Imagine your engineering team just deployed an AI agent to search through internal company documents and answer employee questions. It works perfectly in development, but in production, it consistently hallucinates or misses key constraints. Fixing this is rarely a simple patch. It requires a tedious, trial-and-error process of tweaking chunking strategies, retrieval methods, and system prompts simultaneously. Because these adjustments are entangled, it becomes nearly impossible to attribute which specific tweak actually solved the problem. 

To address this challenge, researchers at Renmin University of China and Microsoft Research introduced Arbor, a framework that upgrades AI-driven research and optimization from a sequence of trial-and-error guesses into a cumulative learning process. Arbor organizes hypotheses, experiments, and insights into a tree that helps the system learn from prior failures to make smarter, verified improvements over time.

In practical tests, Arbor delivered more than 2.5 times the verifiable performance gains of standard AI coding agents across real-world engineering tasks while operating under the same resource budget. 

For enterprise AI, this technique directly translates to automating the continuous improvement of complex, real-world engineering systems.

Understanding the bottleneck in autonomous optimization

As large language models and AI systems become more capable, they are expected to carry out more complex operations such as autonomous optimization (AO) of software systems such as agent harnesses or model training algorithms. 

AO captures the fundamental loop of autonomous research. An AI agent starts with an initial mutable artifact, such as a machine learning codebase or data pipeline, and a specific objective. The agent’s goal is to iteratively improve this artifact through experimental feedback without step-by-step human supervision.

The main challenge of AO is often misunderstood. Many engineering teams find that simply giving a coding agent more time or compute to optimize a codebase doesn’t lead to better results. “Automation can keep an AI working for a very long time — but a loop is not the same as progress,” Jiajie Jin, co-author of the paper, told VentureBeat. “If the goal is vague, or the metric is easy to hack, long-running automation often just produces ‘improvements’ faster that nobody actually wants.”

Jin explains that complex tasks take many attempts to get right, and standard agent architectures are missing the critical data structure to maintain state. “How do you make sure the insight and experience from each attempt actually accumulate, instead of getting lost in a scrollback buffer?” he said. Without this structure, agents simply repeat the same mistakes.

Current agent systems can run experiments for many hours against well-specified goals: editing code, invoking tools, running tests autonomously. But they treat each attempt in isolation, missing the structural mechanisms that would let them accumulate and act on what they’ve learned.

They lack the capacity to simultaneously maintain and compare multiple competing research directions. Without this, they cannot interpret both successes and failures to reshape their future exploration, which is the core mechanism that makes human research cumulative.

General coding agents typically rely on conversation transcripts for their memory. Because AO tasks span hundreds of turns and easily exceed context window limits, these agents struggle to preserve and reuse factual evidence over long histories. As a result, they lose the overarching structure of the research process and are prone to stalling on early failures or chasing noisy evaluation swings. The system needs a structured, durable memory that records what directions have been tried, what factual evidence was produced, and how each result changes the space of future hypotheses.

Existing frameworks are also prone to reward hacking and overfitting to development metrics. This makes them create the illusion of progress without producing improvements that transfer to real-world performance.

Finally, general-purpose coding agents typically chain their tool calls on a single shared working tree. This architectural limitation prevents them from testing parallel hypotheses in isolated environments without corrupting the main codebase or obscuring which hypothesis caused a specific outcome.

The Arbor framework

Arbor solves the challenges of AO with a framework that automates the long-horizon loop of exploration, experimentation, and abstraction that characterizes human research. Arbor separates the strategic direction of research from the ground-level coding tasks with two key components:

The coordinator: A long-lived AI agent that acts like a principal investigator. It never directly edits the target codebase. Instead, it owns the general state of the optimization research, observes accumulated evidence, comes up with new hypotheses and directions to explore, and decides what to do with the results of experiments.

Executors: Short-lived, highly focused AI agents. When the coordinator wants to test an idea, it spins up an executor and places it in an isolated environment, essentially a fresh git worktree. Each executor is handed one hypothesis. It implements the assigned idea, runs evaluations, debugs errors, and reports back to the coordinator with the results and created artifacts.

These two components collaborate through a mechanism that the researchers call “Hypothesis Tree Refinement” (HTR). HTR represents the entire research process as a persistent, branching tree where every node binds together four things: a hypothesis, the executable artifact, the factual evidence produced, and a distilled insight. This means the coordinator can explore multiple competing directions at the same time without losing its place.

The coordinator builds the tree by placing broad ideas near the root, while concrete refinements branch out as leaves. This allows Arbor to safely explore multiple competing hypotheses simultaneously. If an executor’s experiment fails, the tree records why it failed as a negative constraint, ensuring the system doesn’t endlessly repeat the same mistake.

