The start of summer on the Shore is never subtle. The beach traffic is already stupid, Brooklyn has made its presence felt, and the usual collection of road warriors remain baffled by New Jersey jughandles, as if the state installed them last Tuesday just to ruin their soft-serve pilgrimage. Add Netflix Studios at Fort Monmouth under construction, half the neighborhood torn up, and the constant soundtrack of trucks, cones, dust, and poor life choices, and the appeal of sitting outside with music, a cold ginger beer or Rooibos in hand, and a portable speaker that does not sound like it came free with a hotel rewards program becomes rather obvious.

That brings us to the $250 KEF Muo, the company’s new portable Bluetooth speaker and follow-up to its earlier attempt at this category. KEF is not exactly early here. Sonos, Marshall, JBL, DALI, and Soundcore have been circling this part of the market for years, and some of them have become very good at making compact speakers that can survive patios, kitchens, hotel rooms, and the occasional bad decision near a pool.

The Muo’s angle is different. KEF is leaning on its hi-fi background, Ross Lovegrove’s sculpted industrial design, and a form inspired by the company’s far more exotic Muon loudspeakers. That could have turned into design-office theater, but the engineering story has more substance than the average “premium portable” pitch.

A large racetrack driver handles much of the output, while a dedicated tweeter is used for the top end, giving the Muo a proper two-way driver arrangement rather than asking one small driver to perform musical gymnastics. The company’s Music Integrity Engine DSP suite is tuned specifically for the Muo, with limiter and Dynamic Bass Boost technologies related to the LS60 Wireless.

KEF Muo Technology: Small Box, Real Engineering, No Free Pass

After four nights in Vegas, nonstop work, travel delays, a 24-hour birthday extravaganza for my 13-year-old daughter, and torrential rain that turned the deck into a splash zone, I was more than ready to stand outside and let a portable speaker make some noise.

The KEF Muo did not need much encouragement.

At $249.99 USD, the Muo lands in a very crowded portable Bluetooth speaker category, but KEF is trying to separate it from the usual rubberized bricks with a more serious engineering story. The enclosure is made from recycled plastics sourced from everyday waste, including old bottles and outdated electronics, which gives the Muo a stronger sustainability angle than much of the competition. That does not automatically make it sound better, but it does make the design feel more considered than another disposable Bluetooth box with a logo slapped on the grille.

The new Muo measures 216 x 82 x 59 mm, or roughly 8.5 x 3.2 x 2.3 inches, and weighs 740 grams, or 1.6 pounds. That makes it genuinely portable, but not toy-like. It has enough mass to feel planted on a table, deck rail, or kitchen counter without coming across like something that will rattle itself into the neighbor’s hydrangeas.

Inside, KEF uses a proper two-driver layout. A 20mm tweeter handles the high frequencies, while a 58 x 117mm racetrack driver covers the midrange and bass. That larger racetrack driver is doing the heavy lifting, and KEF supports it with its P-Flex surround, a pleated surround technology also used in the company’s KC62 and KC92 subwoofers. The goal is to help the driver resist internal air pressure and move more accurately, which matters when you are asking a compact speaker to produce bass without turning into a wheezing plastic lunchbox.

Power comes from two Class D amplifiers: 10 watts for the tweeter and 30 watts for the mid/low driver. KEF rates the Muo at a maximum 90 dB SPL at one meter, with a claimed frequency response of 43 Hz to 20 kHz at 85 dB/1m. Those numbers are useful, but the important part is how the Muo behaves when pushed outdoors, where small speakers often lose body, composure, or both.

Battery Life and Weather Resistance: KEF’s Numbers Hold Up…Mostly

The KEF Muo is not just built to sit on a desk and look sculptural. KEF claims up to 24 hours of playback on a full charge, with a full recharge taking about two hours. A 15-minute quick charge is rated for roughly three hours of playback, which is actually useful if you forgot to plug it in the night before heading to the beach, the deck, or wherever you plan to annoy the squirrels with The Clash.

Those battery claims are not fantasy math. I gave the Muo a full charge and let it play until it shut itself down. At a moderate listening level, it lasted 22 hours and 38 minutes. That is close enough to KEF’s 24-hour claim that nobody should be complaining unless they also write angry letters about cereal boxes not being filled to the top.

KEF also rates the Muo for operation between -20°C and 45°C, which gives it a wider usable temperature range than most people will ever test willingly. Winter on the Jersey Shore was especially brutal this year, and we did drop below that mark for more than a week, which is not exactly normal for this part of the world. Even this Canuck was not sadistic enough to stand outside in that kind of cold to test a Bluetooth speaker. I had the good sense to head down to our Florida home for a week just as the snow and misery arrived.

So the cold-weather test will have to wait. Maybe next year.

