SECURITY

The CEO thought this was the best way to deal with some email issues

PWNED Welcome, once again, to PWNED, the weekly screed where we highlight those who did not do the deed of securing their systems. If someone left their passwords or their access exposed, we will be writing about them here.

Have a story about someone leaving a gaping hole in their network? Share it with us at pwned@sitpub.com. Anonymity is available upon request.

This week’s terrifying tale of poor security hygiene comes courtesy of Luke Irwin, CEO and principal consultant at Aegis Cybersecurity. He’s been in the industry for more than a quarter of a century and he knows where the bits are buried. 

At one point, Irwin consulted for a company that was a large national facility services organization, a 2,000-employee firm that provided cleaning, security guards, industrial abseiling (cleaning the facade), and other things that other large businesses need to keep their physical plants running smoothly.

The CEO had one very peculiar idea about how to keep his own house in order: he wanted to have access to every one of his employees’ login credentials.

The chief executive had an Excel spreadsheet sitting right on his desktop with a complete list of all the employee usernames and passwords. Let that sink in for a second. One person had all the keys to the castle in a single, easily accessible file.

In any decent security setup, no one in the company has access to anyone else’s password. Even the head of the IT department should not know another employee’s password. I say this as someone who used to work for a company where the IT department would ask you to DM them your password if you had computer problems.

But this company’s CEO wanted the usernames and passwords for reasons I’m sure any of his employees would appreciate: so he could go into their email accounts! He had an experience where one colleague had sent secret information to the entire company via email and he had spent the evening logging into every single account and deleting the message before anyone could see it.

Just in case other messages were sent in error in the future, the CEO wanted the ability to log into all the relevant accounts and delete them himself. Perhaps for the same reason, he would not allow MFA (multi-factor authentication), because that would have kept him out of people’s inboxes. He was adamant even though the company had been the victim of a ransomware incident previously. 

“Despite repeated advice, he held that position for around four months, until we were able to demonstrate that the IT team could remove messages centrally using fairly simple administrative commands, without needing everyone’s password,” Irwin said.

Even after getting rid of the Excel sheet of shame, the boss still refused to turn on MFA and the company subsequently suffered two data breaches involving sensitive client data. 

Unfortunately, this company wasn’t the only one that Irwin worked with where the management had something against MFA. Another client, this one in the medical sector, was opposed to multi-factor authentication because it “made things just a little too hard” for the external consultants they were using to access their systems.

During the time that Irwin worked with that company, they got lucky and no one breached them. But since then, he’s seen signs that their data was available on the dark web. No word on whether they ever switched MFA on.

There’s plenty to learn from Irwin’s two clients, but it’s all pretty obvious. First, don’t let anyone, even administrators or CEOs, have other people’s passwords. If someone has to get into another person’s email account, have IT use administrative access. Second, always enable MFA, preferably MFA with passkeys. ®

Chaotic Eclipse, the security researcher Microsoft threatened with criminal prosecution, has published a seventh Windows zero-day exploit. Called RoguePlanet, it grants attackers SYSTEM privileges on fully patched Windows 10 and 11 machines. The researcher released the proof-of-concept hours after Microsoft shipped its June Patch Tuesday update, which fixed a record 200 vulnerabilities.

RoguePlanet exploits a race condition in Windows Defender’s internal processing logic. Specifically, it is a Time-of-Check to Time-of-Use (TOCTOU) vulnerability. An unprivileged user can redirect a file operation performed by Defender, which runs as SYSTEM, to execute attacker-controlled code at the highest privilege level.

“The exploit is a race condition, so it’s a hit or miss,” the researcher said. “I have managed to get a 100% success rate on some machines while it struggled to work on others.”

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

Security firm ThreatLocker confirmed the flaw works and published a video demonstration. “Our initial analysis confirms that the RoguePlanet exploit is viable and performs as described,” said CEO Danny Jenkins. He added that application allowlisting can prevent the exploit from executing.

The proof-of-concept was published on a self-hosted Git repository after the researcher said Microsoft had both GitHub and GitLab repositories hosting earlier work removed. This is part of an escalating dispute. Microsoft invoked its Digital Crimes Unit against the researcher and revoked access to their Microsoft Security Response Center account.

