Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators.

The attacks were detected by WordPress security firm Defiant, whose Wordfence firewall blocked over 222 attempts against its customers in the past 24 hours.

The full name of the plugin is Kirki – Freeform Page Builder, Website Builder & Customizer. It is a freeform visual builder and advanced theme customizer active on more than 500,000 websites.

Wordfence reports that the issue was introduced in a recent major release, version 6.0.0, and impacts plugin versions up to 6.0.6, which are used by nearly 40% of the plugin’s userbase, according to download statistics from WordPress.org.

CVE-2026-8206 is caused by the exposure of a custom REST API endpoint for password resets through the ‘handle_forgot_password()’ function.

The flaw stems from the plugin accepting an arbitrary email address during password reset requests.

When a username is provided, the plugin generates a valid password reset link for the associated account, but sends it to the attacker-supplied email address rather than the account owner’s registered email address.

This behavior makes it trivial for unauthenticated attackers to generate password reset links for any user registered on the site to email addresses under their control, easily hijacking them.

Once an attacker gains admin-level access, they could install malicious plugins, modify website content, deploy web shells or persistent backdoors, and access private databases.

The flaw was discovered by security researcher CHOIGYENGMIN, who reported it to Wordfence on May 4, 2026. The company notified the vendor on May 16 and released a fix with version 6.0.7 on May 18, 2026.

Given the active exploitation status of CVE-2026-8206 and the very low requirements for launching attacks, it is critical that website owners/administrators upgrade to version 6.0.7 or disable the plugin.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.

This guide covers the 6 surfaces you actually need to validate.

Download Now

You can pre-order the Faden siblings’ next adventure now.

Qualcomm and Microsoft believe cloud-based AI wearables are the future, rather than entirely optional and secure on-device features like Apple Intelligence.

Big tech has all but embraced the proliferation of AI. Microsoft and Qualcomm are the latest to suggest the future of hardware and software development lies in AI-first devices.

On June 2, Microsoft CEO Satya Nadella and Qualcomm CEO Cristiano Amon discussed a new wearable device dubbed Project Solara, a joint venture of the two companies.

“We’re moving from building operating systems, devices for apps, to agents,” said Nadella.

Qualcomm’s CEO describes Project Solara as “a much more personalized and bespoke experience than an app in itself,” and as a product “that’s changing the nature of devices.”

In essence, the two companies are working on a device that does tasks for you through AI agents, rather than a product with an established operating system and apps that let you do things on your own. Additionally, the “whole silicon is designed for you to have a cloud-native experience,” according to Amon.

Design-wise, Project Solara resembles a smartphone attached to a lanyard. Commenting on the product’s design, Amon said that we’ve started to see “incredible new form factors” like Project Solara.

Realistically, though, it’s not a far cry from the ill-fated Rabbit R1 or the Humane AI Pin.

Inside, Microsoft and Qualcomm’s new device will house a power-efficient CPU, along with a variety of sensors to help it understand the world around its wearer. In that respect, the device sounds like most AI wearables on the market, though less convenient than something like Google’s smart glasses.

Microsoft’s AI approach vs. Apple’s ideas

Project Solara stands at odds with Apple’s privacy-first AI philosophy, where on-device models are prioritized over cloud-based processing. The product has an inherent security risk, relative to an iPhone, as information is constantly shared over the internet.

Qualcomm CEO Cristiano Amon spoke about “incredible new form factors,” but the device looks like a smartphone on a lanyard. Image Credit: Qualcomm.

However, there is a small commonality between the AI ideas of Microsoft and Apple. Project Solara will feature an open ecosystem where wearers can choose the AI agents they want to use.

Apple, meanwhile, is said to be working on improved third-party AI support for iOS 27, though its own on-device AI will continue to be the backbone of Apple Intelligence.

In essence, Microsoft will prioritize convenience over privacy, security, and long-term usability. Both Apple and Microsoft will give users freedom of choice when it comes to AI models, though.

When viewed through the context of failures like the Humane AI Pin and Rabbit R1, though, Apple’s idea of offering AI with existing products makes more sense. Google Gemini is similarly available across Android devices, as Apple Intelligence is on iOS.

