Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Enterprise AI teams are giving agents more freedom at the same moment their confidence in automated testing is collapsing.
Half of enterprises have deployed an AI agent or LLM feature that passed internal evaluations and yet still caused a customer-facing failure — one in four more than once — according to the June 2026 VB Pulse survey of 157 qualified enterprise respondents at companies with 100 or more employees.
The sample is self-selected rather than a probability sample, so the findings should be read as directional, not precise.
But enterprises are not responding by slowing automation: 66% of respondents already permit some production deployment without human review or are building systems intended to do so within the next 12 months. Only 5% say they fully trust the automated evaluations that would make those release decisions.
That mismatch is the evaluation gap: the autonomy ceiling is rising faster than the assurance beneath it.
It also fits a broader thesis that will be explored at VB Transform 2026: enterprises ship agents first, while the control layers around identity, evaluation, cost, context and orchestration are arriving later. The next year will be a retrofit cycle, with buyers shifting budget toward the systems that make agentic deployments governable and dependable.

Traditional software testing usually asks whether a defined input produces an expected output. Agent testing is harder because the system may choose its own sequence of steps, call tools, retrieve data, alter state and respond differently from one run to the next.
An agent can make several individually plausible decisions and still reach the wrong result. It may retrieve the correct account but update the wrong field. It may draft a valid refund request but send it without approval. It may call five tools successfully before a sixth step leaks sensitive information or leaves a workflow incomplete.
The survey shows enterprises already recognize this limitation. The most common reason for distrusting automated evaluation is poor alignment with real-world outcomes, cited by 29% of respondents. Bias or inconsistency follows at 21%, lack of explainability at 18%, and data leakage or privacy concerns at 17%.

That hierarchy matters. Enterprises are saying the score often does not predict what happens when a customer, employee or business process encounters the agent in production — not that automated scoring is too slow or expensive.
NIST makes a similar point in its Generative AI Profile: measurements gathered in controlled environments may not transfer cleanly to deployment because behavior changes with prompts, users, context and operating conditions. Its guidance calls for field testing, post-deployment monitoring and clear processes for escalating failures.
VB Transform · July 14–15 · Menlo Park · LLMs, ops & evals
Standard benchmarks fail. Amazon and Waymo explain what they test instead.
The evals track goes deep on the four dimensions of reliability — consistency, robustness, predictability, safety — and how teams at Amazon and Waymo are operationalizing them in production.
A single successful run proves that an agent can complete a task. It does not prove that it will complete the task reliably.
Anthropic’s guidance on agent evaluation distinguishes between measuring whether a system succeeds at least once across repeated attempts and whether it succeeds every time. That distinction is essential for customer-facing or operational workflows. A model that occasionally produces an excellent answer may still be unacceptable if the same task fails unpredictably on the next attempt.
Enterprise teams should therefore treat repeatability as a first-class metric. That means running the same scenario multiple times, varying phrasing and context, testing tool failures, and measuring whether the final business outcome remains correct even when the route changes.
The evaluation set also has to evolve. Every production incident should become a permanent regression test. Customer escalations, failed tool calls, incorrect approvals and data-handling mistakes should feed back into the pre-deployment suite rather than remaining isolated support cases.
The survey does not imply that every agent action should require a person. Human review cannot scale across millions of low-consequence decisions.
But zero-human operation should be earned by demonstrated reliability and bounded by the consequences of failure.

Low-risk actions such as drafting internal summaries or categorizing documents can tolerate broader autonomy. Financial transactions, customer communications, code deployment, access-control changes and data deletion need stricter thresholds, repeated consistency tests, policy checks, rollback mechanisms and clear human escalation paths.
The risk isn’t evenly distributed by company size, either. Larger enterprises — those with 2,500 or more employees — are moving toward zero-human deployment fastest, at 70% versus 64% for smaller companies, and they’re also shipping more agents that go on to fail a customer, at 54% versus 48%.
That is the warning for enterprise leaders. Removing the human from the loop does not remove uncertainty. Without stronger assurance, it converts uncertainty into an automated production decision.
The market will keep pushing toward greater autonomy because the economic incentive is real. The organizations best positioned won’t be those that remove people fastest — they’ll be the ones that treat repeatability and regression testing as seriously as deployment speed.
A new version of the RedHook Android malware abuses the Android Wireless Debugging (Wireless ADB) mechanism in a novel way to gain shell-level privileges without requiring a computer connection.
Researchers at cybersecurity company Group-IB analyzed the new release of the mobile malware and say that it significantly expands its capabilities compared to the previous variant documented in 2025.
At the same time, the malware retains its remote access trojan (RAT) features, allowing it to stream the screen, intercept keystrokes, automate UI interactions, and steal credentials.
ADB (Android Debug Bridge) is Google’s debugging interface that lets a user control an Android device from a command line.
The system, which runs on an Android device as an ADB daemon, enables executing shell commands from a computer running the ADB client.
Wireless ADB, first introduced in Android 11, provides the same capability wirelessly, without requiring the devices to be linked via a USB cable.
RedHook essentially turns the phone into its own ADB client by tricking the victim into granting it Accessibility permissions, which let it automatically manipulate Settings, enable Developer Options, and activate Wireless Debugging.
After that, the malware retrieves the pairing code displayed on the screen and connects to the phone’s ADB service via the loopback interface (127.0.0.1).
Once paired, the malware gains shell (UID 2000) privileges, which are significantly more powerful than those available to normal Android apps, though not root-level.
The entire attack chain does not require the device to be rooted, so it works across all Android devices as long as the user is tricked into approving the Accessibility Service permission request.
Next, the malware deploys a Shizuku-based framework to execute shell commands, grant itself additional permissions, modify protected Android settings, silently install or remove applications, and perform various operations without displaying user dialogs.
Shizuku is a legitimate Android utility popular among power users and developers, and does not require a rooted device.
RedHook executes Shizuku code as part of its attack chain, using it as a privileged server (libmx.so) to invoke privileged Android APIs as UID 2000.

According to Group-IB’s report, the current version of the malware supports 53 server-issued commands, which include:
The malware’s multiple persistence mechanisms are also highlighted in Group-IB’s report.
RedHook uses silent audio playback to increase process priority, WakeLocks to prevent CPU sleep, and two services that restart each other when one is terminated.
Other mechanisms include a five-minute watchdog alarm, automatic restart after device boot, and setting oom_score_adj to -1000 to reduce the likelihood of being killed when available system memory is low.
The latest version of RedHook is distributed through social engineering, via messages and phone calls where attackers impersonate government agencies or financial institutions to direct victims to fake Google Play sites.
Android users are advised to install apps only from Google Play, scrutinize requested permissions at installation, and ensure that Play Protect is active on the device.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
ON-PREM
Consumption rose another 10% while restrictions on most new grid connections remained around Dublin
Electricity used by datacenters in Ireland increased by 10 percent during 2025, despite an effective moratorium on most new datacenter grid connections in the Dublin area.
