In 2024, researchers from the University of Illinois found that GPT-4, when provided with a common vulnerabilities and exposures (CVE) description, could autonomously exploit 87% of a curated 15-vulnerability one-day dataset. Without the description, it could only exploit 7%. This provided a “margin of safety” for the industry because while AI could exploit known vulnerabilities, it could not discover them.

However, on April 7, Anthropic announced that Claude Mythos Preview had closed that margin, with the model autonomously discovering thousands of zero-day vulnerabilities across major operating systems and browsers. Separately, Mythos scored 83.1% on the CyberGym vulnerability reproduction benchmark. In one campaign targeting OpenBSD across 1,000 scaffold runs, the total compute cost was less than $20,000.

Exploitation timelines are collapsing. Langflow’s CVE-2026-33017 (CVSS 9.8) was exploited 20 hours after disclosure with no public proof-of-concept. Marimo’s CVE-2026-39987 (CVSS 9.3) was hit in 9 hours and 41 minutes.

The defensive infrastructure most organizations rely on wasn’t designed for this. Rapid7’s 2026 threat landscape report states that the median time from CVE publication to CISA’s known exploited vulnerabilities (KEV) listing is five days. Google’s M-Trends 2026 report found that exploitation is happening before a patch is even released. When the Langflow advisory was published, the first exploit arrived in 20 hours. When the Marimo advisory was published, it took under 10 hours.

The assumption that your patch window is safe because exploitation takes time is no longer true. Here are your building blocks.

Replace CVSS-only prioritization with a three-layer filter

Most vulnerability management programs still prioritize by CVSS score alone. CVSS quantifies a vulnerability’s “theoretical” severity without considering whether a vulnerability is being exploited in the wild or how quickly someone could weaponize it. A CVSS 8.8 vulnerability with a history of active exploitation (like Docker’s CVE-2026-34040) gets lower priority than a CVSS 9.8 vulnerability that may never be exploited in the wild.

A recent study validated against 28,377 real-world vulnerabilities offers a concrete replacement: A three-layer decision tree incorporating CISA KEV status, Exploit Prediction Scoring System (EPSS) scores, and CVSS, thus forming a singular prioritization filter.

Three-Layer Vulnerability Prioritization Filter

Validated result: 18x efficiency gain, 85.6% coverage of exploited vulnerabilities, ~95% reduction in urgent remediation workload. All three data sources are open and free.

The described integration is entirely automatable. It’s possible to build a script to query the CISA KEV API, the EPSS API from FIRST.org, and the NVD, and have that script run against your asset inventory for every published CVE. The human in this process should remain in the loop as an approver, but not as the trigger.

Close the agent authorization gap

Creating exploits quickly not only changes how patches are prioritized, but how controls are configured for all the agent-driven systems that now possess privileged credentials. Your authorization policies have not been assessed against the behavior of AI agents, and that is now a measurable risk. CVE-2026-34040 showed that Docker’s authorization plugin architecture silently bypasses every plugin when the request body exceeds 1MB. Common AuthZ plugins (OPA, Casbin, Prisma Cloud) are unaware of this type of bypass, which occurs in Docker’s middleware before the request reaches the plugin.

When Cyera demonstrated this vulnerability, they showed that an AI agent debugging infrastructure could infer the bypass path while completing a legitimate task, without any instruction to exploit anything.

The Internet Engineering Task Force (IETF) is working on authorization models for agents. The document draft-klrc-aiagent-auth-01, published in March by participants from AWS, Zscaler, Ping Identity, and OpenAI, proposes the use of the current Secure Production Identity Framework for Everyone (SPIFFE) and OAuth 2.0 for AI agents to obtain dynamically provisioned and short-lived credentials.

Separately, the IETF Agent Identity Protocol draft (draft-prakash-aip-00) reports that out of about 2,000 surveyed model context protocol (MCP) servers, none had authentication.

But these standards are months to years away from implementation. For now, security teams must proactively incorporate agent-level test scenarios for all authorization boundaries, such as oversized requests, burst frequency, and multi-step escalation of privileged requests.

Map your credential blast radius

In a survey conducted by CSA/Zenity and published on April 16, 53% of organizations said they had already seen cases where AI agents exceeded their intended permissions, and 47% experienced a security incident involving an agent.

When AI builder tools such as Flowise (CVE-2025-59528, CVSS 10.0), Langflow, or n8n become compromised, the blast radius extends far beyond the host. These tools contain API keys to frontier models, database credentials, vector store tokens, and OAuth tokens to business systems. A compromised AI builder host is not just a single-system breach. It is a credential harvest that unlocks authenticated access to every connected service.

Without credential dependency maps for each AI tool host, incident response for agent compromise is guesswork. For every instance, document each credential, the extent of its access, and the relevant credential rotation process. Also begin migrating static API keys to short-lived tokens where downstream services allow.