More importantly, Apple Intelligence is an entirely optional set of features, an auxiliary set of tools. AI is not the cornerstone of the iPhone, and Apple understands that users want the freedom to do things without LLMs. Microsoft’s AI approach is arguably the exact opposite.

However, rumors of an Apple-branded AI pin continue to circulate, and OpenAI is working on an AI-themed device with former Apple designer Jony Ive. Even with the nonexistent success of AI companion devices, tech companies seem to believe there’s still hope for this sort of platform.

Whether any AI-themed device, be it from Apple or Microsoft, will achieve mainstream success remains to be seen.

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions.

Tool and payload development was assisted by Cursor and Claude Opus agents in various stages, including initial coding, analysis, and revisioning. Additionally, some agents were tasked with checking security research posts for various bypass techniques.

Some of the malware created this way was tested in virtual environments against EDR tools from Sophos, CrowdStrike, and Microsoft.

Despite the malware research and development orchestrated using AI technology, the researchers note that the workflow is entirely human-driven.

Rapid EDR-bypass development

Researchers at cybersecurity company Sophos detected activity from the toolkit on a system at a customer environment that triggered alerts for payloads stored in C:\Users\User\Documents\test.

The malicious files suggested they were part of an attack framework that focused on evading detection:

• Cobalt Strike profiles designed to make beacon traffic resemble legitimate web requests
• A Telegram bot API–based external command and control (C2) mechanism that routed communication through Telegram’s infrastructure rather than using direct connections
• Python-based malware development scripts for injecting shellcode into legitimate Windows executables while preserving original functionality
• A Cloudflare Worker acting as a front-end redirector to obscure the actual backend C2 server

The researchers say that while the tool may appear as a “red team” post-exploitation framework, it is used in cybercriminal activity related to ransomware.

“Our initial assessment included the possibility that a legitimate Red Team was engaged, but our investigation revealed further artifacts that indicated malicious and criminal activity,” Sophos told BleepingComputer.

The discovery in Cobalt Strike operator logs of entries pointing to a ransom note and details on multiple organizations listed on a ransomware data leak site clarified that the framework was used for cybercrime operations.

Agentic malware development

In a report published today, Sophos says that multiple Python scripts on the compromised host were written in Russian and generated with the help of AI tools.

During the investigation, the researchers found a Git repository with components related to “an automated Active Directory (AD) discovery panel and a lab that uses an iterative approach to developing and testing malware against the Sophos, CrowdStrike, and Windows Defender endpoint detection and response (EDR) agents.”

They say that AD discovery is driven by collecting observations from completed tasks and selecting the next action from predefined choices. The next step is delegated to remote agents, with results being reassessed.

The framework has multiple AI agents, each with a distinct role and function. For instance, a Claude Opus 4.5 agent acts as the coordinator of the R&D process, while others handle testing, OPSEC hardening, documentation, proxy stress testing, VM deployment, and other related tasks.

For the development stage, some agents documented bypass techniques in research from Kaspersky, Palo Alto Networks, Bishop Fox, and SpecterOps, as well as details published in social media posts.

The agents extracted the techniques, mapped them to the MITRE ATT&CK knowledge base of adversary behaviors, identified what was needed for reproduction, prepared a test lab, executed the technique, and reported the outcome.

The main component in the malicious framework is a Python tool that generates payloads, mostly in Rust and Go, based on an evasion technique. Close to 80 modules were generated and tested against more than 70 techniques.

While the agents initially suggested a high failure rate, the modules appeared to bypass almost all EDR solutions after several iterations. However, Sophos noticed discrepancies between the test output and the framework’s internal reporting in some instances, although the reasons are unclear.

Sophos found no evidence that AI was embedded in deployed malware or operating independently in victim environments. Instead, the technology was used to accelerate the iterative process of developing, testing, and refining payloads against security products.

AI tools are shortening the period between the publication of offensive security research and its practical implementation by threat actors.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.

This guide covers the 6 surfaces you actually need to validate.

Download Now

Instagram has a well-documented problem with how it treats teenage users, and Meta is finally taking a more concrete step to address it. The company announced it is testing a new feature on Instagram designed to stop teens from being repeatedly served the same type of content in Explore, Feed, and Reels.

