Compact action cameras keep getting better at fitting into everyday life without slowing anyone down. This GO Ultra Creator Bundle from Insta360 delivers a complete setup built around a camera so small it feels like an afterthought until the footage starts rolling in. At the current price of about $425 (was $500), the package bundles the core camera with enough mounts and extras to handle vlogging, sports, or simple point-of-view recording straight out of the box.

When you open the box, you’ll discover the Action Pod, a Magnet Pendant, a Quick Release Safety Cord, a Magnetic Easy Clip, a Quick Release Mount, the Mini 2-in-1 Tripod 2.0, and the Pivot Stand, all ready to use. Save the microSD cards for now, as the rest of the gear is ready to use right out of the box. Clip the camera to your hat brim or shirt collar with the magnetic gubbins and you’ll nearly forget it’s there while it shoots great smooth footage.

Sale

Insta360 GO Ultra Creator Bundle – Small 4K Vlogging Camera, Hands-Free, POV Cam, 1/1.28″ Sensor, 53g…

• In The Box: 1x Standalone Camera, 1x Action Pod, 1x Magnet Pendant, 1x Quick Release Safety Cord, 1x Magnetic Easy Clip, 1x Mini 2-in-1 Tripod 2.0, 1x…
• Hands-Free POV & Wearable – Magnetic mounting lets you clip the camera to a cap or wear it with the Magnet Pendant, freeing up your hands for a…
• Lightweight & Portable – 53g and the size of a watch, built for conveniently getting 4K footage from any angle. Great for cycling, running, diving…

The camera is approximately the size of a small watch, but it has a 1/1.28-inch sensor capable of recording 4K video at 60 frames per second and sharp 50 megapixel still images. Then there’s the 156-degree field of view, which is a good angle without needing to step back to see everything. Plus, there’s some clever stabilization technology called FlowState that keeps the horizon from wobbling and movements from appearing jerky even when you’re running or riding a bike. Low-light situations are also much easier to manage, thanks to the PureVideo mode, which captures more information than previous models.

Battery life is actually much better than expected for a little camera of this size. The camera alone lasts about 70 minutes, and the Action Pod extends it to about 200. Recharge is very speedy; going from zero to 80 percent in 12 minutes should be plenty to get you through a great workout. Of course, the pod includes a flip screen, allowing you to frame shots while sitting on a tripod or mount.

The possibilities for mounting this camera are near infinite. You can hang the Magnet Pendant around your neck for some good chest-level POV footage, clip the Easy Clip and Quick Release Mount to helmets, bags, or automobiles, or use the Mini Tripod and Pivot Stand to make it into a decent desk or vlogging platform. Everything fits together remarkably simply and stays there even while you’re active.

Whatever you choose, the audio will sound clear, and the program can even perform some basic edits for you, such as removing highlights, adding simple transitions, and selecting music to fit. FreeFrame mode allows you to crop and reframe images as you see fit, or into whatever form you need for social media. The camera is waterproof up to 33 feet and can go deeper with one of the available cases, allowing you to film in the rain or shallow water whenever you want.

On May 19, 633 malicious npm package versions passed Sigstore provenance verification. They were cleared by the system because the attacker had generated valid signing certificates from a compromised maintainer account.

Sigstore worked exactly as designed: it verified the package was built in a CI environment, confirmed a valid certificate was issued, and recorded everything in the transparency log. What it cannot do is determine whether the person holding the credentials authorized the publish — and that gap turned the last automated trust signal in npm into camouflage.

One day earlier, StepSecurity documented an attack on the Nx Console VS Code extension, a widely used developer tool with more than 2.2 million lifetime installs. Version 18.95.0 was published using stolen credentials on May 18 and stayed live for under 40 minutes — but Nx internal telemetry showed approximately 6,000 activations during that window, most through auto-update, compared to just 28 official downloads. The payload harvested Claude Code configuration files, AWS keys, GitHub tokens, npm tokens, 1Password vault contents, and Kubernetes service account tokens.

The Mini Shai-Hulud campaign, attributed by multiple researchers to a financially motivated threat actor identified as TeamPCP, hit the npm registry at 01:39 UTC on May 19. Endor Labs detected the initial wave when two dormant packages, jest-canvas-mock and size-sensor, published new versions containing an obfuscated 498KB Bun script — neither had been updated in over three years, making a sudden version with raw GitHub commit hash dependencies a detection signal, but only if the tooling is watching.

