Global data on math achievement is revealing a dismaying trend: Girls are doing worse than boys — and the margins are huge.

In 2023, fourth-grade boys outperformed their female peers in a vast majority of schools, growing the gender gap that existed prior to the pandemic, according to an international study released last week.

Among eighth-graders, the rate of boys scoring higher than girls increased exponentially since 2019, rolling back gains in math equity that had been shaping up for more than a decade. Matthias Eck, a program specialist for UNESCO’s Section of Education for Inclusion and Gender Equality, tells EdSurge that prior data showed girls were catching up with boys in math achievement.

“But in the latest data, we see that the gap is widening again between girls and boys, and that’s at the detriment of girls, which is quite concerning,” he says.

This international trend echoes what U.S. analysts saw when data from the Nation’s Report Card was released last year.

The latest analysis is based on data from the Trends in International Mathematics and Science Study (TIMSS), a global study published every four years that measures math and science achievement among fourth- and eighth-grade students. The International Association for the Evaluation of Educational Achievement performed the analysis in partnership with UNESCO.

Widening Achievement Gaps

The new data is part of the first set of TIMSS results that measure student performance following the onset of the pandemic. The analysis shows that among top performers in fourth grade, 85 percent of counties’ results skewed toward boys. Slightly over half of the countries and territories from which data was collected have an advanced math achievement gap that favors eighth-grade boys, while none are lopsided toward girls in either grade.

Eck, one of the report’s authors, argues the data shows a correlation between longer school closures and higher rates of learning loss in math, with some variation among countries and territories. “One of the hypotheses is really that those disruptions during the pandemic may have exacerbated existing disparities and have reduced learning opportunities for girls, and potentially those that were at risk of low achievement have been more affected,” Eck says. “The fact that girls were out of school and were not in the learning environment, it could have impacted their confidence, but that’s just the hypothesis.”

But the numbers contain other alarming signals.

For example, the share of regions with a gender gap among fourth-grade students who are failing to reach basic math proficiency is on the rise, and most of them have a higher proportion of struggling girls, according to the report. And while the gender gap in underperformance among eighth-graders is shrinking, the proportion of countries and territories where girls have a higher failure rate spiked.

Researchers are being cautious when it comes to drawing conclusions about the causes behind the results, but girls’ experience of gender stereotypes and confidence in their math abilities can play a role.

“Boys and girls are equally able in mathematics, but these learning outcomes can be shaped by a range of factors,” Eck explains, “and that can be persistent gender stereotypes, but also teacher expectations — and they’re based, of course, on those gender stereotypes.”

Targeted Solutions

UNESCO is pushing education systems across the globe to take a hard look at whether their gender equity strategies are working, especially efforts aimed at younger students.

Eck notes that the consequences of girls’ achievement in math can have far-reaching effects in their lives — and very real consequences in societies writ large. “We know that mathematics is quite foundational to learning across the school subjects, it’s also critical for pathways into science, technology, engineering, mathematics careers,” he says. “These sectors are at the center of innovation, technology advancement, inclusive growth and sustainable development, so that’s quite concerning in terms of those sectors.”

But there’s no widely accepted solution to this problem.

Increasing girls’ math performance will take work at the national policy level, local communities, within families and the culture of classrooms, Eck says. And changes have to include challenging gender stereotypes that limit how far girls think they can go in mathematics, he adds.

“I think what is really critical is that we see those large gaps emerging early, at the fourth grade level when students usually are around 9 or 10 years old,” he says. “That means that whatever we do, the action we take to address the issue must start quite early and must be very targeted.”

The market is saturated with red light therapy products, so even if you don’t choose one I personally recommend, keep these features in mind when shopping.

Wavelength: This is one of the most important specs for me. Red light in the 630 to 660nm and near-infrared 810 to 850nm ranges are the most clinically studied. Anything lower than this will not be as effective.

Irradiance: This spec is the power density of light delivered to your skin at a given distance. In general, look for 20 to 50 mW/cm2 for wearable masks and 50 to 100 mW/cm2 for panels used at greater distances.

FDA clearance or registration: FDA clearance requires a manufacturer to submit clinical studies demonstrating that the product is safe and effective. FDA registration, on the other hand, means the device has been presented and registered to the FDA. FDA clearance is a more rigorous process, so we prioritized products with it over those without.

