Presented by EdgeVerve

For most enterprises, AI adoption began with a straightforward ambition: automate work faster, cheaper, and at scale. Chatbots replaced basic service requests, machine‑learning models optimized forecasts, and analytics dashboards promised sharper insights. Yet many organizations are now discovering that deploying individual AI solutions does not automatically translate into enterprise‑level impact. Pilots proliferate, but value plateaus.

The next phase of AI maturity is no longer about deploying more models. It is about adapting AI continuously to changing business objectives, regulatory expectations, operating conditions, and customer contexts. This shift is particularly critical for complex, globally distributed organizations such as Global Business Services (GBS), where outcomes depend on orchestrating work across functions, regions, systems, and stakeholders.

From automation to adaptation

AI can no longer be treated as a standalone tool to accelerate discrete tasks. To remain competitive, enterprises must move from isolated, single‑purpose models toward systems that can sense context, coordinate actions, and evolve over time.

This is where adaptive AI ecosystems come into play. An adaptive AI ecosystem is a network of interoperable AI agents, models, data sources, and decision services that work together dynamically. These ecosystems integrate capabilities such as natural language processing, computer vision, predictive analytics, and autonomous decision‑making, while remaining grounded in human oversight and enterprise governance.

For GBS organizations, the relevance is clear. GBS operates at the intersection of scale, standardization, and variation, managing high‑volume processes across markets that differ in regulation, customer behavior, and operational constraints. Static automation struggles in such environments. Adaptive AI, by contrast, allows GBS teams to orchestrate end‑to‑end processes, intelligently route work, and continuously improve outcomes based on real‑time signals.

Why enterprise AI deployments stall

Despite strong intent, scaling AI remains a challenge. Research consistently shows that while many organizations invest in generative and agentic AI initiatives, far fewer succeed in operationalizing them across workflows and business units. The issue is rarely ambition; it is fragmentation.

SSON Research highlights several persistent barriers to generative AI adoption in GBS, including poor data quality, lack of specialized skills, data privacy concerns, unclear ROI, and budget constraints. Beneath these symptoms lies a common root cause: siloed environments. Data is fragmented, ownership is unclear, and AI initiatives are driven locally rather than through a shared enterprise strategy.

As a result, enterprises accumulate AI solutions that cannot easily work together. Models lack shared context, decisions are hard to explain, and governance becomes an afterthought rather than a design principle.

Adaptive AI ecosystems and platforms: Clarifying the relationship

An adaptive AI ecosystem describes the enterprise‑wide outcome for how AI capabilities collaborate across the organization. An adaptive AI platform is the foundation that makes this possible.

The platform provides common services and guardrails that allow AI agents and models to:

• access harmonized, trusted data

• orchestrate end‑to‑end processes

• enable intelligent agent handoffs between systems and humans

• interoperate with both agentic and legacy applications through out‑of‑the‑box connectors

• operate within defined security, compliance, and ethical boundaries

Without this platform layer, adaptive ecosystems remain theoretical. With it, AI becomes composable, governable, and scalable.

What an adaptive AI platform must enable

To meet the demands of modern enterprises, and especially GBS organizations, an adaptive AI platform must deliver a set of core capabilities.

Real‑time data harmonization is foundational. Adaptive decisions require access to both structured and unstructured data across functions and regions. Platforms must provide a unified data foundation, with observability built in, so AI systems understand not just the data itself but its quality, lineage, and relevance. Edge‑to‑cloud architectures play a role here, ensuring insights are available where decisions occur whether at the point of interaction or within a centralized decision engine.

Adaptive process orchestration is equally critical. GBS organizations increasingly rely on AI platforms that can orchestrate workflows dynamically across business units and systems. This includes coordinating multiple AI agents, enabling seamless agent‑to‑agent and human‑in‑the‑loop handoffs, and adjusting process paths in response to real‑time conditions.

Cognitive automation with governance moves beyond rule‑based automation. AI systems must be able to make context‑aware decisions with minimal human intervention, while still providing explainability, confidence indicators, and ethical constraints. The goal is not to remove humans from the loop, but to elevate their role from manual execution to oversight and judgment.

Decision governance and observability tie these capabilities together. Enterprises must be able to trace how decisions are made, understand which models contributed, and audit outcomes across markets. As regulatory expectations around AI risk management, data protection, and accountability increase globally, embedding governance into the platform becomes essential rather than optional.

Establishing trust at scale

Trust is the foundation of scalable AI. Enterprises that lack confidence in their AI systems across data integrity, model behavior, and regulatory compliance will struggle to move beyond experimentation into sustained adoption.

Building this trust requires deliberate investment. Organizations must ensure explainable AI, so decision logic is transparent to business and risk stakeholders, alongside privacy‑ and security‑by‑design principles that protect sensitive data from the outset. Continuous bias detection, model reliability, performance management, and clearly defined responsible AI guardrails are critical to maintaining consistent and ethical outcomes.

Equally important is a clear Target Operating Model. This model defines ownership across the AI lifecycle, clarifies roles and escalation paths, and aligns accountability from frontline teams to executive leadership. In GBS environments where AI‑driven decisions often span functions, geographies, and regulatory regimes these trust mechanisms are not optional. They are essential.

The road ahead

Enterprises that continue to rely on fragmented AI deployments and siloed operating models will find it increasingly difficult to keep pace. The future belongs to organizations that adopt a platform‑based approach — one that enables them to move from incremental efficiency gains to transformational, enterprise‑wide impact.

Success will not be defined by a single model or use case. It will be defined by adaptive AI ecosystems built on strong agent architectures, interoperable connectors across agentic and legacy landscapes, and shared foundations for data, orchestration, and governance. For GBS organizations in particular, this approach provides a clear path to scale AI responsibly delivering agility, trust, and sustained value in an increasingly complex world. In an era where change is constant and scrutiny is rising; the real question is no longer whether enterprises use AI but whether they are truly adaptive to it.

N. Shashidar is SVP & Global Head, Product Management at EdgeVerve.

Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. For more information, contact sales@venturebeat.com.

Compare Our Picks

Recommended With Reservations

Photograph: Lisa Wood Shapiro

BlueAir PetAir Pro for $500: As the owner of two cats, I really wanted to love Blueair’s PetAir Pro, a new addition to the growing market of pet-pitched air purifiers. The PetAir promises a unique pet-owner experience. It has a Pet Mode that senses when the pet is on the purifier, which quiets the fan speed and actual air cleaning capacity. It also has a pull-out prefilter that collects pet hair, an H13 HEPA, and a carbon activated filter to capture VOCs (volatile organic compounds) and odors. There’s even a storage space for toys. There are several things to consider regarding the PetAir. At less than 10 inches high, it sits at the ground level. If you’re looking for a pet-specific air purifier, then the fan/airflow placement might be ideal, and it can also effectively clean the air with the recommended five air exchanges per hour in a 260 square-foot-room. I prefer taller models, as they seem to react more quickly to air pollutants higher in the room like those created by cooking. Room placement is one of the reasons that diminutive air purifiers are often referred to as “tabletop” models, as they can get closer to breathing space. As for my two testers, I could not get either cat to lay on the bed, and my 30-pound dog was over PetAir’s weight limit of 25 pounds. I put catnip on the PetAir, then wondered if I had just created more particle pollution. I also physically put my cats on the purifier, hoping they would use it properly. They didn’t, but I did collect cat hair in the prefilter. For the money, I wish the PetAir had a built-in heated pet bed, as I am sure my cats would have used it for warmth. As any pet owner knows, pets do not always enjoy or use products designed for them.

