Engineering physics students at the University of British Columbia finished a capstone project that produced something unusual in robotics. Their air hockey robot learned every move inside a computer simulation and then stepped onto real hardware ready to face human opponents with no further adjustments. The approach bypassed the usual slow and risky process of training directly on physical equipment.

Over the course of around two years, multiple student teams worked together to complete the project. Hudson Nock, Ian Hartley, and Mauro Ferraz led the last assault. They took over an early iteration of the hardware foundation, with the primary purpose of narrowing the gap between virtual training and real-world performance. The whole code and two pretty lengthy technical reports are now available on GitHub for anyone who want to read everything and understand every decision they made.

For any automated system, air hockey presents some significant issues. The table surface is never completely smooth, the puck travels at high speeds, bounces vary depending on where it hits the wooden rails, and motor efficiency degrades when the power supply voltage lowers under strain. Conventional physics models frequently fall short of adequately capturing these differences in order to transition from simulation to reality. Instead than relying just on a generic engine, the UBC team chose to meticulously measure the actual hardware and then mimic its unique characteristics within the code.

All the sensing is controlled by a single camera above. The puck is marked with retroreflective tape, while the opposing mallet is marked with a unique marker. Even when the camera uses very short exposures of only 100 microseconds to stop the movement, some bright LEDs close to the lens make both objects appear exceptionally clear and crisp. In order to keep the position error down to nearly precisely one millimeter over the entire surface, they also performed some calibration work using markers around the table edges. This is quite astounding given the little warping that would otherwise be an issue. A contour tracker can follow the puck all the way through even when the gantry obstructs the view. The human player’s mallet can be found by the same camera at a scorching 120 frames per second.

A Core XY gantry positioned high above one side of the table generates movement. The mallet is guided by two belt-driven motors and an STM32 Blue Pill microcontroller. During system testing, the team went to the trouble of determining how the mallet reacts to various voltage signals and recording it all as a third order transfer functions. They used a combination of feedforward controls and PID feedback to keep the mallet on track and virtually perfectly aimed. A sizable supercapacitor is also used to stabilize the voltage during rapid accelerations.

Custom code designed for speed and accuracy powers the simulation itself. The application employs analytical solutions to simulate both puck and mallet motion, reducing the need for time-consuming numerical integration stages. They use an adaptive collision timing technique to ensure that no impacts are missed. When the puck strikes the wooden rails, a small neural network with only 112 parameters kicks in, predicting both the departing velocity and angle, as well as a measure of uncertainty. The simulator then draws from that uncertainty distribution at random throughout each run, so the learning agent should expect slightly unfair and noisy bounces rather than flawless ones.

Vectorization allows a standard laptop to run thousands of game instances at the same time. On a normal Intel i5, the entire simulation runs approximately 230 times faster than real time, which is rather impressive. That kind of pace makes it absolutely practical to run extensive training sessions. To account for issues such as camera lag and control input latency, the agent is given a state that includes the most recent puck and mallet action over a variety of delays. It then outputs the voltage parameters for the motion profile together with the intended final mallet position.

The Soft Actor Critic reinforcement learning technique was used to train networks with about 200,000 parameters. The squad took action since self-play alone can result in one-dimensional strategies. After training, they just applied the policy to the actual controller without any further fine-tuning in the real world, resulting in some deviation. The round trip delays are all kept in sync while the entire system runs on a 60-Hz loop.
[Source]

Every year, the Verizon Data Breach Investigations Report serves as a ground-truth benchmark for the industry. Its value comes not just from the headline numbers but from the convergence signals: when multiple independent data sources point to the same structural shift in how attackers operate, that convergence is worth paying attention to.

This year, as a contributor to the Verizon 2026 DBIR, the Keep Aware team had early visibility into that convergence.

This post breaks down the specific areas where the 2026 DBIR data and Keep Aware’s own browser telemetry align — and where browser-layer data reveals what network and endpoint tools miss entirely.

Shadow AI Has Become a Mainstream Enterprise Risk

Shadow AI was identified in the Verizon DBIR as the third most common non-malicious insider action observed in Data Loss Prevention (DLP) datasets, representing a fourfold increase from the previous year.

Employees are not typically trying to exfiltrate data; rather, they are using the fastest available tool for a task, which increasingly means pasting internal documents or source code into a personal ChatGPT session before their organization has had time to approve and provision a governed alternative.

The scale of unauthorized AI usage in enterprise environments is one of the report’s most significant findings: 67% of users are accessing AI services on corporate devices through personal, non-corporate accounts, and 45% of employees are now considered regular AI users.

