Stockholm-based Strawberry is launching its “self-driving” AI-powered browser in open beta after a year in closed testing. Strawberry is a browser with built-in AI agents that can surf, click, and perform real tasks on behalf of the user, even on login-protected sites.

The idea is to make AI agents available to non-technical users such as salespeople, recruiters, and analysts, without them needing to be able to write advanced prompts or code. A key new feature is a personalized onboarding process that maps the user’s role and workflow. With the user’s consent, the system builds a profile and then suggests relevant tasks to reduce the barrier to getting started.

According to Strawberry’s own tests, the browser outperforms competing AI tools, including Perplexity’s Comet and Open AI’s ChatGPT Atlas, in practical workflows. The browser also scores around 78% in the GAIA agent benchmark.

Strawberry is free to download and try. Access to its full functionality costs $20 per month.

Source:: Computer World

By Ana-Maria Stanciuc When European tech observers talk about AI ambition, the narrative often splits neatly in two: models and infrastructure. On one side are the clever bits of code that can write, reason, and generate text or images. On the other is the gritty reality of making those bits run reliably, at scale, and in production. Today, […] This story continues at The Next Web

Source:: The Next Web

By Nadeem Sarwar Apple has reportedly sped up efforts to develop an AI-powered pendant equipped with a camera that could launch next year.
The post Apple racing to launch an AI pendant to serve as your iPhone’s eyes and ears appeared first on Digital Trends.

Source:: Digital Trends

February is Heart Month, so it’s appropriate to speak with the team that built the recently introduced hypertension notifications system for watchOS 26 and Apple Watch. 

I spoke with Apple’s Steve Waydo, director for health sensing, and Dr. Rajiv Kumar, physician-researcher, who offered a glimpse into the science and decisions behind their lengthy project to give smartwatch users an actionable and reliable tool to track this aspect of heart health.

Waydo led the long development of the hypertension notification feature. “The idea goes way back to not all that long after we launched the first Apple Watch,” he said. “We had this device collecting physiological data on users all the time. This hadn’t existed before. We saw it as a new and unique opportunity.”

But first, Apple needed to develop new sensor capabilities, assemble world-class technical and clinical expertise, and build accurate and effective machine learning tools. Apple wanted its solutions to be grounded in science, so it also launched a large-scale heart health study with the University of Michigan. 

Understanding Hypertension

Hypertension is a state of chronic high blood pressure. Each time your heart beats, it moves blood out of the heart and into your blood vessels. When blood pressure is high, there’s a lot of back pressure so the heart must beat harder than usual to get the blood out. That, over time, is called hypertension. The problem with this condition is that it’s totally asymptomatic, which is why it is seen as a silent killer. 

More than 1 billion people have this condition, and nearly half of all US adults suffer from it. Yet, around half of them don’t know they have it. 

That’s why Apple’s tool is important; it could help people identify the condition and take steps to manage it. “So much of our health is invisible even to ourselves, and one of the biggest barriers to better health is just simply not knowing what’s going on,” said Waydo.

Apple’s plan is to harness the power of wearable data to help surface conditions such as this one, which otherwise might not be easily managed by any of us.

Machine learning, data, and context

The data an Apple Watch provides differs from most test data because the device is worn all day, almost daily. That means the information it gathers changes over time, which helps identify deep health insights. What makes the information more actionable is artificial intelligence, which helps the device itself surface useful insights based on the data it can track. 

Kumar explained how Apple developed a machine learning system to combine that personal data with real world information drawn from the Apple Heart study. The latter helped Apple understand, “what the signals look like, what they look like across a person’s life and in a variety of circumstances and break the raw sensor data down into thousands of independent factors that we can quantify.”

Apple also leaned into supervised learning data, in this case information derived from both sensor data and ground truth. This is the kind of information generated by Apple’s work with the University of Michigan. The beauty of the combination is that Apple can see how sensor data correlates with scientific data. Machine learning models can then analyze the personal data and contrast it with sensor data across thousands of factors to identify a person’s hypertensive status.

You can learn more about how Apple’s system works by reading the company’s extensive white paper on the topic.

Apple Watch, a wearable doctor

“These machine learning tools are a key enabling technology, because with something like hypertension, the way it manifests in our signals is extremely subtle,” said Waydo. “It’s really subtle features of the actual shape of the signal that we get off the sensors…. We’re looking at much more subtle signals that correlate with high blood pressure, because those signals tell us something about how your blood vessels respond every time your heart beats. So, we apply these machine learning techniques to millions of data segments.”

“I’ve been at Apple for 13 years, so I’ve been here along this whole journey,” says Waydo. “And these same kinds of tools make it possible for your watch to track your activity, understand if you’re walking, or swimming in a pool, estimate how long you spend in any sleep stage, identify when you take a fall, so that it can connect you with emergency services. So, we’re using machine learning tools all over the place.”

In each case, Apple finds that it is important to look at how a person’s data evolves over a long period of time, as opposed to just giving a notification based on one moment.

The art of noise

The phrase “garbage in, garbage out” does a lot of work in the AI age, but Apple’s experts had interesting insights into the nature of data noise. “You know, we are processing vast amounts of data to develop these features,” says Waydo. That means the algorithms must figure out how to grade the data they pick up. 

Apple, which supplements the data with research acquired from large-scale, real-world studies, found that building in support for “messiness” can make for better results. “Having that data set that actually that has messiness and realism to it is very important for coming up with signals that are more than a research curiosity and can really apply to, you know, actual people using our devices in the world,” Waydo said.

In AI, failure builds success

Getting the system to work was a long process of iteration and repetition. Apple’s teams built bigger and better data sets, revised their algorithms, and kept improving what they had built until it became ready to roll it out into the world.  “We rinse and repeat that process for weeks or months or years until we have something we’re happy with,” said Waydo.

