The cybersecurity industry is confronting a new reality: traditional vulnerability management is no longer enough. As enterprises rapidly deploy AI-powered applications, autonomous agents, and large language model (LLM) infrastructure, security teams are discovering that many of the most dangerous exposures cannot be identified through conventional CVE-based scanning alone. Instead, organizations are increasingly grappling with misconfigured AI services, exposed machine learning infrastructure, and interconnected systems that create entirely new attack paths.

Against this backdrop, CyCognito is expanding its exposure management platform with continuous AI pentesting capabilities designed to uncover complex, contextual risks that deterministic scanners often overlook. The initiative reflects a broader shift across the industry, in which security leaders are moving beyond identifying known vulnerabilities to continuously validating how attackers could exploit an organization’s unique environment.

AI Creates New Blind Spots

The rapid adoption of generative AI has dramatically expanded enterprise attack surfaces. Organizations are deploying AI copilots, retrieval-augmented generation (RAG) systems, Model Context Protocol (MCP) servers, orchestration platforms, and machine learning infrastructure faster than many security programs can inventory them.

Unlike traditional software vulnerabilities, these systems often introduce security gaps through configuration mistakes, excessive privileges, or unintended exposure between interconnected services. Such weaknesses may not have a CVE assigned to them, yet they can still provide attackers with direct access to sensitive business data.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

According to CyCognito, its platform now identifies more than 60 categories of AI-related technologies, including MCP servers, Ollama, MLflow, PyTorch, Triton, n8n, and other components commonly used in enterprise AI deployments.

From Detection to Simulated Attacks

Rather than stopping at asset discovery, CyCognito’s latest capability uses AI agents to simulate how an attacker would move through an organization’s exposed infrastructure.

Instead of asking whether a vulnerability exists, the system evaluates whether a sequence of actions could realistically compromise sensitive systems or expose valuable data. These attack chains combine contextual reasoning, environmental awareness, and multi-step testing that extend well beyond traditional vulnerability scanning.

The company’s recently published original technical deep dive on continuous AI pentesting explains how these AI agents prioritize testing using contextual intelligence gathered across an organization’s external attack surface, allowing security teams to focus on validated business risk rather than isolated technical findings.

Real-World Findings Highlight Emerging Risks

CyCognito shared several examples illustrating the types of exposures that continuous AI pentesting can identify.

In one case, an externally accessible MCP server provided an unauthenticated natural-language interface connected to a production CRM environment. By following a sequence of prompt injections and API interactions, AI agents were able to enumerate backend services and ultimately access millions of customer and financial records without credentials.

Another engagement uncovered a publicly accessible knowledge base supporting a RAG deployment. While authentication protected the AI agent itself, the underlying document repository remained openly reachable, exposing internal documents, contracts, communications, and customer information.

Perhaps most striking was the discovery of an internet-facing physical security platform responsible for managing building access controls, surveillance cameras, and badge readers. The system had been deployed alongside customer-facing AI services without proper segmentation, demonstrating how digital transformation initiatives can inadvertently expand risk into operational technology.

None of these scenarios relied on exploiting a known software vulnerability. Instead, they stemmed from architectural decisions, deployment practices, and business context that conventional scanners would likely miss.

Why Continuous Testing Matters

Traditional penetration testing remains an important security practice, but its point-in-time nature limits its effectiveness against environments that change daily.

While AI has accelerated offensive testing, many organizations still run AI-powered assessments as periodic engagements because of computational cost. According to CyCognito, this often limits deep testing to only the highest-priority assets, leaving much of the external attack surface largely unexamined.

To address this challenge, the company developed what it calls the Target Graph™, an orchestration layer that combines exposure assessment, threat intelligence, deterministic validation, and business context to determine where AI agents should spend their computational effort.

The approach allows AI pentesting to continuously adjust its depth and techniques based on newly discovered assets, environmental changes, and emerging threat activity.

An additional advantage comes from the system’s feedback loop. Attack techniques successfully validated by AI agents can later be converted into deterministic tests, reducing future computational requirements while expanding automated coverage.

