For decades, the IQ test has been one of the most familiar — and most contested — yardsticks for human intelligence. Now, a startup project called AI IQ is applying the same metaphor to artificial intelligence, assigning estimated intelligence quotients to more than 50 of the world’s most powerful language models and plotting them on a standard bell curve.
The result is a set of interactive visualizations at aiiq.org that have ricocheted across social media in the past week, drawing praise from enterprise technologists who say the charts make an impossibly complex market legible — and sharp criticism from researchers and commentators who warn the entire framework is misleading.
“This is super useful,” wrote Thibaut Mélen, a technology commentator, on X. “Much easier to understand model progress when it’s mapped like this instead of another giant leaderboard table.”
Brian Vellmure, a business strategist, offered a similar endorsement: “This is helpful. Anecdotally tracks with personal experience.”
Advertisement
But the backlash arrived just as quickly. “It’s nonsense. AI is far too jagged. The map is not the territory,” posted AI Deeply, an artificial intelligence commentary account, crystallizing a worry shared by many researchers: that reducing a language model’s sprawling, uneven capabilities to a single number creates a dangerous illusion of precision.
More than 50 AI language models, plotted on a standard IQ bell curve by the site AI IQ. The most capable models crowd the right tail of the distribution. (Credit: AI IQ)
Twelve benchmarks, four dimensions, and one controversial number: how AI IQ actually works
AI IQ was created by Ryan Shea, an engineer, entrepreneur, and angel investor best known as a co-founder of the blockchain platform Stacks. Shea also co-founded Voterbase and has invested in the early stages of several unicorns, including OpenSea, Lattice, Anchorage, and Mercury. He holds a Bachelor of Science in Mechanical Engineering from Princeton University.
The site’s methodology rests on a deceptively simple formula. AI IQ groups 12 benchmarks into four reasoning dimensions: abstract, mathematical, programmatic, and academic. The composite IQ is a straight average of those four dimension scores: IQ = ¼ (IQ_Abstract + IQ_Math + IQ_Prog + IQ_Acad).
Each raw benchmark score gets mapped to an implied IQ through what the site describes as “hand-calibrated difficulty curves.” Crucially, the methodology compresses ceilings for benchmarks considered easier or more susceptible to data contamination, preventing them from inflating scores above 100. Harder, less gameable benchmarks retain higher ceilings. The system also handles missing data conservatively: models need scores on at least two of the four dimensions to receive a derived IQ, and when benchmarks are absent, the pipeline deliberately pulls scores down rather than up. The site states that “every derived IQ averages all four dimensions, so missing coverage cannot make a model look better by omission.”
OpenAI leads the bell curve, but the gap between the top AI models has never been smaller
As of mid-May 2026, the AI IQ charts tell a story of rapid convergence at the top of the frontier — and widening diversity in the tiers below.
According to the Frontier IQ Over Time chart, GPT-5.5 from OpenAI currently sits at the peak of the bell curve, with an estimated IQ near 136 — the highest of any model tracked. It is closely followed by GPT-5.4 (approximately 131), Opus 4.7 from Anthropic (approximately 132), and Opus 4.6 (approximately 129). Google’s Gemini 3.1 Pro lands near 131, making the top cluster extraordinarily tight.
Advertisement
That compression is not unique to AI IQ’s framework. Visual Capitalist, drawing from a separate Mensa-based ranking by TrackingAI, recently observed the same dynamic, noting that “the biggest takeaway is how compressed the top of the leaderboard has become.” On that scale, Grok-4.20 Expert Mode and GPT 5.4 Pro tied at 145, with Gemini 3.1 Pro at 141.
Below the frontier cluster, the AI IQ charts show a crowded midfield. Models from Chinese labs — Kimi K2.6, GLM-5, DeepSeek-V3.2, Qwen3.6, MiniMax-M2.7 — bunch between roughly 112 and 118, making the cost-performance tier increasingly competitive for enterprise buyers who don’t need the absolute best model for every task. One X user, ovsky, noted that the data “confirms experience with sonnet 4.6 being an absolute workhorse as opposed to opus 4.5” — pointing to the way the charts can validate practitioner intuitions that headline rankings often miss.
The trajectory of frontier AI models from October 2023 to mid-2026, as tracked by AI IQ. Provider-colored step-lines connect each lab’s flagship releases, showing roughly 60 points of estimated IQ improvement in 30 months. (Credit: AI IQ)
Why emotional intelligence scores are becoming the new battleground in AI model rankings
What distinguishes AI IQ from most other benchmarking efforts is its inclusion of an “EQ” — emotional intelligence — score. The site maps each model’s EQ-Bench 3 Elo score and Arena Elo score to an estimated EQ using calibrated piecewise-linear scales, then takes a 50/50 weighted composite of the two.