Apple

The team also gets excited when things don’t work. “We may find use cases or particular kinds of users or particular scenarios where we get a lot of false positives or where we get no true positives. And that tells us where to go in order to improve the algorithm and iterate on the algorithm, and usually that means getting more data that captures those use cases that we can incorporate into our machine learning training.”

As part of the work, Apple’s teams also looked closely at demographics. The intention is to ensure that age, sex, or race don’t impact the performance of the systems Apple provides. Apple is a global company that ships products to a lot of people. It’s solutions have to work for everyone.

What it isn’t

The feature isn’t intended to be a complete replacement for regular check-ups. Recent reporting that not every case of hypertension will be picked up is correct, and reflects the balance the developers had to reach to create a system they could ship. That’s because the team realized that training the algorithm to be more sensitive would diagnose more cases, but at the cost of more false positives. 

The danger of false positives is that people stop listening. After all, if you are given health notifications by your device you must be able to trust its accuracy. No one wants to be given false information.

Waydo explained the conundrum: Should Apple aim for 100% sensitivity when it means the system will have a lot of false positives? Or should it aim to build a system that minimizes those? That’s why Apple had to achieve a balance.

“We weigh our work very heavily towards trying to manage false positives and trying to make sure that when we do notify someone of a potential issue, whether it’s hypertension or a regular rhythm or any of these other things, that notification is really trustworthy. And sometimes that means that there are cases that we can’t catch, because if we catch this additional set of cases, we’re also going to end up catching a bunch of people who don’t need the notification. And that undermines the utility of the whole thing,” Waydo said.

Apple recommends that any Apple Watch user receiving a hypertension notification check and log their blood pressure and visit their doctor.

Fan mail

Apple’s rock solid commitment to privacy means its teams can’t track how successful its systems are in the field because it never sees that kind of information coming from personal devices. But the team does get letters from users, medical practitioners, and others who have been affected

“I love hearing from clinicians who say they met someone who otherwise wouldn’t have known or who wouldn’t have come in, and it’s really changed their lives,” said Dr. Kumar. “Each of our features, whether it be in women’s health, hearing health, or heart health — they’re all based on science, must be actionable and absolutely built with privacy at the core.”

And each time someone gains better insight into their own health, they become better equipped to improve the health decisions they take in the future.

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe. Also, now on Mastodon.

Source:: Computer World

By Thomas Cuvelier Venture capital has long avoided ‘hard’ sectors such as government, defence, energy, manufacturing, and hardware, viewing them as uninvestable because startups have limited scope to challenge incumbents. Instead, investors have prioritised fast-moving and lightly regulated software markets with lower barriers to entry. End users in these hard industries have paid the price, as a lack […] This story continues at The Next Web

Source:: The Next Web

By Hisan Kidwai To strengthen its appeal to fitness enthusiasts, Garmin has announced a new retail partnership with Giant…
The post Garmin Partners With Giant Bicycles India to Bring Cycling Tech to Retail Stores appeared first on Fossbytes.

Source:: Fossbytes

By Hisan Kidwai To streamline servicing for users, ASUS has announced a new after-sales initiative in India called ASUS…
The post ASUS Launches PUR Doorstep Pickup & Return Service for Accessories in India appeared first on Fossbytes.

Source:: Fossbytes

By Pranob Mehrotra A new report suggests that Apple may not launch its advanced AR glasses with built-in displays until 2028.
The post You might have to wait until 2028 for Apple’s rumored AR smart glasses appeared first on Digital Trends.

Source:: Digital Trends

By Ana-Maria Stanciuc If you checked X today expecting the usual stream of hot takes, memes, and AI spats, you probably saw… nothing. A widespread outage hit the platform today, leaving feeds blank, timelines unresponsive, and users staring at the digital equivalent of an empty room. Outage trackers such as Downdetector logged a dramatic surge in problem reports […] This story continues at The Next Web

Source:: The Next Web

The AI bubble isn’t just hype — it’s real and could create many corporate casualties if or when it bursts. The companies that will succeed will be the ones solving real-world problems and engaging clients, according to tech industry execs and analysts.

AI startup valuations have skyrocketed, creating the fear of an AI bubble that’s drawn parallels to the dot-com bubble of the early 2000s; in the aftermath of that internet hype cycle, many once-promising companies went under.

Lofty AI valuations have economists concerned about a market correction if the investments don’t improve productivity or produce real-world results. Trade, geopolitical and tariff concerns are also raising further alarms and uncertainty.

Even though the discussion of a potential bubble is ubiquitous, what’s going on is more nuanced than simple boom-and-bust chatter, said Francisco Martin-Rayo, CEO of Helios AI.

“What people are really debating is the gap between valuation and real-world impact. Many companies are labeled ‘AI-driven,’ but only a subset are delivering measurable value at scale,” Martin-Rayo said.

Founders confuse fundraising with progress, which comes only when they are solving real problems for real clients, said Nacho De Marco, founder of BairesDev. “Fundraising gives you dopamine, but real progress comes from customers,” De Marco said. “The real value of a $1B valuation is customer validation.”

The economic impact of AI was a big part of the conversation at last month’s World Economic Forum (WEF), where De Marco participated in a panel discussion called “How High Can Unicorns Fly.”  He stressed that AI lowers the financial and operational barrier of entry for founders starting their businesses.

“You can build something massive without outside capital, but only if your unit economics work. When you bootstrap, your north star is payroll, not burn rate,” De Marco said.

The AI shakeout has already started, and the tenor at WEF “feels less like peak hype and more like the beginning of a sorting process,” Martin-Rayo said.

There are fewer foundational models and more verticalized applications, and companies that can’t translate impressive demos into durable revenue will fall, Martin-Rayo said.

Companies that survive the coming shakeout will be those willing to rebuild operations from the ground up rather than throwing AI into existing workflows, said Jinsook Han, chief agentic AI officer at Genpact. ”It’s not about just bolting some AI into your existing operation,” Han said. “You have to really build from ground up — it’s a complete operating model change.”

