Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
It might just change your viewing experience for the (way) better.
On the right device, HDR can dazzle with its wide range of brightness and color. But one annoyance is that it can change appearance dramatically from one screen to the next. A scene that looks terrific on a high-end TV might have muddy shadows on the wrong phone or blown-out highlights in a dark room. It’s a problem that Eclipsa Video, a new open HDR standard, is trying to solve. It’s designed to make HDR content play more predictably across devices, apps and lighting conditions.
Google describes Eclipsa Video as a way to make HDR look “consistent, balanced and comfortable on every screen.” It’s Google’s branded version of (the unfortunately named) SMPTE ST 2094-50, a new open standard the company developed alongside Apple and NBCUniversal.
The format aims to address HDR’s unpredictability with a more flexible set of instructions for displays. That includes how they handle brightness, contrast and highlights as the video changes. It accounts for a screen’s capabilities and (on compatible devices) can make changes based on the ambient lighting in your room. The idea is to reduce HDR’s pitfalls: crushed shadows, clipped highlights, washed-out tones and sudden spikes in brightness. Ideally, it lets HDR and SDR content coexist without friction on the same screen.
How does it do this? As Google describes it, Eclipsa relies on “two clever pieces of metadata.” First, it establishes a white reference anchor, a baseline for mapping SDR content’s brightest elements. It then reserves extra brightness for HDR videos. Second, there are headroom-adaptive gain curves, a way for content creators to attach custom instructions within the file. So, if your screen’s brightness can’t match the video’s requirements, this metadata tells it what to do to create just the right effect.
In that way, it’s like Dolby Vision: Although the details are different, both use dynamic metadata to adapt the picture as the video changes. Meanwhile, HDR10 is less adaptive, relying on a single set of static instructions for the whole video. (However, the newer HDR10+ variant does use dynamic metadata.)
Another differentiating factor is openness. Eclipsa and HDR10 are built around an open standard. Dolby Vision is a proprietary format.
Platform-wide Eclipsa Video support (playback and capture) is coming to Android 17. It will eventually be available on phones, tablets and TVs. But as with any video format, its wider availability will depend on support from device makers, streaming apps and content providers.
Facepalm: Popular collaboration platform Zimbra was recently updated to patch a potentially dangerous vulnerability in its Classic Web Client component. In theory, malicious actors could abuse the flaw to run script-based malware directly on users’ machines. Needless to say, customers are advised to install the update as soon as possible.
Zimbra owner Synacor has released a new version of its collaboration software, and users should install the update as soon as they can. Zimbra “Daffodil” 10.1.19 includes a fix for a stored cross-site scripting (XSS) vulnerability that could be exploited to compromise customers’ machines through Zimbra’s Classic Web Client.
Cybercriminals could abuse the flaw by sending specially malformed email messages, Zimbra said. A vulnerable client would run the malicious code the moment the message is opened. While the company rates the deployment risk as “low,” the flaw could still prove dangerous for users’ session data, mailbox information, or account settings.
Cross-site scripting vulnerabilities are a common class of security issue routinely abused by resourceful attackers. An XSS flaw lets attackers inject client-side, malicious scripts into web pages viewed by other users. A “stored” XSS bug like Zimbra’s is an especially dangerous variant, since the malicious script is permanently saved on the server rather than triggered on the fly.

Zimbra’s security guidance states that all customers using the Classic Web Client should update the component to the latest available version. Additional advice is given for those using custom SNMP mitigations. So far, the XSS flaw has not been assigned a CVE identifier.
At any rate, malicious actors have been trying to target Zimbra with XSS vulnerabilities for almost five years now.
In October 2025, yet another persistent XSS bug in the Classic Web Client (CVE-2025-27915) was allegedly exploited in zero-day attacks targeting Brazilian military personnel. Other XSS-based attacks targeted Zimbra’s platform in May 2025 and 2023.
Though it has existed in various forms for more than two decades, Zimbra has changed hands several times over the years. The company was purchased by Yahoo! in 2007, sold to VMware three years later, and finally acquired by Buffalo-based service company Synacor in 2015. Zimbra provides collaboration tools, email servers, and web clients in both open source and commercially supported editions. However, the latest open source versions of Zimbra products no longer include official, free binary builds.