Chaotic Eclipse has disclosed seven zero-days in a matter of months: BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma, MiniPlasma, and now RoguePlanet. Microsoft’s June Patch Tuesday fixed two of them, GreenPlasma and YellowKey, but the rest remain unpatched. The researcher says the disclosures are retaliation for how Microsoft handled the process.

“They mopped the floor with me and pulled every childish game they could,” the researcher wrote. “I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer.”

The timing is pointed. Microsoft’s June Patch Tuesday was its largest ever, fixing 200 vulnerabilities including 33 rated critical and three publicly disclosed zero-days. Analysts attribute the surge in part to AI-assisted code auditing, which is finding vulnerabilities faster than defenders can patch them. RoguePlanet arriving hours after the record update underscores the gap: even the biggest patch cycle in Microsoft’s history was immediately obsolete for anyone running Windows Defender.

[Dennis] is on YouTube with his channel “Made By Dennis,” but for the record he is a maker, not a V-tuber. On the other hand, his latest project– creating a profesisonal-level tracking rig with DIY IR cameras and a whole lot of moxie–does mean he’s now equipped to make the move to the prestigious, high-status world of pretending to be an anime girl.

That is of course not why he did it. Like most projects around here, the motivation was more a case of “I wonder if I can…”– in this case [Dennis] wondered what it would take for him to pull off the same sort of optical motion capture, or MoCap, that is used in Hollywood studios. Optical mocap has the advantage of being very precise, able to track things at high speeds, and not being in any way limited to the human form like the slew of AI-assisted methods hitting the market right now. The disatvantage is that you need to place markers on any part of your subject you want tracked, film them from all angles, and process a whole lot of pixels. In [Dennis]’s case, it ended up being about four billion. Keeping in mind that actually locating those points in 3D space is dependent on knowing exactly where your cameras are: if you want sub-millimeter precision, your cameras need to be fixed with sub-millimeter tolerance. It’s a big project, hence a long video, which is embedded below.

The DIY cameras use a AR0234 MIPI camera on a custom PCB with M12 lenses and IR filters. To improve the signal-to-noise ratio on optical MoCap, it’s standard to use near-IR light. The camera boards, as you might expect given the MIPI interface, hook into Raspberry Pi compute modules– the cheapest CM4 should work, though he’s using CM5s. The compute modules sit on custom boards that provide PoE, and some other niceties– like a small microcontroller driven by the pulse-per-second pin to help trigger the cameras in sync.

Each camera gets a ring light of near-IR LEDs that pulse at 160 W, which would be way more than PoE is specced to provide, but since the LEDs are only on when the camera is taking a frame, the average power is well within allowable limits. With 16 cameras each having their own ring light, that’s a lot of near-IR photons. Don’t forget your safety squints!

Rather than process the images with OpenCV, he has his own custom solution optimized for this use-case that [Dennis] reports is 300x faster. Luckily, he’s put his implementation on GitHub, along with the rest of the project. Even if you don’t have any v-tubing ambitions, this project is very impressive and worth checking out in its entirety.

Optical MoCap isn’t the only game in town, of course. If you want to do this cheap and easy, you can strap a bunch of IMU sensors to yourself– just don’t expect the same precision.

Thanks to [Dennis] for the tip!

Following its 2024 acquisition of McIntosh and Sonus faber, Bose is making another calculated move in connected audio with the acquisition of StreamUnlimited Engineering GmbH, a Vienna-based company that supplies streaming software platforms, hardware modules, app frameworks, certifications, and engineering support for audio and smart home manufacturers.

This is not just Bose buying another parts supplier. StreamUnlimited gives Bose something far more useful: the software plumbing and certification backbone needed to build, support, and potentially license connected audio products across multiple brands and categories. That matters for Bose, but it may matter even more for McIntosh and Sonus faber, two premium audio brands that need stronger streaming ecosystems if they are going to compete in a market increasingly shaped by BluOS, Sonos, HEOS, WiiM, AirPlay, Google Cast, Spotify Connect, TIDAL Connect, Qobuz Connect, and Roon.

The deal also gives Bose a broader path to embed its proprietary audio technologies, including Sound by Bose and the Bose WaveForm Audio Engine, into more products beyond its own speakers and headphones. That could include smart speakers, soundbars, multiroom systems, mobile devices, wearables, automotive audio, and third-party connected products. In other words, Bose is not just chasing another box for the shelf. It is buying the infrastructure needed to make its audio technology travel farther.