Rain was another matter. I did stand outside and let the Muo play while it got wet. No drama. No shutdown. No weird behavior. It just kept playing. I would not take it into the shower, even if those old 1970s shower radios deserve their own museum exhibit, but the Muo feels properly robust for outdoor use, damp weather, and normal summer abuse.

It also survived Tyrion the Westie licking it, which is not part of KEF’s published test procedure, but perhaps should be.

KEF Muo: Smarter Connectivity, with One Caveat

Connectivity is handled by Bluetooth 5.4 with aptX Adaptive, SBC, and AAC codec support. The Muo also supports Google Fast Pair and Microsoft Swift Pair for easier setup, while the KEF Connect app handles settings and firmware updates.

Wired playback and charging both run through the USB-C port, which supports up to 48 kHz/24-bit audio depending on the source. That gives the Muo a little more flexibility than the average portable Bluetooth speaker, especially for listeners who still like having a cable option when the wireless world decides to behave like a committee.

Pairing two Muo speakers creates a true stereo setup with defined left and right channels, which is a meaningful upgrade over the pretend “stereo” some portable speakers try to sell with a straight face. KEF only supplied one review sample, so I was not able to test stereo pairing.

Auracast support also allows multiple Muo units to link together for larger setups, but that requires a compatible Android device. I did not have one on hand during testing, so that feature remains untested for this review. Useful on paper, but I’m not pretending I climbed that particular hill.

On the practical side, the built-in microphone supports calls with noise and echo cancellation, and in actual use, it worked better than expected. I called my mother in Florida for the daily weather report and the obligatory “you’ll never guess who died” update, and the Muo held its own.

It took her a few minutes to notice I was not speaking directly through my iPhone, which is probably the highest praise this kind of feature is going to get. She only asked once if I was driving, so the microphone was clearly doing something right. Voices sounded clear enough, background noise was kept under control, and the call quality was perfectly usable for real conversations rather than just emergency “I’ll call you back” moments.

Ross Lovegrove’s Muo Design Still Has Moves

Ross Lovegrove’s influence is obvious the moment you look at the Muo. KEF has borrowed the sculpted language of its much larger Muon loudspeaker and shrunk it into a portable speaker that will not require a forklift, a trust fund, or a very patient spouse. Just wait till she sees the ATC EL50 Anniversary coming in July. So dead. At least I’ll be saving her the price of a pine box.

The build quality leans heavily on aluminum, and KEF offers seven finish options: Silver Dusk, Amber Haze, Orange Moon, Blue Aura, Moss Green, Cocoa Brown, and Midnight Black. My review sample arrived in Moss Green, which looks utterly awesome in person. It has just enough color to stand out without looking like a Bluetooth speaker designed by a sneaker company after three espressos.

Amber Haze, however, does sound suspiciously like an inside joke at KEF. Say it quickly and it lands a little too close to Amber Waves from Boogie Nights. No judging. Greatest movie. Moving on.

Placed horizontally beneath the front of my iMac, the Muo produced a soundstage that was slightly wider than the cabinet itself. DSP is clearly part of the equation, but KEF uses it carefully. The presentation sounded open for a speaker this size without becoming thin, hollow, or obviously processed.

Outside, I preferred the Muo in its vertical orientation. It projected sound farther, held together better in open space, and made more sense when the goal was getting music beyond the immediate patio zone. The design may be the hook, but the orientation sensing is not just a brochure bullet. It changes how the speaker behaves in real use.

Listening

After downloading the KEF Connect app and completing the required firmware update, I spent time moving between TIDAL and Qobuz to get a better sense of how the Muo behaved with different material.

One thing stood out rather quickly: the Muo sounds better at lower listening levels than a lot of Bluetooth speakers I have reviewed. That includes the Bose Lifestyle Ultra Speaker I covered recently, which needed more volume before it really started to open up.

The KEF was different. Listening late at night in the kitchen with my laptop and the Muo positioned vertically off to the left, the speaker remained clear, detailed, and composed at roughly 25% volume. That matters, because not every portable speaker sounds balanced when you are trying to listen without waking the house or alerting the neighbors that Dolly Parton has returned to the premises.

Bass impact does take a hit at lower volume, and nobody should buy the Muo expecting it to behave like a small subwoofer with buttons. It is not a bass monster, and I’m fine with that because it gets so much of the rest right. You can add some low-end weight through the KEF Connect app, but it is not going to rattle your teeth. Not its bag.

The Black Keys’ “Little Black Submarines” and Metallica’s “Nothing Else Matters” made for an interesting contrast.

Dan Auerbach’s vocals and guitar were clean, focused, and presented slightly forward, almost on the same plane as the front of the speaker. Presence was very good, and the Muo did a solid job preserving the tone of the acoustic guitar without making it sound thin or brittle.

When Patrick Carney’s drums entered, the Muo kept the pacing together, but the impact was a little soft and hazy around the edges. That took away some of the spaciousness and clarity the track builds toward. Sub bass was not the Muo’s strength here, which is hardly shocking given the size of the enclosure. Nobody is mistaking this for a portable subwoofer unless they also think gas station sushi is a calculated risk.

