

If you’re really up on things, you’re of course no stranger to KBD News and the corresponding newsletter. KBD is a great resource for all things keyboard, and now there’s a switch compatibility quiz to help you get started.

Of course, not all switches work with all PCBs, so you can’t begin this journey without knowing which path to head down. Choose MX, and you’ll have a bevvy of beauties to choose from. There are far fewer low-profile and Hall-effect switches out there, so keep that in mind.

Let’s say you go down the MX path. Your next choice is important: how much feedback do you need? None? A little? An audible click? Remember to keep your environment in mind.

If you’re me, you choose clicky. Now it’s time to think about actuation force. There are no light-force clicky switches; it’s just not a thing. So you can choose mid, heavy, or no preference, which takes you directly to RGB choices. Do you want a transparent housing? A light diffuser? Both? If you have no preference here, your final choice concerns factory lubrication. I ended up with 10 different switch recommendations, but of course, YMMV.

It’s important to note that KBD News has a comprehensive guide to choosing keyboard switches, which covers everything from actuation force to travel distance to RGB support, or lack thereof. And don’t miss the mechanical switch FAQ, just below the quiz.

Got a hot tip that has like, anything to do with keyboards? Help me out by sending in a link or two. Don’t want all the Hackaday scribes to see it? Feel free to email me directly.

When an AI agent needs to log into your CRM, pull records from your database, and send an email on your behalf, whose identity is it using? And what happens when no one knows the answer? Alex Stamos, chief product officer at Corridor, and Nancy Wang, CTO at 1Password joined the VB AI Impact Salon Series to dig into the new identity framework challenges that come along with the benefits of agentic AI.

“At a high level, it’s not just who this agent belongs to or which organization this agent belongs to, but what is the authority under which this agent is acting, which then translates into authorization and access,” Wang said.

How 1Password ended up at the center of the agent identity problem

Wang traced 1Password’s path into this territory through its own product history. The company started as a consumer password manager, and its enterprise footprint grew organically as employees brought tools they already trusted into their workplaces.

“Once those people got used to the interface, and really enjoyed the security and privacy standards that we provide as guarantees for our customers, then they brought it into the enterprise,” she said. The same dynamic is now happening with AI, she added. “Agents also have secrets, or passwords, just like humans do.”

Internally, 1Password is navigating the same tension it helps customers manage: how to let engineers move fast without creating a security mess. Wang said the company actively tracks the ratio of incidents to AI-generated code as engineers use tools like Claude Code and Cursor. “That’s a metric we track intently to make sure we’re generating quality code.”

How developers are incurring major security risks

Stamos said one of the most common behaviors Corridor observes is developers pasting credentials directly into prompts, which is a huge security risk. Corridor flags it and sends the developer back toward proper secrets management.

“The standard thing is you just go grab an API key or take your username and password and you just paste it into the prompt,” he said. “We find this all the time because we’re hooked in and grabbing the prompt.”

Wang described 1Password’s approach as working on the output side, scanning code as it is written and vaulting any plain text credentials before they persist. The tendency toward the cut-and-paste method of system access is a direct influence on 1Password’s design choices, which is to avoid security tooling that creates friction.

“If it’s too hard to use, to bootstrap, to get onboarded, it’s not going to be secure because frankly people will just bypass it and not use it,” she said.

Why you cannot treat a coding agent like a traditional security scanner

Another challenge in building feedback between security agents and coding models is false positives, which very friendly and agreeable large language models are prone toward. Unfortunately, these false positives from security scanners can derail an entire code session.

“If you tell it this is a flaw, it’ll be like, yes sir, it’s a total flaw!” Stamos said. But, he added, “You cannot screw up and have a false positive, because if you tell it that and you’re wrong, you will completely ruin its ability to write correct code.”

That tradeoff between precision and recall is structurally different from what traditional static analysis tools are designed to optimize for, and it has required significant engineering to get right at the latency required, on the order of a few hundred milliseconds per scan.

Authentication is easy, but authorization is where things get hard

“An agent typically has a lot more access than any other software in your environment,” noted Spiros Xanthos, founder and CEO at Resolve AI, in an earlier session at the event. “So, it is understandable why security teams are very concerned about that. Because if that attack vector gets utilized, then it can both result in a data breach, but even worse, maybe you have something in there that can take action on behalf of an attacker.”

