This sponsored article is brought to you by Wetour Robotics.

A field technician on a wind turbine, harness clipped, both hands on a wrench, needs to send a command to the diagnostic device hanging at her belt. A logistics worker on a loading dock, gloves on, eyes on the pallet, needs to redirect a connected lift. A person using an assistive mobility device on a crowded street wants to nudge it forward without taking out a phone or speaking aloud. None of these moments call for a smarter robot. They call for a smarter way to be heard by the machines that already exist.

The industry has been building from one side

The past three years of Physical AI have been a story of remarkable progress on the robot side of the loop. Companies like Boston Dynamics, Figure, and Unitree have advanced actuators, locomotion, and dexterity to a level that would have seemed implausible a decade ago. Google DeepMind’s Gemini Robotics has redefined what vision-language-action models can do in unstructured settings. The trajectory of the hardware and the foundation models is real, and it is accelerating.

But there is another side to this loop, and it has been treated as a solved problem for too long. The interface between humans and machines has defaulted, for 40 years, to three input modalities: screens, buttons, and voice. Each of those assumes the user can stop, look down, and translate intent into structured commands. That assumption breaks the moment the work moves into a real environment. On a turbine. On a dock. On a sidewalk. In any setting where hands are occupied, eyes are committed, or speaking is impractical, the conventional interface stack quietly fails.

Spatial Intent Fusion is the simultaneous processing of three streams of human-centered information, namely spatial position, visual context, and gestural intent: Your body is the interface.

The bottleneck on the human side of the loop is becoming as important as the one on the machine side. And solving it requires a different question. Not how do we make the robot more capable, but how do we let the human participate in the computing system as naturally as the robot already does.

Wetour Robotics’ bet: put the human back into the computing loop

Wetour Robotics is betting that the next architectural leap in Physical AI is not about making the robot more capable. It is about making the human a first-class node in the computing network, with the same kind of low-latency, high-fidelity participation that connected devices already enjoy.

Wetour Robotics’ engineers frame the problem this way: a wristband that recognizes a gesture is not enough. A camera that recognizes a scene is not enough. The information a human carries about what they are about to do is distributed across multiple channels, including where their body is in space, what their eyes are attending to, and what their muscles are preparing to do, and any single channel observed in isolation is ambiguous. Reconstructing intent reliably means fusing those channels at the operating system level, with latency low enough that the loop feels closed rather than mediated.

This approach has a name. Wetour Robotics calls it Spatial Intent Fusion: the simultaneous processing of three streams of human-centered information, namely spatial position, visual context, and gestural intent, fused into a single real-time command for any connected physical device. It is the technical implementation behind a simpler positioning statement the company uses externally: your body is the interface.

Orchestra is a portable intelligent hub running the operating system that handles sensor fusion, intent inference, command translation, and safety arbitration. The reference compute platform is NVIDIA Jetson Orin Nano Super, which provides enough on-device inference capacity to keep the entire control loop at the edge, with no cloud dependency on the critical path. Wetour Robotics

The architecture: three layers, four engines, one loop

Orchestra is not a single device but a layered platform, designed from the start to be sensor-flexible and actuator-agnostic. The architecture decomposes into three perception layers and four coordination engines.

Orchestra itself is the local compute and orchestration core: a portable intelligent hub running the operating system that handles sensor fusion, intent inference, command translation, and safety arbitration. The reference compute platform is NVIDIA Jetson Orin Nano Super, which provides enough on-device inference capacity to keep the entire control loop at the edge, with no cloud dependency on the critical path. Edge inference is non-negotiable for this application. Full-chain latency from biosignal acquisition to actuator command is held under 100 milliseconds, the envelope inside which closed-loop control feels natural rather than laggy.

VisionLink handles visual and spatial perception. Cameras feed into vision models that identify objects, estimate distances, and track environmental context. VisionLink is designed not as a passive recognition layer but as a real-time command generator: its outputs feed directly into Orchestra OS to be fused with biosignal data.