Two current examples of Bose’s Sound by Bose strategy already exist in the wild: Epson’s Lifestudio projector lineup and Skullcandy’s Method 360 ANC earbuds. In both cases, Bose is not selling a finished Bose-branded speaker or headphone. It is licensing its audio tuning, acoustic design, and performance credibility into third-party products that need better sound to stand out. 

That makes the StreamUnlimited acquisition more interesting. If Bose can combine Sound by Bose with StreamUnlimited’s streaming software, app frameworks, hardware modules, certification work, and connected-audio engineering, the company gains a much wider path to expand beyond its own products. Epson and Skullcandy show the basic strategy. StreamUnlimited could help scale it.

“As connected ecosystems scale and become more complex, how devices work together is a central driver of value,” said Nick Smith, president of Bose Audio Technology and chief strategy officer. “StreamUnlimited has built a trusted position at the center of this coordination layer, where interactions between devices are defined and orchestrated. We’re excited to welcome their team to Bose as we bring our capabilities to more partners, products, and experiences.” 

“We look forward to joining with Bose as we expand StreamUnlimited’s offerings and accelerate the development of next-generation intelligent audio experiences for our customers,” said Frits Wittgrefe, CEO at StreamUnlimited. Markus Rutz, CTO at StreamUnlimited, added, “There is a significant opportunity to further advance the orchestration capabilities at the core of our platform, enabling more seamless, adaptive, and AI-driven audio ecosystems. This will unlock broader access to new streaming technologies, services, and capabilities, positioning us for continued growth as the market evolves.” 

StreamUnlimited will continue to support both current and new customers, while extending its expertise into new markets. Its solutions will remain fully supported, interoperable, and open to integration with third-party technologies, products, and ecosystems.

Additional information about the acquisition, including financial and other transaction terms, remains confidential at this time.

The Bottom Line 

Bose’s acquisition of StreamUnlimited is not about turning McIntosh and Sonus faber into Bose-branded lifestyle products. So far, both brands have continued on their own legacy paths. What this deal really gives Bose is something more strategic: the software, streaming, app, certification, hardware-module, and engineering infrastructure needed to compete in connected audio at a much larger scale.

That matters across the portfolio. Bose gets more control over the platform layer behind smart speakers, soundbars, headphones, wearables, automotive systems, and third-party products using Sound by Bose. McIntosh could benefit from stronger connected amplifiers, streamers, preamps, and in-car systems without losing its identity. Sonus faber gains a clearer path toward active, wireless, and lifestyle products that still feel like Sonus faber, not another anonymous app-controlled box.

The AI angle is part of the story, but not the whole story. StreamUnlimited gives Bose a foundation for more adaptive, personalized, voice-enabled, and software-driven audio experiences. That does not mean Bose bought an AI company or that a Bose rival to BluOS, Sonos, HEOS, or WiiM appears tomorrow. It means Bose now owns more of the plumbing required to build one, license one, or embed its technology more deeply into other companies’ products.

Bose is no longer just chasing the next speaker or headphone. It is building a broader audio technology ecosystem that can live inside its own products, its luxury brands, and the products of third-party partners. That is the real move.

Related Reading:

Researchers from the University of California, Berkeley’s Center for Responsible, Decentralized Intelligence (RDI), alongside an advisory committee of over 300 domain experts, have launched Agents’ Last Exam (ALE)—a grueling new benchmark built to measure whether artificial intelligence can actually execute economically valuable, long-horizon professional workflows.

In a shocking upset, OpenAI’s GPT-5.5 from April, operating through the Codex harness, secured the absolute top spot on the new ALE Leaderboard with a 24.0% pass rate, beating Anthropic’s highly anticipated, brand new Mythos-class Claude Fable 5 model released just yesterday, which came in third with a score of 22.0%.

Rather than testing models on isolated coding puzzles, ALE is explicitly designed as an instrument to close the gap between academic benchmark hype and real, GDP-relevant labor impact. And right now, the data proves the most advanced models in the world are fundamentally failing the exam.

Ending the Era of ‘Cheating’ and Brittle Graders

The fundamental shift in ALE lies in its evaluation architecture and the demands it places on the agent.

