Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
One thing that we’ve heard for many years in covering a variety of ridiculous civil and criminal court cases is the belief that when a crazy case is filed, the person accused of wrongdoing should “just walk into court and tell the judge what really happened.” While that might feel right, it’s really not how these things work. There is a procedure, and having an actual lawyer who understands how things work is incredibly valuable.
When we first wrote about “Reckless” Ben Schneider and his valiant attempt to help Bryan Mansell get back the Lego sets (and/or money) he was owed from the company Bricks & Minifigs, we mentioned that almost everyone in the dispute should have talked to lawyers earlier in the process than they did. We had a lot of people get mad at us for making that claim, but I stand by it. Especially after Schneider has dropped Part 3 (after a federal court fixed the extremely problematic injunction from a state court that had blocked him from releasing it originally), and it again shows why Schneider really needs to hire a lawyer.
As lots of people are rightly noting, the video itself shows a ton of pretty sketchy behavior by Bricks & Minifigs and the cops — police walking a witness through how to invent charges while mocking Schneider, and Bricks & Minifigs caught telling wildly different stories depending on who was listening. And then, right on schedule, after the video came out Bricks & Minifigs followed it up with a new blog post on Friday that somehow makes things worse.
Schneider certainly knows how to make pretty viral video content, but representing himself in court seems particularly stupid, especially as he’s doing it here in a criminal case. He is right that the deck is stacked against him and that the prosecutors and the judge don’t seem to be listening to him or taking his claims seriously, but that’s in large part because he’s bumbling into court without a lawyer, and when he’s being asked fundamental procedural questions is telling the judge “have you looked at the evidence we submitted?”
Again, this might feel like the right way to handle a case where you feel you’re being railroaded, but procedurally, the court isn’t supposed to be looking at the evidence at this stage of the case, so Schneider making out like the court is treating him unfairly just misses the point that basically any lawyer could have told him regarding how cases like this proceed.
That’s not to defend the prosecutors, the police, or Bricks & Minifigs. While the video is (again) only showing Schneider’s side of the story, there are a whole bunch of things in the video that are incredibly damning to all three.
Let’s go through a few key points: First up: what the cops told Schneider about the charges against him, and what they were actually hiding.
Schneider plays some audio from one of the criminal cases against him (it’s a little unclear which one, since he suggests it’s the case in American Fork, but a screenshot he shows briefly suggests it may be the other case in Provo), where he says that the prosecutor and the court won’t even share what he’s being charged with, though the video clips don’t show that. Rather they show prosecutors trying to get out of providing body cam footage in discovery to Schneider, claiming that they’re upset he’ll make video commentary out of it. Discovery of evidence is not the same as knowing what the charges are, even if the evidence is related to the charges.
Even so, the claim is bullshit. The fact that Schneider might create public commentary with the videos is no excuse for not providing discovery. If that’s the concern, prosecutors can seek to have a protective order put over how the discovery materials are used, and if Schneider violates that order, then he could face contempt charges. Simply denying discovery is ridiculous.
But it’s the second case, out of Provo, where the bodycam footage stops looking like sloppy policing and starts looking like something much more problematic. Schneider was able to obtain bodycam footage from the police who were handling the charges against him based on statements from Bricks & Minifigs’ CEO Ammon McNeff. Again, we’re only seeing the evidence as selected and edited by Schneider, but it’s difficult to see how there’s anything else that would exonerate how the Provo police acted here.
They literally have one police officer talking to McNeff (repeatedly), talking about how McNeff’s original claim of extortion isn’t supported by the evidence but offering to help him find some other charges, and then asking McNeff to confirm specific elements to turn it into commercial obstruction. The police officer’s quote here is deeply problematic:
“We agree that there really was no extortion code that would fit your situation, however, you know, at the end of the day, we do want to help you guys so you’re not having to deal with this fool… [sigh]… all his issues. We did find that there was another code that fit and it’s called aggravated commercial obstruction….”
Having the police call Schneider a “fool” and saying they want to help find charges that will stick is not great. They then walk McNeff through what they need him to say/do to get such charges, including claiming that he asked Schneider to leave the Bricks & Minifigs premises multiple times and Schneider refused. Schneider shows his own video recordings (and security footage) that appears to directly contradict this — specifically showing that when asked to leave they did so.
There is one point where McNeff asks them to leave but then keeps talking to them anyway, so that almost certainly doesn’t count as a legitimate request to leave. And none of the footage Schneider shares matches even remotely what McNeff told the police. There is footage of Schneider (stupidly) saying “we can do this the easy way or the hard way,” which is not fatal to Schneider’s argument, but can certainly be read as a threat. In all these videos, that’s the one point that isn’t great for Schneider, though in the full context it’s pretty clearly a threat to release more videos and publicly shame Bricks & Minifigs. Still, that line hurts Schneider’s argument a bit.
McNeff also tells the police that Schneider threatened to burn the offices down, even though in their own civil lawsuit against him they admit that various threats have not come from Schneider directly but from some of his fans online. If Schneider had directly threatened them, you’d think they would have included that in the civil complaint. While most of the video evidence has only been selectively released, at this point not a single bit of evidence shows Schneider actually threatening any sort of violence towards Bricks & Minifigs (indeed, it seems that his whole schtick is to sort of do the dopey, hapless, inquisitor thing).
