Blackstone-backed data center operator AirTrunk said on Thursday it would invest $30 billion in India by 2030, adding to a wave of commitments from technology and infrastructure groups seeking to expand computing capacity in the country.

The Australian company said it would develop 5 gigawatts of new data center capacity in India, one of the largest commitments to the South Asian nation’s digital infrastructure sector. AirTrunk entered India earlier this year through the acquisition of Lumina CloudInfra.

AirTrunk’s commitment underlines India’s growing appeal as a destination for AI infrastructure, as tech companies and investors seek new geographies to expand computing capacity. Data center capacity in the country is projected to rise to as much as 8GW by 2030 from about 1.5GW today, according to research firm Bernstein.

The Indian government has also taken steps to attract investment in AI infrastructure. Earlier this year, New Delhi offered foreign cloud providers tax exemptions through 2047 on services sold overseas if those workloads are run from Indian data centers.

AirTrunk has already begun laying the groundwork for its expansion in the country. Earlier this week, Maharashtra Chief Minister Devendra Fadnavis said in a post on X that the western Indian state had exchanged a letter of intent for land allotment at the Raigad Pen Growth Center, where AirTrunk is planning a 3GW data center involving an investment of about ₹2 trillion (around $21 billion). The company already has a development pipeline of about 600MW across Mumbai, Chennai and Hyderabad.

AirTrunk did not respond to questions on whether the proposed Raigad project would account for most of the planned 5GW capacity, or whether it plans to make additional developments elsewhere in India.

The announcement follows a meeting between AirTrunk CEO Robin Khuda and Prime Minister Narendra Modi, who said in a post on X that the planned investment would help strengthen India’s position as a global hub for cloud computing and artificial intelligence.

AirTrunk joins a growing list of companies investing in infrastructure in the country. Amazon, Google, Microsoft, OpenAI, and Uber have announced major investments in cloud and AI infrastructure, while Indian companies Reliance Industries, Adani Group, and TCS have laid out ambitious plans to expand data center capacity.

However, data centers require vast amounts of electricity, water and land, and industry executives and analysts have pointed to resource issues as a potential bottleneck, particularly regarding power.

Deloitte estimates data center build-outs in the Asia Pacific could require tens of terawatt-hours of additional electricity by the end of the decade.

AirTrunk’s investment thesis is underpinned by government support, a large pool of technical talent, and access to renewable energy, Khuda said.

A new Magecart campaign is using Stripe’s API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages.

The entire malicious activity relies on Google Tag Manager and Stripe domains – googletagmanager.com and api.stripe.com – that are trusted implicitly by online stores.

The new malware family was discovered by researchers at ecommerce security company Sansec, who found that the malicious code is loaded from a Google Tag Manager (GTM) container and executes on every page that loads it.

“Both the payload and the stolen cards move through api.stripe.com. Stores allow that domain by default, so the skimmer slips past Content Security Policy rules and network filters that would otherwise flag traffic to an unknown skimmer domain,” Sansec says.

GTM is a management system that allows website owners to add and manage scripts used for analytics, ads, and tracking, without modifying the site’s source code.

Stripe is a payment processing platform widely used by online stores to accept credit cards, manage customer orders, and handle billing.

According to Sansec, the malicious code is embedded in legitimate-looking GTM containers, which activate when a shopper reaches a checkout page, queuing Stripe’s API for a specific customer record, cus_TfFjAAZQNOYENR, in this case

From the metadata fields of the record, it reads JavaScript code that it reassembles and then executes using new Function().

The card skimmer targets Magento/Adobe Commerce checkout pages and attempts to capture payment data (credit card number, expiration date, CVV code, customer name) as well as billing and email addresses, and phone number.

The stolen data is concatenated into a single string, obfuscated using the XOR operation, and stored locally instead of immediately exfiltrated.

Retrieving the data is done through a separate routine, which executes right after a page load and every minute after, by splitting the data blob in half, creating a new Stripe customer object, and storing the stolen data in metadata fields.

Every stolen payment card becomes a fake customer record in the attacker’s Stripe account, turning Stripe into a storage backend for stolen data.

Once the data is copied, the local file is wiped to eliminate traces of the attack and prevent duplicate uploads.

