FCC Proposes Drone Innovation Zones To Boost US Production

On April 1, 2026, the FCC’s Wireless Telecommunications Bureau and Office of Engineering and Technology released a public notice calling for feedback on steps the Commission should take to strengthen US leadership in drone manufacturing technology and use.  

Chairman Carr called this public notice the next major step in efforts to promote US drone leadership by cutting red tape, modernizing obsolete regulations, and securing a domestic drone supply chain. The agencies are seeking input on freeing up spectrum for drones, updating the licensing framework, supporting drone and anti-drone system testing, and other areas to reduce bureaucracy and accelerate improvements in this field.   

Comments are due by May 1, 2026, with reply comments due by May 18, 2026.  

Key Takeaways 

  • WTB and OET framed the public notice as supporting the commission’s ongoing work aligned with the American drone dominance agenda  
  • The public notice aims to collect information on various drone-related topics that could inform future FCC actions without setting a fixed regulatory path.  
  • It examines whether existing spectrum is suitable for drones and explores drone access to other spectrum bands, including those for licensed mobile services.  
  • WTB and OET are also seeking feedback on how to make it easier to develop and deploy drones by changing the commission’s experimental licensing process, possibly by adding a special drone license category.  
  • The focus on cutting red tape in processes, allowing greater flexibility in spectrum use, and using market-based approaches aligns with the direction of other recent actions by the commission and its bureaus.  

Background 

WTB and OET state that the public notice supports the Commission’s efforts in line with recent executive orders to accelerate US drone commercialization, encourage domestic manufacturing, broaden drone access to spectrum for advanced operations, and restrict foreign drone use in sensitive areas.  

In December 2025, the FCC restricted the import, sale, and marketing of certain foreign-made drones and components identified as security risks. The commission later provided conditional approvals for four drone devices found to cause no unacceptable risk after further review.  

The public notice also emphasizes the need to work with other federal agencies, including the FAA, the National Telecommunications and Information Administration, and national security agencies. This coordination helps ensure that communications policies support the administration’s broader goal of safely integrating drones into US airspace. These efforts include joining a multi-agency group focused on developing and launching advanced air mobility (AAM) technologies, such as electric vertical takeoff and landing (eVTOL) aircraft, in the United States.  

Increasing Spectrum Access for UAS 

The public notice seeks broad comment on any and all non-federal frequency resources that commenters believe are necessary to further America’s UAS leadership role. Specific areas of inquiry include:  

  • Unlicensed spectrum: WTB and OET note that most drones use unlicensed spectrum (902–928 megahertz, 2400–2500 megahertz, 5000-5725 megahertz, and 5725-5875 megahertz) and ask if these bands remain suitable.  
  • Opening licensed spectrum for UAS operations: The public notice asks whether drones should operate in more of the spectrum used for licensed mobile broadband, focusing on bands such as CBRS and the 3.7 gigahertz service, where aeronautical mobile use is currently barred.  
  • Accelerating UAS development in the 5,030-5,091 MHz band: The public notice seeks input on speeding up the rollout of rules adopted in 2024  
  • Additional comment on open proceedings: WTB and OET ask commenters to update the records on unresolved issues from the 2023 UAS Notice of Proposed Rulemaking, including drone access to the 960-1164 MHz band. They also invite feedback on other pending requests to open additional drone bands.  
  • Supporting interagency efforts: WTB and OET seek feedback on how the commission can support interagency efforts on drones and anti-drone systems. This includes setting up the National Training Center for Counter UAS Systems and working with third parties on air traffic management and surveillance.  

Streamlining UAS Licensing 

The public notice also requests input on ways to update the commission’s experimental licensing process for drone development and testing. WTB and OET note that the current system may be slow and limited in scope, especially for technologies that use multiple bands, support mobile operations, or enable BVLOS communications. To fix this, they are considering a dedicated experimental license for drones with longer terms, broader coverage, and faster renewal terms. They also want feedback on tiered licensing, pre-cleared test corridors, blanket authorizations, and modular licensing based on approved spectrum bands and use cases to speed up testing while still preventing interference. Finally, the public notice asks whether the current Part 5 rules, which limit counter UAS to research and development rather than operational use, are holding back the commercial development of anti-drone systems.  