A Broader Industry Transition

The emergence of AI-native infrastructure is changing how organizations think about external exposure management. As enterprise environments become increasingly dynamic, security programs are shifting from identifying isolated vulnerabilities toward continuously evaluating how systems interact and whether those interactions create exploitable pathways.

CyCognito’s latest announcement reflects that evolution. Rather than treating penetration testing as an occasional validation exercise, the company envisions continuous AI-driven testing becoming an always-on component of exposure management.

Internally known as “Project Kineto,” the initiative draws inspiration from the transition from still photography to motion pictures, a metaphor for replacing periodic security snapshots with continuous visibility into evolving attack surfaces.

As AI adoption accelerates across enterprises, the industry’s challenge may no longer be finding known vulnerabilities, but understanding how countless small exposures combine into meaningful business risk. Continuous AI pentesting represents one emerging approach to solving that problem.

SYSTEMS

AI agents are a general-purpose workload no different from any other

OPINION Do AI agents need a new kind of CPU? That’s what Arm, Nvidia, and a growing number of chip designers would have you believe. 

Arm named its first datacenter silicon the “AGI CPU.” Nvidia CEO Jensen Huang described Vera as a “CPU for agents,” and AWS’s Graviton 5 marketing is chock full of references to agentic AI.

None of these Arm-based processors are going to bring about the singularity. They’re not even AI accelerators. Don’t let the spin doctors fool you – these chips are nothing more than general-purpose processors that have received an AI glow-up.

Sure, AI agents and their harnesses need CPUs. No argument there. But agents aren’t one workload. They’re simply a bridge between the AI model and the same applications we’ve been running for decades.

And the tools those agents end up running often look wildly different. Some will benefit from a higher ratio of memory bandwidth to compute, some will perform better on chips with large unified caches or dedicated compression engines, while others will prefer high frequency over core count, or vice versa.

There’s a reason AMD and Intel don’t just build one Epyc or Xeon SKU, and why all of the “purpose-built” agentic CPUs look so different. 

If you look at what Nvidia has built with its 88-core Vera CPU, the chip promises high single-threaded performance with gobs of memory and interconnect bandwidth.

As Huang explained it during his GTC Taiwan keynote, this combination of compute and bandwidth is key to keeping latency as low as possible.

“There will be billions of agents and these agents are going to be using the CPUs with very little patience because the cost of the GPUs they sit next to is too high,” he said.

But of course Huang would say that – he’s in the GPU-slinging biz. Vera, just like Grace, was designed to keep data flowing between the CPU and GPU as smoothly as possible. Data movement is literally Vera’s thing.

Arm’s AGI CPU, meanwhile, looks to be a bog-standard Neoverse V3 processor with 136 cores that’s been stripped of anything an agent is unlikely to need in order to keep power consumption as low as possible. No simultaneous multithreading or dedicated accelerators, minimal vector extensions, but loads of memory bandwidth.

Amazon’s 192-core Graviton 5 processors, announced at Re:Invent last winter, are essentially a scaled-up version of Arm’s AGI CPU, right down to the Neoverse V3 cores, but arguably even more generic.

To echo Corey Quinn, “please, for the love of all that’s holy, stop calling them ‘AI chips.’”

Not to be left out of the fun, Intel and AMD have also been keen to recast their flagship Xeons and Epycs as the ideal platforms for running AI agents.

At Computex earlier this month, Intel showed off a couple of reference rack designs packing as many as 36,864 x86 cores into a 100 kW rack.

Meanwhile, AMD, following an initial round of Vera CPU benchmarks, went on the defensive last week, arguing that concurrency, not latency, is the metric that matters most when running agents at scale.

The House of Zen projects that for a 100 kW power envelope, its 256-core Venice Epycs, due out later this year, would deliver 3.3x higher throughput per rack than Vera.

If it feels like everyone has a different opinion on what the ideal agentic CPU should look like, that’s because, as with any other datacenter workload, there’s rarely one right answer.

We see this in early benchmarks of Nvidia’s Vera CPU. Late last month, FOSS-friendly publication Phoronix got early access to the chip and ran a subset of its test suite that Nvidia apparently felt was representative of its target market.

