Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Up to 32 employees were affected by the studio’s recent decision.
Layoffs in the video game industry just keep coming. In a post on social media, ZA/UM Studio, the developer and publisher of Disco Elysium and more recently, Zero Parades: For Dead Spies, announced that it “served redundancy or at-risk notices impacting up to 32 of our colleagues across all departments at ZA/UM Studio.”
The news of the layoffs comes only a few months after the studio’s latest game was released in May. ZA/UM Studio attributed the layoffs to the weak “commercial performance” of Zero Parades: For Dead Spies, which “has not enabled us to sustain a studio of our current size.” According to SteamDB, the espionage RPG hit an all-time peak of 3,177 players around the time of its release, but has steadily declined since.
For diehard Disco Elysium fans, the news of layoffs may not come as a total surprise. After the success of the narrative-heavy RPG in 2019, ZA/UM Studio went through a series of conflicts including the firing of the game’s core team, a lawsuit involving intellectual property theft and accusations of a hostile work environment for women. Former devs with ZA/UM Studio subsequently made their own studio called Longdue, which is also working on a “narrative-first” game. As for the latest layoffs, ZA/UM Studio said it’s still “continued to consult and work with representatives of the ZA/UM Workers’ Alliance.”
In January 2025, Southern California was ravaged by wildfires that destroyed some communities and left others with smoky, ashy air. Then, in July 2026, wildfires in Canada saw smoke transform the skies in the Midwest and northeast United States.
The air quality outside may scare some families into staying indoors. If you’re remaining inside, you can still use your air conditioner, but you’ll want to keep some things in mind. Check if your air conditioner has a “fresh air intake mode” and then set it to “recirculate,” which will use the air inside your home rather than the air outside. The filter should also be clean and new — you may have to replace it, or upgrade to a MERV 13-rated filter (or higher) if possible.
Central air systems will treat all of the air circulating throughout the house, so it’s completely safe to use with the right mode and filter. If you’re using a window AC unit, make sure the seal is tight, so outdoor air doesn’t get in. You should not use a portable air conditioner that requires a vent outside since this may take in smoke.
If you’re planning to stay inside with the air conditioner on during times when the air quality outside is poor, there are other things you can do to improve the air quality inside your home. First, close all of the windows and doors to not let any outside air in. You may even want to use weather-sealing tape if you don’t have good insulation. Use a fan to help circulate indoor air, especially if your air conditioner doesn’t have a recirculate mode.
Investing in an air purifier for each room will significantly improve air quality. You could also get a portable air purifier and place it in a high-traffic area. There are air purifier options for every budget. You also should not smoke, burn candles, or use a gas stove indoors. You may also want to avoid vacuuming. This sounds counterproductive, but it can actually stir up the dust that’s inside your home. If you’re still concerned, you can use an N95 respirator to keep the smokey air from entering your lungs.
A security researcher using the “Nightmare Eclipse” handle has released a Windows zero-day exploit dubbed LegacyHive that allows attackers to escalate privileges on up-to-date Windows systems.
Nightmare Eclipse published a proof-of-concept (PoC) exploit hours after Microsoft released its July 2026 Patch Tuesday updates, saying that it abuses a security vulnerability in the Windows User Profile Service, which has yet to receive a CVE ID for easier tracking.
However, unlike previous exploits released by NightmwareEclipse, the LegacyHive PoC has been modified to require additional credentials, making it harder for attackers to weaponize the vulnerability.
“The PoC requires another standard user credentials and a third username (which can be an administrator account), if the PoC is successful, it will end up mounting the target user hive in current user classes root,” the researcher said.
“The PoC was stripped down as an attempt to prevent public exploitation, the original PoC did not require additional user credential and was not limited to usrclass.dat hive, any hive could be loaded using this vulnerability but you would need some brain cells to make the PoC do it.”
