A McDonald’s in the Chinese megacity of Shanghai is testing humanoid robots in roles usually the preserve of human workers, with other types of robots also let loose inside the restaurant to greet and entertain diners.

Truth be told, the robots don’t look particularly advanced, but a video (below) showing them in action does hint at a future where bipedal bots and other machines handle routine tasks at fast food restaurants, from welcoming customers and taking orders to delivering food and cleaning the floor.

The McDonald’s trial, using robots supplied by Chinese firm Keenon Robotics, comes at a time of economic contradiction in China, where businesses in some sectors are struggling to hire even as millions of young people face difficulty finding work.

It’s this tension that makes the McDonald’s trial stand out, with restaurant operators interested in deploying a reliable, potentially low-cost workforce in a strategy that raises fears of displacement among human workers in the service sector, which up to now has been a popular route into the workforce.

The reality, however, is more complicated. China’s workforce is shrinking as the population ages, while many younger job seekers are reluctant to take on low-paid, repetitive work. In that case, robot technology could be used to fill gaps rather than simply replace people. Still, the presence of robots in such a visible, everyday setting highlights how quickly that balance could shift.

While it could be a while before McDonald’s deploys humanoid robots in a more meaningful way, adding them to restaurants as greeters and entertainers could potentially draw curious diners, especially families with kids who might want to interact with the machines while waiting for their meal to arrive.

Even if the fast food giant eventually wants robots to run its restaurants, such a scenario is almost certainly many years away, simply because the technology isn’t yet up to it. What feels more likely, at least in the short term, is a hybrid setup where human workers handle the majority of tasks while the robots take on more basic, customer-facing roles out front.

ConnectWise is warning ScreenConnect customers of a cryptographic signature verification vulnerability that could lead to unauthorized access and privilege escalation.

The flaw affects ScreenConnect versions before 26.1. It is tracked as CVE-2026-3564 and received a critical severity score.

ScreenConnect is a remote access platform typically used by managed service providers (MSPs), IT departments, and support teams. It can be either cloud-hosted by ConnectWise or on-premise on the customer’s server.

An attacker could exploit the security issue to extract and use the ASP.NET machine keys for unauthorized session authentication.

“If the machine key material for a ScreenConnect instance is disclosed, a threat actor may be able to generate or modify protected values in ways that may be accepted by the instance as valid,” reads the vendor’s advisory.

“This can result in unauthorized access and unauthorized actions within ScreenConnect.”

The vendor addressed this by adding stronger protection for machine keys, including encrypted storage and improved handling starting ScreenConnect version 26.1.

Cloud users have been automatically moved to the safe version, but system administrators managing on-premises deployments must upgrade to version 26.1 as soon as possible.

ConnectWise also stated that researchers observed attempts to abuse disclosed ASP.NET machine key material in the wild, so the risk from CVE-2026-3564 is tangible right now.

However, the vendor told BleepingComputer that it has no evidence of active exploitation in the wild as of writing, and therefore has no indicators of compromise (IoCs) to share with defenders.

“We do not have evidence that this specific vulnerability (CVE-2026-3564) was exploited in ConnectWise-hosted ScreenConnect, so we do not have any confirmed IOCs to share,” stated ConnectWise to BleepingComputer.

“We encourage any researchers who believe they have identified active exploitation to engage in responsible disclosure so findings can be validated and addressed appropriately.”

However, there are claims that the issue has been actively exploited by Chinese hackers for years, but it is unclear if the same security flaw was leveraged.

There have been in the past attacks from nation-state hackers that exploited CVE-2025-3935 to steal the secret machine keys used by a ScreenConnect server.

Apart from upgrading to ScreenConnect version 26.1, the software vendor also recommends tightening access to configuration files and secrets, checking logs for unusual authentication activity, protecting backups and old data snapshots, and keeping extensions up to date.

Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.

Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.

Advertisement

Download The Report

If you’re working with surface mount components, you’re likely going to want a reflow plate at some point. [Vitaly] was in need of just such a tool, and thus whipped up a compact reflow plate that is conveniently powered via USB-C. 

This reflow rig is designed for smaller work, with a working area of 80 mm x 70 mm. There are two options for the heating element—either a metal core PCB-based heater, or a metal ceramic heater. The former is good for working with Sn42Bi58 solder paste at 138 C, according to [Vitaly], while the latter will happily handle Sn63Pb37 at 183 C if the dirty stuff is more your jam.