Five actions for this quarter

1. Deploy the three-layer KEV-EPSS-CVSS filter

Substitute CVSS-only prioritization according to the table above. Automate the collection of data from all three APIs as part of a scheduled script against your asset inventory. Desired outcome: 18 times more efficient, 85.6% coverage of exploited vulnerabilities, 95% reduction in urgent remediation workload.

2. Implement event-driven patching for Tier 0 services.

Determine which services fall under the critical exposure tier: Services exposed directly to internet users, AI builder hosts, and container orchestration control plane. Trigger event-driven patching on a CVE publication instead of waiting for the next maintenance window for this tier.

Goal: deploy patch to canary within four hours of a CVE being declared critical. Use the CISA KEV and EPSS feeds to trigger event-driven patching. In situations where it is impossible to meet the goal of four-hour patching because of legacy dependencies, change-freeze windows, or rollback risk, immediately apply compensating controls such as removing internet exposure to the vulnerable service, rotating credentials for the vulnerable service, disabling affected functionality of the service (if applicable), and identifying an exception owner for the exposure until a patch can be deployed.

It is not acceptable to allow unbounded exposures for extended periods while awaiting a maintenance window.

3. Test authorization boundaries at agent scale.

Create test cases for every API that AI agents may communicate with via AuthZ policies. Specifically, include test cases for requests exceeding 1MB, 5MB, and 10MB body sizes. This includes test cases for burst rate > 100 requests per second and test cases for unusual parameter combinations (privileged flags, host mounts, capability additions). Additionally, patch to Docker Engine 29.3.1 to fix CVE-2026-34040.

4. Credential blast radius mapping for all AI builder hosts.

Document each credential for each Langflow, Flowise, n8n, and custom AI pipeline instance. Classify each credential by its lifespan (static key vs. short-lived token). Identify what each credential can access. Set up alerts for anomalous IP or identity for any credential access.

5. Shadow AI discovery scan for this week.

According to CSA data, there is a greater than 50% chance that your agents have exceeded their expected boundaries. Check your Security Information and Event Management (SIEM) and network monitoring tools for communications to the default ports of the AI builder: Langflow 7860, Flowise 3000, and n8n 5678. Any unauthorized instances are an unmonitored attack surface.

The takeaway

AI agents are emerging, and the standards bodies are responding. The IETF has multiple drafts related to agent authentication and authorization. The Coalition for Secure AI has published its MCP Security taxonomy and Secure-by-Design principles.

But these standards move at standards-body speed, and the exploit window is now measured in hours. Organizations that implement the three-layer filter and event-driven patching this quarter will have a measurable reduction in exposure. Those who wait will be running calendar-based patch cycles against an adversary that operates in less than 20 hours. 

Nik Kale is a principal engineer specializing in enterprise AI platforms and security

Welcome to the VentureBeat community!

Our guest posting program is where technical experts share insights and provide neutral, non-vested deep dives on AI, data infrastructure, cybersecurity and other cutting-edge technologies shaping the future of enterprise.

Read more from our guest post program — and check out our guidelines if you’re interested in contributing an article of your own!

The Apple smart glasses with cameras and no heads-up display have been rumored for the end of 2026, but could now come at the end of 2027 instead. Though that’s not the whole story.

Rumors about Apple’s smart glasses effort have been increasing in frequency since 2024, but primarily from a single source. One other highly accurate source that has been in play since 2023 has offered a differing timeline, until now.

According to the Bloomberg newsletter “Power On,” Apple is pushing back its smart glasses release to late 2027 after hitting some development snags. While Mark Gurman didn’t offer his usual derogatory pile-on of Apple’s internal struggles, the timeline shift comes as a bit of a surprise.

His initial reports in 2024 around the latest codenamed N50 glasses suggested a 2027 launch window. He later suggested in January 2025 that Apple smart glasses development had hit “massive hurdles” that could take years to get past.

In May 2025, Gurman shared that Apple was aiming for a late 2026 launch window that has been repeated frequently by him since.

He’s also been clear that Apple smart glasses don’t have an AR display, and those would arrive much later. Now, Gurman has been repeating “by the end of the decade,” which, given it is 2026, isn’t exactly that far away.

As recently as February and April 2026, Gurman has repeated that late 2026 release timeline. What is unusual is that there was never any hint of a potential delay or struggle to get the glasses to mass production.

iPhone Fold rumors continue to push for a fall release in spite of repeated production issues

Advertisement

Then comes today’s report shifting the release back an entire year. Also in this report is information about the potential design aspects of the smart glasses.

It seems Apple will try to stand out with unique design elements like “oval-shaped cameras, unique colors, and multiple frame styles.” Apple allegedly also believes future iterations could be seen as a health device that could include AR features that help people see.

Meanwhile, Apple has seemingly run into repeated problems getting iPhone Fold to mass production, which hasn’t started, yet it still reportedly isn’t being pushed back.

So, it seems odd that Apple’s timeline would suddenly shift around 8 months out from announcing the product. But then there’s the other leaker’s timeline.