Foundational models are becoming more mature and can do more of what startups sell. As a result, AI providers that don’t offer distinct value will have a tough time surviving, Han said.

“There are a lot of companies that just are leveraging foundational models. And I think those will go away. And if we want to call that a bubble, I think that definitely is,” Han said.

In talks with clients, Han has found that many are confused. Tech demos look great, but clients aren’t sure whether AI fits their operating model. “Does it work in my environment? Does it protect me? So that’s where we are. I think there’s that part of bubble for sure,” Han said.

AI’s fundamental unresolved problems, such as hallucinations, are still underappreciated as companies chase valuations, said Deepak Seth, director analyst for Gartner. “Organizations need to be future aware, but they have to be grounded in their past also. You cannot just be chasing the shiny object all the time,” Seth said.

Source:: Computer World

By Shikhar Mehrotra Gemini now delivers AI audio summaries in Google Docs, offering natural voices, playback controls, and hands-free listening for Workspace subscribers on the web.
The post Gemini can now create audio summaries of your Google Docs appeared first on Digital Trends.

Source:: Digital Trends

By Manuel Faust I need to say something that might make CS leaders uncomfortable: most of what your team does before a renewal is valuable, but it’s listening to only one channel. Your EBRs, your health scores, your stakeholder maps. They capture what your customer is willing to tell you directly. What they don’t capture is the conversation […] This story continues at The Next Web

Source:: The Next Web

OpenAI has hired Peter Steinberger, creator of the viral OpenClaw AI assistant, to spearhead development of what CEO Sam Altman describes as “the next generation of personal agents.”

The move comes weeks after OpenClaw, previously known as Clawdbot and then Moltbot, achieved explosive popularity despite security researchers warning of serious vulnerabilities in the open-source tool.

Steinberger will join OpenAI full-time to drive the company’s personal agent strategy. OpenClaw will operate as an open source project under an independent foundation that OpenAI will support, Altman said on X.

“The future is going to be extremely multi-agent and it’s important to us to support open source as part of that,” Altman wrote.

The appointment is significant because OpenClaw demonstrated strong market demand for agents that can execute tasks autonomously, said Sanchit Vir Gogia, chief analyst at Greyhound Research. The project accumulated over 145,000 GitHub stars in weeks despite security concerns.

“The hiring matters because OpenClaw sits at the edge where conversational AI becomes actionable AI,” Gogia said. “It moves from drafting to doing.”

In a blog post, Steinberger said the opportunity to build agents at scale convinced him to join a large organization after years of entrepreneurship. “The vision of truly useful personal agents — ones that can help with real work, not just answer questions — requires resources and infrastructure that only a handful of companies can provide,” he wrote.

He said OpenClaw will continue evolving as an open-source project. “This isn’t an acqui-hire where a project gets shut down. I’ll still be involved in guiding its direction, just with significantly more resources behind it.”

OpenClaw gives AI models the ability to interact with desktop environments, executing actions like clicking buttons, filling forms, and navigating between applications. Unlike traditional robotic process automation tools relying on pre-programmed scripts, OpenClaw-powered agents can adapt to interface changes and make contextual decisions.

Steinberger, who founded and sold PDF toolkit company PSPDFKit to Nutrient in 2024, began OpenClaw as a weekend project in November 2025.

Orchestration over intelligence

Altman’s emphasis on multi-agent systems reflects a broader competitive shift in AI, according to analysts. The race is moving from model intelligence to runtime orchestration.

That orchestration layer, encompassing model coordination, tool invocation, persistent context management, connector standards, identity enforcement, policy controls, and human override mechanisms, is becoming the competitive battleground, Gogia said.

“What differentiates vendors now is not the existence of agents, but how they structure control,” Gogia added.

Anthropic has advanced computer use patterns in Claude, Microsoft has invested heavily in multi-agent orchestration through AutoGen and Copilot, and Google’s Project Astra points toward ambient multimodal assistance.

Deployment lags hype

Despite the competitive rush, enterprise deployment remains limited. According to Gartner research, only 8% of organizations have AI agents in production. Success rates drop sharply as agent workflows scale, with compound reliability falling below 50% after just thirteen sequential steps, even assuming 95% per-step reliability.

“It will still take a few years for AI agents to handle complex, multistep workflows,” said Anushree Verma, senior director analyst at Gartner. “Organizations would essentially need ‘an agentic brain’, something that can create, run, and manage workflows.”

Security poses another challenge. Prompt injection becomes more dangerous when agents can take actions, and agents require governance similar to privileged user accounts—including role-based permissions, audit logging, and human checkpoints for critical actions.

Currently, agents are seeing success in bounded use cases like IT ticket triage and data extraction, but struggle with cross-system workflows involving financial commitments or regulated decisions.

Open-source commitment

OpenAI’s decision to maintain OpenClaw as an open source project could help address some enterprise security concerns by allowing organizations to audit code and customize implementations. However, open-source transparency alone doesn’t eliminate enterprise requirements around security controls, support models, and accountability, according to Gogia.

Neither Altman nor Steinberger provided specifics about when agent capabilities might appear in OpenAI’s commercial products, though Altman indicated the technology would “quickly become core to our product offerings.”

Questions remain about how OpenClaw’s framework will integrate with OpenAI’s existing products and whether OpenAI will address security concerns that affected the open-source version.

Source:: Computer World

By Omair Khaliq Sultan If you’ve been hanging onto an older Apple Watch and telling yourself “it still works,” this is the kind of deal that makes upgrading feel simple. Apple Watch Series 11 (GPS) is $299, down from a $399 retail value, saving you $100. The other reason it matters: this price is tied to a deal countdown, […] The post Apple Watch Series 11 hits $299 in a fast-ending deal, a great excuse to finally upgrade appeared first on Digital Trends.