Switching to Metallica, James Hetfield, Lars Ulrich, and company came across with better definition. “Nothing Else Matters” sounded spacious and clear, with stronger separation and a more convincing sense of scale. The lower bass still leaned soft, but the Muo sounded more composed on this track, with improved definition through the midrange and better overall control.

Because I was in that kind of mood, I moved over to a Batman theme: Nirvana’s “Something in the Way” and Michael Giacchino’s “The Batman.” After a long day, both felt appropriate.

Giacchino’s score for the Pattinson version of the Dark Knight is especially strong, and I often listen to it at night driving back from Gotham — I mean New York City — while passing the West Side of Manhattan and thinking about someone I probably should not be thinking about. And you thought Bruce Wayne had emotional baggage.

The Muo carried both selections well. “Something in the Way” sounded spacious and suitably restrained, with enough texture in Kurt Cobain’s voice and the surrounding atmosphere to make the track work at lower volume. The KEF did not overplay the darkness or smear the midrange, which matters with a song that can collapse into murk on small speakers.

Giacchino’s “The Batman” had a convincing sense of space and mood, although the same limits in deeper bass were still apparent. The Muo can suggest weight, but it does not deliver the full low-end menace of that score. Still, the presentation was emotionally satisfying enough to pull me in and leave me staring out into the dark, wondering where she is. Batman had Gotham. I had a Bluetooth speaker and bag of biltong as cold comfort.

Switching over to Dolly Parton, Amy Winehouse, and Depeche Mode made one thing very clear: the Muo is genuinely confident with the human voice.

Dolly’s “I Will Always Love You” and Depeche Mode’s “Somebody” showed that in very different ways. The Muo handled Dolly’s vocal tone, phrasing, and that unmistakable quiver with enough clarity and presence to make the song land emotionally. When she reaches higher, the speaker does not turn hard or glassy, which is where a lot of compact wireless speakers start behaving badly and hope nobody notices.

Amy Winehouse was another strong fit. The Muo gave her voice body and texture without pushing it too far forward or sanding off the edges that make her delivery so compelling. There was enough punch to keep the arrangements moving, but the focus stayed where it should: on the voice.

Depeche Mode’s “Somebody” was more intimate and exposed, and the KEF did a solid job keeping the vocal centered, clear, and tonally believable. It is not a speaker that overwhelms you with bass weight, but voices are another story.

I finished with a smattering of Aphex Twin, Kraftwerk, Nick Cave, and Deadmau5, which gave the Muo a different kind of workout.

Electronic music played to a lot of its strengths. The presentation was spacious, pacing was very good, and synth lines had enough snap and texture to keep the music moving. It handled pulsing rhythms well without sounding congested, even when the tracks became more layered.

Kraftwerk and Deadmau5 both confirmed that the Muo is more comfortable with speed, clarity, and spatial information than outright low-end punishment. Synths hit cleanly and with decent weight, but the deepest bass was still the obvious limitation. That is the tradeoff here. You get control and openness, not chest compression.

Nick Cave’s “Avalanche” was a pleasant surprise. The Muo filled my kitchen with more piano weight than I expected from a portable Bluetooth speaker, and Cave’s voice had enough body and presence to keep the track from sounding thin. No, it did not create the tonal scale or dimensionality of a properly set up stereo pair, but for a compact speaker sitting in a kitchen, it was impressively composed.

Moving the Muo outside produced three consistent impressions. First, it projects farther and wider than its size suggests. My backyard is roughly 150 feet by 100 feet, and with the speaker positioned on the deck railing, I could hear it clearly in all four corners. Second, it does have some volume limits compared to larger portable Bluetooth speakers I’ve used, but it still played loud enough for how I would actually use it. Third, sub bass remains the main weakness. The Muo can fill space, throw sound, and stay clear outdoors, but it is not going to turn the yard into a club. And frankly, neither are most of your neighbors.

The Bottom Line

The KEF Muo is not the portable speaker to buy if your priority is chest-thumping bass or party-level output. Sub bass is its clearest limitation, and while the strap is useful, the aluminum build gives it enough heft that I would rather toss it in a backpack than carry it around by hand all day.

But the Muo gets the important things right. It sounds clear at lower volumes, throws a surprisingly wide soundstage for its size, handles voices with real confidence, and projects well outdoors without falling apart. The orientation-aware DSP actually matters, the build quality is excellent, and the weather resistance makes it a practical speaker for kitchens, decks, beaches, and weekends where nobody checked the forecast.

A stereo pair could make a very compelling office or bedroom system, especially for listeners who want something cleaner, better built, and more refined than the usual rubberized Bluetooth brick.

It is not perfect, but it pressed almost every button on my portable speaker list. And unlike a lot of design-first audio products, the Muo does not forget that it still has a job to do.