The chip achieved a geo-mean score 10 percent higher than AMD’s 128-core Epyc 9575F, and 55 percent higher than Intel’s 128-core Xeon 6980P. That’s a strong showing. But looking closer at the results, it becomes clear that Vera performs better in some apps than others.

And this gets to the crux of it all. There has never been one CPU to rule them all, and as the AI hype cycle enters its agentic era, there certainly isn’t one now. ®

Across the United States, K-12 schools have spent the past decade building one-to-one device programs. These initiatives have established an essential baseline for digital access, making it easier for students to complete daily schoolwork across grade levels and subjects. By putting a device in the hands of every learner, districts have created a standard foundation for digital literacy, research and everyday classroom engagement.

As STEM programs continue to grow and mature, however, school leaders are beginning to encounter new questions about how well those standardized devices support more advanced coursework. Pathways in fields like robotics, engineering, cybersecurity and data science increasingly rely on specialized professional applications that reach well beyond general-purpose classroom software.

In many cases, students can successfully complete introductory work on school-issued devices. But as instruction progresses, the tools required for STEM programs place different demands on student computing resources. As a result, educators and technology directors are taking a closer look at how hardware capacity can keep pace with shifting curricular needs.

STEM Tools and Computing Demands

While web-based applications work well for introductory coursework and daily assignments, many expanding STEM pathways introduce entirely different technical requirements. Courses in engineering, 3D modeling, cybersecurity and data science rely on industry-standard applications that demand substantial local computing capacity, robust memory and dedicated graphics processing.

A prime example is SolidWorks, a professional computer-aided design (CAD) platform used extensively in both higher education and engineering industries. When students build detailed, multipart models or run stress-test simulations, the performance of the device directly affects how efficiently they can work. Insufficient hardware can lead to severe rendering delays, software lag or sudden crashes that disrupt the entire classroom flow. 

This reality highlights a practical procurement consideration for districts: As STEM curricula mature beyond basic web-browsing activities, classroom devices must have sufficient local processing power to keep up.

A Robotics Program in Practice

To see how these hardware dynamics play out in a real classroom, consider the experience of the Firebots robotics team at Fremont High School in Sunnyvale, California. The team competes in the FIRST Robotics Competition, a global program where students design, build and program large robots to complete complex engineering challenges under tight, real-world constraints.

The work inside a competitive robotics program closely mirrors a commercial engineering environment, spanning mechanical design, fabrication, electrical systems and software development. Students use CAD tools to design components from scratch, test digital iterations and refine mechanisms on a tight competition timeline.

In robotics programs like this, student devices are not just tools for looking up information; they are central workbenches used across multiple stages of the design process. Students rely on them for modeling, code compilation, data logging, documentation and coordination among subteams.

Reliable on-device performance eliminates a common source of classroom friction. When software runs consistently and responsively, students can spend their limited class time troubleshooting their designs and iterating on ideas rather than troubleshooting their devices. Ultimately, the Firebots’ systematic approach and focus on execution earned them the FIRST Excellence in Engineering Award, which recognizes strong engineering design and system integration.

What This Means for STEM Instruction

The experience of programs like the Firebots raises a broader question for school leaders and instructional technology directors: How should district-wide device strategies evolve as STEM instruction becomes more technically demanding?

One-to-one computing programs continue to serve as the foundation for most day-to-day classroom learning, providing the baseline connectivity needed for a modern education. At the same time, STEM courses can reveal distinct moments where standardized, general-purpose devices reach the limits of demanding software and workflow requirements.

In many districts, this variation is already being managed through a mix of approaches. Some schools rely on shared physical lab spaces equipped with higher-performance workstations dedicated to specialized software. Others use cloud-based streaming solutions where possible, while reserving more resource-intensive local applications for specific instructional settings.

The goal is not to dismantle existing one-to-one initiatives, but to recognize where a single hardware standard may limit technical pathways. As STEM education continues to expand and diversify, school leaders find themselves balancing the competing priorities of deployment consistency, procurement cost and instructional fit.