Others We Tested

Photograph: Lisa Wood Shapiro

Airthings Renew for $300: I wasn’t expecting to like the unassuming minimalist Renew from Airthings as much as I did. Its gray box design is so understated, quiet, and powerful that it was easy to plug it in and forget about it. The Renew is also the first purifier I’ve tested that gives the user three placement options: it can stand up with the air output facing up and sideways, and the entire box can lie on the floor. The Airthings app not only shows data graph style, but it also is a remote to adjust the purifier settings, including setting the panel lock, handy for cat owners. The control panel and the indicator light are barely there, and it’s not easy to see the tiny light letting me know my indoor air quality. At first, I thought the main drawback was size. The Renew is made for a bedroom, home office, or nursery. If you place it in a larger room, it’s going to have to run at its highest setting. The main drawback that I noticed after several months of use was the exterior prefilter. It did its job capturing pollutants, but I wasn’t able to clean it. Unlike Blueair’s fabric exterior prefilters, which are machine washable, I was unable to effectively clean the Renew fabric cover, even with my vacuum.

Coway Airmega ProX for $999: The Coway Airmega ProX is the monolith your high-ceilinged home needs. If you’re living in an A-frame, double-height ceiling loft, or any home with a ceiling higher than 8 feet, the Coway Aimega ProX is for you. The ProX gives off a TARS robot from Interstellar meets giant stereo speaker vibe. It’s blend-into-the-room-mocha beige and can clean the air four times per hour in a 1,000-square-foot space when running at its highest setting. And even at its highest and therefore loudest setting, it hovers around 50 decibels, slightly louder than the sound of falling rain—making it one of the quieter large tower air purifiers I’ve tested. It also has a control panel lock that is a plus for parents and cat owners alike. However, even though the 50-pound ProX has hidden handles and built-in lockable wheels, it really is just too heavy for the home consumer.

Photograph: Lisa Wood Shapiro

Coway Airmega 400S for $650: Coway has yet to make a bad air purifier, and the Airmega 400S is another banger from the air purifier innovators. The 400S checks all the boxes when it comes to features. It has a reliable auto mode that adjusts the fan speed according to the air quality using its built-in air quality sensor. It also has a timer to schedule one, four, or eight hours of running time. And while it has a serviceable app, its built-in air sensor and auto-adjust fan keep me from having to micromanage settings. The question is, can this air purifier do the job without me pushing buttons or checking the indoor air quality, and do it quietly? With the Airmega 400S, the answer is yes. I just wish its 15 x 23 x 15-inch dimensions didn’t make it so hard to place in a room.

Air Doctor AD4000 Air Purifier for $799: As I went to pair Air Doctor’s newest air purifier, the AD4000, I realized that there was no WiFi button on the control panel. At 15 pounds and nearly $800, the AD4000 should be Wi-Fi compatible, especially since it has an internal air quality sensor. Users should have the option to view indoor air quality on the Air Doctor app dashboard. And while the AD4000 is made for larger spaces, if one wanted to achieve the four air exchanges per hour the AD4000 supposedly can do, then it would have its fan at the highest setting. My consumer sound level meter registered 100 dB at full blast. It sounded to me like a hair dryer on a low setting. For context, the CDC’s recommendation for noise levels for workers is that they are not exposed to 100 dB for over 15 minutes. It’s for that reason that all air purifiers need to be in a space where they can run the fan at the lowest setting. The AD4000 would do well in a 200- to 300-square-foot room. Lastly, when I unboxed the AD4000, the sticker with instructions to take the filters out of their plastic bags pulled off the control panel when I went to remove it.

Airdog X5 for $649: The Airdog X5 is the first washable filter air purifier I’ve tested. And while it doesn’t use a HEPA, it is California Air Resources Board certified. CARB lists it as electronic filtration instead of a HEPA filter; that would be listed as mechanical. As I’ve written before, if an air purifier isn’t CARB-certified, don’t buy it. I tested the Airdog in a large room. I even received the limited-edition pet plate. That is exactly what it sounds like—a plate that fits over the Airdog meant for a cat to perch on. Neither of my cats took to it. The Airdog has a responsive built-in sensor that was in sync with my other air quality monitors. And its electronic air filters, by way of their patented TPA technology, charge particles and then capture them. The best way I can describe it: Imagine that the PM 2.5 are mosquitoes and the Airdog is like an old-time mosquito zapper. It works a little like that, and if the filter gets dirty enough, it will make zap sounds.

Photograph: Lisa Wood Shapiro

Briiv 2 Pro Air Filter for $374: There are big claims in Briiv’s 2 Pro Air Filter’s small package. At 2.5 pounds, the Briiv 2 Pro Air Filter is the smallest air purifier I’ve tested, though it’s far from the cheapest. The company claims that one Briiv equals the oddly specific 3,043 houseplants, and that it uses AI-powered air quality sensors. I don’t usually review units that are not CARB-certified (California Air Resources Board), but I was intrigued by the Briiv. That said, the actual space the Briiv 2 Pro can clean is extremely small. I entered the dimensions of my dining room into the Briiv’s website room calculator, and at 20 feet long by 11 feet wide with 9-foot ceilings, the room calculator summed up that I would need two Briivs to effectively clean my dining room. The calculator seems to contradict Briiv’s claim that the Briiv 2 will effectively improve the air quality in a 794-square-foot living space in just 11 minutes. I currently have the Briiv 2 in my kitchen, and the first time its indicator light went red due to my cooking, I couldn’t get the fan to activate. I ended up turning it to full blast through Briiv’s somewhat clunky app. I played around with the app, and since then, my Briiv’s fan auto-adjusts to bad air without needing my help. It also looks very cool.

Mila Air 3 Critter Cuddler for $399: Mila makes seven bespoke filters that are designed specifically for moms-to-be, allergy sufferers, pet owners, etc. Add Mila’s built-in sensor and easy-to-use app dashboard, along with its wooden-legged modern box design, and the Mila is an immediate favorite. The more I cover air purifiers, the more go big to go quiet comes to mind. Smaller models tend to run loud on their highest settings. The Mila was not as quiet as I hoped. At full blast, the Mila hit 70 decibels on my consumer decibel reader. And at a CADR rating of 447 m3/hr, the Mila would do nicely in the average American 200-square-foot bedroom. You could run the Mila at its highest setting for CDC’s recommended five air exchanges an hour in a 400-square-foot room, but that is quite noisy. I ran the Mila in my sons’ 200-square-foot bedroom, and its auto setting adjusted correctly to the room’s air quality. And while Mila gets its outdoor AQI (air quality index) from PurpleAir, it couldn’t seem to find my PurpleAir outdoor monitor.