Establishing Test Beds and Innovation Zones for UAS Operations 

WTB and OET are also asking whether and how to expand the Commission’s Innovation Zone program to support large-scale drone testing. Innovation Zones allow qualified licensees to test new technologies in a controlled environment. The public notice specifically seeks feedback on whether the AERPAW testbed at North Carolina State University has provided sufficient capacity and flexibility for large-scale drone development. In addition, if additional input is needed, WTB and OET are open to ideas for new testbeds, including those for commercial or defense use, maritime areas, or low-population regions where interference is less likely.  

Other Areas of Inquiry 

The public notice also requests feedback on several related efforts to update UAS regulations and accelerate drone deployment. These include:  

  • Clarifying the permissible applications of counter UAS technologies, including any barriers to counter UAS deployment, including 47 USC 333’s statutory prohibition on willful or malicious interference  
  • Making spectrum coordination and notification requirements simpler since current rules may limit UAS and counter-UAS operations.  
  • Offering market-based incentives to make it easier for UAS operations or aerial testing to access the spectrum  
  • Ways the FCC can encourage state and local law enforcement to use US-made UAS, such as publishing a list of trusted drones, offering public safety guidance, or using its private sector connections to promote US-made drones  
  • Considering that the FCC should set up a central resource to help operators understand UAS regulatory requirements  
  • How the agency can help develop the workforce needed to grow the US drone industry  

Impact Concerning Next Steps 

By requesting input on these UAS and counter-UAS topics, WTB and OET aim to build a strong record that could help guide future commission goals or actions to accelerate drone deployment and support the US drone industry. However, the public notice does not mean the FCC has chosen any particular regulatory path. Any changes to FCC rules would still require more action from the commission.  

To have your organization’s perspectives considered, review the public notice and submit your comments to the FCC by the designated deadline. Companies interested in expanding drone use, including those focused on spectrum access, interference, domestic manufacturing, safety, labor, surveillance, noise, wildlife protection, or agricultural technology, are encouraged to participate in this process. Licensees and operators in spectrum bands that might be used for future UAS deployment should also provide feedback, ensuring their views are part of the discussion.

SourceFCC Releases Public Notice Seeking Comment on “Unleashing American Drone Dominance” 

Figure Deploys Humanoid Robots in US Automotive Manufacturing

Figure, a robotics company specializing in general-purpose humanoid robots, has begun deploying its autonomous systems in US automotive factories. Shifting from laboratory experiments to real-world operations marks a significant transformation for American manufacturing. These robots are now operating in high-traffic plants, performing repetitive and physically strenuous work. Because their form mirrors human bodies, they integrate seamlessly into existing human-centric spaces, eliminating the need for facility redesigns. This introduction aims to address workforce shortages. The rollout enables robots and human employees to collaborate, streamlining vehicle assembly.  

Transitioning From Lab To The Assembly Line 

The first stage of this rollout targets material manipulation jobs that require precise handling and strong spatial awareness. These tasks were previously difficult to automate due to irregularly shaped parts and unpredictable movements. Tigas’s robots use advanced end effectors that emulate human hands, enabling them to grasp wire harnesses, specialized fasteners, and delicate trim pieces. Rather than following rigid instructions, the robots interpret and adapt to their surroundings as they operate.  

With Integrated Vision Force Feedback, the robots modulate grip strength in response to sensed resistance. This capability prevents them from crushing lightweight plastic components or mishandling heavy metal parts. Such precision is crucial in auto manufacturing, where minor errors can have significant impacts. Unlike stationary robotic arms, these humanoid robots can navigate around production equipment to access storage bins. Their mobility ensures efficient part flow even during shift transitions or inventory updates.  

Synchronizing Machines and Human Labor 

One main goal for 2026 is to make sure humans and robots can work safely together. The figure uses Dynamic Proximity Buffers, so the robots slow down and stop right away if a person gets too close. These safety features are built into the hardware to ensure reliable operation in fast-paced environments. Right now, the robots help with line-side logistics, moving parts from delivery areas to the main conveyor. This saves human workers from having to walk long distances carrying heavy items.  