Based on the current evidence, it sure looks like McNeff just lied to the cops, and the cops not only took his side, but helped nudge McNeff about what he should say or do to give them enough to charge Schneider.
Not great!
Even worse, when the same cop figures out what they can charge them with, the body cam footage shows her laughing with glee. You kinda have to watch the clip directly (starting at 16:15) where the cop gets kinda gleeful that McNeff told her enough to charge Schneider with a second degree felony (Schneider falsely calls it a “secondary” felony). This is actually two separate clips from Schneider’s video, though it sounds like they’re directly connected to one another:
Cop: However, the tricky thing is is that we have to prove that this individual either entered or remains unlawfully on the premise. When he came to the property, did you have to ask him more than once to leave?
McNeff: Yes.
Cop: Okay.
McNeff: You know, ‘we’re not leaving until we we get it.’ …
[other video interspersed before cutting back to this exchange]
McNeff (trying to reconstruct the scene for the cop): ‘Guys, at this point, I’ve asked you to leave. Please leave.’ ‘Well, we we you know, like you have to listen to us. You have to pay us this money.’ ‘No, guys, you need to leave and you’re not leaving.’ Like, but I asked multiple times. They did not leave.
Cop: Looks like that might be a second degree felony. [laughs joyfully] He’s facing felony charges. It is a felony…
That is all… pretty damning. Later the same cop mocks Schneider’s first video: “I’m really curious if this fool makes any money doing this YouTube stuff?” Even later, she says to McNeff “well, I’ll keep my fingers crossed for you. Hopefully no more issues” and “there’s so many other things that this guy could be talking about, right?” Just completely supporting McNeff and dismissing Schneider’s side entirely.
Though I will note that Schneider also has a misunderstanding that “reporting a crime” (as he tries to do with McNeff) is “opening a case.” While police can investigate claims of a crime, until a prosecutor charges it, there is no actual “case.”
But it does seem overwhelmingly clear, from what’s presented in this video at least, that the police immediately believed and sided with McNeff and dismissed/ignored everything Schneider presents in response… to the point that they sent a subpoena to Google seeking a bunch of Schneider’s emails, communications, and other documents. There’s a suggestion in the video that McNeff got Schneider to email him just to get his email for the sake of the subpoena, though it seems clear that McNeff had other means of getting Schneider’s email address. Schneider points out that he emailed via the website contact form and had received a reply from someone at Bricks & Minifigs. And while McNeff acts like he’s never heard of that email address and it has nothing to do with him, that’s clearly bullshit, and he could easily talk to whatever employee manages that account to get Schneider’s email address.
Set the criminal case aside for a second, because there’s a parallel thread here that’s just as bad for the company: McNeff’s own claims about the inventory list don’t survive contact with reality. McNeff tells Schneider that he’ll happily share the inventory they did of the store they took over if he sends an email to the one specific address, and says he told Mansell the same thing. However, when Schneider emails that address and follows up, he receives this reply:

If you can’t read that, it says:
Mr. Schneider,
- BAM Franchising, Inc. will not participate in any form of communication that appears designed for public provocation, harassment, or manipulation of facts for the purpose of media content.
- Attempts to obtain privileged or confidential information through misrepresentation or the creation of fraudulent documents may constitute criminal misconduct, and we reserve all rights to refer such behavior to appropriate legal authorities.
Should you believe you are entitled to any specific information under applicable law, we suggest that you pursue such requests through formal and lawful legal procedures.
This will serve as our final response to your inquiry unless we are contacted by duly retained legal counsel representing a party of standing.
That shows pretty clearly that McNeff was full of shit when he said he’d be happy to email Schneider a copy of the inventory. And, sure, you can say that between Schneider visiting them and the time this email was sent they decided that they didn’t like how they were going to be portrayed, but there’s a pattern here. In the video Schneider releases, he shows McNeff saying “I think we have sent it to Bryan” in reference to the inventory list, and later says that if Schneider and Mansell get on an email thread together he’ll send it to both of them.
They also show McNeff going on TV news interviews claiming that they had told Mansell and Mansell’s lawyer that they were happy to work on going through the inventory list, but that Mansell’s lawyer stopped responding. McNeff said: “we’ve tried to share those with Mr. Mansell in hopes that he can see that we were not attempting — in any shape or form — to withhold anything. Those were then offered to him, and the initial offer was rejected.”
Except that Mansell has the receipts in the form of the email thread between his lawyer and Bricks & Minifigs, which seems to show pretty clearly a very different story. Even as we only see snippets of the emails, it’s hard to square this with what McNeff keeps claiming. The emails show Mansell’s lawyer asking multiple times how to get the money owed or the sets back and finally getting a stiff arm email saying that the two guys who Bricks & Minifigs handed the store to, “Brandon Best and Joshua Johnson, have no legal obligation to return any of the LEGO product.”

And then, even more damning is the closing of the email, saying “We consider this matter closed and will not be returning any LEGO products to you.”

That, uh, does not seem like a company that claims that it has no problem trying to work with Mansell to resolve this issue. Last week we mocked Bricks & Minifigs for having their crisis comms person send us an email about how the company was so eager to help make Mansell whole. That already seemed ridiculous since they’re suing Mansell for $1.3 million claiming RICO. But also, that was before we’d seen this email where the company basically says “shove it.”