Enter Ming-Chi Kuo

The other leaker I mentioned earlier is Ming-Chi Kuo, and he has been much more reserved in his leaking frequency on Apple smart glasses. While his history is hit and miss, the details he gets right are enough to have earned him quite the respect in the field.

Apple’s rumored AR glasses have been discussed for years

However, I will note that his accuracy and resources seemed to have dropped since he shifted to his social-media-based leaking patterns of today.

Apple’s AR and VR efforts have been seeing consistent leaks since as early as 2015, but the most recent iteration was discussed by Kuo in 2021. Then, his report was much more forward-looking and thus, wholly inaccurate.

I mean, the man called for Apple Vision Pro in 2022, full-AR Apple Glass in 2025, and AR contact lenses by 2030. It is a wild report in retrospect.

Jump forward to something a little less speculative, and his reporting has been consistent with the Apple smart glasses release window. In June 2025, Kuo reported that Apple was aiming to ship three to five million Meta Ray-Ban-like smart glasses in the second quarter of 2027.

Given Kuo’s strong suit is the supply chain and the fact that he had shipping estimates, it is easy to argue that he’s had the correct timeline all along. So, it is curious that Gurman has been saying late 2026 or early 2027 until today.

Game of leaks

Of course, all of these rumors are nebulous and will always shift and move as new information is obtained. Accuracy isn’t always easy to determine too since the age of a leak once it is released is rarely known.

Apple Vision Pro is the start of Apple’s work in the wearable AR/VR field

For example, Kuo might have heard from the supply chain that Apple’s supply-side management aimed for an initial order in 2027. Gurman might have heard from his internal source, likely on or near the Vision Product Group, that the internal team’s goals were the end of 2026.

Then, as deadlines were missed and supply chains shifted, the internal team finally realized that their stretch goal wasn’t possible. Which means shifting back to the supply-chain suggested goal of 2027, thus making them meet Kuo’s previously reported timeline.

In essence, both leakers could have accurately reported what they had heard, and both be correct in this instance. Then there’s also the chance they’re both wrong and Apple announces smart glasses at a completely different time.

However, Gurman has proven somewhat unreliable when it comes to reporting around the Vision Product Group. As Daring Fireball pointed out, Gurman completely missed the Apple Vision Pro update to M5 when he reported in January 2025 that “I don’t believe there will be a new headset from Apple this year.”

Then, later in April 2025, Gurman said a lighter Apple Vision product could ship by the end of 2025 or early 2026 and even suggested that the M5 refresh had been abandoned. The unchanged M5 model shipped in October 2025 instead.

There is no doubt that Gurman has some insider connections that give him unprecedented access into Apple’s inner workings. However, it is important to note that he is no foolproof and does make mistakes — often when trying to create a narrative around an otherwise innocuous leak.

visionOS 27 could hint at Apple’s future AR plans

Advertisement

WWDC is on June 8 and could provide a hint of what the rest of Apple’s year might look like. However, since the initial set of Apple Smart Glasses won’t have a display, there is unlikely to be any sign of them in visionOS 27.

Then there’s the fact that Apple has several glasses-related products in development beyond the N50. Several of which, we have no idea what they are or when they could release.

There’s always the chance that one set is coming at the end of 2026 and another in 2027. Apple’s supply chain is immense and these leakers may be describing different parts of different elephants.

Time will tell if the smart glasses will arrive in the next twelve months. In this case, I’d bet on Kuo’s initial report of a late 2027 launch until he says otherwise.

Watch USA vs Senegal live streams to see if the 2026 World Cup co-hosts can get back to winning ways after two straight defeats. However, it won’t be easy against The Lions of Teranga, who have a point to prove after being controversially stripped of the African Cup of Nations title.

USA manager Mauricio Pochettino made it clear he wanted to test his side against the top teams in the world. So far, it hasn’t gone to plan as they were thrashed 5-2 by Belgium and then lost 2-0 to Portugal. Having been defeated by two European powerhouses, he’ll hope his side can build some confidence by overcoming one of the strongest nations in Africa.

Welcome back to TechCrunch Mobility, your hub for the future of transportation and now, more than ever, how AI is playing a part. To get this in your inbox, sign up here for free — just click TechCrunch Mobility!

If you’re into EVs or sports cars, then you surely saw the kerfuffle over Ferrari’s first all-electric car, the Luce. The reaction was swift and biting for the five-seater EV designed by Apple veteran Jony Ive and priced at close to $650,000.

Ferrari fans expressed horror, critics compared it to the far cheaper Nissan Leaf, memes were made, and even one car designer (Lucid’s Derek Jenkins) threw some shade.

Senior reporter Sean O’Kane asked a different question as the great Ferrari Luce debate blew up the internet: Who is the Luce for?

You’ll have to read the full story to get his complete breakdown. But in my view, the most important question is whether the Luce is for existing Ferrari owners. After all, Ferrari owners often possess more than one. More than 80% of the 14,000 people who bought a Ferrari last year already own one of its vehicles, O’Kane notes.

