ChatGPT

Cloud migration becomes much harder when teams are not moving workloads, but also trying to make every environment reproducible and deployment-ready through Infrastructure as Code. The challenge is not limited to copying applications from one platform to another. It includes validating architecture decisions, controlling drift, enforcing policies, coordinating approvals, and making sure deployment logic can scale in teams and cloud accounts. In that kind of environment, cloud migration software needs to support both planning and execution. That is where platforms like Infros stand out. Infros is built around cloud architecture design and validation, helping teams model and evaluate optimised cloud architectures before changes are committed to downstream delivery workflows. That makes it especially relevant for organisations that want migration projects to be guided by architecture intelligence not corrected after deployment problems appear. The 5 top cloud migration software tools for Infrastructure as Code (IaC) deployment 1. Infros Infros is the best overall cloud migration software tool for Infrastructure as Code deployment because it addresses a problem many teams discover too late: migration failures often begin at the architecture stage, not the provisioning stage. The platform is designed to help organisations design and validate optimised cloud architectures aligned to business and technical priorities before rollout decisions are finalized. That makes it especially useful for migration teams that need more than automation and want architectural confidence before deployment pipelines begin executing changes. What separates Infros from more execution-oriented platforms is its emphasis on decision quality. In cloud migration projects, teams frequently have to evaluate tradeoffs around workload placement, performance, cost and environment design. If those decisions are made too quickly or without enough structure, IaC deployment may remain technically consistent while still moving the wrong architecture into production. Infros is compelling because it helps teams prove architecture choices earlier, which can reduce downstream rework, rollback pressure, and costly redesign cycles. That overall positioning is consistent with the way it is described in current product materials and third-party coverage. Key features Cloud architecture design and validation workflows Optimisation aligned to cost and operational priorities Support for evaluating cloud architecture decisions before deployment Strong fit for migration planning in hybrid and multi-cloud scenarios Better alignment between architecture intent and downstream execution Useful for teams that want design-stage confidence not reactive correction 2. Spacelift Spacelift is one of the strongest choices for cloud migration programmes that depend on disciplined IaC orchestration. It is built to coordinate infrastructure workflows in tools like Terraform, OpenTofu, Ansible, and related automation frameworks, giving teams a structured way to manage planning, approvals and governance from a central platform. That makes it especially useful when migration efforts span multiple environments, multiple contributors, and multiple infrastructure codebases. In an IaC-based migration, the challenge is often not writing code but operating it safely at scale. Teams need clear workflows for stack execution, policy enforcement, pull request review, drift awareness, and role separation. Spacelift is well suited to those needs because it focuses on orchestration and governance not only infrastructure definition. That means it can help bring control to migration projects where many moving parts have to be coordinated in a repeatable way. It is particularly relevant for organisations that already have a defined IaC practice but need stronger operational controls as cloud migration grows more complex. Key features Orchestration for Terraform, OpenTofu, Ansible, and other IaC workflows Centralised governance and approval controls Support for policy-driven infrastructure operations Strong workflow fit for multi-environment migration programmes Designed for secure, repeatable infrastructure delivery Good option for teams scaling IaC beyond ad hoc execution 3. env0 env0 is a practical cloud migration software option for Infrastructure as Code deployment because it helps teams standardise the way environments are provisioned and managed using existing IaC frameworks. It supports common tools like Terraform, Terragrunt, and Pulumi, which makes it attractive to organisations that do not want to replace their current IaC approach but do want better structure around how migration-related changes move through development and production. One reason env0 belongs on this list is that migration programmes often break down when teams have inconsistent environment workflows. A plan might work in one account, one region, or one business unit, yet become difficult to reproduce elsewhere. env0 helps by creating more consistent workflow patterns for provisioning, updates and environment lifecycle management. That can be especially useful when cloud migration is happening incrementally and different application teams are moving at different speeds. The platform is often positioned as framework-agnostic, which is valuable for organisations with mixed stacks or evolving standards. Key features Supports Terraform, Terragrunt, and Pulumi-based workflows Structured environment lifecycle management Useful for repeatable deployment patterns in teams Framework-agnostic approach for mixed IaC stacks Helps standardise provisioning and update workflows Good fit for operational consistency during staged migrations 4. Firefly Firefly earns a place on this list because cloud migration rarely starts with a perfectly codified environment. Many organisations begin with fragmented cloud estates, unmanaged resources, partial documentation, and infrastructure that has drifted far from the intended model. Firefly focuses on cloud asset management and helps teams gain control over their entire cloud footprint, including turning unmanaged resources into codified infrastructure. That makes it especially relevant when migration work is blocked by poor visibility not lack of tooling. For IaC-driven migration, visibility matters just as much as deployment logic. If teams do not understand what already exists, what is unmanaged, and where drift has accumulated, they risk migrating bad assumptions into a more automated form. Firefly is valuable because it helps surface those blind spots. Instead of only managing future deployments, it helps teams reconcile the real-world cloud environment with the governed state they want to create. That can make migration initiatives more accurate, especially when legacy resources, shadow infrastructure, or inconsistent ownership patterns have built up over time. Current Firefly materials and partner descriptions emphasise this control and codification angle clearly. Key features Cloud asset management in existing infrastructure Support for turning unmanaged resources into codified assets Useful for discovering drift and hidden infrastructure gaps Strong visibility layer for messy or partially documented estates Helps connect cloud reality to governed IaC workflows Valuable in migration programmes with legacy sprawl 5. Pulumi Pulumi stands out as a cloud migration software option for Infrastructure as Code deployment because it gives teams a developer-centric way to define and manage infrastructure using general-purpose programming languages. For migration efforts led by software engineers not only infrastructure specialists, that can make automation easier to integrate with existing application development practices. It is particularly useful when teams want reusable logic, richer abstractions, and tighter alignment between infrastructure workflows and software delivery habits. In the context of migration, Pulumi can be effective because not every environment change fits neatly into static templates. Complex cloud transitions often involve conditional logic, reusable components, and environment-specific workflows that benefit from code expressiveness. Pulumi appeals to teams that want infrastructure automation to feel more like software engineering. That can speed up adoption in organisations where developers play a major role in platform modernisation and cloud rollout. The tradeoff is that this flexibility may require stronger internal engineering discipline, especially if teams are used to more opinionated workflow controls from orchestration platforms. Key features Infrastructure defined through general-purpose programming languages Strong fit for developer-led cloud automation Useful for reusable abstractions and complex deployment logic Supports modern software engineering practices in infrastructure delivery Helpful when migration workflows require custom logic Well suited to teams modernizing platform operations Where IaC-driven cloud migration projects usually break down Many cloud migration projects appear well planned at the beginning. There is usually a target environment, a preferred cloud model, and a roadmap that looks clear at a high level. Problems tend to emerge later, once teams begin translating architecture into deployable code and coordinating real implementation in departments. That is the point where Infrastructure as Code exposes every weak assumption that was hidden during early planning. One common breakdown happens when the target architecture is defined in terms but not in enough detail to support deployment. Teams may know where an application should move, but not how networking, access controls, data dependencies, or failover requirements should be handled in code. Another issue appears when infrastructure definitions are technically valid but not operationally realistic in multiple environments. A stack may work in a test environment but become much harder to manage once regional differences, team permissions, or compliance rules come into play. Migration projects also struggle when ownership is unclear. Architects may define the future state, platform engineers may manage IaC pipelines, operations teams may oversee reliability, and security teams may enforce governance requirements. If the migration software does not help bring those layers together, the result is often a deployment process that feels automated but remains brittle underneath. The most common failure points include: undocumented dependencies between workloads and data flows environment drift between dev and production late-stage security or compliance reviews that force redesign inconsistent infrastructure patterns in teams or business units unclear rollback planning if migration steps fail poor visibility into legacy cloud assets that still affect the target state manual exceptions that weaken otherwise standardised IaC workflows The important lesson is that Infrastructure as Code does not remove migration complexity. It organises it. If the underlying planning is weak, the code will simply reproduce that weakness more consistently. That is why effective cloud migration software has to support coordination and control, not deployment automation. What good cloud migration software looks like in an IaC environment The best cloud migration software for Infrastructure as Code deployment is not defined by one feature alone. It is defined by how well it helps teams move from planning to execution without losing structure, context, or control. In an IaC environment, software has to support repeatability, but it also has to support better decision-making before repeatability becomes a liability. A strong platform should help teams understand what they are migrating, how the target infrastructure should be modeled, and how those decisions will be governed as code moves through deployment pipelines. It should reduce the gap between architectural intent and operational reality. That is especially important in cloud migration because the move itself is usually only the first step. After cutover, teams still need to maintain and extend the infrastructure they have just deployed. What separates stronger solutions from weaker ones is their ability to support the full migration lifecycle. That does not mean every tool has to do everything. But it does mean the software should contribute meaningfully to planning quality, deployment consistency, environment control, or infrastructure visibility. The most valuable qualities usually include: Architecture awareness The software should help teams think through target-state design, workload placement and operating assumptions before they commit those choices to code. IaC framework compatibility Good tools should work with established Infrastructure as Code workflows not forcing teams to abandon Terraform, OpenTofu, Pulumi, or adjacent tooling. Governance and policy controls Migration carries risk, so platforms need approval paths, role separation, policy enforcement, and change tracking. Environment lifecycle management Teams should be able to create, update and retire environments in a controlled way instead of handling them through scattered scripts and exceptions. Drift detection and infrastructure visibility If teams cannot see what already exists, they cannot build a reliable migration strategy around it. Multi-cloud and hybrid support Many enterprises are not moving into a single clean environment. They are dealing with AWS, Azure, GCP, Kubernetes, on-prem components, or a hybrid combination. Operational scalability The platform should still work well when more teams, more deployments, and more governance requirements are added over time. Good cloud migration software in an IaC setting is not about making deployment faster. It is about creating a path where infrastructure becomes easier to reason about, easier to govern, and easier to evolve after migration is complete. The real benefits of using cloud migration software for IaC deployment It is easy to assume the main benefit of cloud migration software is speed. Speed does matter, but it is rarely the most important long-term advantage. The real value comes from making cloud migration more structured, more predictable, and more sustainable inside an Infrastructure as Code operating model. When teams try to migrate without a strong platform, they often rely on a mixture of architecture documents, scripts, ticketing workflows, ad hoc approvals, and deployment tools that were never designed to work together as one system. That usually leads to confusion around ownership, inconsistent environment behaviour, and too much manual intervention at exactly the moments when the process should be most controlled. Cloud migration software helps solve that by connecting different parts of the migration lifecycle. It brings more discipline to the way infrastructure changes are planned and applied. That is especially important in IaC environments, because once infrastructure is codified, errors can spread quickly if governance and visibility are weak. Some of the biggest benefits include: Less rework after deployment because critical decisions are surfaced earlier More consistent infrastructure behaviour in environments and teams Reduced manual configuration drift during phased migration efforts Better collaboration between architects, platform engineers and security teams Stronger auditability for infrastructure changes and approvals Improved rollback readiness when migrations need to be adjusted More scalable deployment practices as cloud adoption grows Cleaner post-migration operations because infrastructure is easier to maintain and optimise There is also a benefit that many teams underestimate. Migration software does not help with the move itself. It often helps define the quality of the cloud operating model that follows. If the migration is done through fragmented, poorly governed workflows, those weaknesses continue after cutover. If it is done through structured, architecture-aware, code-driven processes, the organisation is better positioned for long-term efficiency and change management. That is why the best cloud migration software is not simply a project tool. In many cases, it becomes part of the broader foundation for how cloud infrastructure is deployed and governed going forward. How to choose cloud migration software for Infrastructure as Code (IaC) deployment Choosing cloud migration software becomes much easier when teams stop asking which platform has the most features and start asking which platform fits the actual migration challenge in front of them. Different organisations need different things. Some need architecture intelligence before they codify anything. Others already know their target state and mainly need stronger orchestration, governance, or environment management. Others are still dealing with infrastructure sprawl and cannot move effectively until visibility improves. A good buying process begins with internal clarity. Teams should understand whether their biggest problem is planning, execution, governance, visibility, or post-migration manageability. If they skip that step, they often end up choosing tools based on market category labels instead of operational fit. When comparing options, it helps to evaluate them through a few practical questions: What stage of migration are we in right now? Early-stage planning calls for different abilities than mature rollout and governance. How much of our infrastructure is already codified? Some organisations need help standardising existing IaC workflows, while others still need to reconcile unmanaged assets. Do we need architecture support, execution support, or both? That distinction often determines whether a platform will create long-term value. How complex is our cloud footprint? A multi-cloud or hybrid environment usually demands better visibility and stronger coordination. Who will actually use the tool? Architects, platform engineers, developers, security teams, and operations teams may all have different needs. What governance requirements do we have? Policy controls, approval workflows and access management matter more in some environments than others. Will the tool still be useful after migration is finished? Long-term value is a better indicator of fit than short-term implementation convenience. The strongest choices are usually the ones that match the team’s operating model, not the immediate migration project. A platform may look impressive in a demo, but if it does not fit how infrastructure decisions are made and governed internally, it can add complexity instead of reducing it. That is why choosing cloud migration software for Infrastructure as Code deployment should be treated as an operational strategy decision, not only a tooling decision. What teams should compare before making a final decision Once the shortlist is down to a few serious options, the comparison process should go deeper than feature lists. Tools that seem similar at a high level can create value in very different ways. One platform may excel at architecture validation, another at IaC orchestration, and another at turning unmanaged cloud resources into governed infrastructure. Choosing well requires teams to compare tools against the real demands of their migration program. The most useful comparison areas are usually the ones that affect both present execution and future manageability. Teams should look at whether the platform improves planning quality, supports deployment discipline, and continues to be useful after the initial migration wave is complete. Key factors to compare include: Primary use case Is the tool strongest in planning, orchestration, visibility, codification, or developer-led automation? Infrastructure as Code compatibility Does it work well with existing IaC frameworks and workflows? Governance depth How strong are the approval models, access controls, audit trails, and policy checks? Migration readiness Can the software handle phased migrations, shared ownership, and nontrivial infrastructure transitions? Cloud and environment coverage Does it support the cloud providers and deployment models the organisation actually uses? Operational maturity fit Is the tool appropriate for the team’s current level of process maturity, or will it create friction? Post-migration value Will the platform remain useful for optimisation and future infrastructure changes? A practical comparison process should also include qualitative questions. For example: Will this tool help different teams work from the same assumptions? Does it reduce the number of manual decisions required during migration? Will it improve confidence before deployment, or only help after deployment starts? Can it support both the migration itself and the operational model that follows? The best final decisions usually come from this kind of grounded evaluation. Instead of asking which platform is the most advanced in general, teams ask which one is best aligned with their architecture, their workflows, and their cloud operating goals. Choosing the right cloud migration software for long-term IaC success Cloud migration software for Infrastructure as Code deployment should never be evaluated as if migration ends on cutover day. The better question is whether the platform helps create a cloud environment that remains manageable and adaptable after the move is complete. In mature organisations, that is what ultimately determines whether a migration was successful. The strongest solutions are the ones that improve both how teams move infrastructure and how they operate it afterward. That means helping with architecture quality, deployment consistency, policy enforcement, environment control, and infrastructure visibility in ways that remain useful beyond the initial project window. A strong long-term platform usually contributes to: better architecture decisions before provisioning more reliable deployment workflows less drift and fewer manual exceptions cleaner collaboration in technical teams more sustainable governance as cloud complexity grows better readiness for future optimisation and modernisation Infrastructure as Code raises the bar for migration quality because it turns cloud operations into a repeatable system not a one-time exercise. The right migration software supports that shift. It helps teams build an environment that can be deployed with confidence, managed with discipline, and improved continuously as business requirements evolve. That is why the final decision should not come down to who can provision infrastructure fastest. It should come down to which platform gives the organisation the strongest foundation for long-term cloud success. The post 5 top cloud migration software for Infrastructure as Code (IaC) appeared first on AI News. View the full article

