Asked about the privacy implications of chatbots like ChatGPT and Claude, Signal President Meredith Whittaker answered, “These are not your friends. These are not conscious beings. These are not sentient interlocutors.”

Whittaker made those comments in a broader interview with Bloomberg about policy, privacy, and Signal. She acknowledged that she uses AI tools “to format a document here and there,” but insisted, “I don’t ask them questions. I’m very serious about my thinking and writing, and I don’t want the process of working through an idea […] to be foreclosed or eclipsed by the response of a system that’s averaging what’s already out there.”

As for Microsoft AI CEO Mustafa Suleyman’s prediction that users could let Microsoft Copilot handle all their Christmas shopping this year, Whittaker argued this scenario — where Copilot is eavesdropping on the family group chat to determine who wants want — means giving it “access to my credit card, my browser, my Signal, the ability to message my siblings on my behalf, my home address [and] my calendar.”

“What you’ve just described is a system with very pervasive access across multiple applications and services,” Whittaker said. “In the context of Signal, it would constitute a kind of a backdoor.”

Movie studios keep hunting for ways to make a trip to the theater feel essential again. Sony Pictures landed on one clear path with its next Spider-Man film. The studio worked directly with CJ 4DPLEX to present Spider-Man: Brand New Day in SCREENX, a format built to spread the action beyond the front screen and across the side walls of specially equipped auditoriums.

Audiences who choose this version enter rooms where specific scenes continue to play out on the walls next to them. The primary story remains front and center on the enormous screen in front, but there are supplementary shots playing out to the left and right. The combination of the two produces a very broad, all-encompassing perspective that immerses you in the action rather than making you a distant spectator.

Sale

Anker Nebula P1i Portable Projector with WiFi and Bluetooth by soundcore, Flippable Design,1080P FHD, 4K…

• Flippable Audio Magic: Rotate the 20W (2 x 10W) Dolby Audio speakers 90° side to side or 200° up and down for sound that follows your vibe, perfect…
• True Brightness, Real Clarity: Enjoy lifelike details with TÜV‑certified 380 ANSI lumens and 1080p Full HD resolution that make every movie night…
• Designed for Consistent Viewing: All‑glass lenses and fully sealed optical engine resist dust and wear, keeping every frame crisp and clear even…

SCREENX is powered by a multi-projection system, with one projector handling the main screen and additional ones dealing with the side walls. The photos are all aligned using smart techniques like as warping correction and edge blending, resulting in a seamless image despite the fact that the walls are at an angle to the main surface. There are no special glasses required, which is a plus. The extra content is kept under control since it only appears at specified points in the film, rather than running throughout.

SCREENX has been widely used by filmmakers since it first appeared in films rather than only advertisements a few years ago. The amount of extra content on the side walls has been progressively expanding. Some films may only open the walls for a few twenty or thirty minute portions, but newer films can keep them open for an hour or more. Extra material is typically created from existing film or digital elements added later in the editing process.

However, Spider-Man: Brand New Day takes a different approach to the situation. CJ 4DPLEX despatched a crew to the set while the main crew was filming. That team took specialized photographs for the side walls, and this is the first time the format has had unique on-set photography generated particularly for it from the start of a major studio film until its release. Director Destin Daniel Cretton puts it simply: CJ 4DPLEX and their team came in to shoot content for the SCREENX auditoriums.

Jun Bang, the CEO of CJ 4DPLEX, described it as an advancement of the overall SCREENX concept. They collaborated closely with Sony Pictures and Cretton, utilizing their proprietary tools to greatly expand the visual possibilities. The goal was to ensure that they preserved the director’s vision while also immersing the audience in the story, action, and Spider-Man world.

It should come as no surprise that Taylor Swift, Bad Bunny, Ariana Grande, and Kendrick Lamar are among the top 20 most streamed artists of all time on Apple Music. Check out the full list.

Apple Music launched on June 30, 2015, and it celebrated 10 years of streaming with a top 500 songs list. A year on, the streamer has shared a new metric.