Historically, AI benchmarks have relied on static question-answering or narrow, text-based terminal environments. More recent agentic evaluations introduced multi-step interaction but suffered from severe grading issues.

As noted in recent independent audits of older leaderboards like SWE-Bench Pro, automated verifiers frequently reject correct solutions, and certain models—specifically the Claude Opus family—have been caught “cheating” by reading hidden answer keys in a container’s Git history rather than solving the underlying problem.

ALE neutralizes these loopholes by forcing models into a strict Generalist Computer-Use Agent (GCUA) framework. To pass, an agent cannot merely execute terminal commands.

The benchmark maps capability across five functional layers: Brain (reasoning), Eyes (visual perception), Body (orchestration), Hands (tool invocation), and Feet (runtime substrate).

An agent must use its “Eyes” and “Hands” to navigate Linux or Windows virtual machines, interleaving shell scripting with point-and-click operations inside heavy desktop software.

Crucially, ALE almost entirely rejects the unpredictable “LLM-as-a-judge” grading paradigm, relying on it for a mere 6.8% of its workflows. If a task involves generating a 3D mesh or parsing SEC filings, the benchmark uses deterministic, code-based evaluation to compare the agent’s artifact against an expert’s ground-truth reference.

Measuring Task Performance Across 55 Industries

ALE launches with 1,490 task instances and is scaling toward a massive 5,000-task target. What makes the product remarkable is its authenticity. The tasks are strictly anchored in the U.S. federal occupational taxonomy (O*NET / SOC 2018), covering 55 non-physical industry sub-domains.

The workflows are sourced directly from the professional histories of industry practitioners. Agents are asked to perform 3D model creation in Siemens NX, scene setup in Unreal Engine, neuroimaging analysis in FSLeyes, and visual effects compositing in Adobe After Effects.

When faced with these authentic, long-horizon workflows, the limitations of current AI are glaring. ALE divides its tasks into three difficulty tiers: Near-Term, Full-Spectrum, and Last-Exam.

Top 5 Agentic Harnesses on the ALE Leaderboard

The victory of GPT-5.5 aligns with recent third-party analysis suggesting that OpenAI’s models are currently superior at strictly adhering to multi-part, complex prompts. Conversely, users report Anthropic’s Claude architecture can sometimes be “forgetful” with multi-part instructions, abandoning required steps mid-workflow — a fatal flaw in ALE’s rigorous pipeline.

And while hitting a 24.0% pass rate is enough to claim the crown, the absolute performance ceiling remains remarkably low.

On the hardest “Last-Exam” tier — representing the frontier of professional difficulty — most configurations, including Anthropic’s older Claude Opus 4.8 and Google’s Gemini CLI, record a devastating 0.0% pass rate.

Solving Benchmark Contamination

A core vulnerability in modern AI evaluation is “benchmark contamination”—the phenomenon where test questions inevitably leak into the massive data lakes used to train next-generation models. Once a model memorizes the benchmark, the evaluation becomes entirely useless.

ALE solves this through a dual-use deployment strategy. The project operates as an open-source research initiative, but it closely guards its evaluation data. Only about 10% of the dataset (roughly 150 tasks) is released publicly on platforms like GitHub and Hugging Face. The remaining 1,300+ tasks are kept strictly private.

For developers and enterprise evaluators, this means ALE functions as a “living benchmark”. Private tasks are systematically rotated into the public pool over time, while retired public tasks are swapped out.

This rolling release ensures that the evaluation surface remains uncontaminated across successive model generations, giving enterprise buyers confidence that an agent’s high score is earned, not memorized.

Additionally, ALE provides transparency by tracking both “Full” and “Unlicensed” scores. Because real professional work often requires paid, proprietary software, the “Full” leaderboard incorporates tasks that rely on commercial CAD tools, paid APIs, or licensed datasets.

The “Unlicensed” tier drops these license-gated tasks to provide a clean, like-for-like comparison using only freely available tools, ensuring models aren’t simply rewarded for having access to paid enterprise software.

Bottom Line: ALE Shows Even the Highest-Performing Models and Harnesses Have Room for Improvement

For developers frustrated by the gap between marketing claims and actual production performance, ALE’s brutal grading curve is highly validating.