Special features: While not necessary for red light therapy’s efficacy, look for features that make your treatment time more enjoyable. For example, some products on this list offer cryotherapy or flexible forms so you can use them on different body parts.

Apple has quietly discontinued the $599 Mac mini, making the 256GB model no longer available for purchase. Rather than raising its price to reflect rising memory and NAND costs, the company simply pulled it from the lineup, leaving buyers with a steeper entry point than before.

Did Apple just raise the Mac mini’s price without calling it a price hike?

Since Apple pulled the 256GB model from its website, the cheapest Mac mini you can buy now comes with a $799 price tag, featuring an M4 chip, 16GB of RAM, and 512GB of storage. Apple has not made an official statement on why, but the reason is not hard to guess. Profitability. Rising RAM and NAND costs have made consumer electronics more expensive to produce, and in most cases, those costs have been passed directly on to customers. Apple appears to have taken a different approach, choosing to quietly drop the less profitable model rather than raise its price. For context, the 512GB Mac mini launched at $799 back in late 2024.

Why does the Mac mini matter so much?

The M4 Mac mini has become one of Apple’s easiest computers to recommend because it gives users solid performance in a tiny form factor. It appeals to students, home users, coders, creators, office workers, and anyone who already owns a monitor, keyboard, and mouse. For many buyers, it was the cheapest way to enter the Mac ecosystem without buying a MacBook or iMac.

Its popularity now transcends basic desktop use as Apple CEO Tim Cook recently said the Mac mini and Mac Studio are “amazing platforms for AI and agentic tools,” and demand has grown faster than Apple expected. He also confirmed that both machines could take several months to reach supply-demand balance.

The bigger question now is what happens next. Rising RAM and storage prices could eventually force Apple to rethink whether the $799 512GB Mac mini can hold its ground. Samsung recently warned that the memory shortage shortage could worsen in 2027, with demand outpacing supply.As that gap widens, the missing $599 Mac mini may turn out to be an early sign of how the crunch reshapes Apple’s desktop and other product lineups.

Apple delivered a strong March quarter on April 30 driven by iPhone demand, a rebound in China, and resilient margins, but analysts say the results still don’t answer what will drive the company’s next phase of growth.

The company’s fiscal second-quarter results, reported April 30, beat Wall Street expectations on revenue, profit, and guidance, with strong iPhone demand driving the upside. The quarter confirms solid execution but doesn’t change Apple’s long-term growth story.

Revenue reached about $111.2 billion with earnings per share of $2.01, beating estimates and continuing a pattern of outperformance. Upside came from iPhone demand, stronger performance in China, and resilient margins supported by Services.

Execution remains strong while investors still want a clearer path for growth tied to artificial intelligence and new products. The quarter answers near-term questions on demand and profitability and leaves the company’s long-term growth story unresolved.

Bank of America: Installed base supports future upgrade demand

Bank of America pointed to Apple’s installed base of more than 2.5 billion active devices as a key driver of future growth. Record upgrade activity in the quarter shows strong engagement, but only a portion of that base refreshes devices each year, reinforcing the cyclical nature of demand.

The firm said that scale creates a clear path for future growth if new features tied to Apple Intelligence and Siri drive upgrades. Apple’s ability to convert that large installed base into new device sales will remain central to sustaining growth beyond the current cycle.

Deepwater: iPhone cycle peaks as focus shifts to AI-driven demand

Deepwater’s Gene Munster said the quarter reflects an iPhone-driven upgrade cycle that has pushed growth sharply higher in recent quarters. iPhone revenue growth rose from low single digits to the mid-teens, with recent quarters nearing 20% growth.

The jump points to a surge in upgrades that defines a supercycle. Strong performance is now raising questions about how long the pace can last.

Scale creates a clear path for future growth if new features tied to Apple Intelligence and Siri drive upgrades

Wall Street estimates point to iPhone growth slowing to around 5% in 2027, a sharp drop from recent levels that suggests the current cycle may be nearing a peak. Attention is now shifting to whether new features tied to Apple Intelligence and Siri can sustain demand and drive the next round of upgrades.

Munster said a large portion of the installed base has yet to upgrade in this cycle, leaving room for further growth if new AI-driven capabilities prove compelling enough to accelerate replacement demand.