According to Ferrari, there is demand for the EV. Ferrari CEO Benedetto Vigna claims the Luce is already getting orders from old and new customers. Assuming that demand outstrips the number of Luce EVs that the automaker plans to make, the next question is, who will Ferrari pick? (IYKYK)

Ferrari could be vindicated. Remember the Ferrari Purosangue, which was widely panned when it launched several years ago? That SUV is now considered a success. Sometimes it doesn’t matter if a product is hated. Ferrari doesn’t need universal approval; it just needs enough buyers.

Let’s jump from EVs to AVs.

A new Texas law allows its Department of Motor Vehicles agency to exert more control over autonomous vehicle testing and deployment in the state. Companies must now license AVs in the state, and the data is public. Here’s what I found after spending a little time with the AV tracker tool. 

Waymo is far and away the leader with 577 registered AVs, followed by Avride with 317, Nuro with 47, and Tesla with 42. Self-driving truck companies Aurora, Gatik AI, Kodiak AI, and Waabi can also be found. (For all the details, you can read my story.)

Fleet size is just one measure — and it certainly doesn’t always translate into whoever has the most wins. After all, many of these companies have not launched commercial services in the state.

I’m far more interested in the complaints feature on this new tool, which is also public record. As of today, complaints have not been filed against the companies listed above.

Deals!

A new single asset fund managed by Equip Capital has taken a majority stake in European e-scooter operator Ryde Technology. Goldman Sachs Alternatives is the lead investor. 

Harley-Davidson’s electric motorbike spinoff LiveWire acquired electric off-road startup Dust Moto. Terms of the deal were not disclosed. 

Matternet, an autonomous drone delivery company, raised $33 million in a private placement offering and completed a reverse merger with Los Altos Ventures Corp.

Revel, the EV charging company that shuttered its ride-hailing business last August, is merging with Voltera. Terms of the deal were not disclosed, but the combined business will operate under the Voltera brand and will be led by Revel CEO Frank Reig, Bloomberg reported. 

Stark, a German drone maker, is in talks to raise at least €300 million ($350 million), a round that could double its valuation to €2.5 billion, the Financial Times reported.

Volara Motorsports Group, a motorsports and performance-focused holding company, acquired Lynx Motor Works, an Austin, Texas-based company that makes limited-production, reimagined classic vehicles.

WeRoad, the Milan-based group adventure travel startup, raised $58 million in a Series C round led by Airbnb. The funding brings the company’s total capital raised to roughly $100 million and will finance WeRoad’s push into the U.S., beginning with Austin.

Notable reads and other tidbits

American Airlines will install Starlink on more than 500 narrow-body Airbus aircraft beginning early next year, the latest carrier to pick the SpaceX unit for in-flight Wi-Fi service. The deal provides a financial lift for Starlink, the satellite communications network and the only SpaceX business unit that generates meaningful revenue.

Rivian said it will begin deliveries of its new R2 SUV on June 9. Meanwhile, Rivian is being investigated by the National Highway Traffic Safety Administration over how the EV maker services its vehicles’ rear suspension components. 

Slate Auto is expected to announce pricing and start taking nonrefundable preorders for its low-cost electric vehicle on June 24. Deliveries are supposed to happen later this year. 

Volvo Cars received a specification authorization by the Commerce Department that allows the Swedish automaker, which is majority owned by China’s Geely Holding, to continue to import and sell its vehicles in the United States. A law, finalized in January 2025, effectively bans virtually all Chinese vehicles from the U.S. market as part of a crackdown on connected car technology with ties to China. 

Waymo has started giving select riders in Los Angeles, Phoenix, and San Francisco access to its newest robotaxi: an all-electric, minivan-like vehicle that is designed to lower costs and handle the use and abuse of hundreds of thousands of riders. I had a chance to ride in the vehicle, a modified Zeekr-made minivan called the Ojai (pronounced oh-hi). Stay tuned for my full review, which will run this weekend. Here’s a teaser: Robotaxis have long suffered from a magic problem. This Ojai robotaxi starts to solve it.

One more thing …

It’s poll time! Maybe you secretly like the Ferrari Luce and just don’t want to get trolled. Maybe you hate it. We asked our newsletter readers to share their opinion.

Sign up for the Mobility newsletter to participate in our polls!

And now one more thing, for real this time. Last week, I asked our newsletter readers, “Will SpaceX and Tesla merge?” Here’s how they answered. More than 51% selected “Yes, within two years”; 34% picked “never”; and 14.5% chose “Yes, this year.” That means more than 65% believe a merger is inevitable.

In 1987, Richard Greenhill, a British photographer who was fascinated by (but had no actual training in) robotics, decided he wanted to build a life-size humanoid that could do useful things, like carrying luggage. He was working at a startup called Intergalactic Robots, but he couldn’t convince anyone there to build such a machine, so he set about building one himself, in his attic.