By 02:06 UTC, the worm had propagated across the @antv data visualization ecosystem and dozens of unscoped packages, including echarts-for-react (~1.1 million weekly downloads). Socket raised the total to 639 compromised versions across 323 unique packages in this wave. Across the full campaign lifecycle, Socket has tracked 1,055 malicious versions across 502 packages spanning npm, PyPI, and Composer.

StepSecurity confirmed the payload contained full Sigstore integration. The attacker didn’t just steal credentials; they could sign and publish downstream npm packages that carried valid provenance attestations.

These two incidents aren’t isolated. Research teams at Endor Labs, Socket, StepSecurity, Adversa AI, Johns Hopkins, Microsoft MSRC, and LayerX independently proved that the developer tool verification model is broken, and no vendor framework audits all of the attack surfaces that failed.

Seven attack surfaces failed in the 48 hours between May 18 and May 19 — npm provenance forgery, VS Code extension credential theft, MCP server auto-execution, CI/CD agent prompt injection, agent framework code execution, IDE credential storage exposure, and shadow AI data exposure — and the audit grid below maps each.

The verification model is broken across all four major AI coding CLIs

Adversa AI disclosed TrustFall on May 7, demonstrating that Claude Code, Gemini CLI, Cursor CLI, and Copilot CLI all auto-execute project-defined MCP servers the moment a developer accepts a folder trust prompt. All four default to “Yes” or “Trust.” One keypress spawns an unsandboxed process with the developer’s full privileges.

The MCP server runs with enough privilege to read stored secrets and source code from other projects. On CI runners using Claude Code’s GitHub Action in headless mode, the trust dialog never renders. The attack executes with zero human interaction.

Johns Hopkins researchers Aonan Guan, Zhengyu Liu, and Gavin Zhong published “Comment and Control,” proving that a malicious instruction in a GitHub pull request title caused Claude Code Security Review to post its own API key as a comment. The same attack worked on Google’s Gemini CLI Action and GitHub’s Copilot Agent. Anthropic rated the vulnerability CVSS 9.4 Critical through its HackerOne program.

Microsoft MSRC disclosed two critical Semantic Kernel vulnerabilities on May 7. One routes attacker-controlled vector store fields into a Python eval() call; the other exposes a host-side file download method as a callable kernel function — meaning one poisoned document in a vector store launches a process on the host.

LayerX security researchers separately demonstrated that Cursor stores API keys and session tokens in unprotected storage, meaning any browser extension can access developer credentials without elevated permissions.

The threat actors hunting these credentials doubled their operational tempo

The Verizon 2026 Data Breach Investigations Report, released May 19, found that 67% of employees access AI services from non-corporate accounts on corporate devices. Shadow AI is now the third most common non-malicious insider action in DLP datasets. Source code leads all data types submitted to unauthorized AI platforms — the same asset class the npm worm campaign targeted.

The CrowdStrike 2026 Financial Services Threat Landscape Report, released May 14, documents the adversaries actively hunting the credential types these attacks harvest.

STARDUST CHOLLIMA tripled its operational tempo against financial entities in Q4 2025. CrowdStrike documented the group using AI-generated recruiter personas on LinkedIn and Telegram, sending malicious coding challenges that looked like technical assessments, and running fake video calls with synthetic environments. The targets are GitHub PATs, npm tokens, AWS keys, and CI/CD secrets. The shadow AI exposure in grid row 7 is the door they walk through.

Developer Tool Stolen-Identity Audit Grid

No vendor framework currently scopes all seven surfaces. This grid maps each one to the research that exposed it, what your stack cannot see, and the audit action to take before the next vendor renewal.

Security director action plan

Security directors may want to run this grid against current vendor contracts before Q2 renewals close — asking each vendor which of the seven surfaces their product covers, and treating the non-answers as the gap map.

Any credential accessible from a developer machine or CI runner that installed affected npm packages between 01:39 and 02:18 UTC on May 19 should be considered compromised. That includes GitHub PATs, npm tokens, AWS access keys, Kubernetes service account tokens, HashiCorp Vault tokens, SSH keys, and 1Password vault contents.