To understand why Arbor’s isolation matters, consider a common enterprise scenario: optimizing a Retrieval-Augmented Generation (RAG) pipeline for an internal AI assistant. “When you ask a single agent like Claude Code or Codex to ‘improve accuracy,’ it will typically change a bunch of things in one pass — chunking, the prompt, the retrieval method,” Jin said. This entangles the changes, making it impossible to attribute which one actually helped. It also directly mutates the repository without isolation. 

Arbor solves this by treating each lever as a separate hypothesis. Chunking becomes one branch, retrieval another, and the prompt another — each implemented and evaluated in its own isolated git worktree. “So you get clean attribution: ‘constraint decomposition on the retrieval side gave +X; breadth-first search actually hurt,’” Jin said.

When an executor returns a report, the coordinator writes the evidence to the tree and backpropagates the insight upward to parent nodes. This means a local observation becomes a generalized constraint that shapes the coordinator’s future idea generation.

To prevent reward hacking or overfitting to the development data, HTR enforces a strict “merge gate.” Even if an executor reports a fantastic development score, the coordinator will spin up an isolated worktree to test the candidate against a held-out test evaluator. The artifact is only merged into the current best trunk if it demonstrably improves the test score, verifying that the progress is real.

Arbor generally falls under the concept of “loop engineering,” popularized by industry figures like OpenClaw creator Peter Steinberger and Claude Code lead Boris Cherny. The idea is to move beyond single prompts to design iterative cycles (observe, reason, act, verify) that drive autonomous agents. However, as Jin points out, “A loop can fill up with messy, untraceable attempts, and you end up with nothing to show and no way to reconstruct what changed.”

Arbor in action

The researchers evaluated Arbor on an autonomous optimization task suite built from real-world research settings and the MLE-Bench Lite machine learning engineering benchmark. The AO suite featured tasks from different areas of AI development, including model training, harness engineering, and data synthesis.

The researchers used different backbone models for the coordinator and executor agents, including Claude Opus 4.6, GPT-5.5, and Gemini-3-Flash. They tested Arbor against the strongest coding agents, Codex and Claude Code. Arbor and the baselines were given the same resources. For the MLE-Bench Lite tasks, Arbor was also compared against top-tier agentic research systems like AI-Scientist, ML-Master, and AIDE.

Arbor consistently outperformed the baselines. It achieved the best held-out test result on all tasks, attaining more than 2.5 times the average relative gain of Codex and Claude Code. On the BrowseComp task, which involves optimizing a search agent, Arbor improved the system’s held-out accuracy from a baseline of 45.33% to 67.67%. Meanwhile, Codex and Claude Code stalled at 50% and 53.33%, respectively. On MLE-Bench Lite, when equipped with GPT-5.5, Arbor achieved the strongest result among all benchmarked systems.

Arbor proved to be resilient against overfitting. For example, during the Terminal-Bench 2.0 task experiments, Claude Code achieved a high development score of 75 but its score dropped to 71 on the held-out data. Arbor had a lower development score of 72.22 but achieved the highest held-out score of 77.36, ensuring its results transfer to real-world applications.

Arbor also showed generalization in a cross-task transfer experiment. After Arbor finished optimizing the search harness for the BrowseComp task, researchers took the optimized codebase and tested it on two unrelated search-agent tasks, HLE and DeepSearchQA. Arbor’s optimized codebase significantly improved performance on those unseen tasks as well.

Deploying Arbor: Sweet spots and hidden costs

For engineering leads looking to drop Arbor into their existing tech stack, the framework is designed to sit on top of existing Git workflows rather than replacing them. “Its output is an ordinary git branch that your existing code review, CI, and human review can inspect directly,” Jin said. Only verified gains are merged into a per-run trunk, leaving the main repository untouched until a developer manually chooses to promote the code.

However, deploying Arbor comes with specific tradeoffs. Jin points out that the biggest catch is token cost, as maintaining a long-lived coordinator that continuously manages the tree and dispatches executors is the dominant expense. Running multiple isolated worktrees concurrently also requires genuine compute and disk resources to process real experiments.

So where is Arbor’s sweet spot? According to Jin, it excels at tasks with a clear, trustworthy metric, tolerance for a long time horizon, and a real search space with several plausible directions, such as pipeline optimization, data-synthesis quality, and model-training recipe tuning. 

Conversely, teams should explicitly avoid using Arbor for real-time latency tasks, obvious one-line fixes, or when the underlying evaluation metric is flawed. The quality ceiling of the entire run is strictly bounded by the quality of the evaluator. “If the metric isn’t trustworthy, Arbor will just optimize toward an untrustworthy result faster,” Jin said.