The new chart is the top 20 artists of all time on Apple Music, shared by Chart Data on social media. It’s an official endorsement, as Apple Music’s account reposted it and replied with a heart and trophy emoji.

It isn’t clear what prompted the post, but we are in proximity to Apple Music’s birthday, so it may simply be that. If you don’t live under the proverbial rock, none of these artists should come at any surprise.

1. Drake
2. Taylor Swift
3. Future
4. Youngboy Never Broke Again
5. Bad Bunny
6. Lil Baby
7. The Weeknd
8. Morgan Wallen
9. Kanye West
10. Post Malone
11. Travis Scott
12. Ariana Grande
13. Chris Brown
14. Kendrick Lamar
15. Lil Durk
16. Gunna
17. Rod Wave
18. Ed Sheeran
19. Justin Bieber
20. Eminem

Apple isn’t promoting the list on Apple Music, at least not yet anyway. If you’re interested in the top 500 song playlist, it’s still available.

Out of the twenty artists present, I have six in my library. Unsurprisingly, the vast majority of music represented here is in the rap or pop genres.

If you’d like to see something a little more personalized, there’s your Apple Music Replay. Unlike Spotify Wrapped, it is updated monthly, so your 2026 Replay is already available.

The Sonos Era 100 SL is a wireless speaker that features nearly all the strengths of 2023’s original Sonos Era 100, but at a cheaper price. While it isn’t a surprise that there have been some trade-offs to get that cost down, I doubt they’ll be a dealbreaker for most people.

Sonically speaking, there aren’t many sacrifices at all. In the mid-range, the Era 100 SL is capable of impressive detail. When I played I Want You by Moloko, I was impressed by how well its funky guitar noises, strings and acidy synth line cut through the mix, without interfering with the wonderfully polished vocals.

ecoustics is a hi-fi and music magazine offering product reviews, podcasts, news and advice for aspiring audiophiles, home theater enthusiasts and headphone hipsters. Read more →

Copyright © 1999-2026 ecoustics | Disclaimer: We may earn a commission when you buy through links on our site.

Launcher V2 will go through a private beta before a public release.

Two AI tools broke in the same way in the same two weeks, and four research teams proved it. The pattern underneath every disclosure is one sentence: enterprise AI accepts external input with no trust boundary.

On June 15, Varonis disclosed SearchLeak (CVE-2026-42824), a proof-of-concept exfiltration chain in Microsoft 365 Copilot Enterprise Search. A victim clicks a crafted microsoft.com URL, Copilot searches their mailbox, and the data leaves through a Bing SSRF. No plugins, no second click, no visible indicator. Four days earlier, Obsidian Security published a three-CVE chain against LiteLLM that carried a default low-privilege user all the way to admin and remote code execution. Two tools. Two teams. One broken boundary.

The five-check audit at the end of this article maps each gap to a CVE or a market signal from June, a command you can run before lunch, and a sentence a CISO can read to the board.

Copilot turned a trusted URL into an exfiltration engine

SearchLeak chained three weaknesses into a silent data-theft chain. The URL q parameter fed attacker instructions straight to Copilot’s LLM. A rendering race condition fired an image tag before the output sanitizer ran. Bing’s image-search endpoint, allowlisted in the Content Security Policy, routed the stolen data out. Microsoft rated the flaw critical and patched it on the back end, according to Varonis. NVD has not yet scored it; a third-party tracker lists it at 6.5 medium. The severity is contested, but the mechanism is not.

The escalation is the real story. This is the third Varonis Copilot exfiltration chain in twelve months, after Reprompt in January and EchoLeak in 2025. Reprompt hit Copilot Personal. SearchLeak hit Enterprise Search. Enterprise inherits the user’s full organizational permissions, so the blast radius is everything that a user can reach.