AI coding agent integrations running in CI/CD pipelines with pull_request_target workflows deserve a close look. Each one is a prompt injection surface that processes PR comments as agent instructions.

Procurement teams evaluating AI coding tools should consider adding a stolen-identity resistance dimension to vendor assessments. The question worth asking: can the vendor demonstrate how their tool distinguishes a legitimate maintainer publish from an attacker using compromised credentials? If they cannot, the tool is not a verification layer.

The developer tool supply chain has the same problem IAM had a decade ago: credentials prove who you claim to be, not who you are. IAM got a 10-year head start on compensating controls before nation-state groups turned credential theft into an industrial operation. The AI coding tool ecosystem is starting that clock now.

I never thought I’d find a Tatiana Maslany role I enjoyed as much as Orphan Black, yet here we are. Maximum Pleasure Guaranteed is Apple TV’s latest thriller, following on from recent huge releases like Margo’s Got Money Troubles and Widow’s Bay, and it’s another fantastic release from the streaming service.

Here, Maslany plays newly divorced mother Paula, who has been spending time with Trevor (Brandon Flynn), a camboy. Since Paula’s ex-husband has main custody of their daughter, she spends lonely nights talking with him, which inevitably leads to more.

MOON by Simaudio has expanded its Compass Collection with the new MOON 491 Network Player/Preamplifier and MOON 461 Power Amplifier, a Canadian-made streaming and amplification pairing built for listeners who want one serious high-end system without turning the rack into a wiring nightmare.

Designed and handcrafted just outside Montréal, the 491 combines a network player, preamplifier, DAC, MM/MC phono stage, and headphone amplifier in one chassis, while the 461 delivers 150 watts per channel and borrows MOON’s distortion-cancelling amplifier architecture from the flagship North Collection.

The timing feels right. MOON has built a reputation for delivering strong performance for the money in the high-end category, and this new pairing arrives with the same kind of momentum currently rattling Bell Centre glass during the Canadiens’ unexpected 2026 Stanley Cup Playoffs run.

“As a pairing, the 491 and 461 represent a complete expression of the Compass Collection,” said Etienne Gautier, CCO of Simaudio. “Together they deliver outstanding musical performance and system flexibility, while also forming a visually striking statement that will look exceptional in any environment, from contemporary interiors to traditional spaces. The MOON 491 and MOON 461 are the True Direction.”

That “complete expression” part matters. The 491 is not just another streamer with a nice faceplate. With MiND 2 streaming, Roon Ready support, AirPlay, Bluetooth, Qobuz Connect, TIDAL Connect, Spotify Connect, analog and digital inputs, adjustable MM/MC phono support, headphone output, and MOON’s Hybrid Power supply, it is clearly designed to be the hub for $6,500 USD.

Add the 461 power amplifier, with MOON Hybrid Power and MDCA technology, and the Compass Collection starts to look less like a lifestyle stack and more like a proper no-nonsense two-box high-end system with Canadian muscle. No poutine theatrics required. This is more like a smoked meat sandwich from Lester’s with fries and a hearty karnatzel on the side: straightforward, satisfying, and built to do the job without asking for applause.

MOON 491 Network Player/Preamplifier: One Box to Run Streaming, Vinyl, Digital and Headphones

The MOON 491 Network Player/Preamplifier is designed to be the control center of a serious two-channel system. It combines a network player, preamplifier, DAC, MM/MC phono stage, and headphone amplifier in one chassis, which means it can manage streaming, digital sources, analog components, turntables, headphones, and system volume without requiring five separate boxes and a weekend with cable labels. 

At the center of the 491 is MOON’s proprietary MiND 2 streaming platform. It works as a UPnP renderer, a Roon Ready endpoint, and supports AirPlay and Bluetooth. The MOON MiND Controller app for iOS and Android provides access to Qobuz, TIDAL, Deezer, and Spotify, while direct platform support includes Qobuz Connect, TIDAL Connect, and Spotify Connect. That gives users multiple ways to stream without being forced into one control path. Having used MiND 2 at AXPONA 2026, I can attest to its relatively easy learning curve.

The 491 also takes vinyl seriously. Its built-in phono stage supports both MM and MC cartridges, with adjustments for loading, capacitance, gain, and equalization through the on-screen menu.

