Connect with us
DAPA Banner
DAPA Coin
DAPA
COIN PAYMENT ASSET
PRIVACY · BLOCKDAG · HOMOMORPHIC ENCRYPTION · RUST
ElGamal Encrypted MINE DAPA
🚫 GENESIS SOLD OUT
DAPAPAY COMING

Tech

New Helix vishing group emerges in SharePoint data theft attacks

Published

on

New Helix vishing group emerges in SharePoint data theft attacks

A new data-extortion group called Helix is using identity-focused tactics such as voice phishing (vishing), device code phishing, and multi-factor authentication (MFA) abuse to steal data from SharePoint environments.

Initial contact is made through vishing. In some cases, the threat actor called employees while impersonating their manager, using either the manager’s name or caller ID spoofing to appear legitimate.

The purpose is to trick the target into device-code phishing schemes to gain access to their accounts.

image

Once inside, Helix operators quickly register a new multi-factor authenticator app for persistence, then browse and enumerate SharePoint before exfiltrating files.

According to researchers at cybersecurity firm ReliaQuest, the stolen data is typically used to extort victim organizations by threatening to publish it unless a ransom is paid, or it is sold to other cybercriminals.

Advertisement

The SharePoint exfiltration behavior is Helix’s strongest technical fingerprint.

“Automated enumeration and collection were identical across incidents and represent the most reliable fingerprint. Enumeration ran from 179.43.185[.]230 using the python-requests/2.28.1 user-agent,” the researchers note.

“The operator issued contentclass:STS_Site and wildcard (*) SharePoint searches to inventory all reachable content, then bulk-downloaded from the same IP and user-agent.”

Links to ShinyHunters and BlackFile

ReliaQuest believes that Helix emerged from the ShinyHunters and BlackFile data extortion groups based on the techniques and infrastructure used, although the researchers did not find a definitive connection.

Advertisement

Over the past month, Medtronic, Nissan, NAIC, Kodak, Infinite Campus, and Nottingham University confirmed data breaches previously claimed by ShinyHunters.

The now defunct BlackFile data extortion group targeted organizations using identity-based attacks and social engineering before ceasing operations in April.

ReliaQuest’s research found that one Helix attack used an exfiltration IP address in the same autonomous system (AS 51852) that hosted a confirmed BlackFile IP address, suggesting shared resources.

Additionally, Helix emerging shortly after BlackFile shut down may indicate a potential continuation of the extinct operation. ReliaQuest also mentions Pink and Redact as potential successors.

Advertisement

Concerning the link to ShinyHunters, Helix demonstrates a very similar social engineering playbook, including vishing, employee impersonation, targeting Microsoft 365, and stealing SharePoint data.

A second clue is the use of the NICENIC registrar, which has also been seen in past ShinyHunters campaigns.

As a highest-impact defensive measure against Helix attacks, the researchers recommend that device code authentication be disabled where possible.

Other recommendations include restricting SharePoint access to only managed devices and blocking exchanges with newly registered domains, which Helix typically uses in its attacks.

Advertisement

article image

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Source link

Continue Reading
Click to comment

You must be logged in to post a comment Login

Leave a Reply

Tech

Playdate Is Helping Big Ben Ring On Time

Published

on

Sometimes, gamers find each other in the most unexpected places. Today, we learned that there’s a geeky gaming cameo in the National Geographic travel show Best of the World with Antoni Porowski. During the Queer Eye alum’s time in London, he visited Big Ben with Andrew Strangeway, a clock mechanic for the Houses of Parliament. Apparently, Strangeway has programmed his Playdate to help check the timing for the iconic clocktower’s bells to ring. The Playdate isn’t a new tool in the clock mechanic’s arsenal either. An earlier video of him and a colleague showed the Playdate in use during preparations at Big Ben to ring in 2025 on New Year’s Eve.

small handheld. big ben.

Playdate (@play.date) 2026-07-09T00:29:53.372Z

Playdate posted about the most recent cameo on Bluesky. The company added, “for real, though, this is the kind of surprising magic that happens when you make hardware that’s easy to program for, sideloadable, and with a nice SDK!” We’ve still loved playing with this wildly inventive little yellow machine over the years, and it’s amazing to see it being used for completely non-gaming purposes out in the wild.

Advertisement

Source link

Continue Reading

Tech

Datacenter MacGyver saved the biggest football match of the year

Published

on

ON CALL The 2026 FIFA World Cup continues and at the time of writing, The Register‘s home nation – England – remains in with a chance to bring home the trophy!