In this changing landscape, device planning is no longer treated as a separate IT purchasing decision. Instead, it is increasingly part of a larger conversation about how schools design learning environments that accurately reflect the kinds of hands-on work students are being asked to do.

Kevin Cate created Open Door, a 3-minute horror short that has went viral. A couple of coworkers get into an elevator for a typical ride, but then it just stops and dips, and you start hearing whispers and getting the impression that something is lurking down in the darkness. Nearly 15 million people have watched it on YouTube, TikTok, and Instagram, and they’re still going crazy trying to figure out what happens next.

The only question that keeps coming up is, “What did those two people see when all hell broke loose?” Kevin Cate has been dealing with that question pretty much every day since the short came out, and his contagious excitement has secured him a nice six-figure deal to make it into a feature film. He collaborated with IO writer Charles Spano to enhance the script, and they now have a completely new version ready to go.

Sale

Anker Nebula P1i Portable Projector with WiFi and Bluetooth by soundcore, Flippable Design,1080P FHD, 4K…

• Flippable Audio Magic: Rotate the 20W (2 x 10W) Dolby Audio speakers 90° side to side or 200° up and down for sound that follows your vibe, perfect…
• True Brightness, Real Clarity: Enjoy lifelike details with TÜV‑certified 380 ANSI lumens and 1080p Full HD resolution that make every movie night…
• Designed for Consistent Viewing: All‑glass lenses and fully sealed optical engine resist dust and wear, keeping every frame crisp and clear even…

Sean Anthony Baker and Mia Matthews are reprising their roles from the original short for the full-length movie. Kevin Cate is overjoyed to be working with the same cast and crew who brought the short back to life in the first place, and he believes the new characters are among the greatest they’ve created yet. Getting asked every day what the two saw down there is driving him insane, but he’s ready to eventually reveal them, and he’s dropping hints along the way.

They’ve even set up a website (opendoorfilm.com) where you can sign up and express your interest. The website has the most recent news, behind-the-scenes looks, and even a section where fans can share their wildest ideas. Skysound producer Daniel Faber is on board with this one, as well as Kevin Cate’s upcoming comedy Unbearable Christmas, starring Julia Stiles and David Cross.

Now that the budgeting process is over, the next steps are to address finance, casting, and pre-production. They want to start filming later this year and release it to the public in 2027. Kevin Cate provided a sneak glimpse of what’s coming on social media, claiming that it’s the completion of his ultimate dream.
[Source]

Last year, the AGCM found that Apple abused its market dominance with its treatment of third-party developers.

Months after being hit with a nearly €100m penalty, Apple is once again under investigation by the Italian competition authority – this time over concerns around its interoperability obligations under the EU’s Digital Markets Act (DMA).

The Autorita Garante della Concorrenza e del Mercato (AGCM)’s second probe into Apple concerns iOS and iPadOS, which it said might be unfairly treating third-party cloud providers.

According to the DMA, companies with the gatekeeper designation must ensure that third-party sellers receive the same free and effective interoperability with their operating systems as the company’s own services.

The Italian authority pointed to “indications” of an apparent lack of access third-party cloud providers have to the same features that are available to Apple’s own iCloud. The global technology giant holds more than 40pc of the mobile operating system market share in Europe.

“For example, it appears that Apple does not allow alternative cloud storage services to use the iOS and iPadOS features enabling end users to perform a full backup of their devices’ data, while those same features are available to Apple’s iCloud,” the AGCM said in a statement.

This marks the first time the AGCM is running an investigation alongside the European Commission.

Italy’s competition authority hit Apple with a penalty of more than €98.6m last December after finding that the company abused its “super-dominant position” in the app distribution market with its App Store.

The probe stemmed from Apple’s 2021 policy on App Tracking Transparency (ATT) on iOS which forced third-party app developers to double user consent requests for the same purposes. The AGCM concluded that the policy did not comply with the bloc’s privacy requirements.

Apple, at the time, said that it disagreed with the AGCM’s decision and planned to appeal.

This also isn’t Apple’s first encounter with the DMA. Last year, the company – alongside Meta – became the first penalty recipients under the law, with Apple alone receiving a €500m fine for restricting app developers from informing customers of alternative offers outside its App Store.