The announcement is part of a broader global rollout of tightened teen account protections across Instagram, Facebook, and Messenger.

The evidence against Instagram’s algorithm has been building for years

Researchers set up fake teen profiles on Instagram and found that liking just one fitness-related post was enough to completely change what the algorithm recommended next. The Explore tab quickly filled up with weight-loss tips, extreme dieting content, and images of heavily edited body types. The pattern repeated across profiles mimicking teenagers of different ages and genders.

According to Harvard researchers, Instagram’s algorithm actively draws vulnerable teens into a damaging cycle of negative social comparison, worsening body image, anxiety, depression, and eating disorders.

Most damningly, Facebook’s own internal research found that 32% of teen girls said Instagram made them feel worse about their bodies when they were already struggling. The platform knew this and kept going.

What Meta is doing to protect teens from harmful content

Meta acknowledges that content around nutrition, fitness, or coping with anxiety can be useful, but argues it should be balanced rather than served on repeat. The new feature being tested is specifically aimed at breaking that loop.

Separately, the 13+ content setting, first launched last October, is now expanding globally across Instagram, Facebook, and Messenger. Nine out of ten teens have stayed within that setting since launch.

An independent assessment by online safety firm Alice found that teens in the default 13+ setting saw 68% less mature content than on a leading competitor’s teen experience. Those in the stricter Limited Content setting saw 96% less.

Meta also crowdsourced feedback from hundreds of thousands of parents who rated over 15 million pieces of content. In a survey at the end of April, fewer than 2% of posts were flagged as inappropriate by most parents. The stricter Limited Content setting is also coming to Facebook and Messenger later this year.

The European Union’s plan to build five massive AI data centres, each with one gigawatt of capacity and approximately 100,000 advanced chips, is stumbling before it starts. The bidding process, originally scheduled for May, has been pushed to July. A lack of funding clarity means only two of the five planned centres can receive money before the EU’s next budget cycle begins in 2028. At least two consortia are reconsidering whether to bid at all if the project is significantly downsized, according to people familiar with the matter.

The initiative, announced last year to accelerate European AI infrastructure investment, initially drew interest from about 70 companies across the bloc. That number has narrowed to approximately 10 groups expected to submit bids, with a maximum of one per country. The European Commission has delayed publishing its criteria for the data centres multiple times. “I think I’ve lost count” of all the delays, said Maria Nowicka, a Brussels-based policy researcher at the think tank Interface.

The funding gap

The €20 billion ($23.3 billion) plan envisions less than half coming from governments. The EU would provide €4.1 billion in subsidies, matched by an equal amount from member states hosting the centres, with private investors financing the rest. But the phased funding structure, with money earmarked in 2028 and 2030, means the subsidies arrive years after the infrastructure is needed. US utilities alone plan to spend $1.4 trillion on grid infrastructure for AI by 2030, and American hyperscalers are investing hundreds of billions annually in data centres, including on European soil.

The scale mismatch is stark. SoftBank recently announced up to €75 billion in data centre investment in France alone, more than three times the entire EU programme. Meta is raising $13 billion for a single Texas data centre. The EU’s €4.1 billion in direct subsidies, spread across five countries, is modest relative to what individual companies are spending per facility.

The consortium problem

Early proposals were structured as national consortia pooling resources from multiple companies. In Germany, the Schwarz Group (owner of Lidl) and Deutsche Telekom both expressed interest in leading bids. In Spain, Telefónica is leading a consortium. In France, Mistral AI is in discussions to join a €10 billion project.

But the moving goalposts are eroding enthusiasm. The Schwarz Group’s interest has dampened due to the complex and lengthy tender process, according to a person familiar with its business. The company is building its own data centre south of Berlin without waiting for EU subsidies. Deutsche Telekom CEO Tim Hoettges said the company will only participate if industry and government customers guarantee demand. Telefónica’s COO said the company is considering holding only 10% to 15% of a joint venture bid.

Mistral AI’s CEO Arthur Mensch criticised the programme’s national framing: “One of the problems is that it’s kind of thought at a national level, which is completely stupid. Any successful endeavour on that domain needs to be European-wide and much larger than what is actually framed in the programme.”