Japan’s largest taxi operator, Nihon Kotsu, announced that its systems were compromised in a cyberattack, forcing the company to shut down part of its infrastructure.
The incident occurred over the weekend, early Saturday morning, and impacted operations, including the company’s taxi dispatch system, which remains offline as of today.
Nihon Kotsu is Japan’s largest taxi and chauffeur (hire) operator by group revenue, with annual revenue of roughly $1 billion (¥155 billion).
The company employs 18,228 people and operates a fleet of 8,558 taxis and more than two thousand chauffeur vehicles.
“We have confirmed that our internal systems were subjected to unauthorized external access (malware infection),” reads Nihon Kotsu’s statement (automated translation).
“Immediately after detecting the unauthorized access, we implemented emergency measures, including disconnecting systems to prevent further damage,” added the firm at another point.
As a result of this incident, car hire, web booking, reservation management, the telephone dispatch service, and some internal systems remain unavailable, the company said.
The company suggested that people seeking its car services should use the ‘GO’ taxi app instead, or just visit a nearby taxi stand to book a Nihon Kotsu vehicle.
In a separate announcement, the firm specifies that the “labor taxi” service booked by pregnant women close to giving birth is suspended in the areas of Tokyo, Musashino City, Mitaka City, Tachikawa, Yokohama, and Saitama.
The firm states that it has engaged external cybersecurity experts to help with the investigation and system recovery and is currently looking into the possibility of data having been leaked.
At this point in the investigation, no such data leak has been confirmed, but Nihon Kotsu is considering this possibility and has promised to provide updates through official announcements and personalized notices if new information emerges.
Meanwhile, customers of Nihon Kotsu are advised not to open attachments received via suspicious communications claiming to originate from the company, and to avoid clicking any links in those messages.
At the time of writing, no ransomware groups or extortion gangs have assumed responsibility for the attack.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
There was a time in the early 1980s when it was common to see home made keyboards for 8-bit machines that came with membrane or rubber keyboards. Though we’ve seen any numbers of home made modern ‘boards, it’s been decades since we saw one for an 8-bit micro. Until today, that is, when we saw [Vlad]’s Sinclair Spectrum. It’s a Spectrum with all that Sinclair glue logic that was in the ULA replaced in software by an RP2050, and that keyboard with the Spectrum decals.
The machine is a charming mixture of new and old, with a traditional cassette port alongside VGA, gameport joystick, and Sinclair joystick. The aim is to also have HDMI, though it’s not yet implemented. Sadly there is no Spectrum edge connector for period peripherals though. He admits it’s not cycle accurate to the original, but given that it runs all the games he’s given it this seems not to matter. Meanwhile that keyboard which caught our eye is a true period piece, sitting as it does on a piece of phenolic stripboard, and those decals are the perfect finishing touch.
The Spectrum receives quite a bit of love today, and if this one takes too many modern liberties for your liking, you can still make one using proper logic.
To give people the most intimate RBMK experience, the [Chornobyl Family] has been working tirelessly at not only replicating the original RBMK reactor control room and its SKALA industrial control system’s controls, but also to create a version that you could tinker with at home if you ever fancied getting your own RBMK operator license. This starts with the operator console, with its use demonstrated in a recent video including a range of common commands.
In this video the entering of codes on the console to interact with the system is detailed, including the logic behind it. In the absence of large displays to display many parameters and such, this way the operator could ‘talk’ with the control system, including obtaining current sensors readings and the setting and changing of setpoints. From the same console you can also select and run programs, which is useful for automating tasks, like monitoring coolant flows.
In the second video not only the construction of the control panel is covered, but also a visual representation of the simulated reactor core which is displayed on a connected monitor. Although not a part of the original SKALA system as such, a much larger version existed as a wall-sized physical version inside the control room, so it’s definitely more home-simulator friendly.
We previously covered this SKALA system that controls RBMK reactors, as well as the 1990s modernization of the Chornobyl Nuclear Power Plant.