OpenAI is introducing sandbox execution that allows enterprise governance teams to deploy automated workflows with controlled risk. Teams taking systems from prototype to production have faced difficult architectural compromises regarding where their operations occurred. Using model-agnostic frameworks offered initial flexibility but failed to fully utilise the capabilities of frontier models. Model-provider SDKs remained closer to the underlying model, but often lacked enough visibility into the control harness. To complicate matters further, managed agent APIs simplified the deployment process but severely constrained where the systems could run and how they accessed sensitive corporate data. To resolve this, OpenAI is introducing new capabilities to the Agents SDK, offering developers standardised infrastructure featuring a model-native harness and native sandbox execution. The updated infrastructure aligns execution with the natural operating pattern of the underlying models, improving reliability when tasks require coordination across diverse systems. Oscar Health provides an example of this efficiency regarding unstructured data. The healthcare provider tested the new infrastructure to automate a clinical records workflow that older approaches could not handle reliably. The engineering team required the automated system to extract correct metadata while correctly understanding the boundaries of patient encounters within complex medical files. By automating this process, the provider could parse patient histories faster, expediting care coordination and improving the overall member experience. Rachael Burns, Staff Engineer & AI Tech Lead at Oscar Health, said: “The updated Agents SDK made it production-viable for us to automate a critical clinical records workflow that previous approaches couldn’t handle reliably enough. “For us, the difference was not just extracting the right metadata, but correctly understanding the boundaries of each encounter in long, complex records. As a result, we can more quickly understand what’s happening for each patient in a given visit, helping members with their care needs and improving their experience with us.” OpenAI optimises AI workflows with a model-native harness To deploy these systems, engineers must manage vector database synchronisation, control hallucination risks, and optimise expensive compute cycles. Without standard frameworks, internal teams often resort to building brittle custom connectors to manage these workflows. The new model-native harness helps alleviate this friction by introducing configurable memory, sandbox-aware orchestration, and Codex-like filesystem tools. Developers can integrate standardised primitives such as tool use via MCP, custom instructions via AGENTS.md, and file edits using the apply patch tool. Progressive disclosure via skills and code execution using the shell tool also enables the system to perform complex tasks sequentially. This standardisation allows engineering teams to spend less time updating core infrastructure and focus on building domain-specific logic that directly benefits the business. Integrating an autonomous program into a legacy tech stack requires precise routing. When an autonomous process accesses unstructured data, it relies heavily on retrieval systems to pull relevant context. To manage the integration of diverse architectures and limit operational scope, the SDK introduces a Manifest abstraction. This abstraction standardises how developers describe the workspace, allowing them to mount local files and define output directories. Teams can connect these environments directly to major enterprise storage providers, including AWS S3, Azure Blob Storage, Google Cloud Storage, and Cloudflare R2. Establishing a predictable workspace gives the model exact parameters on where to locate inputs, write outputs, and maintain organisation during extended operational runs. This predictability prevents the system from querying unfiltered data lakes, restricting it to specific, validated context windows. Data governance teams can subsequently track the provenance of every automated decision with greater accuracy from local prototype phases through to production deployment. Enhancing security with native sandbox execution The SDK natively supports sandbox execution, offering an out-of-the-box layer so programs can run within controlled computer environments containing the necessary files and dependencies. Engineering teams no longer need to piece this execution layer together manually. They can deploy their own custom sandboxes or utilise built-in support for providers like Blaxel, Cloudflare, Daytona, E2B, Modal, Runloop, and Vercel. Risk mitigation remains the primary concern for any enterprise deploying autonomous code execution. Security teams must assume that any system reading external data or executing generated code will face prompt-injection attacks and exfiltration attempts. OpenAI approaches this security requirement by separating the control harness from the compute layer. This separation isolates credentials, keeping them entirely out of the environments where the model-generated code executes. By isolating the execution layer, an injected malicious command cannot access the central control plane or steal primary API keys, protecting the wider corporate network from lateral movement attacks. This separation also addresses compute cost issues regarding system failures. Long-running tasks often fail midway due to network timeouts, container crashes, or API limits. If a complex agent takes twenty steps to compile a financial report and fails at step nineteen, re-running the entire sequence burns expensive computing resources. If the environment crashes under the new architecture, losing the sandbox container does not mean losing the entire operational run. Because the system state remains externalised, the SDK utilises built-in snapshotting and rehydration. The infrastructure can restore the state within a fresh container and resume exactly from the last checkpoint if the original environment expires or fails. Preventing the need to restart expensive, long-running processes translates directly to reduced cloud compute spend. Scaling these operations requires dynamic resource allocation. The separated architecture allows runs to invoke single or multiple sandboxes based on current load, route specific subagents into isolated environments, and parallelise tasks across numerous containers for faster execution times. These new capabilities are generally available to all customers via the API, utilising standard pricing based on tokens and tool use without demanding custom procurement contracts. The new harness and sandbox capabilities are launching first for Python developers, with TypeScript support slated for a future release. OpenAI plans to bring additional capabilities, including code mode and subagents, to both the Python and TypeScript libraries. The vendor intends to expand the broader ecosystem over time by supporting additional sandbox providers and offering more methods for developers to plug the SDK directly into their existing internal systems. See also: Commvault launches a ‘Ctrl-Z’ for cloud AI workloads Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security & Cloud Expo. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post OpenAI Agents SDK improves governance with sandbox execution appeared first on AI News. View the full article

Cadence Design Systems announced two AI-related collaborations at its CadenceLIVE event this week, expanding its work with Nvidia and introducing new integrations with Google Cloud. The Nvidia partnership focuses on combining AI with physics-based simulation and accelerated computing for robotic systems and system-level design. The companies said the approach targets modelling and deployment across semiconductors, robotics, and large-scale AI infrastructure, including robotic systems that Nvidia describes as physical AI. Cadence is integrating its multiphysics simulation and system design tools with Nvidia’s CUDA-X libraries, AI models, and Omniverse-based simulation environment. The tools model thermal, electrical, and mechanical interactions so engineers can assess how systems behave under real-world operating conditions. They also extend beyond chip design to cover infrastructure components such as networking, cooling, and power systems. The combined platform enables engineers to simulate system behaviour before physical deployment. The companies said system performance depends on how compute, networking, cooling, and power systems operate together. The collaboration also includes robotics development. Cadence’s physics engines, which model how real-world materials interact, are being linked with Nvidia’s AI models used to train AI-driven robotic systems in simulated environments. “We’re working with you across the board on robotic systems,” said Nvidia CEO Jensen Huang during the event. Training robots in simulation reduces the need for real-world data collection. The companies said these datasets must be generated with physics-based models rather than gathered from physical systems. Simulation-generated datasets are used to train models, with outcomes dependent on the accuracy of the underlying physics models. “The more accurate (generated training data) is, the better the model will be,” said Cadence CEO Anirudh Devgan. Nvidia said industrial robotics companies are using its Isaac simulation frameworks and Omniverse-based digital twin tools to test robotic systems before deployment. Companies including ABB Robotics, FANUC, YASKAWA, and KUKA are integrating these simulation tools into virtual commissioning workflows to test production systems in software prior to physical rollout. Nvidia said these systems are used to model complex robot operations and entire production lines using physically accurate digital environments. Chip design automation on cloud Separately, Cadence introduced a new AI agent designed to automate later-stage chip design tasks. The agent focuses on physical layout processes, translating circuit designs into silicon implementations. The release builds on an earlier agent introduced this year for front-end chip design, where circuits are defined in code-like descriptions. That earlier system handles circuit design, while the new agent focuses on translating those designs into physical layouts on silicon. The system will be available through Google Cloud. Cadence said the integration combines its electronic design automation tools with Google’s Gemini models for automated design and verification workflows. The cloud deployment allows teams to run those workloads without relying on on-premise compute infrastructure. Cadence’s ChipStack AI Super Agent platform uses model-based reasoning with native design tools to coordinate tasks across multiple design stages. The system can interpret design requirements and automatically execute tasks across different stages of the design process. Cadence reported productivity gains of up to 10 times in early deployments across design and verification tasks. The company did not disclose specific customer implementations. “We help build AI systems, and then those AI systems can help improve the design process,” Devgan said. The companies said simulation tools are used to validate systems in virtual environments before physical deployment. Digital twin models allow engineers to test design tradeoffs, evaluate performance scenarios, and optimise configurations in software. They added that the cost and complexity of large-scale data center infrastructure limit the use of trial-and-error deployment methods. Quantum models announcement In a separate announcement, Nvidia introduced a family of open-source quantum AI models called NVIDIA Ising. The models are named after the Ising model, a mathematical framework used to represent interactions in physical systems. The models are designed to support quantum processor calibration and quantum error correction. Nvidia said the models deliver up to 2.5 times faster performance and three times higher accuracy in decoding processes used for error correction. The models are intended for hybrid quantum-classical systems. “AI is essential to making quantum computing practical,” Huang said. “With Ising, AI becomes the control plane — the operating system of quantum machines — transforming fragile qubits to scalable and reliable quantum-GPU systems.” (Photo by Homa Appliances) See also: Hyundai expands into robotics and physical AI systems Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. This comprehensive event is part of TechEx and co-located with other leading technology events. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post Cadence expands AI and robotic partnerships with Nvidia, Google Cloud appeared first on AI News. View the full article

Enterprise cloud environments now have access to an undo feature for AI agents following the deployment of Commvault AI Protect. Autonomous software now roams across infrastructure, potentially deleting files, reading databases, spinning up server clusters, and even rewriting access policies. Commvault identified this governance issue and the data protection vendor has launched AI Protect, a system designed to discover, monitor, and forcefully roll back the actions of autonomous models operating inside AWS, Microsoft Azure, and Google Cloud. Traditional governance relies entirely on static rules. You grant a human user specific permissions and that user performs a predictable, linear task. If something goes wrong, there’s clear responsibility. AI agents, however, exhibit emergent behaviour. When given a complex prompt, an agent will string together approved permissions in potentially unapproved ways to solve the problem. If an agent decides the most efficient way to optimise cloud storage costs is to delete an entire production database, it will execute that command in milliseconds. A human engineer might pause before executing a destructive command, questioning the logic. An AI agent simply follows its internal reasoning loop. It loops thousands of API requests a second, vastly outpacing the reaction times of human security operations centres. A new breed of governance tools for cloud AI agents AI Protect is an example of emerging tools that continuously scan the enterprise cloud footprint to identify active agents. Shadow AI remains a massive difficulty for enterprise IT departments. Developers routinely spin up experimental agents using corporate credentials without notifying security teams and connect language models to internal data lakes to test new workflows. Commvault forces these hidden actors into the light. Once identified, the software monitors the agent’s specific API calls and data interactions across AWS, Azure, and GCP. It logs every database read, every storage modification, and every configuration change. The rollback feature provides the safety net. If a model hallucinates or misinterprets a command, administrators can revert the environment to its exact state before the machine initiated the destructive sequence. However, cloud infrastructure is highly stateful and deeply interconnected. Reversing a complex chain of automated actions requires precise, ledger-based tracking. You cannot just restore a single database table if the machine also modified networking rules, triggered downstream serverless functions, and altered identity access management policies during its run. Commvault bridges traditional backup architecture with continuous cloud monitoring to achieve this. By mapping the blast radius of the agent’s session, the software isolates the damage. It untangles the specific changes made by the AI from the legitimate changes made by human users during the same timeframe. This prevents a mass rollback from deleting valid customer transactions or wiping out hours of legitimate engineering work. Machines will continue to execute tasks faster than human operators can monitor them. The priority now is implementing safeguards that guarantee autonomous actions can be instantly and accurately reversed. See also: Citizen developers now have their own Wingman Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security & Cloud Expo. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post Commvault launches a ‘Ctrl-Z’ for cloud AI workloads appeared first on AI News. View the full article