The latest figures from Ireland’s Central Statistics Office (CSO) show that giant server farms now account for nearly a quarter of the country’s metered electricity consumption.
Their share rose to 23 percent in 2025 after passing 20 percent in 2023 and 14 percent in 2021 – up from just 5 percent way back in 2015.
According to the CSO, the energy sucked up by massive bit barns increased by 10 percent last year, expanding from 6,973 gigawatt hours (GWh) in 2024 to 7,663 GWh in 2025. All other customers consumed just 2 percent more electricity over the same period.
In fact, datacenters used more electricity than urban households, which accounted for 18 percent of metered use, and more than twice the rural-household share of 9 percent.
“Datacenter consumption has grown every single year without exception, more than doubling between 2015 and 2019 from 1,240 GWh to 2,490 GWh, and tripling again between 2019 and 2025, reaching 7,663 GWh,” commented Grzegorz Głaczyński, statistician in the CSO’s Climate and Energy Division.
Things got so bad in Ireland that at one point there were fears that the ever-expanding data dormitories might eat up as much as a third of the Emerald Isle’s electricity by now.
The Commission for Regulation of Utilities (CRU) put an effective moratorium on connecting new server farms to the electricity grid, at least in the Dublin area, where much of the activity tends to concentrate.
This was lifted in December of last year, meaning electricity consumption still rose by a tenth while the moratorium was in place for nearly all of 2025.
Under stricter new regulations, server farm operators seeking a grid connection of more than 10 MW must also now provide generators or battery systems capable of providing the same power. They will be required to feed power back to the national grid, if and when required, a system already pioneered by Microsoft and Digital Realty.
Like a growing number of places, Ireland has also seen protests against datacenters, which perhaps isn’t surprising given that there are understood to be more than 80 of them for a relatively small country of just over 5 million people.
Even in the US, the Trump administration is having to work to defuse public opposition to datacenters, asking the tech giants to commit that their expanding server farm estates won’t spike energy bills or drain local water supplies across the US. ®
OPINION Things you might not know about me. I was the first person to write a popular article about the web. Little did I, or anyone else, know how it would change everything. Our lives were transformed when all of human knowledge became just a click away. That was then. This is now. Today, more web traffic now comes from bots than humans. We’re just picking up AI’s crumbs.
That was not how it was meant to be. Mind you, I was never an internet idealist. I didn’t think the internet would set us free and lead us to a technological paradise. I did think, however, we’d do better than we have. The internet quickly became, as the song goes, for porn. That was relatively harmless, though, compared to doxxing, targeted misinformation, and automated botnets and troll farms. But there was still some good, although it was hard to find at times. And it was all driven by people.
Now it’s another story. Cloudflare’s public Radar “Bot vs Human” tracker is reporting that bots now account for roughly 57-58 percent of HTTP requests for HTML content, compared with about 42-43 percent from humans. Meanwhile, Imperva’s Bad Bot Report based on 2025 data put bots at about 53 percent of measured web traffic for the second year in a row, with humans at 47 percent.
Separately, according to Pangram, an AI detection company, on websites such as LinkedIn, Medium, Twitter, and Reddit, “about one in four long-form items were fully AI-generated.”
The company went on to report that “LinkedIn was the most AI-saturated platform, where more than 40 percent of long-form posts [were] flagged as fully AI-generated. However, if we included mixed AI and human content, X/Twitter was the worst off: almost half of X articles were either fully AI-generated (23.9 percent) or AI-assisted/mixed (22.9 percent), with only 53.2 percent of X articles flagging as fully human-authored.”
There are that many flesh-and-blood people still posting on LinkedIn and Twitter? Based on what I’ve been seeing, I’d have guessed there were fewer.
So, with the web increasingly written and consumed by AI, where does that leave us, exactly? Nowhere good.
It’s not just online. AI is everywhere. A non-fiction writer friend of mine “wrote” a novel last year using AI as a goof. It was, well, awful. But he put it online to see what would happen. A year and a half later, it’s still bringing in a few thousand dollars a month. That’s a lot better than many full-time, mid-tier novelists I know are doing.
Of course, AI isn’t actually writing anything. It’s really a copy-and-paste scam on an industrial scale. OpenAI and the other AI powers claim it’s not so. However, a recent court filing by the New York Times and others alleges that Vincent Monaco, who leads privacy engineering at OpenAI, acknowledged in a deposition that “OpenAI had searched training datasets and output data despite the company’s initial claims that it couldn’t access that data. The outlets also alleged OpenAI deleted logs, a violation of the court’s preservation orders.”
As it happens, one of the publishers suing OpenAI is Ziff-Davis, which published my web article back in 1993. Since then, it’s published thousands of my Linux and open source news stories, how-tos, interviews, and features. So, when someone accuses me of using AI in my Linux stories, my reply is “Where do you think AI got that information and phrasing in the first place? Hello! It was me.”
Just go ahead and cut me a check, OpenAI, and all will be forgiven.
That said, another AI problem I’m all too painfully aware of is that you can’t trust AI’s answers. When AI tells you something about Linux, for example, it’s not just quoting me, the Linux Kernel Mailing List, or Linux Weekly News. No, it’s also pulling data from Ima Moron, a poster from a deservedly obscure subreddit.
Repeat after me: AI isn’t intelligent at all. It’s just a copy-and-paste of words that are likely to go together. It may sound right, but it often isn’t. Confidence is why so many buy AI garbage as gospel truth. You really can’t trust it.
The reason I use Perplexity as my search engine isn’t that it’s more accurate than other AI LLMs; it’s that it shows me its sources. I can see if what it just turned up is the real thing or just BS. Guess what? It’s often crap.
It’s only going to get worse. I saw the AI model collapse coming back in 2025. It’s here now. When I dive into AI “answers” today, every time and in every question, I find it referring not to primary or reputable secondary sources, but to AI summaries. When you pile garbage on top of garbage you do not get reliable information.
I see this all the time in Google’s AI Overviews. That’s one of the reasons I almost never use Google anymore.
Unfortunately, everyone else is using Google’s made-up answers and not even looking down the page to get a real answer from a true expert, or at least someone with a clue about your question of the day.
I can tell on many subjects when an answer is likely to be accurate. But I don’t have a clue about medical treatments. I wouldn’t trust an AI answer on a serious health problem at all. Nevertheless, I know millions of people do that every day. That’s seriously scary.
Equally worrying is that many of us now turn to AI for companionship. I understand loneliness, but this is no cure; it’s, at best, a sticking plaster.
You see, the web really is written by AI for AI. We’re losing both accuracy and humanity. This is not the web I’d hoped we would end up with. I fear there’s no way we can reverse this trend. We’d rather have easy, fast answers and artificial companionship than the real things. That’s profoundly sad.
Pass the cheese. ®
Ruark Audio is turning 40, and rather than celebrate with a badge slapped on a press release and a commemorative mug no one asked for, the British manufacturer has introduced the R410 Anniversary Edition, a limited production version of its all in one music system finished in White Oak veneer with an ebonised grille and ebony veneer inlay.