LiteLLM handed a default account to every provider key

The LiteLLM gateway holds the keys for OpenAI, Anthropic, Azure, and Bedrock behind a single proxy. The Obsidian chain runs in three moves. CVE-2026-47101, an authorization bypass, lets a non-admin mint a wildcard API key. CVE-2026-47102 promotes that caller to proxy admin through an unguarded /user/update endpoint. CVE-2026-40217 escapes the code sandbox through exec() with full builtins. Obsidian then demonstrated a reverse shell by injecting a forged tool-call response through LiteLLM’s callback mechanism. Obsidian assessed the combined chain at CVSS 9.9. The developer typed one word. The attacker popped a shell.

A separate LiteLLM flaw made the urgency immediate. CVE-2026-42271, a command-injection bug in the MCP test endpoints, landed on the CISA KEV list on June 8 with a June 22 remediation deadline. That KEV entry is not the Obsidian chain. The two are distinct disclosures four days apart, fixed in different releases, pointed at the same gateway. LiteLLM carries more than 40,000 GitHub stars and sits in thousands of enterprise deployments. This is not the first scare, either. A supply-chain compromise backdoored LiteLLM versions 1.82.7 and 1.82.8 on PyPI in March. A compromised gateway exposes every provider credential the organization holds.

Langflow and Mini Shai-Hulud proved the pattern scales

The same boundary broke in two more tools in the same fortnight. Langflow CVE-2026-5027 became the third Langflow remote-code-execution flaw to hit active exploitation this year. A path traversal in file upload lets an attacker write files anywhere on disk, and because Langflow ships with auto-login enabled by default, a single unauthenticated request reaches RCE. VulnCheck confirmed exploitation on June 9. Censys counted roughly 7,000 exposed instances, the heaviest concentration in North America, with MuddyWater attribution.

The Mini Shai-Hulud campaign hit a different pressure point. After the worm’s source code went public on May 12, copycat variants compromised 32 Red Hat Cloud Services npm packages on June 1, packages pulled 80,000 times a week. The worm harvests more than 20 credential types and self-propagates under the compromised maintainer’s identity.

Four teams, four tools, one operating failure. The bug classes differ. SearchLeak is a prompt injection. LiteLLM is privilege escalation. Langflow is path traversal. Mini Shai-Hulud is supply-chain poisoning. The boundary that broke is the same in all four.

The market already repriced the risk

CrowdStrike’s Q1 FY27 earnings call put a number on the gap. AIDR, the company’s AI detection and response line, grew ending ARR more than 250% sequentially, with a Q2 pipeline above $50 million (SEC-filed 8-K). Total company ARR reached $5.51 billion, and CrowdStrike’s fleet telemetry shows more than 1,800 agentic applications running across enterprise endpoints.

On June 17, the company extended AIDR to AWS, adding real-time evaluation of agent, LLM, and MCP communications across Amazon Bedrock, Kiro, and Strands Agents, building on its work with Anthropic’s Project Glasswing. Daniel Bernard, CrowdStrike’s chief business officer, said the AI attack surface now spans development, runtime, identities, and cloud infrastructure, and that teams treating those as separate domains leave the gaps between them open.

Practitioners name the same gap in plainer terms

David Levin, CISO at American Express Global Business Travel, told VentureBeat the pattern does not surprise him. “We kind of have this shadow AI, which is just the new version of shadow IT,” Levin said.

Both Langflow and LiteLLM fit the description. Teams stood them up for convenience, gave them credentials, and never brought them under governance. Levin puts the fix before deployment. “We didn’t go into this with just saying we’re going to go do this without the right fundamentals,” he said. “We leverage NIST controls. NIST has released their CSF along with their AI framework. OWASP released their top 10. You need the right fundamentals before you deploy.”

Merritt Baer, CSO at Enkrypt AI and former AWS Deputy CISO, named the structural version of the failure in a separate VentureBeat interview. “Enterprises believe they’ve ‘approved’ AI vendors, but what they’ve actually approved is an interface, not the underlying system,” Baer said. “The real dependencies are one or two layers deeper, and those are the ones that fail under stress.” She has tied that directly to how systems fall. “Raw zero-days aren’t how most systems get compromised. Composability is,” Baer told VentureBeat. “It’s the glue between the model and your data where the risk lives. If you give an agent bash and a root token, you’ve already done most of the attacker’s work for them.” That is what rows 2 and 4 of the audit test: the gateway that holds every key, and the agent identity no one governs.

