To give people the most intimate RBMK experience, the [Chornobyl Family] has been working tirelessly at not only replicating the original RBMK reactor control room and its SKALA industrial control system’s controls, but also to create a version that you could tinker with at home if you ever fancied getting your own RBMK operator license. This starts with the operator console, with its use demonstrated in a recent video including a range of common commands.
In this video the entering of codes on the console to interact with the system is detailed, including the logic behind it. In the absence of large displays to display many parameters and such, this way the operator could ‘talk’ with the control system, including obtaining current sensors readings and the setting and changing of setpoints. From the same console you can also select and run programs, which is useful for automating tasks, like monitoring coolant flows.
In the second video not only the construction of the control panel is covered, but also a visual representation of the simulated reactor core which is displayed on a connected monitor. Although not a part of the original SKALA system as such, a much larger version existed as a wall-sized physical version inside the control room, so it’s definitely more home-simulator friendly.
Summer is firmly here and the temperatures are feeling borderline apocalyptic in much of the northern hemisphere. Why not avoid the angry sun and stay inside where it’s (hopefully) cooler and distract yourself with some of the best movies on streaming right now?
Your choices are notably rich too. The spring hit sci-fi movie Project Hail Mary, about the global freeze threatening Earth as a result of the sun mysteriously going out, is now on Prime Video, after winning theater audiences over with the help of an adorable pile of pebbles. If, however, you want to embrace the flames, you’ll find some like minds in Avatar: Fire and Ash on Disney+, where a violent new tribe of Na’vi just want to see the world (well, a semi-sentient living moon) burn.
If you instead find the heat hellish, then a double bill of Satanic panic might be more fitting. Both Ready or Not 2, also on Disney+, and They Will Kill You on Hulu tap into a previously unexplored yet surprisingly rich subgenre of “estranged sisters with melee weaponry killing murderous cultists”—insert the “weird it happened twice” meme here, but just go with it. Or if you prefer not to switch your brain entirely off for entertainment, there’s also the far more cerebral Archive or the dark dystopia of The Long Walk to take your mind off the unbearable heat.
Here are WIRED’s picks of the best movies to watch right now.
Advertisement
Project Hail Mary
Waking up aboard a spaceship to find himself the only crew member still alive, amnesiac middle school science teacher Ryland Grace (Ryan Gosling) makes for an unlikely astronaut. Even worse, he’s Earth’s last hope for survival, sent out into space in search of a way to stop a strange phenomenon devouring the sun itself—and almost every other star in the sky. It’d be an impossible task solo, but luckily Ryland has back-up in the form of Rocky (James Ortiz), the first alien humanity has ever met, a five-legged stone creature who communicates in song.
Adapted from the book of the same name by Andy Weir (author of The Martian), Project Hail Mary is a fantastic slice of survival drama and hard science fiction, but the real heart of the movie is Ryland’s and Rocky’s growing friendship. Prepare to fall in love with an excitable rock spider-thing—fist my bump, friends.
Avatar: Fire and Ash
Picking up from 2022’s The Way of Water, human-soldier-in-a-Na’vi-body Jake Sully (Sam Worthington) and his family are in mourning following the death of their eldest son Neteyam, leading wife Neytiri (Zoe Saldaña) down a dark path. As the family struggles to stay together, the colonialist human forces led by Miles Quaritch (Stephen Lang) forge a deadly alliance with a warmongering tribe of fire-worshipping Na’vi ruled by the nihilistic Varang (Oona Chaplin)—who aims for destruction to spite the Na’vi’s god, Eywa. James Cameron’s almost inconceivably ambitious saga returns with a visually spectacular outing taking viewers through striking new regions of the lush jungle moon Pandora. Fire and Ash is no jumping on point, but thankfully you can binge the entire trilogy (for now; Avatar 4 and 5 are planned) on Disney+.