Only 500 systems will be produced worldwide, each carrying an anniversary badge. The system is listed at £1,399, with wider European pricing reported at €1,599, and Ruark says the Anniversary Edition is due for release in August. Fidelity Imports has not yet confirmed U.S. pricing, but we will update this story when that information becomes available.
That makes this less of a new platform and more of a carefully dressed version of a product Ruark already understands rather well. The R410 remains part of the company’s 100 Series, sitting alongside the R610 Music Console, R710 CD Hi-Fi Console, and R810 Radiogram. The difference is that the R410 keeps the entire system in one cabinet: streamer, amplifier, DAC, phono input, radio, HDMI ARC/eARC, speakers, display, and physical controls. No speaker matching. No rack. No cable spaghetti slowly turning your living room into a failed Maplin or Crazy Eddie’s demonstration.

The Anniversary Edition’s biggest visual change is the cabinet. Ruark has moved from the standard R410 finishes to a White Oak veneer cabinet, paired with an ebonised grille and ebony veneer inlay. That contrast matters. The regular R410 already leaned into mid century modern cues, but this version looks more deliberate and less like another lifestyle audio box trying to win a design award by being beige and harmless.
The matching limited edition R-CD100 CD player, finished in ebonised casework, will also be available alongside it. That is the right move for anyone with shelves full of discs they actually intend to play. Having already reviewed the R-CD100 CD transport, it is also a logical add-on for any compatible Ruark system.
Ruark’s pitch is clear: one box that can handle streaming, radio, vinyl, TV audio, local files, Bluetooth, and optional CD playback. The R410 Anniversary Edition supports Apple AirPlay 2, Google Cast, Spotify Connect, TIDAL Connect, and Qobuz Connect. It also includes Internet Radio, FM with RDS, UPnP/DLNA media server support, Bluetooth 5.1 with aptX HD, AAC, and SBC, plus Wi-Fi networking listed as 802.11 a/b/g/n/ac/ax.

DAB/DAB+ support is also included, although that matters far more in the U.K., Europe, Australia, and other active DAB markets than it does in North America, where HD Radio remains the relevant terrestrial digital radio format.
The wired side is not an afterthought either. There is HDMI ARC/eARC for TV audio, an optical input up to 24-bit/96kHz PCM, stereo RCA line input, a moving magnet phono input with adjustable gain, Ethernet, USB-C file playback and charging, and a mono RCA subwoofer output.
That is the reason the R410 is more interesting than most wireless speakers. It acknowledges that people still own televisions, turntables, CD collections, NAS libraries, and occasionally brains. Unless you live in Maine at the moment and still think Platner was a viable candidate for the U.S. Senate.
Inside, the R410 Anniversary Edition uses a fully active 120 watt Class D amplifier, twin bass reflex cabinet architecture, two 100mm Ruark NS+ bass mid woofers, and two 20mm silk dome tweeters. Ruark also specifies Burr-Brown 32-bit/192kHz DAC and ADC stages, adjustable bass and treble, and switchable Stereo+. Hi-res file support goes up to 32-bit/192kHz for FLAC, AIFF, ALAC, and WAV. MP3 is supported up to 48kHz/320kbps, while AAC is supported up to 96kHz/320kbps.
The display and control system are part of the appeal. The R410 uses a 4-inch colour TFT display with auto dimming and Ruark’s familiar RotoDial control, supported by a rechargeable wireless remote. That sounds like a small thing until you have spent ten minutes inside a rival app wondering why changing inputs now feels like filing a planning application with the Long Branch council. Ruark’s best products work because they remain physical, tactile, and understandable. The company has figured out that convenience should not mean surrendering every useful control to a phone.
We have spent a fair bit of time with Ruark over the past two years, and the appeal has become clearer with each product. The company is not chasing the usual wireless-speaker race to the bottom, nor is it pretending that every listener wants a rack full of separates.
The R410 Anniversary Edition lands in the middle of that strategy. It is not as ambitious as the R810. It is not as flexible as the R610 or R710 if you want to choose your own loudspeakers. But it may be the cleanest expression of what Ruark is trying to do for listeners who want better sound without turning their living room into a dealer demo room. It is for someone who wants one system, proper source flexibility, attractive industrial design, and enough sonic ambition to make a Sonos or soundbar solution feel rather underdressed.


The Ruark R410 Anniversary Edition is not trying to reinvent the R410, and that is probably wise. The core system already made sense: serious streaming support, a real phono input, HDMI ARC/eARC, radio, optional CD playback, useful physical controls, and a cabinet that does not look like it escaped from a router factory.
What makes this version different is the execution. The White Oak veneer, ebonised grille, ebony inlay, anniversary badge, and 500 unit production run push it closer to collectible territory without turning it into a ridiculous luxury object. For listeners who want a handsome all in one system that handles modern streaming, vinyl, TV audio, radio, and CDs without demanding a full rack, this is Ruark making a very clear argument.
For more information: ruarkaudio.com
The iPad Pro with M6 is expected in early 2027 and Apple may release upgraded Apple Pencil models with easier-to-replace batteries in time for new EU regulations.
The European Union mandated in 2023 that consumer electronics must have easily replaced batteries by 2027. One of Apple’s notoriously impossible-to-repair products is the Apple Pencil, which could see some design changes to meet this mandate.
According to the “Power On” newsletter from Bloomberg, Apple is expected to release an updated Apple Pencil Pro and Apple Pencil with USB-C in early 2027. That timing aligns with previous reports of an iPad Pro refresh during the same release window.
No details about the new Apple Pencil models were provided. There isn’t any information about what new features might be introduced or how the design might change to accommodate easily-replaced batteries either.
Due to the regulatory requirements, the entire upgrade could simply be focused around the battery change. Currently, the Apple Pencil is a hunk of plastic filled with glue and is virtually impossible to repair.
Apple’s focus on selling what is essentially a plastic unibody stylus means it had no seams, screws, or separation points anywhere. Adding the USB-C port in the Apple Pencil with USB-C that hides behind a sliding mechanism was quite the design change on its own.
Because of the sliding mechanism, the lower-priced Apple Pencil with USB-C may be the easier product to redesign with replaceable batteries in mind. It isn’t clear how Apple might adapt the solid Apple Pencil Pro for the regulation.
To offer a guess, since the Apple Pencil tip is replaceable and offers the single seam in the device, it could also act as an entryway for internal access. Of course, the use of glue would need to be reduced or thrown out entirely.
Outside the iPhone, which has already been designed to accommodate the rules, EU battery regulations will require dramatic changes to some of Apple’s product designs, or necessitate quite clever solutions. It remains to be seen how something like AirPods might meet the regulatory standard.
Enterprise companies are running AI agents ahead of the controls needed to manage them — and they deployed that way knowingly. That is the central finding from VentureBeat Research’s June survey of 573 technical leaders at companies with 100 or more employees, fielded across five parallel surveys of the agentic stack.