A vibe-coding application creation company, Emergent, has released Wingman, an autonomous agent that can address and take control of the applications used to manage daily tasks. The company’s press release states: “The best technology should be accessible to everyone”, and cites the difficulty that users without a technical background have in creating software applications. It says that eight million founders of businesses from 190 countries have used its products to create and ship software described as production-ready. Users of Wingman will be able to deploy a team of agents working on their behalf. “Now, anyone can have an always-on team working in the background, not just people who know how to build one,” said Mukund Jha, the co-founder and CEO of Emergent. Wingman differentiates itself from similar platforms by dividing which tasks can be accomplished without human intervention, and which need a human’s OK to proceed with. Therefore, tasks like modifying or deleting data, or sending messages to groups, are suspended until the AI gets the go-ahead from its operator. The company defines these divisions as “trust boundaries.” The platform can work by reading and controlling common applications such as WhatsApp, Telegram and iMessage, and can schedule tasks or have them triggered by preset events. A window of persistence (short-term context) means that users don’t have to repeat contextual instructions to the LLM for similar tasks. Connections to familiar platforms such as email, calendaring, CRMs, and GitHub come out of the box, with additional connections available from the company’s integration hub. In concord with the platform’s easy-to-use ethos, connections between Wingman and other applications are achieved without the need to code elements such as API calls and key exchanges. This type of functionality is handled under the hood, without the users needing to be aware of the technical details. Responses by Wingman can be adjusted in tone, so it feels like “a trusted operator rather than another tool to manage,” Emergent’s press release states. Wingman is powered by a choice of LLMs, including the latest models from ChatGPT and Anthropic, or users can opt for Emergent’s own AI instance to save costs. Sign-up is quick and simple, and users can choose the development of full-stack or mobile apps, or have the AI design web pages. Plans are available for $20 or $200 per month if paid monthly, with introductory discounts available for those wishing to experiment with having an LLM act on their behalf via the applications they currently use every day. Apps are built using modern, web-native technologies for a professional front end to the ensuing code. “Most people aren’t failing at productivity. They’re buried under the smaller tasks that never stop coming,” said Jha. The promise of Emergent’s Wingman and similar offerings is the empowerment of the true ‘citizen developer’, where all that is required on the part of the business founder is the ability to elucidate their needs for software in their native language. The large language model works to achieve its interpretation of those needs using a body of data garnered by scraping the internet for existing code. This is then reproduced, partially randomised, and subtly altered to something close to the user’s goals. Most commonly, further iterations using compute token credits improve the output until satisfactory results are produced. Although tools like OpenClaw and Wingman may be suitable at this stage for hobbyists with particular problems to solve, releasing software created in this manner for wider consumption makes some debatable assumptions about its inherent security and veracity – elements of the final creation that, although readable, will be impenetrable for the platforms’ intended market. Similarly opaque, Wingman’s ‘code review’ feature can be run on any application during the creation process, although the details of said review are best interpreted by technically well-versed users. While individual office workers and entrepreneurs should be able to code something that achieves basic tasks, even with the caveat of human confirmation at possibly risky junctures, it’s difficult to envisage Wingman’s creations being seriously considered alongside software written by experienced software professionals in terms of safety, reliability, repeatability, and maintainability. Wingman is available now. (Image source: “Wingman” by Mr Mo-Fo is licensed under CC BY-NC-ND 2.0. To view a copy of this license, visit [Hidden Content]) Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and co-located with other leading technology events. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post Citizen developers now have their own Wingman appeared first on AI News. View the full article

Singapore-based DroneDash Technologies and GEODNET have formed a joint venture to be called GEODASH Aerosystems, to build an agricultural spraying drone for large industrial farms. The companies say the near-production drone technology is designed to remove the need to map a field to be treated before each flight, and the need to rebuild flight plans when conditions on the ground have changed. The aircraft will be capable of perceiving its surroundings during flight, adjust behaviour in response to visuals it captures, and undertake crop spraying. Current agricultural spraying drones were adapted from general-purpose models developed outside the industry, which meant that on farms, human operators had to survey and map each field, generate a flight plan for each spraying operation, and repeat the mapping process when canopy conditions altered. The technology is designed to be cost-effective on very large estates, especially palm oil plantations where crops are planted in rows, this necessary preparation and adjustment times can limit how much land a team can cover. GEODASH says its platform is built to remove the need for such preparation stages. The drone will combine DroneDash’s AI vision system with GEODNET’s positioning correction tech to achieve accuracy down to one centimetre. The drones can interpret rows, trees, terrain, and zones of operation while in the air. They are capable of adjusting their altitude and spray rates as conditions vary. The dividing line in smart robotics is whether machines can act in changing environments. Structured spaces – assembly lines, warehouses, etc. – present simpler operating parameters. However, in the case of agriculture, real-time decisions need to be made autonomously. Agricultural land, particularly plantation terrain with mixed-age crops and changing plant growth, means drones have to recognise all relevant physical features and alter flight paths or treatment patterns according to unpredictable conditions. In this sense, the perfect agricultural machine would need to combine the abilities of perception and location, and be able to attenuate its operations according to environmental conditions. Deterministic systems are less suited to these types of use case, as every edge-case of random occurrence can’t be hard-coded. GEODASH Aerosystems’ proposed solution isn’t a fully unsupervised machine that can make its own decisions anywhere on a farm property, but it will be capable of operating without pre-existing maps inside geo-fenced boundaries. It will also be able to log each decision in case of the need for adjustment by operators to get the best results. The nature of agriculture (and the natural world more generally) is that replanting, pruning, soil erosion or a host of other changes can make static maps increasingly less accurate over time. A platform that can be redeployed quickly after environmental changes could be more useful than one that’s only as accurate as its last survey data. The companies say each flight will feed data to DroneDash’s AI Smart Farming backend, providing metrics on canopy density analysis, stresses and anomalies, plant health scores, spray-effectiveness checks, and terrain profiles. Each drone will therefore have a dual-purposes: as a spray applicator, and what’s effectively an aerial sensor platform. Data gathered could be used on an ongoing basis by farm operators, perhaps to informing of the need to change dosages, change treatment timings, flag the need for fertilisation or pest control, and inform replanting schedules. GEODASH is aiming its technology initially at palm oil plantations in Southeast Asia, row-cropping operators in the US, and large estates in South America. The companies say they ran pilot deployments and validation projects throughout 2025 and into early 2026. Commercial deployment by GEODASH Aerosystems is planned for the third quarter of 2026. “Agriculture does not need ******* drones – it needs smarter ones,” said Paul Yam, CEO, DroneDash Technologies and GEODASH Aerosystems. (Image source: “Agriculture drone new technology” by Shreesha Sharma is licensed under CC BY-SA 4.0. To view a copy of this license, visit [Hidden Content]) Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and co-located with other leading technology events. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post Drones get smarter for large farm holdings appeared first on AI News. View the full article

The assumption that the US holds a durable lead in AI model performance is not well-supported by the data, and that is just one of the uncomfortable findings in Stanford University’s 2026 AI Index Report, published this week. The report, produced by Stanford’s Institute for Human-Centred Artificial Intelligence, is a 423-page annual assessment of where artificial intelligence stands. It covers research output, model performance, investment flows, public sentiment, and responsible AI. The headline findings are striking. But the more consequential insights sit in the sections most coverage has skipped, particularly on AI safety, where the gap between what models can do and how rigorously they are evaluated for harm has not closed but widened. That said, three findings deserve more attention than they are getting. The US-China model performance gap has effectively closed The framing that the US leads China in AI development needs updating. According to the report, US and ******** models have traded the top performance position multiple times since early 2025. In February 2025, DeepSeek-R1 briefly matched the top US model. As of March 2026, Anthropic’s top model leads by just 2.7%. The US still produces more top-tier AI models – 50 models in 2025 to China’s 30 – and retains higher-impact patents. But China now leads in publication volume, citation share, and patent grants. China’s share of the top 100 most-cited AI papers grew from 33 in 2021 to 41 in 2024. South Korea, notably, leads the world in AI patents per capita. The practical implication is that the assumption of a durable US technological lead in AI model performance is not well-supported by the data. The gap that existed two years ago has closed to a margin that shifts with each major model release. There is a further structural vulnerability the report identifies. The US hosts 5,427 data centres – more than ten times any other country – but a single company, TSMC, fabricates almost every leading AI chip inside them. The entire global AI hardware supply chain runs through one foundry in Taiwan, though a TSMC expansion in the US began operations in 2025. AI safety benchmarking is not keeping pace, and the numbers show it Almost every frontier model developer reports results on ability benchmarks. The same is not true for responsible AI benchmarks, and the 2026 Index documents the gap with some precision. The report’s benchmark table for safety and responsible AI shows that most entries are simply empty. Only Claude Opus 4.5 reports results on more than two of the responsible AI benchmarks tracked. Only GPT-5.2 reports StrongREJECT. Across benchmarks measuring fairness, security and human agency, the majority of frontier models report nothing. Capability benchmarks are reported consistently across frontier models. Responsible AI benchmarks–covering safety, fairness, and factuality–are largely absent. Source: Stanford HAI 2026 AI Index Report This does not mean Frontier Labs is doing no internal safety work. The report acknowledges that red-teaming and alignment testing happen, but that “these efforts are rarely disclosed using a common, externally comparable set of benchmarks.” The effect is that external comparison in AI safety dimensions is effectively impossible for most models. Documented AI incidents rose to 362 in 2025, up from 233 in 2024, according to the AI Incident Database. The OECD’s AI Incidents and Hazards Monitor, which uses a broader automated pipeline, recorded a peak of 435 monthly incidents in January 2026, with a six-month moving average of 326. Documented AI incidents rose to 362 in 2025, up from 233 the previous year and under 100 annually before 2022. Source: AI Incident Database (AIID), via Stanford HAI 2026 AI Index Report The governance response at the organisational level is struggling to match. According to a survey conducted by the AI Index and McKinsey, the share of organisations rating their AI incident response as “excellent” dropped from 28% in 2024 to 18% in 2025. Those reporting “good” responses also fell, from 39% to 24%. Meanwhile, the share experiencing three to five incidents rose from 30% to 50%. The report also identifies a structural problem in responsible AI improvement itself: gains in one dimension tend to reduce performance in another. Improving safety can degrade accuracy, or improving privacy can reduce fairness, for example. There is no established framework for managing such trade-offs, and in several dimensions, including fairness and explainability, the standardised data needed to track progress over time does not yet exist. Public anxiety rises with adoption, and the expert-public gap Globally, 59% of people surveyed say AI’s benefits outweigh its drawbacks, up from 55% in 2024. At the same time, 52% say AI products and services make them nervous, an increase of two percentage points in one year. Both figures are moving upward simultaneously, which reflects a public that is using AI more while becoming more uncertain about where it leads. The expert-public divide on AI’s employment effects is particularly sharp. According to the report, 73% of AI experts expect AI to have a positive impact on how people do their jobs, compared with just 23% of the general public – a 50-point gap. On the economy, the gap is 48 points (69% of experts are positive versus 21% of the public). On medical care, experts are considerably more optimistic at 84%, against 44% of the public. Those gaps matter because public trust shapes regulatory outcomes, and regulatory outcomes shape how AI is deployed. On that dimension, the report flags something striking: the US reported the lowest level of trust in its own government to regulate AI responsibly of any country surveyed, at 31%. The global average was 54%. Southeast Asian countries were the most trusting, with Singapore at 81% and Indonesia at 76%. Globally, the EU is trusted more than the US or China to regulate AI effectively. Among 25 countries in Pew Research Centre’s 2025 survey, a median of 53% trusted the EU to regulate AI, compared to 37% for the US and 27% for China. The report closes its public opinion chapter by noting that Southeast Asian countries remain among the world’s most optimistic about AI. In China, Malaysia, Thailand, Indonesia, and Singapore, more than 80% of respondents say AI will profoundly change their lives in the next three to five years. Malaysia posted the largest increase in this view from 2024 to 2025. See also: IBM: How robust AI governance protects enterprise margins Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security & Cloud Expo. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post The US-China AI gap closed. The responsible AI gap didn’t appeared first on AI News. View the full article

According to SAP, integrating agentic AI into core human capital management (HCM) modules helps target operational bloat and reduce costs. SAP’s SuccessFactors 1H 2026 release aims to anticipate administrative bottlenecks before they stall daily operations by embedding a network of AI agents across recruiting, payroll, workforce administration, and talent development. Behind the user interface, these agents must monitor system states, identify anomalies, and prompt human operators with context-aware solutions. Data synchronisation failures between distributed enterprise systems routinely require dedicated IT support teams to diagnose. When employee master data fails to replicate due to a missing attribute, downstream systems like access management and financial compensation halt. The agentic approach uses analytical models to cross-reference peer data, identify the missing variable based on organisational patterns, and prompt the administrator with the required correction. This automated troubleshooting dramatically reduces the mean time to resolution for internal support tickets. Implementing this level of autonomous monitoring requires severe engineering discipline. Integrating modern semantic search mechanisms with highly structured legacy relational databases requires extensive middleware configuration. Running large language models in the background to continuously scan millions of employee records for inconsistencies consumes massive compute resources. CIOs must carefully balance the cloud infrastructure costs of continuous algorithmic monitoring against the operational savings generated by reduced IT ticket volumes. To mitigate the risk of algorithmic hallucinations altering core financial data, engineering teams are forced to build strict guardrails. These retrieve-and-generate architectures must be firmly anchored to the company’s verified data lakes, ensuring the AI only acts upon validated corporate policies rather than generalised internet training data. The SAP release attempts to streamline this knowledge retrieval by introducing intelligent question-and-answer capabilities within its learning module. This functionality delivers instant, context-aware responses drawn directly from an organisation’s learning content, allowing employees to bypass manual documentation searches entirely. The integration also introduces a growing workforce knowledge network that pulls trusted external employment guidance into daily workflows to support confident decision-making. How SAP is using agentic AI to consolidate the HCM ecosystem The updated architecture focuses on unified experiences that adapt to operational needs. For example, the delay between a signed offer letter to new talent and the employee achieving full productivity is a drag on profit margins. Native integration combining SmartRecruiters solutions, SAP SuccessFactors Employee Central, and SAP SuccessFactors Onboarding streamlines the data flow from initial candidate interaction through to the new hire phase. A candidate’s technical assessments, background checks, and negotiated terms pass automatically into the core human resources repository. Enterprises accelerate the onboarding timeline by eliminating the manual re-entry of personnel data—allowing new technical hires to begin contributing to active commercial projects faster. Technical leadership teams understand that out-of-the-box software rarely matches internal enterprise processes perfectly. Customisation is necessary, but hardcoded extensions routinely break during cloud upgrade cycles, creating vast maintenance backlogs. To manage this tension, the software introduces a new extensibility wizard. This tool provides guided, step-by-step support for building custom extensions directly on the SAP Business Technology Platform within the SuccessFactors environment. By containing custom development within a governed platform environment, technology officers can adapt the interface to unique business requirements while preserving strict governance and ensuring future update compatibility. Algorithmic auditing and margin protection The 1H 2026 release incorporates pay transparency insights directly into the People Intelligence package within SAP Business Data Cloud to help with compliance with strict regulatory environments like the EU’s directives on pay transparency (which requires organisations to provide detailed and auditable justifications for wage discrepancies.) Manual compilation of compensation data across multiple geographic regions and currency zones is highly error-prone. Using the People Intelligence package, organisations can analyse compensation patterns and potential pay gaps across demographics. Automating this analysis provides a data-driven defence against compliance audits and aligns internal pay practices with evolving regulatory expectations, protecting the enterprise from both litigation costs and brand damage. Preparing for future demands requires trusted and consistent skills data that leadership can rely on across talent deployment and workforce planning. Unstructured data, where one department labels a capability using differing terminology from another, breaks automated resource allocation models. The update strengthens the SAP talent intelligence hub by introducing enhanced skills governance to provide administrators with a centralised interface for managing skill definitions, applying corporate standards, and ensuring data aligns across internal applications and external partner ecosystems. Standardising this data improves overall system quality and allows resource managers to make deployment decisions without relying on fragmented spreadsheets or guesswork. This inventory prevents organisations from having to outsource to expensive external contractors for capabilities they already possess internally. By bringing together data, AI, and connected experiences, SAP’s latest enhancements show how agentic AI can help organisations reduce daily friction. For professionals looking to explore these types of enterprise AI integrations and connect directly with the company, SAP is a key sponsor of this year’s AI & Big Data Expo North America. See also: IBM: How robust AI governance protects enterprise margins Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security & Cloud Expo. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post SAP brings agentic AI to human capital management appeared first on AI News. View the full article