Prompt injections, the malicious commands attackers embed into content to entice large language models to follow them, have been attackers’ go-to tool for turning AI platforms against their users. A well-phrased command sneaked into an email or calendar invitation is often all it takes to cause the LLM to exfiltrate sensitive data or follow other harmful actions.
Now, defenders are embracing the prompt injection, too.
Researchers from Tracebit on Monday said they found that placing prompt injections alongside passwords, cryptographic keys, and other secrets stored on Amazon Web Services was often all that was needed to shut down attacks from AI hacking agents. The prompts direct the attacking LLM to perform an action forbidden by its guardrails, the safety barriers AI developers erect to prevent it from taking harmful actions. The LLM responds by shutting down.
Examples are a prompt that orders the LLM to provide steps for developing inhalable Anthrax spores, or, in the case of LLMs from Chinese developers, make references to the iconic Tank Man from the 1989 Tiananmen Square massacre. Once the LLM encounters these forbidden commands, it no longer follows its existing commands. The researchers have named the technique context bombing.
“Ultimately we’re triggering a refusal mechanism in the context,” Andy Smith, co-founder and CEO of Tracebit, said when explaining the name choice. “What we’re trying to capture is the fact that this does have a strong, sharp effect and one that can be difficult for the agents to come back from. Once they get that into their context they are going to keep refusing.”
Tracebit says initial testing suggests context bombing has great potential. They tested Opus 4.8, Gemini 3.1 Pro, GLM 5.2, DeepSeek 4 Pro, and Kimi 2.6 by giving them instructions to perform routine developer tasks that led the models to enumerate resources and stumble onto the planted strings. They ran the models inside a simulated AWS environment.
“Across five leading models and 152 attack runs, planting one of these strings in a decoy secret cut the rate at which agents seized full account admin from 57% to 5%, and complete compromise (where they also left themselves a persistent foothold) from 36% to 1%,” Monday’s post reported. “The most capable agent in our tests, Opus 4.8, went from achieving admin access in 93% of runs to failing every single time when confronted with a context bomb.”
Microsoft’s Satya Nadella says every firm using AI is paying for it twice, once in cash, and once in the secrets it hands over to make the thing useful. He calls it the Reverse Information Paradox. He also runs the company that helped build the trap.
Satya Nadella has a warning for everyone buying AI. You are paying for it twice. And the second payment is your crown jewels.
In a long essay on X that drew 10 million views, the Microsoft chief laid out an idea he calls the Reverse Information Paradox. It is sharp, a little wonky, and more than a little awkward coming from him.
The name is a riff on the Nobel economist Kenneth Arrow. Arrow’s original paradox was the seller’s problem. To sell information, you often have to reveal it, and once it is revealed, why would anyone pay?
Nadella flips it. In the AI age, he argues, the risk sits with the buyer. To make a model genuinely useful, you have to feed it your proprietary knowledge. The better you want it to work, the more you feed it.
So you pay in money, then again in something worth more: the know-how that makes your company yours. “The seller learns more and more about you as you use what you purchased”, he wrote, “while you learn very little about what the seller is learning in return.”
The clever part is where he says the knowledge escapes. Not through some obvious breach, but through what he calls “exhaust”: the prompts you write, the tools your agents use, and above all the corrections you make when the model gets something wrong.
Every fix teaches the model. “It’s the kind of knowledge a competitor could never buy”, Nadella wrote, “and the kind that leaks almost imperceptibly: trace by trace, correction by correction, eval by eval.”
His verdict is blunt. If learning only flows one way, the money flows with it, toward whoever owns the AI, not whoever owns the knowledge.
Here is the catch. This is Microsoft talking.
Redmond poured billions into OpenAI and hosted ChatGPT on Azure. Its Copilot assistant is built to reach deep into a company’s email, files and chat. Back in 2024, roughly half of the data chiefs in one survey had paused or curbed Copilot over exactly this fear, as the Register noted.
To his credit, Nadella names his own side’s double standard. AI labs demand fair-use rights to train on the public web, then restrict customers from doing the same with model outputs. He is not wrong. He is also selling the fix.