Keep Aware’s browser telemetry further provides insight into how these AI services are being used. Over half of AI prompt inputs are sent to personal accounts, and 23% of sensitive prompt uploads involve data transiting through personal or unverified accounts (i.e., outside the reach of any corporate DLP policy or logging infrastructure), conveying the real risks of AI usage.

Credential Abuse and the Browser’s Detection Gap

The 2026 DBIR found that 39% of breaches involved credential abuse. Keep Aware’s attack data from 2025 puts browser-based credential theft as the number one browser-based attack, accounting for approximately 41% of observed threat activity, implying that credential theft in the browser will later contribute to successful future breaches.

Compounding this attack vector is the fact that the vast majority of these attacks are invisible to traditional tooling, as our data illustrates.

In Keep Aware’s analysis, 63% of Microsoft-themed phishing sites were not flagged by any VirusTotal vendor at the time of employee exposure, showing a glaring detection gap in intelligence feeds and endpoint tools.

More pointedly, 100% of the credential theft attempts Keep Aware observed passed through existing non-browser security controls unblocked — network proxies, DNS filters, and endpoint agents alike.

None of them caught it. The only reliable detection point is inside the browser itself, where the page is rendered and the user interaction actually occurs.

Browser Extensions: Privileged, Ungoverned, and Expanding

Add-ons can read, modify, and interact with any page’s content, and exfiltrate data from within the browser context, enabling extensions to operate with a level of browser privilege that should dictate regular scrutiny—yet data tells a different story.

The 2026 DBIR flagged that the average enterprise had more than 15% of users with unauthorized AI extensions installed. However, the extension problem is broader than AI tooling alone.

Keep Aware’s extension telemetry additionally shows that 13% of unique browser extensions observed across our customer base were classified as high or critical risk.

The more operationally significant finding: 93% of poor-reputation extensions were labeled as “productivity” tools by browser marketplaces — the exact category most allowlisting policies treat as safe. For this threat class, that makes category-based allowlisting functionally useless.

ClickFix and Browser-Native Social Engineering

Both the 2026 DBIR and Keep Aware’s State of Browser Security Report call out ClickFix as an emerging technique worth tracking.

The Verizon DBIR found ClickFix accounted for 2.7% of browser-detected attacks—a small share that nonetheless signals an evolution in browser-based social engineering.

ClickFix is a deceptive social engineering tactic used to get a user to unknowingly execute malicious code from the browser and on the host machine.

This threat begins in the browser—often by encountering compromised websites and sometimes through LLM chat responses—but quickly continues on the endpoint, compromising the machine with info stealers and remote access to attackers.

The endpoint bears the impact, but the browser is the social engineering medium—and the first line of defense.

The Human Element Continues to be a (Browser) Problem

The 2026 DBIR found that 62% of breaches involved the human element, with phishing initiating 16% of incidents. Keep Aware’s browser-layer data shows phishing and social engineering accounted for 46% of browser attacks observed across 2025.

The human element finding is often framed as a training and awareness problem. But attackers are constantly evolving browser-based social engineering tactics—phishing links to benign intermediary sites, redirect chains, pages that render differently for automated scanners, hosting content on legitimate websites, and silent clipboard injections.

Browser-level visibility does not solve the human element problem, but it shifts the detection point to where the human interaction is actually occurring, rather than looking for downstream artifacts after the interaction has already been exploited.

What This Means for Security Teams.

Shadow AI, credential theft, malicious extensions, and browser-native social engineering techniques like ClickFix share a common characteristic: they all execute inside the browser, and they all produce artifacts that are most visible, if not only visible, at the browser layer.

Security programs that rely exclusively on network, endpoint, and identity telemetry will continue to have blind spots in exactly the places attackers have learned to operate.

The browser is no longer just an application. For most enterprise users, it is the work environment. Securing it is no longer optional.

If your security stack lacks visibility into what’s happening inside browser sessions, that gap is worth understanding before attackers exploit it. Request a demo of Keep Aware to see what your current tools are missing

Keep Aware contributed data to the Verizon 2026 Data Breach Investigations Report. Keep Aware’s 2026 State of Browser Security Report is available here.

Sponsored and written by Keep Aware.

EU trade commissioner Maroš Šefčovič has called for a new “diversification instrument“ to reduce Europe’s dependence on single suppliers of chips and rare earths. He made the proposal at the European Policy Center’s Brussels Economic Security Forum on Friday. The tool would force companies in sensitive sectors to source from at least three different suppliers.

“If it’s critical supplies, you have to have three different suppliers to make sure that you cannot be punished because of a political reason,” Šefčovič said. He cited the Energy Union as his model, an initiative he previously led to wean Europe off Russian energy after the 2014 annexation of Crimea.