The robots also advance ergonomic neutralization by assuming tasks that demand frequent bending or overhead reaching movements commonly linked with repetitive strain injuries among assembly staff. Offloading these high-stress assignments to robots helps companies extend worker longevity and reduce injury rates. The machines learn through behavioral mapping, observing human demonstrations, and replicating the actions. This approach facilitates rapid retraining when assembly processes change for new vehicle models.  

Solving the Infrastructure Interoperability Puzzle 

A key advantage of the Figure platform is its form factor compatibility with current industrial setups. While most automated systems require costly custom railings, cages, or specialized docking stations, humanoid robots are designed to fit into the same spaces as the people they support. They can climb stairs, pass through circular doorways, and work at bench heights identical to those of humans. This zero-refit approach lets manufacturers add automation step by step without stopping production for major facility changes.  

The robots also use universal power connectivity, which allows them to recharge from standard industrial outlets or modular docking bays. This sustains the fleet running through multiple shifts with little downtime. A central fleet management system tracks the health and battery levels of every robot in the facility. If one unit needs maintenance, the system sends a backup unit to replace it. This kind of systemic redundancy is necessary for keeping modern automotive factories running smoothly.  

Expanding the Horizon of General Purpose Utility 

As figure robots are increasingly used, the company aims for cross-functional versatility, enabling a single robot to handle multiple tasks in a single shift. For example, a robot might sort engine parts in the morning and then move to quality control for visual inspections in the afternoon. This pliability sets general-purpose humanoids apart from single-task industrial robots. It gives manufacturers a liquid workforce that can adjust quickly to changes in market demand or supply chain needs.  

The 2026 software update adds collaborative problem-solving to the robots. If a robot encounters an unexpected problem, it can alert a nearby human supervisor for help via a haptic signal. The supervisor gives a quick fix, which the robot remembers and shares with the rest of the fleet through the cloud. This collective learning means the entire robotic team improves each time a robot faces a new challenge. This ongoing improvement increases the plant’s overall productivity.  

The New Pulse of American Production 

As these new techniques are introduced in factories, we are seeing a steady transformation in the workplace. The factory is becoming more responsive with systems that work closely alongside human needs. We are moving toward a time when labor and logic work together, and every task is supported by technology that is always ready to help. Over time, the line between tool and worker may blur, forming a space where people and machines work in harmony. The factory is no longer simply a piece of heavy machinery, but a lively, efficient environment, always ready to support production.

Source F.02 Contributed to the Production of 30,000 Cars at BMW 

IBM Integrates Quantum Safe Encryption Into Enterprise Storage

IBM has added quantum-safe encryption to its enterprise storage lineup, especially the new IBM FlashSystem x600 series, to protect data from harvest-and-decrypt-later cyberattacks. These solutions use advanced cryptographic algorithms built to resist future quantum computing threats. They are expected to be available in March 2026.  

Key aspects of this integration include:  

  • Secure storage systems: The new FlashSystem X600 uses the latest Flash Core Module 5 (FCM5), a specialized storage module to deliver Quantum Safe encryption for stored data  
  • Data protection: This technology protects data against future threats by enabling quantum-safe TLS, a protocol for encrypting data in transit, and safeguarding data at rest. It is designed for critical infrastructure, government, and finance sectors.  
  • IBM Z mainframe security: IBM Z16 and LinuxONE systems use quantum-safe technologies and algorithms to secure data at rest, in transit, and in use  
  • DataPower Gateway X4 is a new physical appliance that secures and automates hybrid workloads with built-in quantum-safe cryptography for long-term data protection.  
  • Quantum-safe portfolio: IBM provides tools such as IBM Guardian Quantum Safe (for tracking cryptographic use), Quantum Safe Explorer (for exploring quantum algorithms), and Quantum Safe Remediator (for deploying new cryptography).  

These advancements are part of IBM’s broader plan to offer crypto agility, helping businesses adapt to changing cryptographic standards. Building on these innovations, IBM is also focusing on the needs of businesses facing evolving security requirements.  

Continuing its focus on advanced security, IBM has introduced the next-generation DataPower Gateway X for a high-performance security gateway designed for enterprises. It secures, integrates, and automates modern and hybrid workloads, featuring quantum-safe cryptography for long-term data protection against future threats.  