Source:: Digital Trends

By Nadeem Sarwar Gemini 3 Deep Think is focused on scientific and engineering work, and it’s now now available to Google AI Ultra subscribers in the Gemini app.
The post Google boosts Gemini 3 Deep Think AI and it’s a huge milestone for 3D printing appeared first on Digital Trends.

Source:: Digital Trends

By Ana-Maria Stanciuc The 62nd Munich Security Conference opened on 13 February 2026 in Munich, Germany, and this year’s gathering feels different from past editions. For decades, Munich was about jets, troops, and treaties. Today, cyber and AI are no longer peripheral; they are part of the architecture of security itself. Cyber risks, digital infrastructure, and emerging technologies […] This story continues at The Next Web

Source:: The Next Web

With a new Gartner report suggesting that AI problems will “shut down national critical infrastructure” in a major country by 2028, CIOs need to rethink industrial controls that are very quickly being turned over to autonomous agents.

Gartner embraces the term Cyber Physical Systems (CPS) for these technologies, which it defines as “engineered systems that orchestrate sensing, computation, control, networking and analytics to interact with the physical world (including humans). CPS is the umbrella term to encompass operational technology (OT), industrial control systems (ICS), industrial automation and control systems (IACS), Industrial Internet of Things (IIoT), robots, drones, or Industry 4.0.”

The issue it cites is not so much one of AI systems making mistakes along the lines of hallucinations, although that is certainly a concern, but that the systems won’t notice subtle changes that experienced operational managers would detect. And when it comes to directly controlling critical infrastructure, relatively small errors can mushroom into disasters.

“The next great infrastructure failure may not be caused by hackers or natural disasters, but rather by a well-intentioned engineer, a flawed update script, or a misplaced decimal,” said Wam Voster, VP Analyst at Gartner. “A secure ‘kill-switch’ or override mode accessible only to authorized operators is essential for safeguarding national infrastructure from unintended shutdowns caused by an AI misconfiguration.”

“Modern AI models are so complex they often resemble black boxes. Even developers cannot always predict how small configuration changes will impact the emergent behavior of the model. The more opaque these systems become, the greater the risk posed by misconfiguration. Hence, it is even more important that humans can intervene when needed,” Voster added.

Enterprise CIOs and other IT leaders have been aware of the industrial AI risks for years, and have had guidance on how to mitigate those critical infrastructure risks. But as autonomous AI has exponentially expanded its system controls, the dangers have also expanded. 

Matt Morris, founder of Ghostline Strategies, said one challenge with industrial AI controls is that they can be weak at detecting model drift. 

“Let’s say I tell it ‘I want you to monitor this pressure valve.’ And then, slowly, the normal readings start to drift over time,” Morris said. Will the system consider that change just background noise, given that it might think all systems change a bit during operations? Or will it know that this is a hint of a potentially massive problem, as an experienced human manager would? 

Despite these and other questions, “companies are implementing AI super fast, faster than they realize,” Morris said. 

Industrial AI moving too fast

Flavio Villanustre, CISO for the LexisNexis Risk Solutions Group, said he has also seen indicators that AI might be taking over too much too fast.

“When AI is controlling environment systems or power generators, the combination of complexity and non-deterministic behaviors can create consequences that can be quite dire,” he said. Boards and CEOs think, “’AI is going to give me this productivity boost and reduce my costs.’ But the risks that they are acquiring can be far larger than the potential gains.”

Villanustre fears that boards and CEOs may not apply the brakes on industrial autonomous AI until after their enterprise suffers a catastrophe. “[But] I don’t think that [board members] are evil, just incredibly reckless,” he said.

Cybersecurity consultant Brian Levine, executive director of FormerGov, agreed that the risks are extreme: extremely dangerous and extremely likely.

“Critical infrastructure runs on brittle layers of automation stitched together over decades. Add autonomous AI agents on top of that, and you’ve built a Jenga tower in a hurricane,” Levine said. “It is helpful for organizations, especially those operating critical infrastructure, to adopt and measure their maturity, using respected frameworks for AI safety and security.”

Bob Wilson, cybersecurity advisor at the Info-Tech Research Group, also worries about the near inevitability of a serious industrial AI mishap.

“The plausibility of a disaster that results from a bad AI decision is quite strong. With AI becoming embedded in enterprise strategies faster than governance frameworks can keep up, AI systems are advancing faster and outpacing risk controls,” Wilson said. “We can see the leading indicators of rapid AI deployment and limited governance increase potential exposure, and those indicators justify investments in governance and operational controls.”

Wilson noted that companies must explore new ways of looking at industrial AI controls. 

“AI can almost be seen as an insider, and governance should be in place to manage that AI entity as a potential accidental insider threat,” he said. “Prevention in this case begins with tight governance over who can make changes to AI settings and configurations, how those changes are tested, how the rollout of those changes is managed, and how quickly those changes can be rolled back. We do see that this kind of risk is amplified by a widening gap between AI adoption and governance maturity, where organizations deploy AI faster than they establish the controls needed to manage its operational and safety impact.”

Thus, he said, companies should set up a business risk program with a governing body that defines and manages those risks, monitoring AI for behavior changes.

Reframe how AI is managed

Sanchit Vir Gogia, chief analyst at Greyhound Research, said addressing this problem requires executives to first reframe the structural questions. 

“Most enterprises still talk about AI inside operational environments as if it were an analytics layer, something clever sitting on top of infrastructure. That framing is already outdated,” he said. “The moment an AI system influences a physical process, even indirectly, it stops being an analytics tool, it becomes part of the control system. And once it becomes part of the control system, it inherits the responsibilities of safety engineering.”

He noted that the consequences of misconfiguration in cyber physical environments differ from those in traditional IT estates, where outages or instability may result.

“In cyber physical environments, misconfiguration interacts with physics. A badly tuned threshold in a predictive model, a configuration tweak that alters sensitivity to anomaly detection, a smoothing algorithm that unintentionally filters weak signals, or a quiet shift in telemetry scaling can all change how the system behaves,” he said. “Not catastrophically at first. Subtly. And in tightly coupled infrastructure, subtle is often how cascade begins.”