Enterprises are now retrofitting to catch up with their own standards, and they are budgeting for it: Roughly six in 10 enterprises plan to switch or add vendors in each of five control layers within the next 12 months, and roughly a third — depending on the layer — plan to move within the quarter, the research finds.
There are five main layers where enterprises are building: identity for agents (which agent is allowed to do what, under whose credentials); evaluation of agent output (whether the work is any good); cost telemetry (what each agent costs to run); the context layer (the business data and definitions agents draw on to answer); and the orchestration control plane (the software that coordinates multi-step agent work).
Enterprises are already paying the price for deploying agents ahead of adequate control functions. Fifty-four percent of companies had an agent security incident or near-miss caught before harm in the past 12 months. Twenty-seven percent exercise only reactive control of agent spend — they learn what an agent costs when the invoice arrives, with no per-agent budget or ceiling in place.
573 respondents at organizations with 100+ employees, across five surveys fielded in June 2026:
101 orchestration · 157 reliability/evals · 107 security/identity · 107 infra/compute · 101 context/RAG
Samples are self-selected; read findings directionally. Trust the pattern over exact percentages — every survey, independently, points the same way, with deployment running ahead of governance, visibility and cost control.
Here are the five findings that anchor the set — one finding per layer of the tech stack — and what the data suggests doing first in each.
Eighty-six percent of enterprises that run their own GPUs report utilization of 50% or less. Wall Street has spent the quarter debating whether the AI buildout is overbuilt. This is buy-side measurement, from the enterprises doing the buying, and the research says the most expensive hardware in buildings of these enterprises runs at no more than half its capacity.

The measurement gap compounds it: A minority 44% rigorously track what their AI compute actually costs and returns. Everyone else is only estimating. And the enterprise shopping process continues regardless: 45% of these enterprises say the emerging compute option they are most likely to evaluate in the next 12 months is an AI-specialized cloud (CoreWeave, Lambda, Crusoe, Nebius). However, under 2% of these enterprises report using one of these neoclouds today.
Moreover, roughly one in three companies appears to be considering a hedge against Nvidia: Asked which emerging compute option they are most likely to evaluate in the next 12 months, 32% of enterprises named non-Nvidia accelerators (AWS Trainium, Google TPUs, AMD), while 28% named next-generation Nvidia GPUs. The data suggests that enterprises should measure the utilization and per-workload cost of the GPUs they already own before committing budget to new compute — whether that’s an AI-specialized cloud contract, new accelerators, or more GPUs.
Seventy-one percent of enterprises say a quarter or fewer of their deployed “agents” can complete multi-step work on their own; the rest are single-prompt chatbots. Only 10% say true agents are the majority of what they run. To be sure, the respondents reported that they are in a position to know these things: 81% said they recommend or decide AI purchases at their companies.

That finding — that most agents are actually just chatbots in trenchcoats — lands amid adoption claims across the industry running well ahead of what enterprises are actually running. Gartner predicted 40% of enterprise applications will be integrated with task-specific AI agents by the end of 2026, up from less than 5% in 2025. It also warned that the most common misconception is referring to these AI assistants as agents, a misunderstanding known as “agentwashing.”
Meanwhile, Zapier’s enterprise survey said 72% reported deploying or testing autonomous agents; and Writer’s 2026 survey has 97% of executives saying their company deployed AI agents in the past year.
Those surveys asked whether companies have deployed something called an AI agent, and companies said yes. Our survey asked the people running those deployments a harder question: Of the agents you have in production, how many can complete a multi-step task without a person driving each step? The gap matters for two practical reasons. First, the inflated adoption figures are the benchmark boards and vendors use to pressure technical leaders into moving faster — and this data says the real bar is far lower than the headlines suggest. Second, the label determines the bill: A single-prompt chatbot with a human reading every answer needs none of the identity, evaluation, and cost controls this report covers, while a true multi-step agent needs all of them.
Two-thirds of enterprises fall into one of two camps: 34% already allow an AI agent to push a code or system change to production based on automated evaluation results alone, with no human reviewing it, and another 33% are actively engineering their pipelines to allow that within the next 12 months. Only five percent fully trust the automated evaluations that would make that decision.

The distrust is earned. Half of enterprises shipped an agent that passed internal evaluations and then caused a customer-facing failure in the past year; a quarter watched it happen more than once. Asked to name the biggest weakness in their current evaluations, more enterprises chose “poor alignment with real-world outcomes” than any other answer — 29% of respondents.
And most of the checking happens before an agent ships, then stops. Once agents are live with real users, only 23% of enterprises run real-time quality checks on the answers those agents produce. Another 51% monitor system health only — uptime, request traces, and gateway logs — which tells them the agent is running, and nothing about whether its answers are right. The first move: Before removing human review from any workflow, test your evaluations against production outcomes rather than internal benchmarks, and instrument answer quality, not just uptime.
This finding is explored in more depth in VentureBeat’s related coverage of the evaluation gap, which found that larger enterprises are moving faster toward zero-human deployment while also failing more often — and outlines a regression-testing framework built on production outcomes rather than internal benchmarks.
Sixty-nine percent of companies allow agent credential sharing somewhere in their agent fleet during runtime – meaning multiple agents operating under one API key or service account. Those companies were far more likely to get hit: Organizations with credential sharing anywhere in the fleet experienced a security incident or near-miss at a 63.5% rate (47 of 74), against 40.9% (9 of 22) where every agent has its own scoped identity.

The takeaway for enterprises is this: Give every agent its own scoped identity, starting with the agents that touch production systems.
Fifty-seven percent of enterprises traced at least one confident, wrong agent answer in the past six months to missing or inconsistent business context: wrong metrics, stale definitions, absent documents. Most of them watched it happen more than once.

Most enterprise companies are fixing this, even though they’ve moved forward with agent deployment already: 25% already run a governed semantic layer, or one governed definition of the business that every AI reads from, in production. However, 34% are still building one, and 41% haven’t started. The takeaway: Govern the definitions your agents answer from, metrics and entities first, before scaling the agents that depend on them.
One more shift is worth reporting with its limits stated plainly. In our spring orchestration survey wave, the top concern about provider-controlled orchestration was security and permissioning limits (32%). By June, vendor lock-in led at roughly a third, with security limits at 28%.
Those are two snapshots one quarter apart, and here’s one possible explanation for why portability became a top issue for enterprises. Our June survey went into market after a June 12 U.S. Commerce Department export order took Anthropic’s Claude Fable 5 offline for enterprises for roughly three weeks. Meanwhile, Chinese company Z.ai released GLM-5.2’s open weights under an MIT license on June 16 at roughly one-sixth of GPT-5.5’s price; and Tencent’s Hy3 arrived July 6 under Apache 2.0; and OpenAI previewed GPT-5.6 on June 26 to a small group of government-vetted partners, opening it broadly on July 9 after the government’s review cleared. The open-weight releases in particular promise enterprises more control over their agents, and while we haven’t established a causal link here, the timing is worth noting.