Sansec also discovered a variant of the attack where Google Firestore, a cloud database service for data storage and real-time retrieval, is used instead of Stripe.

In that version of the campaign, the payload is retrieved from a Firestore document named tracking/captcha in a project called braintree-payment-app. The stolen data is stored in a different localStorage key (_d_data_customer_).

The names of the document and the project help the malware blend in with legitimate payment and bot-protection traffic.

The Stripe customer record containing the skimmer was reportedly created on December 24, 2025, suggesting that the operation may have been active since at least that date.

Customers can protect themselves from such risks by using one-time virtual cards with set limits.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Advertisement

Get the whitepaper

Switch is trying to raise money at a valuation that would have looked implausible for a data-centre developer a few years ago. The Las Vegas company is in talks to raise billions of dollars at a valuation of at least $50bn, according to The Information, as it moves to capitalise on the demand for the physical infrastructure that AI workloads run on.

The investors named are the large pools of capital now chasing data centres. Brookfield Asset Management, KKR, and other private-equity and institutional investors have been in talks to join the round, the report said, with Goldman Sachs and JPMorgan bankers advising Switch on the raise.

The roster is a signal in itself: the round is being shaped by the kind of infrastructure money that moves in size, the same appetite that recently took VAST Data to a $30bn valuation on a single raise.

The raise could lead somewhere bigger. The funding round might set Switch up for an initial public offering, potentially as soon as next year, turning a private fundraising into a step towards the public markets. That would put Switch on a path several data-centre and AI-infrastructure names have been eyeing as investor appetite for the category has intensified.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

The $50bn figure has history attached. SoftBank had earlier explored buying Switch at around the same valuation before those talks ended, a collapse that left the company seeking capital on its own terms rather than as an acquisition target.

Raising at $50bn-plus from a syndicate of investors is a different route to a similar number, and one that keeps Switch independent.

The backdrop is an industry-wide scramble. Dealmaking across the data-centre and server space has picked up sharply as AI has turned compute capacity into the scarce resource of the cycle, and valuations for the companies that build and operate that capacity have climbed with it.

The physical demands are enormous: US utilities alone plan to spend $1.4 trillion by 2030 to power the boom, while developers race to lock up sites like the 1.35GW Microsoft campus Nscale is building in West Virginia.

A developer commanding a $50bn-plus valuation is a measure of how thoroughly the AI build-out has repriced the unglamorous business of pouring concrete and running power to racks of chips.

Switch’s own footprint explains some of the appetite. The Las Vegas company operates large campus-scale facilities and has continued to expand, including a 382-acre data-centre campus planned near Pittsburgh, the kind of land-and-power assembly that is hard to replicate quickly and increasingly valuable as AI tenants compete for capacity. Investors backing the round are buying into infrastructure that is difficult to build and currently in short supply.

For now the round is in talks, not closed, and the IPO is a possibility rather than a plan. The figures come from reporting rather than from Switch, which had not confirmed the terms.

What the discussions establish is the direction: a data-centre developer being courted by some of the largest investors in the market, at a valuation that treats warehouses full of servers as one of the more valuable assets in technology.

Messaging between blue and green bubbles is getting more secure. With the release of iOS 26.5, end-to-end encrypted RCS messaging will start rolling out in beta for iPhone owners and Android phone users with the latest version of Google Messages, according to a post from Apple on Monday.

End-to-end encryption protects a message’s privacy and security when it’s being sent from one device to another. Apple and Google have long offered encrypted messaging within iMessage and Google Messages, respectively. But this kind of encryption didn’t work for RCS and SMS messages sent between iOS and Android until now.

The feature will gradually roll out to iPhone and Android users over the coming months.

For years, there’s been a “blue versus green bubble” divide between iPhone and Android owners. This ranged from Android users being teased for their green bubbles breaking iMessage group threads to becoming a major social stigma, with people being bullied for not having an iPhone. 

In 2024, Apple added support for Rich Communication Services, or RCS, to the iPhone with the release of iOS 18, bringing some parity between iMessage and Google Messages but lacking end-to-end encryption across the two platforms.

It’s significant that Apple and Google are working together to bring end-to-end encryption to the GSMA’s RCS Universal Profile.