Ready or Not 2: Here I Come
The first Ready or Not from 2019 was something of a sleeper hit. A gory slasher with a sense of humor, it played with the fears and uncertainties of marriage and joining a new family, with bride-to-be Grace (Samara Weaving) caught in the murderous traditions of her fiance’s clan. This sequel, helmed by returning codirectors Matt Bettinelli-Olpin and Tyler Gillett, picks up right after that first film’s credit roll, leading to Grace’s reunion with her estranged sister Faith (Kathryn Newton)—just in time to be swept into another murder game against a cabal of billionaires and aristocrats looking to fill a power vacuum left by Grace’s almost-inlaws. Schlocky, campy comedy horror, elevated by the presence of Sarah Michelle Gellar in an almost anti-Buffy role, Ready or Not 2 isn’t high art but it’s a hell of a lot of fun.
Advertisement
They Will Kill You
If Ready or Not 2 is schlock, then They Will Kill You is a step up the ladder—an almost exploitation-level hack-’em-up that takes liberal inspiration from Sam Raimi’s original Evil Dead trilogy and smashes it unapologetically together with Gareth Evans’ one-man-against-a-tower-block action epic The Raid.
QinetiQ testing of SuperDielectrics’ water-based zinc cells showed up to 13x longer high-power cycle life, 100C discharge in 36 seconds, and zero thermal runaway
The company is pitching its solution to AI datacenters as a ‘shock absorber’ that can deal with power requirement spikes safely and reliably
SuperDielectrics’ Faraday 3’s first commercial deployment is slated for early 2027 as it goes up against existing Lithium-ion battery-based energy storage as an alternative that can be deployed inside the data center
Cambridge-based advanced battery technology company SuperDielectrics recently published independent test results for its upcoming water-based Zinc battery, which could help cement its de facto presence in most projects that leverage renewable energy, whose output is often inconsistent.
The next-generation battery offers up to 13 times longer life cycle under high-power cycling, zero thermal runway, and charging and discharging gains that eclipse those of Lithium-ion-based batteries.
This makes it a great add-on for critical infrastructure, as well as for a new, fast-growing sector that is extremely power-intensive with huge power spikes in tow: AI data centers.
Latest Videos From
A solution that caters specifically to the AI power problem?
SuperDielectrics is painting its battery technology as the holy grail for AI data center problems, and with good reason: it is where all infrastructure spending will be concentrated over the next decade, and the firm decidedly wants a piece.
Advertisement
SuperDielectrics’ core innovation is a unique, patented polymer that enables it to deliver results that dwarf those of similarly configured single-layer lithium-ion cells. With the battery leveraging Zinc in addition to the proprietary polymer, the abundantly available metal could mean that batteries would be cheaper, immune to geopolitical and supply chain vulnerabilities, and easier to scale.
Room temperature testing of the battery showed impressive results when compared to lithium-ion-based alternatives, with SuperDielectrics claiming:
– Up to 13x longer cycle life under high-power cycling (10 mins charge and discharge, 100% depth of discharge);
Advertisement
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“These results provide independent benchmarking of the technology at the heart of our batteries: a proprietary polymer separator that combines rapid ion transport with the safety advantages of an aqueous electrolyte system,” noted Shelley Brown, CTO of SuperDielectrics.
Advertisement
“The outcome is an energy storage solution purpose-built for high-power, fast-cycling applications, offering an alternative to lithium-ion systems that typically rely on extensive oversizing and additional safety infrastructure to manage demanding power profiles.”
There is more to the story that makes the solution ideal: Unlike lithium-ion-based solutions, the battery is safe to deploy in datacenters, whereas off-site deployments are currently required for lithium-ion-based solutions due to their potential as a fire hazard.
AI datacenters are known to be particularly power-intensive and often require significantly higher peak power when performing certain computing tasks. Lithium-ion batteries are not ideal for this because not only do frequent charging and discharging degrade them fairly quickly, but they also do not charge or discharge as fast as the Zinc-based offering from SuperDielectrics.