We therefore devote this week’s edition of On Call, our weekly reader-contributed tale of tech support, to the beautiful game.

We’re able to do so thanks to a reader we’ll Regomize as “George” who once pulled off a great save when, decades ago, he worked as one half of the two-person tech team at one of Europe’s most famous football clubs.

“The IT manager wouldn’t work weekends,” George told On Call, and that meant he had to attend most home games to provide tech support.

Advertisement

“Mostly I’d be paid overtime to sit around in the police control room for a few hours, eat free pies, and pretend I was vital to operations,” George wrote. “Occasionally, a minor issue would require my input, but typically it was a quiet day spent watching the match in comfort.”

The club George worked for enjoys an ancient and enormously fierce rivalry with another. When the two teams meet, it’s a major event, authorities insist on extra security, and police brace for trouble across an entire city.

That caution extends into the club’s stadium.

“The club would hand over overall responsibility for stadium safety to a suitable deputy chief constable for the duration of the game,” George explained. “That officer had the ultimate say on whether the match would go ahead in the case of any safety issues.”

Advertisement

On the day in question, power to the police control room suddenly went out – just as the ground started filling for the big match.

“This was a major issue. We had no radio to coordinate hundreds of stewards and police officers, no CCTV monitoring stations, and most critically, no exit gate control – an essential requirement for acceptable match day safety,” George told On Call.

Club officials therefore dispatched an electrician to sort things out, but the sparky soon returned with bad news: a recent upgrade had burned out, and a fix would take days.

On most match days, the outage would mean immediate cancellation of the match – and a big fine for the club for failing to stage the game. But with a fevered crowd flooding in from the streets near the stadium, calling off the match had the potential to see frothing fans turn ugly.

Advertisement

The officer in charge and the stadium operations director therefore entered had a terse discussion, during which they asked the electrician if a portable generator might address the problem – but that wasn’t possible.

At this point, George asked the officer in charge what minimum setup would make it safe to let the game proceed.

“The response was that if we could centrally open the exit gates at the end of the match, or in the event of an evacuation, and get the CCTV and radio working, the match could go ahead.”

George then revealed that he had just that week installed a new 4U uninterruptible power supply (UPS) in the football club’s server room and had been charging it ever since. (In case any tech-averse football fans stumble upon this story, a UPS is a substantial battery used to keep critical computers running when power drops out. They store plenty of energy, but nobody assumes they’ll last for hours.)

Advertisement

George felt the UPS unit might do the job.

“After some quick napkin math, I suggested it might have enough juice to power those critical systems for long enough to allow the match to proceed,” he wrote.

The police officer and operations director agreed to let George try to make it work.

“I rounded up a few lingering stewards, the electrician, and two uniformed coppers, and we set off to the server room. We retrieved the UPS and humped the massive bloody thing halfway round the stadium, through the crowds, and up the tight stairwell into the control room.”

Advertisement

George then jury-rigged extension cables to the systems that needed power and turned them on.

“I felt like Tom Hanks trying to get that guidance computer online in Apollo 13,” he told On Call.

“Amazingly, everything actually came up and stayed up, the UPS’s extremely vague five LED capacity lights held solid at full green and the order was given for the match to proceed,” George said.

He spent the entirety of the match staring at those LEDs, and as the match progressed, he started praying it would not go too deep into stoppage time.

Advertisement

“The final whistle blew, we opened the gates, and the UPS lasted another 10 minutes before finally conking out,” he told The Register.

“For my MacGyveresque efforts, saving the high-stakes match, protecting the safety of tens of thousands of fans, and saving the club a fortune in fines, I was duly awarded a gift voucher to be spent at the club’s on-site superstore,” George told On Call. “The value of the voucher was not even enough to buy myself a single home-team shirt.”

Adding insult to injury, when he checked his next payslip, George realized the club had counted the value of the voucher as additional income, and he had therefore paid tax on it.

Have you saved a big event or MacGyvered a tech support fix? If so, click here to send your story to On Call. We’d love the chance to steer it into the back of the net on a future Friday. ®

Advertisement

Source link

Continue Reading

Tech

Cash App reaches $45 million settlement over alleged failure to protect users from fraud

Published

on

The takeaway: Block, the parent company of mobile payment service Cash App, has reached a $45 million settlement with regulators and the attorneys general of 46 states and the District of Columbia to resolve allegations that it failed to adequately protect users from fraud. As part of the settlement, Block also agreed to provide live customer support to all users.

