TikTok will not introduce end-to-end encryption for direct messages (DMs) on its platform, according to a new report from the BBC. The social media giant says end-to-end encryption would make users less safe, as it believes the technology would prevent police and safety teams from accessing messages when necessary.

TikTok told the outlet that this is a deliberate decision to distinguish itself from rivals and protect users, particularly younger ones, from harm.

With end-to-end encryption, only the sender and recipient of a direct message can view its contents.

The company said direct messages are still protected with standard encryption, similar to services like Gmail. Only authorized employees can access direct messages, and only under specific circumstances, such as in response to a valid law enforcement request or a user report of harmful behavior.

End-to-end encryption is the default technology used in popular apps like Signal, WhatsApp, Facebook Messenger (for 1:1 personal chats and calls), Apple’s Messages, and Google Messages.

The federal directive ordering all U.S. government agencies to cease using Anthropic technology comes with a six-month phaseout window. That timeline assumes agencies already know where Anthropic’s models sit inside their workflows. Most don’t today.

Most enterprises wouldn’t, either. The gap between what enterprises think they’ve approved and what’s actually running in production is wider than most security leaders realize.

AI vendor dependencies don’t stop at the contract you signed; they cascade through your vendors, your vendors’ vendors, and the SaaS platforms your teams adopted without a procurement review. Most enterprises have never mapped that chain.

The inventory nobody has run

A January 2026 Panorays survey of 200 U.S. CISOs put a number on the problem: Only 15% said they have full visibility into their software supply chains, up from just 3% a year ago. And 49% had adopted AI tools without employer approval, according to a BlackFog survey of 2,000 workers at companies with more than 500 employees; 69% of C-suite members said they were fine with it.

That’s where undocumented AI vendor dependencies accumulate, invisible to the security team until a forced migration makes them everyone’s problem.

“If you asked a typical enterprise to produce a dependency graph that includes second- and third-order AI calls, they’d be building it from scratch under pressure,” said Merritt Baer, CSO at Enkrypt AI and former Deputy CISO at AWS, in an exclusive interview with VentureBeat. “Most security programs were built for static assets. AI is dynamic, compositional, and increasingly indirect.”

When a vendor relationship ends overnight

The directive creates a forced migration unlike anything the federal government has attempted with an AI provider. Any enterprise running critical workflows on a single AI vendor faces the same math if that vendor disappears.

Shadow AI incidents now account for 20% of all breaches, adding as much as $670,000 to average breach costs, IBM’s 2025 Cost of Data Breach Report found. You can’t execute a transition plan for infrastructure you haven’t inventoried.

Your contract with Anthropic may not exist, but your vendors’ contracts might. A CRM platform could have Claude embedded in its analytics engine. A customer service tool might call it on every ticket you process. You didn’t sign for that exposure, but you inherited it, and when a vendor cutoff hits upstream, it cascades downstream fast. The enterprise at the end of that chain doesn’t know the dependency exists until something breaks or the compliance letter shows up.

Anthropic has said eight of the 10 largest U.S. companies use Claude. Any organization in those companies’ supply chains has indirect Anthropic exposure, whether they contracted for it or not. AWS and Palantir, which hold billions in military contracts, may need to reassess their commercial relationships with Anthropic to maintain Pentagon business.

The supply chain risk designation means any company doing business with the Pentagon now has to prove its workflows don’t touch Anthropic.

“Models are not interchangeable,” Baer told VentureBeat. “Switching vendors changes output formats, latency characteristics, safety filters, and hallucination profiles. That means revalidating controls, not just functionality.”

She outlined a sequence that starts with triage and blast radius assessment, moves to behavioral drift analysis, and ends with credential and integration churn. “Rotating keys is the easy part,” Baer said. “Untangling hardcoded dependencies, vendor SDK assumptions, and agent workflows is where things break.”

The dependencies your logs don’t show

A senior defense official described disentangling from Claude as an “enormous pain in the ass,” according to Axios. If that’s the assessment inside the most well-resourced security apparatus on the planet, the question for enterprise CISOs is straightforward. How long would yours take?