Levin had a sharper frame for the boardroom. “You need to talk more in terms of risk versus compliance to your boards and your executives,” he said. “It’s not about the size of the engineering team anymore. It’s the size of your imagination. It’s all written in plain English. It’s not hard for anyone.” Neither SearchLeak nor LiteLLM needed custom malware or a zero-day to work.

Adam Meyers, CrowdStrike’s SVP of Intelligence, put the operational squeeze in numbers in an exclusive VentureBeat interview. “The problem is not zero-day. The problem is patching. If you 10x that problem, they’re gonna be completely underwater,” Meyers said. He pointed to identity as the second front. “Some of these AI have their own identities, or people give their identity to the AI to take action on their behalf, and that makes it a very complex problem.”

The five-check trust-boundary audit

Each row maps a gap to its proof point, a verification command for Monday morning, the fix, and the sentence to read to the board.

The fix is plumbing, not policy

The June 2 executive order creates an AI Cybersecurity Clearinghouse with a July 2 deadline. The five gaps above are not frontier-model problems. They are plumbing problems in the gateways, orchestration platforms, identity layers, and runtime environments where AI meets the enterprise.

The audit is five rows. Every row maps to a June disclosure or market signal, a command a team can run before lunch, and a sentence a CISO can read to the board. The question is not whether your vendor will patch. It’s whether you find the gap first — or whether an attacker finds it the way they found Copilot and LiteLLM.

DEvops

Cost premium of using AWS indirectly via Vercel is mitigated by more efficient use of compute resources, CTO claims

Vercel introduced an open source agent framework called eve at its Ship event in London this week, along with other new features including Passport, an attempt to put employee apps created with AI under enterprise control.

Agents are dominating the AI conversation currently, and in particular custom agents. Agent frameworks that simplify coding already exist, though eve has a few notable characteristics.

The coding languages are TypeScript and Markdown, and an agent is a directory with files that define the instructions and skills, the model provider, the tools, the authentication, the channels, and the schedule. Agents are sandboxed on isolated VMs by default. The framework also includes a simple testing tool that exercises the agent and evaluates the result. Code is on GitHub under the Apache 2.0 license.

There are plenty of existing agent frameworks, but Vercel CTO Malte Ubl told us that with eve, simplicity is a feature, with users able to take a “fill in the blanks” approach.

“The life cycle of the agent is completely orchestrated by the framework, and as a developer or builder you have to put things in the right places, but then everything magically works,” Ubl said.

“It’s a system where you don’t have to understand every little bit about what sandboxes are and how to compact context windows… All these things are quite complex; you don’t have to understand any of it.”

Agents built with eve deploy to Vercel by default, using the same command that works for web applications: vercel deploy. That said, the company says it is not tied to its platform.

“We are 100 percent committed to making it work everywhere,” Ubl told us, though an early user has already raised an issue about it requiring a Vercel login even when set to use a different model provider; it is early days and this may be a bug. Providers for LLMs and sandboxes are configurable. An eve project also runs locally with: npx eve dev.

What LLM does eve use? “You can connect any model that AI SDK connects to, which is all the models,” Ubl said, where the AI SDK is a Vercel SDK. There is also an option to use Vercel’s AI Gateway, which has a single endpoint for multiple model providers and can improve reliability by switching to another model if one fails.

The company also previewed Enterprise Apps and Agents, which have four components. Vercel Connect replaces static secret credentials with short-lived tokens accessed by OAuth or an API. Vercel Passport uses OpenID Connect to put all the applications and AI agents in a team behind an identity provider such as Okta or Microsoft Entra. Enterprise Managed Users uses directory sync to enable Vercel in a team to be managed by the organization’s identity system. Finally, Bring Your Own Cloud (BYOC) lets organizations use Vercel’s platform running on AWS infrastructure provisioned by the customer.