According to the indictment, Block exposed its users to fraud by misleading them about Cash App’s security. The company promised advanced fraud detection mechanisms but allegedly allowed scammers to operate freely. Investigators further alleged that the app did not provide a phone number for customer support, leading many users to search online, where they found fake numbers created by scammers.

Investigators claimed that Block, founded by Twitter co-founder Jack Dorsey in 2009, was aware of the phone support scams but did little to prevent them. In fact, the company reportedly did not establish an official support hotline until 2021. Cash App also did not require a Social Security number or date of birth during signup, making it easier for potential scammers to target unsuspecting users.

In separate press statements, attorneys general from several states including New York, Texas, Wisconsin, California, Oregon, and Colorado heralded the settlement as a major victory for consumers. They also slammed the company for not being forthright to its users about its lax security protocols and inadequate customer support mechanisms.

Advertisement

According to New York Attorney General Letitia James, Block marketed Cash App as a secure service comparable to traditional banks, leading customers to believe that their funds were protected by cutting-edge security protocols. In reality, the company allegedly did not have a proper fraud detection system and offered no way for customers to report scams and fraud.

Texas Attorney General Ken Paxton claimed that “lax verification standards, a years-long absence of phone support, and deceptive social media promotions” by Block left users exposed to scammers. He added that the company was also accused of delaying internal fraud investigations and locking legitimate users out of their accounts, leaving them with no way to recover stolen funds.

Wisconsin Attorney General Josh Kaul noted that people who entrusted Cash App with their earnings deserved “a clear picture of how safe their money would be.” Instead, Block misled them about the strength of its consumer protections. Kaul added that the company’s lackadaisical approach was especially alarming, given that many of its customers are unbanked or underbanked Americans.

Washington Attorney General Nick Brown said that Block had separately agreed to pay $20 million to settle a lawsuit filed by the Washington Department of Justice, alleging that the company facilitated at least $22 million in fraudulent unemployment insurance payments over a five-month period during the Covid-19 pandemic in 2020.

Advertisement

Source link

Continue Reading

Tech

McLaren 788HS Showcases a Focused Finish to V8 Supercar History

Published

on

McLaren 788HS Reveal
The Goodwood Festival of Speed sets the stage for McLaren’s next release, the 788HS, which is promoted as the final iteration of a mid-engine V8 supercar line that began with the 720S in 2017 and has since included the 765LT and 750S. The 4.0-liter twin turbo V8 delivers 777 horsepower, a 37-horsepower improvement from the 750S. Not that it counts, but the torque remains at 590 pound-feet, and the engine continues to spin at 8500 rpm.



The acceleration is quick enough to hit 60 mph in 2.8 seconds, 124 mph in 7 seconds, and 205 mph in no time at all. The coupe’s dry weight is a svelte 2789 pounds, thanks to McLaren engineers’ efforts to reduce any unnecessary weight. They retuned the linked hydraulic suspension and sharpened the front end, lowering it by 0.2 inches compared to the 750S, with the intention of increasing body control and steering response.

Sale


LEGO Speed Champions McLaren W1 Race Car Toy for Boys & Girls, Ages 9+ – Building Set for Pretend Play…
  • BUILD A RACING LEGEND – Experience the thrill of the track with LEGO Speed Champions McLaren W1 – The Real Supercar (77257) building toy for kids…
  • 1 DRIVER MINIFIGURE – This race car toy building set includes a driver minifigure wearing a McLaren outfit, with a wig, wrench, and helmet…
  • AUTHENTIC MCLAREN DETAILS – Car lovers will appreciate features and functions inspired by the real supercar, including an adjustable rear wing, a…


There’s more, including carbon-ceramic brakes, which are only seen on the Senna, so that speaks volumes about what they’re up to. Six-pot forged aluminium calipers hold the front discs tightly in place. We also obtained our first center-lock wheels on this car, which were lifted directly off the Senna. This vehicle has advanced aerodynamics, producing 10% more downforce than the 765LT. We now have a new S-duct that channels air through the hood and across the cockpit, and the active rear wing has been updated. We also get a larger diffuser; more on that in a minute.

Advertisement


Its aerodynamic components are made of carbon fiber, because why not? Because you are receiving symposer tuning, the crew has also incorporated a quad-exit titanium exhaust, allowing you to enjoy the engine sound from start to finish. The improved engine-mount calibration allows for an almost direct connection from powerplant to driver.