Jin sees the next evolution going beyond single scalar metrics. “A natural evolution is to have each node’s artifact carry a vector — accuracy, latency, cost — instead of a single score,” Jin said. “Going from a single scalar to a multi-objective Pareto search is a very natural extension of the framework.”

John Jumper, who shared a recent Nobel Prize in chemistry, announced Friday that he’s making the leap to Anthropic after “nearly 9 years” at Google DeepMind.

In a post on X, Jumper wrote that DeepMind CEO Demis Hassabis “took a real chance letting me lead the AlphaFold team just six months after finishing my PhD, and the entire GDM team taught me so much about how to do great science.”

Jumper (pictured above right, with Hassabis) added, “GDM is a special place, and I’ll still be excited to hear about what amazing things they discover next.”

Bloomberg reports that Jumper was a key member of Google’s team developing coding tools, which the company has struggled to sell to businesses. Character AI co-founder Noam Shazeer also announced this week that he’s leaving DeepMind — though in Shazeer’s case, he’s joining OpenAI. 

Jumper and Hassabis won the Nobel Prize in 2024 for their work on AlphaFold, an AI model that can predict the 3D structure of proteins based on their genetic sequences.

Following the May 2026 launch of its flagship Velsonic phono preamp, AVID HiFi is expanding its analog lineup with the Pulsus II and Pellar II phono stages. Both models replace long-serving originals: the Pulsus, introduced in 2010, and the Pellar, which followed in 2012. That is a respectable run in any product category, but especially one built around a format that some people were still declaring dead when those first models arrived.

The vinyl train keeps rolling, and there is no sign that anyone has found the brakes. In 2026, buyers have more turntables, phono cartridges, phono preamps, record-cleaning machines, tonearms, cables, mats, clamps, and other playback accessories to choose from than at any point in the past two decades. AVID’s updated Pulsus II and Pellar II arrive in a market that is no longer treating vinyl as a nostalgic side hobby, but as a serious and increasingly sophisticated part of the high-performance audio ecosystem.

On the inside, both models retain much of what made the originals successful, with targeted performance refinements wrapped in a cleaner, more streamlined exterior. AVID is not a company that releases new models every year simply because it has something new to promote. The original Pulsus and Pellar earned considerable recognition for their musicality, engineering integrity, and long-term reliability—qualities that kept both phono stages relevant for well over a decade.

That kind of longevity suggests that AVID got the fundamentals right from the beginning. The Pulsus II and Pellar II are therefore not reinventions for the sake of it, but the result of genuine advances in design, materials, and the company’s deeper understanding of how these circuits can be improved.

AVID Pulsus II and Pellar II: Refined, Not Reinvented

The Pulsus II and Pellar II build on the foundations of their predecessors with refinements in several critical areas. AVID points to more careful component selection and improved noise-reduction strategies, intended to deliver greater transparency, lower noise floors, stronger dynamic expression, and a more natural presentation of music. Both models also offer flexible adjustment options for Moving Magnet (MM) and Moving Coil (MC) cartridges.

As noted earlier, the Pulsus II and Pellar II arrive shortly after the launch of AVID’s flagship Velsonic phono preamp. Together, the three models give serious vinyl listeners a broader range of options based on their cartridge requirements, preferred feature set, and budget.

AVID’s expanded three-model phono preamp lineup reflects the company’s continued focus on meaningful engineering rather than annual cosmetic updates. The Velsonic, Pulsus II, and Pellar II mark a new phase for AVID Hi-Fi in the phono-stage category, with choices that extend from more attainable high-performance designs to a no-compromise flagship.

Plusus II and Pellar II Differences: Highlights

Detailed Comparison

The Bottom Line 

The AVID Pellar II and Pulsus II are not budget phono preamps with a nicer faceplate. Both are serious, UK-built MM/MC phono stages aimed at vinyl listeners who have moved beyond the built-in phono input on an integrated amplifier and want lower noise, better cartridge matching, and a more substantial long-term analog upgrade.

What makes AVID’s new pair interesting is the company’s refusal to treat either model as a disposable annual refresh. These are successors to designs that remained in service for more than a decade, now updated with revised component selection, lower-noise engineering, and a cleaner industrial design. The Pellar II is the more accessible entry point for listeners with one well-chosen turntable and cartridge, while the Pulsus II is the step-up option for systems where the phono stage is expected to extract more from a serious moving coil cartridge and a higher-resolution analog front end.