According to Vercel, Passport was a highly requested feature because of the number of employees who create applications hosted by Vercel but outside the control of the organization. A typical scenario is that an employee builds an application with AI assistance, and the AI agent defaults to using the Next.js React-based framework and Vercel hosting. It is a variety of shadow IT – or shadow AI – where staff create vibe-coded applications using company data but outside the organization’s IT policy or control.

Vercel itself is an AWS customer so its platform should work well using BYOC, but there are some trade-offs, Ubl said. One is that “we don’t allow your compute to assume AWS roles… If you are really deep in the AWS IM [Identity Management] security system, then Vercel doesn’t give this to you,” he told us, “but we do always issue an OIDC token for every invocation of the compute, so you can use that to configure your AWS policies.” Second, with BYOC, “we become a management vendor,” Ubl said, which means giving Vercel access to that part of the customer’s AWS infrastructure.

All Vercel deployments are immutable, which means “every time you push to Git you get a new infrastructure from scratch,” Ubl told us. He considers this ideal for AI agents. Other aspects of the platform have also been optimized for agents. “We try to be close to what the agents do,” he said.

A common critique of Vercel is that since it runs on AWS, using Vercel means paying a premium for hosting that would be cheaper when purchased directly. According to Ubl, that premium is mitigated by Vercel’s efficient use of those resources, “especially at low scale, and especially compared to Lambda,” the AWS serverless platform. Vercel said last year that it cut its Lambda costs by up to 95 percent by reusing idle instances.

Ubl claimed AWS customers need “more than 35 percent utilization to match Vercel’s price.”

Another Vercel competitor is Cloudflare, which, unlike Vercel, hosts on its own datacenters and has an efficient serverless platform using Workers, based on V8 isolates, a feature of the V8 JavaScript engine used by Google Chrome and the open source Chromium project.

Ubl said that whereas Cloudflare Workers are unique to Cloudflare, Vercel “is a more normal platform, we don’t run some bespoke runtime that we create ourselves, we just run Node.js or Python or PHP and it runs on a VM (virtual machine)… We offer standard PostgreSQL, VPC peering, AWS, S3 and not bespoke.”

This is a bit of a war of words. Cloudflare engineering director Steve Faulkner in February described the Next.js tooling, sponsored by Vercel, as “entirely bespoke.” Since then the situation has improved, with an Adapter API that is stable in Next.js 16.2, meaning other providers no longer need to reverse-engineer the build output, but adapters for AWS and Cloudflare are still under development, with completion expected by the end of 2026. ®

Prime Day 2026 kicks off on Tuesday, but there are numerous Apple deals in effect now that deliver the lowest prices of the season.

There are several early Prime Day Apple deals worth checking out this weekend, as the sale festivities kick off. From AirPods 4 for $99 to triple-digit discounts on M5 MacBook Air models, Apple products are a popular pick for Prime Day.

Shop Prime Day deals

AirPods drop to $99

AirPods Pro 3 are down to the lowest price ever.

Advertisement

AirPods prices have dipped to as low as $99 heading into Prime Week, with earbud and over-ear models on sale. Walmart has also replenished AirPods Pro 3 inventory at $169.

Today’s top AirPods deals

iPads on sale from $299

Early Prime Day deals on iPads deliver prices from $299.

Those in search of a budget-friendly tablet can grab Apple’s 11-inch iPad with an A16 chip for $299. The current M4 iPad Air and M5 iPad Pro are also on sale, with a detailed rundown of the discounts in our iPad Price Guide.