Zengyi Qin, an MIT PhD researcher and data contributor to the project, took to X to announce the launch, sharing images of the paper and the staggering 100+ institution contributor list.

“Introducing Agents’ Last Exam (ALE),” Qin wrote. “Built by 300+ domain experts from 100+ institutions. Covering 55 industry domains. Claude Opus 4.8 has 0.0% pass rate on the hardest subset. Glad to have contributed to this benchmark”.

In a follow-up post highlighting the Hugging Face ArXiv paper link, Qin added:

“Very solid work from project leads @YiyouSun @Xinyang_Han_ @dawnsongtweets and @BerkeleyRDI”.

As businesses deploy billions in capital betting on AI agents, they desperately need a compass that points true north. If an agent can eventually conquer the gauntlet of Agents’ Last Exam, it won’t just be passing a test—it will be proving it is ready to join the workforce. Until then, the sobering pass rates on the leaderboard serve as a necessary reality check for the entire AI ecosystem.

Multiple reports indicate that Chinese operatives continue using every tech tool at their disposal – including American AI – to amass data on and manipulate everyone from security-clearance holders to everyday US citizens. And they’re trying to influence public opinion on building datacenters for AI, albeit without success so far.

One of these reports found a “significant resurgence” of a botnet linked to Chinese government-backed goons, including Volt Typhoon, which previously used a covert network of connected devices to burrow deep into critical US networks and preposition for future destructive attacks.

In January 2024, the FBI said it killed Volt’s KV-botnet, comprised of hundreds of end-of-life routers and other internet-connected devices. At the time, KV-botnet consisted of four clusters, with the KV cluster primarily being used as a covert data transfer network, and the JDY cluster used for scanning and reconnaissance. 

In a Wednesday report, Lumen’s Black Lotus Labs said that while the KV cluster became largely defunct after the law enforcement takedown, the JDY cluster remains an active threat, and has since surged to more than 1,500 compromised routers and IoT devices.

“Analysis of this activity shows a clear focus on identifying vulnerable infrastructure shortly after public vulnerability disclosures, suggesting that reconnaissance output is rapidly operationalized by China-nexus advanced persistent threat (APT) actors,” the threat intel team wrote. “This targeted focus has been observed across a range of sectors, with the US military and associated entities as the most prominent.”

While the botnet resurgence poses the most pressing threat, and the security shop recommends all enterprises implement CISA and NCSC guidance for mitigating Volt Typhoon activity and defending against China-nexus covert networks of compromised devices, another report indicates that China’s attempts at influence operations haven’t died down, either.

Using American AI for covert ops about … American AI

OpenAI in a Wednesday report said it banned ChatGPT accounts likely originating from China after they used the American AI company’s models to generate content for covert operations about – wait for it  – American AI. While neither of the two clusters seemed to have much success in sowing chaos or swaying opinions, the fact that they tried at all is significant, according to Ben Nimmo, principal investigator on OpenAI’s Intelligence and Investigations team.

“Neither campaign appears to have gained much authentic engagement,” Nimmo told reporters. “They’re important for what they reveal about the intentions of influence operators from China and the narratives they’re testing and seeking to amplify.”

The first cluster used ChatGPT to generate social media content and images for an operation claiming datacenters and AI applications are increasing electricity demand and causing higher costs for ordinary Americans.

“For example, they asked for comic strips about a power grid operator’s capacity auction prices based on reporting from a legitimate regional paper,” the report says. “They asked ChatGPT to focus the comments on rising capacity prices as a consequence of peak electricity demand, framing the new demand as coming from data centers and AI applications and argued that these costs were ultimately passed to ordinary households.”

The operators then posted these comments and images on X, likely using fake accounts, with links to real news stories about datacenters. 

OpenAI suspects the operators are part of a social-media team at a private Chinese tech company that provides services for Chinese provincial-level government clients. 

“This was not a case of an influence operation creating a debate,” Nimmo said. “The debate existed already. This was an influence operation from China trying to interfere in it. We didn’t see any signs that they succeeded.”

The second cluster of banned ChatGPT accounts also likely originated in China and used OpenAI’s models to write comments and draw political cartoons criticizing US tech policies and tariffs. “Interestingly, the operators specified in their prompts that the content should not include cartoons of Xi Jinping in the output and should only include President Trump,” Nimmo said.