Analog connectivity includes one RCA line-level input, one balanced XLR input, and one phono input. Outputs include fixed and variable RCA, variable balanced XLR, and a 1/4 inch headphone jack. The large color display shows volume, album art, and track information, while control is handled through the app, front-panel buttons, and the aluminum CRM-4 remote. 

MOON’s Hybrid Power supply is also part of the package, blending linear and switch-mode power supply technologies to provide stable, low-noise DC power. According to MOON, the design operates beyond the audio band to avoid contaminating sensitive audio circuits, helping lower the noise floor and improve dynamic range. 

MOON 491 Network Player/Preamplifier Specifications:

• Product type: Network player, preamplifier, DAC, phono stage, headphone amplifier
• Streaming platform: MOON MiND 2
• Network playback: UPnP renderer
• Roon support: Roon Ready
• Wireless support: AirPlay, Bluetooth
• App control: MOON MiND Controller app for iOS and Android
• Streaming services via app: Qobuz, TIDAL, Deezer, Spotify
• Connect support: Qobuz Connect, TIDAL Connect, Spotify Connect
• Phono stage: MM and MC cartridge support
• Phono adjustments: Loading, capacitance, gain, equalization
• Analog inputs: 1 RCA line-level input, 1 balanced XLR input, 1 phono input
• Outputs: Fixed RCA, variable RCA, variable balanced XLR, 1/4 inch headphone output
• Digital inputs: HDMI ARC, S/PDIF, Toslink, AES-EBU
• Ethernet: 2 inputs
• Input sensitivity: 0.3 V to 5 V
• Input impedance: 22 kΩ
• Gain: 10 dB
• Frequency response: 10 Hz to 200 kHz, +0.5/-3.0 dB
• Total harmonic distortion + noise: 0.0004%
• Intermodulation distortion: 0.0004%
• Dimensions: 16.9 x 3.5 x 14.1 inches / 42.9 x 8.7 x 35.7 cm
• Shipping weight: 20 lbs / 9 kg
• Finish: Black chassis with bead-blasted aluminum cheeks in black or silver
• Remote: CRM-4 aluminum remote control
• Display: Large color display with volume, album art, and playback information

MOON 461 Power Amplifier: Serious Power for the Compass Collection

The MOON 461 Power Amplifier is the dedicated power amplifier in Simaudio’s Compass Collection. It is designed to take the signal from a preamplifier and drive loudspeakers with high output, low distortion, and stable performance across different speaker loads. It is the most powerful model in the Compass Collection, rated at 150 watts per channel into 8 ohms, 300 watts per channel into 4 ohms, and 450 watts in mono into 8 ohms. 

At the center of the 461 is MOON’s proprietary MDCA, or MOON Distortion-Cancelling Amplifier architecture, which was first developed for the flagship North Collection. The design is intended to reduce distortion and improve linearity, helping the amplifier preserve clarity, accuracy, and control as output demands increase. 

The 461 also uses two MOON Hybrid Power supply modules, with one dedicated to each channel. That dual-mono layout is designed to improve channel separation, reduce crosstalk, and deliver stronger current into lower-impedance loudspeakers. A Stereo / Bridged Mono / Bi-Amping Mono mode switch adds useful system flexibility for listeners who may want to run a single amplifier now and expand later. 

Visually, the 461 follows the Compass Collection design with a black chassis, bead-blasted aluminum cheeks in black or silver, and a clean front panel. It is not flashy, which is probably the point. This is a power amplifier, not a Cirque du Soleil audition. Think more Montreal Metro in February: not glamorous, but it moves a lot of current and usually gets you where you need to go.