Advertisement
The EQ scores produce a meaningfully different ranking than IQ alone. On the IQ vs. EQ scatter plot, Anthropic’s Opus 4.7 leads on EQ with a score near 132, pushing it into the upper-right quadrant — the most desirable position, signaling both high cognitive and high emotional intelligence. OpenAI’s GPT-5.5 and GPT-5.4 cluster in the high-IQ zone but lag slightly on EQ. Google’s Gemini 3.1 Pro sits in a strong middle position on both axes.
One notable methodological choice has drawn attention: EQ-Bench 3 is judged by Claude, an Anthropic model, which the site acknowledges “creates potential scoring bias in favor of Anthropic models.” To correct for this, AI IQ subtracts a 200-point Elo penalty from the EQ-Bench component for all Anthropic models before mapping to implied EQ. The Arena component is unaffected since it uses human judges. That self-correction is unusual in the benchmarking world, and it suggests Shea is aware of the methodological minefield he has entered. Still, the EQ dimension captures something IQ alone cannot: the growing importance of conversational quality, collaboration, and trust in models deployed for user-facing work.
Plotting IQ against EQ reveals that the smartest models aren’t always the most emotionally intelligent. Anthropic’s Opus 4.7 dominates the upper-right quadrant. (Credit: AI IQ)
The AI cost-performance chart that enterprise buyers actually need to see
Perhaps the most practically useful chart on the site is not the bell curve but the IQ vs. Effective Cost scatter plot. It maps each model’s estimated IQ against an “effective cost” metric — defined as the token cost for a task using 2 million input tokens and 1 million output tokens, multiplied by a usage efficiency factor.
Advertisement
The chart reveals a familiar pattern in enterprise technology: the best models are not always the best value. GPT-5.5 and Opus 4.7 sit in the upper-left corner — high IQ, high cost, with effective per-task costs north of $30 and $50 respectively. Meanwhile, models like GPT-5.4-mini, DeepSeek-V3.2, and MiniMax-M2.7 occupy a sweet spot in the middle: respectable IQ scores between 112 and 120, at effective costs ranging from roughly $1 to $5 per task. At the cheapest extreme, GPT-oss-20b (an open-source OpenAI model) appears near $0.20 effective cost with an IQ around 107 — potentially the most economical option for bulk classification or extraction workloads.
The site also offers a 3D visualization mapping IQ, EQ, and effective cost simultaneously. A dashed line running through the cube points toward the ideal: higher IQ, higher EQ, and lower cost. Models near the “green end” of that axis are stronger all-around deals; those near the “red end” sacrifice capability, cost efficiency, or both. For CIOs staring at API invoices, the implication is clear: the intelligence gap between a $50 model and a $3 model has narrowed enough that routing — using expensive models for hard problems and cheap ones for everything else — is no longer optional. It is the dominant architecture for serious AI deployments.
Critics say AI’s “jagged” capabilities make a single IQ score dangerously misleading
The loudest objection to AI IQ is philosophical, and it cuts deep. Critics argue that collapsing a model’s uneven capabilities into a single score obscures more than it reveals.
“IQ as a proxy is fading — we’re seeing reasoning density spikes that don’t map to g-factor,” posted Zaya, a technology commentator, on X. “GPT-5.5 already hit saturation on MMLU-Pro, but still fails ClockBench 50% of the time.”
Advertisement
That observation touches on what AI researchers call the “jaggedness” problem: large language models often exhibit wildly uneven capabilities, excelling at graduate-level physics while failing at tasks a child could do. A composite score can paper over those gaps.
Pressureangle, another X user, posted a more granular critique, calling out “complete lack of transparency” and arguing the site never fully discloses how its calibration curves were created or validated. In fairness, AI IQ does list its 12 benchmarks and shows the shape of each calibration curve in its methodology modal. But the raw data and precise mathematical transformations are not published as open datasets — a gap that matters to researchers accustomed to fully reproducible methods.
Others questioned the premise itself. “As useless as human IQ testing,” wrote haashim on X. Shubham Sharma, an AI and technology writer, offered a constructive alternative: “Why not having the Models take an official (MENSA-Grade) test? Wouldn’t this be the most accurate and most ‘human-comparable’ way to benchmark intelligence?” That approach already exists through TrackingAI, which administers the Mensa Norway IQ test to language models. But Mensa-style tests measure only abstract pattern recognition, while AI IQ attempts a broader composite across coding, mathematics, and academic reasoning. As Visual Capitalist noted, “an IQ-style benchmark captures only one slice of capability.” Each approach has tradeoffs — and neither has won the argument yet.
The real race isn’t for the highest score — it’s for the smartest model stack
For all the debate about methodology, the most important signal in AI IQ’s data may not be any single model’s score. It is the shape of the market the charts reveal.