To help with his project, he organized a weekly get-together of a dozen or so like-minded folks. Every Wednesday night, his wife, Sally, would make a big pot of spaghetti, and the group would tinker with components scavenged from old printers and picked up from junkyards. They called themselves the Shadow Group. They eventually constructed several different robots, but their main project was the two-legged Shadow Walker.

In 1987, photographer Richard Greenhill organized a weekly gathering of DIY enthusiasts to work on projects in his attic, including the Shadow Walker. Richard Greenhill and David Buckley

Greenhill’s friend David Buckley, a robotics and animatronics expert he’d met at Intergalactic, sketched out a rough design based on medical textbooks of human bone structure and muscle movement. The robot’s skeleton, made of maple, was greatly simplified—only one bone in the lower leg and a single wide toe on each foot. The ankle’s double-axis design allowed for two degrees of movement. The knee had no complicating kneecap.

Greenhill didn’t want the robot to use motors, so its movement was controlled using compressed air to extend and contract 28 “air-muscles”—his version of a McKibben muscle, invented in the 1950s to mimic musculature with pneumatics. The muscles were connected to the bones across eight joints (hips, knees, ankles, toes), which provided 12 degrees of freedom.

RELATED: The Short, Strange Life of the First Friendly Robot

The robot’s headless torso held the control valves, electronics, and computer interfaces. It stood 168 centimeters tall and 46 cm wide and weighed about 38 kilograms. The group managed to get the robot to stand up reliably and balance itself; it could even regain its center if pushed a little. But walking turned out to be more of a challenge.

Rich Walker joined the group as a teenager and began writing software to get the robot to stand. He was particularly interested in using neural networks to solve balancing problems, although he ran into a number of hardware obstacles, including the unreliability of the sensors and the valves, and the robot’s overall fragility. Over time, Walker and the team developed a standard library of routines to control the robot. Walker wrote a detailed description of the Shadow Walker in 1999, which is available on David Buckley’s website.

The 1st International Robot Olympics

By the time the Shadow Group began developing Shadow Walker, engineers in academia and industry had been working on robotics for several decades. The world’s first industrial robot, the Unimate, debuted in 1961, and in 1967 Donald Michie and others began building a series of Freddy robots to investigate machine intelligence. The IEEE created its first dedicated robotics organization in 1984 when it established the IEEE Robotics and Automation Council, which became the IEEE Robotics and Automation Society in 1987. Also in 1987, the nonprofit International Federation of Robotics was established to promote research, development, use, and cooperation in the field of robotics.

As Shadow Walker pushed the limits for a DIY humanoid robot, industrial humanoids were also gaining ground. In 1986, Honda began working on its experimental (E-series) and later the prototype (P-series) humanoid robots, finally unveiling the P2 in 1996. The P2 stood 183 cm tall and weighed 210 kg. It was the first humanoid capable of stable, autonomous walking. This work eventually led to the development of the groundbreaking ASIMO.

Greenhill’s friend, roboticist David Buckley, consulted medical textbooks to create Shadow Walker’s humanoid design.Richard Greenhill and David Buckley

In the late 1980s, the public was both fascinated and horrified by the potential of robots. Businesses saw robots as a way to increase productivity, while workers worried they would take their jobs. Children viewed them as wondrous toys, while people with disabilities embraced them as tools of liberation. Military experts hoped robots would fight wars without endangering human soldiers, while politicians pondered if robots might eventually get to vote. Philosophers thought robots could challenge our notions of intelligence (and stupidity), while the religious struggled with concerns about the human race in a robot-dominated future.

Shadow Walker’s simplified anatomy included only one bone in the lower leg and a single wide toe on each foot.Science Museum Group

Peter Mowforth, cofounder of the Turing Institute in Glasgow, noted these disparate visions for robots when he announced the 1st International Robot Olympics, to be held in 27 and 28 September 1990 and hosted by the Turing Institute and the University of Strathclyde. The Olympics would round up the world’s best robots and showcase them head-to-head.

Mowforth himself thought all of the competing visions of robots were overblown. Steeped in machine learning research and robotics development, he knew firsthand the limitations of the state of the art: Robots rarely worked as intended, easily broke down, and glitched over seemingly trivial problems. He envisioned the Robot Olympics as a testbed to assess what the latest generation of robots could and could not do.

At the 1990 Robot Olympics, held in Glasgow, Shadow Walker wore pants to conceal its pneumatic “air-muscles” from competitors.Adam Hart-Davis/Science Source

The call for participation was wide open. Instead of having predetermined categories of competition, the organizers opted to see who applied to compete and then group them based on their claimed capabilities. In addition to picking the winners of individual events, the judges would select an overall Olympic champion based on the quality of the hardware, the sophistication of behavior, and novelty. Other prizes were given for young competitors, technologies that showed commercial potential, and design. In the end, more than 50 robots were entered, from a mix of universities, industry, and hobbyist groups from Canada, France, India, Japan, Mexico, the Soviet Union, the United States, the United Kingdom, and Yugoslavia.