McLaren 788HS Interior
McLaren 788HS Interior
McLaren 788HS Interior
The interior has been redone, and they just went a bit further, so no one is complaining. It has a carbon fiber center console, seats with a new perforation pattern, and a special number plate with distinguishing badging. Only 200 of these will be built, with half coupes and half spiders developed by McLaren’s Special Operations division. Owners can customize the colors, materials, liveries, and other interesting elements to make each one truly unique.

McLaren 788HS Reveal
McLaren 788HS Reveal
McLaren 788HS Reveal
You’re looking at a starting price of £450,000 before you even consider all the choices. The 750S already costs that much, so adding all of the bells and whistles will make this car even more pricey. Until recently, the HS badge was rather uncommon, appearing on only two other McLarens in history. This is it, the third installment, and it concludes the current platform saga, but a new generation is just around the way.

Source link

Advertisement
Continue Reading

Tech

Fresh Galaxy Z Fold 8 leak suggests US buyers won’t escape a price hike

Published

on

Samsung has confirmed its next Galaxy Unpacked event for July 22, where it’s expected to unveil its next-gen foldables. Recent reports suggest the devices may be priced significantly higher in Europe compared to their predecessors. Now, a new leak claims the same could be true for the US market as well.

US buyers could see a $100 jump

According to South Korean outlet SEDaily, the Galaxy Z Fold 8, AKA the Wide Fold, is expected to launch in the US at $1,899 for the 256GB model. The Galaxy Z Fold 8 Ultra, the direct successor to the Fold 7, could cost $2,099 for the same storage capacity, a $100 hike over the Fold 7’s $1,999 launch price.

This lines up with the European pricing leaked earlier this month, which put the base 256GB Ultra model at €2,199, a €100 increase over its predecessor. Although the SEDaily report doesn’t outline pricing for the other storage variants, the hike is expected to be steeper for those models.

The price hike is likely tied to the ongoing memory shortage, though Samsung is reportedly still “conducting a final review of its pricing plan,” meaning the final figures could shift by the July 22 launch.

New AI features and One UI 9.0 could help justify the higher price

To offset the price increase, Samsung is reportedly leaning heavily on software upgrades for the upcoming models. The Galaxy Z Fold 8, Fold 8 Ultra, and Flip 8 could be the first from the company to launch with One UI 9.0 and Gemini Intelligence, Google’s new AI system that can carry out tasks across multiple apps.

Advertisement

While the report doesn’t offer pricing details for the Flip 8, it echoes earlier reports suggesting the device could ship with a Qualcomm chip in select regions and Samsung’s own Exynos chip elsewhere. Samsung has not confirmed anything officially, so it’s best to take this information with a grain of salt until the company takes the stage on July 22.

Source link

Advertisement
Continue Reading

Tech

Microsoft expects more Windows security updates from AI-discovered flaws

Published

on

Windows

Microsoft says Windows users should expect to see an increase in security updates as the company increasingly relies on artificial intelligence to discover vulnerabilities in its codebase.

In a blog post published today, Microsoft said advances in AI have significantly accelerated vulnerability discovery, allowing engineers to identify more security issues before they can be exploited in zero-day attacks.

“The pace of vulnerability discovery is changing with advances in AI making it possible to find more issues, faster, across more code, with new mechanisms that can accelerate both discovery and analysis,”  Microsoft said.

image

As part of this approach, the company is using Microsoft Security’s multi-model agentic scanning harness (MDASH), an AI-powered vulnerability discovery system previously detailed by Microsoft, which scans critical binaries and validates potential vulnerabilities using multiple AI models.

Microsoft says the system scans critical Windows binaries for vulnerabilities and then validates the findings using multiple AI models. Vulnerability candidates are then passed through a second Windows-specific validation pipeline designed to eliminate false positives before engineers investigate the issues.

Advertisement

The company says it is also using AI to help engineers understand failures more quickly, suggest possible bug fixes, and identify similar bugs elsewhere in the Windows source code. However, Microsoft says human engineers will still oversee and review all proposed code and validate fixes before they are released into production.

Microsoft says the increased use of AI for vulnerability discovery means customers are likely to see more security updates to address newly discovered vulnerabilities in each monthly Patch Tuesday release.

“As AI helps defenders discover more issues, customers will see a higher volume of security updates included in each security release,” says Microsoft.

Artificial intelligence is used not only to find and fix vulnerabilities but also by threat actors to power their attacks and exploit zero-day flaws before they are fixed.