Advertisement
There are now more than 50 frontier-class models available through APIs, from at least 14 major providers spanning the United States, China, and Europe. Each provider publishes its own benchmarks, often cherry-picked to showcase strengths. The result is a Tower of Babel where no two companies measure the same thing in the same way. Academic research has highlighted that “most benchmarks introduce bias by focusing on a particular type of domain,” and the Frontier IQ Over Time chart on AI IQ shows just how fast the targets are moving: in October 2023, GPT-4-turbo sat near an estimated IQ of 75. By early 2026, the top models were brushing 135 — roughly 60 points of improvement in 30 months.
That pace raises a fundamental question about whether any scoring system can keep up. The site compresses ceilings for saturated benchmarks, but as models continue to max out even the hardest tests — ARC-AGI-2, FrontierMath Tier 4, Humanity’s Last Exam — the framework will face the same ceiling effects that have plagued every AI evaluation before it. Connor Forsyth pointed to this dynamic on X: “ARC AGI 3 disagrees,” he wrote, referencing a next-generation benchmark that may already be undermining current scores.
AI IQ is not perfect. Its methodology is partially opaque. Its IQ metaphor can mislead. And its creator acknowledges known biases while likely missing others. But the alternative — wading through dozens of provider-specific benchmark tables, each using different test suites and scoring conventions — is worse. The site offers enterprise buyers something genuinely scarce: a single framework for comparing models across providers, dimensions, and price points, updated regularly, with enough nuance to show that the right answer to “which model is best?” is almost always “it depends on the task.”
Maybe. But if the AI IQ data shows anything clearly, it is that orchestration — knowing which model to deploy, when, and at what price — has become its own form of intelligence. And for that, there is no benchmark yet.
As the clock ticked down, schools were simply unprepared to be graded on their assignment.
Federal disability law has required local governments to make their websites accessible for decades.
Two years ago, during the Biden administration, the U.S. Department of Justice published a “final rule” spelling out how schools could measure whether their websites and mobile apps were accessible for students with disabilities, relying on widely accepted guidelines. The agency also set enforcement dates based on population size. For states and local governments with a population over 50,000, the first date would have taken effect later this week.
Experts told EdSurge at the time that it was an important milestone that shifted the burden of responsibility from families of students with disabilities — who often have to labor to even access class materials — and onto schools and the vendors that work with them. In the years after the pandemic’s forced switch to remote learning, it seemed even more vital.
Disability advocates and policy experts had expected an extension. The federal government had been holding meetings about the rule, as EdSurge recently reported. Testimony revealed that governments were not going to be able to meet well-advertised deadlines, as EdSurge noted.
The extension will “ensure that covered entities better understand the rule’s substance to achieve compliance to the benefit of persons with disabilities,” according to a notice from the Justice Department.
To disability experts, that’s crucial.
Advertisement
The extra time is “not an invitation to pause” attempts to make sure websites and mobile applications are accessible to all, but rather a chance to get accessibility right, argues Glenda Sims, chief information accessibility officer at Deque Systems, a digital accessibility company.
NEWSLETTERS
STAY AHEAD IN EDUCATION.
Sign up for EdSurge newsletters for timely news, insights and analysis.
Digital accessibility is in a different cultural moment than when the original enforcement deadlines were issued.
Advertisement
Schools are facing widespread fatigue and skepticism over their reliance on tech.
Plus, under the Trump administration, shredded grants, mass firings and shifting priorities mean that students with disabilities cannot rely on federal support. For instance, a nonpartisan government watchdog group noted federal actions have led to the dismissal of 90 percent of student civil rights complaints, including from students with disabilities.
For schools and vendors, there’s still pressure to be proactive, experts argue.
Advertisement
Taking the next year to invest in accessibility will set institutions up to avoid an endless cycle of accessibility audits and remediation, according to Sambhavi Chandrashekar, global accessibility lead at D2L, which operates a learning management system. That means putting money into procurement systems, training for those who create course content, and tools that produce accessible content by default, she explained in a note to EdSurge. But that could prove useful. For example, a U.S. district court recently dismissed an accessibility lawsuit against a website for an eyeglasses vendor, which Chandrashekar attributes to the company’s ability to show it had a documented and ongoing accessibility program.
Right now, most schools are not accessible because they started too late, argued Sims of Deque, in a note to EdSurge. If schools interpret the DOJ’s extension as permission to delay accessibility efforts, they will fall farther behind, she added.
Schools that use this time to build resilient systems and treat accessibility like other responsibilities, such as security and privacy, will fare the best, Sims said.
When it comes to robots, few are as iconic as Robby. [Ogrinz Labs] has wanted to build one and even examined a real one up for auction to get high-res photos of it. He also combined his designs with some other open-source designs, and it looks good. He’s released his design as a Creative Commons-licensed set of STL files that you, in theory, could print. There are more details and instructions in the video below.