He added: “Organizations should require explicit articulation of worst-case behavioral scenarios for every AI-enabled operational component. If demand signals are misinterpreted, what happens? If telemetry shifts gradually, how does sensitivity change? If thresholds are misaligned, what boundary condition prevents runaway behavior? When teams cannot answer these questions clearly, governance maturity is incomplete.”

This article originally appeared on CIO.com.

Source:: Computer World

The US Federal Trade Commission (FTC) seems to be doubling down on its investigation of Microsoft and the tech giant’s potentially shady bundling and licensing practices.

According to a Bloomberg report, the federal agency has been issuing civil investigative demands (CIDs) to companies that compete with Microsoft in the business software and cloud computing markets.

CIDs are powerful, subpoena-like mandates used by government agencies to investigate potential violations of civil law, typically before a formal complaint or lawsuit is filed.

According to inside sources, at least a half-dozen companies have received these requests, which ask a range of questions around Microsoft’s licensing and other business practices, the report said. The FTC is also seeking information on Microsoft’s bundling of AI, security, and identity software into other products, including Windows and Office.

This development is the latest in an ongoing, nearly year-and-a-half-long probe into whether the company is illegally monopolizing several markets critical to modern enterprises. It also seems to indicate that the federal government is seeking evidence that Microsoft makes it difficult, more expensive, or near-impossible for companies to use Windows, Office, or other of its products on competitors’ cloud services.

“To say MSFT is a serial offender with regard to stretching the limits of anti-trust law would be the understatement of the century,” said Scott Bickley, advisory fellow at Info-Tech Research Group. “Microsoft embodies the mantra of ‘beg forgiveness vs asking permission’ and leverages its scale to force bundled products upon its customer base.”

Licensing and bundling tactics could crowd out competitors

The FTC launched its wide-ranging investigation into Microsoft in November 2024, issuing a CID compelling the company to turn over roughly a decade’s worth of data about its operations (from 2016 to 2025).

The agency is closely examining the tech giant’s age-old practice of bundling its Office productivity and security software in with its cloud services. This could potentially violate antitrust laws if the company is exploiting its dominance in the productivity space to gain unfair advantages in cloud computing and cybersecurity markets.

Notably, the FTC is looking into how Microsoft structures licensing in a way that impedes customers from switching to rival offerings. This would constitute unfair practice and put competitors at a disadvantage.

Microsoft has fought back against the claims, and, following complaints across global markets, made some changes intended to loosen its policies. For instance, recent decisions in the EU forced the unbundling of Teams from the Office suite. However, this “ironically resulted in net higher pricing for EU consumers,” said Info-Tech’s Bickley.

Additionally, the CISPE consortium of European cloud providers reached an agreement with Microsoft in mid-2025; the cloud giant agreed to pay €20 million ($23.7 million today) to smaller cloud providers excluded from offering Microsoft services under a hosted model, and to update its software licensing terms to allow European providers to run Microsoft software on their own platforms at prices equal to Microsoft’s.

However, Bickley pointed out, recent complaints allege that the company has not delivered on this promise.

It’s important to note that these “half-hearted measures” in the EU do not apply to US-based Microsoft customers, he pointed out. Allegations around product tying, notably with Microsoft 365, continue to arise regularly in the US.

For instance, Microsoft’s Listed Providers program does not allow Microsoft on-premises software to be deployed on certain dedicated hosted cloud services, including rivals Amazon, Google, and Alibaba, without mobility rights and Software Assurance (SA), its volume licensing support add-on. Bickley pointed out that Microsoft “strategically” excludes products from its License Mobility program which allows customers to move workloads to other clouds.

Some of these excluded products and applications include Windows Server, Visual Studio, Windows desktop OS, Microsoft Office, and Microsoft 365. Previously, such products could be deployed in a dedicated cloud environment, but Microsoft changed the rules in October 2019, restricting this option to licenses purchased with SA and mobility rights. Bickley pointed out that this only applies to Listed Providers and excludes traditional outsourcing services.

In other questionable commercial practices, Microsoft also makes the purchase of its Microsoft 365 E5 top-tier subscription plan the “only viable short-term economic choice” compared to cheaper options like Microsoft 365 E3, even where the purchase results in a “material amount of shelfware,” said Bickley. 

“Licensing of several security products is obscure, and upon audit, Microsoft frequently forces customers to upgrade their entire suite to E5 in order to attain compliance,” he noted.

Future concerns will likely center around potential bundling or integration of AI services such as Microsoft Copilot, “for which the consumption metrics will be ambiguous and [the services will be] difficult, if not impossible, to disable for IT administrators,” said Bickley.

Relationship with OpenAI

While much of the initial query, and subsequent ones, have focused on licensing and bundling, the FTC is also looking into the company’s relationship with OpenAI, and raising questions about Microsoft’s data centers, capacity constraints, and AI spending and research.

Notably, the tech giant’s initial $1 billion investment in OpenAI has grown into a multi-billion-dollar partnership, with Microsoft rolling out ChatGPT-powered features across its product line in 2023. The FTC is examining whether the relationship is an undisclosed merger that should have been subject to antitrust review.

Further, the federal agency is scrutinizing Microsoft’s alleged decision to scale back its own AI research following the OpenAI investment, potentially reducing competition.

Tactics ‘remarkably the same’

Ultimately, all of this recalls the industry-shaping 1990s US federal investigation into Microsoft’s monopoly of desktop software and web browsers. A federal judge ruled at the time that the company deliberately built the Internet Explorer (IE) browser into Windows to edge out rivals like the now-defunct Netscape.

And, analysts note, it’s an indication that Microsoft hasn’t learned from those past lessons.