As Will Dormann, principal vulnerability analyst at Tharros, explained after testing the LegacyHive exploit, successful exploitation would allow non-admin users to modify the classes registry hive and gain automatic code execution when the admin account logs into a compromised system.
“For example, as a novelty, we can associate .txt files to open with calc.exe,” Dormann noted. “Clever attackers or people who want to accomplish something will easily be able to figure out how to do things that are more interesting and/or don’t even require user interaction.
One day after the PoC was released, cybersecurity expert Kevin Beaumont also confirmed that the exploit works and published LegacyHive exploitation detection queries for the Microsoft Defender for Endpoint (MDE) enterprise-grade endpoint security platform.
“Microsoft is aware of the reported vulnerability and is actively investigating the validity and potential applicability of these claims. Microsoft is committed to investigating security issues and updating impacted products to protect customers as soon as possible,” a Microsoft spokesperson told BleepingComputer today when asked for a statement regarding the LegacyHive exploit.
“Importantly, we support coordinated vulnerability disclosure, an industry standard that protects customers and supports the research community by ensuring their findings are thoroughly investigated and addressed before being made public.”
In recent months, Nightmare Eclipse has disclosed zero-day exploits for multiple Windows vulnerabilities in Microsoft Defender, BitLocker, and various Windows components, including RoguePlanet, BlueHammer, RedSun, YellowKey, GreenPlasma, MiniPlasma, and UnDefend.
Microsoft fixed the GreenPlasma, MiniPlasma, and YellowKey flaws last month as part of the June 2026 Patch Tuesday updates and the RoguePlanet vulnerability in the July security updates.
Microsoft responded to Nightmare Eclipse’s disclosures with warnings of legal action against people engaging in “malicious activity causing real harm to our customers,” prompting cybersecurity experts to believe the company was directly threatening the security researcher.
Update July 17, 10:05 EDT: Added Microsoft statement.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Looking for a different day?
A new NYT Connections puzzle appears at midnight each day for your time zone – which means that some people are always playing ‘today’s game’ while others are playing ‘yesterday’s’. If you’re looking for Saturday’s puzzle instead then click here: NYT Connections hints and answers for Saturday, July 18 (game #1133).
Good morning! Let’s play Connections, the NYT’s clever word game that challenges you to group answers in various categories. It can be tough, so read on if you need Connections hints.
What should you do once you’ve finished? Why, play some more word games of course. I’ve also got daily Strands hints and answers and Quordle hints and answers articles if you need help for those too, while Marc’s Wordle today page covers the original viral word game.
SPOILER WARNING: Information about NYT Connections today is below, so don’t read on if you don’t want to know the answers.
Today’s NYT Connections words are…
What are some clues for today’s NYT Connections groups?
Need more clues?
We’re firmly in spoiler territory now, but read on if you want to know what the four theme answers are for today’s NYT Connections puzzles…
What are the answers for today’s NYT Connections groups?
Right, the answers are below, so DO NOT SCROLL ANY FURTHER IF YOU DON’T WANT TO SEE THEM.
The answers to today’s Connections, game #1134, are…
My mistake came by including FUSE instead of SYNC in the group that became DIGITAL COUPLING VERBS. Although I’d argue that FUSE could be classed as a coupling verb, I attempted this grouping before seeing the far more appropriate CIRCUIT COMPONENTS.
It didn’t matter, though, because I managed to score a purple first — in large part this was due to seeing POKER and automatically singing Lady Gaga’s debut chart hit Pokerface.
From there, GAME and STRAIGHT automatically followed, as well as the punchline to the only joke I can ever remember: a depressed horse walks into a bar and the barman asks him “why the long face”?
Meanwhile, THINGS TOILETS DO eluded me.
NYT Connections is one of several increasingly popular word games made by the New York Times. It challenges you to find groups of four items that share something in common, and each group has a different difficulty level: green is easy, yellow a little harder, blue often quite tough and purple usually very difficult.