Cross-platform RCS chats will be encrypted for iPhone users on iOS 26.5 and Android users on the latest version of Google Messages with supported carriers. There’ll be a lock icon on the chat indicating that the conversation is encrypted — something RCS Google Messages already has. The lock will also appear in iMessage-only threads (blue bubbles) to indicate they’re encrypted. 

As iMessage and Google Messages’ end-to-end encryption reaches all users, it will automatically apply to new and existing RCS conversations.

Watch this: How to Enable RCS on iPhone

03:09

Plus, NASA ends a Mars mission and Meta’s still being creepy.

NASA’s Mars MAVEN probe is dead

NASA

Nintendo will launch a Switch 2 with replaceable batteries in the EU

Nintendo

Wired found code for an unreleased facial recognition feature in Meta’s AI app

Karissa Bell for Engadget

Marshall Milton ANC review: Making the rare case for premium on-ear headphones

James Trew for Engadget

The conversation at this year’s NY Tech Week is about AI. The panels, the pitch decks, the happy hours: agents that code, agents that sell, infrastructure for the agents. Then a screen mounted to a truck shows a man sitting on a toilet, staring at his phone in open panic.

The line underneath: “His prospect just asked for SOC 2.”

The ad belongs to Scytale, an AI GRC platform that took over the streets of New York this week, running billboards, street screens and an LED truck through the same blocks where founders and investors were converging for Tech Week. While many NY Tech Week companies are looking many years out, Scytale built its campaign around a feeling founders know now: the moment a deal that looked closed turns out to depend on a security audit that nobody started.

The Question That Stalls the Deal

SOC 2 (System and Organization Controls 2) is the security compliance framework that tells enterprise buyers one thing clearly: this company can be trusted with your data. For SaaS companies today, it’s less a nice-to-have and more a ticket to the table. For years it lived in the fine print of enterprise procurement cycles, a box ticked late in the process by companies big enough to have a compliance team.

That timeline has collapsed. Security reviews now sit at the front of the buying process, and buyers ask for a SOC 2 attestation report the way they ask for pricing. Surveys across the compliance industry put the share of enterprise buyers requiring SOC 2 from their software vendors at over 80 percent, and roughly a third of vendors report losing deals over a missing report.

The founders this hits hardest for are the ones selling upmarket for the first time. A seed-stage company lands a meeting with an enterprise buyer, the demo goes well, the champion is sold. Then procurement sends a security questionnaire with 200 questions, and question one asks for a current SOC 2 Type II report. The audit takes months. The buyer’s timeline doesn’t.

“We see it constantly,” says Meiran Galis, CEO and founder of Scytale, who spent years as a security compliance manager at EY before starting the company. “A founder spends six months getting a deal to the finish line, and the deal dies in security review. Nothing was wrong with the product. They were three months of audit work away from the signature, and they found out at the worst possible time.”

AI Gets the Stage. Compliance Gets the Deal.

The founders filling Tech Week’s AI sessions this week are the campaign’s exact audience, and most of them have a compliance problem coming that nobody on stage is discussing.

AI startups touch more sensitive data than any previous generation of software companies, and they sell into enterprises earlier. A two-year-old AI company today negotiates with Fortune 500 procurement teams that a SaaS startup in 2018 wouldn’t have met until Series C. Those buyers respond to the data exposure by tightening security review, and new frameworks keep arriving behind SOC 2: ISO 42001, the standard for AI governance, is showing up in questionnaires barely a year after auditors began certifying against it.

Caught Off Guard, By Design

The campaign image works because the panic is specific. The man on the toilet isn’t worried about competition or runway. He’s freaking out because his prospect just asked him for SOC 2, and he doesn’t have it. That’s it, he knows at that moment that he might be totally screwed, and could very likely lose the deal. He should have seen this coming. He should have started the process already. Scytale says the creative came from listening to founders describe the moment they learned what SOC 2 was. “No one discovers compliance at a good time. You discover it mid-deal, in an email, with money on the table. We wanted the ad to capture how that feels rather than explain what we sell.”

Scytale’s advice to founders at Tech Week is to treat compliance the way they treat hiring: a thing you start before you need it. “Compliance has moved from a post-deal checkbox to a pre-deal asset. The companies that close enterprise deals fastest are the ones that can answer the security questionnaire the same day it arrives.”