Evercore ISI: Broad-based growth drives upside

Evercore described the quarter as a solid beat driven by growth across both products and regions, with iPhone leading the way. Revenue rose 17% year over year, with iPhone sales around $57 billion, reflecting continued strength in premium devices and stronger performance in China.

China drove a major share of the quarter with about 28% growth, turning a recent headwind into a clear source of momentum. Gains across other international markets reinforce a broad-based performance rather than reliance on a single product.

Margins beat expectations, with gross margin reaching about 49.3% on a favorable product mix and stronger product profitability. Supply constraints tied to advanced components likely limited additional upside, and rising memory costs remain a factor heading into the June quarter.

Goldman Sachs: Supply constraints masked stronger demand

Goldman Sachs said Apple’s results likely understate underlying demand, with supply constraints limiting growth in key products such as iPhone. The firm estimates revenue could have been roughly 200 to 300 basis points higher without those limits, pointing to demand that exceeded available supply.

Limited component availability, rather than weak demand, capped how much of that growth showed up in reported results. The dynamic suggests Apple’s current momentum remains stronger than headline numbers indicate, even as supply continues to act as a near-term constraint.

Supply constraints have emerged as a key variable shaping near-term results, even as demand remains strong. How quickly Apple can secure additional component supply will determine how much of that underlying demand converts into reported growth in the coming quarters.

Investing.com took a more measured view, calling the results strong but not transformative. The quarter confirms that the current product cycle remains healthy, especially in iPhone and China, without signaling a change in the overall growth trajectory.

Services reached a record high and supported margins while strong hardware revenue kept the overall mix largely unchanged. Apple remains driven by hardware cycles, with Services acting as a stabilizing force rather than a standalone growth engine.

The firm also pointed to Apple’s capital allocation, including a new $100 billion share buyback, as evidence of continued financial strength. Questions remain about whether increased spending on AI and research will translate into a larger revenue opportunity over the next several years.

JPMorgan: Margin strength and supply discipline stand out

JPMorgan highlighted Apple’s ability to outperform on margins despite ongoing concerns about memory costs and component pricing. Gross margin again exceeded expectations, reflecting a combination of pricing power, premium product mix, and expansion in higher-margin Services revenue.

The firm also emphasized share gains across key product categories, driven by strong demand and effective supply chain management. Supply constraints limited some iPhone upside in the March quarter, but those pressures are expected to ease, pointing to potential demand recovery in the June period.

JPMorgan expects revenue to keep growing on strong product demand and Services. Increased spending on AI and operating expenses could weigh on earnings growth in the near term.

Needham: AI demand tightens supply and raises execution risk

Needham highlighted rising risks in Apple’s supply chain as AI-driven spending by Amazon, Google, and Meta tightens availability of key components. Competition for advanced nodes and memory is increasing as hyperscalers pay more to secure supply, putting pressure on Apple’s access and costs.

Apple’s iPhone 17 lineup has been popular

The firm said those dynamics could lead to higher component prices, delays, or slower growth if constraints persist. Supply limitations were already a key topic in the quarter, making Apple’s ability to manage availability and pricing a critical factor in sustaining current momentum.

Oppenheimer: AI investment is ahead of revenue impact

Oppenheimer said Apple’s push into artificial intelligence remains early, with investment ramping ahead of clear revenue contribution. Apple Intelligence and improvements to Siri have yet to drive a measurable change in upgrade behavior, leaving the current cycle primarily supported by hardware demand.

The firm pointed to upcoming software updates, including features expected at WWDC and through future OS releases, as a key test for whether AI can drive the next phase of growth. Apple’s ability to turn those features into must-have capabilities tied to newer devices will determine how quickly that investment translates into upgrade demand and revenue.

Wedbush: iPhone supercycle and guidance drive bullish outlook

Wedbush took the most bullish stance, pointing to what it described as an iPhone “supercycle” driving the quarter’s outperformance. Strong demand across geographies, particularly in China, supported double-digit growth in both iPhone and Services revenue.

Competition for advanced nodes and memory is increasing as hyperscalers pay more to secure supply

Guidance for the June quarter was a key positive, with Apple forecasting revenue growth of 14% to 17%, well above consensus expectations. The outlook, combined with continued iPhone momentum, supports a strong setup heading into the next product cycle.