On the plus side, you don’t technically need to solve the final one, as you’ll be able to answer that one by a process of elimination. What’s more, you can make up to four mistakes, which gives you a little bit of breathing room.
It’s a little more involved than something like Wordle, however, and there are plenty of opportunities for the game to trip you up with tricks. For instance, watch out for homophones and other word games that could disguise the answers.
It’s playable for free via the NYT Games site on desktop or mobile.

SEGA and Ryu Ga Gotoku Studio just put out the first proper look at head-to-head combat in Virtua Fighter Crossroads, and the footage lands with real weight. The new VS Battle gameplay trailer, released earlier this week, shows two fighters trading blows in arenas that feel grounded and physical. Combos flow cleanly. Grabs snap into close camera angles that emphasize the struggle. Counters land with purpose. Finishers carry a sense of finality without overblown spectacle.
This is the traditional arcade mode that fans have been waiting for, and after months of story-focused announcements, many were wondering if the classic series would still be included. The answer appears to be yes, based on the footage. Crossroads is designed with Unreal Engine 5. It appears in the character faces, which are much more detailed and expressive than in prior games. The lighting reacts naturally to movement, and post-processing does not convert every punch into a flashy exhibition. As a result, the battle appears to be far more authentic than that of most modern fighters. The boxers move with weight, and their footwork is important. You must consider the distance and your position, as simply sidestepping and circling on a level plane will not enough.
Grabs, in which one combatant grabs onto another, receive special attention in Crossroads. When one fighter locks up another, the camera zooms in to show the hold and the other guy’s attempts to squirm free. It’s a minor detail, but it truly conveys the physicality of the fight, and as the bout ends, you get this nice animation that shows off the final strike. It’s not some cheap-sounding super move, because the emphasis is on timing, reads, and executing a flawless move. Ryu Ga Gotoku Studio has always stated that the competitive side is its own entity, and that remains true now. You can’t simply carry over your Story Mode stats into VS Battle because it’s purely a skill thing, and the controls have been designed with normal gamepads in mind, with a focus on simple inputs that nonetheless reward a thorough mastery of each character’s tools. It’s still all about technique, reading your opponent, and understanding your character inside and out.
The rest of the game is built on this basis, with the Story Mode following four new characters who meet in the fictional city of Vilasapara, Southeast Asia. You can explore the city, do side missions, and fight through massive multi-opponent brawls and set pieces. Old characters such as Pai Chan appear in both the tale and the competitive mode, while a new masked fighter known as the Bakunawa Killer is already regarded as a key player. The city itself has the lived-in vibe that Ryu Ga Gotoku is known for, and you can tell they spent a lot of effort making each section feel like a real place.

Crossroads is expected to be released in 2027. Platforms are still unclear, although the presentation suggests that it will be available on modern consoles and PC. There is no information yet on an exact release date. One thing we do know is that the competitive mode has received equal care and attention as the story mode.
[Source]
Commercial solar cells only have a conversion efficiency of around 25 percent.
Chinese company LONGi has developed a solar cell that it claims has achieved a conversion efficiency of 35.5 percent, as verified by the European Solar Test Installation, a reference laboratory for the calibration of photovoltaic (PV) devices. That’s an impressive conversion efficiency compared to what most solar cells are capable of. According to the US Energy Information Administration, the solar cells in commercially available panels are just now approaching a 25 percent efficiency. There are cells with a conversion efficiency of 50 percent, but they’re for niche uses, like solar panels for satellites.
The company specifically developed crystalline silicon-perovskite tandem solar cells. They’re an emergent PV technology that LONGi believes is the future of solar energy. Theoretically, these cells could achieve an efficiency of 43 percent. LONGi first achieved an efficiency of 33.9 percent in November 2023 and then 34.6 in June 2024. After several more incremental increases, the company is now claiming an efficiency of 35.5 percent.