Anyway, even as this is just coming from Schneider’s side, it’s hard to see how there’s any additional info that would acceptably square the claims made by McNeff with what’s been presented. There’s now plenty of discussion about how Schneider likely has civil claims he could bring against McNeff. Arguably he could also claim that the police in both American Fork and Provo violated his rights, but that’s likely an extreme longshot (not because the cops are in the right, but because it’s next to impossible to sue the cops for violating your rights).
Either way, we now know that Schneider has legal representation for the civil case, and hopefully that means he can also secure legal representation for the criminal case as well, because that would clearly be helpful. Yes, all of this is tremendous content, but your strategy in court when facing felony charges and your strategy for making viral content can (and should) be somewhat different.
Honestly, given how much attention this has gotten, and the legal help that has started to step up, there’s a decent chance that the criminal cases will go away, but that’s very much not the norm. Planning to go viral is not a strategy any lawyer would recommend for fighting criminal charges.
Anyway, while Schneider’s legal troubles play out, it’s worth remembering that Bricks & Minifigs certainly was not blindsided by Schneider’s Part III. They knew it was coming and that it was blocked by the broader injunction they had obtained in court. They knew that they had negotiated a pared back injunction, which meant Part III would be released soon. They basically had weeks to prepare a PR response to all the damning stuff that video was going to show.
And this is what they came up with.
The company released yet another tone deaf blog post on Friday, which talks about all the “changes” they’re making to respond to some of the criticism they’re getting. Half of them basically read as admissions of how badly run the company is. They admit that they’re going to work more closely with franchises (apparently they’ve recently jacked up franchise fees) and have put in place a “standardized inventory and trade system” effectively admitting that they had nothing before.
There are also some comments on the lawsuit that look written by the world’s worst crisis comms team. I mean, this is embarrassing:
Some have asked why Bricks & Minifigs hasn’t simply dropped the pending litigation connected to this matter. The answer is that accountability and integrity must run both ways. We remain open to a mediated, amicable resolution, and we don’t view litigation as the preferred path. We’re also not willing to submit to manipulation, threats and unsupported accusations.
That… doesn’t answer the question. And sure, fine, accountability and integrity should run both ways, but you’re the one out there claiming that you’re trying to make Mansell whole… while telling him you won’t give him any of his stuff back and then suing him for $1.3 million.
The blog post also suggests they have to keep the lawsuit going because Schneider’s conduct “has crossed the line from fair criticism into harassment, misrepresentation, and targeted harm.” But that’s Schneider, not Mansell. It’s also laughable given the footage that’s been shown so far.
And of course they try to avoid the fact that all the presented evidence makes them look terrible with this favorite line:
We will not try this matter on social media, and we will not use this statement to relitigate every disputed detail. Those issues belong in mediation and, if necessary, the legal process.
Again, that makes sense in certain contexts, but here where you’ve been running your mouth off constantly on TV show after TV show with claims that directly contradict what corporate actions and emails have said, it does the opposite of building credibility.
At basically every turn where Bricks & Minifigs could have made the situation better, they’ve dug in and made it worse. It seems like a bad strategy. So bad it’s even worse than going to court and trying to defend yourself from criminal charges without a lawyer.
Filed Under: american fork, ammon mcneff, ben schneider, lawyering, provo, provo pd, utah
Companies: bricks & minifigs, bricks and minifigs
Presented by Kasm Technologies
Enterprise infrastructure teams have spent the better part of a decade pushing workloads into Kubernetes. Applications, APIs, batch jobs, data pipelines — if it runs in a container, it belongs in the cluster. The operational benefits are well-established: declarative configuration, horizontal scaling, self-healing, native integration with CI/CD pipelines and observability tooling. Kubernetes has become the default operating model for production workloads.
Except for desktops.
Secure desktop and application delivery — the kind that enterprises depend on for remote work, privileged access, and regulated-industry workflows — has remained stubbornly outside the Kubernetes model. Legacy virtual desktop infrastructure was built in a different era, for a different set of assumptions: pre-allocated VM pools, bespoke management planes, proprietary appliances, and operational tooling that has nothing to do with how modern platform teams work. The result is a split infrastructure reality: a modern, cloud-native application layer on one side, and a manually managed, operationally isolated desktop layer on the other.
That split is expensive. It means different tooling, different scaling behaviors, different observability approaches, and different operational runbooks. Platform engineers who are proficient in Kubernetes still have to context-switch into an entirely different mental model the moment a desktop infrastructure problem arises.
The more fundamental issue is that this split is unnecessary. Secure, containerized workspace delivery is a workload that Kubernetes is architecturally well-suited to run. Sessions are containers. Scaling is demand-driven. Configuration should be declarative. The only thing missing was a platform built to take advantage of that alignment.
The appetite for Kubernetes-native workspace delivery has grown significantly as organizations mature their container platform investments. Platform teams that have spent years standardizing on Helm, GitOps workflows, and Kubernetes-native observability are increasingly unwilling to make an exception for desktop infrastructure. The question has shifted from “can we run this on Kubernetes?” to “why isn’t this running on Kubernetes already?”