So how do you give autonomous agents scoped, auditable, time-limited identities? Wang pointed to SPIFFE and SPIRE, workload identity standards developed for containerized environments, as candidates being tested in agentic contexts. But she acknowledged the fit is rough.

“We’re kind of force-fitting a square peg into a round hole,” she said.

But authentication is only half of it. Once an agent has a credential, what is it actually allowed to do? Here’s where the principle of least privilege should be applied to tasks rather than roles.

“You wouldn’t want to give a human a key card to an entire building that has access to every room in the building,” she explained. “You also don’t want to give an agent the keys to the kingdom, an API key to do whatever it needs to do forever. It needs to be time-bound and also bound to the task you want that agent to do.”

In enterprise environments, it won’t be enough to grant scoped access, organizations will need to know which agent acted, under what authority, and what credentials were used.

Stamos pointed to OIDC extensions as the current frontrunner in standards conversations, while dismissing the crop of proprietary solutions.

“There are 50 startups that believe their proprietary patented solution will be the winner,” he said. “None of those will win, by the way, so I would not recommend.”

At a billion users, edge cases are not edge cases anymore

On the consumer side, Stamos predicted the identity problem will consolidate around a small number of trusted providers, most likely the platforms that already anchor consumer authentication. Drawing on his time as CISO at Facebook, where the team handled roughly 700,000 account takeovers per day, he reframed what scale does to the concept of an edge case.

“When you’re the CISO of a company that has a billion users, corner case is something that means real human harm,” he explained. “And so identity, for normal people, for agents, going forward is going to be a humongous problem.”

Ultimately, the challenges CTOs face on the agent side stem from incomplete standards for agent identity, improvised tooling, and enterprises deploying agents faster than the frameworks meant to govern them can be written. The path forward requires building identity infrastructure from scratch around what agents actually are, not retrofitting what was built for the humans who created them.

If you’re ready to move your PC gaming experience to the next level, look no further than GIGABYTE’s X870E AORUS ELITE X3D. 

Already known for their forward-thinking tech, GIGABYTE has outdone themselves with this one. Boasting state-of-the-art graphics capabilities, AI-enhanced X3D Turbo Mode 2.0, Zenith Memory Performance, and a comprehensive thermal design, X870E AORUS ELITE X3D offers everything you need to up your game.

Top-tier graphics performance for a competitive edge

The X870E AORUS ELITE X3D motherboard packs all the power of the AMD Radeon RX 9070 for top-of-the-line gaming graphics performance. If you’re an esports player, you’ll get the super-fast refresh rates you need to keep up with the competition. Or, if you’re into games with massive open-world maps, the X870E AORUS ELITE X3D will keep you exploring as far as the eye can see and beyond. 

Switching between gaming and performance modes

GIGABYTE’s X870E AORUS ELITE X3D features X3D Turbo Mode 2.0, which offers an overall enhanced experience over the previous generation. Whether you’re gaming, multitasking, or a little of both, X3D Turbo Mode 2.0 delivers with a built-in AI model that automatically optimizes parameters in real time. You can switch easily between two modes, Extreme Gaming Mode & Max Performance Mode, to make sure you’re getting peak performance suited to your task.

Advanced DDR5 memory and AI-enhanced overclocking

Using a combination of advanced technologies, X870E AORUS ELITE X3D offers Zenith Memory Performance, an advanced AI-enhanced overclocking technology for DDR5 memory. To start, the PCB features advanced shielding to ensure clean and clear memory signals. The next innovation is daisy-chain routing, designed to remove signal bottlenecks. Finally, the PCB itself uses 8-layer server-grade materials to ensure DDR5 data is transmitted at blazing speeds.

Stay frosty with smart cooling and thermal guards

All this power demands cooling tech that’s up to the task of keeping your system running cool and efficiently. GIGABYTE’s X870E AORUS ELITE X3D has what it takes, with a full-metal thermal design and durable heat sinks. Add to this M.2 EZ-Flex, GIGABYTE’s exclusive patented design, plus their quiet and efficient Smart Fan 6 technology, and you can be sure your machine will run smoothly for hours on end. 