There were plenty of disappointments. Trolleyman, a golf-cart-like wheeled robot, suffered a power failure while carrying the opening Olympic torch through the streets of Glasgow. The pile rug in the arena tripped up many robots that had been trained only on flat, smooth floors. David Buckley later concluded that the events were too difficult, and that the Olympics didn’t push development forward.

Of course, there were winners. In a surprise triumph for vintage technology, the fully mechanical 19th-century Japanese Archer from the Museum of Automata in York, England, won gold in javelin, beating out competitors more than 100 years its junior. The overall Olympic Champion was Yamabico, Shoji Suzuki’s entry from the University of Tsukuba, in Japan, which won bronze in obstacle avoidance and gold in wall following, but was disqualified in the talking category for not speaking English.

The Shadow Group had high hopes for Shadow Walker. Unfortunately, though, it failed to take a step, and the biped race was won by the Cardiff University Biped. Shadow Walker now resides in the collections of the Science Museum in London.

The Legacy of Shadow Walker

In 1997, a paying customer in search of a robotic leg compelled the Shadow Group to get serious and become a registered company. Shadow Robot is now Britain’s oldest robotics company. Rich Walker, who had left the Shadow Group to earn a B.A. in mathematics and a diploma in computer science at the University of Cambridge, joined Shadow Robot in 1999 as technical director. Today he’s the director of the company.

Shadow Robot specializes in durable robot hands rather than walking robots. But the focus on hands is also a legacy of the Shadow Group. Walker remembers that the Shadow Group’s first humanoid hand in the late 1990s was impressive simply for being able to pick up a pint of beer (a smooth-sided, thin-walled glass). Today, Shadow Robot’s hands are testbeds for dexterity. Gone are the pneumatic muscles, replaced by actuators that move each finger with precision. The classic model contains 20 motors, allowing for abductive and adductive movement with 24 degrees of freedom.

Shadow Walker’s operator wore a data suit that captured his movements and allowed the robot to copy them.Richard Greenhill

In a recent blog post, Sejal Parsotomo, senior marketing executive at Shadow Robot, wrote that while humanoid robots are great for public relations, specialized dexterity is key for success: A robot that can walk into your factory may be impressive, but a robot that can reliably manipulate objects is transformative.

In its struggles to take more than a few steps, the Shadow Walker showed the inherent difficulty that robots had in mastering even low-level skills. In August 2025, Beijing hosted the World Humanoid Robot Games. Competing in sports such as gymnastics, soccer, and track events, as well as more “useful” tasks like hotel cleaning and sorting medicine, these robots could literally have run circles around the competitors in the first Robot Olympics 35 years earlier. And yet, there is still so much work needed in order for robots to navigate the human-built environment. Despite the astonishing progress, we’re still not all that close to actually useful humanoid robots.

Part of a continuing series looking at historical artifacts that embrace the boundless potential of technology.

An abridged version of this article appears in the June 2026 print issue as “Learning to Walk.”

Quentin Dupieux brought his first animated feature, called La Vertige, to the Directors’ Fortnight this year. It closed the section on May 21 and left audiences laughing at something that looked pulled straight from a 1998 console. The movie runs 67 minutes and puts its entire premise on display through the images themselves. Jacques heads to his friend Bruno’s place with big news. He has become convinced that everyday life takes place inside a computer simulation.

Every character on screen is made up of a few flat shapes with dull edges, a visual throwback to the early days of 3D gaming characters. Their movements felt rigid and purposefully mechanical, similar to those found in older open world games that required simple controls to function. Faces are slapped onto basic head shapes, with little expressiveness. It’s a look that is highly influenced by the age of GTA Vice City and other games from the time. Dupieux and a few others developed the entire thing inside Blender, with the help of five recent art school graduates. They used an iPhone and a cheap motion-capture tool to record the actors’ performances, which they then slapped onto the low-detail models without using any expensive rendering farms.

PlayStation®5 console – 1TB

• PlayStation 5 Console – 1TB, includes wireless controller, 1TBSSD, Disc Drive, 2 Horizontal Stand Feet, HDMI cable, AC power cord, USB cable, printed…
• 1TB of Storage, keep your favorite games ready and waiting for you to jump in and play
• Ultra-High Speed SSD, maximize you play sessions with near instant load times for installed PS5 games

The essential idea here is that those constraints are intentional, and they play an important role in the comedy. A baker arrives with an extra finger at the end of his hand. A character’s skeleton is revealed in the middle of a high-stress situation. A birth scenario glides over all of the things we’d expect to see. Each of these bugs simply sort of…happens, and every time you see one, it’s more confirmation that the system isn’t quite up to par. By the time the characters notice, we, the audience, have already seen all of the proof.

As the story progresses, we meet a new character, a researcher who tries to explain everything in more detail. Time passes in fits and starts, as relationships change, and one character reappears years later with a new digital style that nonetheless adheres to the same fundamental structure we’ve seen throughout. The entire film revolves on the central idea that what people say about their surroundings does not always correspond to what we see in the photographs.