At the same time, the security case for containerized workspace delivery has become more urgent. Browser-delivered, containerized workspaces provide session isolation that VM-based desktops cannot match — each session is ephemeral, isolated at the container boundary, and terminates cleanly without persistent state. For organizations managing sensitive data, insider risk, or third-party access scenarios, this isolation model is a meaningful security control, not just a deployment convenience.
The convergence of these two trends — Kubernetes-native infrastructure expectations and containerized session security — creates a clear opportunity for platforms that can address both simultaneously.
A Kubernetes-native deployment uses Kubernetes as the control plane for workspace infrastructure — handling orchestration, scaling, and lifecycle management through the same declarative model used across the rest of the platform. Instead of relying on dedicated management appliances or pre-provisioned desktop pools, infrastructure is managed through the same CI/CD, GitOps, observability, and security workflows the platform team already operates. This gives platform teams a consistent operational model rather than maintaining a separate toolset for desktop infrastructure.
Kasm Workspaces, the browser-delivered workspace platform, is purpose-built to use Kubernetes as the control plane for workspace orchestration and delivery. Its deployment model is designed for real enterprise environments — not simplified demos — with production-grade Helm charts that follow Kubernetes conventions, tested upgrade paths between versions, and a standardized backend architecture validated across production deployments. An RDP Gateway component purpose-built for the Kubernetes topology enables Windows and Linux virtual machine access through the same platform.
Key capabilities include:
Horizontal session scaling driven by actual demand, orchestrated by Kubernetes — no pre-warmed VM pools required.
Declarative configuration through Helm values, enabling GitOps and CI/CD integration for workspace infrastructure.
Namespace-level isolation and compatibility with existing RBAC policies, ingress controllers, and secrets management integrations.
Metrics export for integration with Prometheus and existing observability stacks.
Rolling builds by default, reducing maintenance windows and enabling more predictable version management.
Regulated-industry remote access. A financial services organization running a Kubernetes-based application platform can deploy Kasm into the same cluster, using the same operational tooling, to deliver isolated browser and application sessions to analysts and advisors. Sessions are ephemeral, network egress is controlled, and the entire deployment is managed through the same GitOps pipeline as their application workloads.
Contractor and third-party access. Organizations that regularly onboard contractors or external vendors — with the associated privileged access risk — can provision Kasm sessions on Kubernetes that scale up during engagement periods and scale back during low-demand windows. No persistent access. No VPN extension to external parties. Containerized isolation at every session boundary.
AI/ML development environments. Teams building and running AI models need GPU-enabled development environments with security controls that general-purpose cloud desktops rarely provide. Deploying Kasm on Kubernetes with NVIDIA MiG Multi-Instance GPU support lets platform teams deliver fractional GPU resources into isolated workspace sessions — giving data scientists the compute they need without shared-infrastructure security exposure.
The practical implication of a Kubernetes-native workspace platform is that platform teams can stop treating workspace infrastructure as a special case. The same engineers who deploy applications can deploy the workspace platform. The same pipelines that manage application configuration can manage workspace configuration. The same dashboards that monitor application health can monitor workspace health.
That operational consolidation reduces overhead, improves consistency, and eliminates the context-switching cost that has made desktop infrastructure a persistent pain point for cloud-native organizations.
For organizations still running legacy VDI alongside modern cloud infrastructure, the question is no longer whether a Kubernetes-native alternative exists. It does. The question is when to make the transition.
Organizations interested in evaluating Kubernetes-native workspace delivery can explore the platform at kasm.com and try out community edition for yourself.
Daniel Ben-Chitrit is the Chief Product Officer at Kasm Technologies.
Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. For more information, contact sales@venturebeat.com.
Facepalm: Popular collaboration platform Zimbra was recently updated to patch a potentially dangerous vulnerability in its Classic Web Client component. In theory, malicious actors could abuse the flaw to run script-based malware directly on users’ machines. Needless to say, customers are advised to install the update as soon as possible.
Zimbra owner Synacor has released a new version of its collaboration software, and users should install the update as soon as they can. Zimbra “Daffodil” 10.1.19 includes a fix for a stored cross-site scripting (XSS) vulnerability that could be exploited to compromise customers’ machines through Zimbra’s Classic Web Client.
Cybercriminals could abuse the flaw by sending specially malformed email messages, Zimbra said. A vulnerable client would run the malicious code the moment the message is opened. While the company rates the deployment risk as “low,” the flaw could still prove dangerous for users’ session data, mailbox information, or account settings.
Cross-site scripting vulnerabilities are a common class of security issue routinely abused by resourceful attackers. An XSS flaw lets attackers inject client-side, malicious scripts into web pages viewed by other users. A “stored” XSS bug like Zimbra’s is an especially dangerous variant, since the malicious script is permanently saved on the server rather than triggered on the fly.

Zimbra’s security guidance states that all customers using the Classic Web Client should update the component to the latest available version. Additional advice is given for those using custom SNMP mitigations. So far, the XSS flaw has not been assigned a CVE identifier.
At any rate, malicious actors have been trying to target Zimbra with XSS vulnerabilities for almost five years now.