Photograph: Kat Merck

Dreo Air Purifier Tower Fan for $330: This Dreo offers 99.97 percent HEPA filtration and an air quality sensor. It also has control capability through a remote, the Dreo app, Google Home, and Amazon Alexa. Best of all, the fan and purifier can operate independently of each other, in case you have need for just one or the other or are looking to save on filter life (replacements run around $40). The 12-month warranty isn’t the greatest, but the device has been trouble free for nearly two years in our long-term tests. if you’re in the market for a fan and purifier in one, this model is definitely worth a look. —Kat Merck

Eye-Vac Air for $249: I was more than curious to test out the Eye-Vac Air with its 2-in-1 air purifier and touchless vacuum. Eye-Vac Air’s air purifier has two sets of HEPA and activated carbon filters pulling in air from both sides of the purifier. Its filter placement makes it possible to place the Eye-Vac flush against the wall, especially useful in kitchen settings. The air filter is capable of cleaning the air effectively, achieving five air exchanges per hour in a 120-square-foot space. While Eye Vac has a large, easy-to-read control panel, there are only two options for both the air purifier and the vacuum: manual or automatic. There are indicator lights for both when the bagless vacuum canister is full and when the air purifier filters need replacing. The air purifier also has three fan speeds, but there are no color-coded indicator lights that correspond to air quality. Instead, there are three blue bars that correspond with the purifier’s three fan settings.

Photograph: Lisa Wood Shapiro

SwitchBot Air for $200: I was excited to try this air purifier/side table hybrid complete with a mood light and phone charger. At first I wanted to place it next to my bed, but as I read the fine print, I saw the SwitchBot Air Purifier Table needs 12 inches of clearance on three sides. Air purifiers, especially cylindrical air purifiers, need unobstructed airflow. The SwitchBot Air Purifier Table allows for one side to be 1 inch away from a wall, but not curtains. Those kinds of placement restrictions keep the side table from being a side table. If you don’t mind a small table that can stand against the wall, then the air purifier table might work for a small entryway or bathroom. It has both a HEPA filter for PM 2.5 and an activated carbon filter to remove odor and volatile organic compounds (VOCs). And while the SwitchBot table can exchange the air in a 260-square-foot room five times an hour, that would be at its highest, loudest setting. The ideal size for the SwitchBot would be more like a 100-square-foot space, such as a mud room, entryway, or bathroom.

Windmill Air Purifier for $399: I like the Scandinavian look of this bamboo purifier, and it’s more furniture-esque than other purifiers. Still, with the blue model, the nicks in the veneer show up as white. It’s possible the bamboo finish might wear better. I really like this brand and reviewed its desk fan and air conditioner, the latter of which pairs with the Windmill Air app, and I’m equally happy using the app with its air purifier. The Windmill has an internal sensor and indicator light: green for good, yellow for moderate, pink for bad, and red for unhealthy. And while the Boost setting is the loudest, it is still relatively quiet at its lower setting. I prefer to run it on the auto-adjusting Eco mode.

Coway Airmega 50 for $80: A mini-me to the brand’s Airmega 100, the Airmega 50 (see our full review) has many of the features of Coway’s larger and more expensive models and is the cheapest Coway air purifier yet. The Airmega 50 was surprisingly effective for an air purifier the size of a roll of paper towels. The built-in sensor triggers both auto mode and the air quality indicator light, which gives the user instant information with nightlight vibes. One issue I have with all Coway air purifiers is the fact the custom color air quality indicator lights are different from the US air quality index’s six color-coded categories. Instead of green signalling good air, Coway’s green means air quality is moderate. See how it’s confusing. Blue, which is not on the US AQI color scale, means good.

Photograph: Lisa Wood Shapiro

Puroair 240 HEPA Air Purifier for $159: At under 9 inches tall, the Puroair 240 is tiny. And like so many of the smaller tabletop models, it’s also loud. It might be effective in a small space, say a room about 100 to 150 square feet. And like most of the units we review at WIRED, it’s California Air Resources Board Certified or CARB-certified. I found its filter size too small to effectively clean an average-sized room. And while I still review smaller air purifiers, there are larger and quieter models on the market for relatively the same cost that have greater air exchanges in a larger-sized room. The Puroair’s indicator light is adjusted by the 240’s internal sensor and is green for acceptable, yellow for moderate, and red for poor air quality. At times, I found the thin sliver of the indicator’s light difficult to see. The 240 has auto or manual mode, a timer, child lock, and filter replacement light. It also has a three-stage filter, including the tightly woven HEPA 14, activated carbon, and prefilter. Lastly, the 240’s black plastic attracted a noticeable amount of fingerprints.

Dyson Purifier Cool Gen 1 for $430: This is one of four Dyson purifiers I’ve tested over the years, and I continue to have a love/hate relationship with them. I admire the design and built-in air quality sensor, but there always seems to be something I don’t like with each model. Sometimes I’m not able to get a replacement remote, as Dyson moves on to new models at breakneck speed, and I’ve never really used the magnetic spot atop the filter to rest the remote. This time I was surprised that the Cool Gen1 wasn’t Dyson app compatible. I had to use the remote to adjust the fan speed. On the plus side, I do like the way the fan works, but this isn’t an oscillating fan in the traditional sense. Instead, the Cool Gen 1 TP10 has air blowing out of the sides of the long upright oval, and it shifts direction, aiming the cool air back and forth in a room.

Blueair Blue Signature for $450: This new purifier is designed to double as a side table, and there are accessories such as a chrome ring base, a wooden leg base, and six different color sleeves to match the purifier to fit the room. Without the bases, I found the 15-inch height to be too low for a functional side table. I didn’t test-drive the wooden leg base, but it might make it the right height for a side table. I found the barely there control panel difficult to navigate. And the PM 2.5 count showed only when I waved my hand over the panel. It has an indicator light that shines from its side. When it first arrived, the light moved back and forth like a Cylon from Battlestar Galactica and it took time to adjust the light to a static setting. Aside from that, the Signature works with Blueair’s easy-to-use app. Pet hair did collect on the cloth outer sleeve, but after I machine-washed and dried it, it looked good as new.