Conductor is the biosignal pipeline. It ingests raw surface electromyographic (sEMG) data from a wrist-worn device, classifies temporal patterns into discrete gestures or continuous control signals, and outputs actuator commands. The technically interesting property of sEMG for this use case is that the signal precedes visible motion. Motor unit action potentials appear at the skin surface roughly 50 to 80 milliseconds before a finger completes the corresponding gesture. Wetour Robotics calls this property pre-motion intent sensing, and it is what allows Orchestra to anticipate user intent rather than react to it.

On top of the three perception layers, Orchestra OS runs four coordination engines. The Perception Engine ingests and normalizes raw sensor streams. The Intent Engine performs Spatial Intent Fusion across modalities, resolving what the user is trying to do given where they are, what they are looking at, and what their hand is signaling. The Orchestration Engine translates intent into device-specific command sequences for any connected actuator. The Safety Engine arbitrates conflicting commands, enforces operational envelopes, and gates execution against runtime safety conditions.

Wetour Robotics

The trade-offs we’re honest about

No system that bridges the human body and the digital world is finished. Three engineering challenges remain open, and the company addresses each with a deliberate trade-off rather than a claim of having fully solved it.

Baseline stability of sEMG under motion. In a stationary user, continuous gesture recognition from sEMG is reliable. Once the user is walking, climbing, or otherwise moving, motion artifacts and electrode drift degrade the signal in ways that are difficult to fully compensate for. Rather than overpromise on continuous control in dynamic settings, Orchestra defaults to a smaller set of robust discrete gestures in complex operating environments, and reserves continuous control modes for contexts where the signal-to-noise ratio supports them.

Miniaturization of edge AI compute. Running the Orchestra control loop entirely at the edge requires real on-device inference, which has historically meant trading off between compute capacity, battery life, and form factor. Wetour Robotics’ approach has been a compact carrier board paired with a thermal design and a battery module sized for all-day wearability. The result is a hub that travels with the user rather than tethering them to a desk, and that performs the full perception-to-actuation loop without offloading to the cloud.

Heterogeneity of third-party device protocols. The actuator side of the loop is a fragmented landscape. Different manufacturers expose different command interfaces, different communication stacks, and different safety conventions, and a Physical AI operating system has to integrate with all of them. Wetour Robotics uses an AI-agent layer to negotiate connection and protocol translation adaptively, so that Orchestra OS can ingest data from a wide range of devices, run them through neural network models that infer human intent, and emit the right command on the right protocol for the device on the other end.

Why this matters, and why it helps the rest of the field

The history of computing is a history of interface revolutions. Command lines gave way to graphical user interfaces, which gave way to touch, which gave way to voice. Each transition expanded who could participate in the system and what they could do with it. The next transition is not about a new screen or a new microphone. It is about treating the human body itself as a participant in the computing network, capable of contributing intent at the same speed and fidelity that any other connected node can.

The history of computing is a history of interface revolutions. The next transition is not about a new screen or a new microphone — it is about treating the human body itself as a participant in the computing network.

This path is not a competitor to the work being done on humanoid robots, foundation models for embodied AI, and dexterous manipulation. It is the missing complement to that work. The hardest open problem for humanoid systems is the data: every natural interaction between a human and the physical world is a potential training signal, and most of those interactions are currently invisible to any computing system. As more humans become first-class nodes in the loop, those interactions become observable, structured, and ultimately useful for training the next generation of embodied AI, including the humanoid robots being developed today.

In other words: putting the human back into the computing loop is not just about better interfaces for individual users. It is about generating the kind of grounded, in-the-wild human-machine interaction data that the broader Physical AI ecosystem will need to keep advancing. The robot side and the human side of the loop are not two competing futures. They are two halves of the same one.

That is what Wetour Robotics means when it says: Your body is the interface.

Learn more at wetourrobotics.com.

Bungie will deliver a final update to wrap things up.

Storage furniture is too often drab and functional, intended to blend into the background of your home. Mustard Made is an exception. The company’s storage lockers come in a variety of loud colors that announce themselves in a room.