“While technology and trends may have evolved since Microsoft’s first anti-trust case in 1998, where they were forced to unbundle IE from Windows OS, their tactics have stayed remarkably the same,” Bickley noted.

This article originally appeared on CIO.com.

Source:: Computer World

By Varun Mirchandani OpenAI is retiring GPT-4o, GPT-4.1, GPT-4.1 mini, and other older models in ChatGPT to focus development on newer, improved GPT versions.
The post Your favorite old ChatGPT models are going away appeared first on Digital Trends.

Source:: Digital Trends

Each month, the team at Readiness analyzes the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. The company’s Patch Tuesday release for February addresses 59 CVEs across the company’s product family — roughly half the volume of January’s 159 patches.

Six vulnerabilities, affecting Windows Shell, MSHTML, Desktop Window Manager, Remote Desktop, Remote Access, and Microsoft Word, are already being actively exploited. (All five Critical-rated CVEs target Azure services rather than Windows, however.) 

Both Windows and Office get a “Patch Now “recommendation, with CISA setting a March 3 enforcement deadline for all six exploited vulnerabilities. Two new enforcement timelines also take effect in April: Kerberos RC4 deprecation (CVE-2026-20833) and Windows Deployment Services hardening (CVE-2026-0386).

(More information about recent Patch Tuesday releases is available here.)

Known issues

February is a notably clean month for known issues. All three desktop KB articles — KB5077181 (Windows 11 25H2/24H2), KB5075941 (Windows 11 23H2), and KB5075912 (Windows 10 22H2) — explicitly state that Microsoft is not currently aware of any issues. This is a welcome contrast to January, which was one of the rougher months in recent memory.

Two ongoing known issues remain:

CVE-2025-59287:  Windows Server Update Services (WSUS) — Error reporting intentionally disabled since October 2025 to mitigate this critical CVSS 9.8 unauthenticated RCE. Synchronization error details remain suppressed and Microsoft has not yet posted a fix or remediation strategy.

Windows Update Standalone Installer (WUSA) — Fails to install .msu packages from network shares containing multiple .msu files (ERROR_BAD_PATHNAME). This vulnerability has been mitigated via a Known Issue Rollback policy.

Issues resolved this month

February’s cumulative updates resolve several issues from January’s less-than-glorious cycle:

Windows Secure Launch — VSM shutdown and hibernation failure on Intel processors; devices restarted instead of powering off. Fixed in KB5077181, KB5075941, and KB5075912.

Microsoft OneDrive / Microsoft Outlook — Cloud storage integrations caused applications to hang when opening or saving files. (Now included in this month’s cumulative updates.)

These issues were originally addressed through three separate emergency out-of-band releases: (KB5077744 on Jan. 17, KB5078127 on Jan. 24, and the Jan. 29 preview). Organizations that deferred those updates will receive the fixes in this month’s cumulative package. But the operational regressions were only part of January’s disruption; Microsoft also shipped an emergency security patch for an actively exploited Office zero-day on Jan. 26.

Major revisions and mitigations

That emergency out-of-band security update for Office vulnerability was  the only major inter-cycle security revision this month:

CVE-2026-21509 (Microsoft Office) — Security feature bypass that circumvents OLE mitigations, exposing users to vulnerable COM/OLE controls via malicious documents. CVSS 7.8; the Preview Pane is not an attack vector. Added to the CISA KEV catalog with a federal remediation deadline of Feb. 16 (this coming Monday), no further action is needed if the out-of-band update was already applied.

Windows lifecycle and enforcement updates

Two new enforcement timelines were introduced with the January updates, alongside several ongoing transitions that enterprise teams should be tracking. As we noted in January, the Secure Boot certificate deadlines remain the most time-sensitive:

CVE-2026-20833 — Windows Kerberos — RC4 encryption is being phased out for service account ticket issuance. In April: default changes to AES-SHA1 for accounts without an explicit msds-SupportedEncryptionTypes attribute. In July: enforcement phase removes the RC4DefaultDisablementPhase registry override entirely. Action: Audit service accounts for explicit encryption type attributes before April; to ensure no dependencies on RC4-only authentication.

CVE-2026-0386 — Windows Deployment Services (WDS) — Hands-free deployment hardening. April: disabled by default with a secure-by-default posture, it can be re-enabled via registry settings (with an understanding of the associated security risks). Action: Organizations using WDS for unattended OS deployment should plan for registry overrides or migrate to alternative deployment tooling before April.

CVE-2023-24932 — Windows Secure Boot — As we explained in January, the enforcement phase remains scheduled for “not before January 2026” with at least six months advance notice. When enforced, the Windows Production PCA 2011 certificate will be automatically revoked and added to the Secure Boot UEFI Forbidden List (DBX) on capable devices. This will be programmatic with no option to disable. Action: Verify that managed devices are receiving the updated 2023 certificates through Windows quality updates, and review Microsoft’s Secure Boot playbook.

As a reminder, the Secure Boot certificates issued in 2011 begin expiring this year. Devices that do not receive the updated 2023 certificates might fail to boot securely. We covered this in detail in our January post;  admins must verify certificate status on managed devices and install the 2023 CAs before June

Six vulnerabilities are being actively exploited, spanning the Desktop Window Manager, Windows Shell, Remote Desktop Services, Internet Explorer mode, Remote Access, and Microsoft Word. One cumulative update component has been flagged as high risk, affecting Secure Boot and system power state transitions. And Microsoft has introduced a functional change to LDAP that restricts unauthenticated queries on Windows Server 2025. 

Organizations should prioritize patching for the actively exploited vulnerabilities and validate power management changes before broad deployment.