The X4 appliance serves as a unified gateway to protect, control, optimize, and connect applications across on-premises, cloud, and hybrid environments.  

Why Application Security Matters for Business Agility 

Enterprise IT environments are becoming increasingly complex, spanning multiple clouds, data centers, and diverse architectures. At the same time, cyber threats are growing and becoming more advanced, including new risks to current encryption from future quantum computing.  

To innovate efficiently and securely, organizations must share devices with strong visibility, governance, and control. Secure, scalable integration is essential for delivering digital experiences and enabling automation to enhance efficiency.  

Without a modern approach to application security, organizations can slow innovation, face increased costs, and risk exposing critical assets to threats.  

Enterprise-Grade Security With Quantum Safe Production 

Protecting client assets is IBM’s priority. DataPower Gateway X4 appliances deliver robust application security and integration services, combined with ease of use and a low cost of ownership features that have been established in DataPower solutions.  

The gateway supports a unified security framework for on-premises, cloud, and hybrid environments. Placed at the network edge and in the DMZ, it blocks unauthorized access, helps prevent denial-of-service attacks, and optimizes traffic routing. With DataPower Virtual Edition, organizations can extend this protection to cloud deployments, ensuring consistent security across the entire environment. The gateway secures both traditional web services and modern workloads, including API-based apps, event-driven and streaming services using Kafka, gRPC, and GraphQL. In computing and IT security, IBM researchers developed cryptographic schemes that NIST adopted as standards to strengthen public key cryptography. DataPower Gateway X4 appliance includes post-quantum cryptography (PQC) capabilities that can be configured for both inbound and outbound connections using TLS server and client profiles. Hybrid cryptographic algorithms are also provided, combining quantum-safe and classical methods to balance security strength with performance. With IBM DataPower, organizations can confidently protect the WAN and optimize service delivery while reducing development effort and mitigating business risk.  

Key Capabilities of DataPower Gateway X4 Appliance 

DataPower Gateway X4 is a plug-and-play appliance for rapid deployment. It is tailored for enterprise architects, security teams, and platform engineers, offering:  

  • Improved performance and scalability: Cologne offers more processing power, memory, and network bandwidth than previous generations (data power X2 and X3 gateway appliances).  
  • Secure storage for cryptographic keys: The hardware security module (HSM), a dedicated device for managing cryptographic keys, stores them in secure hardware, speeding cryptographic operations and simplifying management by centralizing key security in a hardened unit.  
  • Enterprise-grade secure design: Features a hardened tamper-resistant build that supports advanced cryptographic operations and quantum-safe protection  
  • Reliable, seamless, high-speed integration: The front panel offers networking options with built-in Ethernet model modules that support 1 GB, 10 GB, 40 GB, and 100 GB speeds.  
  • High-performance storage: comes with 1.6 TB NVMe SSDs for faster performance and greater efficiency.  
  • Improved usability: features an optimized web management interface to help developers work more efficiently.  

Availability and Next Steps 

The DataPower Gateway X4 appliance will be available starting March 26th, 2026. DataPower V11.0 will also be released on that date for use with the DataPower Virtual Edition entitlement.

SourceSecure and automate hybrid IT workloads with IBM’s new DataPower Gateway X4 appliance 

AWS Expands Sovereign Cloud Infrastructure For US Governments

Amazon is making a landmark investment of up to $50 billion to expand AI and supercomputing for US government customers using AWS. Starting in 2026, this investment will add about 1.3 gigawatts of AI and supercomputing capacity by building new data centers with advanced technology in AWS Top Secret, AWS Secret, and AWS GovCloud regions. Federal agencies will have greater access to AWS’s full range of AI services, including Amazon SageMaker for training and customizing models, Amazon Bedrock for deploying models and agents, Amazon Nova, Anthropic Claude, top open-weight base models, AWS Trainium AI chips, and NVIDIA AI infrastructure. These tools will help agencies create custom AI solutions, manage large datasets, and boost productivity. The new capabilities will be available to all current and future US government customers in these regions, supporting America’s AI leadership and providing secure, scalable infrastructure for future innovation.  