Mustard Made makes some of our favorite storage solutions here on the WIRED Reviews team, especially when it comes to outfitting our overflowing home offices. Julian Chokkattu from the WIRED Gear team takes Zoom meetings from a space full of high-end office chairs and brand-new gadgets, and yet my residual image of his home office will always be the stylish yellow Mustard Made lockers behind him. My colleague Louryn Strampe gave the brand’s smaller dual-shelf low-down locker an 8/10 review.

Mustard Made is having a rare sale from today through the end of May, with 20 percent off eight colors from its collection. Among the sale colors is that yellow favored by Julian, a really soft and lovely sage, a noble navy blue, and a medium pink they call “berry,” shown below. (Unfortunately, the vibrant poppy color I like and just introduced into my bedroom is not on sale.)

Photograph: Louryn Strampe

Mustard Made only runs a handful of sales a year, and you probably won’t see a 20 percent discount again until Black Friday.

I am testing the Midi, a midsized locker that sits almost the same height as my dresser and comes with adjustable shelves and locking doors. Transparently, I have long been a fan of locker-style storage furniture and have had an actual gym locker, a row of three of the now-discontinued tall version of the Ikea PS cabinet, and a current Ikea PS cabinet that used to hold my TV and now holds a 3D printer. There’s no question that the Mustard Made Midi is the prettiest of the lot.

Photograph: Martin Cizmar

Circa 2015 or so, it seemed like you couldn’t move a finger without being bombarded with ads and articles about ‘smart homes’ and the ‘internet of things’ — all of which would make our lives so much easier and more automated. Fast-forward a decade and this dream has mostly evaporated along with many of the players in the space. Why this happened is the topic of a recent video by [Caya].

An interesting bit of context that the video starts off with is that home automation really kicked off back in 1975, when the X10 protocol and related devices using power lines for signaling began being sold. These fully integrated solutions generally worked reasonably well, but what all changed when the IoT and ‘smart home’ craze kicked off and brought with it an explosion of new standards.

Over the past decade we have seen the concept of a ‘smart home’ collapse into a nightmare of abandoned IoT devices, subscription services, forced ads, privacy violations, and an increasingly more congested 2.4 GHz spectrum that everything from WiFi and Zigbee to Bluetooth and others ended up competing for, with a corresponding collapse in reliability of data transmissions.

As raised in the video, a big issue is that of the financial viability of running the remote services for a smart home solution, even if this is the part that should make it as plug-and-play as a 1990s-era smart home solution. To the average user setting up their own locally hosted smart home solution isn’t really a straightforward option.

Although at the end [Caya] demonstrates using Home Assistant (HA) as a locally hosted alternative, this is still not something that a non-techie will be able to set up or maintain. Even if you shell out a cool two-hundred clams for the Home Assistant Green plug-and-play hardware solution, the average person will be lost the second any of the prescribed steps in provided documentation do not work. Woe to whoever is the person who is ‘good with computers’ in those cases.

Ultimately another problem with ‘smart homes’ is that they’re really not that smart, as you can definitely set up all kinds of rules in HA and similar solutions, but this is more painstaking manual automation with all the excitement of programming PID controllers. Having an actual intelligence behind the system that could react to what’s happening would make it a far easier sell, yet which is where all the ‘smart assistants’ like Alexa keep falling flat.

Currently [Caya] has set up his HA-based lighting configuration to be used by OpenClaw ‘agentic AI’, as a way to add some actual ‘smarts’, but it’s telling that he hasn’t integrated the smart lock of his apartment into the system yet. Nobody wants to have the OpenClaw agent tell you that it ‘cannot open the front door’ for you, after all.

Every MFA check passed. Every login was legitimate. The compliance dashboard was green across every identity control. And the attacker was already inside, moving laterally through Active Directory with a valid session token, escalating privileges on a trajectory toward the domain controller.

This is the scenario playing out inside enterprises that invested heavily in authentication and assumed the job was done. The credential was real. The multi-factor challenge was answered correctly. The system performed exactly as designed. It authenticated the user at the front door and never looked again. The breach didn’t bypass MFA. It started after MFA succeeded.