A few months later, the company introduced changes to its App Store policies to comply with the law, which carries fines of up to 10pc of a company’s total annual worldwide turnover. For Apple, this could be as much as $41.6bn.

Meanwhile, the EU is also considering whether to designate Apple’s Maps and Ads services as gatekeepers under DMA.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Illumina Ventures announced the two winners of the inaugural competition designed to recognise high-potential start-ups.

UCD’s Nax Bioscience and TCD’s Imragen were today (16 June) awarded the top spot at the inaugural Irish Genomics Business Plan Competition, which is an initiative established to identify and support high-potential genomics-focused start-ups and research ventures in Ireland’s life sciences ecosystem.

Illumina Ventures, which announced the winners, is an independently managed venture capital firm that is focused on genomics and precision health investing and aims to strengthen the genomics innovation landscape in Ireland. 

Nax Bioscience is a deep-tech life science start-up that focuses primarily on improving the efficiency of next generation sequencing. By developing an innovative nucleic acid extraction technology, Nax aims to ensure higher input quality that delivers more reliable, cost-effective sequencing results.

Leading the Nax Bioscience team are, Dr Jaythoon Hassan, of the National Virus Reference Laboratory at UCD, professor Michael Gilchrist from the UCD School of Mechanical and Materials Engineering and Edward Simons, a commercial lead. The multi-disciplinary project is supported by the Enterprise Ireland Commercialisation Fund and is preparing for spin-out in early 2027.

Imragen, which is a new commercial venture being spun out of the Campbell lab at TCD’s Smurfit Institute of Genetics, is developing a range of methodologies to restore the integrity of the blood-brain and blood-retina barriers. The technology will seek to treat a range of neurological and ophthalmological conditions. 

Following a competitive review process of submitted entries from across Ireland, Nax Bioscience and Imragen were selected as the two winners in recognition of their innovative genomics-driven technologies and strong commercial potential. 

For winning, both start-ups will receive a comprehensive support package that includes access to Illumina sequencing consumables and technical expertise, strategic mentorship from Illumina Ventures, intellectual property guidance, legal support and access to Ireland’s genomics data science ecosystem.

Commenting on the win, Nick Naclerio, a founding partner at Illumina Ventures, said, “Ireland has become an increasingly important centre for genomics innovation, supported by exceptional scientific talent, a strong entrepreneurial culture, and a collaborative ecosystem.

“We were highly impressed by the quality of applications received and we are excited to support Nax Bioscience and Imragen as they advance technologies with the potential to make a meaningful impact on healthcare and the life sciences.”

Mark Robinson, the vice-president and general manager, for the UK, Ireland, and Northern Europe, at Illumina, added, “Through this competition, we wanted to help accelerate the next generation of genomics-enabled companies in Ireland. The winning teams demonstrated compelling scientific innovation alongside a clear vision for translation and commercialisation.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

SpaceX passed Amazon to become the fifth-most valuable company in the world, after its stock price climbed 20% on Monday and more than 8% in early trading Tuesday, pushing its valuation past $2.7 trillion.

That’s despite Amazon turning a $78 billion profit in 2025 on $717 billion in sales last year, compared to SpaceX’s $4.9 billion loss on $18.7 billion in revenue. SpaceX has recently added new revenue streams in the form of compute leasing deals with Anthropic and Google, though, and the company has added $1 trillion to its valuation since going public on Friday.

Tuesday’s stock price jump came after SpaceX announced it is acquiring AI coding startup Cursor in an all-stock deal worth $60 billion. SpaceX first revealed a collaboration with Cursor in April, at a time when CEO Elon Musk said his AI company xAI — now a part of SpaceX — “was not built right [the] first time around” and that he was rebuilding it “from the foundations up.”

SpaceX’s historic IPO saw it debut with a valuation of around $1.7 trillion, and the transaction raised nearly $86 billion for Musk’s company. SpaceX only made about 4% of its total shares available for trading, which experts predicted would make the stock more susceptible to wild swings.