Winter Comes for Every Startup

Compliance used to be an enterprise problem. Now the security questionnaire arrives with a startup’s first serious deal, and the gap between the companies that prepared and the companies that didn’t is measured in lost quarters.

That makes the toilet billboard a decent litmus test. Some founders at Tech Week will see it and laugh. Some will see it and feel their stomach drop, because they have a deal in security review right now. The difference between the two groups is whether they saw the question coming.

from the saving-the-internet-from-the-fifth-circuit dept

It seems hardly a day goes by when another state doesn’t try to keep young people off the Internet. These attempts not only violate their First Amendment rights to interact with lawful speech, but everyone else’s as well, because the things platforms would need to do to comply with these laws inevitably impinge on everyone else’s rights to interact with online expression freely.

Fortunately challenges have been brought against many of these laws, and most have even been enjoined. Unfortunately, however, many of these injunctions have wound up appealed to the Fifth Circuit, which seems to be where the First Amendment goes to die. Even just on the online speech front there was NetChoice v. Paxton from a few years ago, challenging a social media regulation law, where the Fifth Circuit summarily ignored clear precedent in order to uphold the law, which the Supreme Court—yes, this Supreme Court—then had to undo with its combined Moody v. NetChoice decision and some shadow docket action (that challenge still lingers, waiting for the Fifth Circuit to eventually take another swing at it). And then just last year the Fifth Circuit undid two injunctions in age-gating laws in Free Speech Coalition v. Paxton and NetChoice v. Fitch, which this time the Supreme Court did not fix, and just last week did the same to the Texas App Store law, letting it go into force despite the injunction the district court had earlier granted in CCIA v. Paxton.

With the challenge to Louisiana’s unconstitutional age-gating law now before it in NetChoice v. Murrill, it seemed worth trying to see if the court could at last be convinced to join most other courts that have considered age-gating laws and see the constitutional infirmities with them, and so this week the Copia Institute—the think tank arm of Techdirt—filed an amicus brief to try to do so. In it we made three basic points: age-gating laws like Louisiana’s actually harm young people, they also harm everyone else, and, if this one were allowed, it would open the door to lots of other similar laws that would cause even more harm.

With regard to young people themselves, we first reminded that even young people have First Amendment rights, and that the Supreme Court has long held that the state has no role to play in deciding what ideas are suitable for them to encounter, which Louisiana is trying to do with this law. Even its tortured definition of a social media platform, which manages to exclude plenty of social media platforms (and, as the district court found, is unconstitutionally vague about which are covered or not), shows the state being selective as to which ideas were acceptable for young people to encounter.

Furthermore, as Australia’s experience with its social media ban for young people is illustrating, cutting young people off from social media causes explicit harm. Already there is evidence of young people experiencing isolation and being cut off from news, two ways young people are being hurt, which Louisiana now wants to risk for young people who they claim they are ostensibly trying to help. Louisiana’s law conditions access to covered social media platforms on parental consent, but it ignores that not every young person lives in a safe home with a caring parent who could give that consent. In fact, there is all sorts of offline harm that young people may be facing, including at home, which being cut off from social media means now being cut off from the help they may need to deal with it.

They also would face increased risk of identity theft from having to upload sensitive documents to try to verify their identity, as would everyone who now needs to provide them in order to be able to access any covered social media platforms. In its brief Louisiana argued that its age requirements were “nothing new, nothing costly, and nothing that compromises privacy.” But it is actually all three. As we explained, online age verification is nothing like the offline age verification we have used for such things as refusing to sell young people cigarettes—in general, young people could still enter the store and buy other things. We also noted the elevated identity theft risk, which news story after news story about database hacks shows is not a hypothetical concern. And then there is the privacy angle, because there is no way to ask, “How old are you?” without also inherently asking, “Who are you?” Given that the right of free expression also includes the right to express oneself anonymously, which the Supreme Court has recently emphasized, the latter is a question no one should be obligated to answer to be able to speak, and yet, with a law like Louisiana’s, everyone, young people and adults, would have to.