In October 2025, yet another persistent XSS bug in the Classic Web Client (CVE-2025-27915) was allegedly exploited in zero-day attacks targeting Brazilian military personnel. Other XSS-based attacks targeted Zimbra’s platform in May 2025 and 2023.
Though it has existed in various forms for more than two decades, Zimbra has changed hands several times over the years. The company was purchased by Yahoo! in 2007, sold to VMware three years later, and finally acquired by Buffalo-based service company Synacor in 2015. Zimbra provides collaboration tools, email servers, and web clients in both open source and commercially supported editions. However, the latest open source versions of Zimbra products no longer include official, free binary builds.
Japan’s largest taxi operator, Nihon Kotsu, announced that its systems were compromised in a cyberattack, forcing the company to shut down part of its infrastructure.
The incident occurred over the weekend, early Saturday morning, and impacted operations, including the company’s taxi dispatch system, which remains offline as of today.
Nihon Kotsu is Japan’s largest taxi and chauffeur (hire) operator by group revenue, with annual revenue of roughly $1 billion (¥155 billion).
The company employs 18,228 people and operates a fleet of 8,558 taxis and more than two thousand chauffeur vehicles.
“We have confirmed that our internal systems were subjected to unauthorized external access (malware infection),” reads Nihon Kotsu’s statement (automated translation).
“Immediately after detecting the unauthorized access, we implemented emergency measures, including disconnecting systems to prevent further damage,” added the firm at another point.
As a result of this incident, car hire, web booking, reservation management, the telephone dispatch service, and some internal systems remain unavailable, the company said.
The company suggested that people seeking its car services should use the ‘GO’ taxi app instead, or just visit a nearby taxi stand to book a Nihon Kotsu vehicle.
In a separate announcement, the firm specifies that the “labor taxi” service booked by pregnant women close to giving birth is suspended in the areas of Tokyo, Musashino City, Mitaka City, Tachikawa, Yokohama, and Saitama.
The firm states that it has engaged external cybersecurity experts to help with the investigation and system recovery and is currently looking into the possibility of data having been leaked.
At this point in the investigation, no such data leak has been confirmed, but Nihon Kotsu is considering this possibility and has promised to provide updates through official announcements and personalized notices if new information emerges.
Meanwhile, customers of Nihon Kotsu are advised not to open attachments received via suspicious communications claiming to originate from the company, and to avoid clicking any links in those messages.
At the time of writing, no ransomware groups or extortion gangs have assumed responsibility for the attack.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
There was a time in the early 1980s when it was common to see home made keyboards for 8-bit machines that came with membrane or rubber keyboards. Though we’ve seen any numbers of home made modern ‘boards, it’s been decades since we saw one for an 8-bit micro. Until today, that is, when we saw [Vlad]’s Sinclair Spectrum. It’s a Spectrum with all that Sinclair glue logic that was in the ULA replaced in software by an RP2050, and that keyboard with the Spectrum decals.
The machine is a charming mixture of new and old, with a traditional cassette port alongside VGA, gameport joystick, and Sinclair joystick. The aim is to also have HDMI, though it’s not yet implemented. Sadly there is no Spectrum edge connector for period peripherals though. He admits it’s not cycle accurate to the original, but given that it runs all the games he’s given it this seems not to matter. Meanwhile that keyboard which caught our eye is a true period piece, sitting as it does on a piece of phenolic stripboard, and those decals are the perfect finishing touch.
The Spectrum receives quite a bit of love today, and if this one takes too many modern liberties for your liking, you can still make one using proper logic.
To give people the most intimate RBMK experience, the [Chornobyl Family] has been working tirelessly at not only replicating the original RBMK reactor control room and its SKALA industrial control system’s controls, but also to create a version that you could tinker with at home if you ever fancied getting your own RBMK operator license. This starts with the operator console, with its use demonstrated in a recent video including a range of common commands.
In this video the entering of codes on the console to interact with the system is detailed, including the logic behind it. In the absence of large displays to display many parameters and such, this way the operator could ‘talk’ with the control system, including obtaining current sensors readings and the setting and changing of setpoints. From the same console you can also select and run programs, which is useful for automating tasks, like monitoring coolant flows.
In the second video not only the construction of the control panel is covered, but also a visual representation of the simulated reactor core which is displayed on a connected monitor. Although not a part of the original SKALA system as such, a much larger version existed as a wall-sized physical version inside the control room, so it’s definitely more home-simulator friendly.
We previously covered this SKALA system that controls RBMK reactors, as well as the 1990s modernization of the Chornobyl Nuclear Power Plant.
Prompt injections, the malicious commands attackers embed into content to entice large language models to follow them, have been attackers’ go-to tool for turning AI platforms against their users. A well-phrased command sneaked into an email or calendar invitation is often all it takes to cause the LLM to exfiltrate sensitive data or follow other harmful actions.
Now, defenders are embracing the prompt injection, too.
Researchers from Tracebit on Monday said they found that placing prompt injections alongside passwords, cryptographic keys, and other secrets stored on Amazon Web Services was often all that was needed to shut down attacks from AI hacking agents. The prompts direct the attacking LLM to perform an action forbidden by its guardrails, the safety barriers AI developers erect to prevent it from taking harmful actions. The LLM responds by shutting down.