The posture data matches the mood: 51% now expect their primary control plane for enterprise agents to be hybrid — provider-native plus external orchestration — by the end of 2026, up from 34% in the spring survey wave. Enterprises reporting that they rely purely on provider-managed agent services fell from 12% to 7%.
The synthesis across all five surveys reveals a huge “buying” window. In each of the five control layers, 57% to 64% of enterprises plan to switch or add vendors within 12 months — 64% in infrastructure and in evaluations, 59% in agent security, 57% in retrieval and context — and 26% to 38%, depending on the layer, plan to move within a quarter. No layer has an established incumbent: The most common evaluation tooling is the model provider’s built-in evals, tied with no dedicated tooling at all (17% each); 82% of respondents name provider-native or hyperscaler controls as their primary agent security layer; and provider-native retrieval leads the context technology layer (RAG, etc) as well.
Most enterprises are defaulting today to the built-in tools that ship with the big AI platforms they already use: Anthropic, OpenAI, Google, Microsoft, and AWS. That holds true across every one of these agentic technology layers: enterprises are looking to their primary cloud and model providers to supply the guardrails, evaluations, and retrieval solutions already bundled into those providers’ offerings.
Those defaults are winning on convenience, and they’re also what the coming spending decisions will test. The survey didn’t ask which direction that money moves — toward the platforms’ built-in tools or toward the specialists challenging them — which is exactly why every contract in these five layers is worth watching over the next four quarters.
The Q3 survey wave will measure whether the enterprises made good on these budget plans: whether their agents gained scoped identities, whether evaluations got tested against production outcomes, whether GPU utilization rose, and whether the semantic layers under construction shipped.
VentureBeat will release the full Q2 reports across all five VB Pulse trackers at VB Transform, July 14–15 at Hotel Nia in Menlo Park, where we convene enterprise technical leaders building autonomous agents in production.
Disclosure: VentureBeat produces both this research and VB Transform
OpenAI on Thursday launched ChatGPT Work, a new AI agent embedded inside its flagship chatbot that aims to transform ChatGPT from a question-and-answer tool into an autonomous work platform capable of executing complex, multi-step tasks across users’ email, calendars, code repositories, and messaging apps.
The product is powered by OpenAI’s latest flagship model, GPT-5.6, and is designed to go far beyond generating text. ChatGPT Work can gather context from connected apps, files, and workflows to produce finished documents, spreadsheets, presentations, reports, and websites. The agent takes a stated outcome, breaks it into smaller steps, and stays with complex projects for hours, completing them independently.
The launch marks OpenAI’s clearest attempt yet to reposition ChatGPT as a workplace platform rather than a chatbot — and it arrives at a moment of extraordinary financial significance for the company. Last month, OpenAI confidentially submitted a draft S-1 registration statement to the SEC, initiating what could become one of the largest technology IPOs in history, with reported valuations clustering between $730 billion and $852 billion and annualized revenue that has blown past $25 billion.
In a short demonstration and conversation with VentureBeat on Friday, Ty Geri, a product manager at OpenAI who helped build ChatGPT Work, said the product’s mission is to democratize the kind of agentic AI capabilities that OpenAI’s internal engineering tool, Codex, has already demonstrated. “What’s really exciting is we’ve seen how much Codex has been able to push the frontier of what we can get done with these AI tools, as opposed to just getting information or answers or guidance,” Geri said. “Our internal adoption of Codex is literally an exponential curve across every single product function and every single use case.”
The core architectural bet behind ChatGPT Work is a persistent cloud-based virtual machine that runs on OpenAI’s servers, always available to the user regardless of which device they happen to be on. That marks a deliberate departure from competitors whose agents require a local machine to remain powered on and connected.
“What’s really exciting about ChatGPT Work is that it’s a virtual machine in the cloud that’s always on for you, and this is available across all of our paid tiers,” Geri said. “All Plus users are getting this. I think that’s a very unique aspect of this.”
The mobile-first aspect of the launch is something Geri described as “missing from the market.” He pointed to the ability to create a website on a phone and share it with collaborators as a particularly novel capability. “Sites are new in general to Codex. They launched in Codex about a week and a half ago, but now we’re launching also in web and mobile. You can create a site on your phone at the beach and share it with your friends,” he said.
ChatGPT Work will roll out beginning with Pro, Enterprise, and Edu users, and will expand to Plus and Business users over the next few days. In the interview, Geri emphasized that the availability of the product to Plus subscribers — not just premium tiers — is central to OpenAI’s strategy. “It’s accessible to all paid plans, including Plus users, which in my opinion is a really big feat, and really part of that OpenAI mission, which is about bringing all this power to as many people,” he said.
The product relies on MCP-based plugins to connect to external services like Gmail, Google Calendar, Slack, and GitHub. When asked whether the plugin architecture is based on the Model Context Protocol standard, Geri confirmed: “These are all based on MCP.” He added that connecting multiple Gmail accounts — a frequent user request — “is definitely on the roadmap.”
The experience is designed to be action-oriented from the first interaction. ChatGPT Work offers a personalized onboarding flow that surfaces different suggested use cases depending on the user’s role. Geri demonstrated how the system, detecting his role as a product manager, immediately suggested tasks like evaluating AI systems, building research artifacts, and managing his calendar. “You can start with a simple task like catch me up on Slack or Teams or read today’s calendar,” Geri said. He described a scenario where the system reviewed his calendar, identified scheduling conflicts, flagged meetings requiring preparation, and then — on his instruction — declined, accepted, or rescheduled events directly.
Users can also customize the agent by teaching it their writing style, organizing outputs into projects, and — in a lighter touch — choosing a virtual pet that accompanies them in the interface. The interface also introduces a hosted website feature that allows users to build and share interactive sites directly through ChatGPT Work, turning what would typically be a static slide deck into a dynamic, collaborative artifact. “Now we suddenly have a collaborative interface that’s actually more exciting and more accessible than a slide deck, which has all these formatting restrictions,” Geri said.
Geri’s own usage of ChatGPT Work illustrates the breadth of tasks the system can handle. In the run-up to the product’s launch, he needed to organize pre-release testing sessions — known internally as “bug bashes” — across dozens of features and team members.
“I just come to ChatGPT Work and say, ‘Set up a bug bash for all the distinct features in ChatGPT Work. Add all the people that worked on that feature,’ and it can check Slack, it can check GitHub, it can check Docs, and find a time that works for the four highest contributors to that feature,” Geri said. “It went and scheduled 10 bug bashes, all coordinated across all those different people. That would have taken me 30 minutes at least.”
But Geri pushed back against the characterization that ChatGPT Work is limited to rote administrative work. He described using it for analytically complex tasks like identifying the biggest causes of user churn for specific product features and generating product solutions — work he said would previously have taken months. “Things that we would have spent three months doing, we can now spend a week doing — and do much more, and make a much better product,” Geri said. “Bugs that we would have found three or four weeks from now, we can now find within two days and fix for our users.”
