Earlier this year, Toyota revealed its first three-row electric SUV in the Highlander EV. Now, it’s Lexus’ turn to put its spin on this segment with the upcoming TZ, which boasts a more luxurious design, seating for up to six and a top range of around 300 miles.
Like its cousins the Highlander EV and Subaru Getaway, the TZ is based on Toyota’s e-TNGA platform and will be available with two battery sizes (76.9kWh or 95.8kWh) and an upgraded Direct4 AWD system. While Lexus has yet to provide specific info about power, based on the output available from other models sharing this platform, we’re expecting around 400 horsepower (or more) depending on the exact configuration. It’s a similar situation when it comes to range, because while we’re still waiting on an official figure from the EPA, Lexus estimates a TZ with the larger 95kWh power pack will go for around 300 miles between charges.
Meanwhile, at 200.8 inches, the TZ is actually slightly longer than the Highlander EV, while sporting a similarly brawny exterior with lots of hard lines along and Lexus’ signature spindle-shaped grille. Other features include Dynamic Rear Steering (up to four degrees) that should provide better maneuverability at low speeds and increased stability at high speeds. Unfortunately, the TZ’s 400-volt architecture doesn’t look very impressive, with charging speeds that top out at just 150kW that should deliver 10 to 80 percent charging times of around 35 minutes. Thankfully, the car does come with a native NACS port and, for times when you need to charge your other gadgets, Lexus is making a dedicated accessory adapter that plugs into an AC inlet in the cargo area.
On the inside, the TZ’s infotainment is centered around a 14-inch main display with a secondary 12.3-inch digital instrument cluster for the driver. Lexus says the TZ will also support a Smart Digital Key+ that allows you to unlock the car with your phone or smartwatch, and will continue to work even if the gadget runs out of battery. Also, aside from the base infotainment system, the TZ supports both Android Auto and Apple CarPlay.
Lexus
The TZ’s platform and exterior are quite similar to the Highlander EV and Subaru Getaway, so Lexus seems to have really leaned into the EV’s interior as a way to distinguish itself from its rivals. The company claims the TZ has the quietest cabin of any of its SUVs (both EV and ICE) and that quest for muted peace and relaxation seems to have been a core design goal for the vehicle, as Lexus uses the word quiet eight separate times in its official press release. The TZ also features a number of sustainable materials scattered throughout the car including forged bamboo panels, a plant-based UltraSuede and recycled aluminum for components like its roof rails and tonneau cover frame.
Unfortunately, we’re still waiting for official info regarding the TZ’s pricing and availability, configurations and trim levels, which Lexus plans to release closer to the EV’s on sale date sometime later this year.
Ctrl-Alt-Speech is a weekly podcast about the latest news in online speech, from Mike Masnick and Everything in Moderation‘s Ben Whitelaw.
Subscribe now on Apple Podcasts, Overcast, Spotify, Pocket Casts, YouTube, or your podcast app of choice — or go straight to the RSS feed.
In this week’s roundup of the latest news in online speech, content moderation and internet regulation, Mike is joined by First Amendment lawyer Ari Cohn. Together they discuss:
Support the podcast by joining our Patreon, with special founder membership available until May 28th.
Filed Under: age verification, ari cohn, artificial intelligence, chatbots, content moderation, free speech, trust and safety
Companies: character.ai
A new trojan named TCLBanker, which targets 59 banking, fintech, and cryptocurrency platforms, uses a trojanized MSI installer for Logitech AI Prompt Builder to infect systems.
Additionally, the malware includes self-spreading worm modules for WhatsApp and Outlook that automatically infect new victims.
The new banking trojan was discovered by Elastic Security Labs, whose researchers believe it’s a major evolution of the older Maverick/Sorvepotel malware family.
While TCLBanker currently appears focused in Brazil, specifically checking timezone, keyboard layout, and locale, LATAM malware has, in the past, been updated to broaden its targeting scope, so the risk of the threat expanding is real.
Elastic warns that TCLBanker is extremely well protected against analysis and debugging, featuring environment-dependent payload decryption routines that fail in sandboxes or analyst environments.
It also runs a persistent watchdog thread that continuously hunts for analysis tools like x64dbg, IDA, dnSpy, Frida, ProcessHacker, Ghidra, de4dot, and others.
The malware is loaded within the context of the legitimate Logitech application via DLL side-loading, so it won’t trigger any alarms from security products protecting the infected host.
The researchers noted that, while the loader is rich in features, none go very far toward being truly advanced, and code artifacts indicate that AI may have been used in its development.
The banking module monitors the browser address bar every second using Windows UI Automation APIs, watching for when the victim opens a website of one of its 59 targeted platforms.
When that happens, it establishes a WebSocket session with the command-and-control (C2), sends victim and system information, and starts remote control operations.
The capabilities given to the operators include:
During active sessions, the Task Manager process is killed to prevent disruptions and hide the malicious activity from the victim.
To support data theft, TCLBanker uses a WPF-based overlay system that can push to victims fake credential prompts, PIN keypads, phone-number collection forms, fake “bank support” waiting screens, fake Windows Update screens, and various fake progress screens.
There are also “cutout” overlays that stay on top, allowing only selected portions of real applications to be shown to the victim, and masking other parts.
An interesting aspect of TCLBanker is its ability to propagate autonomously to contacts linked to the primary victim.