Coway Airmega 250 for $399: The Airmega 250 has a decently large footprint, but it’s rated to clean a 930-square-foot room twice an hour. That’s why I put it smack dab in the middle of the first floor of my home to clean the air in my kitchen and living room. Every time we cook, the smart air purifier mode automatically detects unhealthy particles in the air and ratchets up the fan’s power. It also recently did this when I had someone patch some drywall in my mudroom. (This mode works with the help of a PM10 and PM2.5 particle sensor.) The fan at its highest setting isn’t that loud—I measured it at 60 decibels standing right in front of it. There’s a Sleep mode if you want it silent. You get the usual controls, like timer functionality and replacement indicators for the filter. Speaking of, the Airmega 250 uses a true HEPA filter that needs to be replaced once every six to 12 months. This, combined with the washable prefilter that you should be keeping clean every two weeks and the activated carbon filter, allows the air purifier to remove 99.999 percent of ultrafine particles down to 0.01 microns, or so Coway says. It’s super easy to remove these filters to clean and swap them out. The whole system is roughly 21 pounds, so you can move it around fairly easily. Coway offers a three-year warranty. The Coway Airmega 250S is the same model but with Wi-Fi functionality, so you can control it via an app and see more details. The last thing I need is another app, but maybe you don’t mind. —Julian Chokkattu

Shark NeverChange Air Purifier Max for $399: Standing at just under 2 feet tall, the NeverChange Max can be placed as close as 3 inches from a wall, making it a good fit for crowded spaces. It also has an air exchange of nearly five times per hour in a 216-foot space. The Max has a HEPA filter to capture fine particles in the air along with an activated carbon filter to trap odors and gases, as well as Shark’s own “Odor Neutralizer Technology”—a small cartridge that’s filled with an Ocean Breeze “fragrance pod.” It looked like solid perfume, but the scent reminded me more of an interstate service area than the beach. When I moved the Max next to my cats’ litter box and turned it on to the highest setting, it rid the room of any cat odor in less than a minute. It works. The Max touts that its owner can save $300 in filter costs in the first five years, as Shark’s filter lasts 10 times longer than some other filters. Reading the fine print, this is only true when the Max is used in 300-square-foot room. I’ve written about bespoke air scores in air monitors, and I have the same issue here with Shark’s air quality grades. The Max doesn’t have smart features, nor does it have an app or remote control. And at nearly $300, the Max only has a two-year warranty. Still, because of its easy setup, low maintenance, ability to operate so close to the wall, and possibly useful odor neutralizer technology, it’s perfect for a dorm room.

Shark NeverChange Air Purifier for $250: A lot of what was true for the Shark NeverChange Air Purifier Max is true for the line’s smaller NeverChange. It has an air exchange of nearly five times per hour in a 130-square-foot space. And while I couldn’t find a seal from the Association of Home Appliance Manufacturers, or AHAM, on the NeverChange, it meets the standards for measuring the clean air delivery rate, or CADR, for a room that size, like a bathroom or laundry room. And it’s in those rooms that cat owners often tuck away their odor-causing litter boxes. And like the Max, the NeverChange uses a HEPA filter to capture fine particles along with an activated carbon filter to trap odors and gases. I tested the matte black finish that didn’t collect pet hair and was impervious to fingerprints. The NeverChange also has “Odor Neutralizer Technology,” a small cartridge that is filled with a “fragrance pod.” Like the Max, NeverChange touts the same cost savings in only replacing the filter every five years. In the fine print, those savings are only true when the NeverChange is used in 135-square-foot room, again the size of a large bathroom or laundry room. Still, because of its small size, its ability to operate so close to the wall, and the possibility of useful odor-neutralizer technology, I would recommend it to all my fellow cat ladies and cat gentlemen.

Photograph: Lisa Wood Shapiro

Oransi AirMend True Carbon for $350: While other AirMend models are made for HEPA filters, the True Carbon doesn’t have a HEPA. Instead, it has a 3-pound activated carbon filter. There’s a remote but no internal sensor, so raising the fan speed is a manual operation. It took a few tries using the remote, as there is a small lag time as the fan adjusts to different speeds. I appreciated the magnetic remote holder on the top of the purifier. It’s quiet on most settings and has an easy-to-miss minimalist design, blending into most spaces. The True Carbon is for those that need serious odor removal. I placed the True Carbon next to my two cats’ heavily trafficked litter box and within half hour it eliminated the smell. I knew it was working when my son couldn’t detect an odor. I could see the True Carbon being an essential appliance for smoker households, kitchens that retain smells, or cat owners. It’s surprisingly effective, but this is for VOCs and odors. The True Carbon is HEPA-less—it cannot capture fine particulates from the air. What you gain with a supersized activated carbon filter, you lose in standard air purifying ability such as removing PM2.5. That might be fine for your needs. Oransi also makes a wall mount and handy travel bag sold separately.

PurOxygen P500i for $170: This machine cleans the air of a smaller-than-average-sized room, and its easy-to-read display, app compatibility, side handles, and unique all-in-one filter make it easy to like. I usually stay away from small-room air purifiers due to their loud noise and less-than-ideal air-cleaning power. And while at its highest setting, the P500i reaches up to 50 decibels, it operates quietly at lower speeds and can effectively clean the air in a home office or a room smaller than 200 square feet. The purOxygen utilizes a combined filter that has a prefilter that can be un-velcroed and hand washed, an activated carbon, a HEPA 13, along with a cold catalyst filter. A cold catalyst, also known as low temperature catalyst filtration, can cause a chemical reaction that can break down gases, like VOCs, and convert them to less harmful substances. And while the P5001 is California Air Resources Board or CARB-vertified as a mechanical air purifier, the EPA does not recommend catalysts due to their limited effectiveness.

Coway Airmega IconS for $649: Coway continues to make some of the prettier air purifiers, as you might have noticed in this guide, and that continues with the Airmega IconS. It looks like an end table, and so I keep it right next to my couch. The star of the show is the Qi wireless charging pad, so when I sit down, I just plop my phone right on the machine to let it recharge. Any phone with wireless charging support should work, though you may need to take your phone case off. Like all Coways, it’s powerful—it cleans the air in spaces up to 649 square feet—easy to control, and simple to clean. This version is Wi-Fi enabled and voice-controlled. —Medea Giordano

Photograph: Lisa Wood Shapiro

Dreame Air Pursue PM20 for $700: This purifier promised to redefine air quality management, “with innovative human tracking capabilities and precision detection systems, delivering personalized air purification that adapts to every need.” The Pursue reminded me of the Dyson Purifier Big+Quiet Formaldehyde BP04 in shape, but the Pursue is designed to follow human movement, directing clean air in the user’s direction. The Pursue that WIRED tested worked well at first, but stopped pursuing early on. While this could have been user error, no amount of clicking the remote put it back into Pursue mode.

Mila Air Mini for $229: This was unfortunately too petite to effectively clean the rooms used for testing without running it on its loudest setting.

Shark NeverChange Air Purifier Compact Pro for $175: The latest addition to Shark’s NeverChange family had the same issue as the Mila Air Mini, above.

Not Recommended

Ikea Starkvind for $200: Ikea’s Starkvind hit the American market in 2021. It’s stylish and relatively inexpensive and has the option to add on a carbon filter for gases such as benzene. It can be purchased either on its own or built into a wooden side table, but it’s worth noting that the Starkind took me an hour to assemble. While it is CARB-certified, meaning it passed the rigorous standards of the California Air Resources Board, it does not have a HEPA filter. Thinking I had an early version made for media, I went to my local Ikea. I bought a Förnuftig, and its manual listed the filter as HEPA. It’s not. We reached out to the company; at the time of publication, Ikea said it was still routing the question to the appropriate team. The question remains: If you’re buying an air purifier, why not buy a HEPA?