Running the show is an ESP32-C3-WROOM, which serves up a web-based control panel over Bluetooth for setting the heating profiles. Using Bluetooth over WiFi might seem like an odd choice at first, but it means you don’t have to add the hot plate to the local wireless network to access it, handy if you’re on the move. It’s also worth noting that you can’t run this off any old USB charger—you’ll need one compatible with USB Power Delivery (PD) that can deliver at least 100 watts.

If you’re needing to whip up small boards with regularity, a hotplate like this one can really come in handy. Files are on GitHub for those eager to build their own.

This isn’t the first time we’ve seen USB-C powering a small reflow plate. Of course, if you make your PCBs self heating, you can sidestep all that entirely.

The Information reported that an AI agent within Meta took unauthorized action that led to an employee creating a security breach at the social company last week. According to the publication, an employee used an in-house agentic AI to analyze a query from a second employee on an internal forum. The AI agent posted a response to the second employee with advice even though the first person did not direct it to do so.

The second employee took the agent’s recommended action, sparking a domino effect that led to some engineers having access to Meta systems that they shouldn’t have permission to see. A representative from the company confirmed the incident to The Information and said that “no user data was mishandled.” Meta’s internal report indicated that there were unspecified additional issues that led to the breach. A source said that there was no evidence that anyone took advantage of the sudden access or that the data was made public during the two hours when the security breach was active. However, that may be the result of dumb luck more than anything else.

Many tech leaders and companies have touted the benefits of artificial intelligence, this is just the latest incident where human employees have lost control over an AI agent. Amazon Web Services experienced a 13-hour outage earlier this year that also (apparently coincidentally) involved its Kiro agentic AI coding tool. Moltbook, the social network for AI agents recently acquired by Meta, had a security flaw that exposed user information thanks to an oversight in the vibe-coded platform.

During a Senate hearing, FBI Director Kash Patel confirmed that his agency has bought information that could be used to track individuals’ movement and location. “We do purchase commercially available information that’s consistent with the Constitution and the laws under the Electronic Communications Privacy Act, and it has led to some valuable intelligence for us,” he said.

Law enforcement is required to obtain a warrant in order to get location data from cell service providers following the Carpenter v United States ruling from 2018. But why bother with all that hassle when they can just buy the information from the open market?

“Doing that without a warrant is an outrageous end run around the Fourth Amendment, it’s particularly dangerous given the use of artificial intelligence to comb through massive amounts of private information,” Sen. Ron Wyden, (D-Ore.) said during the Intelligence Committee hearing. Wyden is one of several lawmakers pushing for an overhaul of when and how the government can obtain citizens’ personal information.

It’s an overhaul that’s badly needed. Patel already has a history of dubious use of government resources, such as ordering SWAT protections for his girlfriend and somehow horning in on men’s hockey victory celebrations at the recent winter Olympics, so one would hope he’s not also stretching the limits of the few privacy protections that do exist. Then outside the FBI, we have the Department of Homeland Security being sued for illegally tracking immigration raid protestors and the Pentagon’s labeling of Anthropic as a supply-chain risk after the AI company refused to let its products be used for mass surveillance of Americans.

Gaming is growing every day, and a big part of that can be attributed to Tencent Games, which has been behind games like BGMI. Now, MoreFun Studios, a subsidiary of Tencent, has launched the Closed Beta Test (CBT) for its mobile tactical shooter Arena Breakout in India. Players can now download the game’s beta version on Android and iOS and experience hardcore FPS gameplay ahead of its official launch.

What is Arena Breakout?

Arena Breakout is a hardcore tactical first-person shooter in which survival and strategy play a key role. Unlike traditional mobile shooters, the game focuses heavily on realistic combat, inventory management, and extraction-based gameplay.

Players enter the war-torn region of Kamona, a fictional battlefield devastated by civil war. The objective is simple but challenging: explore the combat zone, collect valuable loot, and reach the extraction point safely.

However, players must survive encounters with enemy combatants and other players along the way. Every item carried into battle can be lost if the mission fails, making each run a high-risk, high-reward experience. Arena Breakout has already gained significant global traction, with the developers claiming over 100 million downloads.

Extensive Weapon Customization

Another highlight of Arena Breakout is its Ultimate Gunsmithing System, which allows players to build and customize weapons in great detail. The system includes:

• 700+ weapon accessories
• 10 modification slots
• Extensive gun customization options

Players can modify weapons to suit different playstyles, whether that means building stealth-focused loadouts or heavily armored combat setups.