It’s also not just Louisiana’s law that we need to worry about. The problem is that if the courts can look past the constitutional problems with this one, then it can look past the constitutional problems with any of them, including ones that are even more onerous or restrictive. So even though Louisiana’s may not currently reach every user of every platform, it offers no comfort to anyone, for several reasons, with one of them being that even if the law just affects some social media platforms, it will still have chilling effects on anyone who might have used them for any purpose. As we explained to the court, the Copia Institute is in the business of expression and uses social media platforms to spread its expression. But if a law like Louisiana’s can go into effect, it could eliminate those platforms, large swaths of their users, or even the ability of the Copia Institute to use them at all. In other words, even though we write about age-gating laws, if they are allowed to go into effect we may lose the ability to tell anyone.

It’s important that laws like these remain enjoined, but maintaining a preliminary injunction is a separate area of concern raised by the Fifth Circuit’s recent jurisprudence, which keeps undoing sensible preliminary injunctions of laws like these unconstitutionally burdening speech rights. First, it should be enough for plaintiffs to anticipate that they will be harmed by such laws and seek preliminary relief enjoining them before they have had to directly experience such obviously inevitable expressive harm. Furthermore, courts are supposed to consider several factors in deciding whether to grant a preliminary injunction, including the likelihood of success of one of the parties and the risk of irreparable harm if the injunction is not granted. As even Justice Kavanaugh telegraphed in NetChoice v. Fitch, NetChoice is also likely to prevail in its constitutional challenge here.

But more importantly, the potential harm of perhaps unduly enjoining this law while the litigation challenging it continues pales to the harm of not doing so. If Louisiana’s law remains enjoined the status quo will be preserved, and no one will be any worse off than they were yesterday, last week, last year, or last century. As we also pointed out, the online interconnectivity of social media has existed in some form for upwards of forty years, dating back to pre-Internet dial-up bulletin board services in the 1980s. Generations of young people have grown up online since then and turned out fine.

But more importantly: the Constitution does not have an off switch. If these laws really do offend constitutional rights—as they clearly do—then they should not be able to offend them for even a moment. The Constitution protects rights every hour of every day, and there is no constitutional mechanism that allows them to be unilaterally taken away from everyone, even temporarily.

Filed Under: 1st amendment, 5th circuit, age verification, louisiana

Companies: netchoice

Microsoft on Monday unveiled the Surface RTX Spark Dev Box, a compact desktop computer designed to let software developers run large AI models on their desks instead of paying for cloud computing — a move that directly challenges the per-token pricing model that has defined the AI industry’s economics since ChatGPT launched three and a half years ago.

The device, announced at Microsoft Build 2026, packs Nvidia’s new Blackwell-architecture RTX Spark processor and 128 gigabytes of unified memory into a small-form-factor chassis, delivering what Nvidia rates at one petaflop of AI compute. In practical terms, that means a developer can load, run and interact with AI models exceeding 120 billion parameters without sending a single API call to the cloud.

“These class of devices, we think, will get to about 100 billion parameter model running,” Pavan Davuluri, Microsoft’s executive vice president of Windows and Devices, said during a press briefing ahead of the event. He emphasized that raw model size is only part of the equation: “The model size is one thing, but for the model to be effective, it kind of needs to be able to have enough context, because a larger model, you feed it larger context.” At 100,000 tokens of context, he noted, the key-value cache alone can consume 40 to 50 gigabytes of memory — which is precisely why Microsoft and Nvidia engineered the device around a 128-gigabyte unified memory pool shared dynamically between the CPU and GPU.

The machine will be available later this year in the United States, sold exclusively through Microsoft.com. The company did not disclose pricing.

Why Microsoft is betting that AI’s future runs on fixed costs, not cloud meters

The Surface RTX Spark Dev Box arrives at a moment when the economics of AI development have become a boardroom-level concern. Companies large and small are grappling with cloud GPU bills that scale unpredictably: every fine-tuning run, every inference call, every agentic workflow that loops through a frontier model accumulates cost. For a developer iterating rapidly on a prototype — running the same model dozens or hundreds of times a day — those charges compound fast.

Microsoft is framing the Dev Box as a release valve for that pressure. Andrew Hill, corporate vice president of Surface, wrote in the announcement blog post that the device “changes that equation” by letting developers “reserve frontier model calls for truly frontier problems and handle the rest on their own hardware.” The pitch is not that cloud computing is obsolete, but that much of the work currently being sent to remote data centers does not require state-of-the-art models and would be better served by capable local hardware with predictable, fixed costs.