Pros:

• Clear, detailed sound at lower listening levels
• Excellent vocal clarity and tone
• Wide soundstage for its size
• Orientation-aware DSP works well
• Premium aluminum build quality
• Strong real-world battery performance
• Solid weather resistance
• Superb value for the money

Cons:

• Sub bass is limited
• Not as loud as some larger portable Bluetooth speakers
• A bit heavy for long hand-carry use
• Auracast requires a compatible Android device
• Stereo pairing requires buying a second speaker

Our Ratings

★★★★★★★★★★ Performance

★★★★★★★★★★ Usability

★★★★★★★★★★ Build Quality

★★★★★★★★★★ Value

Where to buy:

Related Reading:

Earlier this month, xAI signed a major compute deal with Anthropic, pledging billions of dollars a month for exclusive use of the company’s Colossus cluster. It was a coup for both companies, giving xAI some much-needed revenue and helping Anthropic catch up in the never-ending race for compute.

But this morning on X, Elon Musk downplayed exactly how much SpaceX had committed to the deal.

“SpaceX has not committed to leasing Colossus for years, although it’s possible that may be what happens,” he said, replying to a user. “This is a 180 day lease with 90 day notice mutual cancellation thereafter. The short term was our request, not Anthropic’s. We won’t leave them hanging and will provide a reasonable off-ramp, but if compute gets super tight I said we might need it back at some point.”

Musk’s statement directly contradicts SpaceX’s recent S-1 filing, which confirms the standard 90-day cancellation but presents the deal as a three-year agreement. Page F-62 of the filing reads:

On May 3, 2026, the Company entered into a cloud services agreement with Anthropic PBC, an AI research and development public benefit corporation, with respect to access to compute capacity. Pursuant to this agreement, the customer has agreed to pay a monthly fee through May 2029, with capacity ramping in May 2026 at a reduced fee. The agreement may be terminated by either party upon 90 days’ notice. The customer will retain ownership and intellectual property rights in its content, AI models, and related data.

The key point here is that Anthropic “has agreed to pay a monthly fee through May 2029” — a pretty straightforward description of a three-year lease. The same language is repeated on F-96 and in slightly varied form (“the customer has agreed to pay us $1.25 billion per month through May 2029”) on pages 13 and 146, so it’s not as if there was a typo.

xAI did not respond to a request for clarification.

Maybe we can quibble about whether Anthropic agreeing to pay for a service means the same thing as SpaceX agreeing to provide that service, but that’s not usually what “lease” means. And why have a one-way lock-in if either party can terminate the deal with three months’ notice anyway?

I don’t have the deal in front of me, so I don’t know what it says — and neither SpaceX nor Anthropic is saying anything about the duration of the deal in their announcements. Still, there should be a pretty straightforward fact of the matter here, and it’s not the sort of thing you want to make false statements about during a company’s quiet period.

As always, we should note that the SEC probably will not do anything — and even if they did, Elon probably wouldn’t care. But this sort of does seem like a material misrepresentation made while marketing a security, which is bad karma at the very least.

Sean O’Kane contributed reporting to this article.

MSPs are flooded with security alerts every day, yet many still struggle to separate operational noise from the threats that actually put customers at risk.

One of the biggest reasons is tool fragmentation. When security tools operate in silos, they often create duplicate alerts, blind spots and incomplete context.

Instead of gaining improved visibility, MSPs are left piecing together information across multiple consoles just to understand what’s happening in a client’s environment.

The impact goes beyond security. For MSPs trying to grow, retain clients and compete against larger providers, alert fatigue and operational inefficiency are becoming business problems too. That is why the conversation around unified security platforms such as SIEM has become increasingly crucial.

Fragmented security stacks create security gaps

Most MSP security stacks evolved gradually over time. One tool was added for endpoint visibility, another for cloud monitoring and another for email security or network traffic analysis.

Individually, these tools may generate useful detections, but they rarely work together in a meaningful way.

For example, a suspicious login may appear in an identity tool, unusual PowerShell activity may trigger an endpoint alert and outbound traffic spikes may show up in a network monitoring platform.

Viewed separately, each event may seem low priority. But together, they could indicate an attacker has compromised credentials, established persistence and started moving laterally across the environment.

Research reports show that 87% of intrusions now involve activity across multiple attack surfaces. At the same time, IBM’s 2025 Cost of a Data Breach Report found that organizations take an average of 241 days to identify and contain a breach.

MSPs are not losing visibility because they lack tools. They are losing visibility because the tools are not working together.

Why SIEM has become essential for MSPs

Modern attacks rarely remain confined to a single area of the environment. Threat actors move between systems, user accounts, cloud applications and connected infrastructure as part of the same attack.

A modern SIEM changes that by giving MSPs a centralized view of activity across the entire environment while automatically correlating related events into a single investigation workflow.