LONGi says it holds the world record for efficiency when it comes to this particular PV technology. That said, the US Department of Energy’s National Renewable Energy Laboratory developed a solar cell with an efficiency of 39.5 percent back in 2022. In the grand scheme of things, who holds the record matters very little for most people. What matters is finding a way to mass produce and commercialize cells with these efficiencies so that they can help address humanity’s energy problems.
One of the major strengths of the BASIC programming languages has always been their no-fuss setup and rich set of commands for operations that would take considerably more work in a bare-bones language like C. MoonBASIC continues this legacy with a BASIC variant optimized for both 2D and 3D game development.
Included in the package are Raylib, Box2D, and Jolt, whose functionality is exposed via over 4,200 commands in their respective namespaces. You can also download a whole IDE package based around VS Code, use it on the command line, or add it to an existing VS Code installation.
A quick glance at the ‘getting started‘ guide gives a pretty good idea of what to expect of MoonBASIC, including a range of custom language additions and support for PBR materials, dynamic lighting, and other modern game engine features.
Whether writing a game in BASIC was on your bingo card for this year or not, it might be worth taking a look to see whether it’s your jam. After all, if BASIC was good enough for both AI and game development in the 1980s, surely it can be used for complex games in 2026.
This is not going to be a popular review because it is one of my rare negative-leaning takes on a new release by Terry Callier, a fine, if underappreciated, folk singer with a rich style that falls somewhere between Richie Havens and Tim Buckley.
While I have no problem with the artist, the music, or even the underlying performance on Terry Callier at the Earl of Old Town (Time Traveler Records), I felt an obligation to offer some perspective on the underlying value proposition of the vinyl edition. The promotional buzz surrounding this recent Record Store Day release appeared promising:
“These 1967 live tapes—unearthed from a private archive were recorded by Joe Segal in Chicago at The Earl of Old Town Club. Showcasing Callier’s distinctive blend of folk, soul, and jazz in its purest form. His intricate guitar work, luminous voice, and spiritual depth are presented in stunning clarity, giving both longtime fans and new listeners an unfiltered glimpse into a foundational moment in American music history. Transferred from the original tapes, restored by Joe Lizzi and mastered by Matthew Lutthans at The Mastering Lab. The limited-edition 180-gram 2-LP edition includes a booklet with rare photographs and newly commissioned liner notes… “

Sounds super appealing, right? Unfortunately, as is sometimes the case with archival releases, the reality is a bit different from the pre-release promotional descriptions.
As a lifelong Deadhead, I certainly appreciate a good audience-captured, fan-made unofficial recording. I get it. Rare recordings like this are invaluable for better appreciating an artist’s life’s work. Accordingly, I can even love a less-than-perfect archival recording if it is presented in its proper context. And therein lies the rub: Terry Callier at the Earl of Old Town is presented as “restored,” but it sounds far from that. For an album selling for upwards of $50 when you add taxes and shipping, it feels like a bit much.

As I listened to this just-OK-quality, lo-fi, audience-sounding recording, I questioned whether it really needed to be pressed as a fancy double 180-gram audiophile vinyl set. Coupled with the relatively short performance time of approximately 58 minutes, I suspect it could have been mastered to fit on a less costly, standard-weight 140-gram single LP without a significant sacrifice in fidelity. I’ll put it this way: if Herbie Hancock and Chick Corea could issue a live album in 1978 with a 35-minute-long side, a 30-minute side in 2026 should be feasible. Just sayin’!

For example, there are warbles audible during “The Last Thing on My Mind,” indicating that the recording was damaged somehow. There are moments of distortion throughout. Mr. Callier was playing in a small club before a relative handful of patrons who are polite except when they aren’t, so there is a fair amount of talking in the background during some tunes. In short, this is a far-from-perfect document. I guess that is the “unfiltered glimpse” part of the offering noted above.

Terry Callier At The Earl of Old Town is currently selling for $46.02 at Amazon. Of course if you are a deep fan, you probably already own this. However if you’ve been on the fence you might be better off going for the less pricey 2CD version, which you can find on Amazon for $23.56 — although I need to point out that at 58 minutes in length, it could have been all put on a less expensive-still single CD. Alternately, you might just want to simply wait until the prices come down on both of these options.