The urgency is real. The EU relies on China for more than 90% of its rare earth supplies. Beijing imposed export controls on rare earth magnets last October during a tariff dispute with the United States, and halted chip shipments from Chinese-owned Nexperia after the Dutch government seized control of the company.

Those disruptions hit European carmakers and exposed the bloc’s vulnerability. “Recent industrial cases, in particular supplies of chips and rare earths, have reinforced my conviction that a step change is necessary,” Šefčovič said. “Every high-risk sector must be weaned off single-supplier dependence.”

The EU has since joined forces with Washington and other nations to find alternative sources. Sweden’s discovery of Europe’s largest rare earth deposit offered a long-term glimmer, but mining timelines stretch well beyond a decade. In the meantime, Europe remains exposed.

The proposal comes a day after Šefčovič urged Brussels and Beijing to address the EU’s “unsustainable” trade deficit with China. That deficit widened to €360 billion last year, up 18% from 2024. EU leaders are set to discuss China’s industrial overcapacity and subsidised exports at a summit on 18-19 June.

Šefčovič will also meet Chinese counterpart Wang Wentao in Brussels later this month. He told reporters the next step is a formal legal proposal. “We have to specify what to really do with the legal proposal,” he said.

The broader push to reduce chip dependency has already produced the EU Chips Act, which aims to double Europe’s share of global chip production to 20%. A Chips Act 2.0 was proposed by the Commission in June 2026 with new measures to cut strategic dependencies further.

JBL has taken the wraps off its most ambitious home speakers yet. The company is launching the next-generation Summit Everest and Summit K2 models as part of a new flagship Summit Series. This series was unveiled at High End Vienna 2026.

These aren’t just updates to existing speakers. They continue JBL’s long-running “Project” lineage — a designation reserved for the brand’s most technically advanced loudspeakers. In addition, they arrive as part of the company’s 80th anniversary celebrations.

The new range sits at the very top of JBL’s line-up, joining models like Makalu, Pumori, and Ama. However, the Everest and K2 are the clear headline acts. They are reference-level systems for listeners who want no-compromise performance at home.

The Summit Everest sits at the top of the stack, carrying forward the legacy of four previous Everest generations. It uses a redesigned mid and high-frequency system built around JBL compression drivers and a large-format HDI horn.

Advertisement

This is supported with dual 10-inch mid-bass drivers and dual 15-inch woofers, with the intent on delivering deep bass while maintaining precision across the full frequency range.

Advertisement

Slightly lower in the range, the Summit K2 follows a similar design philosophy but scales things back into a more “accessible” flagship format. Still, it uses JBL’s compression driver system and HDI horn design, paired with a 15-inch woofer and 10-inch mid-bass driver. This approach aims for the same sense of scale and clarity in a smaller footprint.

Both models share JBL’s updated internal architecture, including a redesigned crossover system intended to reduce signal loss and improve power handling. They have also reworked the cabinets, adding heavy internal bracing and damping to minimise unwanted resonance.

Furthermore, new isolation feet decouple the speakers from the floor, delivering cleaner bass response and sharper imaging.

Advertisement

Finish options lean fully high-end, with either high-gloss black with platinum accents or Macassar ebony veneer with gold detailing. Even the hardware has been treated as part of the design, using premium binding posts and high-grade internal wiring throughout.

Advertisement

Pricing underlines exactly where these sit in the market. The Summit Everest comes in at $159,990 per pair. Meanwhile, JBL prices the Summit K2 at $99,990 per pair, firmly placing both models in the ultra high-end territory when they arrive later in 2026.

Advertisement

A California man was sentenced to more than 26 years in federal prison for trafficking fentanyl and methamphetamine through Nemesis Market, one of the world’s largest dark web marketplaces.

39-year-old Darren Hughes of San Jose was convicted on drug trafficking charges in November 2025 and was sentenced by U.S. District Judge John F. Kness on May 26.

According to court documents, Hughes operated a store that offered potential clients free samples of methamphetamine on Nemesis Market.

After sending one of the free meth samples to an undercover law enforcement agent who reached out, Hughes also sold the agent methamphetamine and fentanyl pills on five separate occasions in 2023, in exchange for cryptocurrency as payment.

On June 28, 2023, the Redwood City Police Department arrested Hughes in California after arranging another sale with undercover agents.

Detectives from the Street Crime Suppression Team also found approximately 672 grams of methamphetamine and a loaded 9mm “ghost gun” bearing no serial number when searching his vehicle.

​”Criminals selling poison on the dark web often act with impunity and brazenness because they mistakenly believe that they are beyond the reach of federal law enforcement. The Chicago U.S. Attorney’s Office and our law enforcement partners will identify, investigate, and prosecute drug traffickers regardless of where they operate—and, even if they operate on the dark net,” said U.S. Attorney Andrew S. Boutros.