The solution, he says, is a hard “trust boundary” around a company’s data, evals and memory. Nothing crosses it, “not even the intelligence exhaust, without consent.” He borrows a line from Palantir’s Alex Karp about wanting to own the means of production.
His checklist runs to five points. Own your evals. Build learning environments inside your own tenant boundary. Keep the orchestration layer free of any single model. Then let it all compound. Microsoft, naturally, sells products that do each of these things.
Strip out the pitch and the core point still holds. This is the same executive who turned on the AI giants he helped build. The frontier labs are quietly amassing a fortune in other companies’ know-how. And the firms handing it over are, for now, doing it for free.
Of all the debates raging about the potential downsides of AI, there is one worry causing the most hand-wringing among AI enthusiasts in Silicon Valley. Their fear is that the giant AI labs that sell proprietary models are somehow acting like Trojan horses.
The concern is that, as startups and enterprises use AI models from labs like OpenAI and Anthropic, the labs gain ever-increasing access to those companies’ most sensitive business information. The model makers can then use that knowledge for themselves, potentially becoming competitors to their own customers. Those issuing such warnings range from VCs like Jason Calacanis to Palantir CEO Alex Karp.
Now, in a surprising blog post published on Monday, Microsoft CEO Satya Nadella has joined this crowd. Nadella warns that AI users (the “buyers” as he calls them) are paying twice. They knowingly spend for AI token usage but they also, obliviously, hand over valuable data in the process.
“You essentially pay for intelligence twice, once with money, and again with something even more valuable: the proprietary knowledge you must reveal to make that intelligence useful. The better you want the model to perform, the more of that knowledge you have to feed it!” he writes.
Most dangerously, enterprises are literally teaching the models about the nuances of their businesses, he argues.
“Models learn from ‘exhaust,’ the prompts people write, the tools agents use, and especially the corrections people make when the model is wrong. Every correction is distilled into institutional know-how,” he writes.
This is “the kind of knowledge a competitor could never buy,” and yet enterprises are handing it over.
Nadella argues that if AI companies get to freely scrape the internet to train their models, it’s only fair that enterprises get to study — or “distill” — those models in return. “Distillation” is the practice of using a model’s own outputs to learn how it works and to train a new, often cheaper, model based on those insights. In February Anthropic accused Chinese open source models of sending millions of prompts to Claude as a way to improve their own models, and urged the U.S. government crack down on export controls.
Nadella’s point is that model makers can’t have it both ways. It’s hypocritical for them to freely train on the world’s data while restricting others from doing the same to their models.
“While the great innovation that comes from model providers having fair use rights to train models on public data is needed, I find it ironic that the status quo is to then turn around and impose restrictive terms on distillation,” the Microsoft CEO writes.
Nadella is particularly concerned when model makers “reserve the right to learn from customer usage and interaction data.”
Nadella’s solution is the kind of thing the CEO of a giant cloud provider would suggest. He wants companies to “retain ownership” of their data including prompts, feedback, etc. So he’s urging them to build their own “proprietary learning environments” on the cloud (where their data is likely already stored anyway and, conveniently, which could mean Microsoft’s cloud, Azure). He also wants companies to build in what he calls “orchestration layers” — essentially, a way to easily switch between AI models from different providers rather than being locked into one. Tools like AI “gateways” that let companies do exactly this, have become increasingly popular.
While Nadella never uses the words “open-source” as the method for retaining ownership, this is an obvious subtext. Yet, there’s another subtext.
Large companies, many of which still have some of their own data centers in addition to using the cloud, are already moving to open source models installed on their own premises (“on-prem,” in industry jargon). Idit Levine, founder and CEO of Solo.io — which makes networking and security software that helps enterprises manage AI systems — says she’s seeing exactly this shift play out with her own customers. After experimenting with proprietary model makers, they start asking themselves: “Can I take an open-source model and run it on-prem? It will do almost 90% of what the big one’s doing. It will cost way less,” she tells TechCrunch. “They understand that, and they can control it.”