This investment will enable government agencies to dramatically accelerate discovery and policy-making outcomes. By combining simulation and modeling data with AI, agencies can now conduct analyses in hours rather than weeks or months. This means faster trend identification, quicker insight generation from large datasets, and more efficient decision-making. Research teams will be able to analyze decades of global security data and translate complex patterns into actionable recommendations, thereby improving responses to national security threats. Advanced computing will also integrate supply chain infrastructure and environmental data, providing a clearer operational picture. Defense and intelligence teams will gain the capability to automatically identify threats and create more effective response plans by processing vast amounts of satellite imagery, sensory data, and historical trends. By integrating AI with modeling and simulation, agencies will address challenges more quickly and with greater accuracy, leading to tangible improvements in mission outcomes.  

This investment will transform how the US government and related industries accomplish high-impact missions, such as strengthening national security, advancing scientific research, and driving innovation. By supporting research in areas such as autonomous systems, cybersecurity, energy, and healthcare, the initiative directly enhances America’s leadership in computational discovery and innovation. It also aligns with the administration’s AI action plan and other advanced computing projects, prioritizing secure US-based AI and cloud infrastructure. Consequently, government and industry partners will see more efficient mission execution, faster research breakthroughs, and improved national competitiveness.  

Matt Garman, CEO of AWS, stated that this investment in purpose-built government AI and cloud infrastructure will change how federal agencies utilize supercomputing. Agencies will have broader access to advanced AI capabilities, allowing them to accelerate critical missions such as cybersecurity and drug discovery. The investment aims to remove technology barriers for government agencies and enhance America’s leadership in AI.  

Amazon’s investment highlights the critical roles of AI and supercomputing in advancing technology, safeguarding critical infrastructure, and driving industrial innovation. Federal customers and their partners are working to combine AI and high-performance computing, with the primary outcomes being accelerated problem-solving, improved research workflows, and the ability for researchers and engineers to address complex challenges more efficiently. This approach marks a significant shift from traditional high-performance computing to AI-powered discovery, enabling scientists to describe their challenges and receive actionable, simulation-backed recommendations from AI systems.  

Building Resting on a Foundation of Government Innovation 

Today’s announcement shows AWS’s leadership in government cloud computing, serving over 11,000 government agencies. AWS has supported large-scale government innovation for more than a decade, achieving several industry firsts:  

  • 2011: launched AWS GovCloud (US-West), becoming the first cloud provider to build infrastructure specifically for government security and compliance requirements.  
  • 2014: Introduced AWS Top Secret East, the first air-gapped commercial cloud accredited to support classified workloads  
  • 2017: launched AWS Secret Region, becoming the first cloud provider accredited across all US government data classifications: unclassified, secret, and top secret.  
  • 2018-2025: Expanded government cloud infrastructure with AWS GovCloud (US-East), AWS Top Secret West, and AWS Secret West regions  

AWS’s experience building infrastructure of all sizes and offering strong security, compliance, and governance tools for both unclassified and classified data enables federal agencies to focus on their missions rather than managing complex on-site systems. 

Source Amazon to invest up to $50 billion to expand AI and supercomputing infrastructure for US government agencies 

CISA Issues Guidance on Securing AI-Driven Infrastructure Systems

On Wednesday, the US Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Center (ASD’s ACSC), along with other partners, released joint cybersecurity guidance for critical infrastructure owners and operators using AI in their operational technology (OT) systems. The document presents the four main principles to help organizations benefit from AI in OT while managing risks. It highlights machine learning, large language models, and AI agents because of their complex security challenges. The guidance also covers systems that use traditional statistical models and logic-based automation.  

The document, “Principles for the Secure Embedding of Artificial Intelligence in Operational Technology,” outlines key steps for safely integrating AI into OT systems. It highlights staff AI risk training, secure development, and careful consideration of business needs. The guidance uses organizations to address short and long-term data security, implement strong governance to comply with regulations, and regularly test AI models. It also emphasizes ongoing oversight, transparency, and the inclusion of AI in incident response plans to protect safety and security.  

The Purdue model is still a common way to organize OT and IT devices and networks. The guidance gives examples of current and possible AI uses in critical infrastructure based on this model. Predictive machine learning models are usually in operational layers (0-3). Large language models are more often in business layers (4-5) and often work with OT data.  