The malware searches Chromium browser profiles for authenticated WhatsApp Web IndexedDB data, and launches a hidden Chromium instance that hijacks the victim’s account.
Then, it harvests contacts, filters for Brazilian numbers, and sends them spam messages from the victim’s account, leading them to TCLBanker distribution platforms.
Another worm module abuses Microsoft Outlook through COM automation, launching the app, harvesting contacts and sender addresses, and sending phishing emails through the victim’s email account.
Elastic concludes that TCLBanker is as a characteristic example of the evolution of LATAM malware, offering lower-tier cybercriminals features that were once only available in highly sophisticated tools.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
As noted earlier, Mozilla’s characterization of AI-assisted vulnerability discovery as a game changer has been met with massive, vocal skepticism in many quarters. Critics initially scoffed when Mozilla didn’t obtain CVE designations for any of the 271 vulnerabilities. Like many developers, however, Mozilla doesn’t obtain CVE listings for internally discovered security bugs. Instead, they are bundled into a single patch. Normally, Bugzilla reports detailing these “rollups” are hidden for several months after being fixed to protect those who are slow to patch. Now that Mozilla has revealed a dozen of them, the same critics will surely claim they too were cherry-picked and conceal less accurate results.
Of the 271 bugs found using Mythos, 180 were sec-high, Mozilla’s highest designation for internally reported vulnerabilities. These types of vulnerabilities can be exploited through normal user behavior, such as browsing to a web page. (The only higher rating, sec-critical, is reserved for zero-days.) Another 80 were sec-moderate, and 11 were sec-low.
The critics are right to keep pushing back. Hype is a key method for inflating the already high puffed-up valuations of AI companies. Given the extensive praise Mozilla has given to Mythos, it’s easy for even more trusting people to wonder: What’s it getting in return? Far from settling the debate, Thursday’s elaborations are likely to only further stoke the controversy.
To hear Grinstead tell it, however, the details are clear evidence of the usefulness of AI-assisted discovery, and Mozilla’s motivation is simple.
“People are a bit burned from the last year of these slop commits so we felt it was important to show some of our work, open up some of the bugs, and talk about it in a little more detail as a way to hopefully spur some action or continue the conversation,” he said. “There’s no sort of marketing angle here. Our team has completely bought in on this approach. We are trying to get a message out about this technique in general and not any specific model provider, company, or anything like that.”
The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting a vulnerability to deface Canvas login portals for hundreds of colleges and universities.
The defacements, which were visible for roughly 30 minutes before being taken offline, displayed a message from ShinyHunters claiming responsibility for the earlier Instructure breach and threatening to leak stolen data if a ransom is not paid.
The message warns that Instructure and schools have until May 12 to contact them to negotiate a ransom, or students’ data will be leaked.
“ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches’,” reads the defacement.
“If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by May 12 2026 before everything is leaked,” continued the message.
BleepingComputer has learned that threat actors defaced the Canvas login portals for approximately 330 educational institutions, replacing the standard login pages with an extortion message. This defacement message also appeared in the Canvas app.
The defacement was allegedly caused by a vulnerability in Instructure’s systems that allowed the threat actor to modify the login portals. Instructure has since taken Canvas offline while they respond to the latest cyberattack.
Last week, Instructure disclosed that it was investigating a cyberattack after threat actors claimed to have stolen 280 million student and staff records tied to 8,809 schools, universities, and education platforms using its Canvas learning management system.
The ShinyHunters gang later told BleepingComputer that the stolen data included user records, private messages, enrollment data, and other information allegedly gathered through Canvas data export features and APIs.
Instructure confirmed that data was stolen during the attack but that they are continuing to investigate the incident.
BleepingComputer has repeatedly contacted Instructure with questions about the attack, including today’s, and whether they plan on notifying students and staff about the data breach. However, our emails have so far remained unanswered.
Canvas is one of the most widely used learning management systems in higher education and K-12 environments, helping schools manage coursework, assignments, grading, and communication between students and faculty.
The name ShinyHunters has long been associated with numerous threat actors who have conducted data breaches since 2018.
This year, threat actors using the ShinyHunters name have become among the most prolific groups conducting data theft and extortion attacks against companies worldwide.
Primarily focusing on Salesforce and other cloud SaaS environments, the threat actors are linked to a growing number of breaches involving companies such as Google, Cisco, PornHub, and online dating giant Match Group.
The extortion gang commonly breaches third-party integration companies and uses stolen authentication tokens to access connected SaaS environments and steal customer data.
The threat actors are also known for conducting voice phishing (vishing) attacks targeting Okta, Microsoft, and Google single sign-on (SSO) accounts, impersonating IT support staff to trick employees into entering credentials and multi-factor authentication (MFA) codes on phishing sites.
As BleepingComputer first reported, the ShinyHunters group has also recently adopted device code vishing attacks to obtain Microsoft Entra authentication tokens.
After stealing credentials and authentication codes, the threat actors hijack SSO accounts to breach connected enterprise services such as Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Adobe, Atlassian, Zendesk, and Dropbox.
While members of the ShinyHunters gang are responsible for numerous attacks, they are also known to operate as an extortion-as-a-service group, conducting extortion on behalf of other threat actors in exchange for a share of ransom payments.
There have been numerous arrests linked to the ShinyHunters name, including suspects connected to the Snowflake data-theft attacks, breaches at PowerSchool, and the operation of the Breached v2 hacking forum.