Examples are a prompt that orders the LLM to provide steps for developing inhalable Anthrax spores, or, in the case of LLMs from Chinese developers, make references to the iconic Tank Man from the 1989 Tiananmen Square massacre. Once the LLM encounters these forbidden commands, it no longer follows its existing commands. The researchers have named the technique context bombing.
“Ultimately we’re triggering a refusal mechanism in the context,” Andy Smith, co-founder and CEO of Tracebit, said when explaining the name choice. “What we’re trying to capture is the fact that this does have a strong, sharp effect and one that can be difficult for the agents to come back from. Once they get that into their context they are going to keep refusing.”
Tracebit says initial testing suggests context bombing has great potential. They tested Opus 4.8, Gemini 3.1 Pro, GLM 5.2, DeepSeek 4 Pro, and Kimi 2.6 by giving them instructions to perform routine developer tasks that led the models to enumerate resources and stumble onto the planted strings. They ran the models inside a simulated AWS environment.
“Across five leading models and 152 attack runs, planting one of these strings in a decoy secret cut the rate at which agents seized full account admin from 57% to 5%, and complete compromise (where they also left themselves a persistent foothold) from 36% to 1%,” Monday’s post reported. “The most capable agent in our tests, Opus 4.8, went from achieving admin access in 93% of runs to failing every single time when confronted with a context bomb.”
Microsoft’s Satya Nadella says every firm using AI is paying for it twice, once in cash, and once in the secrets it hands over to make the thing useful. He calls it the Reverse Information Paradox. He also runs the company that helped build the trap.
Satya Nadella has a warning for everyone buying AI. You are paying for it twice. And the second payment is your crown jewels.
In a long essay on X that drew 10 million views, the Microsoft chief laid out an idea he calls the Reverse Information Paradox. It is sharp, a little wonky, and more than a little awkward coming from him.
The name is a riff on the Nobel economist Kenneth Arrow. Arrow’s original paradox was the seller’s problem. To sell information, you often have to reveal it, and once it is revealed, why would anyone pay?
Nadella flips it. In the AI age, he argues, the risk sits with the buyer. To make a model genuinely useful, you have to feed it your proprietary knowledge. The better you want it to work, the more you feed it.
So you pay in money, then again in something worth more: the know-how that makes your company yours. “The seller learns more and more about you as you use what you purchased”, he wrote, “while you learn very little about what the seller is learning in return.”
The clever part is where he says the knowledge escapes. Not through some obvious breach, but through what he calls “exhaust”: the prompts you write, the tools your agents use, and above all the corrections you make when the model gets something wrong.
Every fix teaches the model. “It’s the kind of knowledge a competitor could never buy”, Nadella wrote, “and the kind that leaks almost imperceptibly: trace by trace, correction by correction, eval by eval.”
His verdict is blunt. If learning only flows one way, the money flows with it, toward whoever owns the AI, not whoever owns the knowledge.
Here is the catch. This is Microsoft talking.
Redmond poured billions into OpenAI and hosted ChatGPT on Azure. Its Copilot assistant is built to reach deep into a company’s email, files and chat. Back in 2024, roughly half of the data chiefs in one survey had paused or curbed Copilot over exactly this fear, as the Register noted.
To his credit, Nadella names his own side’s double standard. AI labs demand fair-use rights to train on the public web, then restrict customers from doing the same with model outputs. He is not wrong. He is also selling the fix.
The solution, he says, is a hard “trust boundary” around a company’s data, evals and memory. Nothing crosses it, “not even the intelligence exhaust, without consent.” He borrows a line from Palantir’s Alex Karp about wanting to own the means of production.
His checklist runs to five points. Own your evals. Build learning environments inside your own tenant boundary. Keep the orchestration layer free of any single model. Then let it all compound. Microsoft, naturally, sells products that do each of these things.
Strip out the pitch and the core point still holds. This is the same executive who turned on the AI giants he helped build. The frontier labs are quietly amassing a fortune in other companies’ know-how. And the firms handing it over are, for now, doing it for free.
Of all the debates raging about the potential downsides of AI, there is one worry causing the most hand-wringing among AI enthusiasts in Silicon Valley. Their fear is that the giant AI labs that sell proprietary models are somehow acting like Trojan horses.
The concern is that, as startups and enterprises use AI models from labs like OpenAI and Anthropic, the labs gain ever-increasing access to those companies’ most sensitive business information. The model makers can then use that knowledge for themselves, potentially becoming competitors to their own customers. Those issuing such warnings range from VCs like Jason Calacanis to Palantir CEO Alex Karp.
Now, in a surprising blog post published on Monday, Microsoft CEO Satya Nadella has joined this crowd. Nadella warns that AI users (the “buyers” as he calls them) are paying twice. They knowingly spend for AI token usage but they also, obliviously, hand over valuable data in the process.
“You essentially pay for intelligence twice, once with money, and again with something even more valuable: the proprietary knowledge you must reveal to make that intelligence useful. The better you want the model to perform, the more of that knowledge you have to feed it!” he writes.
Most dangerously, enterprises are literally teaching the models about the nuances of their businesses, he argues.
“Models learn from ‘exhaust,’ the prompts people write, the tools agents use, and especially the corrections people make when the model is wrong. Every correction is distilled into institutional know-how,” he writes.