How To Access the Closed Beta?

If you can’t wait to get your hands on Arena Breakout, the closed beta test is live in India. You can download it on your phone by clicking the link here. Just remember that since it’s a closed beta, there may be random glitches or bugs. So, keep an eye out for those.

The chatbot also is intentionally flexible, with the new integrations in mind. “It can take on slight tweaks to the look and feel, to make it feel like a natural part of other environments,” Danker says.

Shopping Shift

The new Walmart experience is part of a broader pivot for OpenAI to focus on having checkouts take place within embedded apps, the Information reported earlier this month, without providing a rationale for the change. Danker spoke about the shift at the Morgan Stanley investor conference this month but didn’t cite the data behind it.

OpenAI spokesperson Taya Christianson says the company wants to focus on improvements to help users research products, while giving merchants more control over checkout. “We appreciate our partners for learning with us,” she added.

Walmart has excluded some products from Instant Checkout because it knew “the single-item checkout experience is detrimental” in some cases, Danker says. For instance, when someone buys a TV, they likely need to buy accessories like HDMI cables. On its website, Walmart can nudge shoppers to buy a bundle to avoid a frustrating installation experience, Danker says. Through Sparky, Walmart will be able to replicate that in chatbots.

Retailers were eager to collaborate on Instant Checkout because the alternative at the time to serve ChatGPT users was by linking out to their websites. Walmart believes the Sparky experience will feel even “more seamless,” because users will be able to continue chatting and refining their order without needing to reenter their payment and delivery information already saved with Walmart.

Sparky has been criticized by people purporting to work for Walmart on Reddit, and testimonials for the chatbot are difficult to find on social media. But half of Walmart app users have engaged with it, according to the company. While people typically use the app to search for staples such as milk and bananas, they ask Sparky about exotic items or for solutions to more complicated problems. Walmart US CEO David Guggina recently said Sparky users spend about 35 percent more per order than other shoppers.

Danker acknowledges that Sparky is slow and generates weak responses often enough that some consumers might dismiss it as unreliable. Danker says the priority this year is training Sparky to be more proactive, getting it to learn more about individual shoppers, and making it helpful across more of Walmart’s many departments, such as the pharmacy.

While Walmart is pushing Sparky elsewhere, it hasn’t—and doesn’t plan—to block other AI agents from shopping on its website. Amazon, on the other hand, recently won a temporary court order barring Perplexity’s automated technology from masquerading as a human to make purchases. Danker says Walmart wants to support whatever tools customers are using as long as it’s a good experience. As in, there shouldn’t be erroneous orders, shocking bills, or an excessive need for customer service.

“We don’t want to be prescriptive of the exact journey that every customer is going to take,” he says. “We don’t want to block things on a speculative or hypothetical concern.”

When it comes to how many consumers will trust AI with their shopping, Danker is prepared to speculate. “This idea that it will all become automated might be a little bit far-fetched,” he says. “People do get excited about shopping for clothes, for their home, for their children.” Walmart wants to leave users in control, just now with Sparky by their side in more places.

This is an edition of Will Knight’s AI Lab newsletter. Read previous newsletters here.

An AI agent went rogue at Meta, exposing sensitive company and user data to employees who did not have permission to access it.

Per an incident report, which was viewed and reported on by The Information, a Meta employee posted on an internal forum asking for help with a technical question — which is a standard action. However, another engineer asked an AI agent to help analyze the question, and the agent ended up posting a response without asking the engineer for permission to share it. Meta confirmed the incident to The Information.

As it turns out, the AI agent did not give good advice. The employee who asked the question ended up taking actions based on the agent’s guidance, which inadvertently made massive amounts of company and user-related data available to engineers, who were not authorized to access it, for two hours.

Meta deemed the incident a “Sev 1,” which is the second-highest level of severity in the company’s internal system for measuring security issues.

Rogue AI agents have already posed a problem at Meta. Summer Yue, a safety and alignment director at Meta Superintelligence, posted on X last month describing how her OpenClaw agent ended up deleting her entire inbox, even though she told it to confirm with her before taking any action.

Still, Meta seems bullish on the potential for agentic AI. Just last week, Meta bought Moltbook, a Reddit-like social media site for OpenClaw agents to communicate with one another.