If you are looking for something quick to print for the weekend, this isn’t it. As you might expect, this is a lot to print. The creator admits, too, that it isn’t totally accurate. It has bigger feet, for example, so his feet can fit inside. There are a few other modifications made for different reasons, but only a hard-core Robby enthusiast would notice any of them.
In theory, you can wear the robot as a costume, but at the current height, it doesn’t look like that will work for the creator. Also, the joints that would make things rotate are still forward work, but he’s promised to provide updates.
Robby started out on Forbidden Planet and went on to appear in many other movies and TV shows. Much of the original body was vacuum-formed plastic (an early form of ABS known as Royalite).
Advertisement
Thanks to modern slicers, you can easily print the parts on your printer for later assembly, and the video shows you how. You can select what connectors are used, and while we like the dovetail mode for most of what we do, Robby’s clean surfaces need dowel connectors. We would be really excited to see someone take these files and make a working robot based on the design.
We’ve been watching this project for a while. If you are sorry you missed the auction of the original, you aren’t alone. But we couldn’t have afforded the $5,375,000 price tag anyway.
Apple is finally giving AirPods users something they’ve been demanding for years: proper control over sound.
With iOS 27, Apple is adding a custom equaliser to its AirPods lineup. For the first time, users can manually tweak how their headphones sound.
The new EQ option allows listeners to adjust key parts of the audio profile, including boosting bass, lifting treble, or shaping the overall sound signature to taste. It’s a straightforward addition. However, it is meaningful for anyone who has ever felt locked into Apple’s default tuning.
Until now, AirPods have largely relied on automated audio features rather than manual control. Tools like Adaptive Audio and Conversational Awareness already adjust sound in real time depending on what you’re doing or where you are. However, they don’t let users directly fine-tune the listening experience.
Advertisement
It also opens the door to a wider audience. Not everyone has been fully sold on Apple’s default tuning. Some users find AirPods a little too bass-heavy out of the box. A custom EQ could help bridge that gap without requiring Apple to ship multiple hardware variations.
Advertisement
Apple announced the feature during its WWDC 2027 keynote and will include it in the broader 2027 software updates. This will be alongside iOS 27, macOS 27 “Golden Gate,” and Apple’s other platform releases.
There is one catch, though: you won’t get access to it immediately. As with many of Apple’s upcoming software features, the custom EQ won’t be available until the full public rollout later this year.
Advertisement
Still, for AirPods users who’ve wanted more control without leaving Apple’s ecosystem, this is one of the more practical upgrades in a while.
This article is crossposted from IEEE Spectrum’s careers newsletter. Sign up now to get insider tips, expert advice, and practical strategies, written in partnership with tech career development company Parsity and delivered to your inbox for free!
Early in my career, I walked into a shared office space on my first day as a full stack software developer and sat down between the CTO and the CEO to get onboarded. There were four of us in total. Before the day was over, I received my first assignment.
This was one of the most formative—and most stressful—experiences of my professional life. In the decade since, I have worked at half a dozen companies including Fortune 100 firms, mid-size startups, and companies you’ve probably never heard of. I have also spoken with roughly a thousand developers at various stages of their careers.
Most engineers entering the field are obsessed with landing at Google, Meta, or Amazon. But those roles represent approximately 0.6 percent of software engineering positions. For most of us, the real choice is between a small startup, a mid-size company, and a large enterprise. Each comes with tradeoffs, and your experience will differ from mine. What follows is an honest account of what you might reasonably expect.
Advertisement
The Small Startup
Pros
Your work actually matters. A feature you build might determine whether the company closes its next funding round. You gain exposure to the full spectrum of the business, from deployment pipelines to sales and operations and everything in between. You wear many hats out of necessity. For engineers who want to grow quickly and understand how a product is built end to end, few environments move faster.
Cons
Advertisement
Everything is on fire, always. Work-life balance is difficult to maintain when every release feels critical. Priorities shift without warning and culture tends to reflect the personality of whoever has the most influence in a small room. Startups optimize for speed over craft which means engineers learn to move fast but don’t always learn to build well, and that gap can follow you into your next role.
The Mid-Size Company
Pros
“So this is how a real business works.” There is process, documentation, a quality assurance function, and some form of career structure. The team is large enough to offer a diversity of experience and perspective. Stability is a myth, especially nowadays, but it is considerably more predictable than an early-stage startup.
Advertisement
Cons
“So this is how a real business works?” Processes that enable quality also produce friction. Access controls, approval workflows, and cross-team dependencies slow things down. The career ladder exists but it might stop at senior engineer. Without significant organizational growth, your salary and title can plateau early.