Yet despite these arrests, companies continue to receive extortion emails signed with the message, “We are ShinyHunters.”
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
Apple could be forced to pay $95 to all iCloud users in the UK, if a class-action lawsuit agains the company is successful.
Apple has failed to reduce the scope of a UK class-action lawsuit, and all iCloud users in the country will be owed $95 if the company loses.
Apple has had its fair share of lawsuits in the United Kingdom, with ongoing cases regarding App Store fees, an alleged price-fixing scheme with retailers, and more.
In November 2024, consumer rights group and publication Which? also sued Apple, alleging that the company had an anti-competitive way of locking users into paying for iCloud storage.
It was argued that Apple breached UK competition law and abused its dominant market position by not letting iOS and iPadOS choose an alternative cloud provider. Additionally, Apple was accused of charging “rip-off prices” for iCloud storage in the country.
As Apple failed to narrow down the scope of the class-action lawsuit, the case is now moving to trial.
As Which? claims in a social media post, Apple locked “millions of consumers into its iCloud service at rip-off prices.” The group says that around 40 million UK iCloud users may be eligible for compensation equating to $95, assuming its lawsuit is successful.
The lawsuit seeks damages for iPhone and iPad users who paid for iCloud storage. However, with the principle of Forgone Consumer Surplus (FCS), the suit also argues that iCloud users in the UK were priced out of an iCloud subscription, as Apple abused its market position.
Hypothetically, users who found Apple’s roughly $12 monthly payment for 2TB of cloud storage would have paid around $11 if it were a “fair” market price. Per the FCS legal theory, those potential customers “lost” $1 because of Apple’s uncompetitive pricing and the lack of an adequate alternative.
Consumer rights group Which? argued that Apple should pay these hypothetical buyers, even though they never really lost anything or paid for anything in the traditional sense.
It says that “around 40 million Apple customers in the UK who have used iCloud services on or after 8 November 2018” could be entitled to compensation.
Apple attempted to narrow the scope of the lawsuit so that it only included UK iCloud users who paid for a subscription. “We reject any suggestion that our iCloud practices are anticompetitive and will vigorously defend against any legal claim otherwise,” said the company in 2024.
However, its attempts were unsuccessful. The UK’s Competition Appeal Tribunal ruled in a two-to-one vote that the FCS legal theory is applicable. In essence, the class-action suit could result in compensation for both paying and non-paying UK iCloud users.
iCloud itself has been around since 2011, when it debuted with iOS 5. The service delivered system-wide integration, allowing users to sync their notes, emails, photos, files, and more via the cloud storage platform.
Apple has been accused of using uncompetitive pricing for its iCloud storage options in the UK.
At the time, Apple gave its users 5GB of iCloud storage for free. While that may have been generous all those years ago, Which? argued that 5G wouldn’t meet consumer needs in 2024 and beyond.
There might be some truth to this claim, as almost two-thirds of US Apple users paid for extra iCloud storage in 2024. However, Apple dealt with a lawsuit about its 5GB free iCloud storage option in the United States, and that case was ultimately dismissed the same year.
The UK lawsuit against Apple, however, is still ongoing, and it revolves around more than just the free 5GB storage plan.
Which? also argued that Apple made iCloud the simplest cloud service to use on iOS. Alternative cloud storage options on iOS truly don’t deliver the same degree of integration.
If you wanted to store your photos and videos via Google Drive, for instance, you’d have to install the app yourself. You also wouldn’t be able to use a Google-designed tool or locking tool in place of Find My on iOS, which requires the use of an iCloud account.
If the UK lawsuit against Apple succeeds, all iCloud users in the country will be automatically opted in, meaning they’ll be eligible for payment. This includes UK consumers who have used iCloud on or after November 8, 2018.
The case could also set a precedent in the country. One member of the UK’s Competition Appeal Tribunal argued that we could see a multitude of similar cases centered around hypothetical purchases.
Still, the outcome of the class-action lawsuit remains to be seen, and it could be months before a decision is made.
Jeff Bezos’s family office representative Melinda Lewison has left Slate Auto’s board months before the 1.4 billion dollar EV startup is scheduled to begin production of its affordable electric truck in Warsaw, Indiana. The departure follows a CEO change in March and raises questions about Bezos’s continued involvement in a company that has used his name as its most valuable fundraising asset.
TL;DR
The person who connected Jeff Bezos to one of the most ambitious electric vehicle startups in America has left its board. Melinda Lewison, who manages the Bezos family office and was listed as a director on Slate Auto’s corporate filings, has departed the company’s board months before its first truck is scheduled to roll off the production line in Warsaw, Indiana.
The departure follows a pattern of leadership changes at the startup that has raised 1.4 billion dollars on the strength of an idea, a factory, and a name. That name, more than any specification sheet or reservation count, has been the organising principle of Slate Auto’s public identity since TechCrunch revealed Bezos’s involvement in April 2025.
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!
Slate Auto was incubated inside Re:Build Manufacturing, the industrial conglomerate founded by Jeff Wilke, who served as chief executive of Amazon’s worldwide consumer division before retiring in 2021. Wilke and Miles Arnone, Re:Build’s chief executive, created the company under the working name Re:Car before spinning it out as an independent entity in 2023.