Authentication proves identity at a single point in time. Then it goes blind. Everything that follows, the lateral movement, the privilege escalation, the quiet exfiltration through Active Directory, falls outside what MFA was ever designed to see.

A CIO found the gap in production

Alex Philips, CIO at NOV, identified the gap through operational testing. “We found a gap in our ability to revoke legitimate identity session tokens at the resource level. Resetting a password isn’t enough anymore. You have to revoke session tokens instantly to stop lateral movement,” he told VentureBeat.

What Philips found wasn’t a misconfiguration. It was an architectural blind spot that exists in nearly every enterprise identity stack. Once a user authenticates successfully, the resulting session token carries that trust forward without reassessment. The token becomes a bearer credential. Whoever holds it, attacker or employee, inherits every permission associated with the session. NOV’s investigation confirmed that identity session token theft is the vector behind the most advanced attacks they track, driving the team to tighten identity policies, enforce conditional access, and build rapid token revocation from the ground up.

Average e-crime breakout time dropped to 29 minutes in 2025, with the fastest recorded breakout clocked at 27 seconds, according to CrowdStrike’s 2026 Global Threat Report. In 82% of detections across 2025, no malware was deployed at all. Attackers don’t need exploits when they have session tokens.

Attackers stopped writing malware because stolen identities work better

“Adversaries have figured out that one of the fastest ways to gain access to an environment is to steal legitimate credentials or to use social engineering,” Adam Meyers, Senior Vice President of Counter Adversary Operations at CrowdStrike, told VentureBeat. The economics are stark: modern endpoint detection has raised the cost and risk of deploying malware. A stolen credential, by contrast, triggers no alert, matches no signature, and inherits whatever access the real user had.

Vishing attacks exploded by 442% between the first and second halves of 2024, according to CrowdStrike’s 2025 Global Threat Report, while deepfake fraud attempts rose more than 1,300% in 2024, according to Pindrop’s 2025 Voice Intelligence & Security Report. Face swap attacks grew 704% in 2023, according to data cited in the same report. A 2024 study cited in CrowdStrike’s 2025 Global Threat Report found AI-generated phishing emails matched expert-crafted human phishing at a 54% click-through rate, both vastly outperforming generic bulk phishing at 12%.

The threat is not that AI makes one attacker more dangerous. The threat is that AI gives every attacker expert-level social engineering at near-zero marginal cost. The credential supply chain now operates at industrial scale.

The gap between IAM and SecOps is where sessions go to die

By 2026, 30% of enterprises would no longer consider face-based identity verification and biometric authentication solutions reliable in isolation due to AI-generated deepfakes, Gartner predicted in a 2024 report. Riemer pointed to Ivanti’s own 2026 State of Cybersecurity Report to quantify the gap. The report, surveying over 1,200 security professionals, found the preparedness gap between threats and defenses widened by an average of 10 points in a single year.

Kayne McGladrey, IEEE Senior Member, framed the organizational failure in business terms. “Anything that seems to have a cybersecurity flavor is generally put into the cybersecurity risk category, which is a complete fiction. They should be focused on business risks, because if it doesn’t affect the business, like a financial loss, then nobody’s going to pay attention to it, and they will not budget it appropriately, nor will they adequately put in controls to prevent it,” McGladrey told VentureBeat. That logic explains why session governance, token lifecycle management, and cross-domain identity correlation fall into a gap between IAM and SecOps. Nobody owns it because nobody has framed it as a business loss.

“You may only see pieces of the intrusion on the identity side, on the cloud side, and on the endpoint side. You need cross-domain visibility because the best case scenario gives you about 29 minutes to stop these intrusions,” Meyers told VentureBeat.

Mike Riemer, Ivanti’s Field CISO, has watched this disconnect play out across two decades of shifting paradigms. “I don’t know you until I validate you. Until I know what it is and I know who is on the other side of the keyboard, I’m not going to communicate with it until they give me the ability to understand who it is,” Riemer told VentureBeat.