The firm also pointed to upcoming catalysts, including Apple’s WWDC developer conference and its evolving AI strategy, as potential drivers of further upside.

Apple’s quarter reinforces a pattern of strong product demand, improving international performance, and steady margins. Near-term momentum is intact, but the results stop short of a turning point, leaving the next phase of growth tied to how well AI and future products drive new revenue.

Rising memory costs are emerging as a near-term pressure point, driven by increased demand tied to AI workloads. Those costs could weigh on margins in the coming quarters even as revenue growth remains strong.

Leadership will shift from Tim Cook to John Ternus later in 2026, with Cook known for operational discipline and Services expansion and Ternus tied to hardware execution. The transition points to continuity in a product-led strategy rather than a sharp pivot.

Looking for the most recent Mini Crossword answer? Click here for today’s Mini Crossword hints, as well as our daily answers and hints for The New York Times Wordle, Strands, Connections and Connections: Sports Edition puzzles.

Need some help with today’s Mini Crossword? It’s a long one. Read on for all the answers. And if you could use some hints and guidance for daily solving, check out our Mini Crossword tips.

If you’re looking for today’s Wordle, Connections, Connections: Sports Edition and Strands answers, you can visit CNET’s NYT puzzle hints page.

Read more: Tips and Tricks for Solving The New York Times Mini Crossword

Let’s get to those Mini Crossword clues and answers.

Mini across clues and answers

1A clue: Person who likes things totally authentic, or not at all
Answer: PURIST

7A clue: ChatGPT’s company
Answer: OPENAI

8A clue: Chance for one’s kids to watch shows, perhaps
Answer: TVTIME

9A clue: Not in the closet
Answer: OUT

10A clue: Video game with falling pieces
Answer: TETRIS

13A clue: Dance fad of the mid-2010s that was paired with the “Whip”
Answer: NAENAE

14A clue: Wrestle
Answer: TUSSLE

Mini down clues and answers

1D clue: Collection of poker bets
Answer: POT

2D clue: Likes : Facebook :: ___ : Reddit
Answer: UPVOTES

3D clue: Tax filings
Answer: RETURNS

4D clue: The “A,” “O” or “C” of A.O.C.
Answer: INITIAL

5D clue: ___ Altman, C.E.O. of 7-Across
Answer: SAM

6D clue: Item of attire that might have a Windsor knot
Answer: TIE

10D clue: Explosive compound, for short
Answer: TNT

11D clue: Water, in French
Answer: EAU

12D clue: Notice
Answer: SEE

Mathieu Stern spotted an oddity one afternoon at a French flea market. Inside a simple blue canister sat a compact Foth 50 millimeter f 2.5 lens from the late 1920s. Three euros later it was his. The optic had come from a Foth Derby folding camera built for 127 roll film, a model once positioned as a rival to early Leica designs. It even showed up in a few motion pictures from that period, including work tied to Alfred Hitchcock.

Mathieu considered rehousing this lens in his Sony FX3 movie camera, which has a quite thorough 4K full frame sensor. The problem was that the lens itself lacked both aperture control and a proper focusing system, which had been missing for years and had long ago vanished. Early experimentation involved using a bizarre elcoid adapter with an added bit of aperture stuck just behind the elements, and while this should have given Mathieu plenty of light control in theory, it ended up introducing heavy vignetting in practice, simply because the lens barrel was a little too narrow to accommodate the setup comfortably.

Sale

Xtra Muse, Vlogging Camera with 1” CMOS & 4K/120fps Videos, Pocket Camera with 3-Axis Gimbal Stabilizer…

• Cinematic-Style Footage – Experience the power of Xtra Muse’s 1-inch CMOS sensor, capable of recording breathtaking 4K resolution videos at 120fps…
• Ultra-Steady Shooting – No more shaky videos! Xtra Muse’s advanced 3-axis gimbal camera stabilizer ensures exceptional smoothness. Enjoy smooth…
• Effortless Framing – Enjoy Xtra Muse’s expansive 2-inch touch screen, and switch between horizontal and vertical shooting effortlessly.