The shadow IT wave that followed SaaS adoption taught security teams about unsanctioned technology risk. Most caught up. They deployed CASBs, tightened SSO, and ran spend analysis. The tools worked because the threat was visible. A new application meant a new login, a new data store, a new entry in the logs.

AI vendor dependencies don’t leave those traces.

“Shadow IT with SaaS was visible at the edges,” Baer said. “AI dependencies are embedded inside other vendors’ features, invoked dynamically rather than persistently installed, non-deterministic in behavior, and opaque. You often don’t know which model or provider is actually being used.”

Four moves for Monday morning

The federal directive didn’t create the AI supply chain visibility problem. It exposed it.

“Not ‘inventory your AI,’ because that’s too abstract and too slow,” Baer told VentureBeat. She recommended four concrete moves that a security leader can execute in 30 days.

1. Map execution paths, not vendors. Instrument at the gateway, proxy, or application layer to log which services are making model calls, to which endpoints, with what data classifications. You’re building a live map of usage, not a static vendor list.

2. Identify control points you actually own. If your only control is at the vendor boundary, you’ve already lost. You want enforcement at ingress (what data goes into models), egress (what outputs are allowed downstream), and orchestration layers where agents and pipelines operate.

3. Run a kill test on your top AI dependency. Pick your most critical AI vendor and simulate its removal in a staging environment. Kill the API key, monitor for 48 hours, and document what breaks, what silently degrades, and what throws errors your incident response playbook doesn’t cover. This exercise will surface dependencies you didn’t know existed.

4. Force vendor disclosure on sub-processors and models. Your AI vendors should be able to answer which models they rely on, where those models are hosted, and what fallback paths exist. If they can’t, that’s your fourth-party blind spot. Ask the questions now, while the relationship is stable. Once a cutoff hits, the leverage shifts, and the answers come too late.

The control illusion

“Enterprises believe they’ve ‘approved’ AI vendors, but what they’ve actually approved is an interface, not the underlying system,” Baer told VentureBeat. “The real dependencies are one or two layers deeper, and those are the ones that fail under stress.”

The federal directive against Anthropic is one organization’s weather event. Every enterprise will eventually face its own version, whether the trigger is regulatory, contractual, operational, or geopolitical. The organizations that mapped their AI supply chain before the storm will recover. The ones that didn’t will scramble.

Map your AI vendor dependencies to the sub-tier level. Run the kill test. Force the disclosure. Give yourself 30 days. The next forced migration won’t come with a six-month warning.

American data analytics company LexisNexis Legal & Professional has confirmed to BleepingComputer that hackers breached its servers and accessed some customer and business information.

The company’s data breach confirmation comes as a threat actor named FulcrumSec leaked 2GB of files on various underground forums and sites.

LexisNexis L&P is a global provider of legal, regulatory, and business information, research tools, and analytics used by lawyers, corporations, governments, and academic institutions in more than 150 countries worldwide.

Cloud breach via unpatched React app

The threat actor says that on February 24 they gained access to the company’s AWS infrastructure by exploiting the React2Shell vulnerability in an unpatched React frontend app.

LexisNexis L&P admitted that hackers breached its network, noting that the stolen information was old and consisted mostly of non-critical details.

“Our investigation has confirmed that an unauthorized party accessed a limited number of servers,” the company told BleepingComputer.

“These servers contained mostly legacy, deprecated data from prior to 2020, including information such as customer names, user IDs, business contact information, products used, customer surveys with respondent IP addresses, and support tickets,” a spokesperson said.

“The impacted information did not contain Social Security numbers, driver’s license numbers, or any other sensitive personally identifiable information; credit card, bank accounts, or any other financial information; active passwords; or customer search queries, customer client or matter information, or customer contracts.”

Based on its investigation, LexisNexis believes that the intrusion has been contained and found no evidence that products or services were impacted by the intrusion.