That question applies directly to post-authentication sessions. If attackers use AI to fabricate the identity that clears MFA, defenders need AI watching what that identity does after. Riemer’s broader point is that placing the security perimeter at a single login event invites every attacker who clears that gate to have the run of the house.

NOV closed the gap. Most enterprises haven’t started.

“It gives us a forced security policy enforcement gateway. Users and attackers on a flat network can use stolen identity session tokens, but with zero-trust gateways it forces conditional access and revalidation of trust,” Philips told VentureBeat.

NOV shortened token lifetimes, built conditional access requiring multiple conditions, and enforced separation of duties so no single person or service account can reset a password, bypass multi-factor access, or override conditional access. “We drastically reduced who can perform password or multi-factor resets. No one person should be able to bypass these controls,” Philips told VentureBeat. They deployed AI against SIEM logs to identify incidents in near real-time and brought in a startup specifically to build rapid token revocation for their most critical resources.

Philips also flagged a trust chain vulnerability that most teams overlook. “Since with AI advances you can’t trust voice or video or even writing styles, you must have either preshared secrets or be able to validate a question only you and them would know,” he told VentureBeat. If incident response relies on a phone call or a Slack DM to confirm a compromised account, attackers using deepfake voice or text can exploit that confirmation channel, too.

Eight things to get done this week

NOV proved these gaps are closable. Here is what to prioritize first.

1. Pull the token lifetime report for every privileged account, service account, and API key. Shorten interactive session tokens to hours, not days. Put service account credentials on a defined rotation schedule. API keys with no expiration date are open invitations that never close.

2. Run a session revocation drill under fire. Not a password reset. A session kill. Time it. If your team cannot revoke a live compromised session in under five minutes, that is the gap an attacker sprinting at 27 seconds will exploit first. NOV could not do it either. They brought in dedicated resources and built the capability from scratch.

3. Map your cross-domain telemetry end to end. A single analyst should be able to correlate an identity anomaly in your directory service with a cloud control plane login and an endpoint behavioral flag without switching consoles. If that workflow requires four dashboards and a Slack thread, a 29-minute breakout will beat you every time.

4. Extend conditional access enforcement past the front door. Every privilege escalation and every sensitive resource request should trigger revalidation. An identity that authenticates from Houston and surfaces from Bucharest 20 minutes later should fire automatic step-up authentication or session termination.

5. Replace SMS and push-based MFA with phishing-resistant FIDO2 and passkey-based authentication everywhere feasible. Every push notification an attacker can fatigue-bomb is a session they can steal. This remains the cheapest upgrade that closes the widest gap.

6. Audit separation of duties on identity workflows. If one person or one service account can reset credentials, approve privileged access, and bypass MFA, that is a single point of failure that attackers will find. NOV eliminated that configuration.

7. Establish an out-of-band incident verification protocol with preshared secrets. If your team still confirms compromised accounts over a phone call or Slack message, deepfake voice and text can compromise that channel too. Build the protocol before you need it.

8. Create a dedicated budget line for identity-layer governance. Session governance, token lifecycle management, continuous identity verification, and standards like CAEP and the Shared Signals Framework need a single owner with a single budget. If that owner does not exist, attackers already own the gap.

Philips’s team went from discovering they couldn’t kill a compromised session to standing up rapid token revocation under real attack conditions. They shortened token lifetimes, eliminated single-person credential resets, deployed AI-driven log analysis, and built a dedicated revocation capability for their most critical resources. That transformation took months, not years.

The gap NOV closed exists inside nearly every enterprise that treats authentication as the finish line instead of the starting gun. Philips put it plainly: “Resetting a password isn’t enough anymore. You have to revoke session tokens instantly to stop lateral movement.” His team built the answer. The question for every other CISO is whether they find that gap on their own terms, or whether an attacker moving at 27 seconds finds it for them.

‘I wish [the European Accessibility Act] didn’t have to exist, but I’m glad it does,’ says Kyran O’Mahoney, founder of Nexus Inclusion.

It’s “annoying”, Kyran O’Mahoney admits, that the millions that live with disabilities have a real expectation that technology won’t work for them. “There is something fundamentally broken [in society]” that we don’t consider them.