He then tried another approach, using a Fotodiox macro adapter developed for use with Sony E-mount cameras. This useful piece of equipment contains a built-in helicoid for focus adjustments, as well as a clever drop-in slot for accepting neutral density filters when necessary. This combination resolved both the exposure and focusing difficulties in one step. On bright days, the filters helped keep objects from blowing out, and the helicoid allowed him to dial in sharp focus down to 30 cms or even 20 cms when he ventured into macro photography.

Once he had the lens fitted and balanced, he could truly put the camera through its paces. He began framing everyday scenes and letting the vintage lens do its thing. Sharpness was rather amazing in the center of the frame and across the sensor, but as you approached the edges, the image softened in a gradual, fluid manner that naturally leads the attention to the topic. Out-of-focus highlights become a gentle swirl rather than the overly convoluted jumble that is so common with current optics. Uncoated glass parts disperse incoming light somewhat, giving bright regions a subtle, warm glow that feels alive rather than cold and sterile.

The low light clips were really impressive. The fast f2.5 aperture, along with the FX3 sensor, handled low-light circumstances with ease, without injecting any unwanted high ISO noise into the image. The color reproduction was beautiful and deep, similar to what you’d expect when discussing archival footage. Mathieu equated the experience to having a window into the past while continuously filming the present. He processed the clip in Adobe Premiere Pro and added a few of his bespoke LUT packs to adjust the tones somewhat. The final clips have a distinct flavor that makes modern zoom lenses appear drab in contrast. People watching the results frequently pause and repeat key sections to have a better look at how the light falls and how backgrounds fade away.
[Source]

Apple retailers are embroiled in a MacBook Pro price war this weekend, offering a $200 discount on the 1TB M5 14-inch model with an upgrade to 24GB of memory.

You can pick up the 1TB 14-inch MacBook Pro with 24GB of RAM for $1,699 at Amazon and B&H Photo. This reflects a $200 discount off MSRP.

Buy M5/24GB/1TB MacBook Pro for $1,699

Apple recently made an update to make 1TB of storage standard in the MacBook Pro range, eliminating the 512GB SSD option. This model has a bump up to 24GB of memory, which is 8GB more than the standard 16GB found in the entry model.

According to our M5 MacBook Pro Price Guide, Amazon and B&H’s $200 discount delivers the lowest price for the upgraded spec (model number MDE34LL/A).

You can also save on the 2026 MacBook Pro with an M5 Pro or M5 Max chip, which was released in March, with both 14-inch and 16-inch configs marked down. A highlight of the best MacBook Pro deals available today can be found below, with a full rundown of offers in our MacBook Pro Price Guide.

14-inch MacBook Pro M5 deals

14-inch MacBook Pro M5 Pro and M5 Max sale

• M5 Pro, 15C CPU, 16C GPU, 24GB, 1TB, Standard Display: $1,986.50 ($213 off)
• M5 Pro, 15C CPU, 16C GPU, 24GB, 2TB, Standard Display: $2,397 ($203 off)
• M5 Pro, 18C CPU, 20C GPU, 24GB, 2TB, Standard Display: $2,639.99 ($160 off)
• M5 Max, 18C CPU, 32C GPU, 36GB, 2TB, Standard Display: $3,359 ($240 off)

16-inch MacBook Pro M5 Pro and M5 Max discounts

• M5 Pro, 18C CPU, 20C GPU, 24GB, 1TB, Standard Display: $2,549 ($150 off)
• M5 Pro, 18C CPU, 20C GPU, 48GB, 1TB, Standard Display: $2,899 ($200 off)
• M5 Max, 18C CPU, 32C GPU, 36GB, 2TB, Standard Display: $3,699 ($200 off)
• M5 Max, 18C CPU, 40C GPU, 48GB, 2TB, Standard Display: $4,199 ($200 off)

Anthropic created the Model Context Protocol as the open standard for AI agent-to-tool communication. OpenAI adopted it in March 2025. Google DeepMind followed. Anthropic donated MCP to the Linux Foundation in December 2025. Downloads crossed 150 million. Then four researchers at OX Security found an architectural problem that affects all of them.

MCP’s STDIO transport, the default for connecting an AI agent to a local tool, executes any operating system command it receives. No sanitization. No execution boundary between configuration and command. A malicious command returns an error after the command has already run. The developer toolchain raises no flag.