Secure Boot and Power Management (High Risk)

Updates to the Secure Kernel and SecureBootAI components have been flagged as high risk by Microsoft. These changes affect how Windows handles power state transitions on Windows 11 23H2 and Windows 10 22H2 systems. Given the potential for boot and resume failures, thorough testing is essential before rolling out to production:

Initiate system shutdown using the Start menu and verify the system fully powers off; leave powered down for at least five minutes before restarting

Initiate system shutdown via command line (shutdown /s /t 0) and verify full power-off

Test system hibernation and confirm it resumes to the same state after at least five minutes, with previously open windows and applications restored

Test system sleep and wake, confirming the system returns to its prior state

Verify BitLocker-protected devices boot without recovery key prompts after applying the update

Windows Shell and Internet Explorer (actively exploited)

Two actively exploited security feature bypass flaws affect the Windows Shell and Internet Explorer MSHTML platform this month. The Shell vulnerability (CVE-2026-21510) carries a CVSS score of 8.8 and could allow an attacker to bypass security restrictions. The Internet Explorer vulnerability (CVE-2026-21513), also scored at 8.8, affects the MSHTML rendering engine that remains active in Windows — even when IE is not the default browser — including IE mode in Microsoft Edge:

Verify that Mark of the Web warnings appear correctly when opening files downloaded from the internet.

Test SmartScreen protection for downloaded executables and scripts.

If IE mode is enabled in Microsoft Edge, test that enterprise intranet sites load correctly and security zone restrictions are enforced.

Verify that UAC prompts and security dialogs display properly when executing downloaded content.

Remote Desktop and Remote Access (actively exploited)

Windows Remote Desktop Services and the Remote Access Connection Manager each received patches for actively exploited vulnerabilities. The Remote Desktop vulnerability (CVE-2026-21533) is an elevation of privilege issue scored at 7.8, while the Remote Access Connection Manager vulnerability (CVE-2026-21525) is a denial of service issue scored at 6.2. 

Organizations that rely on RDP for administration or remote work should prioritize testing:

Test Remote Desktop connections to both server and client machines, verifying session establishment, credential handling, and session disconnect and reconnect.

Verify that Remote Desktop Gateway connections function correctly if used in your environment.

Test VPN and DirectAccess connections through the Remote Access Connection Manager.

Validate that remote access services remain stable under sustained connection load.

Networking and connectivity

Several core networking components received updates, including the Ancillary Function Driver (afd.sys), Connected Devices Platform (cdpsvc.dll), HTTP protocol stack (http.sys), and WLAN service (wlansvc.dll). None are flagged as high risk, but the breadth of changes across network subsystems warrants attention from enterprise teams managing diverse connectivity scenarios:

Send and receive packets over the network, including large file transfers over IPv6.

Test network connectivity through web browsing, messaging programs such as Microsoft Teams, and file upload and download.

Validate Nearby sharing and VPN connectivity, ensuring file transfers complete successfully.

Test web services that send responses with trailing headers under both normal and high-load conditions; look for response corruption, missing trailers, or unexpected connection drops.

Run WinHTTP and HTTP.sys QUIC client tests to verify SSL certificate handling.

Test Wi-Fi connectivity including enterprise and private networks, network discovery, automatic reconnection, and roaming behavior.

Validate Wi-Fi power management scenarios such as sleep during active connection, confirming connectivity resumes after wake.

Virtualization

Hyper-V core components (computecore.dll, vmcompute.dll, vmwp.exe) and the hypervisor binaries (hvax64.exe, hvix64.exe) have both been updated. These affect virtual machine lifecycle operations across Windows 11 24H2/25H2 and all server editions:

Enable the Hyper-V role and create a virtual machine.

Validate VM lifecycle operations: start, shutdown, reboot, pause, resume, save, and restore.

Test VM export and import scenarios.

Verify that existing VMs start and operate correctly after applying the update.

Graphics and DirectComposition

The Desktop Window Manager core (dwmcore.dll) received updates affecting visual composition on Windows 11 24H2/25H2 and Windows 10 1607. This includes a patch for an actively exploited elevation of privilege vulnerability (CVE-2026-21519) scored at 7.8, alongside updates to the GDI+ and Graphics Component. Applications using the Microsoft DirectComposition API should be validated:

Test applications that use the Microsoft DirectComposition API.

Verify that desktop animations, transparency effects, and window transitions render correctly.

Test multi-monitor configurations with different DPI scaling.

Server components

Several server-specific components received updates. Most notably, a functional change to the LDAP client library (wldap32.dll) on Server 2025 now restricts the number of values returned in a multi-value property during unauthenticated LDAP searches to 10,000 values. This is the only behavioral change in this release. Authenticated connections are not affected, but organizations with directory synchronization workflows should validate:

LDAP (Server 2025): Confirm that directory synchronization for groups exceeding 10,000 users succeeds over authenticated connections and is correctly restricted over unauthenticated connections.

System Events: Open a PowerShell window without admin privileges and run Get-WinEvent -ListLog “Microsoft-Windows-Kernel-ShimEngine/Operational” to confirm an insufficient permissions error appears.

Microsoft Office applications

Microsoft released security updates for Excel 2016 (KB5002837), Word 2016 (KB5002839), and Office 2016 (KB5002713), alongside updates for SharePoint Server 2016, 2019, Subscription Edition, and Office Online Server. The Word update addresses an actively exploited security feature bypass vulnerability (CVE-2026-21514) scored at 7.8. An Outlook vulnerability (CVE-2026-21511) rated as “exploitation more likely” was also patched. These updates are for MSI-based installations only and will not apply to Click-to-Run deployments such as Microsoft 365.

Open and edit complex Excel workbooks with formulas, macros, and external data connections.

Test Word document formatting, embedded objects, and mail merge scenarios.

Validate SharePoint document library operations, co-authoring, and workflow execution.

Verify that Office add-ins continue to function after applying updates.

Test Outlook email rendering, attachment handling, and security prompts when opening messages with embedded content.

Microsoft .NET Framework

February’s release includes updated SDK and runtime packages for .NET 8.0 (8.0.418), .NET 9.0 (9.0.114 and 9.0.311), and .NET 10.0 (10.0.103), available in both x64 and x86 variants. No application rebuilds or configuration changes are expected.