Instead of technicians manually pivoting between consoles and chasing disconnected alerts, the platform connects signals into a cohesive attack narrative with the context teams need to act quickly.

For lean MSP teams, that becomes a force multiplier.

• Investigations move faster because technicians no longer waste hours reconstructing timelines across disconnected platforms.
• Threats are easier to identify because suspicious behavior can be tracked across multiple attack surfaces rather than being hidden in isolated alerts.
• Teams spend less time chasing noise and more time responding to incidents that could impact clients.
• Automated correlation and response reduce manual workloads, helping MSPs improve efficiency without constantly adding headcount.

That visibility is critical for reducing alert fatigue. Rather than overwhelming teams with isolated notifications and duplicate investigations, SIEM helps filter noise, prioritize meaningful incidents and surface the threats that require attention.

The business case for SIEM is growing stronger

Kaseya’s 2026 State of the MSP Report found that winning new clients is becoming harder, competition is increasing and differentiation is difficult when most MSPs offer similar service stacks. Security, however, remains one of the few areas where MSPs have a growth opportunity.

Clients are paying closer attention to security maturity, response capabilities, compliance readiness and operational resilience. That creates a major opportunity for MSPs that can position security as more than just another toolset.

SIEM sits at the center of that conversation because it helps MSPs improve both security outcomes and operational efficiency at the same time.

The key is learning how to position that value correctly.

• Make the invisible visible. Most clients assume they are protected because they have antivirus and a firewall. Show them — with a demo or a report — how many signals their environment generates across endpoints, cloud and identity that go uninvestigated without unified visibility. The gap becomes real the moment they can see it.
• Sell confidence, not coverage. The question your clients are really asking is, “If something happens, will you catch it?” Your pitch should answer that question directly. Unified detection, automated response and 24/7 SOC support mean the answer is yes, and you can prove it.
• Bundle it as a business continuity conversation. Cyber insurance providers, regulators and enterprise procurement teams increasingly require demonstrable security posture. Positioning SIEM not just as protection but as a compliance and insurability enabler makes it a business necessity rather than a cost.

MSPs that can connect security operations to measurable business outcomes will become far harder to replace and far less likely to compete on price alone.

Closing the detection gap with Kaseya SIEM

MSPs are often forced to choose between two difficult options. Traditional enterprise SIEM platforms can be expensive, complex to manage and difficult for lean teams to fully operationalize.

On the other hand, lightweight managed alternatives may simplify operations but often come with visibility, customization and response limitations.

The result is a frustrating tradeoff. Overpay for complexity that many teams cannot effectively use or settle for tools that cannot deliver full visibility into modern threats.

MSPs need a middle ground that provides enterprise-grade detection and response capabilities without adding overwhelming operational overhead.

Kaseya SIEM is designed to fill that gap.

• Unified visibility: With visibility across more than 60 data sources, Kaseya SIEM unifies endpoint, network and cloud telemetry into a single dashboard with automated response capabilities and 24/7 SOC support built in.
• Fast automated response: Kaseya SIEM helps MSPs react in minutes instead of hours with automated response actions that work across cloud and endpoint environments simultaneously. Teams can isolate devices, block accounts, flag suspicious sessions and trigger response workflows automatically.
• Smarter investigations with AI: Kaseya SIEM uses AI to simplify investigations and reduce alert fatigue for MSP teams. Its AI-powered interrogation chatbot allows technicians to query security data using natural language, while behavior-based detections help uncover suspicious activity that traditional rules-based systems may miss.
• Proactive security recommendations: The platform can also recommend alert suppressions for known-good behavior, surface indicators of compromise, suggest PowerFilters to reduce noise and provide Microsoft tenant hardening recommendations to proactively strengthen security posture.

Turning signals into answers

The signals are already there.

In most breach postmortems, the indicators existed in the logs long before the incident escalated. The problem was that no one connected them fast enough to act.

The MSPs that will stand out are those that can reduce noise, improve visibility and turn disconnected alerts into actionable insights.

Our eBook, Finding signal in the noise, shows how.

Sponsored and written by Kaseya.

The U.S. Department of Defense has confirmed that adversaries have targeted and surveilled serving military personnel on the battlefield using commercial location data, the latest demonstration of how information collected from phones and computers can be abused to track and target individuals. 

In a letter shared by Sen. Ron Wyden with TechCrunch, U.S. Central Command said it was aware of hostile actors using purchased location data to track U.S. servicemembers.

“USCENTCOM has received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theater,” the letter reads.

The letter did not provide examples or specifics, and a spokesperson for the Department of Defense did not return a request for comment.

Reuters first reported the news on Thursday.

Location data is often collected from phones and computers through online advertising, which then gets bought by data brokers, who then sell the data on the open market. Governments and militaries, including the United States, have purchased this data in the past without obtaining a warrant. In recent years, the FBI has warned consumers to use ad blockers as a way to minimize the amount of data that apps, websites, and other software can collect.