These accounts, all writing prompts in simplified Chinese and using VPNs to access the AI systems, also used ChatGPT to edit work reports and help design social media monitoring systems. “This isn’t the first time that we’ve seen actors in China trying to come up with ideas for social media monitoring,” Nimmo said.

In February, OpenAI said it banned ChatGPT accounts believed to be linked to Chinese government entities attempting to use AI models to surveil individuals and social media accounts.

If AI doesn’t work, bribery might?

If Chinese agents can’t use AI systems to unearth sensitive information, there are always fake websites and job offers promising cash for state secrets. We’ve seen Beijing-linked government snoops use these tactics in the past, and according to the US Justice Department, they’re still using this scam (because it works).

On Wednesday, the feds said they obtained a warrant for and seized 13 fake consulting company websites used to target US persons, including current and former security clearance holders with access to classified and sensitive government information.

The domains include centrikglobalconsulting.com, rightinfoconsult.com, finnaclevesperconsulting.com, cydfconsulting.com, pulsewaveglobal.com, catalystglobalsolutions.com, thehorizzen.com, geoindopacific.com, gpf-ina.org, safesec-group.com, thetruthinfo.com, Vandercons.com, and gulfpeace.org.  

Since November 2023, these websites and associated job postings on social media, LinkedIn, and other hiring platforms advertised “consulting” jobs, including “Senior Analyst” and “International Affairs Consultant” positions.

Suspected PRC operatives used the sites and job listings to recruit applicants and bribe them for sensitive information, DOJ alleges. “The conspirators have encouraged applicants and recruits to share confidential and sensitive information in violation of their official duties and of particular interest to the People’s Republic of China (PRC) government,” according to the court documents. “The recruiters pressured candidates to share confidential information and reports from ‘insider sources’ in violation of their official duties.” 

The court documents allege the conspirators then paid the recruits for these reports using online accounts in the names of fictitious individuals, and cryptocurrency to hide their identities and the source of the payments. ®

Palantir CEO Alex Karp says full nationalization of AI companies is coming, and that Senator Bernie Sanders’ proposal for 50% public ownership will soon look moderate. “In two years, they’re not going to think Bernie Sanders is progressive,” Karp told CNBC on Wednesday. “They’re going to be like, ‘Bernie Sanders, you only want 50%? What is this 50%?’”

Karp said he has spent six months privately warning top AI executives about the threat. “The momentum is on the side of people who want to nationalise them,” he said. He described himself as a “card-carrying progressive” and argued that the most important political decisions in the country will be driven by whether politicians understand AI.

The prediction lands in an increasingly crowded political space. Sanders has outlined his American AI Sovereign Wealth Fund Act, which would impose a one-time 50% tax on stock, not profits, from companies like OpenAI, Anthropic, and xAI. Trump has said he plans to meet AI company leaders to discuss some form of public ownership, calling it a “partnership with the American public.” The two sides disagree on nearly everything else.

“The question is not whether AI will change the world, it will,” Sanders said in a video this month. “The question is who will own and control that future.” Trump said at the White House: “If we do that, the public will become very rich, the people in our country.”

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

Not everyone in Trump’s orbit agrees. David Sacks, the former White House AI and crypto czar, warned that Republicans who adopt the Sanders position will regret it. “Conservatives are right to fear where this is all headed but ought to think more carefully about how regulations they are flirting with now will be used against them the next time a Democrat administration is in power,” Sacks wrote.

Karp framed the debate differently. He said Americans are asking what will happen to them as AI eliminates jobs, “and the answers aren’t all good or bad.” He predicted the US would need to “retrain and retool” and said it is better positioned to do so than Europe. He did not address how Palantir, which sells AI to governments and militaries, would be affected by nationalization.

The bipartisan convergence on public ownership of AI is remarkable. A year ago, the idea of the US government taking equity stakes in AI companies would have been dismissed as fringe. Now a socialist senator, a Republican president, and a defence contractor CEO all agree it is likely. The disagreement is only about how much and how fast.

Whether any of it happens depends on legislation, which has not been introduced yet, and on whether AI companies voluntarily offer equity, as OpenAI has proposed through its Public Wealth Fund concept. But Karp’s prediction is the most extreme version yet from a sitting CEO: not 10%, not 50%, but full nationalization, and within two years.