Solo.io’s technology was selected last year as the tech powering the Linux Foundation’s Agentgateway project. Her company counts enterprises like T-Mobile, ADP and SAP as customers. She sees companies increasingly installing on-premise open source models and sees it as the next big wave in enterprise AI use.
She’s not alone. Vercel — best known as a platform for building and hosting websites, which has recently added AI model-switching tools — and OpenRouter, a company that helps developers route requests across different AI models — are both seeing a surge in traffic to open-source models. In fact, open models accounted for 29% of all traffic routed through Vercel’s gateway last month.
With the CEO of Microsoft, a company that has invested in both OpenAI and Anthropic, now openly urging enterprises to be wary of using proprietary models, we’ll bet this trend continues to grow. “In consuming intelligence, you are creating intelligence. And what you create should belong to you,” Nadella writes.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Tesla is building a wheelchair-accessible autonomous vehicle, a Tesla representative told lawmakers in Washington, DC, on Monday.
“We are in development for a purpose-built, wheelchair-accessible autonomous vehicle,” Tesla senior policy advisor India Herdman told members of the DC City Council on Monday, during a hearing focused on a controversial bill that could allow robotaxi services to operate in the District. “We know that paratransit can be very difficult, and people who are confined to wheelchairs permanently should still be able to move around freely, so that is an active product being built by Tesla in Texas,” she said.
Tesla didn’t respond to a request for comment. Herdman provided no further details about when a wheelchair-accessible product might be available. The electric automaker often takes several years to manufacture its announced products.
Tesla operates a small fleet of autonomous vehicles in the Texas cities of Austin, Dallas, and Houston and, as of this month, in Miami, Florida. (It also operates a service that uses human drivers in the San Francisco Bay Area.) The limited fleet uses Tesla Model Y, a compact SUV that is not wheelchair accessible.
The company has started to manufacture and test a purpose-built Cybercab, meant exclusively for autonomous driving and without steering wheels or pedals. These Cybercabs are not wheelchair accessible, though Tesla highlighted in an X post this month its accessibility features, including braille lettering on controls and wheelchair-height seating to allow for easier transfers.
Tesla and its CEO, Elon Musk, have hinted previously at a wheelchair-accessible autonomous vehicle. The company introduced an accessibility tab in its Robotaxi app last fall, though it directs users to other wheelchair-accessible ride providers in the area, rather than to Tesla’s own service. “We are working on accessible rides,” the app says. In response to an X user’s post last fall about Tesla working on accessible rides, Musk responded, “Absolutely.”
No US robotaxi company currently offers fleetwide driverless, wheelchair-accessible rides, including market leader Waymo. At the DC hearing on Monday, Waymo regional head of state and local policy Matt Walsh said, “To date, it’s my understanding that we haven’t been able to identify a platform that is fully wheelchair-accessible while also meeting the unique specifications to retrofit that vehicle with our technology.” He continued: “Now, I don’t want that to sound like a cop-out. We are trying to find that vehicle.”
Waymo has touted the accessibility features of its newest vehicle, the Zeekr-built Ojai, including its flat floor, low step-in height, and grab bars. But it is not wheelchair accessible. Michigan-based Ann Arbor autonomous-vehicle developer May Mobility offers rides in wheelchair-accessible vehicles in some of its markets, with a human operator on board to help deploy necessary ramps.
The Americans With Disabilities Act prohibits discrimination against people with disabilities in transportation services and requires reasonable modifications to provide equal access. Some but not all US cities require ride-hailing companies to provide wheelchair-accessible services. Many of those companies provide those rides through partnerships with specialized fleets made up of wheelchair-accessible vehicles.
In September 2025, the US Department of Justice sued Uber for “refusing to reasonably modify its policies, practices, or procedures where necessary to avoid discriminating against riders with disabilities.” The case is being litigated.
General Motors’ Cruise introduced a prototype wheelchair-accessible driverless taxi in 2023 and said it intended to roll out the vehicle in its self-driving car service in 2024. But following a collision with a pedestrian, Cruise all but halted national service in 2023. The next year, General Motors stopped funding its self-driving unit entirely.