With its top-of-the-line graphics capabilities, Turbo mode 2.0, Zenith Memory Performance, and compressive thermal design — not to mention its durable materials and ultra-connectivity — GIGABYTE’s X870E AORUS ELITE X3D should be at the heart of any true gamer’s rig.

There is a moment, usually around the third eerily accurate ad for something you only mentioned in an email, when you start to wonder what exactly your inbox knows about you. The answer, it turns out, is everything. And the companies running the most popular free email services in the world are not keeping that information to themselves.

This article contains affiliate links. If you make a purchase through these links, we may earn a commission at no extra cost to you.

The real cost of free email

When Gmail launched in 2004, offering a gigabyte of free storage felt almost absurd. Two decades later, the bargain looks rather different. Google processes roughly 1.8 billion Gmail accounts worldwide, and the service remains free because users are not the customer. Advertisers are.

Every message that lands in a free inbox is parsed, categorised, and fed into a profile that determines which ads follow you across the web. The content of your emails, the receipts, the travel confirmations, the medical appointment reminders, all of it contributes to an advertising profile that you never agreed to build and cannot fully delete. This is not a conspiracy theory. It is the documented business model of the largest email providers on the planet.

For years, most people accepted this trade-off because the alternatives were either expensive, clunky, or both. That is no longer the case.

What private email actually looks like in 2026

The private email market has matured considerably. Services now exist that offer the speed, polish, and reliability of Gmail without the data harvesting. The model is simple: you pay a modest subscription, and in return, your provider has no reason to touch your data because the subscription is the product, not your attention.

Fastmail is one of the more interesting players in this space, and it is worth understanding why. Founded in 1999 in Melbourne, Australia, the company has been running independently for over 25 years. It predates Gmail by half a decade. While most of the tech industry spent the 2010s chasing advertising revenue, Fastmail quietly built a subscription email service focused on something almost quaint: making email work exceptionally well.

The result is a platform that feels noticeably faster than what most people are used to. Full-text search returns results across your entire inbox in milliseconds, not seconds. Keyboard shortcuts cover virtually every action. Server-side filtering rules let you automate sorting and labelling without leaving a client running. These sound like small things until you spend a week with them and realise your previous inbox felt like wading through treacle.

The features that actually matter

It is easy to list features. It is harder to explain why they matter. Here is what stands out after extended use.

Custom domains on every plan. If you own a domain, you can use it with Fastmail immediately. This means your email address is yours permanently, not tied to a provider. If you ever decide to leave, your address comes with you. For freelancers, small businesses, and anyone who treats their email address as professional infrastructure, this is quietly one of the most important features an email service can offer.

Over 600 masked email aliases. Every time you sign up for a new service, you can generate a unique address that forwards to your real inbox. If that address gets sold to spammers or leaked in a data breach, you simply delete it. Fastmail integrates this directly with 1Password, so generating a new alias takes roughly two seconds.

Open standards throughout. Fastmail supports IMAP, SMTP, CalDAV, and CardDAV natively. This means it works with any email client you already use: Apple Mail, Thunderbird, Outlook, or anything else that speaks standard protocols. You are not locked into a proprietary app to access your own email. This level of interoperability is surprisingly rare among private email providers, several of which require bridge applications or restrict you to their own clients entirely.

Calendars and contacts included. Shared calendars, contact management, and file storage are built into every plan. For families and small teams, this replaces the need for a separate productivity suite. The Duo plan covers two users with shared calendars for $8 per month on annual billing, and the Family plan extends to six users at $11 per month.

The privacy question, honestly

Fastmail is transparent about what it does and does not offer. It uses TLS encryption in transit and AES encryption at rest, which is industry standard. It does not offer end-to-end encryption, and the company has been straightforward about why: the usability trade-offs (slower search, limited client support, key management complexity) do not serve most users well.

If your threat model includes protection against server-side access by a state actor, Fastmail is not the right choice. For that, you want a zero-knowledge encrypted provider like ProtonMail. But if your primary concern is getting your inbox out of the advertising ecosystem while keeping a fast, flexible, standards-compliant email experience, Fastmail delivers exactly that. The company does not sell data, does not display ads, does not build user profiles, and publishes regular transparency reports.