Another EU tech policy stumble

The gigafactory delays echo the EU’s experience with its 2022 Chips Act, which failed to boost the bloc’s share of global semiconductor production despite a target of doubling it by 2030. French companies bid €10 billion for one of the five planned gigafactory sites, demonstrating private sector willingness that the EU’s bureaucratic process has struggled to harness.

The strategic motivation remains urgent. With transatlantic relations strained under Trump’s current term, the EU is promoting tech sovereignty as a matter of security, privacy, and competitiveness. Europe has led on AI regulation through the AI Act, but regulation without infrastructure means setting rules for a game played on someone else’s hardware.

Polish digital minister Dariusz Standerski, participating in the EU talks, confirmed the July bidding timeline and the two-phase funding structure. A Commission spokesperson said a call for proposals is expected to be approved “shortly after thorough preparations.” For the companies that have already moved on, building their own facilities without waiting for subsidies that may not arrive in time, the EU’s assurances may come too late to matter.

Security

Meanwhile, Anthropic adds 150 partners to Project Glasswing

Bug hunting has become a whole lot more exciting in recent months with both Anthropic and OpenAI touting their latest models (that also happen to be super-scary exploit machines). On Tuesday, as Anthropic announced a fourfold expansion to its Mythos preview program, Cisco jumped into the fray, praising the transformative power of AI – but without disclosing how many bugs the latest frontier models found.

Cisco SVP Anthony Grieco in a Tuesday blog said that the advanced AI systems, including Anthropic’s Claude Mythos Preview and OpenAI’s GPT 5.5-Cyber, scanned 1.8 billion lines of code in eight weeks looking for vulnerabilities in Cisco products – a task that otherwise would have taken the networking giant’s advanced security team eight years to accomplish.

However, Grieco, who heads Cisco’s security and trust organization, didn’t say how many flaws Mythos and other frontier models uncovered, or if they have all been fixed. The company also did not respond to The Register’s questions about this.

Grieco did say that “speed is only half the story,” calling the “real breakthrough” the “scale, quality, and impact” of the models’ findings.

The 1.8 billion lines of code, written in more than 25 different languages, spanned Cisco’s portfolio, we’re told. Netzilla paired the models with a “human-guided harness,” and achieved a false positive rate of under 3 percent, Grieco wrote.

“Rather than focusing on a specific scope for a security evaluation, we can assess entire code bases of a product. It’s like switching from a flashlight to a flood light to illuminate a dark room,” he said. “Because each finding is validated through a hybrid of AI and human expertise, our engineering teams are receiving actionable intelligence rather than a wall of warnings.”  

Meanwhile, Anthropic on Tuesday said it expanded Project Glasswing to about 150 additional organizations, bringing the total partner count to about 200.

Project Glasswing is the AI giant’s controlled partner program for giving selected orgs access to Claude Mythos Preview. When it announced the new model and partner program in early April, Anthropic limited the preview to about 50 entities, claiming Mythos is so good at finding and exploiting security holes that all hell would break loose and the zombie apocalypse would hit should the model fall into the wrong hands.

Since April, these select government agencies and corporate partners – including Cisco – have been using Mythos to find and fix bugs in their own products.

Palo Alto Networks, one of the original Project Glasswing partners, said in May that after spending a month using frontier AI models, including Anthropic’s Mythos, to scan more than 130 products across its three platforms, it uncovered 26 CVEs representing 75 underlying security issues. 

For comparison, the cybersecurity giant said it typically discloses fewer than five CVEs per month.

At the time, a company exec forecast “a narrow three-to-five-month window for organizations to outpace the adversary before AI-driven exploits start to become the new norm.” 

The newly expanded Project Glasswing spans more than 15 countries, and, while an Anthropic spokesperson declined to name them or the new partner companies, it’s a safe bet that these are likely Western and/or “friendly” nations. So not China and Russia.

Rubrik, a data security and management vendor, said that it was among the new Glasswing partners. The expanded list also reportedly includes the Korea Internet and Security Agency (KISA), along with Samsung Electronics, SK hynix, and SK Telecom, among other Korean companies.