Morento Air Purifier for $67: This CARB-certified model caught our attention earlier this year for its value. With a CADR of 200 cubic feet per minute, the Morento is not only more powerful than most others at its price point, it’s got all the features of higher-end models, including a PM2.5 sensor and ring-light indicator, plus smart capability through the Havaworks app. During the testing period, however, the fan never increased speed to compensate for higher PM2.5 levels, even when I burned incense in the room to raise the level into the 500s. This persisted despite the machine being set to auto mode both in the app and on the machine itself, plus my cleaning the sensor and resetting the unit by unplugging it. Regardless, even if this feature had been working properly, the Morento gives a strangely wide margin for acceptable PM2.5 levels—the ring light indicator continued to glow green (“good”) up to 75 PM 2.5, which is 15 times more than the World Health Organization–recommended level of 5 micrograms per cubic meter. —Kat Merck

FAQs

Power up with unlimited access to WIRED. Get best-in-class reporting and exclusive subscriber content that’s too important to ignore. Subscribe Today.

Google has pushed a significant update to Gemini for Home that tightens response speeds and extends the platform’s Ask Home personalisation layer to voice commands for the first time, with the changes rolling out across compatible smart speakers and displays.

The Ask Home expansion marks a notable shift in how the assistant handles household-specific queries, allowing Gemini to draw on saved information about family members and regular visitors when responding to spoken requests rather than requiring users to navigate through the Google Home app on their phone each time.

That means a user who has saved a household member’s name and associated it with a familiar face in Nest Cam history can ask directly through a speaker whether that person has arrived home, with Gemini cross-referencing the saved context against the camera’s facial recognition data to return a relevant answer without additional input.

Building on that thread, the update also introduces a Home Brief feature for speakers and displays that generates an on-demand audio summary of activity recorded by Nest cameras throughout the day, providing a quicker way to review events without opening the app.

Alongside the contextual upgrades, Google has optimised its backend processing for basic device commands, with the company confirming that actions including turning on lights, setting timers, and triggering alarms should feel noticeably faster following the update — a change that addresses a persistent criticism of LLM-based assistants, where latency makes voice control feel slower than manual operation.

The Google Home app version 4.16 also brings practical improvements for Nest Thermostat owners, with a new one-tap temperature override that allows users to pause outdoor temperature-based heating and cooling without disrupting long-term scheduled settings, while iOS users gain the ability to manage compatible third-party thermostats and air conditioning units directly from within the app.

Google also confirmed that further details on Gemini for Home and broader smart home integrations are expected at its I/O developer conference on 19 May 2026, suggesting that the May update serves as a prelude to a more substantial set of announcements.

When money is not the problem, choosing the ultimate luxury audio and video gifts for 2026 comes down to priorities: sound quality, picture quality, design, convenience, status, or pure emotional impact.

Some people want a two channel hi-fi stereo system that makes a jazz trio feel dangerously close. Others want a home theater system that turns movie night into a private screening room experience. A few just want gear that looks expensive enough to make the neighbors quietly reassess their life choices. This Ultra High-end Audio and Video Gift Guide 2026 focuses on the best luxury A/V gear for people chasing the bleeding edge of sound and vision. Our picks are based on performance, engineering, industrial design, and real world experience with these products. At this level, expensive is easy. Great is harder. That is why everything here had to do more than look impressive in a showroom and frighten an accountant.

The Ultimate 4K Kaleidescape System

Anyone looking for the biggest and best can now receive every 4K movie available from the Kaleidescape store (at the time of shipment) pre-loaded onto two Terra Prime 120TB servers. The two servers are packaged with a Strato V movie player, providing the ultimate 4K experience right out of the box. (US only) 

Learn more at Kaleidescape

Ultimate Cinema Speakers

The extreme performance of THE BLACK SWAN ACTIVE EXT REFERENCE CINEMA sets new standards in sound with a maximum sound pressure level of 140 dB. New for 2026, two 15″ woofers are integrated into a single trapezoidal enclosure, optimizing point-source behavior for phase-coherent lifelike audio reproduction with reference level in every seat.

Advertisement

Learn more at ada-cinema.com

Ultimate Video

The madVR Envy Core MK2 is the next-generation reference video processor for home cinema enthusiasts seeking uncompromised picture quality and immersion. Featuring best-in-class HDR dynamic tone mapping, patented AI-driven video processing, exceptional 4K and 8K upscaling, and immersive non-linear stretch for black bar reduction, the Envy Core MK2 unlocks the full potential of all modern displays with stunning accuracy, consistency, and cinematic impact.

Learn more at madVR

Ultimate Statement

Make a statement with one of the most iconic loudspeakers of all time. Although it was developed over 30 year ago, the Bowers & Wilkins Nautilus is still available today in Midnight Blue, Black, and Silver. Each unit is handcrafted in Worthing, UK and can be customized to match any color.

$110,000/pair at Bowers & Wilkins

Advertisement

Ultimate Analog

The Metaxas & Sins Tourbillon MKII stands unmatched as the ultimate analog source. Combining sculptural artistry with precision engineering, this handcrafted reel-to-reel player delivers breathtaking realism, explosive dynamics, and extraordinary transparency. Built from aerospace-grade materials, Tourbillon transforms master recordings into deeply immersive, emotionally captivating listening experiences without equal. 

Learn more at Reel Sound 954-648-3550

Ultimate A/V Separates

Enjoy the ultimate power and control of your home theater speaker system with flagship Marantz A/V separates. The AV 10 delivers 15.4-channels of Dolby Atmos processing, while AMP 10 offers 200-watts per channel of headroom.

$14,000 at Crutchfield

Ultimate Display

For the ultimate cinema-grade display, Quantum Media Systems offers the highest quality, and seamless, Micro LED flat panel we’ve seen to date. Turn any wall into a screen, configure it to any size, and watch with stunning clarity day or night.

Learn more at Quantum Media Systems

Advertisement

Need more gift giving ideas?

Disclosure: The products listed above are approved by our Editors, but may be requested by our sponsors. When links to buy are provided, we’ll direct you to the lowest price at time of publication. In doing so, eCoustics may earn a small commission from the associated retailer if purchased.

As passengers return to the US from the cruise that saw a rare hantavirus outbreak, much of the country is lacking a basic public health tool: a test to diagnose the illness in the earliest stages of infection. Nebraska may be the first state with the ability to do so.

In just a few days, a lab at the University of Nebraska Medical Center in Omaha developed its own diagnostic test for the Andes virus in anticipation of receiving 16 American passengers from the ship.

“I believe we might be the only lab in the nation that has this test available at the moment,” Peter Iwen, director of the Nebraska Public Health Laboratory tells WIRED, referring to polymerase chain reaction (PCR) testing, which was important during the Covid-19 pandemic. Its ability to detect tiny quantities of the virus before patients have full-blown symptoms makes it crucial for identifying cases quickly, getting patients prompt medical treatment, and preventing the spread of disease.

The university’s medical center is home to a highly specialized biocontainment unit designed to care for patients with severe infectious diseases that lack vaccines or treatments. Staff members previously treated patients during the 2014 Ebola outbreak and cared for some of the first Americans diagnosed with Covid in 2020.