This distinction matters because privacy is not binary. Moving from a provider that actively monetises your email content to one that simply does not touch it is a significant upgrade for the vast majority of users, even without end-to-end encryption.

What it costs

Fastmail’s pricing is straightforward. The Individual plan costs $6 per month or $5 on annual billing, and includes 50GB of storage, custom domains, over 600 aliases, calendars, contacts, and full third-party client support. The Duo and Family plans share storage across two or six users respectively, making them some of the most cost-effective private email options for households.

Business plans start at $4 per user per month for Basic (6GB per user), $6 for Standard (60GB), and $10 for Professional (150GB with email retention archiving). Teams can mix and match tiers within a single account, so you are not paying for enterprise-grade archiving on every seat.

There is a 30-day free trial with no credit card required. Full access to every feature, no artificial limitations.

The bigger picture

The argument for private email is not really about email at all. It is about a slow, accumulating shift in how people think about the services they use every day. For two decades, “free” has been the default, and the cost has been invisible. But the cost is there: in the ads that follow you, in the data brokers who know your purchase history, in the quiet erosion of the idea that a conversation can be genuinely private.

Paying $5 per month for an inbox that belongs to you is not a radical act. But it is a meaningful one. And the tools available in 2026 make it easier than it has ever been. Fastmail’s free trial is a reasonable place to start, if only to see what email feels like when nobody is watching.

from the celebrate-with-some-lemon-pound-cake dept

As we wrote just yesterday, the defamation trial brought by seven Adams County, Ohio deputies against rapper Afroman was going about as well for the officers as their original botched raid on his home. Today we can report the inevitable conclusion: the jury sided entirely with Afroman, clearing him of all liability after just hours of deliberation.

To recap briefly: deputies raided Afroman’s home in 2022 with guns drawn, found essentially nothing, filed no charges, broke his door (and his gate!), and got caught on his security cameras doing embarrassing things — including one deputy who appeared to cautiously eye a delicious-looking lemon pound cake. Afroman turned the footage into multiple viral music videos. The deputies, upset about being mocked, sued him for $3.9 million claiming defamation and emotional distress. The jury took just a few hours to say: nah.

The best part might be the closing argument from the officers’ attorney, who told the jury:

“Mr. Foreman doesn’t get to wrap himself in the American flag and say you can’t touch me, I can say what I want, no matter how untrue it is, no matter how much pain it causes people, because I have freedom of speech. He can’t do that.”

Afroman’s lawyer quickly responded that he can, in fact, do exactly that. That’s how the First Amendment works. Especially when talking about public officials. And then the jury agreed. This is especially delicious given that Afroman literally wrapped himself in the American flag for the entire trial, showing up each day in that wonderful suit.

Afroman’s own testimony summed up the whole case more concisely than any lawyer could:

“All of this is their fault, and they have the audacity to sue me.”

And through all of this, Afroman never stopped making music mocking these officers — right up to the trial. Here he is calling out Deputy Randy Walters:

And here he is set to the tune of the Battle Hymn of the Republic, reminding everyone that the proof of everything he’s saying is right there on the internet for anyone to see:

So the deputies sued because they were embarrassed by viral music videos, and, in doing so, created a three-day trial that generated a whole new wave of viral content about them, drew national media attention, and ended with a jury telling them they had no case. The Streisand Effect remains undefeated.

As Afroman’s lawyer told the jury in closing, citing NWA’s “Fuck Tha Police” and Richard Pryor’s comedy:

“I’m sorry they feel the way they do, but there’s a certain amount that you have to take as a public official, it’s part of the duties of the job. What chilling effect does that have on the world we live in? You don’t like what a public official does and you make a joke, and you’re dragged into court?”

There’s a serious point underneath all the absurdity. Public officials who raid your home for no good reason, find nothing, and break your stuff don’t get to then use the courts to punish you for talking about it. That’s the whole ballgame on the First Amendment, and the jury understood it perfectly.

Afroman summed it up outside the courtroom saying:

I didn’t win. America won. America still has freedom of speech. It’s still for the people, by the people!

Well said. And I hope the Adams County Sheriff’s Department is looking forward to Afroman’s next release.

Filed Under: 1st amendment, adams county, adams county sheriff’s department, afroman, defamation, free speech