Bezos’s connection to Slate was indirect but unmistakable. Lewison, the head of his family office, appeared on corporate filings as a director. The arrangement gave Slate the most valuable asset a pre-revenue startup can possess: the implicit endorsement of the world’s second-richest person, without requiring Bezos himself to make public statements, attend events, or stake his reputation on production timelines.
Bezos has separately committed to a 10 billion dollar physical AI laboratory called Project Prometheus, and his family office has backed ventures across space, media, agriculture, and nuclear energy. The pattern is consistent: large bets on capital-intensive physical infrastructure, managed at arm’s length through intermediaries. Lewison’s board seat was the mechanism through which that pattern extended to Slate. Her departure removes it.
The board departure is the second significant leadership change at Slate in three months. In March, the company replaced chief executive Chris Barman with Peter Faricy, a former Amazon Marketplace vice president who had been advising Slate alongside work with McKinsey and Bessemer Venture Partners. Barman moved to the role of president of vehicles.
The timing of both changes is notable. Slate opened preorders in June 2025 and crossed 100,000 refundable reservations within two weeks. The reservation count has since grown to more than 160,000. The company closed a 650 million dollar Series C in April 2026, led by TWG Global, the investment firm run by Los Angeles Dodgers owner Mark Walter and Thomas Tull. Total funding reached 1.4 billion dollars.
A startup that changes its chief executive and loses a high-profile board member in the months before first production is not necessarily in trouble. Leadership transitions at this stage can reflect the shift from fundraising mode to operational execution, and Faricy’s Amazon logistics background is arguably better suited to manufacturing scale-up than Barman’s earlier role. But the optics matter for a company whose brand has been built on the Bezos connection.
Amazon-backed ventures have reached significant milestones recently, including nuclear startup X-Energy’s 1.02 billion dollar IPO in April. But X-Energy is a company where the Amazon relationship deepened over time, culminating in a 500 million dollar investment and a five-gigawatt power purchase commitment. At Slate, the Bezos connection appears to be narrowing rather than expanding.
The vehicle at the centre of this is deliberately unglamorous. Slate’s electric truck is priced in the mid-20,000 dollar range before federal incentives, which could push the effective cost below 20,000 dollars. It offers a 52.7 kilowatt-hour battery with 150 miles of range in the standard configuration, or an 84.3 kilowatt-hour battery with 240 miles in the extended version. Payload capacity is 1,400 pounds. The design is boxy, utilitarian, and deliberately analog, with physical controls and minimal software.
The positioning is anti-Tesla in every dimension. Where Tesla’s Cybertruck is a 80,000 dollar stainless steel statement piece, Slate is pitching a work truck for tradespeople, small business owners, and first-time EV buyers who want something that functions like the cheap trucks Detroit stopped making a decade ago. The company offers more than 100 accessories and a do-it-yourself SUV conversion kit.
The Warsaw, Indiana factory, a former R.R. Donnelley printing facility, has received approximately 400 million dollars in investment and is projected to create more than 2,000 jobs in Kosciusko County. Production is scheduled to begin late 2026, with preorders opening in June alongside official pricing.
A dozen electric vehicle models have been discontinued in the United States as tariffs, tax credit changes, and import costs reshape the market. The result is a landscape that structurally favours domestically manufactured vehicles, particularly those priced below the 55,000 dollar threshold for the federal EV tax credit. Slate’s price point and Indiana factory position it squarely within these incentive boundaries.
The affordable EV truck segment is no longer uncontested. Kia has confirmed an electric pickup and plans to deploy Atlas robots in its Georgia factories, targeting the same domestic-manufacturing advantage that Slate is pursuing. Hyundai, Scout Motors, and several Chinese manufacturers exploring US assembly are all eyeing the segment below 40,000 dollars.
Volkswagen has overtaken Amazon as Rivian’s largest shareholder after a one billion dollar software milestone payment, illustrating how quickly investor relationships shift in the EV startup landscape. Rivian, which went public at a 153 billion dollar valuation in 2021 and saw its market capitalisation collapse by more than 90 per cent, remains the most prominent cautionary tale for EV startups that raise billions before achieving sustainable production economics.
Slate’s 160,000 reservations, collected at 50 dollars each on a fully refundable basis, represent intent rather than commitment. The conversion rate from reservation to binding order will determine whether the Warsaw factory’s capacity is a strength or an albatross.
Every electric vehicle startup that has reached the production stage has experienced some version of the transition Slate is undergoing. The founders who attract early capital and generate excitement are not always the operators who can run a factory, manage a supply chain, and deliver vehicles on time. Faricy’s appointment suggests Slate’s investors understand this. Lewison’s departure suggests the Bezos orbit has decided its involvement has reached a natural conclusion, or that the risk profile of a pre-production automaker no longer fits the family office’s portfolio strategy.
What Slate has that most failed EV startups did not is a realistic product for a market that exists. The truck is not a hypercar, a flying taxi, or a autonomous robotaxi. It is a cheap, simple vehicle for people who need to move things, built in a state that wants the jobs, priced for a tax credit that currently exists, and manufactured domestically in a trade environment that punishes imports.
The question is whether the company can execute without the halo. Bezos’s name opened doors, attracted co-investors, and generated media coverage that a startup building affordable trucks in Indiana would not otherwise have received. The 1.4 billion dollars is in the bank. The factory is under construction. The reservations are on the books. And the person who represented the most famous investor in the building has walked out the door, six months before the first truck is supposed to drive through it.