MOON 461 Power Amplifier Specifications:

• Product type: Analog stereo power amplifier
• Collection: MOON Compass Collection
• Amplifier architecture: MOON Distortion-Cancelling Amplifier architecture, or MDCA
• Power supply: Two proprietary MOON Hybrid Power supply modules
• Power supply layout: Dual-mono implementation, with one MHP module dedicated to each channel
• Operating modes: Stereo, Bridged Mono, Bi-Amping Mono
• Output power, stereo 8 ohms: 150 W
• Output power, stereo 4 ohms: 300 W
• Output power, mono 8 ohms: 450 W
• Input sensitivity: 1 V
• Input impedance: 22 kΩ
• Gain: 31 dB
• Frequency response: 5 Hz to 100 kHz, +0/-3 dB
• Total harmonic distortion + noise at 1 W: 0.005%
• Total harmonic distortion + noise at 150 W: 0.003%
• Damping factor: 425
• Power consumption, idle: 35 W
• Power consumption, full power standby: 34 W
• Power consumption, low power standby: 1 W
• Dimensions: 16.9 x 3.5 x 14.5 inches / 42.9 x 8.7 x 36.8 cm
• Shipping weight: 24 lbs / 11 kg
• Finish: Black chassis with bead-blasted aluminum cheeks in black or silver

The Bottom Line

The MOON 491 Network Player/Preamplifier and MOON 461 Power Amplifier make the most sense as a clean, high-performance two-box system for listeners who want modern streaming, vinyl playback, DAC functionality, headphone listening, and serious loudspeaker control without building a rack that looks like Bell Centre after triple overtime.

The 461 is the matching muscle. With 150 watts per channel into 8 ohms, 300 watts into 4 ohms, and 450 watts in mono, it gives the Compass Collection real amplifier authority. MOON’s MDCA amplifier architecture, borrowed from the flagship North Collection, and dual MOON Hybrid Power modules add some meaningful trickle-down engineering. The stereo, bridged mono, and bi-amping modes also make it more flexible as a long-term system anchor.

What is missing? The 491 is not a full integrated amplifier, so passive loudspeakers still require a power amplifier like the 461. Otherwise, the feature set is quite complete: HDMI ARC, four digital inputs, two Ethernet jacks, MiND 2 streaming, Roon Ready support, Qobuz Connect, TIDAL Connect, Spotify Connect, MM/MC phono, DAC, headphone output, and preamplifier functionality.

The only obvious omission from the supplied information is any confirmation of higher-resolution Bluetooth codec support such as LDAC, aptX HD, or aptX Lossless.

Pricing & Availability

This pairing is not entry-level, but it is very MOON: designed and handcrafted in Canada, backed by a 10-year warranty, and built for listeners who want long-term performance rather than feature churn.

• MOON 491 – $6,500 USD / C$8,800 CAD / €6,800 EUR
• MOON 461 – $5,000 USD / C$6,800 CAD / €5,200 EUR

For more information: simaudio.com

Related Reading:

When agentic workflows fail, developers often assume the problem lies in the underlying model’s reasoning abilities. In reality, the limited information provided by the retrieval interface is often the primary limiting factor.

Researchers at multiple universities propose a technique called direct corpus interaction (DCI) that lets agents bypass embedding models entirely, searching raw corpora directly using standard command-line tools.

The limits of classic retrieval

In classic retrieval systems such as RAG, documents are chunked, converted into vector representations (or embeddings), and indexed offline in a vector database. When an AI system processes a query, a retriever filters the entire database to return a ranked “top-k” list of document snippets that match the query. All evidence must pass through this scoring mechanism before any downstream reasoning occurs.

But modern agentic applications demand much more. “Dense retrieval is very useful for broad semantic recall, but when an agent has to solve a multi-step task, it often needs to search for exact strings, numbers, versions, error codes, file paths, or sparse combinations of clues,” the authors of the DCI paper said in comments provided to VentureBeat. “These long-tail details are precisely where semantic similarity can be brittle.”

Unlike static search, agents must also revise their search plans dynamically after observing partial or localized evidence. Exact lexical constraints and multi-step hypothesis refinement are difficult to execute with semantic retrievers. Because the retriever compresses access into a single step, any critical evidence filtered out by the similarity search cannot be recovered later, no matter how advanced the agent’s downstream reasoning capabilities are. As the authors explain, current retrieval pipelines can become a bottleneck because “they decide too early what the agent is allowed to see.”

Direct corpus interaction

This direct access addresses a core problem in enterprise environments: data staleness. Embedding indexes are always a snapshot of a specific moment in time, taking considerable compute and time to build and maintain.

“In many enterprise settings, the data is not a stable document collection. It is daily financial reports, live logs, tickets, code commits, configuration files, incident timelines, and internal documents that keep changing,” the authors said. DCI lets the agent reason over the current state of the workspace rather than yesterday’s vector index.