Competition is not exactly thin. The $2,495 MoFi UltraPhono Pro offers front-panel gain and loading adjustments, balanced and single-ended outputs, and a very different feature set. The $2,899 Cyrus 40 PPA adds four configurable inputs, balanced outputs, remote control, and upgrade potential for listeners running multiple turntables or tonearms. The tube-based Muarah MU-2 remains another compelling option around the Pellar II’s price, particularly for listeners who want easy cartridge loading changes and a warmer, more relaxed presentation.

The obvious question is whether the $4,695 Pulsus II delivers enough of a performance advantage over the $2,295 Pellar II to justify its substantial premium. That answer will depend heavily on cartridge quality, system resolution, and how deeply invested the buyer is in moving coil playback. For most vinyl listeners, the Pellar II is likely to be the more rational AVID entry point. The Pulsus II is for owners of more ambitious analog systems who are willing to pay considerably more to chase lower noise, greater refinement, and a higher ceiling.

And yes, there are far less expensive ways into external phono preamps. The iFi ZEN Air Phono 2 remains a sensible low-cost MM/MC option, but it belongs in a different conversation.

Price & Availability

The AVID HiFi Pulsus II and Pellar II phono preamps are designed and manufactured in the UK. Both will be available through authorized AVID dealers worldwide beginning July 2026. 

• The Pulsus II is priced at £2,995 / €3,995 / $4,695.
• The Pellar II is priced at  £1,450 / €1,995 / $2,295.

Related Reading:

It’s been a little over a week since Apple’s WWDC keynote, and the iOS 27 beta is already out in the wild. While Apple spent plenty of time talking about its Gemini-powered Siri, the thing I was most excited about was getting the update onto my iPhone 16e and seeing what it was actually like to live with.

I’ve been using the beta every day since then, and one thing has become pretty clear: not every new feature lived up to the hype for me. Some felt more interesting during the announcement than they do in everyday use, while others simply haven’t found a place in my routine. But a few features have been the complete opposite. They’re the ones I’ve found myself returning to again and again without even thinking about it. After spending more than a week with iOS 27, these are the three features that have stood out the most — and the biggest reason I’m still excited about this update.

The fitness app finally feels like a fitness app

I’m a bit of a fitness nerd. Whether it’s squeezing in a workout after a long day or making sure I close my Activity rings, I’m always keeping an eye on my progress. That’s why the Fitness app is one of the apps I use the most on my iPhone, and honestly, I’ve felt for a while that it deserved a refresh. The old design wasn’t bad by any means. It was clean, familiar, and easy to navigate. But it also felt a little static, especially compared to modern fitness apps that do a much better job of making your workout data feel engaging and meaningful. There was plenty of information there, but not always in the most exciting way.

The redesigned workout experience in iOS 27 changes that. Everything feels better organized, and the information I care about is much easier to spot at a glance. More importantly, the app finally feels built around the workout itself rather than just a place to store data. For example, I went on a 10km run this morning, and one of the first things I noticed afterward was how prominently my route map was displayed. Instead of digging through menus to find it, the map was right there, front and center. It reminded me of a presentation you’d expect from dedicated fitness apps like Strava. This isn’t the biggest change in iOS 27, but it makes reviewing a workout feel far more rewarding. That’s really what I like about the redesign. The Fitness app finally feels more alive. Rather than simply showing me numbers and charts, it does a better job of highlighting the moments and milestones that make working out feel satisfying.

The cleanup tool finally cleaned up its act

I never thought I’d be talking about photo editing tools as one of my favorite parts of iOS 27, but here we are. The updated Cleanup tool and the new Reframe feature have genuinely made me spend more time editing photos directly on my iPhone 16e. And honestly, that’s saying something. Before this update, Apple’s Cleanup tool was one of those features I wanted to like but rarely used. Compared to the object-removal tools on Pixel and Samsung phones, it often struggled with anything more complex than a simple background distraction. The results were hit-or-miss, and most of the time I’d rather leave the photo alone than risk making it look worse. Thankfully, that has changed.

Over the past week, I’ve used Cleanup on everything from random objects in the background to people accidentally walking into a shot, and the results have been surprisingly good. One example that genuinely impressed me was when I tried removing a book that was partially covering my face in a photo. I expected the tool to either leave behind a blurry mess or distort my face. Instead, it removed the book cleanly and reconstructed the missing area so well that it looked like the book had never been there in the first place.

For the first time, Apple’s Cleanup tool feels reliable enough that I actually want to use it. The new Reframe feature is interesting for a different reason. Using generative AI, it can virtually adjust the framing of a photo after it’s been taken, giving you a little more flexibility if you didn’t quite nail the shot. I don’t see myself reaching for it every day, but that’s okay. It feels more like a feature you’ll appreciate when you need it, rather than one you’ll use constantly. And that’s what I like about both additions. One solves a problem I run into regularly, while the other serves as a safety net for moments when a photo isn’t quite framed the way I want. 