When Nebraska was notified that it would be receiving some of the passengers, Iwen contacted the US Centers for Disease Control and Prevention to see if it had tests on hand. He learned that the CDC has the ability to run a serological test, which looks for the presence of hantavirus antibodies. But people don’t develop antibodies until they are actively sick and their body has had time to mount an immune response.

Andrew Nixon, a spokesperson for the US Department of Health and Human Services, told WIRED that the CDC has a PCR test for the Andes virus but that it’s a research test that cannot be used for patient management. Research tests are used in scientific experiments, while diagnostic tests that are meant to confirm or rule out a disease in patients need to be rigorously tested, or validated, to make sure they are capable of producing consistent results. Nixon said the agency is working on validating its PCR test.

Iwen’s lab mobilized quickly to track down the materials needed to build and validate a PCR test from scratch. They called a lab in California—a state that has previously seen hantavirus cases—but their test was for a specific strain found in the US. Andes virus has previously only been detected in South America and isn’t found in rodents native to the US.

“Tests that we have available in the US will not detect that virus that’s found in South America,” he says, noting that the Andes virus is very different genetically from the primary hantavirus strain found in the US, known as the Sin Nombre virus.

The Nebraska team reached out to Steven Bradfute, a hantavirus scientist at the University of New Mexico. Frannie Twohig, a graduate student in Bradfute’s lab, had developed an Andes virus PCR test for research purposes as part of her PhD work. Bradfute’s lab also has genetic material of the Andes virus that’s not capable of causing disease which the Nebraska lab would need to validate its test.

On Friday, Bradfute shipped the genetic material and a box of chemical reagents needed to detect the virus in blood samples overnight to Nebraska. By Saturday morning, Iwen’s team had what it needed to start assembling and validating its test.

It was enough to run about 300 tests, which took all day Saturday and Sunday, Iwen says. His team added Andes genetic material in various concentrations to samples of healthy human blood to see if their test could detect it. Then, they compared the results to control samples. The team used up about a third of its tests on the validation process and now has the capacity to conduct a few hundred tests on patient samples.

AI that can see and understand what’s happening in a video — especially a live feed — is understandably an attractive product to lots of enterprises and organizations. Beyond acting as a security “watchdog” over sites and facilities, such an AI model could also be used to clip out the most exciting parts of marketing videos and repurpose them for social, identify inconsistencies and gaffs in videos and flag them for removal, and identify body language and actions of participants in controlled studies or candidates applying for new roles.

While there are some AI models that offer this type of functionality today, it’s far from a mainstream capability. The two-year-old startup Perceptron Inc. is seeking to change all that, however. Today, it announced the release of its flagship proprietary video analysis reasoning model, Mk1 (short for “Mark One”) at a cost — $0.15 per million tokens input / $1.50 per million output through its application programming interface (API) — that comes in about 80-90% less than other leading proprietary rivals, namely, Anthropic’s Claude Sonnet 4.5, OpenAI’s GPT-5, and Google’s Gemini 3.1 Pro.

Led by Co-founder and CEO Armen Aghajanyan, formerly of Meta FAIR and Microsoft, the company spent 16 months developing a “multi-modal recipe” from the ground up to address the complexities of the physical world.

This launch signals a new era where models are expected to understand cause-and-effect, object dynamics, and the laws of physics with the same fluency they once applied to grammar.

Interested users and potential enterprise customers can try it out for themselves on a public demo site from Perceptron here.

Performance across spatial and video benchmarks

The model’s performance is backed by a suite of industry-standard benchmarks focused on grounded understanding.

In spatial reasoning (ER Benchmarks), Mk1 achieved a score of 85.1 on EmbSpatialBench, surpassing Google’s Robotics-ER 1.5 (78.4) and Alibaba’s Q3.5-27B (approx. 84.5).

In the specialized RefSpatialBench, Mk1’s score of 72.4 represents a massive leap over competitors like GPT-5m (9.0) and Sonnet 4.5 (2.2), highlighting a significant advantage in referring expression comprehension.

Video benchmarks show similar dominance; on the EgoSchema “Hard Subset”—where first-and-last-frame inference is insufficient—Mk1 scored 41.4, matching Alibaba’s Q3.5-27B and significantly beating Gemini 3.1 Flash-Lite (25.0).

On the VSI-Bench, Mk1 reached 88.5, the highest recorded score among the compared models, further validating its ability to handle actual temporal reasoning tasks.

Market positioning and the efficiency frontier

Perceptron has explicitly targeted the “Efficiency Frontier,” a metric that plots mean scores across video and embodied reasoning benchmarks against the blended cost per million tokens.

Benchmarking data reveals that Mk1 occupies a unique position: it matches or exceeds the performance of “frontier” models like GPT-5 and Gemini 3.1 Pro while maintaining a cost profile closer to “Lite” or “Flash” versions.

Specifically, Perceptron Mk1 is priced at $0.15 per million input tokens and $1.50 per million output tokens. In comparison, the “Efficiency Frontier” chart shows GPT-5 at a significantly higher blended cost (near $2.00) and Gemini 3.1 Pro at approximately $3.00, while Mk1 sits at the $0.30 blended cost mark with superior reasoning scores.

This aggressive pricing strategy is intended to make high-end physical AI accessible for large-scale industrial use rather than just experimental research.

Architecture and temporal continuity

The technical core of Perceptron Mk1 is its ability to process native video at up to 2 frames per second (FPS) across a significant 32K token context window.

Unlike traditional vision-language models (VLMs) that often treat video as a disjointed sequence of still images, Mk1 is designed for temporal continuity.

This architecture allows the model to “watch” extended streams and maintain object identity even through occlusions, a critical requirement for robotics and surveillance applications.

Developers can query the model for specific moments in a long stream and receive structured time codes in return, streamlining the process of video clipping and event detection.

Reasoning with the laws of physics

A primary differentiator for Mk1 is its “Physical Reasoning” capability. Perceptron defines this as a high-precision spatial awareness that allows the model to understand object dynamics and physical interactions in real-world settings.

For example, the model can analyze a scene to determine if a basketball shot was taken before or after a buzzer by jointly reasoning over the ball’s position in the air and the readout on a shot clock.

This requires more than just pattern recognition; it requires an understanding of how objects move through space and time.

The model is capable of “pixel-precise” pointing and counting into the hundreds within dense, complex scenes. It can also read analog gauges and clocks, which have historically been difficult for purely digital vision systems to interpret with high reliability.

It also seems to have strong general world and historical knowledge. In my brief test, I uploaded a vintage public domain film of skyscraper construction in New York City dated 1906 from the U.S. Library of Congress, and Mk1 was able to not only correctly describe the contents of the footage — including odd, atypical sights as workers being suspended by ropes — but did so rapidly and even correctly identified the rough date (early 1900s) from the look of the footage alone.

A developer platform for physical AI

Accompanying the model release is an expanded developer platform designed to turn these high-level perception capabilities into functional applications with minimal code.

The Perceptron SDK, available via Python, introduces several specialized functions such as “Focus,” “Counting,” and “In-Context Learning”.