Wyden told Reuters that it was time to “start treating the adtech industry as a national security threat.”

Why?

For nearly a decade now, Waymo has tested and deployed its autonomous driving technology in cars designed for human drivers. Waymo began its services with the Chrysler Pacifica hybrid and moved to the all-electric Jaguar I-Pace in 2018. The Ojai, though, is something new: a vehicle built specifically for autonomy.

Ojai’s debut also marks the introduction of Waymo’s newest hardware and software system. The update, Waymo has said, “leverages breakthroughs in AI” and, like previous systems, combines inputs of three different kinds of sensors: cameras, lidar, and radar.

Waymo seems to envision the updated tech as the driver (pun intended) behind its big expansion push. The company currently operates in 11 US markets and plans to launch its service in at least 20 different new regions, including London and Tokyo. The system is “designed for long-term growth across multiple vehicle platforms,” Satish Jeyachandran, the company’s vice president of engineering, wrote earlier this year. He said the new design should allow the company to expand into different environments, including ones with brutal winters—historically a technical challenge for robots.

About the name: Ojai is named after the hippy but upscale Ventura County village known for its arts community.

What’s Different About This One?

Ojai definitely looks different from the Waymos that came before. The cabin is larger and has more legroom than its Jaguar predecessor, and there are charging ports and cup holders. Waymo says the vehicle is more accessible to people with disabilities thanks to flat floors, low step-in height, and grab bars. (The vehicles are not wheelchair-accessible.) Waymo says the vehicle cabin is easier to clean, too. The company says the vehicle’s features should speed up its operational efficiency: It’s quicker to charge and has a modular design that makes repairs easier.

The Ojai is clearly not a normal car, and it is studded with sensors that help it drive on its own: 13 cameras, six radar systems, and four lidar sensors.

Courtesy of Waymo

Who Made This Car?

Here’s where it gets interesting: The Ojai is a modified version of a “mobility platform” made by leading Chinese new-energy vehicle manufacturer Geely. More specifically, the car’s shell is built by Geely sub-brand Zeekr, which has sold cars internationally since 2023 and is now in markets across Europe, Asia, the Middle East, and Latin America. Notably absent among Zeekr’s markets: the US, where these Ojai vehicles will operate.

Waymo says the bare-bones vehicles are manufactured in China and then shipped to Waymo’s Arizona facility, where the US-built autonomous systems are added on US soil. Waymo spokesperson Sandy Karp says the company is building toward pumping out tens of thousands of driverless-ready vehicles annually.

Wait—I Thought Chinese Cars Weren’t Allowed in the US?

This is still (kind of) true. Last January, the Biden administration finalized rules barring Chinese- and Russian-connected vehicle tech from US roads starting in 2027. At the time, the US government said that this foreign-connected-car tech represented a national security threat; it didn’t hurt that American carmakers were increasingly threatened by cheap and well-made vehicles manufactured in China. Chinese-made cars are also effectively blocked from the American market by high tariffs.

But the prohibitions don’t apply to Waymo, the company says, because Zeekr only manufactures the “base vehicle” and doesn’t include any telematics or connected software systems, which are added in the US.

Still, the autonomous vehicle developer has received flak from politicians for its involvement with Geely and Zeekr. In a February US congressional hearing, one Republican senator criticized the company for “getting in bed with China.”

Whatever your feelings about the partnership, Ojai’s launch will likely give many US riders their first interactions with Chinese-made cars.

You Say Rides Are Free?

For now, yes. Waymo spokesperson Sandy Karp writes that a period of gratis rides will help the company “gather rider feedback and continue refining the experience.”

But there’s another reason for the free rides, at least in California: Though Waymo has a permit to operate the driverless Ojai vehicles in the state, it doesn’t yet have permission to carry paying passengers inside them. That authorization is still being considered by a state regulator, the California Public Utilities Commission (CPUC), which before approving the vehicle asked Waymo to respond to questions about how the company handles unaccompanied minors illegally riding in its cars, plus its approach to major disruptions and natural disasters, like the late 2025 San Francisco power outage that stranded Waymos across the city. The CPUC will make a decision about the Ojai, and about a proposed Waymo expansion into the East Bay and parts of Southern California, by June 27, says CPUC spokesperson Terrie Prosper.

“We are awaiting the CPUC’s permission to charge fares for those rides,” Karp writes.

What’s Next in the ‘Car’ Part of Autonomous Cars?

Waymo is also preparing to add Hyundai Ioniq 5 models to its robotaxi fleet. The vehicles are part of a partnership between Hyundai and Waymo that dates back to 2024. The Jaguar I-Pace will stick around for a while, too.