The Large Enterprise
Pros
Advertisement
That badge on your LinkedIn profile just bought you credibility for the next five years. Compensation at this level can be meaningfully higher, particularly when equity is included. The career ladder is long and clearly defined. Engineering practices at mature organizations tend to be more rigorous, and a well-known employer carries market value in future job searches.
Cons
It’s slow. Technology stacks often lag industry trends by several years. Political dynamics shape advancement as much as technical ability does. Skill atrophy is a risk when you spend years on a narrow slice of a legacy system. You are now a small fish in a big pond and it will be harder to get noticed.
The Roadmap I Would Take If I Could Start Over
Advertisement
According to a recent Stack Overflow survey, 47 percent of professional developers work at companies with fewer than 100 employees. This may surprise you because social media is dominated by engineers who work at the most well known companies on the planet.
The path most engineers imagine for themselves and the path most engineers actually walk are two very different things.
If I could do it again, here’s the path I’d take: Start at a small company to build breadth and learn how a business works across functions. This also provides some room to experiment within different roles. Next, move to a mid-size organization with a clear goal of reaching a senior or leadership role. Making a lateral move is easier than trying to get up-leveled at the next company. Finally, target a more mature company where a leadership position opens the door to meaningful equity and long-term growth (aka stocks and bonuses).
Each stop builds something the others cannot. The startup gives you range. The mid-size company gives you a taste of how larger orgs operate. The enterprise gives you leverage, credibility and maybe even some stability.
Advertisement
Your path will not look like mine. At a five person startup, I had no idea what I was in for. Looking back, I would not trade it. Just know what you are signing up for before you sign.
—Brian
“Social engineering” is a concept that has become associated with phishing, in which scammers manipulate people into disclosing personal information. But shaping human behavior in this way doesn’t have to have such negative effects. Systems engineer Guru Madhavan argues that we need to reclaim the term and govern the practice to defend ourselves from bad actors and benefit from social engineering’s good side.
Smartphone apps are increasingly used to help manage medical conditions, but many of these have not been verified by any regulatory agencies. To help ensure these apps are credible, the IEEE Standards Association recently launched a directory listing apps that have been vetted by experts for technical soundness, ethical design, data security and privacy, and clinical efficacy. The registry will be publically available at no cost, and developers can now apply for approval.
A veteran chip designer reflects on what he learned when moving from academia to industry, where the goal changes from proof of concept to ensuring a design works reliably at scale. Differences in risk tolerance, he discovered, lead to varying approaches in the rapidly growing semiconductor industry.
President Trump’s highly politicized appointment of an entirely unqualified acting Director of National Intelligence (DNI) underscores why the government’s warrantless mass spying power must be reformed.
Congress now faces a deadline of Friday, June 12 to reauthorize Section 702 of the Foreign Intelligence Surveillance Act, an unconstitutional program rife with problems, loopholes, and compliance issues. Section 702 allows the National Security Agency to collect communications from targets overseas – including communications with Americans in the U.S. – and stores them in massive databases. The NSA then allows other agencies, including the Federal Bureau of Investigation, to access untold amounts of that information.
Under current practice, the FBI can query and even read the U.S. side of that communication without a warrant. What’s more, victims won’t even know and have very few ways of finding out that their communications have been surveilled. EFF and other civil liberties advocates have been trying for years to know how data collected through Section 702 is used in domestic investigations and prosecutions.
Our advocacy to reform Section 702 has been consistent across administrations, including when the federal Intelligence Community was run by people with experience in the relevant agencies. In fact, the 2004 law creating the position of DNI – which coordinates America’s 18 spy agencies – requires those who hold it to have “extensive national security expertise.”
“William has deep experience managing the most sensitive matters in America, the safety and soundness of the Markets, and over 10 Trillion Dollars at Fannie Mae/Freddie Mac, a substantial increase from where it was just 12 months ago,” Trump wrote on his Truth Social platform.
Because Trump named him acting DNI, Pulte isn’t subject to Senate confirmation. And under the Vacancies Act, Pulte could remain in the role for about seven months.
Advertisement
This is particularly concerning because of Pulte’s history of using private information held by the government as a political weapon. In his FHFA role, he has accused several of the President’s political foes and targets – including New York State Attorney General Letitia James, U.S. Sen. Adam Schiff, D-Calif., and Federal Reserve governor Lisa Cook – of mortgage fraud based on private data held by his agency.
All these targets and others have denied wrongdoing. A federal criminal complaint filed against James in Virginia imploded after a judge found prosecutor Lindsey Halligan had been unlawfully appointed, and prosecutors twice failed to convince a grand jury to indict James. Pulte’s accusations against Schiff, Cook, and others have not led to criminal charges.
Pulte isn’t a qualified intelligence administrator. He does, however, seem to be unquestioningly loyal to President Trump and willing to use his position to attack and smear the President’s political foes. As acting DNI, Pulte would have access to every scrap of classified information the Intelligence Community holds, and under Section 702, that includes massive amounts of information about Americans.