The agent operates in a terminal-like environment where its observations are raw tool outputs such as file paths, matched text spans, and surrounding lines. The core tools provided by DCI are few but highly expressive. Agents use commands like “find” and “glob” to navigate directory structures and locate files. For exact matching, they use “grep” and “rg” to locate specific keywords, regex patterns, and exact strings. When local inspection is needed, tools like “head,” “tail,” “sed,” “cat,” and lightweight Python scripts allow the agent to peek at the context surrounding a match or read specific file sections.

The agent can combine these tools via shell pipelines to execute complex search logic in a single step. An agent can pipe commands to enforce strict lexical constraints, such as searching a file for one term and piping the output to search for a second term. It can combine multiple weak clues across a corpus by finding a specific file type, searching for a keyword like “report,” and filtering for a year like “2024.” It can also immediately verify a hypothesis by inspecting the exact lines around a keyword match.

DCI delegates semantic interpretation directly to the agent instead of relying on embedding-based similarity search. The agent can formulate hypotheses, test exact lexical patterns, and extract detailed information that a traditional semantic retriever might miss.

The researchers propose two versions of this system. DCI-Agent-Lite is designed as a lightweight, low-cost setup built on the GPT-5.4 nano model and restricted purely to raw terminal interactions like bash commands and basic file reads. Because reading raw files can quickly fill up a smaller model’s memory, this version relies on lightweight runtime context-management strategies to sustain long-horizon exploration.

DCI-Agent-CC is the higher-performance version, designed for teams with more compute budget. It runs on Claude Code powered by Claude Sonnet 4.6. Claude Code provides stronger prompting, more robust tool orchestration, and superior built-in context handling, which improves the agent’s stability during complex, multi-step searches across heterogeneous datasets.

DCI in action

The researchers tested both versions of DCI across agentic search benchmarks like BrowseComp-Plus, knowledge-intensive QA with single-hop and multi-hop reasoning, and information retrieval ranking in tasks requiring domain-specific reasoning and scientific fact-checking.

They tested DCI against three baselines. The first included open-weight retrieval agents such as Search-R1 and proprietary agents powered by frontier models like GPT-5 and Claude Sonnet 4.6, paired with standard retrievers. The second baseline included classical sparse retrievers like BM25 and dense retrievers like OpenAI’s text-embedding-3-large and Qwen3-Embedding-8B. The third baseline consisted of high-performing reasoning-oriented re-rankers like ReasonRank-32B and Rank-R1.

DCI systematically outperformed the baselines, according to the researchers. On the complex BrowseComp-Plus benchmark, swapping a traditional Qwen3 semantic retriever for DCI on a Claude Sonnet 4.6 backbone improved accuracy from 69.0% to 80.0% while reducing the API cost from $1,440 to $1,016. The return on investment for lightweight agents was also noticeable. DCI-Agent-Lite with GPT-5.4 nano competed with the OpenAI o3 model using traditional retrieval while cutting costs by more than $600.

On multi-hop QA benchmarks, DCI-Agent-CC reached an 83.0% average accuracy, improving on the strongest open-weight retrieval baseline by 30.7 points, according to the researchers.

The data shows that DCI has lower overall document recall than dense embedding models, but once it finds a relevant document, it extracts substantially more value from it.

“If an enterprise AI lead asked where DCI is most clearly useful, I would point to tasks that require exact evidence localization in a dynamic workspace: debugging production incidents, searching large codebases, analyzing logs, compliance investigation, audit trails, or multi-document root-cause analysis,” the researchers note.

In one complex deep-research task, the agent had to identify a specific soccer match based on 12 interlocking clues, including exact attendance, yellow cards, and player birth dates. A traditional retriever would fail by surfacing short, disconnected snippets. Instead, the DCI agent explored the file directory, read specific lines of a 1990 England versus Belgium match report to verify the exact number of substitutions, pulled a specific quote from an interview file, and verified the exact birth dates of two players by peeking into their Wikipedia text files. By chaining these simple commands, DCI ensures that no evidence is permanently lost behind a flawed semantic search algorithm.