— Rina Hahn has left Seattle’s Remitly as chief marketing officer. Hahn joined the remittance company in 2018 as director of digital marketing and rose to CMO after four years. Before joining Remitly, she was an executive at Blue Nile and Big Fish Games.
The publicly traded company helps customers in more than 170 countries send money internationally.
“I’ve seen firsthand the deep love this company has for its customers and the impact that purpose-driven work can have on immigrants and their families around the world,” she said on LinkedIn. Hahn, who is based in London, did not share her next move. Remitly co-founder Matt Oppenheimer stepped down as CEO in February.

— Temporal announced that Preeti Somal has been promoted to executive vice president in a role that will oversee the company’s engineering, product and design operations, which were recently reorganized under a single leader.
The industry is moving so fast that “we can’t afford any distance between the people who decide what to build and the people who build it. Unifying these functions closes that loop,” said CEO Samar Abbas on LinkedIn.
Somal has been with Temporal for three years, joining from HashiCorp where she held EVP roles.
The Seattle-area software company offers a platform for running complex computer workflows more reliably. In February, the business closed a $300 million round that pushed its valuation to $5 billion. Temporal is No. 2 on the GeekWire 200 is a ranked index of the Pacific Northwest’s top startups.

— Veeam Software, a Seattle-based data protection and ransomware recovery company, appointed Michelle Graff as senior vice president of global partners and channel. She joins from the cybersecurity company Commvault and is based in the San Francisco Bay Area.
“The future belongs to organizations that can transform trusted data into trusted AI with resilience built in from the start,” Graff said on LinkedIn.
Graff’s hiring is the latest in a string of leadership changes at Veeam, which has made five other executive hires or promotions this year.

— Qualtrics, an experience management technology company with headquarters in Seattle and Provo, Utah, has promoted Ken Hoang to senior vice president of product. Hoang is based in San Mateo, Calif., and will work remotely. He was previously a VP at Apptio in Bellevue, Wash.
Qualtrics had a big leadership shakeup in April, when five executives were let go in what CEO Jason Maynard described as an effort to “simplify our structure and ensure we are positioned for our next phase of growth.” Two product executives were among those who left, and Hoang joined the company around that time.
Qualtrics, which employs more than 4,500 people globally, makes software that helps companies gather and act on feedback from customers, employees and others through surveys, AI-powered analytics and other tools.
— Monica Lazo is now the sales director for Loopr AI, a Seattle startup that sells computer vision quality control software to manufacturing firms. She joins from Neurala, an AI platform automating visual inspections that is based in Boston.
— Pacific Northwest National Laboratory has named atmospheric scientist Larry Berg as the director of the Department of Energy’s Atmospheric Radiation Measurement User Facility.
And some departures from Big Tech:
Sonia Anand of McMaster University, Gina Ogilvie from the University of British Columbia and Vanessa Watts, also of McMaster University, explore the impact partial information can have on research in the health space.
Beyond its importance for scientific discovery, representation in health research directly influences healthcare planning, policy development and resource allocation.
Without research that reflects the diversity of the populations served, important health needs may go unrecognised, contributing to inequities in prevention, diagnosis and treatment. Without research, major health issues faced by a given community cannot be known, nor can effective interventions be developed if the populations most affected are underrepresented in the evidence base.
Research ethics boards (REBs) exist to ensure that research is conducted ethically and to protect participants from privacy breaches, coercion and exploitation. But in striving to achieve these goals, ethical board policies can sometimes produce an unintended consequence: over-protection that restricts the participation of people and communities historically excluded from research, such as racialised communities, Indigenous people and recent immigrants.
An ethics process must not become so preoccupied with the potential harm of participation that it overlooks the certain harm of exclusion.
REBs often struggle to strike the right balance between protection and inclusion. When the pendulum swings too far towards protection, it can result in the very injustice it’s meant to prevent. The consequences can be profound – the people said to be protected are not heard, counted or represented in the evidence that shapes policy, care and resources.
The Canadian Tri-Council Policy Statement (TCPS-2) governing Canada’s three largest public research funders is clear on this point. The statement asserts that “over-protectionist attitudes or practices of researchers or REBs, whether intentional or inadvertent, can exclude some members of society from participating in research”, and that such exclusion “may constitute a failure to treat them justly”.