“The group covers several industries that weren’t well-represented in our initial cohort, such as power, water, healthcare, communications, and hardware,” according to a Tuesday Anthropic blog. “And many of the new partners are vendors – companies or nonprofits that maintain codebases that are relied upon by lots of other organizations around the world, including governments.”

Each new partner must meet Anthropic’s security requirements before they gain access to Mythos, the company added.  ®

As AI becomes profitable, Jensen Huang claims companies are hiring more engineers

Jensen Huang isn’t worried about AI taking your job. In fact, he thinks the opposite is happening.

Speaking at Nvidia’s GPU Technology Conference (GTC) at Computex 2026 in Taipei—where thousands packed the venue, and 70 simultaneous watch parties broadcast across Taiwan—the CEO pushed back against concerns about AI-driven unemployment with a blunt dismissal.

People talk about AI reducing jobs. Complete nonsense. It’s causing more software engineers to be hired.

Jensen Huang

His reasoning is straightforward. A software engineer who uses AI well can now produce the economic output of three engineers. That doesn’t make engineers redundant—it makes them more valuable. Companies want more of them, not fewer.

Huang estimates that the world’s 30 to 40 million software developers, who collectively earn around US$3 trillion in salaries annually, are now producing what amounts to US$9 trillion in productive output, effectively tripling their productivity.

“If that line were flat, then obviously people will hire fewer software engineers,” he said. “But because the output is so incredible, people want to hire more.”

AI has crossed from experimental to profitable

The broader argument behind Huang’s jobs claim is that AI has finally become genuinely useful—and genuinely profitable.

He pointed to the rise of agentic AI as the turning point. Unlike traditional chatbots that simply answer questions, agentic systems can observe, plan, and execute tasks using tools such as browsers, spreadsheets, and code compilers, much like a human worker would.

“Today we can say that agentic AI has arrived, that useful AI has arrived.”

As AI becomes more capable, businesses are finding more ways to deploy it commercially. “Tokens are now profitable units of revenue,” he added, referring to the basic units of data processed by AI models. “Because it is now profitable, AI companies want to build a lot more.”

That, Huang argued, is creating demand for more software development, not less.

Pointing to GitHub data, he noted that developer activity has continued to surge despite rapid advances in AI. GitHub’s Octoverse 2025 report found that developers pushed nearly 1 billion updates to software projects in 2025—a 25% year-on-year increase—while more than 36 million new developers joined the platform in a single year.

With agentic AI now entering the picture, Huang argued, that trajectory is only going to steepen.

The effects are already rippling through entire economies. Nowhere is that more evident than in Taiwan, the epicentre of the AI hardware boom.

The country’s GDP is forecast to grow 9.64% in 2026—its fastest pace in 16 years—powered largely by demand for AI chips and computing infrastructure. In the first quarter alone, GDP expanded 14.55%, the fastest quarterly growth in nearly 48 years.

Reinventing the PC

Beyond the jobs debate, Huang saved a major product announcement for the keynote.

Nvidia and Microsoft have co-developed a new superchip—the RTX Spark—that Huang says marks the biggest reinvention of the PC in four decades.

Built with MediaTek, the chip features a Blackwell GPU, a 20-core CPU, and 128GB of unified memory on a 3-nanometre process, powerful enough to run 120-billion-parameter AI models entirely on a laptop with no internet connection required.

Microsoft, Dell, HP, ASUS, Lenovo, and MSI are all expected to launch devices this fall, with Huang claiming “100% of the world’s PC industry” has signed on.

The vision goes well beyond a faster laptop. Huang imagines a dedicated AI computer sitting in your home like a TV or games console, running personal agents around the clock—managing your calendar, booking travel, monitoring your home, and getting smarter over time.

“I could totally imagine that someday there’s actually an AI supercomputer in your house, running all of your agents,” he said. “And these in time become a lot more like R2-D2 to you than a PC.”

Huang also said that the same agentic computing technology powering cloud AI today will eventually run in robots, satellites, factory floors, and base stations.

“There is no question this reinvention of the computer is as big a deal as the reinvention of the phone into the smartphone,” he said. “And this is the beginning of that journey.”

• Read more news articles we have written here.
• Read more stories we’ve written on Singaporean businesses here.