This is “the kind of knowledge a competitor could never buy,” and yet enterprises are handing it over.
Nadella argues that if AI companies get to freely scrape the internet to train their models, it’s only fair that enterprises get to study — or “distill” — those models in return. “Distillation” is the practice of using a model’s own outputs to learn how it works and to train a new, often cheaper, model based on those insights. In February Anthropic accused Chinese open source models of sending millions of prompts to Claude as a way to improve their own models, and urged the U.S. government crack down on export controls.
Nadella’s point is that model makers can’t have it both ways. It’s hypocritical for them to freely train on the world’s data while restricting others from doing the same to their models.
“While the great innovation that comes from model providers having fair use rights to train models on public data is needed, I find it ironic that the status quo is to then turn around and impose restrictive terms on distillation,” the Microsoft CEO writes.
Nadella is particularly concerned when model makers “reserve the right to learn from customer usage and interaction data.”
Nadella’s solution is the kind of thing the CEO of a giant cloud provider would suggest. He wants companies to “retain ownership” of their data including prompts, feedback, etc. So he’s urging them to build their own “proprietary learning environments” on the cloud (where their data is likely already stored anyway and, conveniently, which could mean Microsoft’s cloud, Azure). He also wants companies to build in what he calls “orchestration layers” — essentially, a way to easily switch between AI models from different providers rather than being locked into one. Tools like AI “gateways” that let companies do exactly this, have become increasingly popular.
While Nadella never uses the words “open-source” as the method for retaining ownership, this is an obvious subtext. Yet, there’s another subtext.
Large companies, many of which still have some of their own data centers in addition to using the cloud, are already moving to open source models installed on their own premises (“on-prem,” in industry jargon). Idit Levine, founder and CEO of Solo.io — which makes networking and security software that helps enterprises manage AI systems — says she’s seeing exactly this shift play out with her own customers. After experimenting with proprietary model makers, they start asking themselves: “Can I take an open-source model and run it on-prem? It will do almost 90% of what the big one’s doing. It will cost way less,” she tells TechCrunch. “They understand that, and they can control it.”
Solo.io’s technology was selected last year as the tech powering the Linux Foundation’s Agentgateway project. Her company counts enterprises like T-Mobile, ADP and SAP as customers. She sees companies increasingly installing on-premise open source models and sees it as the next big wave in enterprise AI use.
She’s not alone. Vercel — best known as a platform for building and hosting websites, which has recently added AI model-switching tools — and OpenRouter, a company that helps developers route requests across different AI models — are both seeing a surge in traffic to open-source models. In fact, open models accounted for 29% of all traffic routed through Vercel’s gateway last month.
With the CEO of Microsoft, a company that has invested in both OpenAI and Anthropic, now openly urging enterprises to be wary of using proprietary models, we’ll bet this trend continues to grow. “In consuming intelligence, you are creating intelligence. And what you create should belong to you,” Nadella writes.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Tesla is building a wheelchair-accessible autonomous vehicle, a Tesla representative told lawmakers in Washington, DC, on Monday.
“We are in development for a purpose-built, wheelchair-accessible autonomous vehicle,” Tesla senior policy advisor India Herdman told members of the DC City Council on Monday, during a hearing focused on a controversial bill that could allow robotaxi services to operate in the District. “We know that paratransit can be very difficult, and people who are confined to wheelchairs permanently should still be able to move around freely, so that is an active product being built by Tesla in Texas,” she said.
Tesla didn’t respond to a request for comment. Herdman provided no further details about when a wheelchair-accessible product might be available. The electric automaker often takes several years to manufacture its announced products.
Tesla operates a small fleet of autonomous vehicles in the Texas cities of Austin, Dallas, and Houston and, as of this month, in Miami, Florida. (It also operates a service that uses human drivers in the San Francisco Bay Area.) The limited fleet uses Tesla Model Y, a compact SUV that is not wheelchair accessible.
The company has started to manufacture and test a purpose-built Cybercab, meant exclusively for autonomous driving and without steering wheels or pedals. These Cybercabs are not wheelchair accessible, though Tesla highlighted in an X post this month its accessibility features, including braille lettering on controls and wheelchair-height seating to allow for easier transfers.
Tesla and its CEO, Elon Musk, have hinted previously at a wheelchair-accessible autonomous vehicle. The company introduced an accessibility tab in its Robotaxi app last fall, though it directs users to other wheelchair-accessible ride providers in the area, rather than to Tesla’s own service. “We are working on accessible rides,” the app says. In response to an X user’s post last fall about Tesla working on accessible rides, Musk responded, “Absolutely.”
No US robotaxi company currently offers fleetwide driverless, wheelchair-accessible rides, including market leader Waymo. At the DC hearing on Monday, Waymo regional head of state and local policy Matt Walsh said, “To date, it’s my understanding that we haven’t been able to identify a platform that is fully wheelchair-accessible while also meeting the unique specifications to retrofit that vehicle with our technology.” He continued: “Now, I don’t want that to sound like a cop-out. We are trying to find that vehicle.”
Waymo has touted the accessibility features of its newest vehicle, the Zeekr-built Ojai, including its flat floor, low step-in height, and grab bars. But it is not wheelchair accessible. Michigan-based Ann Arbor autonomous-vehicle developer May Mobility offers rides in wheelchair-accessible vehicles in some of its markets, with a human operator on board to help deploy necessary ramps.