★★★★★★★★★★ Music
★★★★★★★★★★ Sound Quality
★★★★★★★★★★ Pressing Quality
Mark Smotroff is a deep music enthusiast / collector who has also worked in entertainment oriented marketing communications for decades supporting the likes of DTS, Sega and many others. He reviews vinyl for Analog Planet and has written for Audiophile Review, Sound+Vision, Mix, EQ, etc. You can learn more about him at LinkedIn.

Greenhill Forge wanted to find out whether solar air heating could handle actual laundry drying without relying on a big electric heating element. The short answer from his latest build and test is yes, and the numbers make a strong case for it. He connected an upgraded solar air collector panel directly to a standard clothes dryer. The panel supplies heated air that replaces the usual 2,400-watt electric element. In the real-world trial, a test shirt came out completely dry after one hour. The only electricity consumed during that hour went to spinning the drum. Total draw sat around 155 watts.
This corresponds to more than ten times less power as a standard electric dryer. The heating burden just evaporated, replaced by free solar energy harvested on-site. Greenhill Forge has been experimenting with solar air heating on his little rural homestead for a long time. Previously, he conducted side-by-side studies on five distinct collection designs, each measuring approximately two square meters square. The panels used insulated boxes with clear polycarbonate on top to trap heat, and dark absorber surfaces like black painted corrugated steel or dark insect netting pushed air past or through them.
These tests made it clear that performance varied substantially. The versions with transpired designs (in which air passes through small holes in the absorber) and many layers of black bug net screen functioned remarkably well regardless of sun angle or flow rate. When conditions were good, peak output was around 1400 to 1500 watts of useable heat, with overall collector efficiency ranging from 70 to 80 percent under full sun. This research influenced the design of the new collector for the dryer duty. They built it with a plywood frame, appropriate insulation, a black absorber surface (sheet metal or the better insect net solution), and windows. New fans were placed to double air flow over earlier generations, and they even incorporated some extra instruments like a data logger and temperature probes to get a true picture of how it was working rather than speculating.

Air enters the collector, gathers up heat from the sun-warmed absorber, and exits at a usable temperature. A duct then transports the air to the dryer. The only item needed on the dryer side was a modified flange that could handle warm air, and a blower fan was removed or repurposed to accomplish the job. The electric heating element was pulled out of the circuit. Temperature control was critical since clothing can easily be scalded if the air is too hot, and efficiency suffers if the air is too cold. Greenhill Forge created a custom controller using an Arduino board to fix this. It simply monitors the temperature of the air entering the dryer and changes the fan speed to keep the air at the appropriate drying temperature without requiring constant adjustment.

During the test run, the system maintained the heat levels exactly where they needed to be while the drum tumbling the load. 60 minutes later, the clothing were completely dry. The collector did all the hard lifting on the heat side, while the drum motor and controller required only 155 watts in total. This method avoids the losses associated with initially creating power and then converting it back to heat. A solar air collector simply absorbs heat energy and circulates it using a fan. The materials are basic and inexpensive; previous panels cost roughly $100 to construct. The improved version maintained the same down-to-earth approach while ticking boxes to improve durability and output consistency.
[Source]

Pocket cameras are becoming more popular in purses and everyday carry bags because they solve a real frustration. Phone footage seems OK until you play it back on a bigger screen or try to film while moving. Dedicated rigs give better outcomes, but they necessitate time, preparation, and, in many cases, a second set of hands. The Xtra Muse, priced at $329 (was $449), fills that gap without asking buyers to sacrifice features essential for vlogging and trip filming. It has a one-inch sensor, shoots 4K video at 120 fps, and uses a physical three-axis gimbal to steady shots.