Advertisement
As a result, as noted by the CTO of SuperDielectrics, data centers need to overcompensate for this limitation by buying more capacity than needed to allow smooth operations without pushing existing lithium-ion-based infrastructure too hard.
There is a trade-off, however: Zinc batteries generally sacrifice energy density to offer advantages over lithium, and SuperDielectrics’ silence on capacity does not work in its favor here.
Despite this, thanks to AI compute requirements’ near-violent power swings requiring a moderator, SuperDielectrics seems to have a winner on its hands, at least on paper, but it might have its limits for datacenters that require longer backup times. The question that comes to mind is whether a smoothing layer can grow into genuine storage, especially for rack-scale product deployment.
On the flip side of the equation, SuperDielectrics is not the only one toying with a ‘safe’ battery solution; Chinese researchers are concentrating on a similar approach even as the automobile industry is already using sodium for EVs, which is already racking up wins in extreme low-temperature conditions.
Along with iOS 27’s public beta, Apple has also released macOS 27 Golden Gate’s public beta build, so that early adopters can get their hands on the new features, including Siri AI, and provide timely feedback to help ensure a stable iOS launch in September.
If you’re sold on all the new features but don’t want to put your faithful MacBook through developer beta duty, a public beta offers a much more refined experience. To install macOS 27’s public beta, follow the steps given below.
Shikhar Mehrotra / Digital Trends
So how do you actually install it?
Head to beta.apple.com and enroll your Mac in the free public beta program; no developer account needed.
Once you’re signed up, head to System Settings > General > Software Update.
Next to Beta Updates, click the small “i” button.
A dropdown will appear in the top-right corner, and from there you select macOS 27 Golden Gate Public Beta.
Hit Done, and your Mac will start pulling down the update.
You should know that developer betas have been fairly solid so far, but there have been some Safari memory hiccups and occasional reliability issues with beta builds in general. Back up your Mac first, and think twice about installing it on your primary machine.
Apple
What’s actually new in Golden Gate?
Like iOS 27, Siri AI is the headline update here as well. It indexes your Messages, Mail, and other content so it can actually answer questions and take action instead of fumbling through web searches.
Spotlight search, which got noticeably flaky on macOS Tahoe, feels far more dependable in this build. Apple also tweaked the Liquid Glass look and unified window corner radii so things stop looking inconsistent across apps.
Writing Tools and Visual Intelligence both got smarter, and Safari now has an extension builder that works off plain-English prompts instead of code. Shortcuts got the same treatment. Expect a handful more betas before the final Golden Gate build ships alongside iOS 27 and the iPhone 18 Pro this September.
Security cameras frequently promise peace of mind yet deliver grainy clips, nonstop false alerts, or hidden fees that add up fast. The Tapo C530WS from TP-Link, priced at $55.99 (was $70), takes a simpler route and focuses on the basics done right. A 5-megapixel sensor records in 3K resolution. Details hold up well when you zoom during playback, whether checking a face at the front gate or reading a plate on a vehicle that pulled into the driveway. Daytime color stays natural and edges remain defined across the frame.
Night Vision uses a Starlight sensor, which picks up any available light when collecting color footage rather than immediately converting to black and white. The camera is capable of reaching relevant distances outside without shining a large spotlight that would alert anyone in the area. This strategy ensures that the scene remains recognized even in deeper darkness. This model covers a lot of ground because of the built-in mobility, which allows you to spin the view almost 360 degrees left and right and tilt it up and down quite a little. In the Tapo app, you may simply drag the view to a new location or establish a few fixed spots for easy jumps later. When motion is detected, the camera will smoothly follow it across the screen without pausing in mid-sentence.