Advertisement
Even lawmakers who are typically friendly to the intelligence community acknowledge that this is a disaster in the making. U.S. Sen. Mark Warner, D-Va., who is the Senate Intelligence Committee’s ranking Democrat, told NPR that Pulte has “no experience in the military, no experience in Congress, no experience in the intel community or law enforcement” and was chosen because he is “100% loyal to doing anything and everything President Trump demands.”
And Senate Majority Leader John Thune, R-S.D., told reporters “we don’t need a weaponized” national intelligence director. Asked about fears that Pulte might pursue Trump’s political opponents, Thune said: “We need professionals there.”
Congress already has had trouble reauthorizing Section 702 as Freedom Caucus Republicans and many Democrats joined forces to demand reforms including the common-sense requirement that federal agencies get a probable cause warrant from a judge before searching any data involving Americans. Pulte’s appointment exemplifies why no administration should have the power granted by Section 702 without the independent judicial review required in seeking a warrant.
Ukraine wants to flood future battlefields with millions of combat drones annually
Kyiv says its drone factories could dwarf Russian and Chinese military production
Ukrainian drones are now reaching military and energy targets deep inside Russia
Ukraine’s defense ministry has laid out a startling industrial vision which could reshape global military manufacturing.
Deputy Defense Minister Mstislav Banik recently told NATO lawmakers that his country could produce 20 million military drones each year if allied nations commit sufficient resources to Ukrainian production lines.
This figure already exceeds the current combined output from China and Russia, yet Kyiv’s ambitions stretch even further.
Latest Videos From
Kyiv seeks massive expansion of military drone production
Some Ukrainian officials have hinted that annual manufacturing could surpass 30 million units within just a few years, a scale that would outpace every other nation on earth.
Advertisement
Independent military analysts estimate that Ukraine built roughly 4 million unmanned aircraft and naval drones during 2025.
The industry appears on track to expand that number to 5 or 6 million units in 2026, representing a 50% year-over-year growth rate.
For comparison, Chinese drone output is typically estimated at around 2 million annually, though the vast majority of those are civilian beginner drones rather than military systems.
Advertisement
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Russian industry, now locked into a war that has lasted 12 years, likely produces between 1.2 and 1.8 million drones per year according to Ukrainian intelligence assessments.
Banik argued before the NATO Parliamentary Assembly that Ukraine’s drone fleet has proven decisive to battlefield success against Russian forces.
He called on international partners to strengthen support for Ukrainian manufacturing and to assist with acquiring other weapons listed on the Prioritized Ukraine Requirements List.
Advertisement
According to the deputy minister, Ukraine has already achieved a technological advantage over Russia in drone systems and several other critical sectors.
To maintain this edge, Kyiv is requesting military support and direct investment totalling $60 billion in 2026.
Advertisement
Practical returns for partner nations
Ukraine claims to offer a tangible return for allied investment rather than simply requesting charitable assistance.
The country pledges to test new weapons in real combat conditions and share all technological advances and operational data with partner states.
More than 50 nations currently support Ukraine bilaterally, with Germany leading contributions at an estimated $5.8 billion in 2026, followed by Norway at roughly $2.8 billion and the UK at about $1.9 billion.
The European Union has also approved a support scheme providing up to $104 billion in loans to Ukraine.
Advertisement
Since early 2026, Ukraine has stepped up a strike campaign using long-range drones primarily targeting Russian energy infrastructure.
These attacks also aim at advanced weapons supply chain nodes and logistic routes connecting occupied Crimea to Russian territory.
Ukrainian drones have struck targets more than 2,000 km inside Russia, including an oil terminal fire in St. Petersburg and a guided missile frigate in drydock at the nearby Kronshtadt naval base.
Additional strike packages reportedly hit an arms manufacturing facility in the central city of Tambov and a Russian-operated military air base in occupied Crimea.
Advertisement
Despite these strikes, the gap between Ukraine’s stated ambitions and current verified production remains substantial.
No country has ever sustained drone manufacturing at the scale Kyiv now proposes, and supply chains for components like guidance chips and optical sensors could become severe bottlenecks.
Whether allied nations will be willing to supply $60 billion in 2026 is far from certain, and the strike successes against Russia may not be enough to convince allied nations.
A security researcher has released a new Microsoft Defender zero-day exploit named “RoguePlanet” just hours after Microsoft fixed two previously disclosed flaws during June 2026 Patch Tuesday.
The researcher, known as Nightmare Eclipse, says the new vulnerability affects fully patched Windows 10 and Windows 11 devices, allowing attackers to spawn a command prompt with SYSTEM privileges via a Microsoft Defender race condition vulnerability.