The camera stands about 5 and a half inches tall and weighs between a hundred and 280 grams, depending on the setup. It’s big enough to be more than just a tiny smartphone, but not so huge that it can’t fit in your pocket with your wallet and keys. The box has a rough grip and a tiny threaded handle to prevent it from slipping out of your grasp when you need to hold it firmly. A small 2 inch touchscreen on the side allows you to switch from portrait to landscape mode with a single tap, which is useful if you’ve recorded a clip for YouTube or Instagram Reels and don’t want to worry about any of your clips needing additional cropping. The screen brightness increases to 750 nits, making it much simpler to take photos outside in bright sunshine. To be honest, the build quality is sturdy enough to withstand being flung into a purse or pocket, and it comes with a carrying case and wrist strap to keep it secure while on the go.
Sale
Behind a fixed f/2.0 lens with a 20mm equivalent focal length is a 1 inch CMOS sensor that gathers far more light than most phones or action cameras, making a significant difference when shooting indoors or at nightfall. You will notice less noise and greater definition in the shadows, as well as more natural-looking colors. The lens also performs a good job of blurring the background, so you can get a clean subject against a chaotic background without changing any settings. If you want to get serious about your stills, the maximum resolution is 9.4 megapixels, which is more than enough for the types of fast social posts or reference images you’d be creating while on the go. The sensor, on the other hand, significantly improves video quality, particularly when combined with the 10-bit X-Log color profile.
The three-axis mechanical gimbal only moves the camera head, not the body. So whether you’re walking, jogging, or scooting around on a bike or skateboard, handheld shots will be rock solid smooth, and because it’s a mechanical system, you shouldn’t see any of the nasty warping or stretching that digital stabilization can cause, so your footage will simply look really solid and stable. Slow-motion options include 4K at 120fps and 1080p at 240fps. When you slow down footage that much, it really hits home exactly how rapid (or otherwise) the action was, and the gimbal still keeps the subject right in frame, even at those super-slow rewind periods.

A Master Follow mode makes face and object tracking much easier, essentially keeping a subject in your sights while the camera is mounted on a tripod or in your hands (as long as they are steady). Simply double-tap to lock onto that subject, and the system will take care of framing changes; there is no need to repeatedly pan back and forth. It’s useful if you’re recording yourself giving a lecture to the camera, or if you want to catch a pet or a child on the move without wrestling with the camera.

A firmware update added support for Bluetooth mics, so you can simply pair your wireless mic straight via Bluetooth, no need for any extra gear or cables dangling from the handle, and real-time audio meters are available on the touchscreen to keep track of your levels. In terms of battery life, you can expect two to three hours of recording time depending on the resolution and functions you use, which should be sufficient for most people for a day of stop-start shooting, especially if you’re a traveler or vlogger.
Age checks are becoming law worldwide. The question is no longer whether platforms verify age, but what happens to the faces they collect — and whether they need to collect them at all.
By Ricardo Amper, Founder & CEO, Incode Technologies
More than 30 age assurance laws are now in force worldwide. The UK is enforcing the Online Safety Act’s “highly effective” age check requirement, with restrictions on under-16 access to social media planned for spring 2027.
Australia’s under-16 rules took effect in December, and the government has signaled its intent to double maximum fines to $99 million after early waves of non-compliance. Brazil’s Digital ECA became enforceable in March 2026, now half of U.S. states now mandate some form of age verification.
Facial age estimation has emerged as one of the most accessible ways to comply. It needs no government ID and no database lookup, which makes it workable for users of all age groups, including those with no documents to show.
In regulated markets, Incode’s data shows users choose it eight out of ten times over other age assurance methods. But it asks people for one of the things they feel least comfortable sharing: their face. And until now, nearly every implementation has worked the same way — capture the face, send it to a server, run the estimate there.
The record shows why that is a growing liability, especially for vendors relying on third party tech stack. According to the Identity Theft Resource Center’s 2025 Annual Data Breach Report, the U.S. recorded 3,322 data compromises last year — a record high and a 79% increase over five years — while supply-chain breaches doubled over the same period.