Limits and practical implementation of DCI

DCI has a clear operating envelope where it scales excellently in search depth but struggles with search breadth. When the experimental corpus was expanded from 100,000 to 400,000 documents, the system’s accuracy dropped significantly and the average number of tool calls rose. While DCI is powerful once a promising document is found, the cost of locating that initial useful anchor document grows sharply as the size of the candidate space increases.

DCI also has lower broad document recall compared to dense embedding models. It trades exhaustive recall for high-resolution, local precision. If an enterprise workflow strictly requires finding every single relevant document across a massive dataset, DCI may not be the right tool.

Granting an agent expressive tools like an unrestricted bash shell increases latency and compute costs due to the high volume of iterative tool calls required to complete a search. It also creates significant context-management and security challenges for IT departments.

“Tool calls can return large outputs; long trajectories can fill the context window; and raw terminal access requires sandboxing, permission control, and careful engineering,” the authors said. To manage the context window, the researchers found that moderate truncation and compaction help the agent sustain longer searches, whereas overly aggressive summarization tends to discard useful evidence.

Because of these operational realities, DCI is not meant to be a mandatory replacement for existing vector infrastructure. Instead, it serves as a complementary one.

“For orchestration engineers and data architects, our view is that the most practical near-term deployment pattern is hybrid,” the authors said. Semantic retrieval can still provide high-recall candidate discovery when a user’s intent is broad or underspecified. “DCI can then operate as a precision and verification layer: the agent can search within the retrieved documents, expand from them into neighboring files, check exact constraints, and combine weak signals across documents.”

The researchers have released the code for DCI under the permissive MIT license.

“Longer term, DCI changes how we think about enterprise data. Data will not only need to be stored for humans or indexed for search engines; it will need to be organized for agents that can inspect, compare, grep, trace, and verify,” the authors conclude. “File names, timestamps, stable identifiers, metadata, version history, and machine-readable structure become part of the retrieval interface.”

The new standalone app sits on top of Facebook Groups, adds an AI tab called “Ask” and an admin assistant, and arrives the same month Mark Zuckerberg told staff he and Chris Cox had discussed whether they could build 50 new apps.

Meta has released a new standalone app called Forum, without a launch event, a blog post, or much of a press push at all.

The product is built on top of Facebook Groups and is listed in the App Store as “a dedicated space built for deeper discussions, real answers and communities you care about,” phrasing that does most of the work of telling you what Meta wants it to be: a Reddit, with a Facebook account attached.

The launch was first spotted by the social-media consultant Matt Navarra and reported by TechCrunch, with independent confirmation from Engadget and MacRumors. A Meta spokesperson told Engadget the product was still in testing:

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

“We test lots of new products publicly to see what people find interesting and useful to their experiences across our apps.”

Users sign in with their existing Facebook account, at which point their groups, profile and activity carry over. Posts can be made under a nickname, in the same way they can in the main Facebook app, although group administrators can still see real identities.

Anything posted on Forum shows up in the corresponding group on Facebook, and vice versa, so the product is less a separate network than a separate front door into the one Meta already has.

The feed is the differentiator. Where Facebook’s main timeline mixes friends, Pages, algorithmic suggestions and ads, Forum’s surfaces only conversations from groups a user is in, with prompts to discover others. Two AI features sit on top.

The first, “Ask,” lets users put a question to the app and receive an answer compiled from discussions across groups, sparing them the chore of searching one at a time.

The second is an admin assistant designed to help moderators run groups and handle moderation. Both are pitched as time-savers rather than as the product’s defining feature.

This is not Meta’s first standalone Groups app. The company shipped one in November 2014 and shut it down in 2017, for reasons it never made especially clear at the time.

The Reddit framing is also conspicuous given timing: Reddit went public in March 2024, has spent the past two years licensing its data to AI companies for training, and remains the closest thing the consumer internet has to a working community-discussion product at scale. A Facebook-flavoured competitor with an AI answer tab is, at minimum, a recognisable shape.

Forum is the second new Meta app in roughly a month. In late April, the company began testing Instants, a standalone Instagram companion for disappearing photos that borrows visibly from BeReal and Snapchat. Meta Edits, last year’s CapCut-shaped video editor, sits in roughly the same lineage.