Confirm that existing .NET applications start and execute correctly after installing the update.

Test runtime initialization, common framework functionality including file I/O, networking, cryptography, and threading.

Validate ASP.NET Core workloads where applicable.

Test COSE message signature verification scenarios if your applications use the CoseMessage.DecodeSign1 method.

With six vulnerabilities actively exploited, patching urgency is high despite the lighter overall volume. Prioritize the Windows Shell, Internet Explorer/MSHTML, Remote Desktop, Remote Access, Desktop Window Manager, and Word patches first. Organizations using IE mode in Edge or relying on RDP for remote access should treat these as critical.

The Secure Boot and power management changes are flagged as high risk by Microsoft and should be validated next, as boot and power state failures can render devices unusable. The LDAP functional change on Server 2025 is the only behavioral change this month and could impact directory synchronization workflows that rely on unauthenticated queries returning large result sets. Server administrators should verify that their synchronization pipelines remain functional after patching.

Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings: 

Browsers (Microsoft IE and Edge) 

Microsoft Windows (both desktop and server) 

Microsoft Office

Microsoft Developer Tools (Visual Studio and .NET)

Adobe (if you get this far) 

Microsoft Windows

None of this month’s five Critical-rated CVEs affect Windows directly — all target Azure services. However, five of the six actively exploited zero-days are Windows components:

CVE-2026-21510 — Windows Shell — Security feature bypass (CVSS 8.8); circumvents SmartScreen and Shell warnings via malicious link or shortcut file. Publicly disclosed and actively exploited.

CVE-2026-21513 — MSHTML Framework — Security feature bypass (CVSS 8.8); the MSHTML rendering engine remains active in Windows, even when IE is not the default browser, including through IE mode in Edge. Publicly disclosed and actively exploited.

CVE-2026-21519 — Desktop Window Manager — Elevation of privilege (CVSS 7.8); type confusion allowing SYSTEM escalation. Actively exploited.

CVE-2026-21533 — Windows Remote Desktop Services — Elevation of privilege (CVSS 7.8); improper privilege management allowing SYSTEM escalation. Actively exploited.

CVE-2026-21525 — Windows Remote Access Connection Manager — Denial of service (CVSS 6.2); null pointer dereference. Actively exploited.

CISA has added all six actively exploited vulnerabilities to the Known Exploited Vulnerabilities catalog with an enforcement deadline of March 3. Additional Windows components receiving updates include the Ancillary Function Driver (afd.sys), HTTP protocol stack (http.sys), Hyper-V, Secure Boot, LDAP, and GDI+ — none critical or actively exploited, but the breadth of changes warrants testing before broad deployment.

With actively exploited vulnerabilities and a CISA deadline of March 3, this is a Patch Now release for Windows; confirmed in-the-wild exploitation across Shell, MSHTML, DWM, Remote Desktop, and Remote Access leaves little room for delay.

Microsoft Office

Microsoft released security updates for Word 2016 (KB5002839), Excel 2016 (KB5002837), and Office 2016 (KB5002713), alongside updates for SharePoint Server 2016, 2019, Subscription Edition, and Office Online Server. These updates apply to MSI-based installations only and don’t apply to Click-to-Run deployments such as Microsoft 365:

CVE-2026-21514 — Microsoft Word — Security feature bypass (CVSS 7.8) is the sixth actively exploited zero-day in this release. It requires a user to open a malicious Office document; the Preview Pane is not an attack vector. The CISA KEV enforcement deadline is March 3.

CVE-2026-21511 — Microsoft Outlook — Spoofing vulnerability (CVSS 7.5) resulting from untrusted data deserialization via crafted email. Rated “Exploitation More Likely” by Microsoft.

Combined with the emergency out-of-band patch for CVE-2026-21509 (covered in Major Revisions above), Office has seen two actively exploited vulnerabilities in a single cycle. This is a Patch Now release for Office. Organizations running MSI-based Office 2016 or 2019 should ensure both the February cumulative updates and the Jan. 26 out-of-band update have been applied.

Microsoft Edge and Chromium

Microsoft Edge 144.0.3719.115, released Feb. 5, incorporates the latest upstream Chromium security fixes. As of Feb. 11, Microsoft has confirmed awareness of additional Chromium fixes and is actively working on a further Edge security release. On the Chromium side, Google shipped Chrome 145 on Feb. 10, addressing 11 security vulnerabilities:

CVE-2026-2313 — Chromium CSS — Use-after-free (High severity).

CVE-2026-2314 — Chromium Codecs — Heap buffer overflow (High severity).

CVE-2026-2315 — WebGPU — Inappropriate implementation (High severity).

The remaining eight fixes address medium and low severity issues across Frames, Animation, PictureInPicture, DevTools, File input, Ozone, and Downloads. These Chromium fixes will flow into a future Edge stable release. Enterprise teams managing Edge deployments can track updates via the Edge Security Release Notes.

Developer tools

A single security vulnerability was addressed across .NET 8.0, .NET 9.0, and .NET 10.0:

CVE-2026-21218 — .NET Runtime — Security feature bypass (CVSS 7.5). Updated runtime and SDK packages: .NET 8.0.24, .NET 9.0.13, and .NET 10.0.3, available in both x64 and x86 variants.

Microsoft .NET Framework received no updates this month, and no application rebuilds or configuration changes are expected. Add these updates to your standard deployment schedule.

Adobe and third-party updates

February is a welcome reprieve from the (patching) challenges of January — a clean month for known issues, half the CVE volume, and no critical Windows vulnerabilities. 

That said, six actively exploited zero-days and an emergency OOB Office patch between cycles is hardly an easy life for IT administrators. With the Secure Boot and power management changes flagged as high risk, and printing and Win32 rendering components targeted for future updates, enterprise teams would be wise to keep their out-of-band response playbooks close at hand over the coming weeks.

Source:: Computer World