This is a significant strategic shift for Microsoft, a company that derives tens of billions of dollars in annual revenue from Azure cloud services. By selling hardware that explicitly reduces customers’ cloud dependency, Microsoft is acknowledging a tension that has been building across the industry: the marginal cost of AI inference at scale is unsustainable for many teams, and the market is demanding alternatives. The bet appears to be that developers who prototype locally will still deploy to Azure when they need to scale — and that owning both ends of that workflow is more valuable than owning only the cloud.

Inside the 128GB unified memory architecture that makes local AI possible

The technical architecture of the Dev Box reflects a set of deliberate engineering choices aimed at sustained, not peak, performance — a distinction that matters enormously for AI workloads that can run for hours.

At the center is Nvidia’s RTX Spark system-on-chip, which combines an ultra-efficient ARM-based CPU with a Blackwell-generation RTX GPU. In a traditional Windows PC, Davuluri explained during the briefing, this configuration would require four separate components: a CPU, a discrete GPU, dedicated graphics memory and system RAM. The RTX Spark collapses all of that into a single chip paired with a single unified memory pool.

That unification is the critical design decision. Conventional gaming laptops with high-end Nvidia GPUs top out at roughly 24 gigabytes of GPU-accessible memory. The Dev Box’s 128 gigabytes of unified memory — accessible to both the CPU and GPU through what Nvidia calls its Unified Memory Access architecture — is what makes it possible to load models that would otherwise require cloud GPU instances with specialty high-bandwidth memory configurations.

Microsoft did substantial work at the operating system level to exploit this architecture. The company implemented new memory management logic in Windows that raises the ceiling on how much system memory the GPU can address, introduces smarter page-size allocation for shared memory regions and ensures that heavy GPU workloads do not starve the CPU of the resources it needs for multitasking. The Windows scheduler was also optimized for RTX Spark’s heterogeneous core layout, routing demanding workloads to performance cores while keeping efficiency cores available for background tasks.

How a 3D-printed aluminum chassis doubles as a heatsink

The thermal design is equally deliberate. The Dev Box operates within an approximately 100-watt sustained thermal envelope — modest by desktop standards, but meaningful for a device intended to run training jobs and inference workloads continuously. The aluminum chassis itself is engineered to function as a passive heatsink, and the method Microsoft used to build it is among the most striking details about the machine.

The top panel is manufactured using metal 3D printing, a process that enables internal geometries too complex for conventional CNC machining or injection molding. The perforations are not simple through-holes; they are angled in multiple directions around the internal fan to optimize airflow from cold-air intake through heat dissipation. During the press briefing, Harry, a Surface industrial designer, explained the rationale: “The complexity is something other manufacturers wouldn’t be able to do, like CNC, or like any molding, because of the complexity of shape.”

When asked whether 3D printing would constrain mass production, the designer acknowledged the challenge but suggested Microsoft had developed a process robust enough to scale. The result is a machine that runs quietly enough for an open office while sustaining the kind of continuous GPU workloads that would throttle most conventional desktops of similar size. For a device that Microsoft expects developers to leave running overnight on fine-tuning jobs, quiet sustained performance is not a luxury — it is a requirement.

A developer-first setup that eliminates hours of configuration

Microsoft is shipping the Dev Box with Windows 11 Pro pre-configured at the image level for development work — a detail that sounds minor but reflects a growing recognition that the out-of-box experience for developer hardware has historically been poor.

The machine boots into a dark theme with a simplified taskbar, widgets removed and Do Not Disturb enabled. Developer Mode is turned on. PowerShell 7 is the default shell. WSL 2 — the Windows Subsystem for Linux — comes pre-installed with GPU passthrough and CUDA support already configured. Visual Studio Code, GitHub Copilot, Git, Python and Node.js are all installed and ready.

“We’ve said, ‘Hey, you know what, we got you, you want to go fast,’” a Microsoft engineer who demonstrated the configuration during the briefing told VentureBeat. The philosophy, he explained, is that developers were going to install all of these tools anyway — the friction was in the hours of setup and configuration that stood between unboxing a machine and writing the first line of code.