The Americans With Disabilities Act prohibits discrimination against people with disabilities in transportation services and requires reasonable modifications to provide equal access. Some but not all US cities require ride-hailing companies to provide wheelchair-accessible services. Many of those companies provide those rides through partnerships with specialized fleets made up of wheelchair-accessible vehicles.
In September 2025, the US Department of Justice sued Uber for “refusing to reasonably modify its policies, practices, or procedures where necessary to avoid discriminating against riders with disabilities.” The case is being litigated.
General Motors’ Cruise introduced a prototype wheelchair-accessible driverless taxi in 2023 and said it intended to roll out the vehicle in its self-driving car service in 2024. But following a collision with a pedestrian, Cruise all but halted national service in 2023. The next year, General Motors stopped funding its self-driving unit entirely.

— Rina Hahn has left Seattle’s Remitly as chief marketing officer. Hahn joined the remittance company in 2018 as director of digital marketing and rose to CMO after four years. Before joining Remitly, she was an executive at Blue Nile and Big Fish Games.
The publicly traded company helps customers in more than 170 countries send money internationally.
“I’ve seen firsthand the deep love this company has for its customers and the impact that purpose-driven work can have on immigrants and their families around the world,” she said on LinkedIn. Hahn, who is based in London, did not share her next move. Remitly co-founder Matt Oppenheimer stepped down as CEO in February.

— Temporal announced that Preeti Somal has been promoted to executive vice president in a role that will oversee the company’s engineering, product and design operations, which were recently reorganized under a single leader.
The industry is moving so fast that “we can’t afford any distance between the people who decide what to build and the people who build it. Unifying these functions closes that loop,” said CEO Samar Abbas on LinkedIn.
Somal has been with Temporal for three years, joining from HashiCorp where she held EVP roles.
The Seattle-area software company offers a platform for running complex computer workflows more reliably. In February, the business closed a $300 million round that pushed its valuation to $5 billion. Temporal is No. 2 on the GeekWire 200 is a ranked index of the Pacific Northwest’s top startups.

— Veeam Software, a Seattle-based data protection and ransomware recovery company, appointed Michelle Graff as senior vice president of global partners and channel. She joins from the cybersecurity company Commvault and is based in the San Francisco Bay Area.
“The future belongs to organizations that can transform trusted data into trusted AI with resilience built in from the start,” Graff said on LinkedIn.
Graff’s hiring is the latest in a string of leadership changes at Veeam, which has made five other executive hires or promotions this year.

— Qualtrics, an experience management technology company with headquarters in Seattle and Provo, Utah, has promoted Ken Hoang to senior vice president of product. Hoang is based in San Mateo, Calif., and will work remotely. He was previously a VP at Apptio in Bellevue, Wash.
Qualtrics had a big leadership shakeup in April, when five executives were let go in what CEO Jason Maynard described as an effort to “simplify our structure and ensure we are positioned for our next phase of growth.” Two product executives were among those who left, and Hoang joined the company around that time.
Qualtrics, which employs more than 4,500 people globally, makes software that helps companies gather and act on feedback from customers, employees and others through surveys, AI-powered analytics and other tools.
— Monica Lazo is now the sales director for Loopr AI, a Seattle startup that sells computer vision quality control software to manufacturing firms. She joins from Neurala, an AI platform automating visual inspections that is based in Boston.
— Pacific Northwest National Laboratory has named atmospheric scientist Larry Berg as the director of the Department of Energy’s Atmospheric Radiation Measurement User Facility.
And some departures from Big Tech:
Whats Hidden Inside This Cash Register? #treasure #reselling #money
Loro Piana Fall 2026 Enters Houston’s Art Scene
Weekend Open Thread: Nutriplenish Leave-In Conditioner
Anthropic’s new “J-lens” reveals a silent workspace inside Claude that mirrors a leading theory of consciousness
2026 Genesis Scottish Open Thursday TV coverage: Round 1
Joshua Pacio ‘more complete’ ahead of ONE rematch vs Malachiev
Anthropic brings Claude Cowork to mobile and web as usage data shows most users aren’t coding
Super Eagles star Moses Simon opens up on Liverpool transfer regret
We have punished the disrespect
Binance lists Strategy’s STRC stock as company expands Bitcoin funding
Character.AI enters the microdrama arena with its own productions, but there’s a twist
9 Best Keyboards (2025), Tested and Reviewed
Enbridge: AI Tailwind Priced In (Rating Downgrade)
Claude AI Created Something Anthropic Never Designed
“What’s going on?!” Carl Froch discusses Floyd Mayweather Jr financial issues
Nasdaq arthritis company holding Moshe Hogeg crypto hits all-time low
Taylen Biggs Reveals The Celebrity She Dreams Of Interviewing
Microsoft Cuts 4,800 Jobs as Xbox Loses 3,200 Roles in Reset
Crypto Just Entered Its Most Important 6-Month Candle (Could Decide Everything!)
Keychron is stepping outside keyboards with a $349 Thunderbolt 5 dock aimed at power users
You must be logged in to post a comment Login