I have been an application-specific IC (ASIC) designer for almost three decades. Over that time, I’ve moved through the full academic trajectory, from graduate student to full professor; later, I transitioned to industry after an unsuccessful stint at entrepreneurship. When I made the switch to the private sector in 2019, I began focusing on a critically important aspect of the electronic industry: silicon intellectual property.

As much as 80 percent of the physical area in today’s most advanced chips is occupied by blocks that aren’t made for specific products or even designed by the consumer-facing companies that built them. Instead, chipmakers draw heavily on established silicon IP from companies like Arm, Cadence, Rambus, Synopsys, and the company I work for, Silicon Creations.

Throughout my career, I’ve designed chips for very different purposes, including enabling the research program in my academic lab and expanding the IP portfolio of my company. When I joined Silicon Creations, I had no idea how differently the industry approaches IC design and encountered a steep learning curve. Initially, it seemed that much of my two decades of academic research and training did not directly translate to the role. I had to learn new skills and adopt a new mindset.

Today, demand for ASICs is rapidly growing, driven by the need for specialized chips in the automotive sector, AI applications, and more. By one market estimate, the ASIC market is expected to grow from US $23.4 billion to $38.8 billion by 2033, and the semiconductor industry as a whole is projected to hit $1 trillion by 2030. The industry needs more chip designers—but if you’re coming from an academic background as I did, there are a few things you’ll need to know.

Different goals lead to different strategies

The differences between industry and academe begin with a divergence in purpose. In academia, my primary objective was to generate new knowledge: to propose a novel circuit technique, validate an unconventional architecture, or explore the limits of performance in a given domain. A successful chip is one that demonstrates a concept. In industry, it is not nearly enough to prove that something can work. The goal is to ensure that it works reliably, repeatedly, and at scale. Success is measured not by novelty but by whether the silicon meets specifications, yields as expected in production, and supports a competitive product delivered on schedule.

This leads to a stark contrast in risk tolerance. Academic designs often deliberately push into unproven territory, where even partial success can yield valuable insight. In industry, however, we systematically minimize risk. The cost of failure makes first-time silicon success a central requirement—especially at advanced technology nodes, where the lithography masks used to transfer circuit designs onto silicon wafers alone can cost tens of millions of dollars. As a result, industry design flows are built around eliminating uncertainty through conservative margins, extensive validation, and careful reuse of proven solutions.

“Academia explores the design space, asking what is possible, while industry exploits it, determining what is viable at scale.”

This paradigm has existed since the 1970s, when application-specific chip design was established. However, the gulf between academia and industry has expanded since the mid-2010s, when FinFET technology, a 3D architecture using vertical “fins” of silicon, was widely adopted in industry. System designs are also becoming increasingly modular with the advent of chiplets. This fundamentally altered the economics and complexity of ASIC development, with design costs rising by almost an order of magnitude. Initiatives like Taiwan Semiconductor Manufacturing Co.’s University FinFET Program and new government-funded chip-design hubs now let some well-resourced universities design for more advanced architectures, but the technology is still out of reach for many academics.

What the industry-academia split means in practice

Consider a startup developing an ASIC. Its engineering team may have deep expertise in a particular algorithm, sensor interface, or system architecture, the features that define its competitive advantage. But it is unlikely to possess world-class expertise in every supporting function. Developing each of these blocks internally would require significant time, capital, and specialized talent. Doing so could delay market entry beyond the startup’s viability.

Even large semiconductor companies face similar constraints. Advanced-node development demands intense focus. Allocating a team to redesign a standard interface block that has already been implemented elsewhere may be difficult to justify when differentiation lies at the system level, such as an inference chip’s ability to speed up neural network computations. The time it takes to move a new chip from conception to market and risk mitigation, not self-sufficiency, govern most decisions about in-house development versus outsourcing.

The economics of advanced IC manufacturing reinforce this reality. When the development cost of a leading-edge chip reaches hundreds of millions of dollars, minimizing risk becomes a central design imperative.

In this context, silicon IP emerged as a practical solution. Similar to how software developers rely on preexisting libraries rather than writing every function from scratch, ASIC designers license predesigned, preverified silicon blocks—such as processor cores, memory interfaces, and security engines—from highly specialized IP vendors. These blocks can then be integrated into larger, increasingly complex systems.

Design scope, verification, and time horizons

With the use of silicon IP, industry is able to widen the scope of its designs. Academic efforts tend to focus on block-level innovation: a new analog-to-digital converter architecture or an ultralow-noise amplifier, for instance. These designs typically abstract away many of the complexities of bringing a chip to market, such as packaging constraints, long-term reliability, and manufacturing yield.

In industry, the focus shifts to system-level integration. Modern systems on chips, or SoCs, incorporate dozens or even hundreds of functional blocks. Managing signal integrity, timing, firmware interaction, and system-level validation becomes as critical as the design of any individual block.