Advertisement

Due to this, Microsoft also announced today that it is updating its Secure Development Lifecycle (SDL) practices to account for AI-enabled attack techniques and to use AI earlier in the software development process to identify security issues before features are released.

This announcement comes two days after Reuters reported that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has begun using Anthropic’s Fable AI model to scan government software for vulnerabilities that cybercriminals or foreign intelligence services could exploit.

According to the report, the AI-assisted code audits have already uncovered numerous vulnerabilities, though officials did not disclose how many or provide details on their severity.


article image

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Advertisement

Get the whitepaper

Source link

Continue Reading

Tech

A Pixel 9 Pro XL for $649 is an absolute steal

Published

on

A 21% price drop on the Pixel 9 Pro XL brings one of Google’s most powerful Pixels to its lowest recorded price.

The Google Pixel 9 Pro XL is now $649, down from $823.99, and will save you 21% on a phone whose triple-lens camera system with pro controls and 20x Super Res Zoom Video already made the full asking price easy to justify.

Deal Google Pixel 9 Pro XLDeal Google Pixel 9 Pro XL

Under $650 and at an all‑time low, the Pixel 9 Pro XL is a worthwhile discount for a dependable phone

Dropping to an all‑time low below $650, the Pixel 9 Pro XL becomes an easy, great‑value pick if you want a phone that simply performs.

Advertisement

View Deal

The 50MP main sensor works alongside telephoto and ultrawide lenses to give you manual control over shutter speed and focus, which means you can shoot in conditions where most phone cameras would leave you stuck on auto and hoping for the best.

Advertisement

Video is where the Pixel 9 Pro XL separates itself most clearly, with Super Res Zoom capturing smooth and detailed footage at up to 20x magnification, where Video Boost enhancing your recordings to 8K resolution through Google’s cloud processing.

Low light no longer means settling for grainy or washed-out footage either, because Night Sight Video produces sharp and richly detailed clips in darker environments like restaurants, evening street scenes, and nighttime skylines without drowning everything in harsh artificial brightness.

Advertisement

Google’s AI tools extend that camera confidence into editing as well, with Magic Editor letting you reframe and reimagine your shots after the fact while Add Me ensures the photographer never gets left out of group photos by swapping them into the frame.

Advertisement

All of that runs on the Tensor G4 chip with 16GB of RAM behind a 6.8-inch Super Actua display running at 120Hz, and the 5060mAh battery comfortably delivers a full day of heavy use without needing to reach for a charger.

Google backs the phone with seven years of OS and security updates too, which means that at 21% off and sitting at an all-time low price, this is a handset built to comfortably outlast the contract you buy it on.

That kind of longevity puts it near the top of an already strong lineup, and our guide to the best Google Pixel phones ranks the full range by performance, camera, and value if you want to see how the rest compare.

The Pixel 9 Pro XL is one of the most exciting Pixels in a long time; it not only sports a desperately-needed design refresh, but a boost to the auxiliary camera lenses, all-day battery life and a huge focus on GenAI allows it to stand out from the competition.

Advertisement
  • Redesigned chassis looks way more modern

  • Holistic, genuinely helpful approach to AI

  • Amazing photo and video capabilities

  • All-day battery life

  • Second price hike in two years

  • Can get hot when gaming

  • Tensor G4 isn’t much more powerful than the G3

Advertisement

Advertisement

SQUIRREL_PLAYLIST_10148964

Source link

Advertisement
Continue Reading

Tech

What’s The Minimum Distance Boaters Need To Keep From An American Navy Ship In US Waters?

Published

on





The United States Navy’s main mission is to protect the country at sea, including deterring opponents from attacking the United States, intelligence gathering with units like the Secret Service, and maritime security. As conflict continues around the world and other naval powers deploy additional warships, the U.S. Navy has announced an aggressive shipbuilding plan to expand its fleet in hopes of maintaining its enormous naval forces. In fact, the U.S. has such a large naval presence that there are restrictions on how close another ship can get to a Navy vessel at sea.

Certain areas of the country are designated as Naval Vessel Protection Zones, and they have strict regulations in place to prevent incoming attacks and security threats. In these zones, boats cannot get within 100 yards of a U.S. Navy ship. Additionally, boats must operate at a minimum speed if they pass within even 500 yards from a U.S. Navy ship. This means boats must proceed with their “bare steerageway,” which is the minimum speed at which a boat can still turn properly. In either case, a boat must contact naval authorities in order to proceed.

Advertisement

What happens if you get too close to a U.S. Navy ship?