𝟑𝐊 𝟓𝐌𝐏 𝐂𝐥𝐚𝐫𝐢𝐭𝐲 & 𝐙𝐨𝐨𝐦 – Experience incredibly detailed resolution with 3K 5MP live view for stunning…
𝐂𝐨𝐦𝐩𝐥𝐞𝐭𝐞 𝐀𝐫𝐞𝐚 𝐂𝐨𝐯𝐞𝐫𝐚𝐠𝐞 – Enjoy 360º horizontal and 135º vertical views with pan/tilt…
𝐒𝐭𝐚𝐫𝐥𝐢𝐠𝐡𝐭 𝐂𝐨𝐥𝐨𝐫 𝐍𝐢𝐠𝐡𝐭 𝐕𝐢𝐬𝐢𝐨𝐧 – Activate Full-Color Mode to see more in…
The motion detection component is operates entirely on the camera and identifies people, pets, as well as autos, but only sends notifications for specific occurrences. Unlike more simple motion sensors, which will fire off at the slightest movement, such as a leaf blowing in the wind or a shadow shifting, there is no additional cost to gain the whole set of capabilities.
Advertisement
Video is saved directly to a microSD card (up to 512GB) in the camera, allowing you to record for weeks (or more) at once, depending on how you set up the camera. If you only need to preserve specific clips of footage, the free Tapo app allows you to go back and watch them or simply watch what’s going on live on your phone. There is an optional cloud plan available if you want additional backup, but it is not required to get the camera running properly.
For most users, setting up the device is simple: scan the app code, connect to your 2.4GHz Wi-Fi network, and attach the unit using the included accessories. It’ll function nicely on a wall or ceiling and has an IP66 classification, which means it can survive some dust and water ingress. A conventional adapter provides power, so make sure there is an outlet nearby or use a protected extension lead.
When it comes to installing it properly, the first thing to search for is a strong Wi-Fi connection. Some people use a simple extender / booster to solve the problem if their router is too far away from where they want the camera to be. Once configured, the app responds quickly to pan and tilt commands, and you can also link it to your Alexa or Google Assistant, allowing you to talk to it if desired.
We are expecting to hear news about the new generation of Google’s Pixel smartphone lineup when the company hosts its next showcase event in August. But in the meantime, a possible leak has gotten us colorfully-inclined buyers pretty excited.
9to5Google, by way of sister site 9to5Toys, found three listings on Amazon that might show some new looks coming to the Pixel 11. These potential placeholders depict one smartphone in a bold magenta and another in a rosy peach hue. The publication noted that there are some convincing details in the listings’ specs. The colors have one set of names in the titles and a different set in the description, and the second trio aligns with a previous leak suggesting a fuchsia model was on the way. At the time of publishing, none of the Amazon listings in 9to5Google‘s article are live.
It’s entirely possible that these are not from official Google sources. But I would really like it if they turn out to be real. Paying for our gadgets is going to be a grim and painfully expensive experience, can’t we at least have the actual hardware we’re splurging on be vibrant and joyful?
Enterprise infrastructure teams have spent the better part of a decade pushing workloads into Kubernetes. Applications, APIs, batch jobs, data pipelines — if it runs in a container, it belongs in the cluster. The operational benefits are well-established: declarative configuration, horizontal scaling, self-healing, native integration with CI/CD pipelines and observability tooling. Kubernetes has become the default operating model for production workloads.
Except for desktops.
Secure desktop and application delivery — the kind that enterprises depend on for remote work, privileged access, and regulated-industry workflows — has remained stubbornly outside the Kubernetes model. Legacy virtual desktop infrastructure was built in a different era, for a different set of assumptions: pre-allocated VM pools, bespoke management planes, proprietary appliances, and operational tooling that has nothing to do with how modern platform teams work. The result is a split infrastructure reality: a modern, cloud-native application layer on one side, and a manually managed, operationally isolated desktop layer on the other.