In a public post detailing the hack, FulcrumSec claims that they stole information related to more than 100 users with .gov email addresses, which included U.S. government employees, federal judges and law clerks, U.S. Department of Justice attorneys, and U.S. SEC staff.

The threat actor detailed the intrusion, saying that they “exfiltrated 2.04 GB of structured data from LexisNexis AWS infrastructure” via a vulnerable React container with access to:

• 536 Redshift tables
• 430+ VPC database tables
• 53 AWS Secrets Manager secrets in plaintext
• 3.9M database records
• 21,042 customer accounts
• 5,582 attorney survey respondents
• 45 employee password hashes
• Complete VPC infrastructure mapping

FulcrumSec said that they also had access to around 400,000 cloud user profiles that included real names, emails, phone numbers, and job functions. According to the hackers, 118 users had .gov addresses belonging to U.S. government employees, federal judges and law clerks, U.S. Department of Justice attorneys, and U.S. SEC staff.

FulcrumSec said that they contacted LexisNexis, but the company “decided not to work with us on this.” They also criticized the company’s security practices that permitted a single ECS task role “read access to every secret in the account, including the production Redshift master credential.”

LexisNexis has notified law enforcement and contracted an external cybersecurity expert to assist with the investigation and implementation of containment measures.

The company has taken responsibility for the breach and informed current and previous customers of the intrusion.

Last year, the company disclosed another breach after hackers compromised a corporate account and accessed sensitive information belonging to 364,000 customers.

Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.

Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.

Download The Report

Google‘s March Pixel Drop is rolling out now, and it’s giving one of the Pixel‘s best quiet features its own home. The Now Playing tool, which automatically figures out songs playing around you, is now a standalone app. That means your history of discovered tracks finally has a place to live. You can actually revisit that song you heard at the coffee shop last week.

The update turns a background trick into something useful. Now Playing has long been a Pixel thing, silently catching music without needing to Shazam it. The new app adds a history tab that logs everything your phone has picked up. From there, you can play full tracks in Spotify, Apple Music, or whatever you use. The app is on the Google Play Store now as part of the March Pixel Drop. The rollout started March 3 and will continue over the next few weeks.

A history tab that actually does something

The standalone app changes how you deal with songs your phone has ID’d. Before, Now Playing worked almost invisibly. A track name would flash on your lock screen and then vanish. Now the history tab collects every recognized song in one scrollable list. You can see what played at the gym, in that Uber, or during your walk yesterday.

Better yet, tap any track and your phone offers to open it in your streaming service. You go from “what was that song?” to adding it to a playlist in seconds. The app builds a personal soundtrack of your life, then hands it off so you can actually listen. It’s a small shift. But it turns passive recognition into active discovery.

Why a standalone app changes the game

This isn’t just Google painting an old feature. Making Now Playing its own app solves something Pixel owners actually deal with. You’ve had that moment. You hear a great song, see it on your lock screen, and then forget about it by lunch. The new history tab catches those missed moments. It turns ephemeral discoveries into something you keep.

The move also shows how Google thinks about Pixel perks. Now Playing has always been a low-key differentiator. iPhones and Samsung phones don’t really do this. By spinning it into its own app with music service hooks, Google gives you a reason to stick with Pixel. Small moments turn into a lasting library.

How to get the new Now Playing app

If you’ve got a compatible Pixel, the new app is ready now. Hit the Google Play Store and look for the standalone app. It started appearing after the March 3 announcement. The rollout happens in waves, so it might take a week or two to hit your phone. When it lands, your old song history should show up automatically.

This is one of those updates that makes you wonder why it took so long. The old Now Playing was great at identification but terrible at preservation. Now you’ve got a searchable, playable archive of every track your phone ever caught. That’s a subtle upgrade that adds up. Check the Play Store this week. If it’s not there, give it a few days. The March Pixel Drop is rolling out gradual, and this one’s worth waiting for.