It’s not always possible to keep a safe distance from a U.S. Navy ship within a Naval Vessel Protection Zone. If a boat does pass within 500 yards, it can only proceed once it has contacted the commanding officer or official patrol, and they have given the green light. 

If you must go within 100 yards of the ship, you have to contact the ship or the Coast Guard’s escort vessel service, specifically on Channel 16 on a VHF (very high frequency) radio. While this is the designated international hailing and distress channel, military vessels may not be actively monitoring. On your end, hail them a single time, let them know you need to pass through, and await their response.

Violating these regulations in the Naval Vessel Protection Zone is considered a felony offense and is punishable by up to six years in prison and/or up to $250,000 in fines. It’s worth noting, as well, that the U.S. Navy is authorized to protect its vessels in certain situations if a threat is identified.

Advertisement



Source link

Advertisement
Continue Reading

Tech

‘I didn’t grow up coding, but I’ve always loved a puzzle’

Published

on

Harsha Koorimannil Valiyamannil discusses the factors that influenced her love of computer science, the leap of faith that brought her from India to Belfast and what the future holds for her.

“I wasn’t one of the kids who grew up coding, but I have always loved a good puzzle”, said Harsha Koorimannil Valiyamannil, a recent computer science graduate who left Ulster University with first class honours and a lengthy list of achievements. 

Koorimannil Valiyamannil told SiliconRepublic.com, “I enjoy spotting patterns and figuring out how things work, so when it came to choosing a path, computing science felt like a natural fit for how my brain works. I knew I would enjoy the logical side of it, but what surprised me most was how much room there is for creativity.”

She previously studied animation and graphic design in her native Kerala, India and had always shown an aptitude for maths, so with all of that combined, it made sense to her that she would look to develop a lifestyle and career that merged her skills and interests.  

Advertisement

She believes her artistic background has greatly shaped the way she approaches problems, enabling her to experiment, look at things from multiple different perspectives and communicate ideas in ways that resonate with people. 

“I loved that computing gave me a highly practical toolkit to merge problem-solving with creative design and build tangible things people can actually experience. 

“That is what continues to drive my career path. I want to build accessible technology that goes beyond just being functional. I believe the best solutions are the ones that understand the people using them, consider their needs and make their everyday experiences genuinely better.”

Leap of faith

Perhaps surprisingly, Koorimannil Valiyamannil noted, making the career switch – despite the significant personal and professional commitment it took to achieve – did not feel like a drastic move. Having spent some time working with design software, eventually she began to ask herself, ‘If I built this, what would I add?’ or, ‘How could I make this better?’ 

Advertisement

A background in graphic design and design theory had trained her to consider viewpoints from the user’s perspective, and she found herself constantly analysing what was missing from an experience and how small decisions completely transform the way someone interacts with a product. 

“After a while, I realised I wanted to do more than just create the visuals. I wanted to understand the technology behind them and have the technical skills to build the software itself. Computer science gave me the tools to turn my ideas into working products and I knew pretty quickly that this was the exact direction I wanted to take my career.”

A whole new world

To realise her goals, Koorimannil Valiyamannil made the decision to relocate from Kerala to Belfast, in a move that, while bittersweet at points, was exactly the experience she felt was needed. She explained that circumstances at home did not allow for much independence and she wanted the opportunity to build a life entirely on her own terms. 

“Here, I have learned how to chase opportunities without having to worry or hold back. Even something as simple as spending late nights studying in the library felt like an entirely new kind of freedom,” she said. “The initial isolation was the hardest part, but it pushed me to step out of my comfort zone and reach out. 

Advertisement

“Over time, I became much more confident putting myself forward and started having the courage to try things I would never have considered before. Now, the people I have met have become a massive part of my journey. Building that solid foundation of friendships is what helped me turn a completely unfamiliar place into my own.”

As her confidence grew, so too did her desire to have a genuine impact on the world around her. She had noticed that the Women in STEM Society was no longer active at Ulster University in Belfast – an issue she remedied alongside three like-minded peers.  

“We wanted to rebuild a community where students could connect and feel supported throughout their journey in STEM,” she said. “While we started with smaller events to bring people together, we also wanted to create something that would have a wider impact, which led us to making the Hack4Health Hackathon our main goal. “

As the society secretary, she used her design background to create branding and promotional materials for both Women in STEM and the hackathon, supported outreach efforts, and worked with the wider team to contact organisations and secure sponsorship.