Utah has a long track record of short-sighted internet policymaking, but the latest example really does take things to a new level of stupid. As of yesterday, Utah’s “Online Age Verification Amendments” bill, Senate Bill 73, has taken effect. It is a piece of legislation that effectively tries to ban VPNs as a desperate attempt to stop people from bypassing the state’s already problematic (and likely unconstitutional) age verification requirements.
Signed by Governor Spencer Cox on March 19, the controversial law establishes that a user is considered to be accessing a website from Utah if they are physically located there, regardless of whether they use a VPN or proxy to mask their IP address. It also prohibits covered websites from sharing instructions on how to use a VPN to bypass age checks.
We’ve been highlighting the various attempts to ban VPNs as short-sighted legislators fail to grasp how necessary they are for basic security. But, now, Utah has touched the stove and is going to find out what it feels like.
While an earlier version of the law would have simply held a provider liable for not doing age verification, the amended version says service providers have to determine whether the person is physically located in Utah — even if they’re using a VPN to appear to be from somewhere else:
An individual is considered to be accessing the website from this state if the individual is actually located in the state, regardless of whether the individual is using a virtual private network, proxy server, or other means to disguise or misrepresent the individual’s geographic location to make it appear that the individual is accessing a website from a location outside this state.
In short, the genius legislators in Utah have decided that websites should do the impossible: either block all access from VPNs or somehow magically “know” that users whose digital footprints suggest they’re connecting from outside Utah are actually lying about their location. That is, in any understanding of the law, an effective ban on VPNs, because the only way to deal with that would be to block off huge segments of IP addresses associated with known VPN servers.
Even worse, the law says it’s a violation to tell people how to protect themselves with a VPN, which seems like a First Amendment violation on its own (you can’t ban a service from telling users how to use another service):
A commercial entity that operates a website that contains a substantial portion of material harmful to minors may not facilitate or encourage the use of a virtual private network, proxy server, or other means to circumvent age verification requirements, including by providing:
(a)instructions on how to use a virtual private network or proxy server to access the website; or
(b)means for individuals in this state to circumvent geofencing or blocking.
Lia Holland at Fight for the Future pointed out the absurdity of this in a statement, noting that the logic of the bill doesn’t even survive a basic reality check:
This is the sort of slop that if you asked the chatbot whether or not its previous statement was accurate, it would apologize profusely. Why? Because you cannot require a website doing age verification to determine where someone using a reputable VPN is browsing from—this feat is literally impossible by design for even the best hacker.
Such language and lack of logic begs the question—do Utah lawmakers actually understand what a VPN is? Let’s set the record straight: VPNs are an essential tool for online privacy, security, and liberty that everyone from abuse survivors to small businesses use to keep themselves safe. VPNs do this by totally hiding where a person is browsing the Internet from. Thus, when a person is using a VPN, the website they are browsing definitionally can’t tell whether or not they are in Utah.
It’s fairly astounding the level of technological ignorance legislators will openly admit in their efforts to demand technology do the impossible. Insisting that VPNs need to be banned should be a disqualifier from holding public office.
EFF’s Rindala Alajaji notes that what Utah is demanding here is technologically incomprehensible:
Blocking all known VPN and proxy IP addresses is a technical whack-a-mole that likely no company can win. Providers add new IP addresses constantly, and no comprehensive blocklist exists. Complying with Utah’s requirements would require impossible technical feats.
The internet is built to, and will always, route around censorship. If Utah successfully hampers commercial VPN providers, motivated users will transition to non-commercial proxies, private tunnels through cloud services like AWS, or residential proxies that are virtually indistinguishable from standard home traffic. These workarounds will emerge within hours of the law taking effect. Meanwhile, the collateral damage will fall on businesses, journalists, and survivors of abuse who rely on commercial VPNs for essential data security.
Again, Fight for the Future explains the real impact of such a law:
Websites are left with three choices: either try to block everyone around the globe who’s using a VPN (which they can’t actually do), or require age verification for everybody in the world no matter if they’re in Utah, or censor all content that meets Utah’s nebulous “harmful to minors” standard for age verification.
Oh wait, there’s a fourth option: sue Utah.
Ignoring the law or suing the state appear to be the only rational responses.
Age verification already has a long list of well-known problems, many of which put users at risk. An effective ban on VPNs just makes it that much more dangerous for anyone in that state to use the internet. The fact that they’re doing all of this under the pretense of “protecting” children, when the actual impact will put everyone at greater risk, is just the icing on the cake — performative headline-chasing dressed up as policy.
Filed Under: age verification, location, sb 73, security, utah, vpns
Every LangChain pipeline your team hardcodes starts breaking the moment the query distribution shifts — and it always shifts. That bottleneck is what Sakana AI set out to eliminate.
Researchers at Sakana AI have introduced the “RL Conductor,” a small language model trained via reinforcement learning to automatically orchestrate a diverse pool of worker LLMs. Conductor dynamically analyzes inputs, distributes labor among workers, and coordinates among agents.
This automated coordination achieves state-of-the-art results on difficult reasoning and coding benchmarks, outperforming individual frontier models like GPT-5 and Claude Sonnet 4 as well as expensive human-designed multi-agent pipelines. It achieves this performance at a fraction of the cost and with fewer API calls than competitors. RL Conductor is the backbone of Fugu, Sakana AI’s commercial multi-agent orchestration service.