Scotiabank has launched an AI framework, Scotia Intelligence, for data and AI operations that joins various platforms, data oversight, and software tools into a single instance. According to a press release from the bank, the stated purpose of Scotia Intelligence is to give employees, especially client-facing teams, access to AI under the bank’s existing governance and security rules. Scotiabank has published a short data ethics commitment paper, the existence of which is unique in Canada, the bank says. Tim Clark, Scotiabank’s group head and chief information officer, said Scotia Intelligence is a new approach that combines the bank’s existing infrastructure with AI abilities that connect computing environments, governance, and security so employees can use the technology more confidently. The difficult problem in the financial sector is how to make AI tools available at enterprise scale without creating new operational and regulatory risks for the organisation. Scotiabank’s response comes in the form of Scotia Navigator, the employee-focused component of Scotia Intelligence. It provides assistive AI for staff in multiple business units to in support of decision-making and software development, and is the means by which staff can build and deploy their own AI assistants within the company’s governance rules and stipulations. There’s particular weight on AI software development, with automated coding in play in the bank’s technical teams. Code generation in a regulated environment has to conform to set standards for product quality, so code checking for security and auditability is a business imperative. The bank has presented performance figures it says support the case for greater rollout of AI, citing contact centres where AI now handles more than 40% per cent of client queries, a fact that has led to industry recognition for its efforts in digital transformation. It says AI automatically forwards around 90% of commercial emails addressed to the bank, cutting the manual work of achieving this task by 70%. In digital banking, Scotiabank points to Scotia Intelligence at work giving predictive payment prompts to customers via a mobile app, helping customers manage recurring bills, email money transfers, and transferring money between a customer’s Scotiabank accounts. Phil Thomas, the bank’s Group Head and Chief Strategy & Operating Officer, described the launch as a step in the company’s AI strategy focused on client-centred experiences, and said AI tools would allow the bank’s workforce to spend more time on higher-value work. All AI uses are reviewed internally on grounds of fairness, transparency, and accountability before they are launched. Employees working with Scotia Intelligence get mandatory training and annual attestations. For CIOs, CTOs, and enterprise architecture leaders, Scotiabank’s combination of platform standardisation and formal governance creates the message that controls on AI have to exist as AI moves into production, and that exhibiting the existence of controls is important before incidents make their absence obvious. The scale of AI deployment success will depend at least partly on elements of safety and observability. The examples given by the bank’s statements suggest a programme of AI rollout where every function’s effectiveness can be measured in terms of reduced handling time, high-level automation, and customer engagement. In its public statement, Scotiabank hasn’t given detail regarding architecture, cost, model strategy, or provided evidence of external benchmarks, so total ROI is unclear. However, should its existing AI projects continue to produce cost reductions, more code, and better customer experiences, it seems likely that Scotiabank will apply the technology elsewhere in its business. Scotiabank envisages future use of agents for research and analytics, and says there’s scope for “more autonomous, context-aware, and action-oriented capabilities over time.” (Image source: Pixabay under licence.) Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and co-located with other leading technology events. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post Canada’s Scotiabank preps for its AI future appeared first on AI News. View the full article

Hyundai Motor Group is starting to look like a company building machines that act in the real world. The change centres on physical AI: Where AI is placed into robots and systems that move and respond in physical spaces. Current efforts are mainly focused on factory and industrial settings. Hyundai’s move into physical AI systems In an interview with Semafor, chairman Chung Eui-sun said robotics and AI will play a central role in Hyundai’s next phase of growth, pushing the company beyond vehicles and into physical systems. The group plans to invest $26 billion in the US by 2028, according to United Press International, building on roughly $20.5 billion invested over the past 40 years. A large part of that spending is tied to robotics and AI-driven systems that Hyundai is combining into a single approach. Chung described robotics and physical AI as important to Hyundai’s long-term direction, adding that the company is developing robots to work with people not replace them. From automation to collaboration Hyundai is working on systems where robots and humans share tasks in the same space. This includes humanoid robots developed by Boston Dynamics, which Hyundai acquired a controlling stake in 2021. Machines are being prepared for manufacturing use, with deployment planned around 2028. The company expects to scale production to up to 30,000 units per year by 2030, with the goal to improve work on the factory floor. Robots may handle repetitive or physically demanding tasks, while humans focus on oversight and coordination. Chung said this kind of setup could help improve efficiency and product quality as customer expectations change. Exploring uses beyond the factory Current deployments remain focused on industrial settings, though Hyundai is exploring other uses. Potential areas include logistics and mobility services that combine vehicles with AI systems. These may affect deliveries and shared services. Manufacturing as the first use case for physical AI While these uses are still developing, manufacturing remains the main testing ground. Factories remain the place where Hyundai is putting these ideas into practice. The company is already working on software-driven manufacturing systems in its US operations, combining data and robotics to manage production. Physical AI builds on this by adding machines that adjust their actions based on real-time data. Chung said changes in regulations and customer demand are pushing the company to rethink how it operates in regions. Hyundai’s response is a mix of global expansion and local production, with AI and robotics helping standardise processes. Energy and infrastructure The company continues to invest in hydrogen through its HTWO brand, which covers production, storage and use. Chung pointed to rising demand linked to AI infrastructure and data centres as one reason hydrogen is gaining attention. He described hydrogen and electric vehicles as complementary options. The idea is to offer different energy choices depending on how systems are used. As AI moves into physical environments, energy becomes a more visible constraint. What physical AI means for end users Most people will not interact with a humanoid robot in the near term. But they will feel the effects of these systems in other ways. Products may be built faster and services tied to mobility or infrastructure may become more responsive. Hyundai sells more than 7 million vehicles each year in over 200 countries, supported by 16 global production facilities, according to the same UPI report. A gradual transition Hyundai is still a major carmaker, with brands like Hyundai, Kia, and Genesis forming the base of its operations. What is changing is how those vehicles – and the systems around them – are designed and managed. Physical AI represents a change from products to systems. It places AI in the environments where work and daily life take place. That change is still in progress, and many of the systems Hyundai is developing will take years to scale. The company is building toward a future where machines work with people in the real world. (Photo by @named_ aashutosh) See also: Asylon and Thrive Logic bring physical AI to enterprise perimeter security Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. This comprehensive event is part of TechEx and co-located with other leading technology events. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post Hyundai expands into robotics and physical AI systems appeared first on AI News. View the full article

Models like Google Gemma 4 are increasing enterprise AI governance challenges for CISOs as they scramble to secure edge workloads. Security chiefs have built massive digital walls around the cloud; deploying advanced cloud access security brokers and routing every piece of traffic heading to external large language models through monitored corporate gateways. The logic was sound to boards and executive committees—keep the sensitive data inside the network, police the outgoing requests, and intellectual property remains entirely safe from external leaks. Google just obliterated that perimeter with the release of Gemma 4. Unlike massive parameter models confined to hyperscale data centres, this family of open weights targets local hardware. It runs directly on edge devices, executes multi-step planning, and can operate autonomous workflows right on a local device. On-device inference has become a glaring blind spot for enterprise security operations. Security analysts cannot inspect network traffic if the traffic never hits the network in the first place. Engineers can ingest highly classified corporate data, process it through a local Gemma 4 agent, and generate output without triggering a single cloud firewall alarm. Collapse of API-centric defences Most corporate IT frameworks treat machine learning tools like standard third-party software vendors. You vet the provider, sign a massive enterprise data processing agreement, and funnel employee traffic through a sanctioned digital gateway. This standard playbook falls apart the moment an engineer downloads an Apache 2.0 licensed model like Gemma 4 and turns their laptop into an autonomous compute node. Google paired this new model rollout with the Google AI Edge Gallery and a highly optimised LiteRT-LM library. These tools drastically accelerate local execution speeds while providing highly structured outputs required for complex agentic behaviours. An autonomous agent can now sit quietly on a local machine, iterate through thousands of logic steps, and execute code locally at impressive speed. European data sovereignty laws and strict global financial regulations mandate complete auditability for automated decision-making. When a local agent hallucinates, makes a catastrophic error, or inadvertently leaks internal code across a shared corporate Slack channel, investigators require detailed logs. If the model operates entirely offline on local silicon, those logs simply do not exist inside the centralised IT security dashboard. Financial institutions stand to lose the most from this architectural adjustment. Banks have spent millions implementing strict API logging to satisfy regulators investigating generative machine learning usage. If algorithmic trading strategies or proprietary risk assessment protocols are parsed by an unmonitored local agent, the bank violates multiple compliance frameworks simultaneously. Healthcare networks face a similar reality. Patient data processed through an offline medical assistant running Gemma 4 might feel secure because it never leaves the physical laptop. The reality is that unlogged processing of health data violates the core tenets of modern medical auditing. Security leaders must prove how data was handled, what system processed it, and who authorised the execution. The intent-control dilemma Industry researchers often refer to this current phase of technological adoption as the governance trap. Management teams panic when they lose visibility. They attempt to rein in developer behaviour by throwing more bureaucratic processes at the problem, mandate sluggish architecture review boards, and force engineers to fill out extensive deployment forms before installing any new repository. Bureaucracy rarely stops a motivated developer facing an aggressive product deadline; it just forces the entire behaviour further underground. This creates a shadow IT environment powered by autonomous software. Real governance for local systems requires a different architectural approach. Instead of trying to block the model itself, security leaders must focus intensely on intent and system access. An agent running locally via Gemma 4 still requires specific system permissions to read local files, access corporate databases, or execute shell commands on the host machine. Access management becomes the new digital firewall. Rather than policing the language model, identity platforms must tightly restrict what the host machine can physically touch. If a local Gemma 4 agent attempts to query a restricted internal database, the access control layer must flag the anomaly immediately. Enterprise governance in the edge AI era We are watching the definition of enterprise infrastructure expand in real-time. A corporate laptop is no longer just a dumb terminal used to access cloud services over a VPN; it’s an active compute node capable of running sophisticated autonomous planning software. The cost of this new autonomy is deep operational complexity. CTOs and CISOs face a requirement to deploy endpoint detection tools specifically tuned for local machine learning inference. They desperately need systems that can differentiate between a human developer compiling standard code, and an autonomous agent rapidly iterating through local file structures to solve a complex prompt. The cybersecurity market will inevitably catch up to this new reality. Endpoint detection and response vendors are already prototyping quiet agents that monitor local GPU utilisation and flag unauthorised inference workloads. However, those tools remain in their infancy today. Most corporate security policies written in 2023 assumed all generative tools lived comfortably in the cloud. Revising them requires an uncomfortable admission from the executive board that the IT department no longer dictates exactly where compute happens. Google designed Gemma 4 to put state-of-the-art agentic skills directly into the hands of anyone with a modern processor. The open-source community will adopt it with aggressive speed. Enterprises now face a very short window to figure out how to police code they do not host, running on hardware they cannot constantly monitor. It leaves every security chief staring at their network dashboard with one question: What exactly is running on endpoints right now? See also: Companies expand AI adoption while keeping control Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security & Cloud Expo. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post Strengthening enterprise governance for rising edge AI workloads appeared first on AI News. View the full article