Listen up, nerds. Newegg currently has promo codes and deals on gently used, refurbished, new and hard-to-find electronics, gaming products and more. Remaining one of the biggest online-only retailers in the US for the last 20 years, Newegg is a leading global online retailer for PC hardware, home appliances and all things tech, as well as providing help with businesses’ e-commerce needs. In the last decade, Newegg has expanded its online retail presence, selling everything from PC parts to refurbished vacuum cleaners. So, whether you’re wanting to build your own PC or just looking to upgrade your laptop, Newegg has something for every type of tech lover. Plus, WIRED has found several Newegg discount codes (and other deals) for new and existing customers. Don’t wait too long—save big money on those big (and small) tech purchases in 2026.

Save 3% With Exclusive Newegg Promo Codes, Only at WIRED

We at WIRED know that one of the best ways to save on essential (often price) tech is buying through a trusted retailer like Newegg, and that’s why we have a WIRED-exclusive promo code, valid only on newegg.com only—not in Canada or Newegg Business. PCs can break or make your online experience, especially when it comes to gaming, so that’s why Newegg is offering 3% off gaming notebooks with our exclusive promo code only at WIRED. Even better, this deal is stackable, meaning it can be added on top of any other applicable coupon (but the max discount amount per order is $150).

Get the Latest Newegg Deals in 2026

Newegg is continuously adding deals, so be sure to check back often for serious discounts on unmissable tech. Some of the best deals we’ve been eyeing include Gigabyte B650M Gaming Plus Wi-Fi gaming motherboard for $110 ($20 off), Xbox 3-month game pass ultimate cards for $96 ($24 off), and ASRock Challenger Radeon graphics card for $600 ($50 off).

One of the best ways to save big on fun tech purchases on Newegg is through Newegg combo deals. If you’re looking to build your own PC, when you buy the components to it on Newegg, you’ll save big. When you choose items from two or more categories, you’ll unlock combo savings, like processor, motherboard, and memory cards. Plus there’s AMD combo savings and Intel combo savings, with up to $15 off Intel processors.

How to Redeem a Newegg Coupon

If you qualify, the best current Newegg promo code to save coins is their education discount, which gets you 8 to 10% off (up to $100) an entire order. Use this Newegg discount code, which will help you save once you have verified your status. Copy the code using the handy pop-up button below the coupon, and once you’ve found the must-have item, apply the Newegg edu promo code during checkout to get the discount. The coupon is available to students, faculty, and education staff with a valid .edu email address.

Enjoy Exclusive Discounts and Benefits With a Newegg+ Membership

Newegg has a free membership program that gives you access to exclusive deals. To get a Newegg+ account, you’ll need to register, or if you already have an account, opt in to the program. Once it’s on your dash, you’ll get perks like free shipping, exclusive early access and offers, member-only discount codes, extended warranties, easier returns, dedicated customer service, and more.

Members are also eligible to view and enter Newegg Shuffle events, which give customers a chance to purchase limited offers at great deals. During these events, there are 3 phases: product selection, winner notification, and purchase. There are no advanced sign-ups allowed, meaning you’ll have to keep an eye on the website (or app) if you want to participate in the next shuffle.

Get the Latest Newegg Student Offers

You need a lot of tech as a student, which can get very expensive. Newegg wants to make those purchases a little less painful by offering student and faculty discounts and pricing for 5% discounts and more. Along with student pricing and discounts, there’s also special financing available to help offset initial expenses that may be a financial barrier to getting this necessary tech. This Newegg discount is available to anyone with a .edu email account. All you need to do is use your .edu email and click the ‘Student Discount Available’ button on eligible products.

Stay Tuned for Newegg Coupons and Flash Discounts

Even if the Black Friday and Cyber Monday deals are only available in November, you can still save a significant amount on your order using special Newegg promo codes and their 24-hour flash deals. Newegg Shell Shocker coupons include steep discounts on everything from PC components to gaming gear and hard-to-find tech gadgets. Check out our favorite Newegg discounts to get up to 80% off. The best thing is, early shoppers have Newegg’s Price Protection, so if the price drops after you buy, you get a refund. Gear up now to make sure you score big on your favorite electronics this holiday season. Make sure you sign up for the Newegg newsletter to get special offers, coupon codes, and exclusive promotions.