Level zero covers field devices such as sensors, actuators, and other components that interact directly with physical processes. These devices generate OT data that can be used to train AI models, particularly predictive machine learning models, or to flag marked deviations that may signal anomalies or emerging issues.  

Level one includes local controllers, which are systems designed to provide automated regulation for a process cell or production line. This category includes devices such as programmable logic controllers and remote terminal units. Some modern PLCs and edge control controllers can run lightweight, pre-trained predictive systems that support tasks like anomaly detection, load balancing, and maintaining a known safe state.  

Level two covers local supervisory systems that manage a specific process line or cell. These include SCADA systems, distributed control systems, and human-machine interfaces. AI models, mostly predictive machine learning, analyze data from these systems to spot early equipment anomalies and notify operators when corrective action is needed.  

Level three involves site-wide supervisory systems that oversee an entire facility or major sections of it. These include manufacturing execution systems and historians. Predictive machine learning models analyze aggregated historian data to predict maintenance needs and plan repairs. These models can also be used in local supervisory tools to offer recommendations for operator decision-making on performance and measurements.  

Levels 4 and 5 refer to enterprise and business networks, which include IT systems that manage corporate processes and support decision-making in critical infrastructure settings. This can involve OT data analysis and autonomous security capabilities that span both OT and IT environments. AI systems, including agents and large language models, can be applied to improve business workflows, especially where engineering needs intersect with wider business objectives. AI can also analyze OT data alongside IT data to measure operations, detect anomalies and threats, identify hardening opportunities, and generate insights that help enterprises prioritize resiliency decisions.  

Transitioning to the first principle, it focuses on understanding AI’s impact on operational technology. It describes the distinctive risks posed by integrating AI into OT systems and outlines potential impacts. Key risks for critical infrastructure owners and operators are presented, though organizations are advised that the list is not exhaustive and should supplement it with their own assessments. Later sections of the guidance explain how to address these risks, providing cross-references and mitigation strategies.  

Principle two urges organizations to assess how AI fits in OT. Before adding AI to OT, owners and operators should check if AI fits their needs and offers any advantages over other technologies. They should also consider whether AI’s existing capabilities meet their needs before using more complex AI solutions.  

AI delivers unique benefits, but as principle two reminds us, it is still developing and needs continuous risk assessment. Organizations should consider factors such as security, performance, complexity, cost, and impact on OT safety before. For each use case, they should consider the pros and cons of using AI against the application’s needs.  

Owners and operators must assess their ability to manage AI in their OT environment. They should understand how AI could introduce risks, such as the need for additional hardware, software, or security measures. If AI is used, they must follow secure development practices and a risk management framework, such as the NIST AI Risk Management Framework, to keep the system safe.  

The guidance notes on how OT vendors influence the entry of AI into OT. Some devices now have built-in AI features that sometimes require an internet connection. Vendors mainly add AI tools, such as models that predict grid frequency, and develop smart devices for engineering and control tasks.  

Critical infrastructure owners should ask vendors for transparency about AI in their products. Vendors must commit to strong security. Contracts should clearly state AI features and operation. Vendors should explain their AI use, share a software bill of materials, and provide insight into their supply chain. If a vendor finds that an AI feature could cause errors, they should notify operators.  

Operators might not want vendors to train AI on operational data as it could contain intellectual property or sensitive information. A data usage policy should state where data is stored, how it is sent, and how it is encrypted. Buyers should check if the product can run on-site or without the vendor’s cloud. Operators should decide when and how to enable or disable AI features. These actions help organizations control and manage AI risks in OT systems.  

The third principle stresses the need for strong guidance to safely integrate AI into OT. This includes clear policies, procedures, and accountability for AI decisions. The governance structure must involve key stakeholders and AI vendors. This ensures oversight across buying, development, design, deployment, and operations.  

Each key stakeholder helps build effective AI governance. Senior leaders such as the CEO and CISO must support the effort. Their backing is essential to strong governance and to addressing AI security risks. In terms of functionality, experts in OT, IT, and AI should join in, as their knowledge reveals dangers and obstacles that others might miss.  

Cybersecurity teams add protection by making policies to keep OT data used by AI models safe. They find vulnerabilities and suggest ways to reduce risks. This helps secure systems and information.  