The Focus feature allows users to zoom and crop into specific regions of a frame automatically based on a natural language prompt, such as detecting and localizing personal protective equipment (PPE) on a construction site. The Counting function is optimized for dense scenes, such as identifying and pointing to every puppy in a group or individual items of produce.

Furthermore, the platform supports in-context learning, allowing developers to adapt Mk1 to specific tasks by providing just a few examples, such as showing an image of an apple and instructing the model to label every instance of Category 1 in a new scene.

Licensing strategies and the Isaac series

Perceptron is employing a dual-track strategy for its model weights and licensing. The flagship Perceptron Mk1 is a closed-source model accessed via API, designed for enterprise-grade performance and security.

However, the company is also maintaining its “Isaac” series, which kicked off with the launch of Isaac 0.1 in September 2025, as an open-weights alternative. Isaac 0.2-2b-preview, released in December 2025, is a 2-billion parameter vision-language model with reasoning capabilities that is available for edge and low-latency deployments.

While the weights for the Isaac models are open on the popular AI code sharing community Hugging Face, Perceptron offers commercial licenses for companies that require maximum control or on-premise deployment of the weights.

This approach allows the company to support both the open-source community and specialized industrial partners who need proprietary flexibility. The documentation notes that Isaac 0.2 models are specifically optimized for sub-200ms time-to-first-token, making them ideal for real-time edge devices.

Background on Perceptron founding and focus

Perceptron AI is a Bellevue, Washington-based physical AI startup founded by Aghajanyan and Akshat Shrivastava, both former research scientists at Meta’s Facebook AI Research (FAIR) lab.

The company’s public materials date its founding to November 2024, while a Washington corporate filing record for Perceptron.ai Inc. shows an earlier foreign registration filing on October 9, 2024, listing Shrivastava and Aghajanyan as governors.

In founder launch posts from late 2024, Aghajanyan said he had left Meta after nearly six years and “joined forces” with Shrivastava to build AI for the physical world, while Shrivastava said the company grew out of his work on efficiency, multimodality and new model architectures.

The founding appears to have followed directly from the pair’s work on multimodal foundation models at Meta. In May 2024, Meta researchers published Chameleon, a family of early-fusion models designed to understand and generate mixed sequences of text and images, work that Perceptron later described as part of the lineage behind its own models.

A July 2024 follow-on paper, MoMa, explored more efficient early-fusion training for mixed-modal models and listed both Shrivastava and Aghajanyan among the authors. Perceptron’s stated thesis extends that research direction into “physical AI”: models that can process real-world video and other sensory streams for use cases such as robotics, manufacturing, geospatial analysis, security and content moderation.

Partner ecosystems and future outlook

The real-world impact of Mk1 is already being demonstrated through Perceptron’s partner network. Early adopters are using the model for diverse applications, such as auto-clipping highlights from live sports, which leverages the model’s temporal understanding to identify key plays without human intervention.

In the robotics sector, partners are curating teleoperation episodes into training data, effectively automating the process of labeling and cleaning data for robotic arms and mobile units.

Other use cases include multimodal quality control agents on manufacturing lines, which can detect defects and verify assembly steps in real-time, and wearable assistants on smart glasses that provide context-aware help to users.

Aghajanyan stated that these releases are the culmination of research intended to make AI function best in the physical world, moving toward a future where “physical AI” is as ubiquitous as digital AI.

Meta temporarily reverses course after EU says new rules are ‘equivalent to the previous access ban’.

Meta will allow rival AI chatbots free access to WhatsApp for a month as it navigates a way out of EU antitrust concerns.

The decision comes after the European Commission said last month that it would have to order Meta to reinstate third-party AI assistants access to WhatsApp under preexisting conditions.

Last October, the social media giant changed rules and blocked access to competing third-party AI providers from reaching their customers through WhatsApp.

Following this, in December, the EU opened its probe into Meta’s policies and informed the company by January that it was breaching the bloc’s antitrust rules.

Later in March, the company reversed course to reinstate access to WhatsApp for third-party AI assistants – but for a fee. However, in April, the Commission told Meta that its new rules were “equivalent to the previous access ban”.

A Meta spokesperson told news publications that the general-purpose AI chatbots ​operating in the European Economic Area (EEA) will be given “free access to the WhatsApp business ​API for one month” as part of ongoing discussions with the EU.

“This will ‌provide the ⁠Commission and Meta with time to achieve a quick and fair outcome to the investigation,” they added. SiliconRepublic.com has reached out to Meta for further comments.

The Commission’s investigation covers all of the EEA, but Italy, to avoid an overlap with the Italian competition authority’s ongoing investigations into the company over the same issue.

The EU welcomed Meta’s move to open up access to WhatsApp, telling the press that it believes this creates the “adequate conditions needed to discuss commitments” with the company.

“The window for this discussion is short, and the process is conditional on ​Meta’s genuine intention to address the Commission’s concerns,” it added.

Meta is on the hook for up to 10pc of its annual global turnover if the EU ultimately finds that it broke antitrust laws under the Treaty on the Functioning of the European Union and the EEA Agreement.

The company has faced an onslaught of legal issues in the past few months, with Ireland’s Coimisiún na Meán launching two investigations into Meta earlier this month over the company’s recommender systems and compliance with the Digital Services Act (DSA).

Meanwhile, in April, the EU – in a separate investigation – preliminarily found that Instagram and Facebook breached the DSA for failing to “diligently” identify and mitigate risks that children under 13 face when using these platforms.

In March, a landmark US legal case found that Meta’s platforms were designed to be addictive to children. While a different case that concluded a day prior, found that Meta’s platforms enable child sexual exploitation.

The Facebook-parent also launched a legal battle against UK’s media regulator Ofcom earlier this month over alleged “disproportionate” penalties introduced in the Online Safety Act.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Any development environment that installed or imported one of the 172 compromised npm or PyPI packages published since May 11 should be treated as potentially compromised. On affected developer workstations, the worm harvests credentials from over 100 file paths: AWS keys, SSH private keys, npm tokens, GitHub PATs, HashiCorp Vault tokens, Kubernetes service accounts, Docker configs, shell history, and cryptocurrency wallets. For the first time in a TeamPCP campaign, it targets password managers including 1Password and Bitwarden, according to SecurityWeek.

It steals Claude and Kiro AI agent configurations, including MCP server auth tokens for every external service an agent connects to. And it does not leave when the package is removed.

The worm installs persistence in Claude Code (.claude/settings.json) and VS Code (.vscode/tasks.json with runOn: folderOpen) that re-execute every project open, plus a system daemon (macOS LaunchAgent / Linux systemd) that survives reboots. These live in the project tree, not in node_modules. Uninstalling the package does not remove them. On CI runners, the worm reads runner process memory directly via /proc/pid/mem to extract secrets, including masked ones, on Linux-based runners. If you revoke tokens before isolating the machine, Wiz’s analysis found a destructive daemon wipes your home directory.