The same organization found that 63% of consumers have expressed serious concern over biometric data collection.
Meanwhile, the attacks are scaling faster than the defenses. Across more than 7 billion identity verifications processed on its platform, Incode has tracked the rise of agentic fraud — fraud attempts carried out with the help of AI agents.
In 2024, agentic fraud made up 3% of fraud attempts. By the first quarter of 2026 it had reached 40%, and Incode estimates it will exceed 90% within the next 18 months.
Incode’s facial age estimation and passive liveness models now run entirely on the user’s phone, tablet, or laptop – the face is never transmitted and never stored.
See how platforms can meet age assurance requirements worldwide without the user’s face leaving the user’s device.
The industry’s standard answer has been a privacy policy: a written promise that biometric data will be handled with care and deleted after the check happens.
A policy is a legal document. It is not a security control. It cannot stop a breach, an insider, or a compromised vendor; it can only assign responsibility afterward.
Privacy by architecture is a different proposition: build the system so the sensitive data never becomes accessible in the first place. If a face is never transmitted, it cannot be intercepted.
If it is never stored, it cannot be breached. Users do not have to trust anyone’s word. Privacy stops being a promise and becomes a fact of the architecture.
Last month, Incode Technologies, a leader in AI-powered identity verification and fraud prevention, announced a $100 million commitment to advancing privacy-preserving identity infrastructure, alongside its acquisition of Identiq, a company specializing in privacy-enhancing cryptographic solutions for peer-to-peer anti-fraud collaboration.
The funds are directed at on-device processing capabilities, continued R&D in privacy-enhancing technologies, and expanded engineering resources and global footprint.
Two weeks later, the first product was made public. On-Device Age Estimation, launched in July, the first time Incode’s proprietary models run fully on the user’s own device.
Both trace back to architectural decisions made at the company’s founding: verification driven by AI rather than by human access to biometric data, processing pushed to the user’s own device, and fraud collaboration designed to work without exposing data.
On-Device Age Estimation runs two of Incode’s models directly inside the user’s phone, tablet, or laptop: facial age estimation and passive liveness detection, which confirms that a real, live person — not a photo, a deepfake, or a replayed clip — is in front of the camera. The face is analyzed locally and is not transmitted or stored.
What travels onward is the outcome: whether the user meets the platform’s required age threshold. If the check cannot be completed for any reason, the user is automatically offered another verification method selected by the platform.
Making that possible meant shrinking the models. Incode compressed both to roughly a tenth of their original size using knowledge distillation — a technique in which a compact model is trained to reproduce the judgments of a much larger, more accurate one.
The resulting models are small enough to run inside an ordinary browser or app, across a wide range of devices, with no special hardware required.
Because the face is analyzed on the user’s own device, there is no technical way for Incode or any client platform to access a biometric or face image. In plain terms: the user proves their age. The face stays on the device.
An age check that is easy to cheat protects no one. What the device alone cannot fully rule out is tampering with the session itself — an injected camera feed, for example, or a manipulated device. Incode’s server-side layer analyzes session metadata — when and how the session happened, and the characteristics of the device and connection — to detect injection attacks and tampering.
That data contains no facial or biometric information; it exists for fraud detection and session integrity.
Without it, minors could appear as adults and adults as minors, and the result would be worthless for safety and compliance.
Those defenses carry the record of the environments they came from. For more than a decade, Incode’s models have operated in some of the most attacked environments online — banks, fintechs, healthcare, and other high-stakes services where fraudsters bring deepfakes, injection attacks, and replayed video every day.
Incode’s security layer achieves 99% spoof detection across deepfakes, injection attacks, replay attacks, and physical spoofing — the same anti-impersonation standard trusted by eight of the top ten U.S. banks — and has flagged more than 1 million face attacks across Incode’s platform in 2026.