He also described handing off the tedium of product testing itself. “It used to be that even though like the most interesting part of my job is like what to test, I would actually end up having to spend most of my job doing the testing, which is like me taking a mouse and like clicking on the same thing over and over again, like five times,” Geri said. “Instead, now I can define what do we want to test, and ChatGPT Work or Codex can actually go test it for me, deliver me that bug report, and then we can work on fixing that bug.”
When pressed on data privacy concerns — given that ChatGPT Work pulls sensitive information from workplace tools like Slack, Google Drive, and email — Geri said privacy “is incredibly important, and the most important part of this is it’s always in the user’s control.”
He pointed to OpenAI’s existing enterprise security infrastructure, noting that “enterprise accounts have ZDR, and users can always opt out of letting their conversations help improve future models, which many users do.” The comment aligns with assurances OpenAI made when it first launched ChatGPT Enterprise in August 2023, when the company wrote in a blog post that it does “not train on your business data or conversations.”
The privacy question carries additional weight now because of the sheer volume of sensitive workplace data ChatGPT Work is designed to access. Unlike a chatbot session where a user voluntarily pastes text into a prompt, ChatGPT Work actively reaches into connected systems — reading Slack messages, scanning calendar invitations, pulling GitHub commit histories — to assemble context for its tasks. That represents a fundamentally different data surface area than anything OpenAI has offered before, and one that enterprise security teams will scrutinize carefully before granting access.
ChatGPT Work lands squarely in the middle of what has become the defining competitive battlefield in enterprise AI: the race to build autonomous workplace agents that can go beyond generating text and actually execute tasks.
The product arrives months after Anthropic took Claude Cowork out of preview and into general availability in April, bringing its AI agent to web and mobile platforms aimed at helping enterprise users monitor and manage long-running AI-driven tasks from anywhere. Meanwhile, Microsoft made Copilot Cowork generally available worldwide on June 16, built in partnership with Anthropic to move beyond chat and into execution. The three products — ChatGPT Work, Claude Cowork, and Microsoft Copilot Cowork — now compete directly for the attention of enterprise IT departments and individual knowledge workers alike.
The convergence is striking. All three products share a remarkably similar vision: a persistent AI agent running in the cloud that can break complex tasks into steps, connect to workplace tools via plugins, and produce finished outputs rather than just conversational replies. All three work across desktop, web, and mobile.
What distinguishes OpenAI’s approach is its raw consumer distribution advantage. ChatGPT has reached 900 million weekly active users, and OpenAI now has 50 million paying subscribers. More than 9 million paying business users rely on ChatGPT for work, and 92% of Fortune 500 companies now use ChatGPT. By making ChatGPT Work available to Plus subscribers at $20 a month — not just Enterprise or Pro customers — OpenAI is betting that broad accessibility will drive adoption faster than any competitor can match.
When asked about the potential impact on the labor market, Geri was careful with his framing. He declined to speak broadly about workforce disruption but offered his personal experience as a product manager whose day-to-day work has been substantially reshaped by the tool.
“My job is not to schedule bug bashes and find out who contributed to a specific feature. That’s a task I do in my job, but that’s not my job,” Geri said. “My job is to make an amazing product.” He described ChatGPT Work as “a partner” and “an extension of me, certainly not a replacement,” adding: “Everybody feels far more productive than before, but is also almost working harder than before, because you get to work on all the things you want to work on as opposed to the drudgery around it.”
But Geri was also careful not to minimize the sophistication of the work the agent can handle. “I also don’t want to say that it’s only doing mundane tasks because, like something like hill climbing retention curves on a given feature is not mundane. It’s actually really hard to do,” he said. The distinction matters. If ChatGPT Work were merely automating calendar invitations and expense reports, it would be a convenience tool. The fact that Geri describes it compressing three months of analytical product work into a single week suggests something with far greater implications for how teams are structured and staffed.
The timing of ChatGPT Work’s launch is impossible to separate from OpenAI’s IPO trajectory. The company needs to demonstrate that it can convert its massive consumer user base into durable enterprise revenue — a narrative that becomes significantly more compelling with a product explicitly designed around professional workflows.
OpenAI said it is generating $2 billion in revenue per month, growing four times faster than Alphabet and Meta did at comparable stages, with enterprise now making up more than 40% of revenue and on track to reach parity with consumer by the end of 2026. But OpenAI remains heavily loss-making, and the company does not expect to reach profitability until around 2030, with internal projections suggesting losses of $14 billion in 2026 alone.
The competitive dynamics are unprecedented. Anthropic filed for its own IPO on June 1 at a $965 billion valuation, setting up simultaneous public listings from the two most prominent AI startups in history. Whether both can sustain their lofty valuations under the scrutiny of public market investors will depend in large part on whether products like ChatGPT Work and Claude Cowork deliver measurable productivity gains to paying enterprise customers.
The launch also caps a product trajectory that began with ChatGPT Enterprise in August 2023, accelerated through the release of OpenAI’s Operator agent in January 2025, and continued through Operator’s deprecation and shutdown on August 31, 2025, when its capabilities were folded into the ChatGPT agent framework. ChatGPT Work is the consolidation of those efforts into a single, unified product — one that pairs GPT-5.6’s three model variants (Sol for power, Luna for speed, and Terra for balanced everyday use) with a persistent cloud environment and an expanding library of MCP plugins.
When asked whether ChatGPT Work signals a shift toward a new kind of operating system — one where users interact with their computers primarily through an AI agent rather than through traditional mouse-and-keyboard interfaces — Geri stopped short of making sweeping predictions. But he hinted at the direction OpenAI sees ahead.
“Anybody who has worked with Codex or now ChatGPT Work will realize how exciting it is to interact with your environment and your computer via the agent,” he said. “Especially in the desktop app, where the model has access to your entire machine and can interact with websites on your behalf — it’s really able to be an extension of you and a real partner, and that certainly feels like the future.”
At the end of the interview, Geri circled back to something personal. “I’ve never enjoyed work as much as I have in the last month using ChatGPT Work and Codex,” he said — a striking admission from a product manager who, until recently, spent a meaningful share of his days clicking through the same interface five times in a row just to see if it would break. OpenAI is now asking 900 million users to believe that feeling scales. For a company weeks away from one of the largest public offerings in history, the answer to that question is worth roughly $850 billion.
Slopsquatting represents an emerging supply chain threat made possible by AI hallucinations. As developers increasingly rely on AI coding assistants, they unknowingly grant cybercriminals access to their software from day one.
Slopsquatting is a new type of supply chain attack that uses large language model (LLM) hallucinations to inject malicious code into development workflows. The term combines “AI slop” and “typosquatting,” a deceptive practice where attackers register misspelled or lookalike versions of popular domains to prey on users who enter URLs incorrectly.