Many companies are taking a slower, more controlled approach to autonomous systems as AI adoption grows. Rather than deploying systems that act on their own, they are focusing on tools that assist human decision-making while keeping tight control over outputs. This approach is especially clear in sectors where errors carry real financial or legal risk. The question is not just what AI can do, but how its behaviour can be managed, checked, and trusted. One example comes from S&P Global Market Intelligence, which builds AI tools into its Capital IQ Pro platform. The system is used by analysts to review company filings, earnings calls, and market data. Its AI features are designed to stay grounded in source material. According to S&P Global Market Intelligence, its AI tools extract insights from structured and unstructured data, including transcripts and reports, while working with verified source data. AI adoption moves ahead of autonomy The current wave of AI tools in business is often described as a step toward autonomous agents. These systems may eventually plan tasks, make decisions, and act without direct human input. But most companies are not there yet. AI adoption is already widespread, with a majority of organisations using AI in at least one part of their business, according to research from McKinsey & Company. At the same time, many organisations have yet to scale AI across the enterprise, showing a disconnect between initial use and broader deployment. Instead, AI helps with tasks such as summarising documents or answering queries, but it does not act independently. S&P Global Market Intelligence’s tools enable users to query large datasets through a chat interface, but the results are tied to verified financial content. In many cases, users can refer back to underlying documents, lowering the risk of errors or unsupported outputs. In its research, the company outlines AI governance as a process in which systems are designed, deployed, and monitored, with attention to fairness, transparency, and accountability. AI adoption in high-risk sectors In finance, small errors can have large consequences. That shapes how AI is built and used. Tools like Capital IQ Pro are designed to support analysts rather than replace them. The system may help surface insights or highlight trends, but final decisions still rest with human users. The gap between adoption and value is becoming clearer. Many organisations report a gap between AI deployment and measurable business outcomes, according to findings from McKinsey & Company. While autonomous systems may be able to handle certain tasks, companies often need clear accountability. When decisions affect investments, compliance, or reporting, there must be a way to explain how those decisions were made. Research from S&P Global notes that organisations are increasingly focused on building governance frameworks to manage AI risks, including data quality issues and model bias. A step toward future systems The gap between today’s controlled AI tools and future autonomous systems remains wide. Interest in more autonomous and agent-driven systems is also growing, even as most organisations remain in early stages of deployment. Systems that can explain their outputs, show their sources, and operate within defined limits are more likely to be trusted. Autonomous agents may one day handle tasks such as financial analysis, customer support, or supply chain planning with minimal input. But without clear control mechanisms, their use will remain limited. These themes will feature at AI & Big Data Expo North America 2026 on May 18–19. S&P Global Market Intelligence is listed as a bronze sponsor of the event. The agenda features topics such as AI governance, ethics, and the use of AI in regulated industries. Balancing capability and control The push toward autonomous AI is unlikely to slow down. Advances in large language models and agent-based systems continue to expand what AI can do. At the same time, enterprise users are asking a different question: how to keep those systems under control. S&P Global Market Intelligence’s approach reflects that concern. By keeping AI grounded in verified data and placing humans at the centre of decision-making, it prioritises trust over autonomy. As systems grow more capable, the ability to govern and control them could become just as important as the tasks they perform. (Photo by Hitesh Choudhary) See also: Why companies like Apple are building AI agents with limits Want to learn more about AI and big data from industry leaders? Check outAI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events, click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post Companies expand AI adoption while keeping control appeared first on AI News. View the full article

To protect enterprise margins, business leaders must invest in robust AI governance to securely manage AI infrastructure. When evaluating enterprise software adoption, a recurring pattern dictates how technology matures across industries. As Rob Thomas, SVP and CCO at IBM, recently outlined, software typically graduates from a standalone product to a platform, and then from a platform to foundational infrastructure, altering the governing rules entirely. At the initial product stage, exerting tight corporate control often feels highly advantageous. Closed development environments iterate quickly and tightly manage the end-user experience. They capture and concentrate financial value within a single corporate entity, an approach that functions adequately during early product development cycles. However, IBM’s analysis highlights that expectations change entirely when a technology solidifies into a foundational layer. Once other institutional frameworks, external markets, and broad operational systems rely on the software, the prevailing standards adapt to a new reality. At infrastructure scale, embracing openness ceases to be an ideological stance and becomes a highly practical necessity. AI is currently crossing this threshold within the enterprise architecture stack. Models are increasingly embedded directly into the ways organisations secure their networks, author source code, execute automated decisions, and generate commercial value. AI functions less as an experimental utility and more as core operational infrastructure. The recent limited preview of Anthropic’s Claude Mythos model brings this reality into sharper focus for enterprise executives managing risk. Anthropic reports that this specific model can discover and exploit software vulnerabilities at a level matching few human experts. In response to this power, Anthropic launched Project Glasswing, a gated initiative designed to place these advanced capabilities directly into the hands of network defenders first. From IBM’s perspective, this development forces technology officers to confront immediate structural vulnerabilities. If autonomous models possess the capability to write exploits and shape the overall security environment, Thomas notes that concentrating the understanding of these systems within a small number of technology vendors invites severe operational exposure. With models achieving infrastructure status, IBM argues the primary issue is no longer exclusively what these machine learning applications can execute. The priority becomes how these systems are constructed, governed, inspected, and actively improved over extended periods. As underlying frameworks grow in complexity and corporate importance, maintaining closed development pipelines becomes exceedingly difficult to defend. No single vendor can successfully anticipate every operational requirement, adversarial attack vector, or system failure mode. Implementing opaque AI structures introduces heavy friction across existing network architecture. Connecting closed proprietary models with established enterprise vector databases or highly sensitive internal data lakes frequently creates massive troubleshooting bottlenecks. When anomalous outputs occur or hallucination rates spike, teams lack the internal visibility required to diagnose whether the error originated in the retrieval-augmented generation pipeline or the base model weights. Integrating legacy on-premises architecture with highly gated cloud models also introduces severe latency into daily operations. When enterprise data governance protocols strictly prohibit sending sensitive customer information to external servers, technology teams are left attempting to strip and anonymise datasets before processing. This constant data sanitisation creates enormous operational drag. Furthermore, the spiralling compute costs associated with continuous API calls to locked models erode the exact profit margins these autonomous systems are supposed to enhance. The opacity prevents network engineers from accurately sizing hardware deployments, forcing companies into expensive over-provisioning agreements to maintain baseline functionality. Why open-source AI is essential for operational resilience Restricting access to powerful applications is an understandable human instinct that closely resembles caution. Yet, as Thomas points out, at massive infrastructure scale, security typically improves through rigorous external scrutiny rather than through strict concealment. This represents the enduring lesson of open-source software development. Open-source code does not eliminate enterprise risk. Instead, IBM maintains it actively changes how organisations manage that risk. An open foundation allows a wider base of researchers, corporate developers, and security defenders to examine the architecture, surface underlying weaknesses, test foundational assumptions, and harden the software under real-world conditions. Within cybersecurity operations, broad visibility is rarely the enemy of operational resilience. In fact, visibility frequently serves as a strict prerequisite for achieving that resilience. Technologies deemed highly important tend to remain safer when larger populations can challenge them, inspect their logic, and contribute to their continuous improvement. Thomas addresses one of the oldest misconceptions regarding open-source technology: the belief that it inevitably commoditises corporate innovation. In practical application, open infrastructure typically pushes market competition higher up the technology stack. Open systems transfer financial value rather than destroying it. As common digital foundations mature, the commercial value relocates toward complex implementation, system orchestration, continuous reliability, trust mechanics, and specific domain expertise. IBM’s position asserts that the long-term commercial winners are not those who own the base technological layer, but rather the organisations that understand how to apply it most effectively. We have witnessed this identical pattern play out across previous generations of enterprise tooling, cloud infrastructure, and operating systems. Open foundations historically expanded developer participation, accelerated iterative improvement, and birthed entirely new, larger markets built on top of those base layers. Enterprise leaders increasingly view open-source as highly important for infrastructure modernisation and emerging AI capabilities. IBM predicts that AI is highly likely to follow this exact historical trajectory. Looking across the broader vendor ecosystem, leading hyperscalers are adjusting their business postures to accommodate this reality. Rather than engaging in a pure arms race to build the largest proprietary ****** boxes, highly profitable integrators are focusing heavily on orchestration tooling that allows enterprises to swap out underlying open-source models based on specific workload demands. Highlighting its ongoing leadership in this space, IBM is a key sponsor of this year’s AI & Big Data Expo North America, where these evolving strategies for open enterprise infrastructure will be a primary focus. This approach completely sidesteps restrictive vendor lock-in and allows companies to route less demanding internal queries to smaller and highly efficient open models, preserving expensive compute resources for complex customer-facing autonomous logic. By decoupling the application layer from the specific foundation model, technology officers can maintain operational agility and protect their bottom line. The future of enterprise AI demands transparent governance Another pragmatic reason for embracing open models revolves around product development influence. IBM emphasises that narrow access to underlying code naturally leads to narrow operational perspectives. In contrast, who gets to participate directly shapes what applications are eventually built. Providing broad access enables governments, diverse institutions, startups, and varied researchers to actively influence how the technology evolves and where it is commercially applied. This inclusive approach drives functional innovation while simultaneously building structural adaptability and necessary public legitimacy. As Thomas argues, once autonomous AI assumes the role of core enterprise infrastructure, relying on opacity can no longer serve as the organising principle for system safety. The most reliable blueprint for secure software has paired open foundations with broad external scrutiny, active code maintenance, and serious internal governance. As AI permanently enters its infrastructure phase, IBM contends that identical logic increasingly applies directly to the foundation models themselves. The stronger the corporate reliance on a technology, the stronger the corresponding case for demanding openness. If these autonomous workflows are truly becoming foundational to global commerce, then transparency ceases to be a subject of casual debate. According to IBM, it is an absolute, non-negotiable design requirement for any modern enterprise architecture. See also: Why companies like Apple are building AI agents with limits Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security & Cloud Expo. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post IBM: How robust AI governance protects enterprise margins appeared first on AI News. View the full article

Next-generation AI assistants being developed in the Apple ecosystem and by chipmakers like Qualcomm, but early reports suggest they are being designed with limits in place. Tom’s Guide has described early versions of these assistants as capable of navigating apps, carrying out bookings, and managing tasks in services. For instance a private beta agentic system completed tasks like booking services or posting content in apps. In one test, it moved through an app workflow and reached a payment screen before asking the user for confirmation. AI agents are being built with approval checkpoints. Sensitive actions, especially those tied to payments or account changes, require user confirmation before they are completed. The “human-in-the-loop” model lets the system prepare an action, but leaves approval to the user. Research linked to Apple’s AI work has explored ways to ensure systems pause before taking actions users did not explicitly request. Banking apps already require confirmation for transfers. The same idea is now being applied to AI-driven actions in multiple services. Limits and control A control layer comes from restricting what the AI can access. Rather than providing the system full access to apps and data, businesses are establishing limits, such as which apps the AI can interact with and when actions can be triggered. In practice, this means the AI may be able to draft a purchase or prepare a booking, but not finalise it without approval. It also means the system cannot move freely in all services unless it has been granted permission. According to Tom’s Guide, the facility is for privacy. If data remains on the device, it eliminates the need to send sensitive information to external servers. In areas like payments, AI systems are expected to work with partners that already have strict rules in place. In one reported example, payment providers’ services are being integrated to provide secure authentication before transactions are completed, though such safeguards are still under development. The existing systems act as an additional layer of oversight. They can set transaction limits or require extra verification. Much of the discussion around AI governance has focused on enterprise use. That includes areas like cybersecurity and large-scale automation. The consumer side introduces a different challenge and companies must design controls that work for everyday users. That means clear approval steps and built-in privacy protections. Autonomy with boundaries As AI gains the ability to carry out actions, the risks become greater as errors can lead to financial loss or data exposure. By placing controls at multiple points, including approval and infrastructure, companies are trying to manage those risks. The approach may shape how agentic AI develops in the near term. Rather than aiming for full independence, companies appear focused on controlled environments where the risks can be managed. (Photo by Junseong Lee) See also: Agentic AI’s governance challenges under the EU AI Act in 2026 Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and co-located with other leading technology events. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post Why companies like Apple are building AI agents with limits appeared first on AI News. View the full article

The open-source AI movement has never lacked for options. Mistral, Falcon, and a growing field of open-weight models have been available to developers for years. But when Meta threw its weight behind Llama, something shifted. A company with three billion users, vast compute resources, and the credibility of a tech giant was now building openly, and the developer community responded. By early 2026, the Llama ecosystem had reached 1.2 billion downloads, averaging about 1 million per day. That is the context for what happened on April 8, 2026. Meta launched Muse Spark, its first major new Meta AI model in a year, and the first product from its newly formed Meta Superintelligence Labs. It is capable in ways Llama 4 never was, benchmarks well against the current frontier, and is completely proprietary. No free download. No open weights. No building on it unless Meta decides you can. The companyspentUS$14.3 billion, brought in Alexandr Wang from Scale AI to lead its AI rebuild, then spent nine months tearing down its entire AI stack and starting over. Muse Spark is what came out the other side. The developer community that made Llama what it was is now being asked to wait for a future open-source version that may or may not arrive on any predictable timeline. What is Muse Spark? Muse Spark is a natively multimodal reasoning model with tool-use, visual chain of thought, and multi-agent orchestration built in. It now powers Meta AI, which reaches over three billion users in Meta’s apps. Meta rebuilt its technology infrastructure from scratch, letting the company create a model that is as capable as its older midsize Llama 4 variant for an order of magnitude less compute. That efficiency number is worth noting. At the scale Meta operates, compute costs compound fast, and running a frontier-class Meta AI model at a fraction of the cost of its predecessors changes the economics of deploying it in billions of interactions daily. On benchmarks, the picture is genuinely mixed. Muse Spark scores 52 on the Artificial Intelligence Index v4.0, placing it fourth overall behind Gemini 3.1 Pro, GPT-5.4, and Claude Opus 4.6. Meta has not claimed to have built the best model in the world, which is itself a departure from the over-claiming that damaged Llama 4’s credibility. Where Muse Spark leads is health. On HealthBench Hard – open-ended health queries – it scores 42.8, substantially ahead of Gemini 3.1 Pro at 20.6, GPT-5.4 at 40.1, and Grok 4.2 at 20.3. Health is a stated priority for Meta; the company says it worked with over 1,000 physicians to curate training data for the model. Muse Spark also offers three modes of interaction: Instant mode for quick answers, Thinking mode for multi-step reasoning tasks, and Contemplating mode, which orchestrates multiple agents’ reasoning in parallel to compete with the most demanding reasoning modes from Gemini Deep Think and GPT Pro. The open-source retreat This is the part of the Muse Spark story that the benchmark tables do not capture. Unlike Meta’s previous models, which were released as open-weight models – meaning anyone could download and run them on their own equipment – Muse Spark is entirely proprietary. The company said it will offer the model in a private preview to select partners through an API, making Muse Spark even more proprietary than the paid models offered by Meta’s rivals. Wang addressed the change directly, stating: “Nine months ago, we rebuilt our AI stack from scratch. New infrastructure, new architecture, new data pipelines. This is step one. ******* models are already in development with plans to open-source future versions.” The developer community’s response has been sceptical. Some see this as a necessary pivot after Llama 4 failed to gain expected traction. Others view it as Meta closing the gates once it has something worth protecting. That is the community now being asked to wait while competitors without that open-source legacy continue shipping freely available weights. Distribution over benchmarks Meanwhile, Meta is not waiting for the developer community to come around. Muse Spark will debut in the coming weeks inside Facebook, Instagram, WhatsApp, and Messenger, as well as in Meta’s Ray-Ban AI glasses. That rollout path is arguably more consequential than any benchmark result. OpenAI and Anthropic sell to developers and enterprises. Meta deploys directly to over three billion people already inside its apps daily. Meta’s push into health does raise privacy questions worth watching. Muse Spark users will need to log in with an existing Meta account to use it, and while Meta does not explicitly say personal account information will be used by the AI, the company has generally trained on public user data and has positioned Muse Spark as a personal superintelligence product. Meta stock rose more than 9% on the day of the launch, a signal that investors read the Muse Spark release as proof that the US$14.3 billion bet on Wang and the nine-month rebuild produced something real. Whether the promised open-source versions actually materialise is a question the developer community will press every quarter. The answer will define how this chapter of Meta’s AI story is remembered. See Also: The Meta-Manus review: What enterprise AI buyers need to know about cross-border compliance risk Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and co-located with other leading technology events. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post Meta has a competitive AI model but loses its open-source identity appeared first on AI News. View the full article