Every “what is that?” now has an answer

Of all the new AI-powered additions in iOS 27, on-screen awareness is probably the one I’ve used the most. And yes, the moment you hear about it, you’ll probably think, “Wait, isn’t this just Circle to Search?” Honestly, that’s not a bad comparison. Circle to Search is easily one of my favorite features on my Google Pixel 10a. I use it all the time. If I’m scrolling through Pinterest and spot a chair I’d love to buy, I can instantly search for it. If I’m watching a YouTube video and notice a pair of sneakers someone is wearing, I can quickly find out what they are. Sometimes I’ll come across a landmark in a travel reel, a gadget in a review video, or even an unfamiliar dish in a food post, and Circle to Search gives me answers in seconds without forcing me to switch apps or start a new search from scratch.

That’s the same reason I’ve grown to like on-screen awareness on the iPhone. Instead of manually copying text, taking screenshots, or opening Safari to search for something, I can simply ask Siri about what’s currently on my screen. For example, while reading an article, I used it to learn more about a company mentioned in the article. When browsing online stores, I used it to identify products and compare them with similar options. I even found myself using it while planning a trip after spotting a location in a social media post and wanting to learn more about it. What makes the feature feel useful is that it understands both the visual and textual information on your screen. Siri can analyze what you’re looking at and use that context to answer questions or help you take action. Apple is also opening this up to developers through dedicated APIs, allowing apps to expose relevant information that Siri can understand and interact with. This feature removes a lot of tiny bits of friction throughout the day. And those are often the features that turn out to be the most valuable.

A week later, these are still my favorites

I’m still spending time with iOS 27 on my iPhone 16e, and if there’s one thing I’ve learned over the past week, it’s that the best features aren’t always the ones that are advertised. Sometimes they’re the smaller additions that become part of your daily routine. For me, that’s exactly what happened with these three features. Whether it’s the refreshed Fitness app making my workout data more enjoyable to revisit, the improved Cleanup tool saving photos I would’ve otherwise ignored, or on-screen awareness helping me find information without jumping between apps, they’ve all earned a place in my everyday use.

There’s still plenty of iOS 27 left for me to explore, and I’m sure I’ll discover more favorites as I continue using the beta. But if you’re wondering which features have stood out after a week of real-world use, these are the ones I’d point to first.

Last Friday, citing unspecified national security concerns, the White House ordered Anthropic to restrict the export of its powerful AI models Fable and Mythos to anyone outside of the United States, as well as foreign nationals inside the country. Shortly after, the AI giant hastily pulled the plug on both models, which have now been unavailable to anyone for a week. 

The episode is the first real test of whether the U.S. government can use export controls to contain frontier AI the way it has tried, with very uneven results, to contain encryption and spyware before it. And dramatic as it may sound, how this standoff gets resolved could shape not just Anthropic’s access to foreign markets but the rulebook that other AI labs will have to build around.

Some context first. Ever since Anthropic launched Mythos in April, the company has marketed it as some kind of Doomsday cyber machine that could wreak havoc on the internet if released too widely — which is why, before the ban, only around 150 vetted companies and government organizations had access to it at all. The goal was helping defenders secure their software and services before the bad guys could reach Mythos-like capabilities. 

So what triggered the ban? Two subsequent events, reportedly. The first: Anthropic gave a South Korean telecom access to Mythos through its limited partner program, and U.S. officials grew alarmed after identifying the company as one they suspected had ties to China. (The company, widely reported to be SK Telecom, has denied any China connection.) Amazon CEO Andy Jassy also reportedly alerted the administration after Amazon’s own researchers, he said, found a way around Fable 5’s safeguards. Anthropic disputes the “jailbreak” label, calling it a narrow, already-patched issue rather than a wholesale defeat of the model’s safety measures.

The result was the same: the Commerce Department issued an export control directive, and Anthropic had to scramble to immediately limit access to its products — within roughly 90 minutes of being notified, by some accounts.

None of this is new, though. Governments have tried to use export controls to limit the proliferation of what they see as dangerous cyber technology for decades, but their track record has been middling at best. 

The U.S. government was behind what is perhaps history’s most spectacular failure of this approach in the early to mid-1990s. At the time, computer scientists were developing encryption technologies to secure data as it traveled over the internet. One of those encryption products was called Pretty Good Privacy, or PGP, a popular software that could encrypt data and make it virtually impossible to unscramble even if intercepted as it traveled to its intended recipient over the internet. 