Advertisement

“Rebuilding the society and pulling off an event of that scale was a massive amount of work. It was a crash course in the logistics of community building. It also proved that we could actually execute ambitious ideas from the ground up just by stepping up and trying.”

Eyes on the prize

If Koorimannil Valiyamannil’s experiences have taught her anything, it is that often you have to be the architect of your own dreams, but sometimes, you need to be the person helping to lift up others alongside you. 

“Throughout my journey, I have benefited from people who encouraged me, and I want to do the same for others,” she said. “I am incredibly excited about this opportunity to learn from the people around me, share what I have learned and use my skills to build up my community.”

With that in mind, she plans to build a career in technology that creates a positive social impact. Her biggest focus right now, she explained, is on ethical technology and digital accessibility. “I want to build solutions that actively break down digital barriers and ensure no one gets left behind.” 

Advertisement

She added, “I am excited to explore the different directions my career could take, but my core goal remains exactly the same. I want to keep learning, keep building, and use my skills to create inclusive and human-centred tech.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Advertisement
Continue Reading

Tech

Enterprises using multiple AI models are underestimating failure rates by 2.25x

Published

on

A team routing queries across a coding specialist, a logic specialist, and a generalist model assumes each will cover the others’ blind spots. A new study evaluating 67 frontier models from 21 providers shows that assumption is mathematically flawed — and the flaw has a name: the co-failure ceiling.

The assumption works like this: as long as two models don’t usually fail on the exact same prompts, combining them is supposed to create a safety net against failures.

The real limit on orchestration is not how often models disagree, but the percentage of prompts where every model in the pool gives the wrong answer at once. By ignoring the co-failure ceiling, enterprises are building complex, expensive routing infrastructure to chase performance gains that do not exist. Fortunately, developers can use this same math to build a cost-free test that determines exactly when multi-model orchestration will actually pay off.

The hidden costs of the multi-model strategy

To orchestrate multiple language models, developers typically rely on three architectures. Model routers act as traffic cops, sending complex queries to expensive models and simple queries to cheaper ones. Cascades send every prompt to a cheap model first, only escalating to a premium model if the initial system signals low confidence. Finally, approaches like Mixture-of-Agents (MoA) fuse multiple models by asking them the same question and generating a synthesized answer from their combined outputs.

Advertisement

These architectures introduce a “shadow price” to inference costs. Every time a development team implements a router or a cascade, they pay a premium in added system latency, complex infrastructure maintenance, and increased governance risks across multiple API providers.

To justify these operational costs, engineers rely on “pairwise error correlation” to select their model pool. Imagine a developer has Model A, which writes excellent Python but fails at SQL, and Model B, which writes excellent SQL but fails at Python. Because they fail on different types of prompts, their pairwise error correlation is low. The developer assumes that by placing a routing layer in front of them, they have created a composite system that rarely fails at coding.

According to the study, throwing diverse models together based on low correlation can actually hurt performance if the models are not equally capable — when you vote across diverse but unequal models, the weaker ones often gang up and outvote the smartest one.

Josef Chen, author of the paper, told VentureBeat that in their experiments, “Naive majority voting across unequal models had negative mean gain (minus 10 points on our hard mix): diverse-but-weaker members outvote the strong one.” The actionable advice for developers is to “combine only models within a matched quality band.” If you cannot match quality, take the single-model baseline and spend your budget on the best model available.

Advertisement

The paper provides one bright spot for this approach regarding MoA architectures. When building ensembles, teams often use “Self-MoA,” where they query the same premium model multiple times to generate a synthesized answer. The researchers found that at matched quality, building a diverse ensemble of models with low pairwise correlation beats a high-correlation Self-MoA setup.

However, when teams use that same pairwise correlation metric to predict the absolute accuracy of their overall system, the math breaks down.

“So teams pay the orchestration overhead up front (latency, complexity, multi-provider operations) on the assumption that a diversity dividend arrives later,” Chen said. “Usually it doesn’t, because today’s best models agree, and, worse, they fail on the same queries … the prompt simply carries little signal about which model will be the one that’s right when the frontier disagrees.”

Why the math fails: the co-failure ceiling

The core finding of the study centers on a metric called the “co-failure rate” — the formal name for the all-wrong scenario described above. No router, voting system, or cascade can ever achieve an accuracy higher than the ceiling it imposes.

Advertisement

The coding, logic, and generalist pool shows low pairwise correlation on routine prompts — they rarely fail together. But the co-failure ceiling represents the obscure, highly complex edge case that pushes past the limits of current AI architectures. If a prompt is so difficult that all three models hallucinate or fail, it does not matter how intelligently the router distributes the task. The entire pool wipes out at once.