This novel attack vector exploits LLMs’ tendency to generate fictitious software package names, which threat actors can then register and populate with malicious code.
During AI-assisted coding, the model may generate fake open-source packages — bundled collections of files, programs and installation tools. This alone is not necessarily harmful. However, if an attacker registers that fake package name, they can inject malware that gets incorporated directly into a developer’s codebase.
Traditionally, AI safety risks stem from hallucinations, which can adversely affect users who treat misinformation as valid. However, those same hallucinations have evolved into exploitable security vulnerabilities.
Typosquatting is a deceptive practice where a cybercriminal registers a mispelled version of a popular package to trick developers. It has existed for decades, so registries have built protections against it.
However, AI has changed the threat model. It recommends fictitious packages that sound plausible rather than making simple misspellings. Once attackers learn which hallucinated packages models tend to invent, they can register malware-filled packages under those names.
Since the hallucinated packages are not simply typoed versions of popular libraries, there are no protections against this practice at scale. For example, the registry protects against an attacker publishing “crossenv,” a squat of the popular “cross-env” package. However, it would not identify “mpn install cross-env file” or “cross-env-extended” as threats.
Even if many LLMs recommend the same hallucinated package, widespread compromise is still possible. Malicious packages could remain undetected in production for months or even years, allowing threat actors to passively inject malware across countless environments.
One research team analyzed 31,267 vulnerabilities belonging to 14,675 packages across 10 programming languages. They discovered that reported vulnerabilities are increasing at an annual rate of 98%, faster growth than the 25% annual increase in the number of open-source software packages. The team also observed an 85% increase in the average lifespan of vulnerabilities, indicating a decline in security.
Malicious actors can create open-access packages under the same name as commonly hallucinated libraries. Instead of standard code, they are filled with malware. The models believe they are referring to existing packages, so they often repeat the same hallucinated names. Since the hallucinations are not random, attackers could theoretically register packages that trick tens of thousands of developers.
These packages appear legitimate. String similarity to real libraries makes them recognizable. One-character typos suggest simple mistakes rather than malicious intent. Even fully fabricated names remain believable when the AI presents them in proper context. Detection is challenging, as developers trust their coding assistants to recommend valid dependencies.
LLMs generate the statistically most likely answer rather than prioritizing accuracy. Hallucinations are relatively common as a result. One study found hallucination rates range from 50% to 82%, depending on the model and prompting method. Even GPT-4o, the best-performing model, goes no lower than 23%, even with prompt-based mitigation.
Adversarial hallucination attacks could worsen this problem. Threat actors can leverage token-level manipulation or retrieval poisoning to force models to hallucinate in ways they want, increasing the likelihood that models recommend their malicious packages.
While all LLMs are prone to slopsquatting, some are more vulnerable than others. The likelihood of producing hallucinated packages during code generation depends on the model. Proprietary models are four times less likely to generate hallucinated packages than open-source models.
One research group proved this by conducting 30 tests across 30 different systems. Out of the 576,000 code samples and 2.23 million packages it produced, 19.7% were hallucinations. GPT-4.0 Turbo had a hallucination rate of 3.59%, while DeepSeek 1B, the best-performing open-source model, reached 13.63%.
This research suggests that organizations relying on open-source AI tools for code generation are roughly four times more exposed to slopsquatting attacks. That doesn’t necessarily mean proprietary tools will always remain safer, though. Once attackers realize this disparity, they may manipulate proprietary LLMs to take advantage of perceived safety.
Software developers who use AI tools estimate that over 40 percent of the code they commit includes AI assistance. They expect that percentage will increase considerably within the next few years. Already, 72% of those who have tried AI use it daily.
The uptick in vibe coding and AI-assisted coding amplifies the threat surface. As more developers integrate AI tools into their workflows without implementing proper verification processes, the attack surface for slopsquatting continues to expand.
For those using AI to assist with coding, double-checking output is essential. Verifying that recommended packages actually exist in official repositories before incorporating them into projects reduces risk.
Implementing automated checks that validate package names against known registries can help catch hallucinated packages before they enter production code. Security teams should also monitor for unusual package installations and maintain up-to-date threat intelligence on known slopsquatting campaigns.
Zac Amos is the Features Editor at ReHack.
Welcome to the VentureBeat community!
Our guest posting program is where technical experts share insights and provide neutral, non-vested deep dives on AI, data infrastructure, cybersecurity and other cutting-edge technologies shaping the future of enterprise.
Read more from our guest post program — and check out our guidelines if you’re interested in contributing an article of your own!
Know where to place your router and how to position its antennas should get you better coverage.
Let’s be honest here: have you ever actually read your router’s instruction manual to know how to position it properly? How about learning how the antennas should be placed too? I know I haven’t browsed beyond the technical setup pages or paid much attention to the rest of the booklet. Well, it turns out there’s actually a correct way to position both the router and the antennas.
The router’s antenna position directly affects Wi-Fi signal strength, coverage range, and dead zones throughout the home. Most people (yours truly included) plug in the router, leave it in a corner, and only think about it again when the internet is down. And most of the time, that’s fine — but if your Wi-Fi slows down in some rooms or starts stuttering during video streaming, for instance, the problem may not be your internet provider. It might just be you.
Thankfully, a few small adjustments can make a genuine difference. Fix the antenna direction, place the router in the right place and at the right height, and you’ll see quite the difference.
Most router antennas are omnidirectional, which means they broadcast in all directions at the same time. The signal is strongest perpendicular to the antenna, not along it, which makes sense because it’s not a lightsaber. Therefore, a vertical antenna that points straight up radiates signal outward horizontally, covering the floor you’re on.
A horizontal antenna does the opposite, pushing the signal upward and downward, which is useful if you have multiple floors. That’s why the way you set your antenna direction has actual, real consequences.
Modern dual-band routers broadcast on two frequencies simultaneously. First is 2.4 GHz, which provides slower speeds, but longer range and better wall penetration. 5 GHz, on the other hand, hits better speeds but is more susceptible to physical obstructions, while also covering a smaller area. Even newer tri-band routers also provide 6 GHz, which is a massive speed boost with near-zero interference. However, because it operates at a higher frequency, its signal doesn’t travel as far and struggles more to go through solid walls compared to 2.4 GHz or 5 GHz.
If you live in a single-floor home or an apartment, point all antennas straight up. Vertical positioning causes signals to radiate horizontally, hitting your entire home.
For homes with more than one floor, pointing all antennas straight up leaves other levels underserved. The solution, according to TP-Link, is to angle at least one antenna at around 30 degrees. The tilt is enough to spread the signal both sideways and vertically. Depending on how many antennas your router has, you could get a bit creative about which ones you place one way or the other.
The principle behind all this is the same — mixing antenna orientations fills in the gaps that a single direction leaves behind. As long as you match your antenna setup to the shape of your home, you’ll notice fewer dead zones.