The Dev Box also ships with integration points across Microsoft’s AI stack: AI Toolkit for VS Code for model conversion and fine-tuning, Windows ML and Windows Copilot Runtime for local inference, and Microsoft Foundry for connecting local prototypes to cloud deployment pipelines. For enterprises, the device integrates with Entra ID and Intune for identity and device management, and includes Secured-core PC architecture, BitLocker encryption and Microsoft Defender.

Why Apple’s Mac Mini may not be the real competition anymore

The most obvious competitive comparison is Apple’s Mac Mini, which has dominated the compact-desktop category and has been widely adopted by developers drawn to Apple Silicon’s unified memory architecture and power efficiency.

Davuluri addressed the comparison directly during the briefing, saying the Dev Box is “in a different class of performance than Mac Minis, intentionally.” He declined to share specific benchmarks, noting that detailed specifications and performance targets would come closer to the fall launch. But the architectural advantage Microsoft is claiming is clear: while the current Mac Mini with M4 Pro tops out at 48 gigabytes of unified memory and the M4 Max configuration reaches 128 gigabytes, the RTX Spark Dev Box pairs its 128 gigabytes with a Blackwell-class GPU that has a fundamentally different CUDA-based compute model — one that the vast majority of the AI/ML ecosystem’s tooling (PyTorch, TensorRT, llama.cpp, Hugging Face frameworks) is already optimized for.

That CUDA ecosystem advantage is difficult to overstate. While Apple’s Metal framework has made progress, the overwhelming majority of AI training and inference frameworks are built and tested first against Nvidia’s CUDA stack. A developer running models on the Dev Box can use the same code, the same libraries and the same workflows they would use on a cloud GPU instance — a level of portability that Apple Silicon cannot currently match.

From laptop to supercomputer: Microsoft’s three-tier plan for local AI hardware

The Dev Box is one piece of a three-tier hardware strategy Microsoft laid out at Build. The Surface Laptop Ultra, announced days earlier at Computex, brings the same RTX Spark silicon into a 15-inch laptop form factor for developers and creators who need portability. At the other end of the spectrum, the DGX Station for Windows — built on Nvidia’s GB300 Grace Blackwell Ultra Superchip — targets organizations that need to run frontier models up to one trillion parameters on a deskside system. That machine is expected in the fourth quarter of this year.

The three devices map to a tiered computing model that Microsoft is calling “unmetered intelligence”: small on-device language models (the company’s new Aion 1.0 family) handle lightweight tasks at zero marginal cost; RTX Spark-class hardware runs mid-range models locally for the bulk of development work; and cloud resources are reserved for genuinely frontier-scale problems.

The GitHub Copilot CLI is getting a concrete implementation of this model with a new feature called /fleet, which allows a cloud-based primary agent to build a plan, assess the complexity of each task and route appropriate subtasks to a local model running on the developer’s hardware. The cloud agent handles what requires frontier capability; the local model handles what does not. The result, in theory, is lower cost without lower quality.

The real question is whether hybrid AI can shift from buzzword to business model

Whether Microsoft’s bet pays off depends on questions that will take months to answer. How does the Dev Box actually perform under sustained, real-world workloads? What will it cost? How quickly will the open-source model ecosystem continue to produce capable models in the 70-to-120-billion-parameter range that fit within its memory envelope? And perhaps most critically: will enterprise procurement teams, trained to think of AI as a cloud line item, accept a capital expenditure on desk hardware as an alternative?

The strategic logic, however, is difficult to dismiss. For three years, the AI industry has operated on an implicit assumption: serious AI work happens in the cloud, and the economics of that arrangement are simply the cost of doing business. Microsoft, a company with every incentive to reinforce that assumption, is now selling a machine that undermines it. That is not a contradiction — it is a recognition that the market is moving, and that the company that controls the developer’s local environment and the cloud they deploy to has a more durable advantage than one that controls only the cloud.

Every dollar a developer does not spend on cloud inference is a dollar that can fund another experiment, another iteration, another prototype. For years, the AI industry told developers they needed to rent their intelligence by the token. Microsoft is now asking a different question: what if you could just buy it?