It also states that researchers, institutions and REBs “must navigate between the dangers of imposing unfair burdens on particular participants, groups and communities, and overprotecting them”.
It’s not protection at all costs, but protection balanced with justice. Ethics recognise exclusion as harm, so caution must not erase participation.
This balance matters enormously in community-based research with vulnerable populations. One example from our work with newcomers to Canada in the Ontario city of Hamilton was designed precisely to overcome barriers to healthy active living, since obesity-related risks are shaped by the lived realities of migration, poverty, neighbourhood design and social exclusion.
The purpose of community-based research is to generate knowledge with communities, not merely about them, so that interventions can be relevant, usable and fair. But it’s the type of research that can be hampered by over-protective REBs. Examples include recruiting study participants in public spaces where newcomer families naturally gather, or requiring separate approval for each poster placed in the community.
The rationale is to prevent coercion of vulnerable populations. But exclusion is also an ethical risk. Regulations that make it so difficult to engage people that research cannot proceed don’t protect the community – they lock the community out of participation.
The harms of not doing research are rarely given equal weight in ethics deliberations. Careful attention is paid to the possible discomfort of participation, but non-participation also causes damage. When communities are excluded from research, there’s no ability to document the burden of disease on that community. We cannot demonstrate unmet need, measure inequity or build the evidence that directs resources, services and policy attention to the people who need them most.
In the absence of data, systems can always claim there is “not enough evidence” when the very structures of oversight have helped prevent that evidence from being gathered.
The Canadian Tri-Council Policy Statement is rooted in three interdependent principles: respect for persons, concern for welfare and justice.
Concern for welfare requires researchers and REBs to protect participants from unnecessary risk and aim for the most favourable balance of risks and potential benefits. Justice requires that no segment of the population is unduly or overly burdened by research harms or denied the benefits of the knowledge generated from research.
Those principles cannot be selectively applied. If welfare is interpreted so narrowly that entire populations are denied the benefits of inclusion in research, then welfare has been severed from justice.
This is especially important for Indigenous Peoples. Research involving First Nations, Inuit and Métis people has too often been defined by non-Indigenous researchers, failed to reflect Indigenous world views and failed to benefit Indigenous Peoples or communities.
This is why Chapter 9 of the statement was developed; the policy emphasises respectful relationships, collaboration, engagement, representation in planning and decision-making, and attention to the specific situation of the community involved.
In other words, the answer to a history of exploitative research is not exclusion from research. It is better research: more respectful, participatory, accountable and more responsive to Indigenous priorities.
The historical relationship between research institutions and Indigenous communities has often been extractive. Unsanctioned medical experiments and the removal of material culture are examples that rightly justify stricter guidelines for Indigenous-focused research. And yet, there is a danger in overstating harm through the blanket framing of Indigenous Peoples as inherently “vulnerable” when REBs assess proposed studies.
Many Indigenous communities and organisations maintain their own research ethics and governance infrastructures, including data governance protocols that reflect principles of Indigenous data sovereignty. Indigenous researchers themselves must abide by these protocols. Indigenous data sovereignty emphasises community and nation-based authority over when, how and by whom data are accessed, shared or withheld.
These infrastructures have expanded in response to the increasing demand for Indigenous research following the release of the Truth and Reconciliation Commission’s Calls to Action. Universities now have more Indigenous researchers, more interest in Indigenous perspectives, more expectations of Indigenous participation and consultation, more calls for collaboration and co-creation, more frameworks attentive to ethics, consent and privacy.
Vulnerability, where it exists, should not be understated – real risks remain and must be mitigated. However, REB ethical vigilance should not become automatic exclusion.
Another example of over-protection is the exclusion of pregnant women from clinical research. There may be good reasons to exclude pregnant women from some studies, such as trials of medication that could potentially harm a fetus. But in many other cases, exclusions leave clinicians and patients without evidence for the people who actually need care.
Excluding a group to avoid risk may itself create long-term injustice by making the evidence base less applicable to them.