The U.S. government initially saw PGP as a dangerous weapon, fearing it would prevent its intelligence agencies from snooping on emails as they crossed their wires. To stop the distribution of PGP, the U.S. Customs Service opened a criminal investigation against PGP’s creator Phil Zimmermann for allegedly violating arms export controls. He fought back by publishing PGP’s source code as a printed book, igniting what is known today as the “Crypto Wars.” 

Zimmermann later won a key battle when the investigation was closed, paving the way for crucial end-to-end encryption algorithms such as the one used by billions of Signal and WhatsApp users. 

Later during the early 2010s, researchers began discovering Western-made spyware used against dissidents in the Middle East. In response, several governments agreed to expand the Wassenaar Arrangement, an international treaty that limits the export of dual-use software and technologies that are used in both civilian and military applications.

The idea was to classify surveillance and hacking software as dual-use, thus forcing spyware makers to get export licenses to sell their products abroad. 

But Wassenaar has always had two inherent weaknesses. There are several countries that don’t adhere to the agreement, including Israel, which houses some of the world’s most active spyware makers.

The agreement also depends on countries applying it to companies within their borders at their own discretion. For a time, the Italian government allowed one of the country’s then-top spyware makers, Hacking Team, a license to export its tools around the world, despite the company’s track record of selling spyware to oppressive governments that used it to hack journalists and human rights activists. 

Since then, other countries in Europe have been lax with spyware makers like Italy. Despite numerous scandals, Europe, home to many spyware and hacking tools makers, has continually failed to curb the export of spyware to authoritarian regimes. Critics say that a recently renewed effort across the bloc of 27 member states to tackle its growing problem of spyware exports to authoritarian states “does not go far enough.”

Several spyware makers, such as Intellexa, a sanctioned consortium of spyware companies,  have simply moved their operations to countries with lax export controls. Other spyware makers sought to move their operations to Saudi Arabia for similar reasons.

There have been some wins. Germany-based spyware maker FinFisher shut down in 2022 after a multi-year investigation by German prosecutors into the company for allegedly selling spyware to Turkey without an export license. Investigators previously found the FinFisher spyware had been deployed on the phones of critics of Turkey’s government. 

As of the time of writing, the impasse between Anthropic and the Trump administration remains. There is a reasonable chance the administration will buckle and lift the restriction in the interest of keeping American AI companies competitive worldwide — a move that would amount to tacit acknowledgment that AI labs elsewhere, including in China, will likely reach similar capabilities regardless of what the U.S. restricts. Or, American AI companies could end up needing government approval before serving foreign customers at all, a compliance burden that would invariably dent their bottom line. 

Given the past experiences that world governments have had with trying to control the reach of software, government-mandated export controls are unlikely to be the right approach to stop malicious actors from abusing powerful dual-use cyber technologies.

A new ransomware operation named ‘Prinz Eugen’ prioritizes recently modified files for encryption and leaves no ransom note on the system.

An investigation from Threatdown, Malwarebytes’ enterprise cybersecurity arm, found that the Prinz Eugen hackers have a hands-on-keyboard style and prefer to use legitimate remote monitoring and management (RMM) software and living-off-the-land tools.

According to the researchers, initial access is likely achieved through stolen RDP credentials, followed by the manual download and execution of the main payload, ‘servertool.exe.’

In an investigated incident, the researchers observed the use of the RemotePC RMM tool and a backdoor administrator account that provided persistence.

Unlike many modern extortion operations, Prinz Eugen does not operate under the ransomware-as-a-service (RaaS) model, and its developers are not currently recruiting affiliates.

Unlike most extortion operations, Prinz Eugen is not a ransomware-as-a-service (RaaS), or at least the developers are not currently looking for affiliates.

Currently, the threat actor’s data leak site only lists three victims, each one showing that the hackers engage in data encryption, exfiltration, or both. However, the cybersecurity community is aware of more organizations impacted by Prinz Eugen ransomware.

Encryption strategy

An analysis of a Prinz Eugen attack revealed that the Go-based malware prioritizes the encryption of the most recently modified files. When multiple files share the same timestamp, they are processed in alphabetical order.

Threatdown researchers believe this approach is intended to maximize the impact on victims by targeting files that are more likely to be business-critical and in active use, increasing the pressure to pay the ransom.

The analyzed sample checks directories recursively with no depth limit and no exclusions, and encrypts virtually every file except those with the .prinzeugen extension, which Prinz Eugen uses for encrypted files.