Dupieux has spent years experimenting with how far you can push this bizarre idea. The fact that we’re all viewing from the same constrained vantage point, with the same boring, low-poly figures as our characters, actually adds weight. They don’t pretend to be anything other than what they are: simple structures that move, communicate, and occasionally break. The film will be released in French theaters on June 10th, while the rest of us will have to wait and see.

ai + ml

Red Hat engineer reckons the balance of risk has shifted, but core code stays off limits

A key Linux virtualization component, QEMU, is considering relaxing its blanket ban on AI-generated contributions to allow limited assistance from the bots.

The suggestion came from Paolo Bonzini, distinguished engineer at Red Hat and a maintainer of the KVM hypervisor. Bonzini’s suggestion is to allow AI assistance “where the ramifications of copyright violations are at least easy to revert and unlikely to spread.” Core code would remain off-limits “without prior agreement from a maintainer.”

QEMU’s current code provenance policy rejects anything that might include or derive from AI-generated content. “A blanket ban,” wrote Bonzini, “was easy to maintain while LLM output was rarely usable on its own, but as the tools improved an absolute prohibition has become harder to justify.”

The problem with code from AI assistants is its source – does the submitter have the legal right to contribute the code? Bonzini’s take is that while there remain concerns around copyright and licensing, “what has shifted is the balance of risk.”

How big is the risk? Not what it was, according to Bonzini. The engineer cited other projects that had accepted AI content without running into serious legal trouble, and organizations (including Red Hat) that reckoned the risk was acceptable.

That said, while Red Hat has an army of lawyers at its disposal, a project such as QEMU doesn’t have the same resources, hence the suggestion to keep AI-assisted code in areas (Bonzini gave examples, including small bug fixes and documentation) where it can be backed out.

The use of LLM output in contributions is a contentious one and has its fans and detractors. Projects such as OpenSlopware tracked free software and open source projects that used LLM-generated code or integrated AI technologies. One concern cited is what LLMs have been trained on and the risk that chunks of code produced by the technology might have licensing issues.

One solution is to disclose the use of AI in a contribution, although this might not be necessary where the use is trivial (Red Hat gave the example of autocompleting a variable name.)

Bonzini also suggested, “Introduce ‘AI-used-for:’ as a trailer to record where AI was used, and include other suggestions that help reviewers judge the result.”

“The standard is slightly different from the more usual ‘Assisted-by’, which doubles as a check that the author has read the policy.”

Although Bonzini noted, “use of AI does not relax any other contribution requirement,” the discussion indicates a recognition that blanket bans on AI assistance might not be the way forward and that a more nuanced approach is needed. ®

The PS5 is Sony’s not-so-secret weapon. It’s dominated the latest generation of console gaming (in part because Xbox self-destructed), but there’s no doubting Sony is top of the pile.

If someone could tell this to the Sony Home Cinema TV division.

Despite this upside and the advantage Sony has baked in, the TV division hasn’t jumped on board to cement it. In fact, its whole approach to gaming drives me loopy. I can’t see any direction to it, but worse than that, I can’t see any interest in gaming.

I thought Sony’s latest TVs, from the Bravia 2 II and 3 II, to its forward-looking RGB models in the Bravia 9 II and Bravia 7 II might change that. But I was a fool to think so.

No, this is not about HDMI 2.1

A little tangent, if I may, while I fire cannonball broadsides at others.

I don’t understand this obsession with TVs needing to have four HDMI 2.1 inputs. Whenever articles about Sony Bravia TVs and gaming crop up, it’s usually about the lack of HDMI 2.1 inputs.

Perhaps I’m dim and don’t understand the upside, but this seems to be the oddest hill to die on with regard to TVs. While LG and Samsung have supported four HDMI 2.1 inputs for several years now (thanks to developing their own chips that allow it), the actual need for the average customer to have four HDMI 2.1 ports on their TV seems remote. Two HDMI 2.1 inputs are more than fine.

It’s not as if, since the introduction of HDMI 2.1, there have been a variety of products that have supported it. There are sound systems with the eARC provision but some still support Dolby Atmos without support for HDMI 2.1. There are a few media streamers that support the standard and all the current gaming consoles do. Unless you want to throw in AV receivers/amplifiers into the mix, the variety of sources is not considerable.

There aren’t many devices that utilise 120Hz refresh rates either – even the Nintendo Switch 2 tops out at 4K/60Hz. There are no 4K Blu-ray players because they don’t even need to support 120Hz. The PS5 itself has about 100+ games that run at 120fps, but a considerable amount only do so at resolutions lower than 4K. You don’t need HDMI 2.1 for Dolby Vision or HDR10+ either.

Look at the gaming market and the PS5 has dominated as Xbox fell behind in sales. Microsoft has moved to publishing its own first-party games on other platforms, and cloud gaming is becoming more prevalent. Do you need two games consoles to plug in? Not any more.

So the whole obsession with four HDMI 2.1 and 120Hz seems to be exactly that. A large percentage of TV buyers won’t need HDMI 2.1 – they might not even know about it… so again. In this streaming age where viewers are tapping directly into apps, this is a weird criticism that keeps popping up over and over.