Featured Image Credit: Nvidia

Perplexity AI, the fast-growing search startup now valued at $20 billion, unveiled what it calls the first hybrid local-server inference orchestrator at Computex 2026 on Monday night, demonstrating software that autonomously decides — in real time and mid-task — which AI workloads stay on a user’s device and which get routed to frontier models in the cloud.

CEO Aravind Srinivas demonstrated the system onstage alongside Intel CEO Lip-Bu Tan during Intel’s keynote address, using Perplexity’s “Personal Computer” agent to process confidential deal materials. In the demonstration, local models running on Intel Core Ultra Series 3 determined which information should remain on the device and which information could be sent to cloud-based models. Srinivas said the approach balances intelligence, accuracy, privacy, and cost.

The key claim is not that a model can run locally — dozens of tools already do that. It is that Perplexity’s system makes the routing decision itself, task by task, without requiring the user to choose in advance. Sensitive data like financial records or health information stays on the local machine; the heavier reasoning tasks that require frontier-scale models get sent to the cloud. One task, multiple execution locations, automatic orchestration.

“No product has done this before,” a Perplexity spokesperson said in an email to VentureBeat. The product is not yet available to users; according to the company, the hybrid inference feature will launch in the coming weeks.

Perplexity’s road from cloud-only agents to on-device AI orchestration

To understand why the Computex demonstration matters, it helps to trace the product arc Perplexity has been building since early this year.

On February 25, Perplexity launched Computer, a multi-model AI agent that orchestrates 19 different AI models to complete complex, long-running tasks on behalf of users. The system ran entirely in the cloud, breaking goals into subtasks and routing each to whichever model — Claude, Gemini, GPT, Grok, or others — was best suited for the job. Perplexity Computer unified every current AI capability into a single system, functioning as a general-purpose digital worker that operates the same interfaces a user does.

Then, in March, Perplexity introduced Personal Computer at its inaugural Ask 2026 developer conference. That product launched as a new Mac app with support for a hybrid local-cloud AI agent, which Perplexity described as a “personal orchestrator” that hybridizes local and server environments for security and productivity. Personal Computer could access the Mac’s file system and native Mac apps to create and execute entire workflows, with files created in a secure sandbox and all actions auditable and reversible.

What Srinivas demonstrated at Computex extends this architecture in a fundamental way. Previously, even the Personal Computer product divided labor along relatively clear lines: local file access on the device, heavy computation on Perplexity’s servers.

The new hybrid inference orchestrator gives the system itself the ability to reason about where each piece of a task should execute — not just which model to use, but which physical location should process it. The system reportedly asks for user permission before sending sensitive tasks to the cloud, a design choice that addresses one of the central anxieties enterprises have about agentic AI: data governance.

Why Nvidia’s RTX Spark and Intel’s new silicon make the timing strategic

The timing of the demonstration is not coincidental. Computex 2026 has been dominated by a single theme: on-device AI. Just hours before the Intel keynote, Nvidia CEO Jensen Huang unveiled the RTX Spark, a new Arm-based superchip that the company positions as the foundation for a new generation of AI-native Windows PCs.

At full strength, the RTX Spark Superchip offers up to 20 Arm CPU cores, a Blackwell GPU with 6,144 CUDA cores, 128GB of LPDDR5X RAM, and up to 300 GB/s of memory bandwidth — enough power and memory for AI agents and 120-billion-parameter models with context lengths stretching to a million tokens. RTX Spark systems will begin arriving in the fall.

Intel, not to be outdone, used its keynote to showcase Xeon 6+ processors with 288 efficiency cores built on 18A technology for the data center, and positioned its Core Ultra Series 3 as the client silicon that makes hybrid inference possible on the PC.

Perplexity’s hybrid orchestrator sits at the intersection of both strategies. If the system performs as advertised, it creates a direct economic incentive for users — and eventually enterprises — to invest in more powerful local silicon. The more capable the on-device chip, the more inference can run locally, reducing cloud costs and improving latency for sensitive workloads. That dynamic benefits Nvidia, Intel, and every other chipmaker competing for AI PC sockets.