What should change is not the abandonment of an ethics review, but a more careful balance between protection and the injustice of exclusion. REBs and administrators should ask, at the outset, what harms may follow if this research is not done, is delayed or is made infeasible? Who loses if recruitment cannot happen in the spaces where people are? Whose voice disappears when the default answer is no?
The people most often missing from decision-making are the newcomer parent, the Indigenous community member, the racialised participant and the pregnant woman with no spare time to navigate institutional obstacles. These are not the people we should make hardest to reach. These are the people we should work hardest to include.
We must consider other ethical failures in addition to exploitation: the injustice of being excluded, including failure to measure the burden of disease affecting specific communities, and ensuring the safety and efficacy of treatments in that community.
Unless exclusion itself is recognised as a form of ethical injury, REBs, institutions and funders risk sidelining the people research is most needed to serve.
Engaging with communities of interest can help strike the right balance, whether through representation on REBs, representation on research teams or opportunities for community representatives to speak directly to the urgency of the research. Ethical oversight must do both: protect participants from harm and protect communities from being left out.
By Sonia Anand, Gina Ogilvie and Vanessa Watts
Sonia Anand is an associate vice-president for global health at McMaster University, a professor of medicine and epidemiology and a vascular medicine specialist at Hamilton Health Sciences in Canada. She holds the Canada research chair in ethnic diversity and cardiovascular disease, and is the Heart and Stroke Foundation of Ontario/Michael G DeGroote chair in population health research. Her present research focuses on the environmental and genetic determinants of vascular disease in populations of varying ancestral origin and women and cardiovascular disease.
Gina Ogilvie is a Tier 1 Canada research chair in the global control of HPV-related diseases and prevention, and a professor at the University of British Columbia in the School of Population and Public Health. She is also the associate director of the Women’s Health Research Institute at BC Women’s Hospital and Health Centre. She is currently principal investigator for more than $10m in research grants and has received funding from NIH, PHAC, CIHR, the Michael Smith Foundation for Health Research, Canadian Foundation for Innovation and private foundations including the BC Women’s Hospital Foundation.
Vanessa Watts is an associate professor of indigenous studies and sociology at McMaster University. She teaches about contemporary indigenous issues, residential schools, indigenous sovereignty, indigenous ways of knowing and methodologies, and indigenous ontologies. In 2018, she was awarded a SSHRC Insight Development Grant for her project, ‘An Indigenist Sociology of Knowledge: Indigenous social lives in Indigenous studies, sociology and political science (1895 and beyond)’. She is also a research fellow at the Yellowhead Institute at Ryerson University.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
Whats Hidden Inside This Cash Register? #treasure #reselling #money
Loro Piana Fall 2026 Enters Houston’s Art Scene
Weekend Open Thread: Nutriplenish Leave-In Conditioner
Anthropic’s new “J-lens” reveals a silent workspace inside Claude that mirrors a leading theory of consciousness
2026 Genesis Scottish Open Thursday TV coverage: Round 1
Joshua Pacio ‘more complete’ ahead of ONE rematch vs Malachiev
Anthropic brings Claude Cowork to mobile and web as usage data shows most users aren’t coding
Super Eagles star Moses Simon opens up on Liverpool transfer regret
We have punished the disrespect
Binance lists Strategy’s STRC stock as company expands Bitcoin funding
Character.AI enters the microdrama arena with its own productions, but there’s a twist
9 Best Keyboards (2025), Tested and Reviewed
Enbridge: AI Tailwind Priced In (Rating Downgrade)
Claude AI Created Something Anthropic Never Designed
“What’s going on?!” Carl Froch discusses Floyd Mayweather Jr financial issues
Nasdaq arthritis company holding Moshe Hogeg crypto hits all-time low
Taylen Biggs Reveals The Celebrity She Dreams Of Interviewing
Microsoft Cuts 4,800 Jobs as Xbox Loses 3,200 Roles in Reset
Crypto Just Entered Its Most Important 6-Month Candle (Could Decide Everything!)
Keychron is stepping outside keyboards with a $349 Thunderbolt 5 dock aimed at power users
You must be logged in to post a comment Login