That cadence is not an accident. The Wall Street Journal reported earlier this month that Zuckerberg told staff in an internal Q&A that AI-driven efficiency was allowing Meta to build more products with smaller teams, and that he and chief product officer Chris Cox had discussed whether the company could ship 50 new apps.

He then talked himself partway back down: “Like, yeah probably. But we probably should start by doing a few before we just, like, ramp up trying to do 50 all at once.”

Forum is one of the few. Whether users want a separate app for their Facebook groups, with an AI tab attached, is the question the spokesperson’s testing line was designed not to answer. The 2014 Groups app suggests one historical data point. The fate of Instants, Edits, and whatever ships next will produce the rest.

A navigation issue affecting the My Pixel app has left a number of Pixel owners unable to access key sections of the preinstalled Google app, with the bottom tab bar disappearing entirely from the interface without warning.

The missing bar ordinarily carries four tabs covering Home, Tips, Support, and Store, giving users a single access point for feature guidance, troubleshooting help, and direct links to Google’s hardware shop from within the device itself.

Reports from affected users on Reddit confirm the tabs have vanished from their devices, with at least one account suggesting the issue followed a dismissal of a pop-up notification that appeared when the user attempted to navigate to the Google Store section of the app.

That sequence points toward a possible server-side or account-level trigger rather than a local software fault, though Google has not acknowledged the issue publicly or provided any indication of whether a fix is in progress.

The timing is notable given that My Pixel serves as one of the primary in-app channels through which Google surfaces Pixel-specific feature tips and direct hardware purchasing options, making a navigation failure more disruptive than a cosmetic glitch would suggest.

For users who rely on the app’s support tab as their first point of contact when troubleshooting device issues, the disappearance of the tab bar effectively removes that route entirely until the problem is resolved, leaving the Google Support website as the most direct alternative in the interim.

Google has not confirmed whether the issue affects specific Pixel models, specific Android versions, or a broader cross-section of the Pixel install base, and the scope of the problem remains unclear based on available reports.

That silence extends to any fix or workaround, with Google yet to set out a timeline for restoring full navigation functionality to affected devices or clarify whether the issue traces back to a server-side change, an app update, or something else entirely.

The Texas Attorney General has sued Meta over allegations that the company’s WhatsApp messenger, used by more than 3 billion people, doesn’t provide the end-to-end encryption (E2EE) it has long claimed.

Since at least 2016, Meta (then named Facebook) has said WhatsApp provides robust end-to-end encryption, meaning that messages are encrypted on a sender’s device with keys that are available only to the receiver’s. By definition, E2EE means that no one else—including the platform itself—can read the plaintext messages.

In sworn testimony before two US Senate committees in 2018, CEO Mark Zuckerberg said Meta does “not see any of the content in WhatsApp; it is fully encrypted” and that “Facebook systems do not see the content of messages being transferred over WhatsApp.” The engine for this E2EE is the Signal protocol, an open source code base that multiple third-party experts have said lives up to its promises.

In a complaint filed Thursday, Texas AG attorneys said Meta’s claims are false and that the company can and does read the unencrypted contents of WhatsApp messages. They said they are filing the action to “prevent WhatsApp and Meta from continuing to willfully deceive [Texans] by misrepresenting that their private communications were just that—private and inaccessible even to WhatsApp and Meta—when, in fact, WhatsApp and Meta have access to all WhatsApp users’ communications in their entirety.”

“The gravity of Meta’s and WhatsApp’s violation of users’ privacy and trust cannot be overstated,” the attorneys wrote. “All users were entitled to believe their communications were private when WhatsApp and Meta unequivocally and repeatedly promised that no one—not even WhatsApp and Meta—can access their messages.”

In an email, Meta called the allegations “baseless” and vowed to fight the lawsuit in court.

He said, she said

The sole factual evidence cited for the claims is an article published last month by Bloomberg. It reported that the US Commerce Department’s Bureau of Industry and Security had abruptly closed an investigation into allegations that Meta could access encrypted WhatsApp messages shortly after one of the department’s agents sent an email outlining the probe’s preliminary findings.

Most GPS watches make you choose between rugged durability and genuinely useful health tracking, which is exactly why the Garmin Instinct 3 Solar stands out.

The Garmin Instinct 3 Solar makes no such compromise, and it is currently down from £299.99 to £209.99 at Argos, saving you £90 in the process.