The researchers tested their 67-model pool, which included GPT-5.5, Claude Opus 4.8, and Gemini 3.1 Pro, on the open-ended MATH-500 math benchmark. Based on standard pairwise correlation, statistical models predicted that the entire pool would wipe out simultaneously on only 2.3% of the questions. In reality, the co-failure rate was 5.2%.

multi-llm orchestration study

Study of 67 leading LLMs in multi-LLM settings (source: arXiv)

Standard correlation metrics underestimated the failure rate by roughly 2.25 times. The culprit is not just independent difficulty, but a shared failure point.

Advertisement

“The driver is what we call a common-mode atom: a slice of queries on which the entire market fails together, which no pairwise statistic can see,” Chen said. “Adding a 20th model to your pool doesn’t buy tail coverage. The tail is shared.”

The researchers also found that task format directly triggers co-failure. When they took graduate-level science questions from the GPQA benchmark and changed them from multiple-choice to free-response formats, the all-wrong tail expanded to 12.7%.

Developers can engineer around the ceiling, though. “The engineering implication is uncomfortable: multi-model setups buy the least exactly where teams want them most, on open-ended generation,” Chen said. “Anywhere you can convert generation into verification or constrained selection (structured outputs, checkable answers, execution tests), you reopen the ceiling.”

Ultimately, the researchers found this ceiling limits AI applications in two distinct ways, depending on the domain:

Advertisement
  • Ceiling-bound environments (e.g., open-ended math): The co-failure rate is high. The task is too hard, and all models fail simultaneously. No amount of routing can bypass the lack of underlying capability.

  • Realizability-bound environments (e.g., graduate-level science): The co-failure rate is near zero, meaning at least one model in the pool usually knows the answer. However, the models disagree so subtly that a routing layer cannot reliably pick the correct answer without an omniscient oracle.

The $0 pre-deployment sanity check

Before dedicating engineering hours to building a router, teams can calculate their absolute performance ceiling for free using a mathematical formula called a Clopper-Pearson bound.

The Clopper-Pearson bound operates as a worst-case scenario calculator. If you flip a coin ten times and get eight heads, you cannot guarantee the coin will land on heads 80% of the time forever. The bound takes a small sample of test questions and outputs a mathematically guaranteed ceiling.

Applied to language models, suppose a team tests a pool of five agents on 50 sample queries and finds they all fail together on just two questions. A developer might assume their multi-agent system will achieve 96% accuracy in production. The Clopper-Pearson formula corrects this optimism. It analyzes the small sample size and provides a mathematical guarantee that the true co-failure rate could actually be as high as 12%.

To use this in practice, enterprises must build a held-out dataset. A fintech company, for example, could take 200 complex customer support tickets from the previous quarter and have human agents write perfect resolutions to serve as a benchmark. While this sounds like a heavy manual project, mature engineering teams can automate the entire ceiling calculation.

Advertisement

“Integration is trivial: it’s a counting job over eval logs teams already produce,” Chen notes, “so it runs in the same CI stage as the eval suite and re-triggers whenever the model pool or the workload changes.”

The engineering team then runs its candidate models against these 200 tickets once and records the results. When they want to evaluate multi-model configurations, they can use the co-failure rate measure to predict the maximum accuracy they can get from the system without running extra queries.

One important conclusion the study draws is that on tasks where answers can be definitively checked, combining models rarely beats using the single best model on the market, unless the team possesses an exceptionally strong query-level routing signal.

In an enterprise environment, a definitively checked task has an objective, zero-tolerance answer. This includes generating a SQL query that must execute without error, extracting a specific invoice total from a 50-page PDF, or formatting a JSON payload that perfectly matches a strict schema. For these tasks, enterprises are usually better off paying a premium for the smartest frontier model rather than weaving together three cheaper models and hoping a router picks the correct output. The study didn’t test subjective, ungraded tasks like drafting marketing copy — the authors note that whether these findings hold outside their verifiable benchmarks remains an open question.

Advertisement

Because this mathematical check is free, enterprise teams can track their own co-failure rates as new models drop.

“The measurement costs nothing, so any team can track its own co-failure rate across model generations and watch whether the tail is closing,” says Chen. Ultimately, “the lever buyers hold is failure-mode heterogeneity and market churn, not model count.”

Source link

Advertisement
Continue Reading

Trending

Copyright © 2025