Featured Issues

Exploring Unit 42's findingsLearning Have to Zero Trust - with GoodAccessAs remote work expands and personal devices flood the enterprise, security teams face a growing challenge: how to protect sensitive data when employees and contractors connect from laptops, tablets, and phones you don’t control. Unmanaged devices and outdated software invite malware, data leaks, and compliance violations that can threaten SOC2, HIPAA, and PCI DSS standing.Traditional VPNs and mobile device management tools are too complex and costly to scale across a modern, flexible workforce. Zero Trust Network Architecture (ZTNA) changes the equation. By verifying identity instead of location, checking device health before access, and maintaining full visibility through centralized logs, it creates a secure perimeter around your data—not your network.With a Zero Trust approach, organizations can confidently enable BYOD and contractor access without hardware dependencies or heavy IT overhead. The result is faster onboarding, simplified compliance, and assurance that every user and device is exactly who—and what—it claims to be. And, to help you on that journey, GoodAccess are leading the way.Does this sound like your organization? Learn More!#222: Digging into Social Engineering, part 2Welcome to another_secpro!This week, we're back into social engineering - this time, exploring "high touch attacks" with Unit 42. If you've missed our other investigations, then check them out here and here. We've also included our popular PDF resource again, to help you improve your training sessions and help the non-specialists amongst us to make the right moves in the age of AI. Check it out!Check out _secpro premiumIf you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!Cheers!Austin MillerEditor-in-ChiefDo you want to make some money with _secpro?Like most newsletters, we rely on funds from sponsors to keep our quality high and our content consistent. Because of that, we’ve got a basic interest in finding something which our average reader might be able to help us with: sponsorships.We’re reaching out to potential sponsors who want to place their products, projects, and propositions to the world through the _secpro newsletter, showing our 105,000-strong readership exactly what you have to offer and why they should be listening to you.Does that sound like something you’d be interested in doing? If so, fill in the form below and we’ll get in touch within 7 working days.A chance to earn with _secproLLMs and Agentic AI In Production - Nexus 2025Build and fine-tune your own LLMs and Agents and deploy them in production with workshops on MCP, A2A, Context Engineering, and many more.Book now at 50% off with the code CYBER50This week's articleUnit 42 on “High-Touch Attacks”If you’ve been following over the last few weeks, you’ll be well aware that we’ve been digging into Unit 42’s year-long research into social engineering and how it is changing in the modern world. This research, in its second part, explains that “high-touch attacks” are increasing—something that few industries might be consciously aware of and even fewer prepared to deal with.Check it out todayNews BytesGrapheneOS Proves Resilient Against Cellebrite Forensic Tools While Community Debates Government Surveillance: The privacy-focused mobile operating system GrapheneOS has emerged as one of the few platforms capable of resisting advanced forensic extraction tools, according to leaked documentation from digital forensics company Cellebrite. This revelation has sparked intense community discussions about mobile security, government surveillance, and the trade-offs between privacy and convenience.Key IOCs for Pegasus and Predator Spyware Cleaned With iOS 26 Update: As iOS 26 is being rolled out, our team noticed a particular change in how the operating system handles the shutdown.log file: it effectively erases crucial evidence of Pegasus and Predator spyware infections. This development poses a serious challenge for forensic investigators and individuals seeking to determine if their devices have been compromised at a time when spyware attacks are becoming more common.Leaker reveals which Pixels are vulnerable to Cellebrite phone hacking: "Despite being a vast repository of personal information, smartphones used to have little by way of security. That has thankfully changed, but companies like Cellebrite offer law enforcement tools that can bypass security on some devices. The company keeps the specifics quiet, but an anonymous individual recently logged in to a Cellebrite briefing and came away with a list of which of Google’s Pixel phones are vulnerable to Cellebrite phone hacking."Meta and TikTok are obstructing researchers’ access to data, European Commission rules: When Philipp Lorenz-Spreen set out in 2024 to study how politicians across Europe communicate online and how much divisive language they use, he knew he had the law on his side. The European Union’s Digital Services Act (DSA), which had come into force in February of that year, guaranteed researchers like Lorenz-Spreen, a computational social scientist at the Dresden University of Technology, access to data from social media platforms X, TikTok, Facebook, and Instagram. All he had to do was ask.Into the blogosphere...AWS to Bare Metal Two Years Later: Answering Your Toughest Questions About Leaving AWS: "When we publishedHow moving from AWS to Bare-Metal saved us $230,000 /yr.in 