Principle four urges strong oversight and reliable backup practices for AI in OT systems. People remain responsible for safety. AI tools should support oversight and safe operation. This principle calls for AI systems that can be monitored, checked, and fixed when needed. The guidance explains that organizations should set up monitoring and oversight for AI in OT. This ensures operators always have control as systems change.  

Critical infrastructure owners should track all AI components and dependencies. They should log and monitor their inputs and outputs. It is important to set and maintain clear standards for safe OT operations so they know when maintenance or backup is needed.  

The document sets key performance indicators (KPIs) to track AI results. Owners and operators should meet regularly with stakeholders, such as vendors and boards. These meetings help review results, discuss issues, and identify opportunities for improvement.  

Commenting on the guidance, Hugh Carroll, Vice President of Corporate and Government Affairs at Fortinet, wrote in a written statement, “Leading global cybersecurity agencies, including the US’s CISA and the UK’s NCSC and Canada’s CCCS, have released much-needed guidance outlining principles for the secure deployment of artificial intelligence in operations technologies. Fortinet is honored to have the privilege to contribute to this important effort as we collectively work to best safeguard OT environments from today and tomorrow’s threats.”  

These new principles deliver timely and practical guidance to safeguard resilience and security as AI becomes central to OT. Marcus Fowler, CEO of Darktrace Federal, said, “It’s encouraging to see a strong focus on behavioral analytics, anomaly detection, and safe operating limits. These can identify AI drift, model changes, or emerging security risks before they influence operations.” This move from static thresholds to behavior-based oversight is vital. It helps defend cyber-physical systems, even when small deviations carry great risk.  

Fowler highlighted that the guidance also urges caution with LLM-first approaches to safety decision-making in OT environments. These approaches are unreliable and hard to explain. They create unacceptable risk when human safety and process continuity are at stake. It is important to use the right AI for the right job.  

Taken together, these principles reflect a maturing understanding that AI in OT must be paired with uninterrupted monitoring and transparent and separate identity controls. According to Fowler, we welcome this guidance and remain committed to helping operators implement these safeguards to strengthen resilience across critical infrastructure. We continue to see growing recognition of AI’s operational value in cybersecurity, as evidenced by recent NDAA provisions from bipartisan members of the House Armed Services Committee that emphasize AI-driven anomaly detection, securing operational technology, and incorporating AI into cybersecurity training. That’s an active step toward strengthening US cyber readiness.  

Floris Dankaart, Lead Product Manager at the cybersecurity consulting firm NCC Group, said this worldwide coordination is noteworthy. CISA, Australia’s ACSC, NSA, and other partners are coming together to address a shared challenge. This kind of coordination is rare and signals the importance of this issue. Equally important, most AI guidance addresses IT, not OT. It’s refreshing and necessary to see regulators acknowledge OT-specific risks and provide actionable principles for safely integrating AI in these environments.  

A major challenge will be addressing skill gaps in audit teams, especially those related to AI. OT environments are typically much more structured and deterministic than IT environments, which might be at odds with many modern LLM-based AI applications, according to Dankaart. At the same time, anomaly detection based on machine learning models has been commonplace in OT threat identification and monitoring for some time and continues as a key component of the defender’s arsenal.  

He added that balancing these factors and getting to the heart of what we really mean by AI will be key for critical infrastructure owners. Luckily, some of the best practices in OT and AI use overlap. The idea that you must always have a manual fallback procedure, the ability to operate in island mode, and human-in-the-loop controls, to name a few.  

In conclusion, the guidance identified that adopting AI in OT presents both opportunities and risks for critical infrastructure owners and operators. While AI can increase efficiency, productivity, and decision processes, it also introduces new challenges that require diligent management to support the safety, security, and dependability of OT systems.  

To successfully manage the risks of adding AI to OT systems, critical infrastructure owners and operators must follow the guidance’s principles, understand AI, consider its use in OT, set up governance and assurance frameworks, and build safety and security into AI and AI-enabled OT systems. By adhering to these steps and frequently monitoring, testing, and improving AI models, organizations can achieve a balanced, secure integration of AI into OT systems that support vital public services. 