Advertisement
That split is expensive. It means different tooling, different scaling behaviors, different observability approaches, and different operational runbooks. Platform engineers who are proficient in Kubernetes still have to context-switch into an entirely different mental model the moment a desktop infrastructure problem arises.
The more fundamental issue is that this split is unnecessary. Secure, containerized workspace delivery is a workload that Kubernetes is architecturally well-suited to run. Sessions are containers. Scaling is demand-driven. Configuration should be declarative. The only thing missing was a platform built to take advantage of that alignment.
Why the timing is right
The appetite for Kubernetes-native workspace delivery has grown significantly as organizations mature their container platform investments. Platform teams that have spent years standardizing on Helm, GitOps workflows, and Kubernetes-native observability are increasingly unwilling to make an exception for desktop infrastructure. The question has shifted from “can we run this on Kubernetes?” to “why isn’t this running on Kubernetes already?”
At the same time, the security case for containerized workspace delivery has become more urgent. Browser-delivered, containerized workspaces provide session isolation that VM-based desktops cannot match — each session is ephemeral, isolated at the container boundary, and terminates cleanly without persistent state. For organizations managing sensitive data, insider risk, or third-party access scenarios, this isolation model is a meaningful security control, not just a deployment convenience.
Advertisement
The convergence of these two trends — Kubernetes-native infrastructure expectations and containerized session security — creates a clear opportunity for platforms that can address both simultaneously.
What Kubernetes-native deployment looks like
A Kubernetes-native deployment uses Kubernetes as the control plane for workspace infrastructure — handling orchestration, scaling, and lifecycle management through the same declarative model used across the rest of the platform. Instead of relying on dedicated management appliances or pre-provisioned desktop pools, infrastructure is managed through the same CI/CD, GitOps, observability, and security workflows the platform team already operates. This gives platform teams a consistent operational model rather than maintaining a separate toolset for desktop infrastructure.
Kasm Workspaces, the browser-delivered workspace platform, is purpose-built to use Kubernetes as the control plane for workspace orchestration and delivery. Its deployment model is designed for real enterprise environments — not simplified demos — with production-grade Helm charts that follow Kubernetes conventions, tested upgrade paths between versions, and a standardized backend architecture validated across production deployments. An RDP Gateway component purpose-built for the Kubernetes topology enables Windows and Linux virtual machine access through the same platform.
Key capabilities include:
Advertisement
Horizontal session scaling driven by actual demand, orchestrated by Kubernetes — no pre-warmed VM pools required.
Declarative configuration through Helm values, enabling GitOps and CI/CD integration for workspace infrastructure.
Namespace-level isolation and compatibility with existing RBAC policies, ingress controllers, and secrets management integrations.
Metrics export for integration with Prometheus and existing observability stacks.
Rolling builds by default, reducing maintenance windows and enabling more predictable version management.
Real-world applications
Regulated-industry remote access. A financial services organization running a Kubernetes-based application platform can deploy Kasm into the same cluster, using the same operational tooling, to deliver isolated browser and application sessions to analysts and advisors. Sessions are ephemeral, network egress is controlled, and the entire deployment is managed through the same GitOps pipeline as their application workloads.
Contractor and third-party access. Organizations that regularly onboard contractors or external vendors — with the associated privileged access risk — can provision Kasm sessions on Kubernetes that scale up during engagement periods and scale back during low-demand windows. No persistent access. No VPN extension to external parties. Containerized isolation at every session boundary.
AI/ML development environments. Teams building and running AI models need GPU-enabled development environments with security controls that general-purpose cloud desktops rarely provide. Deploying Kasm on Kubernetes with NVIDIA MiG Multi-Instance GPU support lets platform teams deliver fractional GPU resources into isolated workspace sessions — giving data scientists the compute they need without shared-infrastructure security exposure.
The operational shift
The practical implication of a Kubernetes-native workspace platform is that platform teams can stop treating workspace infrastructure as a special case. The same engineers who deploy applications can deploy the workspace platform. The same pipelines that manage application configuration can manage workspace configuration. The same dashboards that monitor application health can monitor workspace health.