The implications extend well beyond chip economics. “As chips become more powerful, more intelligence moves onto a person’s machine, alongside server inference for the complex tasks that still need frontier models,” a Perplexity spokesperson told VentureBeat. “Sensitive and sovereign work can stay local, which changes the need for massive country-level infrastructure.” 

That last claim — about sovereign infrastructure — is the most provocative. Nations from the UAE to France to India have been investing billions in domestic AI compute capacity partly on the assumption that sensitive data must stay within their borders, which means building or buying access to local data centers. If meaningful inference can run on an end user’s device with no data leaving the machine, the calculus changes. It does not eliminate the need for data centers, but it could soften the urgency of the buildout.

The model-agnostic architecture that makes hybrid inference possible

Perplexity’s hybrid inference play rests on the same architectural bet the company has been making all year: that the orchestration layer matters more than any individual model. For AI engineers, this signals a fundamental shift — the orchestration layer may matter more than the models themselves.

The key insight is separation of concerns: the orchestration layer handles task decomposition, state management, and tool coordination, while the model layer handles specific computations. This decoupling means teams can swap models as better alternatives emerge without redesigning the entire system.

Perplexity has leaned heavily into this philosophy. The company is doubling down on packaging frontier models in a consumer-friendly user experience, arguing that there is value in orchestrating multiple third-party LLMs to obtain the most cost-effective and accurate answers to queries. Models, in Perplexity’s view, are specializing, not commoditizing.

The hybrid inference extension takes that logic one step further. Perplexity is now orchestrating not just across models but across physical compute locations — choosing which model runs where. A lightweight local model might handle a privacy-sensitive document summarization task while a frontier cloud model tackles the complex reasoning required to analyze that summary against a broader market landscape. The orchestrator manages the handoff.

This is a technically ambitious claim. Making it work reliably in production will require the orchestrator to accurately assess the complexity of each subtask, understand the sensitivity of the data involved, know the capabilities and latency characteristics of whatever local hardware the user has, and manage the state of a task that may be bouncing between environments mid-execution.

It is easy to imagine edge cases where the routing logic fails, sends something sensitive to the cloud, or degrades performance by assigning a task to an underpowered local model. Perplexity says the system will be chip-agnostic, though the initial Computex demo ran on Intel silicon. The company expressed enthusiasm in its communications about the new AI chips announced at Computex this week, suggesting it intends to optimize across vendors.

A $20 billion valuation, nine lawsuits, and the pressure to deliver

The hybrid inference announcement arrives at a complicated moment for Perplexity. The company has been on a remarkable growth trajectory: It secured $200 million in new capital at a $20 billion valuation, just two months after raising $100 million at an $18 billion valuation. Since its founding three years ago, the rapidly growing AI company has raised $1.5 billion in total funding, according to PitchBook data.

But the company also faces a mounting stack of legal challenges. Nine organizations have filed active suits against Perplexity for alleged copyright and trademark infringement as of May 31, 2026: CNN, the New York Times, News Corp and Dow Jones, the New York Post, the Chicago Tribune, Encyclopedia Britannica, Merriam-Webster, Reddit, and Japan’s Yomiuri Shimbun. The CNN lawsuit, filed just days ago on May 28, is the most recent, accusing Perplexity of scraping more than 17,000 CNN stories, photos, videos, and other content and using that material to train its products. Perplexity has responded with a consistent message. “You can’t copyright facts,” the company’s chief communications officer Jesse Dwyer said in a statement.

Other publishers have opted for partnership over litigation. Time, Gannett, Le Monde, and Der Spiegel have signed licensing arrangements with Perplexity. The company launched a Publishers Program in mid-2024 in which participating outlets receive a share of revenue generated when their content is cited in Perplexity answers. 

According to CNBC, Perplexity’s chief business officer Dmitry Shevelenko confirmed at the time that the flat rate was a double-digit percentage but declined to share specifics. As TechCrunch reported in December 2024, additional publishers including the LA Times, Adweek, The Independent, and Lee Enterprises subsequently joined the program, though not without internal controversy — reporters at some outlets told TechCrunch they were not informed of the deals before they were announced publicly. 

The legal risk is not existential, but it is material, and with enterprises increasingly evaluating Perplexity’s tools for sensitive workflows — precisely the use case the hybrid inference system is designed to serve — unresolved intellectual property questions could dampen adoption.