The researcher shared a proof-of-concept exploit on Tuesday afternoon in a self-hosted Git repository after saying that GitHub and GitLab repositories hosting their exploits had previously been removed by Microsoft.
“The exploit is a race condition, so it’s a hit or miss. I have managed to get a 100% success rate on some machines while it struggled to work on others,” Nightmare Eclipse wrote in the repository.
The flaw was reportedly tested against Windows 11 Official and Canary builds, as well as Windows 10 systems with the June 2026 security updates installed.
Advertisement
When successful, a Windows command prompt will be spawned with SYSTEM privileges.
Cybersecurity firm ThreatLocker told BleepingComputer that they successfully reproduced the flaw in their testing and confirmed the exploit worked against fully patched Windows 11 systems with KB5094126 installed, and shared a video demonstrating it.
“Our initial analysis confirms that the RoguePlanet exploit is viable and performs as described. Organizations using application allowlisting can prevent the exploit from executing, providing an effective layer of protection against this attack,” Danny Jenkins, CEO of ThreatLocker, told BleepingComputer.
According to Nightmare Eclipse, RoguePlanet was originally developed as a remote code execution vulnerability that exploited Microsoft Defender’s handling of files hosted on remote SMB shares.
Advertisement
“In initial development, it was confirmed that this vulnerability was a remote code execution,” the researcher explained in a blog post.
“It required an attacker to coerce a victim to open a .vhd(x) in a remote SMB server, succesful exploitation resulted in defender overwriting its own files and obviously the end outcome was an RCE.”
The researcher says another attack scenario could lead to remote code execution simply by coercing a victim into opening an SMB share if symlink evaluation settings were enabled.
However, the researcher claims Microsoft silently hardened Defender in mid-May by patching “mpengine!SysIO*” API, which blocked junction attacks.
Advertisement
“Rewriting RoguePlanet to make it functional again drained my soul and I couldn’t complete the other scenarios and for now it remains unclear if RoguePlanet is limited to LPE or there is some sort of way to turn it into an RCE,” the researcher wrote.
The release is part of an ongoing dispute between Nightmare Eclipse and Microsoft over the company’s vulnerability disclosure and bug bounty practices.
Over the past several months, the researcher has publicly released multiple Windows zero-days, including the BlueHammer, RedSun, GreenPlasma, and YellowKey flaws. Some of the zero-days targeted Microsoft Defender, while others targeted BitLocker and Windows components.
Microsoft fixed the GreenPlasma and YellowKey flaws today as part of the June 2026 Patch Tuesday updates.
Advertisement
Microsoft previously reacted to the disclosures with warnings that it would work with law enforcement when people engage in “malicious activity causing real harm to our customers,” leading many in the cybersecurity community to think Microsoft was threatening the researcher.
Nightmare Eclipse claims Microsoft repeatedly targeted and removed previous repositories hosted on GitHub and GitLab, prompting the creation of a self-hosted code platform at projectnightcrawler.dev.
BleepingComputer has contacted Microsoft about the new zero-day and will update the story if we receive a statement.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
This story is part of a series commemorating the five-year anniversary of the Voices of Change fellowship. Jennifer Yoo-Brannon, a Voices of Change fellow in 2021-22, is an instructional coach and professional learning leader in El Monte, California.
In 2021, I was a demoralized educator: not burnt out, but demoralized. As I shared in my first article for EdSurge, demoralization occurs when teachers “encounter consistent and pervasive challenges to enacting the values that motivate their work.”
That year, the pervasive challenges seemed obvious and communal. We were all navigating online platforms, figuring out how to replicate student services virtually and struggling to make up for lost time in instruction, social-skill development and relationship-building for when students returned to in-person schooling.
A crisis is not merely an event: it’s the context in which an event takes place and the response to that event.” The global pandemic has ended, but how much has the context changed and did the response meet the needs?
Right now, I believe teaching is the most important thing we can do. When the world is on fire, what feels most pressing is teaching students to claim their humanity and helping educators understand how much the communal learning experience matters. Five years later, I have come full circle.
This time, I return to that same claim with a broader and deeper understanding of what makes a school. We use that old adage, “It takes a village…” More and more, I see that we, as school communities, are the village and the villagers that we need right now. What really makes a school more human is not just the principals and teachers, but the child welfare staff, paraeducators, campus supervisors, guidance counselors, cafeteria workers, coaches, librarians, custodians and secretaries. The list is long, but it feels necessary to name the people on campus who make students feel like they belong, support them and have their backs when students need it. These are the colleagues who have shown me what it is like to truly model humanity to our students.
The truth is that the onus is on all of us to create an environment in which mutual respect and empathy are the baseline expectations. So, as an instructional coach, as a leader and as a voice of change in this context, what can I do? How do I communicate to teachers that, while they have been beaten down and blamed for society’s ills, they also have the herculean task of helping students learn how to be human together?