2023, the story travelled far beyond our usual readership. The discussion threads onHacker NewsandReddit were packed with sharp questions: did we skip Reserved Instances, how do we fail over a single rack, what about the people cost, and when is cloud still the better answer? This follow-up is our long-form reply."Free software scares normal people: "I’m the person my friends and family come to for computer-related help. (Maybe you, gentle reader, can relate.) This experience has taught me which computing tasks are frustrating for normal people."What We Talk About When We Talk About Sideloading: "It bears reminding that “sideload” is a made-up term. Putting software on your computer is simply called “installing”, regardless of whether that computer is in your pocket or on your desk. This could perhaps be further precised as “direct installing”, in case you need to make a distinction between obtaining software the old-fashioned way versus going through a rent-seeking intermediary marketplace like the Google Play Store or the Apple App Store."Aggressive bots ruined my weekend: "On the 25th of October Bear had its first major outage. Specifically, the reverse proxy which handles custom domains went down, causing custom domains to time out. Unfortunately my monitoring tool failed to notify me, and it being a Saturday, I didn't notice the outage for longer than is reasonable. I apologise to everyone who was affected by it. First, I want to dissect the root cause, exactly what went wrong, and then provide the steps I've taken to mitigate this in the future."The bug that taught me more about PyTorch than years of using it:My training loss plateaued and wouldn’t budge. Obviously I’d screwed something up. I tried every hyperparameter combination, rewrote my loss function, spent days assuming I’d made some stupid mistake. Because it’s always user error. This time, it wasn’t. It was a niche PyTorch bug that forced me through layers of abstraction I normally never think about: optimizer internals, memory layouts, dispatch systems, kernel implementations. Taught me more about the framework than years of using it.What Happened To Running What You Wanted On Your Own Machine?: When the microcomputer first landed in homes some forty years ago, it came with a simple freedom—you could run whatever software you could get your hands on. Floppy disk from a friend? Pop it in. Shareware demo downloaded from a BBS? Go ahead! Dodgy code you wrote yourself at 2 AM? Absolutely. The computer you bought was yours. It would run whatever you told it to run, and ask no questions. Today, that freedom is dying. What’s worse, is it’s happening so gradually that most people haven’t noticed we’re already halfway into the coffin.This week's academiaArtificial Writing And Automated Detection (PDF) (B. Jabarian and A. Imas): "Artificial intelligence (AI) tools are increasingly used for written deliverables. This has created demand for distinguishing human-generated text from AI-generated text at scale, e.g., ensuring assignments were completed by students, product reviews written by actual customers, etc. A decision-maker aiming to implement a detector in practice must consider two key statistics: the False Negative Rate (FNR), which corresponds to the proportion of AI-generated text that is falsely classified as human, and the False Positive Rate (FPR), which corresponds to the proportion of human-written text that is falsely classified as AI-generated. We evaluate three leading commercial detectors—Pangram, OriginalityAI, GPTZero—and an open-source one —RoBERTa—on their performance in minimizing these statistics using a large corpus spanning genres, lengths, and models. Commercial detectors outperform open-source, with Pangram achieving near-zero FNR and FPR rates that remain robust across models, threshold rules, ultra-short passages, "stubs" (50 words) and ’humanizer’ tools. A decision-maker may weight one type of error (Type I vs. Type II) as more important than the other."Do Users Verify SSH Keys? (PDF) (P. Gutmann): A classic and hilariously concerning paper that is currently undergoing something of a revival in the halls of internet para-academia.Reasoning Models Reason Well, Until They Don't (R. Rameshkumar, J. Huang, Y. Sun, F. Xia, A. Saparov): "Large language models (LLMs) have shown significant progress in reasoning tasks. However, recent studies show that transformers and LLMs fail catastrophically once reasoning problems exceed modest complexity. We revisit these findings through the lens of large reasoning models (LRMs) -- LLMs fine-tuned with incentives for step-by-step argumentation and self-verification."Brough to you in cooperation with GoodAccess:*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}.reverse{display:table;width: 100%;