OX Security researchers Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok and Roni Bar scanned the ecosystem and found 7,000 servers on public IPs with STDIO transport active — and estimate 200,000 total vulnerable instances extrapolated from that ratio. They confirmed arbitrary command execution on six live production platforms with paying customers. The research produced more than 10 CVEs rated high or critical across LiteLLM, LangFlow, Flowise, Windsurf, Langchain-Chatchat, Bisheng, DocsGPT, GPT Researcher, Agent Zero, LettaAI and others.

Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster University, independently told Infosecurity Magazine the research exposed “a shocking gap in the security of foundational AI infrastructure.”

Anthropic confirmed the behavior is by design and declined to modify the protocol — characterizing STDIO’s execution model as a secure default and input sanitization as the developer’s responsibility. That characterization comes from OX; the only word Anthropic explicitly stated on the record is “expected.” Anthropic has not issued a standalone public statement and did not respond to VentureBeat’s request for comment.

OX says expecting 200,000 developers to sanitize inputs correctly is the problem. Anthropic’s strongest technical counter: sanitizing STDIO would either break the transport or move the payload one layer down. Both positions are technically coherent. The question is what to do while that debate plays out.

Every major outlet covered the disclosure. None built the prescriptive product-by-product audit a security director needs to triage her own MCP deployments. This piece does.

Five questions determine whether your MCP deployments are exposed, whether your patches hold, and what to do Monday morning.

Am I exposed?

If your teams deployed any MCP-connected AI agent using the default STDIO transport, yes. The insecurity is not a coding bug in any single product. It is a design default in Anthropic’s MCP specification that propagated into every official language SDK: Python, TypeScript, Java, and Rust. Every downstream project that trusted the protocol inherited it.

OX identified four exploitation families. Unauthenticated command injection through AI framework web interfaces, demonstrated against LangFlow and LiteLLM. Hardening bypasses in tools that implemented command allowlists, demonstrated against Flowise and Upsonic, where OX bypassed the allowlist through argument injection (npx -c). Zero-click prompt injection in AI coding IDEs, where malicious HTML modifies local MCP configuration files. Windsurf (CVE-2026-30615) was the only IDE where exploitation required zero user interaction, though Cursor, Claude Code, and Gemini-CLI are all vulnerable to the broader family. And malicious package distribution through MCP registries, where OX submitted a benign proof-of-concept to 11 registries, and nine accepted it without security review.

Carter Rees, VP of AI and Machine Learning at Reputation and member of the Utah AI Commission, told VentureBeat the framing needs to change entirely. “MCP stdio is a privileged execution surface, not a connector. Enterprise teams should treat it like production shell access. Deny by default, allowlist, sandbox and stop assuming downstream input validation will hold at scale,” Rees said.

The IDE family deserves particular attention because it hits developer workstations, not servers. A developer who visits an attacker-controlled website can trigger a modification to their local MCP configuration file — and in Windsurf’s case, the change executes immediately with no approval prompt. Cursor, Claude Code and Gemini-CLI require some form of user interaction, but if the UI presents a configuration change without surfacing the execution consequence, clicking ‘approve’ does not constitute informed consent.

Did my vendor patch?

Some did. Some partially. Some have not confirmed. The matrix below maps each affected product against the exploitation family, patch state, and the gap that remains. The critical column is “Protocol fix?” Every row says no.

Does the flaw survive the patch?

Yes. Every product-level patch in the matrix addresses the specific entry point in that product. None of them changes the MCP protocol’s STDIO behavior. A security director who patches LiteLLM today and configures a new MCP STDIO server tomorrow will inherit the same insecure default on the new server. The patches are necessary. They are not sufficient.

This was predictable. When VentureBeat first reported on MCP’s security flaws in January, Merritt Baer, chief security officer at Enkrypt AI and former deputy CISO at AWS, warned: “MCP is shipping with the same mistake we’ve seen in every major protocol rollout: insecure defaults. If we don’t build authentication and least privilege in from day one, we’ll be cleaning up breaches for the next decade.” The Cloud Security Alliance independently confirmed OX’s findings in a separate research note and recommended organizations treat MCP-connected infrastructure as an active, unpatched threat. The defaults did not change. The attack surface grew.