How hybrid inference sharpens Perplexity’s enterprise ambitions

The hybrid inference demo should be read alongside Perplexity’s broader push into enterprise software, a transformation that accelerated dramatically this year. At the Ask 2026 developer conference in March, VentureBeat reported that Perplexity announced Computer for Enterprise, positioning the three-year-old startup as a direct competitor to Microsoft, Salesforce, and the legacy enterprise software stack.

Beyond Computer’s existing 100-plus integrations, enterprise customers gained access to business-grade connectors for Snowflake, Datadog, Salesforce, SharePoint, and HubSpot, with administrators able to install custom connectors via the Model Context Protocol. The package also includes purpose-built workflow templates for legal contract review, finance audit support, sales call preparation, and customer support ticket triage, alongside SOC 2 Type II certification and the option for zero data retention.

Hybrid inference deepens this enterprise pitch considerably. For regulated industries — financial services, healthcare, defense, legal — the ability to keep sensitive data on a local device while still accessing the reasoning power of frontier cloud models is not a nice-to-have. It is a potential compliance requirement.

An investment bank parsing confidential deal documents, for instance, might be unable to send those materials to a third-party cloud under existing data handling agreements. A system that can run the sensitive parsing locally while routing non-sensitive analytical tasks to the cloud offers a middle path. IDC forecasts a tenfold increase in agent usage and a thousandfold growth in inference demands by 2027, and security and governance rank as the top evaluation factor for enterprise agentic platforms, according to a CrewAI survey. Hybrid inference speaks directly to that priority.

The race to decide where AI actually runs is just getting started

Several questions will determine whether Perplexity’s Computex demonstration becomes a landmark product or a compelling prototype.

The actual performance characteristics remain untested outside a controlled stage environment — how the routing logic handles varied hardware configurations, unreliable network connections, and ambiguous data sensitivity classifications is an open question.

The competitive response matters too: Google, Microsoft, Apple, and OpenAI are all building their own local-cloud AI architectures. Apple Intelligence already routes some tasks locally and some to Private Cloud Compute servers, Google’s Gemini Nano runs on-device, and Microsoft’s Copilot+ PCs are designed around local inference capabilities. None of these systems, however, currently offer the kind of dynamic, autonomous task-level routing Perplexity claims.

Even if the technology works as demonstrated, there is the question of whether the business can keep pace with the ambition. At a $20 billion valuation with approximately $200 million in annual recurring revenue, Perplexity trades at roughly 100x revenue, a premium requiring aggressive growth to justify. Management’s $656 million 2026 revenue target implies 230% growth, creating significant execution pressure.

Perplexity has built its business on a bet that the future belongs not to any single model but to the system that orchestrates all of them. At Computex, it extended that bet from the software layer to the physical layer — from which model to which machine. In the AI industry’s relentless race to build bigger data centers and train larger models, Perplexity just argued that the most important computer in the stack might be the one already sitting on your desk.

AI is getting expensive, and some companies are cutting back on usage in an attempt to moderate costs. That cohort includes Uber, which recently instituted internal usage caps as a way to cut down on its exorbitant AI spend.

Bloomberg reports that the company has instituted a new rule that places a monthly $1,500 cap per employee and per agentic coding tool, including Anthropic’s Claude Code or Cursor. The usage is trackable via an internal dashboard that each employee has access to, although — in certain cases — the caps can be exceeded with permission, the company says.

The news is perhaps not too surprising, since, in April, the company’s CTO revealed that the ridesharing giant had blown through its entire annual AI budget in a matter of four months. That appears to have occurred after Uber encouraged staff to use AI “as much as possible” and even ranked their internal usage competitively on internal leader boards, The Information previously reported.

Uber’s COO, Andrew Macdonald, also recently cast doubt on AI’s productivity impact, noting during a podcast appearance that “it’s very hard to draw a line” between AI usage and new consumer features.

Uber’s cutback raises a broader issue that the tech industry is currently facing: As enterprises pour money into AI, where exactly is the return on investment? Indeed, AI ROI has so far remained a largely theoretical phenomenon that everybody hopes will eventually materialize — although some companies are obviously getting a little restless while they wait.