On-Device Age Estimation is the first enterprise-ready offering to combine on-device age estimation with those defenses — a combination the company believes can reset the standard for how platforms verify age worldwide.
The second part of the commitment addresses a different exposure: the way institutions share fraud intelligence. Fraudsters collaborate across institutional boundaries; the institutions defending against them typically work alone, each seeing a fraction of the threat data.
The traditional fix — pooling customer data across institutions — solves one problem by making the other worse. Central data lakes are precisely the kind of target the breach statistics describe.
Identiq spent nearly a decade and invested more than $50 million developing patented privacy-enhancing technology that lets organizations share fraud signals without exposing customer data to any third party.
No central data lakes. No data brokerage.
Integrated into Incode’s platform, that work is projected to reach billions of verifications annually, adding network fraud intelligence to the platform’s capabilities.
“Every institution shared the same concern with us: how do we fight fraud together without giving up control of our customers’ data,” said Itay Levy, Co-Founder and CEO of Identiq.
“Identiq built the answer to that very question. As part of Incode, that answer is now available to every organization that deals with massive amounts of user data.”
The pressure comes from both directions: regulation keeps expanding, and users are increasingly demanding more privacy-preserving ways to meet it. Regulators, meanwhile, are actively deciding which age assurance methods count as effective — which makes this the period in which the standard gets set.
Incode’s position going into that period is a matter of record rather than roadmap: a compliance program spanning SOC 2 Type 2, ISO/IEC 27001, HIPAA Attestation of Compliance, FedRAMP Ready, the Age Check Certification Scheme (ACCS), and the Kantara IAL2 Component Services Trust Mark; more than 7 billion trust checks processed; and now a shipping product where the face never leaves the device, alongside fraud collaboration that never pools the data.
“We have always believed that privacy and fraud prevention are not a tradeoff, but part of the same problem — solved together or not at all,” said Ricardo Amper, Founder and CEO of Incode.
“Age checks are becoming law around the world. Our job is to do what we can so that proving your age asks as little of the user as possible.”
See how On-Device Age Estimation lets platforms meet age assurance requirements without the user’s face leaving the user’s device, and book a walkthrough for your team: incode.com/privacy
Sponsored and written by Incode.
London Mayor Sadiq Khan handed a peerage by Keir Starmer alongside 15 other Labour figures… just days before the PM leaves No10
Weekend Open Thread – Corporette.com
The House | The City of London can help the new chancellor deliver growth in every postcode
CFTC blocks Kalshi from unwinding Michigan trades after court order
Young campaigners urge incoming PM to act on outdoor junk food ads
Nvidia Stock Slips After Big Tuesday Rally as Huang Confirms Vera Rubin Chip Is Now in Production Today
Ripple Payments Joins MiCA With 14 Firms, Does It Mean Anything For XRP?
Disney’s Most Ambitious Failed Star Wars Attraction Is Coming to SDCC
Ripple wins EU-wide access as ESMA adds it to MiCA register
Palantir Shares Rise After Expanded Nvidia Partnership and Fresh Analyst Upgrades Ahead of Earnings Day
Injective Submits SEC Transfer-Agent Registration to Onchain Ownership Records
Get Your ESP32 Sunny Side Up With This Solar Dev Board
XRP BOMBSHELL… XRP OMBOARDED FOR TRANSACTIONS!!!
Registration is now open for March for Men with Kev 2026
Dark Secrets Emerge When Jailbreaking LLMs
New Cornerback Enters Vikings Trade Rumor Mill
Money | Class 12 Economics | CBSE Board Exam 2026-27
Banco Bilbao Vizcaya Argentaria, S.A. (BBVA) Discusses Global Macro Environment and Economic Outlook for Core Markets Transcript
Claude Fable 5 Slips to Second in AI Coding Leaderboard
Cloudflare Precursor Watches Your Mouse and Keyboard To Decide If You Are Human
You must be logged in to post a comment Login