Buy iPad 11 for $299

Today’s best iPad offers

• iPad A16 (128GB, Wi-Fi): $299 ($50 off)
• iPad mini 7 (128GB, Wi-Fi): $474 ($25 off)
• M4 iPad Air 11-inch (128GB, Wi-Fi): $559 ($40 off)
• M4 iPad Air 13-inch (128GB, Wi-Fi): $749 ($50 off)
• M5 iPad Pro 11-inch (256GB, Wi-Fi, Standard Glass): $899.99 ($100 off)
• M5 iPad Pro 11-inch (1TB, Wi-Fi, Nano-texture Glass): $1,499 ($200 off)
• M5 iPad Pro 13-inch (1TB, Wi-Fi, Standard Glass): $1,749.99 ($150 off)

Apple Watches up to $200 off

Apple Watch Series 11 prices have dipped to as low as $299.

Current Apple Watch Series 11, SE 3, and Ultra 3 models are marked down by as much as $200, delivering some of the lowest prices of the year.

Buy Apple Watch Series 11 for $299

42mm Apple Watch Series 11 deals

• 42mm Apple Watch Series 11 GPS (Aluminum Case, Sport Band): $299 ($100 off)
• 42mm Apple Watch Series 11 GPS + Cellular (Aluminum Case, Sport Band): $399 ($100 off)
• 42mm Apple Watch Series 11 GPS + Cellular (Titanium Case, Sport Band): $589 ($110 off)
• 42mm Apple Watch Series 11 GPS + Cellular (Titanium Case, Milanese Loop Band): $639 ($160 off)

46mm Apple Watch Series 11 discounts

• 46mm Apple Watch Series 11 GPS (Aluminum Case, Sport Band): $329 ($100 off)
• 46mm Apple Watch Series 11 GPS + Cellular (Aluminum Case, Sport Band): $399 ($130 off)
• 46mm Apple Watch Series 11 GPS + Cellular (Titanium Case, Sport Band): $549.97 ($200 off)

Apple Watch SE 3 & Ultra 3 markdowns

MacBooks as low as $589

Apple’s latest MacBooks are marked down to as low as $589.

Advertisement

Early Prime Day deals are plentiful on Mac computers as well, with Apple’s budget-friendly MacBook Neo dipping to $589.99. M5 MacBook Air models are also as low as $949.99, while M5 MacBook Pros with at least 1TB of storage can be picked up for as low as $1,529.99.

Compare prices across dozens of configurations in our Mac Price Guide.

Latest MacBook Neo savings

Early Prime Day MacBook Air deals

• 13″ MacBook Air M5 (16GB RAM, 512GB SSD): $949.99 ($150 off)
• 13″ MacBook Air M5 (16GB RAM, 1TB SSD): $1,149 ($150 off)
• 13″ MacBook Air M5 (24GB RAM, 1TB SSD): $1,329 ($170 off) with in-cart coupon
• 15″ MacBook Air M5 (16GB RAM, 512GB SSD): $1,149.99 ($150 off)
• 15″ MacBook Air M5 (16GB RAM, 1TB SSD): $1,349.99 ($150 off)
• 15″ MacBook Air M5 (24GB RAM, 1TB SSD): $1,549 ($150 off)

Top MacBook Pro discounts

• 14″ MacBook Pro M5 (10C CPU, 10C GPU, 16GB, 1TB, Standard Display): $1,529 ($170 off) with in-cart coupon at B&H
• 14″ MacBook Pro M5 (10C CPU, 10C GPU, 24GB, 1TB, Standard Display): $1,749 ($150 off)
• 14″ MacBook Pro M5 Pro (15C CPU, 16C GPU, 24GB, 2TB, Standard Display, Space Black): $2,399 ($230 off) with in-cart coupon at Amazon

Best 16-inch MacBook Pro sales

• 16″ MacBook Pro M5 Pro (18C CPU, 20C GPU, 48GB, 1TB, Standard Display, Space Black): $2,879 ($220 off) at B&H
• 16″ MacBook Pro M5 Max (18C CPU, 40C GPU, 64GB, 2TB, Standard Display): $4,299 ($300 off) at B&H
• 16″ MacBook Pro M5 Max (18C CPU, 40C GPU, 128GB, 2TB, Standard Display, Space Black): $5,099 ($300 off) at B&H

Chargers, cables, and more for your Apple devices

Apple iPhone accessories are up to 40% off.

iPhone accessories