By not providing accessible services, businesses are excluding millions from their addressable market. “It makes no financial sense not to do this”, he says.

“Ultimately you say ‘you have to do it, it’s the law’, right? If you do it, you’re going to make more sales and drive more revenue. But come on, it’s also just the bloody right thing to do.”

Accessibility audits happen, but reports are often tossed to the side by teams that don’t understand how to implement the recommended changes, O’Mahoney says, speaking to SiliconRepublic.com ahead of Nexus Inclusion’s new product launch on 25 May.

Nexus’ product launch is scheduled just days after the Global Accessibility Awareness Day  today (21 May).

According to the World Health Organisation, an estimated 1.3bn people or around 16pc of the population lives with disabilities. But realistically, O’Mahoney says, it’s higher than that, if you take into account, for example, elderly people, or those with temporary disabilities.

In Ireland people living with disabilities make up around 22pc of the population, according to Employers for Change.

Meanwhile, one global survey from 2025 reported that 84pc of its respondents (comprising software developers, engineers and legal professionals) said digital accessibility is a key priority for their company. Reality, however, seems to be far different.

Statistics also suggest that 96pc of the world’s top 1m websites are not accessible to people with disabilities, and around 71pc of users with disabilities exit inaccessible websites.

The National Disability Authority finds that websites in Ireland only have an average accessibility score of around 55.2pc – all translating to loss in income for businesses.

O’Mahoney founded Nexus Inclusion in 2024 to tackle this issue, and a year after its official launch in 2025, he claims to have built a “first” in the digital accessibility space with a new AI-powered tool.

Affordability and ease of use are two factors O’Mahoney’s team focused on while building their AI tool, he says. It’s a “harsh reality” that digital accessibility is a hard thing to do. “And that’s why it gets pushed out”.

The start-up’s AI tool allows for continuous compliance detection across websites, digital products, and video and other media. The product conducts automated audits and guides users to fix any issues.

O’Mahoney says that the easy-to-use tool is designed for those who do not understand digitally accessible design. While the start-up is also tackling product pick-up by reducing prices to target small websites, all the way up to SMEs.

Nexus Inclusion raised €2m last summer, followed by an additional €1.5m towards the end of last year and early this year.

O’Mahoney says that the product was received positively following a stealth launch earlier this year. “There’s a real demand out there for people that want to be accessible”.

The start-up currently employs eight and is planning to hire around five to seven across technology, digital accessibility and sales this year.

A multi-fold problem

The fact that accessibility had to be legally mandated is a bit “annoying”, O’Mahoney tells me. “I wish [the European Accessibility Act] didn’t have to exist, but I’m glad it does.”

However, in some small parts, the digital accessibility gap is also exacerbated by a lack of awareness among people both living with and without disabilities.

“The number one thing is the people don’t know that the technology exists to support them or create that independence.”

This is where accessibility coaches play a significant role in coaxing a somewhat apprehensive community, wary of technology that largely excludes them in the making, in picking up these tools.

Companies such as Nexus Inclusion, meanwhile, are attempting to tackle the flip side of the issue by ensuring businesses, at the minimum, stay compliant with accessibility laws.

“We’re all different. We all have different things going on in our lives, whether they’re temporary or permanent, and I think it’s a much better way to look at – if we look at product design – [that] everyone is going to use it differently.”

O’Mahoney says that such issues could be better targeted in a diverse workplace, but “statistically, people with disabilities tend to be unemployed.” The disability employment rate in Ireland stands at just upwards of 32pc, nearly 20pc lower than the EU average of 51.3pc.

O’Mahoney, who was born with just 17pc vision, previously worked at Vision Ireland as its group chief technology officer. In 2021, he founded Inclusion and Accessibility Labs, an IT consulting company, which he also led as CEO.

“Advocacy around this space is growing,” he says. “Plus there’s more and more people identifying that they have somewhat of a disability now, because it’s not considered a shameful thing anymore – which I think is wonderful.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.