AI agents hold the promise of automatically moving data between systems and triggering decisions, but in some cases, they can act without a clear record of what, when, and why they undertook their tasks. That has the potential to create a governance problem, for which IT leaders are ultimately responsible. If an organisation can’t trace an agent’s actions and don’t have proper control over its authority, leaders can’t prove that a system is operating safely or even lawfully to regulators. That’s an issue set to become more important from August this year, as enforcement of the EU AI Act kicks in. According to the text of the Act, there will be substantial penalties for failures of governance relating to AI, especially when used in high-risk areas such as when personally-identifiable information is processed, or financial operations take place. What IT leaders need to consider in the EU Several steps can be taken to alleviate high levels of risk, and of these, the ones that stand out for consideration include agent identity, comprehensive logs, policy checks, human oversight, rapid revocation, the availability of documentation from vendors, and the formulation of evidence for presentation to regulators. There are several options decision makers can consider that will help create the record of activities undertaken by agentic systems. For example, a Python SDK (software development kit), Asqav, can sign each agent’s action cryptographically and link all records to an immutable hash chain – the type of technique that’s more associated with blockchain technology. If someone or something changes or removes a record, verification of the chain fails. For governance teams, using a verbose, centralised, possibly-encrypted system of record for all agentic AIs is a measure that provides data well beyond the scattered text logs produced by individual software platforms. Regardless of the technical details of how records are made and kept, IT leaders need to see exactly where, when, and how agentic instances are acting throughout the enterprise. Many organisations fail at this first step in any recording of automated, AI-driven activity. It’s necessary to keep a registry of every agent in operation, with each uniquely identified, plus records of its capabilities and granted permissions. This ‘agentic asset list’ ties neatly into the requirements of the EU AI Act’s article 9, which states: Article 9: For high-risk areas, AI risk management has to be an ongoing, evidence-based process built into every stage of deployment (development, preparation, production), and be under constant review. Furthermore, decision-makers need to be aware of the Act’s Article 13: High-risk AI systems have to be designed in such a way that those deploying them can understand a system’s output. Thus, an AI system from a third-party must be interpretable by its users (not an opaque code blob), and should be supplied with enough documentation to ensure its safe and lawful use. This requirement means the choice of model and its methods of deployment are both technical and regulatory considerations. Putting the brakes on It’s important for any agentic deployment to offer a facility for the revocation of an AI’s operating role, preferably within a matter of seconds. The ability to revoke quickly should be part of emergency response processes. Revocation options should include the immediate removal of privileges, immediate ceasing of API access, and the flushing of queued tasks. The presence of human oversight, combined with the presentation of enough context for humans to make informed decisions, means that human operators must be able to reject any proposed action. It’s not considered adequate for the person reviewing a decision to see only a prompt or a confidence score. Effective oversight needs information around context, every agent’s authority, and time enough to intervene to prevent mis-steps. Multi-agent considerations While every agent’s action should be recorded automatically and retained, multi-agent processes are particularly complex to track, as failures can take place among chains of agents. It’s therefore important for security policies to be tested during the development of any system that intends to utilise multiple agents. Finally, governing authorities may require logs and technical documentation at any time, and will certainly need them after any incident they have been made aware of. Conclusion The question to be considered by IT leaders considering using AI on sensitive data or in high-risk environments is whether every aspect of the technology can be identified, constrained by policy, audited, interrupted, and explained. If the answer is unclear, governance is not yet in place. (Image source: “Last Judgement” by Lawrence OP is licensed under CC BY-NC-ND 2.0. To view a copy of this license, visit [Hidden Content]) Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and co-located with other leading technology events. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post Agentic AI’s governance challenges under the EU AI Act in 2026 appeared first on AI News. View the full article

Anthropic’s most capable AI model has already found thousands of AI cybersecurity vulnerabilities across every major operating system and web browser. The company’s response was not to release it, but to quietly hand it to the organisations responsible for keeping the internet running. That model is Claude Mythos Preview, and the initiative is called Project Glasswing. The launch partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. Beyond that core group, Anthropic has extended access to over 40 additional organisations that build or maintain critical software infrastructure. Anthropic is committing up to US$100 million in usage credits for Mythos Preview across the effort, along with US$4 million in direct donations to open-source security organisations. A model that outgrew its own benchmarks Mythos Preview was not specifically trained for cybersecurity work. Anthropic said the capabilities “emerged as a downstream consequence of general improvements in code, reasoning, and autonomy”, and that the same improvements making the model better at patching vulnerabilities also make it better at exploiting them. That last part matters. Mythos Preview has improved to the extent that it mostly saturates existing security benchmarks, forcing Anthropic to shift its focus to novel real-world tasks–specifically, zero-day vulnerabilities. These flaws were previously unknown to the software’s developers. Among the findings: a 27-year-old bug in OpenBSD, an operating system known for its strong security posture. In another case, the model fully autonomously identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD–CVE-2026-4747–that allows an unauthenticated user anywhere on the internet to obtain complete control of a server running NFS. No human was involved in the discovery or exploitation after the initial prompt to find the bug. Nicholas Carlini from Anthropic’s research team described the model’s ability to chain together vulnerabilities: “This model can create exploits out of three, four, or sometimes five vulnerabilities that in sequence give you some kind of very sophisticated end outcome. I’ve found more bugs in the last couple of weeks than I found in the rest of my life combined.” Why is it not being released? “We do not plan to make Claude Mythos Preview generally available due to its cybersecurity capabilities,” Newton Cheng, Frontier Red Team Cyber Lead at Anthropic, said. “Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout–for economies, public safety, and national security–could be severe.” This is not hypothetical. Anthropic had previously disclosed what it described as the first documented case of a cyberattack largely executed by AI–a ******** state-sponsored group that used AI agents to autonomously infiltrate roughly 30 global targets, with AI handling the majority of tactical operations independently. The company has also privately briefed senior US government officials on Mythos Preview’s full capabilities. The intelligence community is now actively weighing how the model could reshape both offensive and defensive hacking operations. The open-source problem One dimension of Project Glasswing that goes beyond the headline coalition: open-source software. Jim Zemlin, CEO of the Linux Foundation, put it plainly: “In the past, security expertise has been a luxury reserved for organisations with large security teams. Open-source maintainers, whose software underpins much of the world’s critical infrastructure, have historically been left to figure out security on their own.” Anthropic has donated US$2.5 million to Alpha-Omega and OpenSSF through the Linux Foundation, and US$1.5 million to the Apache Software Foundation–giving maintainers of critical open-source codebases access to AI cybersecurity vulnerability scanning at a scale that was previously out of reach. What comes next Anthropic says its eventual goal is to deploy Mythos-class models at scale, but only when new safeguards are in place. The company plans to launch new safeguards with an upcoming Claude Opus model first, allowing it to refine them with a model that does not pose the same level of risk as Mythos Preview. The competitive picture is already shifting around it. When OpenAI released GPT-5.3-Codex in February, the company called it the first model it had classified as high-capability for cybersecurity tasks under its Preparedness Framework. Anthropic’s move with Glasswing signals that the frontier labs see controlled deployment–not open release–as the emerging standard for models at this capability level. Whether that standard holds as these capabilities spread further is, at this point, an open question that no single initiative can answer. See Also: Anthropic’s refusal to arm AI is exactly why the *** wants it Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security & Cloud Expo. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post Anthropic locked down its most powerful AI Model over cybersecurity fears–then put it to work appeared first on AI News. View the full article

A survey carried out by OutSystems, The State of AI Development 2026 , argues that AI has moved into early production phase for many enterprises, primarily inside the IT function. The survey was based on the responses of 1,879 IT leaders, and warns that adoption of AI is in danger of running ahead of governance and integration. The shortfall is a gap between what IT leaders want agents to do and what their organisations can safely control. The report’s authors urge companies to address the controls or guardrails on AI systems, and also stress the importance of integrating new, AI technology into an organisation’s existing platforms. OutSystems says 97% of its respondents are exploring some form of agentic strategy, with 49% of them describing their current abilities as “advanced” or “expert.” Nearly half of those surveyed say that over half of agentic AI projects have moved from pilot into production, with Indian companies most successful in implementing the technology: 50% of Indian companies say their AI projects are 51% to 75% successful. Companies are considering where agents should be deployed first, and under what controls, but although “cost reduction or efficiency gains” is the most cited expectation for AI’s effects, only 22% found their deployments most effective in that regard. Instead, the most effective area gains in a business stemmed from equipping software developers with AI tools described as “generative AI-assisted.” The report’s geography and sector data show that transitions to AI agentic workflows are unevenly distributed. India stands out as the market with the highest share of users considering themselves “expert”, while many organisations in Australia, Brazil, Germany, the Netherlands, the ***, and the US still identify as intermediate stage users. France and Germany are the most dubious of AI adoption, with Germany recording the highest share of leaders not using agentic AI in any form. The sectors and functions invested in AI Financial services and technology show the most movement from pilot to production, with many implementations in core business functions. The sector can be considered as having the most clear line of sight from automation to measurable returns in terms of income. The practical inference from the report’s findings would be for slower-moving sectors to copy the implementation workflows employed by the fintech industry: Start with narrow, high-volume workflows where performance can be measured and failures can be contained, and focus on the IT function. According to the survey, generative AI-assisted development is now common in nine of the ten countries surveyed, alongside traditional coding, outsourced development, and SaaS customisation. It undercuts the notion that enterprises are moving into an AI-native or all-AI stack. In fact, most organisations add agents and AI-generated code on top of the processes already proven effective in their development environments. Fragmented data no roadblock to AI progress OutSystems finds that 48% of respondents see integration with legacy systems as the most important ability needed to expand agentic AI, and 38% say legacy systems are the main reason projects stall between pilot and production. Of the potential barriers to AI development that were offered as choices to the survey’s participants, more than 40% cited integration difficulties and legacy fragmentation the most problematic. Organisations considering large data clean-up programmes (which many AI vendors advocate as a reason why deployments fail to reach production) may want to rethink, the report implies. The authors state agents can be built that can work well in complex data environments, as long as governance and integration are strengthened at the same time as AI implementation. Across the board, most sectors express “moderate trust” levels of agentic AI at around 50%, although responses from different business functions were not broken out in the survey results’ figures. IT operations and software development The financial returns are manifest mostly in IT functions themselves. The report says the most explored use cases are IT operations, at 55%, and data analysis, at 52%. Workflow automation follows at 36%, then customer experience at 33%. On realised return on investment, IT development and productivity lead by a margin, at 40%, ahead of operational efficiency at 22%. That distribution suggests that the first durable value from agentic AI is internal at developers’ desks rather than in customer-facing environments. Customer-facing deployments may still make sense, but the report indicates they require more trust in system performance, stronger controls, better orchestration, and an ability to create watertight oversight mechanisms. Trust in and control of agents and governance Trust in agentic AI, however, is improving. OutSystems reports that 73% of respondents express either high or moderate trust in letting agents to act autonomously, a rise of around 10% compared to a similar survey the company undertook last year. Trust in code or workflows generated by third-party AI tools is slightly lower, at 67%, a substantial increase from the prior year’s figure, when only 40% ‘mostly trusted’ generative AI to write code without human help. Only 36% of respondents say they have a centralised approach to AI governance, while 64% say they lack such a facility, and 41% rely on rules implemented on a per-project basis. Two-thirds say building human-in-the-loop checkpoints is technically difficult because it requires orchestration that can pause agents – in effect inserting manual braking on operations that might be fully autonomous. Many organisations appear to be deploying ******* oversight models, although it is not clear if that is a result of greater trust in models or whether business functions are under pressure to deploy AI regardless of security or reliability concerns. If the trend to loosen oversight continues, the report’s authors note that agentic AI adoption may advance faster than the methods of accountability that many consider important. Firms that want to scale agents in regulated or mission-critical settings should treat orchestration and auditability as part of the product, the survey’s findings state. When compliance checks consider a business’s operations, breadcrumb trails in the form of logfiles and defined responsibilities are considered important elements of any agentic AI rollout. The report says 94% of leaders are concerned about “AI sprawl”, which is not defined, but could be inferred to be a lack of a centralised management platform that oversees all AI deployments in the enterprise. 39% are very or extremely concerned about the issue, and only 12% currently use a centralised platform to keep that sprawl under control. The full survey can be accessed here. (Image source: “Relax” by Koijots is licensed under CC BY-SA 2.0. To view a copy of this license, visit [Hidden Content]) Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and co-located with other leading technology events. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post AI’s software development success and central management needs appeared first on AI News. View the full article