In 2021, I said that I was demoralized. In 2026, I am revitalized and committed to my role as an educator, instructional coach and teacher advocate.
Advertisement
Since participating in the inaugural cohort of the Voices of Change fellowship, I have contributed essays to The California Educator, Edutopia and EdSurge. I have joined podcast panels to talk about social-emotional learning, culturally responsive teaching and civil discourse in the classroom.
This fellowship showed me the power of personal writing for representation and advocacy. I have started to write children’s books about my own neurodivergent children. I have presented at local and state conferences and will continue to use my voice and my words to advocate for students, for educators, for quality professional development and schools that model the best of humanity. Writing for the Voices of Change fellowship has helped me claim my voice, my humanity and my power.
This story is part of an EdSurge series chronicling diverse educator experiences. These stories are made publicly available with support from the Chan Zuckerberg Initiative. EdSurge maintains editorial control over all content. (Read our ethics statement here.) This work is licensed under a CC BY-NC-ND 4.0.
At long last, a corporate training you might actually enjoy.
Axelle/bauer-griffin/Getty Images
Cybersecurity AI company Adaptive Security has partnered with famed comedian Conan O’Brien for a 15-part educational video series. These training videos will help Adaptive’s clients and their employees to navigate threats such as phishing and deepfakes.
Considering how often corporate trainings are a total snoozefest, getting a genuinely funny and smart person to present this critical information seems like a smart, if expensive, move. The clip currently promoting the partnership on Adaptive’s website even kicks off with a joke about O’Brien only doing the gig for the money.
More broadly, it’s great to see a business investing in this type of education to ensure that people really do follow best practices for online safety. The FTC said social media scams cost Americans at least $2.1 billion last year. Companies that might have access to even bigger bank accounts, not to mention sensitive information, make for even juicier targets. And AI tools can make cons awfully convincing and easier to pull off.
Advertisement
Luckily, there are plenty of common sense rules you can follow to keep the troublemakers at bay. We aren’t lucky enough to have Conan narrating them, but just queue up the monorail episode of The Simpsons to play in the background while you read some of Engadget’s top cybersecurity tips for a near-identical experience.
ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances.
The company quietly warned impacted customers through a support bulletin and direct support cases after detecting “anomalous activity” related to the issue.
The bulletin, which is hidden behind ServiceNow’s customer support login portal, states that the company applied a security update to hosted customer instances on June 5, 2026.
“On June 5, 2026, ServiceNow applied a security update to hosted customer instances,” reads the support bulletin.
“The update concerned a security issue that could allow an unauthenticated user, in certain circumstances, to gain greater access to ServiceNow instances than intended.”
Advertisement
The company says this security update changes the API endpoint configuration to limit access to authenticated users only.
ServiceNow also confirmed that attackers exploited this flaw to successfully query the customer instance tables.
While ServiceNow did not disclose which data was accessed during the attacks, instances commonly store sensitive enterprise information, including IT support tickets, employee records, internal documentation, asset inventories, security incident reports, workflow data, and configuration details for corporate systems and services.
Support case information has become an increasingly popular target for threat actors, as tickets can contain credentials, API tokens, internal documentation, and authentication secrets shared during troubleshooting.
Advertisement
According to the advisory, ServiceNow has now opened support cases with affected customers. If a customer has not received one, they are not believed to be affected by the incident.
While ServiceNow has not publicly disclosed technical details about the flaw, administrators discussing the incident on Reddit say the issue appears to be tied to a REST endpoint at ‘/api/now/related_list_edit/create‘.
One commenter claimed the endpoint was configured with ‘requires_authentication=false‘, potentially allowing unauthenticated requests to access instance data. The security update released on Friday was allegedly used to set requires_authentication to true.
Numerous admins shared indicators of compromise, including API requests from the IP address ‘51.159.98.241,’ advising other administrators to review logs for requests to the vulnerable endpoint.
Advertisement
The bulletin states the issue primarily impacts customers running the Australia platform release or customers on older releases who made certain configuration changes.
“The security issue pertains to customers who are on the Australia platform release or made certain configuration changes to instances on releases prior to Australia,” ServiceNow warned.
BleepingComputer contacted ServiceNow earlier today after a reader alerted us to the incident, asking how long the activity had been ongoing, what caused the issue, and whether customer data had been stolen. We did not receive a response before publication.
ServiceNow says it is still evaluating whether it will publish a CVE for the issue.
Advertisement
Administrators are advised to review ServiceNow logs for requests to /api/now/related_list_edit, particularly from the IP address 51.159.98.241.
Impacted organizations should review exposed tickets and records for sensitive information, rotate credentials or tokens shared through support workflows, and ensure API logging is enabled.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
You must be logged in to post a comment Login