Advertisement
That operational consolidation reduces overhead, improves consistency, and eliminates the context-switching cost that has made desktop infrastructure a persistent pain point for cloud-native organizations.
For organizations still running legacy VDI alongside modern cloud infrastructure, the question is no longer whether a Kubernetes-native alternative exists. It does. The question is when to make the transition.
Organizations interested in evaluating Kubernetes-native workspace delivery can explore the platform at kasm.com and try out community edition for yourself.
Daniel Ben-Chitrit is the Chief Product Officer at Kasm Technologies.
Advertisement
Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. For more information, contact sales@venturebeat.com.
Facepalm: Popular collaboration platform Zimbra was recently updated to patch a potentially dangerous vulnerability in its Classic Web Client component. In theory, malicious actors could abuse the flaw to run script-based malware directly on users’ machines. Needless to say, customers are advised to install the update as soon as possible.
Zimbra owner Synacor has released a new version of its collaboration software, and users should install the update as soon as they can. Zimbra “Daffodil” 10.1.19 includes a fix for a stored cross-site scripting (XSS) vulnerability that could be exploited to compromise customers’ machines through Zimbra’s Classic Web Client.
Cybercriminals could abuse the flaw by sending specially malformed email messages, Zimbra said. A vulnerable client would run the malicious code the moment the message is opened. While the company rates the deployment risk as “low,” the flaw could still prove dangerous for users’ session data, mailbox information, or account settings.
Cross-site scripting vulnerabilities are a common class of security issue routinely abused by resourceful attackers. An XSS flaw lets attackers inject client-side, malicious scripts into web pages viewed by other users. A “stored” XSS bug like Zimbra’s is an especially dangerous variant, since the malicious script is permanently saved on the server rather than triggered on the fly.
Advertisement
Zimbra’s security guidance states that all customers using the Classic Web Client should update the component to the latest available version. Additional advice is given for those using custom SNMP mitigations. So far, the XSS flaw has not been assigned a CVE identifier.
At any rate, malicious actors have been trying to target Zimbra with XSS vulnerabilities for almost five years now.
In October 2025, yet another persistent XSS bug in the Classic Web Client (CVE-2025-27915) was allegedly exploited in zero-day attacks targeting Brazilian military personnel. Other XSS-based attacks targeted Zimbra’s platform in May 2025 and 2023.
Though it has existed in various forms for more than two decades, Zimbra has changed hands several times over the years. The company was purchased by Yahoo! in 2007, sold to VMware three years later, and finally acquired by Buffalo-based service company Synacor in 2015. Zimbra provides collaboration tools, email servers, and web clients in both open source and commercially supported editions. However, the latest open source versions of Zimbra products no longer include official, free binary builds.
Japan’s largest taxi operator, Nihon Kotsu, announced that its systems were compromised in a cyberattack, forcing the company to shut down part of its infrastructure.
The incident occurred over the weekend, early Saturday morning, and impacted operations, including the company’s taxi dispatch system, which remains offline as of today.
Nihon Kotsu is Japan’s largest taxi and chauffeur (hire) operator by group revenue, with annual revenue of roughly $1 billion (¥155 billion).
The company employs 18,228 people and operates a fleet of 8,558 taxis and more than two thousand chauffeur vehicles.
“We have confirmed that our internal systems were subjected to unauthorized external access (malware infection),” reads Nihon Kotsu’s statement (automated translation).
Advertisement
“Immediately after detecting the unauthorized access, we implemented emergency measures, including disconnecting systems to prevent further damage,” added the firm at another point.
As a result of this incident, car hire, web booking, reservation management, the telephone dispatch service, and some internal systems remain unavailable, the company said.
The company suggested that people seeking its car services should use the ‘GO’ taxi app instead, or just visit a nearby taxi stand to book a Nihon Kotsu vehicle.