NVFP4 could redefine efficiency in model training—check out the most important new benchmarks this w AI_Distilled #120: What’s New in AI This Week Welcome to this week’s edition of AI Distilled! This week’s roundup spans thecutting edgeof model optimization, on-device AI, and enterprise infrastructure. Nvidia advances efficiency with 4-bit precision training, whileMiniMax’sopen-weight M2 model sets new performance benchmarks. Meta, Intel, Qualcomm, and AWS unveil major infrastructure updates, andArizeAI’s partnership withInfogainstrengthens agent observability. We also spotlight Microsoft’s coding patent and Forrester’s surprising insights on AI-driven rehiring trends. LLM Expert Insights, Packt 📈LATEST DEVELOPMENT New Models & Training Techniques Nvidia unlocks 4-bit precision training Nvidia’s new NVFP4 quantization method allows large language models to train in 4-bit precision whilemaintaining8-bit FP8 accuracy. By mixing precision to manage numerical outliers, NVFP4 dramatically reduces memory andcomputecosts—making custom model training more affordable. (VentureBeat) MiniMax-M2sets benchmark for open-weightLLMs MiniMaxhas launched MiniMax-M2, an open-weight mixture-of-experts language model featuring 230 billion parameters with 10 billionactive. Despite itsrelatively smallactive footprint, M2 topped the Artificial Analysis Intelligence Index and excelled in coding and agent benchmarks. Released under an MIT license, it offers enterprises a flexible, cost-efficientoptionfor experimentation and deployment without restrictive licensing barriers. (VentureBeat) Build, Deploy and Scale AI Agents - Nexus 2025 Packt's Annual AI Workshop Build and fine-tune your own LLMs and Agents and deploy them in production with workshops on MCP, A2A, Context Engineering, and many more. 🕜 Nov 20-21 BOOK NOW - 50% OFF Tools, Agents,& Platforms Framework for agentic help desks InfoWorldhasoutlined a six-step roadmap for deploying AI help-desk agents—from defining measurable goals to embedding the agent in real user channels. The guide emphasizes that effective agents must act, not merelychat, combining governance, tool access, and human oversight. (InfoWorld) ExecuTorch1.0 powers on-device AI MetahaslaunchedExecuTorch1.0, an open-source inference framework that runs anyPyTorchmodel directly on mobile and edge devices. Supporting CPU, GPU,and NPU acceleration,ExecuTorchenables low-latency AI for vision, speech, and language—while safeguarding user privacy. (InfoWorld) Partnerships & Investments ArizeAI +Infogainboost agent observability Arize AIhasjoined forces withInfogain’sIgnis platform to unify LLM evaluation and monitoring. The integration adds tracing,prompt-optimization, and real-time compliance checks, giving enterprises a clearer view of agent performance across lifecycles. (PR Newswire) Maincodecommits $30 M to Melbourne AI factory Australian developerMaincodeis investing $30 million in its new MC-2 AI Factory, due January 2026. Equipped with AMD Instinct GPUs and EPYC CPUs, MC-2 will specialize in precise, client-specific LLMs—powering the next generation ofitsMatilda models. (ARN Net) Infrastructure & Hardware Intel shifts focus to data-center chips Amid constrained 10/7-node capacity, Intel is prioritizing wafer supply for server processors over consumer chips. The company noted surging AI demand and plans to adjust pricing and mix toward data-center workloads. (Network World) AWS & Anthropic complete Project Rainier Amazon Web Serviceshasfinished Project Rainier, an$8 billionsupercomputing cluster forAnthropic’sClaude models. Built with over 500,000Trainium2 chips (scaling to 1 million), the system boosts sustainability through hybrid cooling and vertical power delivery—enabling faster, greener LLM training. (DataCenter Knowledge) Qualcomm unveils AI200andAI250 accelerators Qualcommhas unveiledits AI200 and AI250 accelerators, built for rack-scale inference of large language and generative models. The AI200 offers 768 GB LPDDR memory, while the AI250 adds near-memory computing for up to 10× higher bandwidth. Both feature liquid cooling, confidential computing, and high efficiency—marking Qualcomm’s bold expansion into data-center-grade AI infrastructure. (Qualcomm) Market & Predictions Microsoft patents symbolic-guided code generation Microsoft is seeking a patent for a system that enhances how large language modelsgenerate source code. The proposed method involvesidentifying“symbolic properties” from high-quality code examples, training a model to recognize those properties from natural language prompts, and then guiding the LLM to produce code that aligns with those patterns. The goal: moreaccurate, reliable AI-generated code.(The Daily Upside) EXPERT INSIGHTS Designing Multi-Agent Systems with OpenAI Agents SDK InBuilding Agents with OpenAI Agents SDK, authorHenry Habibexplores one of the most powerful frontiers in appliedAI –the ability for multiple agents to collaborate seamlessly to solve complex tasks. Just asorganizations rely on specialized teams to achieve ambitious goals, intelligent systems can distribute work among multiple AI agents,each with a specific role,expertise, and responsibility. This week’sExpert Insightbreaks down how multi-agent systems function, how “handoffs” make them work, and how OpenAI Agents SDK simplifies building these architectures for real-world applications. READ MORE Built something cool? Tell us. Whether it's a scrappy prototype or a production-grade agent, we want to hear how you're putting generative AI to work. Drop us your story at nimishad@packtpub.com or reply to this email, and you could get featured in an upcoming issue of AI_Distilled. 📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us. If you have any comments or feedback, just reply back to this email. Thanks for reading and have a great day! That’s a wrap for this week’s edition of AI_Distilled 🧠⚙️ We would love to know what you thought—your feedback helps us keep leveling up. 👉 Drop your rating here Thanks for reading, The AI_Distilled Team (Curated by humans. Powered by curiosity.) *{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}