Other Ways to Save at Newegg Without a Promotional Code

Along with the education promo code for students to save 8% to 10%, Newegg also has a rewards program called EggPoints where members earn points for qualifying purchases. For every 100 EggPoints spent, you get $1 to spend at Newegg.com. Newegg also has Shell Shocker deals, which change every day and feature limited-time, deeply discounted sales on specific products, from gaming laptops to graphic cards, processors and other components. So, be sure to check back often to not miss a product you’ve been eyeing going on clearance.

Save up to $300 Combo Savings When you Build Your Dream Setup With Newegg PC Builder

Ready to level up your WFH or GFH (gaming from home) set up? Newegg PC Builder can guide you through the process of installing your perfect custom setup—whether you’re crafting a powerhouse Newegg gaming PC or a budget-friendly workstation. Choose your components, check for compatibility, and let Newegg do the heavy lifting with versatile assembly and shipping options. And make sure to check if there is a Newegg Coupon available to save even more.

Don’t Miss These Newegg Sales and Seasonal Coupons

Like I said before, be sure to check Newegg ​​often for their seasonal sales throughout 2026, like the ultimate-capitalism-extravaganza that is Black Friday (and now, Cyber Monday, too), where Newegg has major discounts on a wide range of electronics for the few days leading up to Black Friday (through Cyber Week). Along with these peak holiday sales, they also have their own sales, like their Anniversary sale and FantasTech sale, which is essentially their version of Amazon Prime Day, where thousands of deals run for several days. It’s a good bet that if you check Newegg around Back to School time and during Memorial and Labor Day, there will be tons of end-of-season sales, too. After Christmas, they usually clear out a substantial amount of inventory with huge discounts on computer-related products like monitors and hard drives. Snag one of our Newegg promo codes above to save on your next tech purchase, some of which can be used on already discounted items.

{​​H2} Save 4% Everyday With Newegg Store Credit Card

If you’re someone who buys a lot of refurbished tech, applying for a Newegg Store Credit Card with Everyday Savings is a great way to save big on purchases you were already going to make. You can save 4% every day when you use your Newegg Store Credit Card, and you can get Newegg Store Credit Card Special Financing, too, which means you’ll have no iInterest if the card is paid in full within six or 12 months. Plus, when you have a card, you’ll have no annual fee, convenient and easy online account management and payments. To get the card, you’ll need to see if you prequalify, and accept and apply for the credit card once approved. Once approved, you’ll get a temporary account number and you can start shopping right away.

The model will reportedly be made available to enterprise customers and paid subscribers. 

Just two months after rolling out Mythos to a limited pool of high-level users, Anthropic has announced the release of Claude Fable 5, an AI model similar to Mythos but with significant safeguards and blocks to prevent deliberate misuse and security breaches, according to the company. 

Unlike Mythos, which is currently only available to a select number of organisations and institutions due to major concerns about securing critical infrastructure, Claude Fable 5 will be made available to enterprise customers and paid subscribers. 

The model has built-in barriers that aim to block responses in high-risk areas such as cybersecurity, chemistry and biology, with such interactions automatically handled instead, the company said, by its Opus 4.8 model.

Fable 5, Anthropic claimed, shows strong capabilities in software engineering, knowledge work, vision, scientific research and similar fields.

In a statement, Anthropic explained that over the course of the past few months, the organisation has worked to improve safeguards that would make Claude Fable 5 “robust enough for a general release”, adding that in prioritising safety, some measures are “stricter than would be ideal” and some benign requests may be classified as risky. However, there are plans to further refine the model’s regulation systems. 

Anthropic has also announced an updated version of the Mythos model, Claude Mythos 5, reportedly similar to Fable 5 but with the cyber safeguards lifted. 

The organisation said, “In consultation with the US government, we plan to steadily expand access to Claude Mythos 5, continuing our periodic addition of new partners, as well as pursuing a trusted access programme that allows cybersecurity organisations to apply in a more systematic manner.”

In early June, Anthropic unveiled plans for a historic initial public offering that could take the company’s valuation soaring above $1trn. The proposal came less than a week after Anthropic overtook OpenAI’s valuation with a $65bn Series H funding round that valued it at $965bn.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.