We can’t discuss antenna positioning for proper coverage without also discussing router placement. You’ll only get the best results if you get both of these right. When it comes to where you should put your router, there are three factors to consider: how central the location is, how high off the ground the router sits, and what’s sitting nearby that could disrupt the signal.
A router needs a central location. If you’re placing it against an exterior wall, it wastes half its signal broadcasting outward into the open air. The height you’re placing it at is also important. TP-Link recommends placing your router about 1 to 1.5 feet off the ground, aligning the signal with most of your devices.
There are also several common household items you should not have near your router. Everything from microwave ovens to fish tanks, Bluetooth devices, metal objects and thick concrete walls can interfere with your Wi-Fi signal.
Obviously, you can’t have the router floating in the middle of the living room, but you’ll have to take at least some of these things into consideration when finding its home. Combine this with being extra careful about the position of its antennas and you’ll make the most out of the speed your internet plan provides.
A woman is bitten after her iPad is stolen, dozens of iPads are stolen from an elementary school, and a man is arrested for selling fake AirPods to police, all in this week’s Apple Crime Blotter.
The latest in an occasional AppleInsider series examining the world of Apple-related crime.
An iPad stolen from a victim’s car was tracked by police, leading to the arrest of a man with several outstanding warrants, including one for federal bank robbery.
According to Woodlands Online, it started when a victim in Harris County, Tex., reported the theft of items from their car. A stolen iPad was later traced to a specific address in Montgomery County.
Deputies noticed a vehicle at the residence, which Flock cameras had spotted near the scene of a Harris County burglary.
A man found at the house, identified as Michael Austin, had multiple outstanding warrants. This included a federal bank robbery warrant out of Illinois, a felony pardon and parole warrant, and a felony family violence warrant from Harris County,” the report said.
He was arrested without incident.
A woman in Everton, in the U.K., challenged a thief who had stolen an iPad and bank card from her home, and the assailant bit her for her trouble.
According to Liverpool Echo, while the woman got the items back, “the victim was threatened and suffered a bite to her hand, causing a small gash and bleeding.”
‘Woman bitten’ after iPad stolen from Liverpool homehttps://t.co/aQTFiQUfSJ
— Liverpool Echo (@LivEchonews) July 7, 2026
The man in question did appear on CCTV video.
Police responded in mid-June to a call that two dozen iPads had been stolen from an elementary school on Long Island.
News 12 Long Island reports the burglar entered Chatterton Elementary in Nassau County through an unlocked rear window and took 26 iPads before fleeing. In addition to the theft, police said, there was $300 in damage to window screens.
In another Long Island crime, also reported by News 12 Long Island, a man was arrested for trying to sell counterfeit AirPods to police.
It started when the 23-year-old was pulled over for a minor equipment violation when police noticed he had “several packaged Apple products” in his car. The driver claimed he sold the products as a side business and offered to sell the officers a set of AirPods for $50.
The officers were suspicious due to multiple “dead giveaways,” including that every package had the same serial number and that there were packaging errors. The man was arrested and charged with selling or attempting to sell counterfeit items.
These Long Island Apple crimes follow the high-profile hijacking of a truck carrying Apple products back in January near the Manhasset Apple Store, also on Long Island.
A New Jersey man ordered a new iPhone and had it delivered to a CVS store, described as a “safe pickup site.” But just because it wasn’t delivered to his porch doesn’t mean a porch pirate couldn’t get to it.
ABC 7 in New York explains a security camera recorded a thief arriving at the store, showing an ID, signing, and walking away with the iPhone that wasn’t his. The rightful purchaser of the iPhone received one message that the iPhone had been delivered and another that it had been picked up.
After 7 On Your Side looked into the matter, T-Mobile is working with the rightful owner to “resolve” the matter.
Police told the TV station they are “still looking for the suspect in the video and say he’s part of a crime ring.”
In June, a North Carolina man was arrested for entering a nursing home in Georgia, falsely claiming to work there, and stealing credit and debit cards from rooms there.
According to WSB-TV, the man later went to the Apple Store at Lenox Mall and attempted to buy an iPhone with one of the stolen credit cards, but one of the victims received an alert.
The man faces burglary charges, and also charges of exploiting the elderly, financial transaction card theft, and financial identity fraud.
A county deputy in Nebraska was fired in May, and a report in July revealed why: His iCloud account was linked to “images of potential child sexual abuse material, also referred to as CSAM.”
WOWT reports the National Center for Missing and Exploited Children had received a tip the previous December. This triggered an internal investigation that resulted in his firing.
The investigation also uncovered other allegations, including that the deputy was “taking photographs of on-duty female DCSO deputies and manipulating the photos using AI to generate nude images,” as well as various allegations of intoxication and violent threats.
The deputy appealed the finding but had the appeal denied.
At Delhi’s Connaught Place, a video went viral in July of a shopkeeper accusing a foreign tourist of taking an iPhone case from his store.
This white tourist allegedly took an iPhone case without paying and ran away in CP .
When the shopkeeper tried to stop him , he reportedly started abusing and arguing with the shopkeeper.
If thier country’s per capita income is higher , why do they behave like a beggar ? pic.twitter.com/FUo66pXlP8
— Pankaj (@Ragepkj) June 28, 2026
According to NDTV, the shopkeeper claims “the tourist picked up an iPhone case and tried to leave the store without making a payment. When he attempted to stop him, the tourist allegedly denied stealing anything and refused to stop.”
Open Thread: What Great Books Have You Read Recently?
Whats Hidden Inside This Cash Register? #treasure #reselling #money
Weekend Open Thread: Nutriplenish Leave-In Conditioner
Loro Piana Fall 2026 Enters Houston’s Art Scene
Anthropic’s new “J-lens” reveals a silent workspace inside Claude that mirrors a leading theory of consciousness
$1,000 Credit Alert! BlockDAG X Exchange Pre-Registration Now Officially Open, Polkadot Dips & Zcash Rebounds
AXT Shares Jump Nearly 14% as Semiconductor Materials Maker Rebounds on AI-Linked Indium Phosphide Demand
Joshua Pacio ‘more complete’ ahead of ONE rematch vs Malachiev
2026 Genesis Scottish Open Thursday TV coverage: Round 1
Best Time to Enter Small Caps Right Now? Another Bull Run? | Financially Free
SK hynix (000660.KS) Stock Dips as $28B Nasdaq ADR Offering Drives AI Memory Expansion
Anthropic brings Claude Cowork to mobile and web as usage data shows most users aren’t coding
Avoid entering in FOMO #bitcoin #cryptocurrency #trading #scalping
Super Eagles star Moses Simon opens up on Liverpool transfer regret
We have punished the disrespect
Binance lists Strategy’s STRC stock as company expands Bitcoin funding
Character.AI enters the microdrama arena with its own productions, but there’s a twist
9 Best Keyboards (2025), Tested and Reviewed
Enbridge: AI Tailwind Priced In (Rating Downgrade)
“What’s going on?!” Carl Froch discusses Floyd Mayweather Jr financial issues
You must be logged in to post a comment Login