Rees argued that Anthropic’s position, while internally consistent, does not survive contact with enterprise reality. “It stops being a developer mistake and starts being a distributed failure mode when the same class of failure reproduces across that many independent implementations,” he told VentureBeat. “Guidance is not an architectural control. Relying on thousands of downstream implementers to consistently interpret a trust boundary is a known anti-pattern in enterprise security.”

Anthropic updated its SECURITY.md file nine days after OX’s initial contact in January 2026 to note that STDIO adapters should be used with caution, but made no architectural changes. The researchers’ assessment of that update: “This change didn’t fix anything.”

Rees took a more measured view. “It’s worth giving Anthropic credit where it’s due,” he told VentureBeat. “After the disclosure, they updated their security guidance to recommend caution with stdio adapters. That’s a meaningful step even if researchers argue it falls short of a protocol-level fix.”

What changed at the protocol level?

Nothing architectural. Anthropic has not implemented manifest-only execution, a command allowlist in the official SDKs, or any other protocol-level mitigation. OX recommended all three. The SECURITY.md guidance update was the only change. OX’s research began in November 2025 and included more than 30 responsible disclosure processes across the ecosystem before the April 15 publication.

The disagreement is substantive. Anthropic’s architectural argument deserves its full weight. STDIO is a local subprocess transport designed to launch processes on the machine that configured it. The trust boundary, in Anthropic’s model, sits with whoever controls the configuration file. If you can write to the MCP config, you are by definition someone authorized to execute commands on that machine. Under that logic, what looks like command injection is a feature working as intended. Restricting what STDIO can launch at the protocol level would either break the transport’s core function, since its purpose is to launch arbitrary local processes, or displace the attack surface into the launched process itself. The unopinionated-standard argument is also defensible: a universal protocol that hard-codes execution constraints stops being universal. OX’s counter, from their advisory: “Shifting responsibility to implementers does not transfer the risk. It just obscures who created it.”

Do not wait for a protocol-level fix. Treat every MCP STDIO configuration as an untrusted input surface, regardless of which product it sits inside.

Monday morning remediation sequence

Enumerate. Identify every MCP server deployment across dev, staging, and production. Search for MCP configuration files (mcp.json, mcp_config.json) in developer home directories and IDE config paths (~/.cursor/, ~/.codeium/windsurf/, ~/.config/claude-code/). List running processes that match MCP server binaries. Flag any using STDIO transport with public IP accessibility. OX found 7,000 on public IPs. Your environment may have instances you do not know about.

Patch. Pin every affected product to its patched release. LiteLLM v1.83.7-stable includes the fix for CVE-2026-30623. DocsGPT, Flowise, and Bisheng have also shipped fixes. Windsurf and Langchain-Chatchat remain in reported state as of May 1, 2026. Cursor was patched against an earlier related disclosure (CVE-2025-54136) but inherits the same protocol default. Check each vendor’s advisory in the morning you execute this step.

Sandbox. Isolate every MCP-enabled service from the host operating system. Never give a server full disk access or shell execution privileges. The Flowise/Upsonic allowlist bypass proves that restricting commands alone is not enough.

Audit registries. Review every MCP server installed from a third-party registry. Nine of 11 registries accepted OX’s proof-of-concept without a security review. Use registries with documented submission review processes. Remove any MCP server whose origin you cannot verify.

Treat STDIO config as untrusted. This step survives every future patch and every future product. The protocol-level default has not changed. Every STDIO server definition is a command execution surface. Treat it the same way you treat user input to a database query: assume it is hostile until validated.

Your exposure cannot wait for a protocol fix

Anthropic and OX Security disagree on where the responsibility for securing MCP’s STDIO transport belongs. That disagreement will not be resolved this week. What can be resolved this week is whether your MCP deployments are enumerated, patched, sandboxed, and treated as the untrusted execution surfaces they are.

As Rees put it: “The core question here is architectural policy, not exploit payloads.” Baer warned in January that insecure defaults would produce exactly this outcome. OX documented 200,000 servers running with a configuration field that doubles as an execution surface. The protocol’s designer says it is working as intended. Your Monday morning question is not who is right. It is which of your servers are exposed.

OpenAI is ready to target free users of its services with advertisements around the web, based on what it knows about them.