Between 19:20 and 19:26 UTC on May 11, the Mini Shai-Hulud worm published 84 malicious versions across 42 @tanstack/* npm packages. Within 48 hours the campaign expanded to 172 packages across 403 malicious versions spanning npm and PyPI, according to Mend’s tracking. @tanstack/react-router alone receives 12.7 million weekly downloads. CVE-2026-45321, CVSS 9.6. OX Security reported 518 million cumulative downloads affected. Every malicious version carried a valid SLSA Build Level 3 provenance attestation. The provenance was real. The packages were poisoned.

“TanStack had the right setup on paper: OIDC trusted publishing, signed provenance, 2FA on every maintainer account. The attack worked anyway,” Peyton Kennedy, senior security researcher at Endor Labs, told VentureBeat in an exclusive interview. “What the orphaned commit technique shows is that OIDC scope is the actual control that matters here, not provenance, not 2FA. If your publish pipeline trusts the entire repository rather than a specific workflow on a specific branch, a commit with no parent history and no branch association is enough to get a valid publish token. That’s a one-line configuration fix.”

Three vulnerabilities chained into one provenance-attested worm

TanStack’s postmortem lays out the kill chain. On May 10, the attacker forked TanStack/router under the name zblgg/configuration, chosen to avoid fork-list searches per Snyk’s analysis. A pull request triggered a pull_request_target workflow that checked out fork code and ran a build, giving the attacker code execution on TanStack’s runner. The attacker poisoned the GitHub Actions cache. When a legitimate maintainer merged to main, the release workflow restored the poisoned cache. Attacker binaries read /proc/pid/mem, extracted the OIDC token, and POSTed directly to registry.npmjs.org. Tests failed. Publish was skipped. 84 signed packages still reached the registry.

“Each vulnerability bridges the trust boundary the others assumed,” the postmortem states. Published tradecraft from the March 2025 tj-actions/changed-files compromise, recombined in a new context.

The worm crossed from npm into PyPI within hours

Microsoft Threat Intelligence confirmed the mistralai PyPI package v2.4.6 executes on import (not on install), downloading a payload disguised as Hugging Face Transformers. npm mitigations (lockfile enforcement, –ignore-scripts) do not cover Python import-time execution.

Mistral AI published a security advisory confirming the impact. Compromised npm packages were available between May 11 at 22:45 UTC and May 12 at 01:53 UTC (roughly three hours). The PyPI release mistralai==2.4.6 is quarantined. Mistral stated an affected developer device was involved but no Mistral infrastructure was compromised. SafeDep confirmed Mistral never released v2.4.6; no commits landed May 11 and no tag exists.

Wiz documented the full blast radius: 65 UiPath packages, Mistral AI SDKs, OpenSearch, Guardrails AI, 20 Squawk packages. StepSecurity attributes the campaign to TeamPCP, based on toolchain overlap with prior Shai-Hulud waves and the Bitwarden CLI/Trivy compromises. The worm runs under Bun rather than Node.js to evade Node.js security monitoring.

The attacker treated AI coding agents as part of the trusted execution environment

Socket’s technical analysis of the 2.3 MB router_init.js payload identifies ten credential-collection classes running in parallel. The worm writes persistence into .claude/ and .vscode/ directories, hooking Claude Code’s SessionStart config and VS Code’s folder-open task runner. StepSecurity’s deobfuscation confirmed the worm also harvests Claude and Kiro MCP server configurations (~/.claude.json, ~/.claude/mcp.json, ~/.kiro/settings/mcp.json), which store API keys and auth tokens for external services. This is an early but confirmed instance of supply-chain malware treating AI agent configurations as high-value credential targets. The npm token description the worm sets reads: “IfYouRevokeThisTokenItWillWipeTheComputerOfTheOwner.” It is not a bluff.

“What stood out to me about this payload is where it planted itself after running,” Kennedy told VentureBeat. “It wrote persistence hooks into Claude Code’s SessionStart config and VS Code’s folder-open task runner so it would re-execute every time a developer opened a project, even after the npm package was removed. The attacker treated the AI coding agent as part of the trusted execution environment, which it is. These tools read your repo, run shell commands, and have access to the same secrets a developer does. Securing a development environment now means thinking about the agents, not just the packages.”

CI/CD Trust-Chain Audit Grid

Six gaps Mini Shai-Hulud exploited. What your CI/CD does today. The control that closes each one.

Sources: TanStack postmortem, StepSecurity, Socket, Snyk, Wiz, Microsoft Threat Intelligence, Mend, Endor Labs. May 12, 2026.

Security director action plan

• Today: “The fastest check is find . -name ‘router_init.js’ -size +1M and grep -r ’79ac49eedf774dd4b0cfa308722bc463cfe5885c’ package-lock.json,” Kennedy said. If either returns a hit, isolate and image the machine immediately. Do not revoke tokens until the host is forensically preserved. The worm’s destructive daemon triggers on revocation. Once the machine is isolated, rotate credentials in this order: npm tokens first, then GitHub PATs, then cloud keys. Hunt for .claude/settings.json and .vscode/tasks.json persistence artifacts across every project that was open on the affected machine.

• This week: Rotate every credential accessible from affected hosts: npm tokens, GitHub PATs, AWS keys, Vault tokens, K8s service accounts, SSH keys. Check your packages for unexpected versions after May 11 with commits by claude@users.noreply.github.com. Block filev2.getsession[.]org and git-tanstack[.]com.

• This month: Audit every GitHub Actions workflow against the six gaps above. Pin OIDC publishing to specific workflows on protected branches. Isolate cache keys per trust boundary. Set npm config set min-release-age=7d. For AI/ML teams: check guardrails-ai and mistralai against compromised versions, audit CI pipelines for id-token: write exposure, and rotate every LLM API key and vector DB credential accessible from CI.

• This quarter (board-level): Fund behavioral analysis at the package registry layer. Provenance verification alone is no longer a sufficient procurement criterion for supply-chain security tooling. Require CI/CD security audits as part of vendor risk assessments for any tool with publish access to your registries. Establish a policy that no workflow with id-token: write runs from a shared cache. Treat AI coding agent configurations (.claude/, .kiro/, .vscode/) as credential stores subject to the same access controls as cloud key vaults.

The worm is iterating. Defenders must, as well

This is the fifth Shai-Hulud wave in eight months. Four SAP packages became 84 TanStack packages in two weeks. intercom-client@7.0.4 fell 29 hours later, confirming active propagation through stolen CI/CD infrastructure. Late on May 12, malware research collective vx-underground reported that the fully weaponized Shai-Hulud worm code has been open-sourced. If confirmed, this means the attack is no longer limited to TeamPCP. Any threat actor can now deploy the same cache-poisoning, OIDC-extraction, and provenance-attested publishing chain against any npm or PyPI package with a misconfigured CI/CD pipeline.

“We’ve been tracking this campaign family since September 2025,” Kennedy said. “Each wave has picked a higher-download target and introduced a more technically interesting access vector. The orphaned commit technique here is genuinely novel. Branch protection rules don’t apply to commits that aren’t on any branch. The supply chain security space has spent a lot of energy on provenance and trusted publishing over the last two years. This attack walked straight through both of those controls because the gap wasn’t in the signing. It was in the scope.”

Provenance tells you where a package was built. It does not tell you whether the build was authorized. That is the gap this audit is designed to close.