Large language models have strong latent capabilities. But tapping these capabilities to their fullest is a great challenge. Extracting this level of performance relies heavily on manually designed agentic workflows, which serve as critical components in commercial AI products.
However, these frameworks fall short because they are inherently rigid and constrained. In comments to VentureBeat, Yujin Tang, co-author of the paper, explained the exact breaking point of current systems: “While using frameworks with hard-coded pipelines like LangChain and Mixture-of-Agents can work well for specific use cases … In production, an inherent bottleneck arises when targeting domains with large user bases with very heterogeneous demands.”
Tang noted that achieving “real-world generalization in such heterogeneous applications inherently necessitates going beyond human-hardcoded designs.”
Another bottleneck for building robust agentic systems is that no single model is optimal for all tasks. Different models are fine-tuned to specialize in distinct domains. One model might excel at scientific reasoning, while another is superior at code generation, mathematical logic, or high-level planning.
Because models have these varying characteristics and complementary skills, manually predicting and hard-coding the ideal combination of models for every query is practically impossible. An optimal agentic framework should be able to analyze a problem and delegate subtasks to the most suitable expert in the pool.
The RL Conductor is designed to overcome the limitations of rigid, human-designed frameworks. As the name implies, it conducts an orchestra of agents by dividing challenging problems, delegating targeted subtasks, and designing communication topologies for a set of worker LLMs.
Instead of relying on fixed code or static routing, the Conductor orchestrates these models by generating a customized workflow. For each step in the workflow, the model generates a natural language instruction for a specific aspect of the task, assigns an agent to carry it out, and defines an “access list” that dictates which past subtasks and responses from other agents are included in that agent’s context.
By defining everything in natural language, the Conductor builds flexible workflows tailored to each input. It can construct simple sequential chains, parallel tree structures, or even recursive loops depending on the problem’s demands.
Importantly, the model learns these strategies not by human design but through reinforcement learning (RL) and reward maximization. During training, the model is given a task, a pool of workers, and a reward signal based on whether its answer and output format are correct.
Through a simple trial-and-error RL algorithm, the model organically discovers which combinations of instructions and communication structures yield the highest reward. As a result, it automatically adopts advanced orchestration strategies such as targeted prompt engineering, iterative refinement, and meta-prompt optimization.
The model learns to dynamically adjust its strategies and leverage the distinct strengths of its worker agents without any human developer having to hard-code the process.
To test RL Conductor in action, the researchers fine-tuned the 7-billion parameter Qwen2.5-7B using the framework. During training, the Conductor was tasked with designing agentic workflows of up to five steps. It was given access to a worker pool containing seven different models: three closed-source giants (Gemini 2.5 Pro, Claude-Sonnet-4, and GPT-5) and four open-source models (including DeepSeek-R1-Distill-Qwen-32B, Gemma3-27B, and Qwen3-32B).
The team evaluated the Conductor across a variety of highly challenging benchmarks, comparing it against individual frontier models acting alone, self-reflection agents prompted iteratively to improve their own answers, and state-of-the-art multi-agent routing frameworks like MASRouter, Mixture-of-Agents (MoA), RouterDC, and Smoothie. The small 7B Conductor set new benchmarks across the board. It achieved an average score of 77.27% across all tasks, hitting 93.3% on the AIME25 math benchmark, 87.5% on GPQA-Diamond, and 83.93% on LiveCodeBench, according to the researchers.
Remarkably, it achieved these marks while remaining highly efficient. While baseline models like MoA burned through 11,203 tokens per question, the Conductor used an average of just 1,820 tokens, taking an average of only three steps per workflow.
A closer look at the experimental details shows exactly why the framework is so effective. The Conductor automatically learned to measure task difficulty. For simple factual recall questions, it often solved the problem in a single step or used a basic two-agent setup. However, for complex coding problems, it built extensive workflows involving up to four agents with dedicated planning, implementation, and verification phases.
The Conductor also learned that frontier models have different strengths. To achieve record scores on coding benchmarks, the Conductor frequently assigned Gemini 2.5 Pro and Claude Sonnet 4 to act as high-level planners, and only brought in GPT-5 at the very end to write the final optimized code. In a particularly clever display of adaptability, the Conductor would sometimes completely abdicate its own role, handing the entire planning process over to Gemini 2.5 Pro and allowing it to dictate the subtasks for the rest of the pool.
Beyond math and coding benchmarks, Sakana AI is already putting the underlying architecture to work in front-office utility. “We have been using our Fugu models based on the Conductor technology internally for various practical enterprise applications: software development, deep research, strategy development, and even visual tasks like slide generation,” Tang said.
While the 7B model described in the research paper was an exploratory blueprint and is not publicly available, Sakana AI has productized the Conductor framework into its flagship commercial AI product, Sakana Fugu. Now in its beta phase, Fugu serves as a multi-agent orchestration system accessible through a standard OpenAI-compatible API.
Tang noted Fugu targets “the large market of industries where AI adoption has yet to bring large productivity gains due to the generalization limitations of current hard-coded pipelines, such as finance and defense.”
For enterprise developers, this allows seamless integration into existing applications without the headache of managing multiple API keys or manually routing tasks across different vendors. Behind the API interface, Fugu automates complex collaboration topologies and role assignments across a pool of models. To support varying business needs, Sakana released two variants: Fugu Mini, built for low-latency operations, and Fugu Ultra, designed for maximum performance on demanding workloads.