The Manya Cynus chess robot comes in a small box that opens to reveal a complete chessboard and a single robotic arm that is eager to start a game. This device, which was created by Manya Space and distributed to backers who had committed to the 2025 Kickstarter, is basically a physical chess battle against a machine that makes all of its own moves. With eight difficulty settings ranging from extremely basic to expert-level strong, it runs completely off the grid and doesn’t require you to use your phone, computer, or internet connection.

The setup procedure is easy and quick. To get started, simply push a button to unfold the board, use a magnet to secure the arm, and insert the plastic chess pieces—which have metal cores for a firm grip. When you’re ready to begin, you make a motion, push a green-lit confirmation button, and the robot takes over. A small screen on the arm displays the difficulty levels and a few status lights. Its 3-megapixel camera, which is positioned beneath the “head,” continuously scans the entire board to monitor everything and ensure that its movements comply with the regulations. When it’s time to set down one of its own pieces, the arm reaches out, lifts over any of your captured pieces if needed, and sets down its own with a purposeful motion that precisely follows the direction it’s supposed to take—you know, like the huge sweeping motion of a queen or the L-shape of a knight.

Sale

P6 Electronic Chess Board Chess Computer Talking Smart Chess Board Magnetic Electronic Chess Set with LED…

• Product Dimensions: 12.6×12.13×0.9 inches (32×30.8×2.3 cm); Game area: 8.8×8.8 inches(22.5×22.5 cm); Each square: 1.1 inches (28x28mm). King height…
• Electronic Chess Board: Built-in AI intelligent algorithms, with 1-18 levels for beginners to intermediate players. Play against the computer or a…
• Smart Chess Board: Offers three modes: Training for beginners and kids, Match for improving skills with the device, and Human for two-player games…

With each move, a few tiny animated eyes on the screen give the robot a some personality; a winning move gives it a joyful expression, while a checkmate loss gives it a disappointed face and a soft crying sound. It also uses its arm to make a few gestures, giving it a little more personality than you would expect from a computer. With its excellent battery life of over 10 hours on a single charge thanks to its USB-C connector, the entire device is portable because, after you’re done using it, you can simply throw it in a bag or whatever. When folded up, it is about the same size as two tablets stacked on top of one another.

The software is still a bit rough, though, and if you make a mistake, you’re simply rewarded with a brief, easily overlooked notice on the screen; otherwise, play proceeds without even pausing. Despite being heavily highlighted in all of the early promotional materials, the promised companion app is still missing, and there is no timed game mode.The Python-based environment and the open-source protocol that enables it to communicate with Bluetooth 5.1 simply urge users to enter and begin experimenting.

When it’s in operation, it’s a lot of fun to watch the arm calculate, reach, and commit to a move in real time, giving you a comprehensive understanding of your opponent. The only way to win is to be at the top of your game, and even if you lose, it’s quite obvious what went wrong and what you need to improve. Stockfish ensures that it plays solidly across all the different levels. The Manya Cynus is a strange and amazing combination that somehow manages to combine traditional strategic thinking with contemporary robotics for anyone who has a soft spot for chess but also wants to see some cool hardware.
[Source]

Here’s a list of its ports: 1 × USB 4.0 Type-C, 1 × USB 3.2 Gen 2 Type-C, 3 × USB 3.2 Gen 1 Type-A, micro SD Card Reader, HDMI 2.0, 2 x Type-C w/ DisplayPort 1.4, and a headphone/Microphone Combo. The webcam is a 2MP 1080p, which gets the job done, but is looking a little long in the tooth at this point. Otherwise, though, this is a great option for AMD fans.

Best for Performance

The Kubuntu Focus Zr 1 (8/10, WIRED Recommends) is a powerhouse, but at 15 inches by 12 inches, over an inch thick, and weighing in at 8 pounds, it’s not a laptop you casually cart around. But if your work requires serious computing power though, be it machine learning (running TensorFlow), local LLMs, big data crunching workflows, or high end video editing, the Zr Gen 1 delivers power in spades.