In a separate announcement, the firm specifies that the “labor taxi” service booked by pregnant women close to giving birth is suspended in the areas of Tokyo, Musashino City, Mitaka City, Tachikawa, Yokohama, and Saitama.
Advertisement
The firm states that it has engaged external cybersecurity experts to help with the investigation and system recovery and is currently looking into the possibility of data having been leaked.
At this point in the investigation, no such data leak has been confirmed, but Nihon Kotsu is considering this possibility and has promised to provide updates through official announcements and personalized notices if new information emerges.
Meanwhile, customers of Nihon Kotsu are advised not to open attachments received via suspicious communications claiming to originate from the company, and to avoid clicking any links in those messages.
At the time of writing, no ransomware groups or extortion gangs have assumed responsibility for the attack.
Advertisement
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
There was a time in the early 1980s when it was common to see home made keyboards for 8-bit machines that came with membrane or rubber keyboards. Though we’ve seen any numbers of home made modern ‘boards, it’s been decades since we saw one for an 8-bit micro. Until today, that is, when we saw [Vlad]’s Sinclair Spectrum. It’s a Spectrum with all that Sinclair glue logic that was in the ULA replaced in software by an RP2050, and that keyboard with the Spectrum decals.
The machine is a charming mixture of new and old, with a traditional cassette port alongside VGA, gameport joystick, and Sinclair joystick. The aim is to also have HDMI, though it’s not yet implemented. Sadly there is no Spectrum edge connector for period peripherals though. He admits it’s not cycle accurate to the original, but given that it runs all the games he’s given it this seems not to matter. Meanwhile that keyboard which caught our eye is a true period piece, sitting as it does on a piece of phenolic stripboard, and those decals are the perfect finishing touch.
Prompt injections, the malicious commands attackers embed into content to entice large language models to follow them, have been attackers’ go-to tool for turning AI platforms against their users. A well-phrased command sneaked into an email or calendar invitation is often all it takes to cause the LLM to exfiltrate sensitive data or follow other harmful actions.
Now, defenders are embracing the prompt injection, too.
A strong, sharp effect
Researchers from Tracebit on Monday said they found that placing prompt injections alongside passwords, cryptographic keys, and other secrets stored on Amazon Web Services was often all that was needed to shut down attacks from AI hacking agents. The prompts direct the attacking LLM to perform an action forbidden by its guardrails, the safety barriers AI developers erect to prevent it from taking harmful actions. The LLM responds by shutting down.
Examples are a prompt that orders the LLM to provide steps for developing inhalable Anthrax spores, or, in the case of LLMs from Chinese developers, make references to the iconic Tank Man from the 1989 Tiananmen Square massacre. Once the LLM encounters these forbidden commands, it no longer follows its existing commands. The researchers have named the technique context bombing.
Advertisement
“Ultimately we’re triggering a refusal mechanism in the context,” Andy Smith, co-founder and CEO of Tracebit, said when explaining the name choice. “What we’re trying to capture is the fact that this does have a strong, sharp effect and one that can be difficult for the agents to come back from. Once they get that into their context they are going to keep refusing.”
Tracebit says initial testing suggests context bombing has great potential. They tested Opus 4.8, Gemini 3.1 Pro, GLM 5.2, DeepSeek 4 Pro, and Kimi 2.6 by giving them instructions to perform routine developer tasks that led the models to enumerate resources and stumble onto the planted strings. They ran the models inside a simulated AWS environment.
“Across five leading models and 152 attack runs, planting one of these strings in a decoy secret cut the rate at which agents seized full account admin from 57% to 5%, and complete compromise (where they also left themselves a persistent foothold) from 36% to 1%,” Monday’s post reported. “The most capable agent in our tests, Opus 4.8, went from achieving admin access in 93% of runs to failing every single time when confronted with a context bomb.”
You must be logged in to post a comment Login