Addressing governance concerns around autonomous agents spinning up invisible workflows, Tang pointed out that the interpretability risks are functionally similar to the hidden reasoning traces of current top-tier closed APIs, and the system is managed with established guardrails to minimize hallucinations.
For enterprise architects weighing when to deploy RL-orchestration versus traditional routing, the decision often comes down to engineering resources. “We believe the absolute sweet spot comes whenever users and their teams feel they are spending a disproportionate amount of time guiding their underlying agents,” Tang said. However, he cautioned that the framework isn’t necessary for everything, noting that “it’s hard to beat the economic proposition of a local model running directly on the user’s machine for simple queries.”
As the diversity of specialized open- and closed-source AI models continues to grow, static hardcoded pipelines will inevitably become obsolete. Looking ahead, this dynamic orchestration will likely extend beyond text and code environments. “There is indeed a large potential to fill this gap with cross-modal Conductor frameworks becoming the foundation for more autonomous, self-coordinating physical AI systems,” Tang said.
Among the increasing concern about screen time in school comes a new culprit: the vetting process for school software.
A growing group of parents and teachers has spent the last few years fighting against cellphones in the classroom, with some extending that to all digital devices. But the school-issued laptops, and the software accompanying them, have been left largely unscathed.
“A lot of the issues with personal devices can move to the district-issued devices,” said Kim Whitman, co-lead for Smartphone Free Childhood US, in a previous interview with EdSurge. Whitman explained that when students do not have cellphones, they can still message with friends on their Chromebooks, or through tools like Google Docs. “There are definitely issues with school-issued devices as well.”
Proposals in three states – Rhode Island, Utah and Vermont – are now tackling these concerns.
At the start of this year’s legislative session, all three states concurrently proposed reviewing the vetting process of education software.
In most districts, school boards, IT personnel and administrators choose vendors, often relying on the vendors’ own data to prove the products’ safety and efficacy.
“There is nobody right now that is confirming these products are safe, effective and legal,” Whitman said in a previous interview. “It should not fall on the district’s IT director; it would be impossible for them to do it. And the companies should not be tasked with doing it — that would be like nicotine companies vetting their own cigarettes.”
The proposed legislation is looking to change that.
Bill: An act relating to educational technology products
Status: Passed by the House March 27; currently before the Senate Committee on Education
This bill proposes to require that providers of educational technology products register annually with the state. It also requires the secretary of state to create a certification standard and review process for these products before schools can use them.
Any provider of an educational technology product — specifically student-facing tools that are used for teaching and learning in schools — must register with the secretary of state, pay a registration fee of $100 and provide its most up-to-date terms and conditions and privacy policy.
The secretary of state would work with the Vermont Agency of Education to review registrations.
Criteria for certification include:
While the initial bill proposed that any edtech provider not certified by the state, but continues to operate, could be liable for fines of $50 a day up to $10,000, that language was struck by the final bill passed from the House.
If passed by the Senate, the bill would go into effect July 1, 2026. By November 2027, the Agency of Education would submit a written report on which state entities should be involved in the edtech certification and any other recommendations for certification.
Bill: Software in Education
Status: Signed into law on March 18
The bill requires the Utah Board of Education to study the use of software and digital practices in public schools, review best practices and provide guidance for responsible use.
The state also passed a Classroom Technology Amendments bill tackling screen time at every grade level, banning it entirely from kindergarten through third grade, except for computer science and assessments. Middle school students must have their parents “opt-in” to taking devices home and high school students will be allowed to bring home devices unless parents “opt-out.”
“We’re not anti-technology,” Rep. Ariel Defay (R-UT) said in a statement. She is a sponsor of the Classroom Technology Amendments bill. “We just want to ensure that education technology is used intentionally and actually helps students to learn.”
Bill: The Safe School Technology Act of 2026
Status: Passed by the House April 14; currently in the Senate Education Committee
This bill, proposed by three Rhode Island representatives who are also mothers, is part of a six-bill package focused on protecting children from social media, artificial intelligence and digital platforms.
The Safe School Technology Act bill would be enacted this August if approved, banning software providers from activating or accessing any audio or video functions on a device outside of school-related activities. It also bans the use of location data.
The initial bill lists a litany of concerns that the “lack of regulation” caused, including increased screen time, and “marketing commercial products as educational with no accountability; children being given devices without proof of developmental appropriateness and parents being excluded from decisions about their child’s digital exposure.”
But the main concern, argued by state Representative June Speakman (D-RI), who sponsored the bill, is that a majority of school districts’ technology policies do not have limits on tracking student devices. She added roughly two-thirds of districts also do not limit school-issued device’s ability to activate audio and video.
“Passing this bill will provide clear, consistent protection across all schools in the state that assures students and their families that their devices cannot be used to invade their privacy or track their activities,” Speakman said in a statement.
“They deserve to feel confident that their privacy is protected when they use technology that is required for school,” she added.
Several technology proponents have pushed back.
The Software and Information Industry Association spoke out against the Rhode Island bill in March, saying if the bill passed it would make the state be one of the most restrictive in the nation.
In an open letter to Joseph McNamara, chair of the Rhode Island House Education Committee, Abigail Wilson, director of state policy at the Software and Information Industry Association, said the bill “proposes an overly restrictive regulatory framework that will severely disrupt classroom instruction, impose massive unfunded administrative burdens on local schools, and deprive Rhode Island students of critical, evidence-based learning tools.”