Inside, the Zr Gen 1 features an Intel Core Ultra 9 275HX with 24 cores, an RTX 5090 graphics card, 24 GB GDDR7 RAM (expandable up to 192 GB), two SSDs, one 1TB, one 2TB (you can have up to 4 drives, one of them being a PCIe GEN 5×4 NVMe). Along with the discrete GPU there’s an integrated one as well, which means you can turn off the discrete card to maximize battery life. I spent about 90 percent of the time with the discrete card off and just turned it on when editing photos and video.

The screen is a gloriously large 18-inch LCD display (2560 x 1600 pixels, 168 DPI density) with a max brightness of over 500 nits and matte finish that makes it easy to use even in bright light. It’s one of the better LCD panels I’ve used lately, and gamers will be happy to see the 240 Hz refresh rate. You can also plug in up to 4 external displays. Thanks to the size of the Zr, there’s plenty of room for a full size keyboard with a numeric pad. The keyboard is user-configurable and features a 65,536-color LED backlight system that you can tweak to your liking with the Focus tool.

Smartphones have evolved into a rather predictable shape over time, with flat slabs, fixed cameras, and batteries well sealed up tight inside. TECNO decided to defy those standards at MWC 2026 by showcasing a design that brings back some pretty old-school modularity in a way that no one expected: a base phone so thin that it barely counts as a complete device until you start adding components to it.

The novelty here is that the main device is only 4.9 millimeters thick, making it narrower than a regular pencil and far thinner than those super-slim flagships that everyone has been gushing about recently. Without any accessories, the phone is rather stripped-down, with a rudimentary camera on the back, a small battery, and a few low-profile pogo pin ports. The back glass panel features a matte surface to reduce glare, and all of the edges are polished for added visual contrast and robustness. It’s all quite basic, and the markings on the rear are just subtle enough to indicate where the various modules should snap into position.

Sale

Google Pixel 10a – Berry – 128 GB with $100 Amazon Gift Card

• Order the new Google Pixel 10a today and get an Amazon Gift Card; valid 2/18/2026 until 3/11/2026 at 11:59pm PT, while supplies last and subject to…
• Return of Pixel 10a without gift card results in charge; offer cannot be combined, is non-transferable and not valid for cash or cash equivalent
• If a qualifying item in your order is returned, you’ll be reimbursed for what you return, minus the value of the gift card

The attachment system is based on a rectangular array of magnets that function in tandem with the pogo pins. The magnets hold everything in place firmly, while the pogo pins give power with minimal trouble and heat. Data is transmitted wirelessly and can switch between Bluetooth, Wi-Fi, and even millimeter-wave communications depending on the module used and the situation. Pairing is simple: find the portion you want, bring it close, and it snaps into place.

Modules are what really make this device sparkle, without making it overly big. Right now, you have about ten possibilities in the present ecology. A power bank module adds capacity at only 4.5 millimeters thick, which is incredibly small, and it effectively doubles your useable battery life, not just for the phone itself, but also for any peripherals you connect to it. As for cameras, one module can transform the device into an action camera, allowing for fresh perspectives and innovative approaches. Another module has a telephoto lens, allowing you to use the phone display as a live viewfinder, resulting in low-latency previews and rapid pictures. Then there’s a larger zoom module with a genuine image sensor behind a true lens mount, along with some excellent physical controls on the side, essentially turning your phone into a compact camera body. Other alternatives include a gaming controller, a wireless mic that clips to your clothing, a wallet, and a speaker.

Two design possibilities demonstrate how this concept might look in real life. The ATOM version features a straightforward, sleek silver-aluminum design with some lovely red accents. The MODA edition, on the other hand, opts for a darker, more eye-catching appearance, with a strong emphasis on uniqueness. TECNO describes this as a platform rather than a single set product since it is supposed to be scalable, allowing future modules to offer all sorts of fascinating things such as AI, extra storage, off-grid communications, or accessories tailored to various lifestyles. The piece that holds it all together remains the same, so you can simply keep adding new stuff and using it all without any problems.