A new open-source toolkit from Microsoft focuses on runtime security to force strict governance onto enterprise AI agents. The release tackles a growing anxiety: autonomous language models are now executing code and hitting corporate networks way faster than traditional policy controls can keep up. AI integration used to mean conversational interfaces and advisory copilots. Those systems had read-only access to specific datasets, keeping humans strictly in the execution loop. Organisations are currently deploying agentic frameworks that take independent action, wiring these models directly into internal application programming interfaces, cloud storage repositories, and continuous integration pipelines. When an autonomous agent can read an email, decide to write a script, and push that script to a server, stricter governance is vital. Static code analysis and pre-deployment vulnerability scanning just can’t handle the non-deterministic nature of large language models. One prompt injection attack (or even a basic hallucination) could send an agent to overwrite a database or pull out customer records. Microsoft’s new toolkit looks at runtime security instead, providing a way to monitor, evaluate, and block actions at the moment the model tries to execute them. It beats relying on prior training or static parameter checks. Intercepting the tool-calling layer in real time Looking at the mechanics of agentic tool calling shows how this works. When an enterprise AI agent has to step outside its core neural network to do something like query an inventory system, it generates a command to hit an external tool. Microsoft’s framework drops a policy enforcement engine right between the language model and the broader corporate network. Every time the agent tries to trigger an outside function, the toolkit grabs the request and checks the intended action against a central set of governance rules. If the action breaks policy (e.g. an agent authorised only to read inventory data tries to fire off a purchase order) the toolkit blocks the API call and logs the event so a human can review it. Security teams get a verifiable, auditable trail of every single autonomous decision. Developers also win here; they can build complex multi-agent systems without having to hardcode security protocols into every individual model prompt. Security policies get decoupled from the core application logic entirely and are managed at the infrastructure level. Most legacy systems were never built to talk to non-deterministic software. An old mainframe database or a customised enterprise resource planning suite doesn’t have native defenses against a machine learning model shooting over malformed requests. Microsoft’s toolkit steps in as a protective translation layer. Even if an underlying language model gets compromised by external inputs; the system’s perimeter holds. Security leaders might wonder why Microsoft decided to release this runtime toolkit under an open-source license. It comes down to how modern software supply chains actually work. Developers are currently rushing to build autonomous workflows using a massive mix of open-source libraries, frameworks, and third-party models. If Microsoft locked this runtime security feature to its proprietary platforms, development teams would probably just bypass it for faster, unvetted workarounds to hit their deadlines. Pushing the toolkit out openly means security and governance controls can fit into any technology stack. It doesn’t matter if an organisation runs local open-weight models, leans on competitors like Anthropic, or deploys hybrid architectures. Setting up an open standard for AI agent security also lets the wider cybersecurity community chip in. Security vendors can stack commercial dashboards and incident response integrations on top of this open foundation, which speeds up the maturity of the whole ecosystem. For businesses, they avoid vendor lock-in but still get a universally scrutinised security baseline. The next phase of enterprise AI governance Enterprise governance doesn’t just stop at security; it hits financial and operational oversight too. Autonomous agents run in a continuous loop of reasoning and execution, burning API tokens at every step. Startups and enterprises are already seeing token costs explode when they deploy agentic systems. Without runtime governance, an agent tasked with looking up a market trend might decide to hit an expensive proprietary database thousands of times before it finishes. Left alone, a badly configured agent caught in a recursive loop can rack up massive cloud computing bills in a few hours. The runtime toolkit gives teams a way to slap hard limits on token consumption and API call frequency. By setting boundaries on exactly how many actions an agent can take within a specific timeframe, forecasting computing costs gets much easier. It also stops runaway processes from eating up system resources. A runtime governance layer hands over the quantitative metrics and control mechanisms needed to meet compliance mandates. The days of just trusting model providers to filter out bad outputs are ending. System safety now falls on the infrastructure that actually executes the models’ decisions Getting a mature governance program off the ground is going to demand tight collaboration between development operations, legal, and security teams. Language models are only scaling up in capability, and the organisations putting strict runtime controls in place today are the only ones who will be equipped to handle the autonomous workflows of tomorrow. See also: As AI agents take on more tasks, governance becomes a priority Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security & Cloud Expo. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post Microsoft open-source toolkit secures AI agents at runtime appeared first on AI News. View the full article

Exciting times are ahead in the world of enterprise perimeter security with a new partnership between Thrive Logic, an AI agent-driven security and operational intelligence platform, and Asylon, a security robotics company. Together, the companies are to introduce physical AI into the network edge security arena, combining “autonomous perimeter patrols with agentic AI analytics and automated incident workflows.” The goal is to reduce response friction and let security leaders report with confidence in high-security exterior zones. Physical AI understands real-world situations and is capable of responding actively via a continuous, mobile security presence. This is in comparison to merely recording events as and when they take place, for actions to happen later. Using Asylon’s robotic patrols and Thrive Logic’s AI agent, the integration will monitor perimeter areas and analyse any incidents that may occur. Security teams might therefore relax a little and let AI detect issues in real time. In this arena, it could soon be ‘AI – 1, Bad Actors – 0.’ 24/7 robotic patrol oversight With pressure rising on security leaders in perimeter-intensive environments (labour volatility and unreliable patrol executions are two examples that spring to mind), Asylon’s Robotic Security Operations Centre (RSOC) helps combat challenges with audit-read security outcomes. Alongside Thrive Logic’s integration, robotic patrols won’t just collect video streams, but will produce alerts and step-by-step response processes. Therefore, security teams can respond more effectively, proving humans and AI can work in harmony. How it works Video captured by Asylon’s robotic patrols is securely sent to Thrive Logic’s platform. From here, the Thrive Logic AI agent continues to track connected streams, triggering alerts to relevant staff and stakeholders, and generating automated incident workflows aligned to SOP if or when these are required. The system allows enterprise security organisations to reduces operational friction, and see improvements in response consistency. The system will generate audit-ready, time-stamped incident records for all sites where the technology operates. Damon Henry, CEO of Asylon Robotics, said: “Security leaders don’t need more dashboards – they need reliable coverage, consistent response, and defensible reporting. Robotic systems that extend perimeter presence, paired with AI that turns what’s observed into clear actions and documented outcomes. By integrating Asylon’s RSOC-managed robotic patrols with Thrive Logic’s agentic AI analytics and incident workflow automation, we’re giving enterprise teams a practical, scalable way to reduce response friction and elevate operational maturity across sites.” Nate Green, CEO of Thrive Logic, also emphasised the importance of physical AI. “Physical AI is where security becomes truly operational – persistent real-world visibility paired with intelligence that drives action,” he said. “Asylon’s robotic patrols create a high-value mobile layer across large perimeters. When connected to Thrive Logic’s AI agent and workflow automation, that visibility becomes actionable alerts, guided response, and audit-ready documentation.” You may have to wait your turn to experience the Asylon-Thrive Logic Physical AI integration as it’s currently only available for enterprise security teams managing high-activity exterior environments, but the companies are hoping for greater availability to all business sizes in the near future. (Image by ikrzeus style from Pixabay) Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and co-located with other leading technology events. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post Asylon and Thrive Logic bring physical AI to enterprise perimeter security appeared first on AI News. View the full article

The failure mode for enterprise AI in 2026 is not what most people expected. It is not that the models are wrong, or that agents cannot reason, or that the technology is overhyped. The failure mode is that the data feeding those systems is fragmented, inconsistently labelled, and spread across dozens of applications that were never designed to share context. Boomi calls this the agentic AI data activation problem, and after tracking 75,000 AI agents running in production across its customer base, the company says solving it comes before everything else. That figure comes from February, when Boomi reported its strongest momentum to date: more than 30,000 customers globally, 75,000 AI agents in production, and a customer base that includes over a quarter of the Fortune 500. Yet the consistent pattern across those deployments, according to Steve Lucas, chairman and CEO of Boomi, is that AI value only materialises once the data problem is resolved. “AI only delivers value when data is properly activated, trusted and governed first,” Lucas said when the company announced its latest platform capabilities on March 9. The fragmentation problem Enterprise data is not missing; it exists in abundance, distributed across ERP systems, CRMs, data lakes, SaaS platforms, and legacy applications that have accumulated over decades. What is missing is the shared context that allows an AI agent to treat data from one system as reliably compatible with data from another. An agent drawing customer records from a CRM and pricing data from an ERP may be working from conflicting definitions of what a customer or a product actually is. The outputs it produces are only as coherent as the data standards beneath them. Boomi’s answer is Meta Hub, a central system of record announced in its March 9 platform update, designed to standardise business definitions across the enterprise and extend that context to every AI agent operating within it. The goal is to ensure agents reason from a consistent understanding of business logic rather than generating outputs based on fragmented interpretations pulled from disconnected systems. The same release introduced real-time SAP data extraction via change data capture, addressing one of the most common integration bottlenecks in large enterprises, where SAP data is often inaccessible due to slow, manual export processes that render it effectively unavailable to AI workflows in real-time. New governance capabilities for Snowflake Cortex agents within Boomi’s Agent Control Tower added audit trails and session logs, addressing a concern that has moved steadily up enterprise priority lists: AI agents operating as a ****** box, taking actions with no visible reasoning chain. What the analyst’s recognition signals Two independent assessments in March gave Boomi external validation of its positioning. On March 16, Gartner named Boomi a Leader in its 2026 Magic Quadrant for Integration Platform as a Service–the twelfth consecutive time–and positioned it highest for Ability to Execute. On March 31, the IDC MarketScape for Worldwide API Management named Boomi a Leader, specifically noting its AI-centric strategy that treats APIs as both the fuel and the control plane for AI workloads. The Gartner framing is pointed. The report stated that AI-ready integration is a strategic capability that aligns architecture, integration, and governance to enable AI agents to effectively access enterprise data and operate within business processes. That framing validates the problem Boomi is addressing and signals that iPaaS platforms are now being evaluated on AI readiness rather than traditional integration capabilities alone. The broader pattern By now, we are aware that the shift from pilot to production in enterprise AI is stalling in a predictable place. Organisations have models. They have agents. What many do not have is the data infrastructure that makes those agents reliable enough to trust with real business processes. Data activation–moving data from static storage into live, governed, context-rich flows that agents can actually reason from–is one articulation of what that missing layer needs to look like. Whether that framing becomes the industry standard or gets absorbed into a broader category is a question 2026 will start to answer. What is not in question is that the enterprises finding ROI from agentic AI are the ones that sorted the data layer first. Boomi will be exhibiting at the AI & Big Data Expo at TechEx North America, taking place 18–19 May 2026 at the San Jose McEnery Convention Centre. (Photo by Boomi) See also: Autonomous AI systems depend on data governance Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security & Cloud Expo. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post Boomi calls it “data activation” and says it’s the missing step in every AI deployment appeared first on AI News. View the full article

The Anthropic *** expansion story is less about diplomatic courtship and more about what happens when a government punishes a company for having principles. In late February, US Defence Secretary Pete Hegseth gave Anthropic CEO Dario Amodei a stark ultimatum: remove guardrails preventing Claude from being used for fully autonomous weapons and domestic mass surveillance, or face consequences. Amodei didn’t budge. He wrote that Anthropic could not “in good conscience” grant the Pentagon’s request, arguing that some uses of AI “can undermine rather than defend democratic values.” Washington’s response was swift. Trump directed every federal agency to immediately cease all use of Anthropic’s technology, and the Pentagon designated the company a supply chain risk, a label ordinarily reserved for adversarial foreign entities like Huawei. The US$200 million Pentagon contract was pulled. Defence tech companies instructed employees to stop using Claude and switch to alternatives. London, watching all of this unfold, saw something different. The ***’s pitch Staff at the ***’s Department for Science, Innovation and Technology (DSIT) have drawn up proposals for the US$380 billion company, ranging from a dual stock listing on the London Stock Exchange to an office expansion in the capital, according to multiple people with knowledge of the plans. Prime Minister Keir Starmer’s office has backed the effort, which will be put to Amodei when he visits in late May. Anthropic already has around 200 employees in Britain and appointed former prime minister Rishi Sunak as a senior adviser last year. The infrastructure for a meaningful *** presence is already there. What the British government is now offering is an explicit signal that Anthropic’s approach to AI–built on embedded ethical constraints–is an asset, not an obstacle. A dual listing in London, if it materialised, would give Anthropic access to European institutional investors at a moment when its domestic regulatory standing remains under active legal challenge. The Pentagon’s appeal of the court-ordered injunction blocking the supply chain designation is still before the Ninth Circuit, and the outcome remains uncertain. Ethics as a competitive advantage The dispute has been framed largely as a legal and political fight. But its implications for global AI governance run deeper. Anthropic’s lawyers argued in court filings that Claude was not developed to be used for lethal autonomous weapons without human oversight, nor deployed to spy on US citizens, and that using the tools in these ways would represent an abuse of its technology. US District Judge Rita Lin, who granted a preliminary injunction blocking the blacklist in March, found the government’s actions “troubling” and concluded they likely violated the law. That judicial finding matters in the *** context. Britain is positioning itself as a regulatory environment sitting between Washington’s current posture, which demands unrestricted military access, and Brussels, where the EU AI Act imposes its own constraints. The *** government presents itself as offering a less constrained environment for AI companies than either the US or the European Union. Crucially, that pitch doesn’t ask Anthropic to abandon the guardrails it went to court to defend. The courtship also sits alongside broader *** efforts to build domestic AI capability, including a recently announced £40 million state-backed research lab, after officials acknowledged the absence of a homegrown competitor to the leading US frontier labs. Competition in London The ***’s play for Anthropic is not happening in a vacuum. OpenAI has already committed to making London its biggest research hub outside the US. Google has anchored itself in King’s Cross since acquiring DeepMind in 2014. The race to secure frontier AI in London is already competitive, and Anthropic’s current circumstances make it the most consequential target yet. Anthropic has been expanding internationally regardless of its domestic legal battles, including opening a Sydney office as its fourth Asia-Pacific location. The global growth strategy is already in motion. What remains to be seen is how much of it London gets to claim. The company Washington blacklisted for having an AI ethics policy is now being actively courted by another G7 government that wants exactly that. The late May meetings with Amodei will be telling. See Also: Anthropic selected to build government AI assistant pilot Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security & Cloud Expo. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post Anthropic’s refusal to arm AI is exactly why the *** wants it appeared first on AI News. View the full article