The ransomware employs ChaCha20-Poly1305 encryption with a 32-byte master key, a random initialization vector for each file, and a key derivation function based on Argon2id, SHA-256, and HKDF-SHA256.

The encryption process is carried out in 1 MB chunks, and file integrity is checked using the SHA-256 hash function.

The researchers noticed that when the malware uses the –delete flag to delete the original file after encrypting it, a check occurs to make sure that the file can be decrypted before removing it from the system.

To prevent the encryption key from being retrieved, Prinz Eugen ransomware overwrites it with zeroes, forces garbage collection to eliminate it from memory, and then self-deletes from disk.

Analysis of the encryptor showed no functionality to drop a text ransom note or change the desktop wallpaper. Threatdown researchers say that the absence of a ransom note “is a tactic we see more often among organized ransomware groups.”

This is typically done to reduce the forensic footprint and make it more difficult for the extortion step to be detected automatically.

“By moving ransom communications entirely out-of-band (through direct email, phone contact, or dark-web victim portals), the actor reduces forensic artifacts and complicates automated detection of the extortion phase,” the researchers say.

The researchers identified at least five Prinz Eugen victims, saying that in the case of the Standard Bank breach, the attacker demanded a ransom of 1 BTC and was refused.

ThreatDown’s report provides a list of indicators of compromise to help both organizations and researchers analyze, detect, and defend against Prinz Eugen ransomware attacks.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Advertisement

Get the whitepaper

Salome Mikadze-Struk is no stranger to adversity. The daughter of refugees, she built a software-development business as an undergraduate at the height of the COVID-19 pandemic and kept it running despite the outbreak of war in her native Ukraine. Now, she’s drawing on her experiences to mentor tech-startup founders and speak publicly about the importance of resilience in entrepreneurship.

Mikadze-Struk was studying at Georgetown University, in Washington, D.C., when COVID-19 struck. Classes went online, and she moved back to Ukraine. In the midst of that disruption she saw an opportunity to develop her business idea, called Movadex, by tapping Ukraine’s pool of talented young engineers. Then Russia invaded in early 2022, during her final semester. Taking online classes from bomb shelters and helping employees evacuate to safer parts of the country was surreal, she says, but the team kept the company afloat and she graduated later that year.

In 2023, Mikadze-Struk took a hiatus from her business to pursue an MBA at Stanford University, which she completed this year. In her precious spare time she’s been advising startups and giving talks, using her unique perspective to promote the need for resilience in entrepreneurship—something she thinks is increasingly important in the software industry as AI coding tools upend old business models.

“You need to be okay with risk, you need to be resilient. You need to be okay with disruption and okay with uncertainty,” she says, “because this is inevitably going to be part of this industry for the foreseeable future.”

An Early Focus on Education

Mikadze-Struk’s parents had settled in Ukraine after fleeing conflict in the Abkhazia region of Georgia in the early 1990s. “They left everything behind,” she says. “You can look on Google Maps and zoom in on where their houses were and it’s all rubble.”

Despite this backstory, Mikadze-Struk says she and her sister had a conventional middle-class upbringing in Kyiv. Her father ran a small shop and her mother was a stay-at-home mom. Her parents placed an emphasis on education and encouraged her to study hard and take part in extracurricular programs such as Ukraine’s Junior Academy of Sciences, which introduces students to research.

“They weren’t rich, so they knew that our way to make it in life was not through investments, but through merit-based accomplishments,” she says.

When Mikadze-Struk was 14, her family discovered the newly launched Ukraine Global Scholars program, a nonprofit that helps talented students secure scholarships abroad. The program helped her win a full scholarship to the Emma Willard School, a private girl’s school in Troy, N.Y.

Discovering Tech

After graduating high school in 2018, Mikadze-Struk was accepted to Georgetown to study business administration. But it was outside the classroom that her career direction began to take shape. She won a startup competition with a medical device she had developed for a school project and, while the business idea didn’t go anywhere, it sparked an interest in entrepreneurship.

Ukraine’s software industry was booming, and she began attending startup events and competitions in her home country the summer before starting college. There she met her eventual cofounder Nor Newman.

Despite both being just 18, they saw a gap in the market. The pair noticed many founders had strong ideas but lacked the technical expertise to realize them, while talented engineering students often struggled to gain real-world experience. Newman had begun informally connecting startups with his college friends, but the pair soon saw commercial potential. “We realized we could actually create our own startup studio and help startups as a team, versus just connecting people,” says Mikadze-Struk.

Then, when the COVID-19 pandemic struck in early 2020, halfway through her sophomore year, it brought both disruption and opportunity for Newman and Mikadze-Struk. While travel restrictions and lockdowns made life complicated, there was also a surge of companies looking to move their business online. “COVID really skyrocketed everything we were doing,” she says.