Keith Krueger, CEO of the nonprofit Consortium for School Networking, told NBC News that the proposed legislation “does keep me up at night.”
“I think some well-intentioned policymakers … are rushing so quickly that they haven’t thought through the implications,” he said.
A US-based ocean technology company, Panthalassa, is advancing its plan to relocate data processing into open waters, backed by fresh funding that places its valuation near $1 billion.
The start-up has spent ten years developing wave energy technology and is now backed by PayPal co-founder and early Facebook investor Peter Thiel, who led a $140 million investment round into the company.
“We’re now ready to build factories, deploy fleets, and provide a sustainable new source of energy for humanity,” said Garth Sheldon-Coulson, co-founder and CEO of Panthalassa.
Panthalassa’s idea connects two pressures which rarely meet directly — rising demand for AI computing and limits on land-based energy systems.
By placing both energy generation and computation offshore, the company argues it can bypass grid constraints and cooling challenges.
The plan is to use the bobbing motion of waves to force water through a turbine, generating electricity to power AI chips directly at sea.
The company houses this entire system inside what it calls a node, an 85-metre-long solid steel structure that sits mostly below the ocean surface.
A hermetically sealed container inside holds the AI server, which is cooled by the surrounding seawater.
The vessels can drive themselves to their destination using the shape of their hull, requiring no engine or fuel.
Unlike other ocean energy projects, Panthalassa will never transmit electricity back to land – instead, AI chips on board will receive user queries via SpaceX’s Starlink satellite connection and send inference tokens back the same way.
“There are three sources of energy on the planet with tens of terawatts of new capacity potential: solar, nuclear, and the open ocean,” Sheldon-Coulson said.
Waves are created by wind, and wind is created by heat from the sun. That means waves are essentially twice concentrated sunlight that keeps moving even when the wind stops.
The company’s nodes have no hinges, flaps, or gearboxes that could break down in hostile ocean conditions, making them easier to manufacture at scale.
They use only earth-abundant materials like steel, with robust supply chains that support rapid deployment – a huge opportunity for data center development.
The scale of this opportunity has attracted attention from some of Silicon Valley’s most prominent investors.
“The future demands more compute than we can imagine,” said Peter Thiel. “Extra-terrestrial solutions are no longer science fiction. Panthalassa has opened the ocean frontier.”
John Doerr, an early investor in Google and Amazon, called Panthalassa’s system a game changer in “addressing global energy needs and clean power generation”.
“It is a triple win: workers benefit, communities benefit, and we gain a strategic asset that strengthens American technological leadership,” Doerr added.
Panthalassa plans to deploy its Ocean-3 pilot nodes in the northern Pacific Ocean sometime this year, with commercial deployments targeted for 2027.
The company has demonstrated its capabilities with Ocean-1, Ocean-2, and Wavehopper prototypes in 2021 and 2024.
However, scaling from prototypes to a commercial fleet of hundreds or thousands of nodes is a completely different challenge.
The ocean is unforgiving, and maintaining floating data centers in remote waters far from any port will require logistics that no company has ever managed before.
Saltwater corrosion, biofouling, and storm damage are not theoretical problems for marine equipment – they are daily realities that have sunk many promising ocean energy ventures before this one.
Thiel’s money buys time and manufacturing capacity, but it does not buy immunity from the laws of physics or the hostility of the sea.
Unlike projects that sink sealed containers to the ocean floor or launch server racks into orbit, these floating nodes must first survive the unpredictable surface of the open ocean before delivering any compute value.
Via Financial Times
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
Channel 5 – All Creatures Great and Small series 7 new post
Upbit adds B3 Korean won pair as Base token gains Korea access
Trump’s 25% EU auto tariff breaches Turnberry Agreement that also covers semiconductors and digital trade
NCP car park operator enters administration putting 340 UK sites at risk of closure
Paul Scholes issues Marcus Rashford reality check as agreement emerges over Man United star
Met Gala 2026 Rumored Guest List Is Turning Heads
Strait of Hormuz Blockade Persists Amid US-Iran Standoff, Sending Oil Prices Soaring
New on Prime Video in May 2026 — Full List of Movies and Shows
Kylie Jenner Hit With Second Lawsuit From Ex-Housekeeper
Meta ends Sama contract after Kenyan workers report seeing intimate footage from Ray-Ban smart glasses users
Cavaliers vs. Raptors Game 6 live score, updates, highlights from 2026 NBA playoffs first-round series
David Benavidez responds to team Canelo saying the fight will never happen
IPL 2026: ‘Love you darling’- Hardik Pandya’s reaction to MS Dhoni steals the show |Watch | Cricket News
Young and the Restless Next Week: Cane Arrested & Matt’s Deadly New Scheme!
New Netflix Movies in May 2026 — My Top 3 Picks to Stream
Melissa Joan Hart and More Stars Attend 2026 Kentucky Derby
Luka Doncic Injury Update: Doncic’s Hamstring Recovery Slows Lakers’ Hopes Against Thunder: Can He Run Yet?
Pi Network Mandates Protocol 23 Upgrade for All Mainnet Nodes Before May 15 Deadline
What Preity Zinta Said After Punjab Kings’ First Defeat Of IPL 2026
Bitcoin mining equities rise in 2026 as BTC lags behind
You must be logged in to post a comment Login