‘Ok for PlayStation 5’

Ok, back to the scheduled programming.

Sony TVs don’t care about the PS5… is a sensational headline I could probably use, but it wouldn’t exactly be true. Sony TVs do care about the PS5 – they just don’t seem to care very much.

Five years ago, Sony launched its Perfect for PlayStation 5 features. These are exclusive features only Sony Bravia XR TVs can unlock. The idea is that they automatically adjust and optimise the picture without requiring (much of) your input. It doesn’t do anything with sound, and it doesn’t really integrate into the interface of Bravia TVs.

The Auto Genre Picture Mode is a fancy way of describing ALLM (Auto Low Latency Mode). This is performed on the console itself, so rather turning on a PS5 and game mode being activated forever more until you turn off the console, as I understand it, the PS5 will call up game mode only for when you’re playing games.

As soon as you watch a film, TV series or UHD Blu-ray (on the console itself), it’ll switch back to Standard mode (or whatever your preferred picture mode is). Fair enough, but hardly exciting.

Auto HDR Tone Mapping is more interesting as it incorporates HDMI 2.1’s SBTM (Source-Based Tone Mapping). It takes information from the TV in terms of its HDR performance and the PS5 automatically calibrates its HDR output in response. Doesn’t matter whether you have super-bright Bravia TV or a low-brightness model – this feature can optimise the performance for your TV. Clever, and if there were any new 4K players that took advantage of the 2.1 spec, I’d love for them to add this feature.

The last feature is… 4K/120fps, which as I alluded to above, there aren’t many games that output at 4K/120fps. To call it a feature seems generous.

As you can see, there isn’t much to the Perfect for PlayStation 5 features that meets the eye. The SBTM feature you can do manually with other TVs during the setup/power-on of the PS5 with a new TV. There’s very little here that can’t be done in some way or other on models from other TV brands. Even more curious, these are the same set of features from five years ago. Sony has not added to or updated this list.

The PS5 has bulldozed through the gaming market but the Sony TV division seems like a truculent horse that doesn’t really want to follow in its wake. Given the competitive advantage, the Sony TV division has sat back rather than capitalised on it.

And it goes both ways. While several Bravia TVs support Dolby Vision Gaming, the PS5 still does not while its Xbox rivals do. This is a confusing state of affairs, not helped by the fact that when you go to the Perfect for PlayStation 5 website, you see none of the latest TVs listed as compatible. The page hasn’t been updated since 2022. That about sums up Sony’s interest at the moment.

Home Cinema Purist

I would go as far (and to be honest, it’s not very far) to say that the Sony TV division is indifferent to gaming. Its messaging about gaming has been low-key, and of all the Sony events I have attended in my time at Trusted Reviews, I think there’s been one that’s been focused on PlayStation, which was when it introduced its gaming headsets and monitors – and that had nothing to do with TVs.

It has never sought certification for AMD FreeSync or Nvidia G-Sync, despite Sony PlayStation dabbling with PC publishing for a few years. Although it is compatible with both through its support of VRR, it can’t take advantage of any further optimisation or features. You’re stuck with the basic HDMI VRR implementation and nothing more.

Furthermore, while other TV brands have been emphasising that their 42- and 48-inch OLEDs would be perfect as an alternative gaming screen, Sony has been quiet to the point of being reluctant to preach this about its own models.

In fact, Sony has only ever launched one 42-inch OLED and one 48-inch OLED, and both went on sale in 2022. There have been no new models of this size since. This is technology that’s about five years old.

Sony, LG and even Panasonic have launched multiple small OLEDs since, all with a greater and wider number of gaming features that cover PC and console. The input lag on their models has always been quicker than on Sony TVs. And though the A90K is still available four years on, the price is similar to what you’d pay for a 2026 model from another brand.

Why would I buy Sony in this context?

What drove this op-ed in the first place was the introduction of a new feature in the interface of the new Bravia RGB TVs in the My Cinema feature that optimises “picture and sound for film first viewing” – but it only does this for film viewing or TV. There’s no option to adjust the picture or even the sound features for gaming.

This seems bizarre, but Sony Bravia has always been a home cinema brand and isn’t going for this Jambalaya of different things to appeal to all types of people. Attending its home cinema event at Sony HQ in Weybridge and there were people from Sony Pictures Entertainment to amplify the message about its new TVs. I don’t think that would have happened on the PlayStation side.

It is still a missed opportunity (a massive one, I’d say), but Sony Bravia’s priorities lie in other areas, and it won’t sacrifice performance for gaming. I would have thought that making the PS5 a strong aspect of your TV brand’s appeal would have contributed to more sales – there are probably more LG OLEDs partnered with PS5s than there are Sony Bravias in this world, which, if true, boggles the mind.

I don’t see the course being corrected anytime soon. Imagine if Sony fully utilised the potential of its gaming side. That would be a powerful partnership indeed.