Sensing an opportunity, Mikadze-Struk and Newman incorporated Movadex in Ukraine in early 2020. From the start, they decided to focus on not only providing engineering talent, but also helping startups with product development. Many times, says Mikadze-Struk, a founder’s vision for the software doesn’t line up with what users actually want. “What really helped us grow is not just the engineering or quality of code, but rather a holistic approach to creating a product and actually getting into the brain of the user,” she says.

Navigating Adversity

Back in Ukraine, Mikadze-Struk had to juggle this booming business with studying remotely—taking classes at night and working during the day. It was exhausting, she says, but it also allowed her to immediately apply what she learned in business classes to building her startup.

Having successfully navigated the pandemic, Mikadze-Struk was dealt another wild card. In early 2022, Russia invaded Ukraine and her life was again turned upside down. It was particularly traumatic for her family, having already been forced from their home in Georgia once by war.

In 2023, Mikadze-Struk took an extended leave from her company to pursue an MBA at Stanford.Christie Hemm Klok

“For my parents to experience their daughters going through all the same things they had gone through was really heartbreaking,” she says. “But at the same time, because I’d heard so much about their story of resilience I had power in me to not fully break down.”

On the day of the invasion the founders told employees to take the day off and emailed clients to warn of potential disruptions. The next couple of days were spent checking on staff and evacuating as many as possible to their headquarters in Lviv, in Western Ukraine.

By the following Monday the business was back up and running. Soon afterward, they partnered with the Lviv IT Cluster business association’s nonprofit arm to help resettle refugees from the eastern part of Ukraine, where strikes were focused, and offer job placements. Throughout this period, Mikadze-Struk was also completing her final year at Georgetown remotely. “Half of my senior year was actually spent in bomb shelters,” she says.

Promoting Resilience in Entrepreneurship

That summer, Mikadze-Struk graduated with a bachelor’s degree in business administration and learned she had been accepted onto Stanford University’s MBA program. In 2023, she took an extended leave from Movadex and moved to California. She also gave birth to her daughter in 2024.

Balancing studies and parenthood was already a full-time job, but she continued to engage with the startup ecosystem by volunteering as a startup mentor and public speaker. Now, after graduating from Stanford, she is stepping back into a more active leadership role at Movadex, where she hopes to drive the company’s expansion into the United States. She also wants to develop a stronger focus on helping customers understand and implement AI in their businesses.

While AI is undeniably disrupting the tech industry, Mikadze-Struk, now an IEEE Senior Member, is fundamentally optimistic about its impact. “The way AI democratized access to building software and to prototyping…is just mind blowing,” she says.

But it will require a significant shift in mind-set for engineers, especially junior developers hunting for jobs. They need to “fall in love with AI” and embrace it as a powerful copilot, she says. As these tools increasingly take over the nuts-and-bolts work of coding, engineers also need to nurture higher-level skills like systems thinking and architectural design.

Perhaps most importantly, given the rapid pace at which the technology is evolving, engineers need to nurture their adaptability and resilience. “It’s both exciting and scary, because you don’t know what tomorrow will bring.”

After a conflict between guards and farmers nearly ended in violence, Tata’s Indian iPhone factory is now facing health authority accusations of contamination.

Early on June 15, 2026, India’s Tamil Nadu Pollution Board (TNPCB) was reportedly threatening to force a shutdown of Tata’s iPhone plant. It followed a series of inspections that reportedly found contaminated wastewater had reached local wells.

Tata was also accused of failing to respond to the TNPCB’s complaints, but then on June 16, the case was dropped. Tata said first that its independent study showed it was following regulations, and then that the India regulator had now “dropped any further course of action on this issue.”

Now according to Reuters, however, the local Indian health authority in the district is still pursuing a case based on complaints from local farmers. As reported to Tata, an inspection found discharge with a “severe foul smell,” and left water “unsuitable for animals to drink.”

That report to Tata also said that local people had been getting skin-related health issues due to the contamination.

Separately, a group of farmers crossed onto Tata’s land on June 15 to photograph a reportedly contaminated pond. A Tata guard is said to have fetched a firearm, after which the group claims to have said “shoot us,” before the security officer backed down.

It appears that this health investigation has been running since at least late May 2026. That’s when the TNPCB reportedly concluded its own inspections.

The factory makes back panels and other iPhone components. Tata has been growing its iPhone manufacturing since 2023 when it bought Wistron’s plant, and then went into partnership with Pegatron.

Neither Tata nor Pegatron has commented on the latest report. Apple has not commented publicly either.