On Thursday, OpenAI sent an email to users laying out major changes to the AI company’s privacy policy in the US. “We’ll now use cookies to promote OpenAI products and services on other websites,” reads the email sent on April 30. “This does not impact your conversations in ChatGPT. Your conversations with ChatGPT are private and are not shared with marketing partners.” Cookies store information in users’ browsers as they explore the web.

Chats with the bot aren’t shared with third parties. Even so, details OpenAI collects as users interact with its services may soon be used to market those same services, like ChatGPT, outside the platform. This appears to be targeted at converting free users (WIRED found that marketing settings were “on” by default) and seeing how effective its ads are at conversions.

The move comes as OpenAI looks to expand its own advertising network inside ChatGPT. The company started rolling out ads at the bottom of ChatGPT outputs for US users in February. Competitors including Google are exploring how ads can be woven into the user experience of generative AI tools and features.

“Nothing about our policy of not sharing people’s conversations or other private user content with advertisers has changed,” says OpenAI spokesperson Taya Christianson. “Like many companies, OpenAI works with select marketing partners to help people learn about our products on third-party websites and apps, and we updated our privacy policy to clarify how this works. We do not share your conversations with these marketing partners. To make OpenAI marketing efforts more relevant and measure their effectiveness, we may share limited identifiers, such as cookie IDs or device IDs, and users can opt out at any time in settings.”

To help you better understand what recently changed, WIRED compared the new privacy policy to a previous version saved from OpenAI’s website earlier this month. The biggest change revolves around how your data is shared for marketing purposes.

Courtesy of Reece Rogers

Data Usage Now Includes Third-Party Promotions

In the Disclosure of Personal Data section, OpenAI expanded the paragraph detailing how it discloses personal data. OpenAI now says it may share “limited information” with partners to promote services like ChatGPT and Codex off of OpenAI’s platforms.

The company details this change in a new help page. It says it might send identifiers, such as users’ email addresses or cookie IDs, to advertising platforms. That way, OpenAI can check whether users have taken specific actions—like signing up for its Codex tool after they get shown an ad for it on Instagram.

Users can opt out of this kind of tracking by going to Settings > Data Controls > Marketing Privacy on the ChatGPT site. WIRED tested two free accounts and found that those settings were on by default. The two paying accounts WIRED checked, one Plus and the other Enterprise, did not have it on by default.

Old Privacy Policy

We disclose your Personal Data in the following circumstances:

Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we disclose Personal Data to vendors and service providers, including providers of hosting services, customer service vendors, cloud services, content delivery services, support and safety services, email communication software, web analytics services, payment and transaction processors, search and shopping providers, marketing service providers, and information technology providers. We also work with service providers who help us with age and identity verification, and you can learn more here⁠. Based on our instructions, these parties will access, process, or store Personal Data only in the course of performing their duties to us.

New Privacy Policy

We disclose your Personal Data in the following circumstances:

Vendors, Service Providers, and Marketing Partners: To assist us in meeting business operations needs and to perform certain services and functions, we disclose Personal Data to vendors, service providers, and marketing partners, including providers of hosting services, customer service vendors, cloud services, content delivery services, support and safety services, email communication software, web analytics services, payment and transaction processors, search and shopping providers, and information technology providers. We also work with service providers who help us with age and identity verification, and you can learn more here⁠⁠. When we work with Service Providers, these parties will access, process, or store Personal Data based on our instructions and only in the course of performing their duties to us. We also share limited information with select marketing partners who are not service providers in order to promote our products and services on third-party properties and help us assess the effectiveness of those efforts. Some of these partners may receive information through cookies and similar technologies. Learn more about these practices and the choices available to you here⁠.

Assurance About ‘Sensitive Personal Data’ Removed in Error

OpenAI categorizes many different types of information as a user’s “Personal Data,” including birth dates, payment information, and any prompts a user might have written. In its privacy policies, it doesn’t explain which types of this data it considers “sensitive,” but OpenAI does promise that it doesn’t use this information to infer characteristics about consumers.

A sentence regarding “sensitive Personal Data” was briefly absent from the Privacy Policy on Friday as WIRED accessed the updated document. When WIRED reached out to OpenAI for comment, the company claimed this removal was an error and added a similar sentence back, in a different paragraph.