Verification philosophy also diverges sharply. In academia, the goal of verification is to demonstrate that the concept works under nominal conditions, which may not always reflect how it would perform in real applications. Even if only a fraction of fabricated chips from a multiproject wafer operates correctly, the design may still be considered a success if it validates the underlying idea.

At my academic lab for instance, we used to receive 40 chips from a TSMC prototyping service and started testing them in batches of five. If the first five or 10 chips proved functional, we had already collected more than enough data for a publication. If some of them failed, we weren’t required to mention this when publishing the results.

In industry, verification is exhaustive, critical, and often dominates the development schedule. Failures are measured in parts per million, and even rare anomalies are carefully analyzed and documented to identify root causes and prevent recurrence. When I started at Silicon Creations, I was surprised by the level of detail and scrutiny designs face.

Differences in time horizons and economic constraints reinforce each of these contrasts. Academic projects operate on flexible timelines aligned with research and funding cycles. If I missed a deadline, I just had to wait for the next cycle. Industry projects are driven by fixed product schedules and market windows, frequently targeting costly leading-edge nodes to achieve competitive performance, power, and area efficiency. Missing a deadline can negate the value of an entire design and may have major financial consequences along the entire supply chain.

In essence, academia explores the design space, asking what is possible, while industry exploits it, determining what is viable at scale. Both are indispensable, but they operate under fundamentally different definitions of success. As ASIC complexity continues to grow, understanding both perspectives will be essential for the next generation of engineers navigating the evolving semiconductor landscape.

This article appears in the June 2026 print issue.

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances.

Designed as an alternative to GitHub Enterprise or GitLab and written in Go, Gogs is often exposed online for remote collaboration.

This critical severity argument injection security flaw has yet to be assigned a CVE ID, affects the latest release versions (Gogs 0.14.2 and 0.15.0+dev), and can only be exploited by authenticated attackers without admin privileges.

However, even though it requires basic user privileges to exploit, Rapid7 senior security researcher Jonah Burges (who discovered the flaw) said the vulnerability affects all Gogs servers with default configurations.

“Since Gogs ships with open registration enabled by default (DISABLE_REGISTRATION = false) and no limit on repository creation (MAX_CREATION_LIMIT = -1), an unauthenticated attacker can simply create an account and repository on any default-configured instance,” Burges warned on Thursday.

“Any registered user who creates a repo is automatically its owner. From there, enabling rebase merging is a single toggle in settings, and the entire exploit chain can be operated without interaction from any other user.”

Successful exploitation allows attackers to execute arbitrary code remotely as the Gogs server process user via pull requests that use a malicious branch name to inject the “—exe”c flag into git rebase during the “Rebase before merging” merge operation.

They can abuse this security flaw “to compromise the server, read every repository on the instance (including other users’ private repos), dump credentials (password hashes, API tokens, SSH keys, 2FA secrets), pivot to other network-accessible systems, and modify any hosted repository’s code.”

Burges added that this vulnerability is similar to other argument injection flaws (e.g., CVE-2024-39933, CVE-2024-39932, CVE-2026-26194, and CVE-2024-39930) addressed by Gogs in recent years, but affects a different code path (Merge()) that was never patched.

The researcher reported the security flaw to the Gogs maintainers on March 17, but they have yet to provide a patch or respond to further requests for a status update, despite acknowledging the report on March 28.

Internet security watchdog Shadowserver now tracks over 2,400 Gogs servers exposed online, most of them in Asia (1,894) and Europe (319), while Shodan found just over 1,000 IP addresses with a Gogs fingerprint.

In early December, the Gogs security team patched another Gogs RCE vulnerability (CVE-2025-8110) that was exploited in zero-day attacks to compromise hundreds of servers.

“Many of these instances are configured with ‘Open Registration’ enabled by default, creating a massive attack surface,” Wiz security researchers (who reported the flaw) said at the time.

Wiz Research discovered CVE-2025-8110 while investigating a compromised Internet-facing Gogs server in July and reported the flaw to Gogs maintainers on July 17. They acknowledged Wiz’s report three months later, on October 30, and released CVE-2025-8110 patches in early January.

On January 12, CISA confirmed Wiz’s report that the CVE-2025-8110 was under active exploitation and added the security flaw to its catalog of vulnerabilities exploited in the wild, ordering Federal Civilian Executive Branch (FCEB) agencies to secure their servers by February 2.

“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” CISA warned at the time.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.

This guide covers the 6 surfaces you actually need to validate.

Advertisement

Download Now

After 16 weeks of intense league action, the 2026 Premier League Darts season is down to its most important night. The O2 Arena in London will host the semi-finals followed by the final on May 28. Luke Littler will go against Gerwyn Price, while Luke Humphries will take on Jonny Clayton in the best-of-19-leg semi-finals.

Littler has had the upper hand against Price, winning eight consecutive Premier League matches against him this season. He was also top of the points table, with 43 points and six nightly championship wins, followed by Jonny Clayton with 34 points and four nightly championships.