“Drug dealers once relied on street corners; today, they use the internet to reach customers worldwide. Dark web marketplaces may seem anonymous, but no platform is beyond law enforcement’s reach. Darren Hughes used the internet to profit from addiction and distribute dangerous drugs,” added IRS-CI SAC Adam Jobes.

The Nemesis Market launched in 2021 and quickly grew into one of the world’s largest illegal online markets before being taken down by German and American authorities in March 2024.

At its peak, the dark web cybercrime marketplace hosted more than 150,000 user accounts and 1,100 seller accounts, and processed over 400,000 orders (including roughly 17,000 for opioids like fentanyl, heroin, and oxycodone, and more than 55,000 for meth, cocaine, and crack cocaine).

Germany’s Federal Criminal Police Office and Frankfurt’s cybercrime unit led the Nemesis Market shutdown on March 20, 2024, seizing infrastructure in Germany and Lithuania and confiscating roughly $100,000 in cash.

Investigations had begun in October 2022, involving German, Lithuanian, and American agencies, including the FBI, DEA, and the IRS Criminal Investigation (IRS-CI).

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

A new national AI strategy puts sovereignty front and centre as Canada moves to reduce its dependence on foreign cloud and AI providers.

On Wednesday, the European Commission launched its Technological Sovereignty Package, introducing new legislation to loosen the grip of US Big Tech on European cloud and AI infrastructure. Now Canada has followed suit with its own ‘AI for All’ strategy, built around six pillars and with the explicit goal of ensuring Canadians can “adopt, build and govern AI on their own terms”.

“We will strengthen Canadian sovereignty at a time when it is being deeply challenged,” the strategy states, in a clear reference to tense relations with its neighbours under the Trump administration.

“Too much Canadian innovation is captured and scaled elsewhere,” the strategy reads. “In an era where prosperity, resilience and sovereignty increasingly depend on the ability to build and govern AI on national terms, these are vulnerabilities Canada cannot leave unaddressed.”

The strategy, published yesterday (4 June), points to some of those “vulnerabilities” that Canada needs to address. Sovereign compute capacity is described as “nascent”, with Canadian organisations remaining heavily reliant on foreign providers for the infrastructure underpinning economic, scientific and public-sector activity.

GPU chip fabrication sits “almost entirely offshore”, and only 12pc of Canadian businesses currently use AI – well behind Nordic counterparts, the strategy claims, where adoption runs between 29 and 42pc. The strategy’s six pillars cover:

• safety and democracy protections
• AI skills and literacy for all Canadians
• accelerated adoption across the economy
• building sovereign compute infrastructure
• scaling Canadian AI champions
• forging trusted international alliances

On infrastructure, the Canadian government is committing to building a world-leading supercomputer by 2031 and growing sovereign cloud capacity to reduce dependence on foreign providers, echoing the EU’s CADA (Cloud and AI Development Act) proposals published on Wednesday.

Canada aims to increase business AI adoption from 12pc today to 60pc by 2034, create up to 250,000 new jobs through AI adoption by 2031, and create nearly $200bn in GDP gains from labour productivity improvements.

Priority sectors for investment will be: health and life sciences; energy and natural resources; transportation; agriculture; and manufacturing and robotics.

The strategy flags that Canada has already signed 20 new economic and defence international partnerships in the past year, 11 of which advance AI cooperation. The Canadian government said it will build a strategic multilateral alliance to move “from reliance to resilience” in key AI and technology capabilities.

For children and its citizens in general, the Canadian strategy commits to modernising privacy legislation, introducing online safety laws and providing free AI literacy training to 1m entry-level, post-secondary students.

Canada’s strategy and the EU’s sovereignty package this week are clear signs that the race to reduce dependence on a small number of US technology giants is now a mainstream policy priority on both sides of the Atlantic.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

OpenAI announced a new feature that it says will provide additional protection from prompt injection attacks, where malicious chatbot instructions are hidden in webpages and other content sources.

Among other things, Lockdown Mode will disable live web browsing (so you can only access cached content), the retrieval and display of images from the web (you can still generate images), deep research, and agent mode.

The company says that even with Lockdown Mode turned on, ChatGPT could still be vulnerable to prompt injections — which could, for example, “appear in cached web content or in an uploaded file, and could still affect the behavior or accuracy of a response.”

But the goal is to reduce the likelihood that sensitive data gets shared in the process.

“Lockdown Mode is not intended for everyone,” OpenAI says. “It is designed for people and organizations that handle sensitive data and want stricter protection from data exfiltration risks related to prompt injection.”

The company says it’s currently rolling Lockdown Mode out to self-serve ChatGPT Business accounts, as well as eligible personal accounts.