AI systems are starting to move beyond simple responses. In many organisations, AI agents are now being tested to plan tasks, make decisions, and carry out actions with limited human input. It is no longer just about whether a model gives the right answer. It is about what happens when that model is allowed to act. Autonomous systems need clear boundaries. They need rules that define what they can access, what they are allowed to do, and how their actions are tracked. Without those controls, even well-trained systems can create problems that are hard to detect or reverse. One company working on this problem is Deloitte. The firm has been developing governance frameworks and advisory approaches to help organisations manage AI systems. From tools to AI agents Most AI systems in use today still depend on human prompts. They generate text, analyse data, or make predictions, but a person usually decides what happens next. Agentic AI changes that pattern. These systems can break down a goal into steps, choose actions, and interact with other systems to complete tasks. That added independence brings new challenges. When a system acts on its own, it may take paths that were not fully expected or use data in ways that were not intended. Deloitte’s work focuses on helping organisations prepare for these risks. Rather than treating AI as a standalone tool, the firm looks at how it fits into business processes, including how decisions are made and how data flows through systems. Building governance into the lifecycle Governance should not be added after deployment. It needs to be built into the full lifecycle of an AI system. This starts at the design stage. Organisations need to define what a system is allowed to do and where its limits are. This may include setting rules around data use and outlining how the system should respond in uncertain situations. The next stage is deployment. At this point, governance focuses on access and control, including who can use the system and what it can connect to. Once the system is live, monitoring becomes the main concern. Autonomous systems can change over time as they interact with new data. Without regular checks, they may drift away from their original purpose. The role of transparency and accountability As AI systems take on more responsibility, it becomes more difficult to trace how decisions are made. This creates a demand for stronger transparency. Deloitte’s work highlights the importance of keeping track of how systems operate. This includes logging actions and documenting decisions. These records help organisations in determining what happened if something goes wrong. If an autonomous system takes an action, there needs to be clarity about who is responsible. Research from Deloitte shows that adoption of AI agents is moving faster than the controls needed to manage them. Around 23% of companies already use them, and that figure is expected to reach 74% within two years. Only 21% report having strong safeguards in place to oversee how they behave. Real-time oversight for AI agents Once an autonomous system is active, the focus shifts to how it behaves in real-world conditions. Static rules are not always enough, and systems need to be observed as they operate. Deloitte’s approach includes real-time monitoring, allowing organisations to track what an AI system is doing as it performs tasks. If the system behaves in an unexpected way, teams can step in quickly. This may involve pausing certain actions or adjusting permissions. Real-time oversight also helps with compliance. In regulated industries, companies need to show that systems follow rules and standards. In practice, these controls are starting to appear in operational settings. Deloitte describes scenarios where AI systems monitor equipment performance across sites. Sensor data can signal early signs of failure, which can trigger maintenance workflows and update internal systems. Governance frameworks define what actions the system can take, when human approval is required, and how decisions are recorded. The process runs across multiple systems, but from a user’s point of view, it appears as a single action. Governance is part of discussions at AI & Big Data Expo North America 2026, taking place on May 18–19 in Santa Clara, California. Deloitte is listed as a Diamond Sponsor for the event, placing it among the firms contributing to conversations around how autonomous systems are deployed and controlled in practice. The challenge is not just building smarter systems, but ensuring they behave in ways organisations can understand, manage, and trust over time. (Photo by Roman) See also: Autonomous AI systems depend on data governance Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security & Cloud Expo. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post As AI agents take on more tasks, governance becomes a priority appeared first on AI News. View the full article

With the launch of KiloClaw, enterprises now have a tool to enforce governance over autonomous agents and manage shadow AI. While businesses spent the last year securing large language models and formalising vendor agreements, developers and knowledge workers started moving on their own. Employees are bypassing official procurement, deploying autonomous agents on personal infrastructure to automate their daily workflows. This practice, known as ‘Bring Your Own AI’ or BYOAI, exposes proprietary enterprise data to unregulated external environments. To address this vulnerability, software provider Kilo launched KiloClaw for Organizations, an enterprise-grade platform built to rein in decentralised agent deployments and restore architectural oversight. Kilo targets the lack of visibility surrounding agent deployment. When engineers set up autonomous agents to parse error logs, or financial analysts deploy local scripts to reconcile spreadsheets, they prioritise immediate efficiency over security protocols. These agents routinely gain access to corporate Slack channels, Jira boards, and private code repositories through personal API keys. Since these connections happen outside official IT purview, they create blind spots for data exfiltration and intellectual property leaks. KiloClaw provides a centralised control plane for security teams to identify, monitor, and restrict these autonomous actors without blocking their productivity gains. The unseen infrastructure of Bring-Your-Own-Agent The current shift mirrors the Bring Your Own Device (BYOD) era of the early 2010s, when employees used personal smartphones for corporate email and forced IT departments to adopt mobile device management. The AI equivalent carries higher stakes. A compromised phone might expose a static inbox, but an unmonitored autonomous agent has active execution privileges. It reads, writes, modifies, and deletes data across integrated platforms at speeds humans cannot replicate. These autonomous scripts also frequently rely on external computational power. An employee might run an agent locally while the agent sends corporate data to third-party inference servers to process queries. If those providers use the ingested data to train future models, the enterprise loses control of its intellectual property. KiloClaw, for its part, establishes a secure boundary around these processes. Instead of ignoring external deployments, the platform pulls them into a registry where compliance officers can audit behaviour and data flows. Identity and access management for autonomous AI agents Governing autonomous systems requires a different technical architecture than managing a human workforce. Traditional Identity and Access Management (IAM) systems are built for human credentials or static application-to-application communication. Autonomous agents, however, are dynamic. Agents chain tasks together sequentially, formulating new requests based on the output of previous actions. An agent might request access to an enterprise resource planning database halfway through a task, and standard security software struggles to determine if this is hostile behaviour or a legitimate operation. KiloClaw treats agents as distinct entities requiring restrictive, time-bound permission scopes. Instead of developers plugging permanent, high-level API keys into experimental models, KiloClaw issues short-lived, narrowly defined access tokens. If an agent designed to summarise weekly marketing emails attempts to download a customer database, the platform detects the scope violation and revokes access. This containment limits the blast radius within the corporate network if an open-source model behaves unpredictably. How tools like KiloClaw balance velocity and compliance Mandating a blanket ban on custom-built automation tools rarely works; it drives the behaviour underground, encouraging engineers to obfuscate traffic and hide workflows. Platforms like KiloClaw aim to construct a sanctioned environment where employees can safely register their tools. For this governance framework to work, IT leaders need to prioritise integration. KiloClaw connects directly into the continuous integration and deployment pipelines that software teams already utilise. By automating security checks and permission provisioning, security teams remove the friction that causes employees to bypass rules. Enterprises can establish baseline templates detailing what data external models can process, allowing workers to deploy agents within pre-approved boundaries. This maintains compliance without sacrificing workflow automation. The development of shadow AI governance tools points to a new phase of algorithmic regulation. Early corporate reactions to generative models focused on acceptable use policies for text-based chatbots. Now, the focus is shifting toward orchestration, containment, and system-to-system accountability. Regulators globally are also examining how companies monitor automated systems, pushing verifiable oversight toward legal obligation. As digital agents multiply within corporate networks, the concept of an ‘Agent Firewall’ is becoming a standard IT budget item. Platforms that map the relationships between human intent, machine execution, and corporate data will form the foundation of future security operations. KiloClaw’s entry into the organisational governance space highlights a shifting reality for the C-suite: the immediate threat includes well-meaning employees handing network keys to unregulated machines. Establishing structural authority over these non-human actors is necessary to safely harness their potential. See also: Autonomous AI systems depend on data governance Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security & Cloud Expo. Click here for more information. AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here. The post KiloClaw targets shadow AI with autonomous agent governance appeared first on AI News. View the full article

A decade ago, it would have been hard to believe that artificial intelligence could do what it can do now. However, it is this same power that introduces a new attack surface that traditional security frameworks were not built to address. As this technology becomes embedded in critical operations, companies need a multi-layered defense strategy that includes data protection, access control and constant monitoring to keep these systems safe. Five foundational practices address these risks. 1. Enforce strict access and data governance AI systems depend on the data they are fed and the people who access them, so role-based access control is one of the best ways to limit exposure. By assigning permissions based on job function, teams can ensure only the right people can interact with and train sensitive AI models. Encryption reinforces protection. AI models and the data used to train them must be encrypted when stored and when moving between systems. This is especially important when that data includes proprietary code or personal information. Leaving a model unencrypted on a shared server is an open invitation for attackers, and solid data governance is the last line of defence keeping those assets safe. 2. Defend against model-specific threats AI models face a variety of threats that conventional security tools were not designed to catch. Prompt injection ranks as the top vulnerability in the OWASP top 10 for large language model (LLM) applications, and it happens when an attacker embeds malicious instructions inside an input to override a model’s behaviour. One of the most direct ways to block these attacks at the entry point is by deploying AI-specific firewalls that validate and sanitise inputs before they reach an LLM. Beyond input filtering, teams should run regular adversarial testing, which is essentially ethical hacking for AI. Red team exercises simulate real-world scenarios like data poisoning and model inversion attacks to reveal vulnerabilities before threat actors find them. Research on red teaming AI systems highlights that this kind of iterative testing needs to be built into the AI development life cycle and not bolted on after deployment. 3. Maintain detailed ecosystem visibility Modern AI environments span on-premise networks, cloud infrastructure, email systems and endpoints. When security data from each of these areas is in a separate silo, visibility gaps may emerge. Attackers move through those gaps undetected. A fragmented view of your environment makes it nearly impossible to correlate suspicious events into a coherent threat picture. Security teams need unified visibility in every layer of their digital environment. This means breaking down information silos between network monitoring, cloud security, identity management and endpoint protection. When telemetry from all these sources feeds into a single view, analysts can connect the dots between an anomalous login, a lateral movement attempt and a data exfiltration event not seeing each in isolation. Achieving this breadth of coverage is increasingly nonnegotiable. As the NIST’s Cybersecurity Framework Profile for AI makes clear, securing these systems requires organisations to secure, thwart and defend in all relevant assets, not the most visible ones. 4. Adopt a consistent monitoring process Security is not a one-time configuration because AI systems change. Models are updated, new data pipelines are introduced, user behaviours change and the threat landscape evolves with them. Rule-based detection tools struggle to keep pace because they rely on known attack signatures not real-time behavioural analysis. Continuous monitoring addresses this gap by establishing a behavioural baseline for AI systems and flagging deviations as they happen. Consistent monitoring can flag unusual activity in the moment, whether it’s a model producing unexpected outputs, a sudden change in API call patterns or a privileged account accessing data it normally shouldn’t. Security teams get an immediate alert with enough context to act fast. The change toward real-time detection is critical for AI environments, where the volume and speed of data far outpace human review. Automated monitoring tools that learn normal patterns of behaviour can detect low-and-slow attacks that would otherwise go unnoticed for weeks. 5. Develop a clear incident response plan Incidents are inevitable, even with strong preventive controls in place. Without a predefined response plan, companies risk making costly decisions under pressure, which can worsen the impact of a breach that could have been contained quickly. An effective AI incident response plan should cover containment, investigation, eradication and recovery: Containment: Limits the immediate impact by isolating affected systems Investigation: Establishes what happened and how far it reached Eradication: Removes the threat and patches the exploited weakness Recovery: Restores normal operations with stronger controls in place AI incidents require unique recovery steps, like retraining a model that was fed corrupted data or reviewing logs to see what the system produced while it was compromised. Teams that plan for these scenarios in advance recover faster and with far less reputational damage. Top 3 providers for implementing AI security Implementing these practices at scale requires purpose-built tooling. Three providers stand out for organisations looking to put a serious AI security strategy into practice. 1. Darktrace Darktrace is a premier choice for AI security, largely because of its foundational Self-Learning AI. The system builds a dynamic understanding of what normal looks like in an enterprise’s unique digital environment. Rather than relying on static rules or historical attack signatures, Darktrace’s core AI looks for anomalous events, reducing the false positives that plague more rule-based tools. A second layer of analysis is provided by its Cyber AI Analyst, which autonomously investigates every alert and determines whether it is part of a wider security incident. This can reduce the number of alerts that land in a SOC analyst’s ****** from hundreds to just two or three critical incidents that need attention. Darktrace was among the earliest adopters of AI for cybersecurity, giving its solutions a maturity advantage over newer entrants. Its coverage spans on-premise networks, cloud infrastructure, email, OT systems and endpoints – all manageable in unison or at the individual product level. One-click integrations from the customer portal mean brands can extend that coverage without long, disruptive deployment cycles. 2. Vectra AI Vectra AI is a strong option for organisations running hybrid or multi-cloud environments. Its Attack Signal Intelligence technology automates the detection and prioritisation of attacker behaviours in network traffic and cloud logs, surfacing the activity that matters most not flooding analysts with raw alerts. Vectra takes a behaviour-based approach to threat detection, focusing on what attackers do in an environment, not how they initially gained access. This makes it effective at catching lateral movement, privilege escalation and command-and-control activity that bypasses perimeter defenses. For teams managing complex hybrid architectures, Vectra’s ability to provide consistent detection in on-premise and cloud environments in a single platform is an advantage. 3. CrowdStrike CrowdStrike is recognised as a leader in cloud-native endpoint security. Its Falcon platform is built on a powerful AI model trained on an extensive body of threat intelligence, letting it prevent, detect and respond to threats at the endpoint, including novel malware. In environments where endpoints make up a large chunk of the attack surface, its lightweight agent and cloud-native setup make it easy to deploy without disrupting operations. Its threat intelligence integrations also help security teams connect the dots, linking what’s happening on a single device to a larger attack pattern playing out in the whole infrastructure. Chart a secure future for artificial intelligence As AI systems grow more capable, the threats designed to exploit them will also grow more sophisticated. Securing AI demands a forward-thinking strategy built on prevention, continuous visibility and rapid response – one that adapts as the environment evolves. The post 5 best practices to secure AI systems appeared first on AI News. View the full article