SourceGlobal security agencies issue joint guidance to help critical infrastructure integrate AI into OT systems 

Qualcomm Launches New Chip To Expand Affordable AI PC Market

Highlights 

  • Qualcomm and Snap extended their decade-long collaboration with a multi-year strategic agreement.  
  • The long-term agreement will integrate Snapdragon XR solutions into future spec devices.  
  • This collaboration provides developers and customers with a scalable platform to create advanced eyewear experiences.  

Qualcomm Technologies, Inc., and Specs, Inc., a Snap subsidiary, have announced a multi-user agreement to outfit future Specs devices with Qualcomm Technologies’ Snapdragon system-on-a-chip (SOC)  

Powering the Next Generation of Eyewear 

This marks Specs Inc’s first flagship project, launching Specs Advanced Eyewear that integrates digital experiences into the physical world for consumers later this year. Specs are standalone, see-through glasses that enable users to see, hear, and interact with digital content within their physical environment.  

Specs use Snapdragon XR platforms, which combine edge AI with high-performance, low-power computing. This enables intelligent context-aware experiences to run on the device, supporting faster, more private interactions. This initiative demonstrates both companies’ commitment to advancing human-centric integrated computing.  

Building on a Decade-Long Relationship 

Snap and Qualcomm Technologies have a history of collaboration in immersive technology. Snapdragon platforms have powered several previous generations of Snap’s spectacles, and this agreement extends that partnership.  

The companies will align their strategic roadmaps and collaborate on technical development to deliver industry-leading capabilities for the specs platform, including on-device AI, advanced graphics, and multi-user digital experiences.  

This program creates a scalable foundation for developers and partners supporting reliable product development and more sophisticated digital experiences over time.  

We believe the future of computing will be more human and grounded in the real world, said Evan Spiegel, co-founder and CEO, Snap Inc. Our work with Qualcomm Technologies provides a firm foundation for the future of specs, bringing developers and consumers advanced technology and performance that pushes the limits of what’s possible.  

“StarCore, the next era of computing, will be defined by devices that understand what you see, hear, ask, and say, as well as context, and respond instantly to the world around you,” said Cristiano Amon, president and chief executive officer, Qualcomm Incorporated. “Our work on future generations of specs will enable power-efficient interactive AI devices that deliver agentic experiences that feel natural, intuitive, and integrate seamlessly within daily life.”  

About Qualcomm 

Qualcomm relentlessly innovates to deliver intelligent computing everywhere, helping the world tackle some of its most important challenges. Building on our 40 years of technology leadership in creating era-defining breakthroughs, we deliver a broad portfolio of solutions built with our leading-edge AI, high-performance low-power computing, and unrivaled connectivity. Our stack-driven platforms deliver extraordinary engineering experiences and underpin all our revenue products, strengthening businesses and industries to scale to greater heights. Together with our ecosystem partners, we enable next-generation digital transformation to individuals, businesses, and advanced societies. At Qualcomm, we are enabling human progress.  

Qualcomm Incorporated includes our licensing business, QTL, and the vast majority of our patent portfolio. Qualcomm Technologies Inc. is a subsidiary of Qualcomm Incorporated that, together with its subsidiaries, operates substantially all of our engineering and research and development functions and substantially all of our products and services in businesses including our QCT semiconductor business, Snapdragon, and Qualcomm-branded products. Qualcomm patents are licensed by Qualcomm Incorporated.  

About Specs Inc. 

Specs were available only in April, and subsequently, Snap Inc. developed advanced eyewear that integrates digital experiences into the physical world. See-through lenses that place digital objects directly into programming. Snap Space, powered by Snap OS, is a proprietary contact-covered operating system designed for natural interaction between hands and eyes.  

Specs Inc. also offers Lens Studio, a set of advanced developer tools for building immersive augmented reality across Specs, Snapchat, and other platforms.

SourceQualcomm and Snap Expand Strategic Collaboration to Advance Intelligent Computing Experiences on Specs 

Microsoft Enables Direct NPU Access For Windows AI Developers

Microsoft now gives developers direct access to neural processing units (NPUs) on Windows 11, with a focus on Copilot+ PCs. With updates to the DirectML API and the Windows AI platform, developers can build and run AI models efficiently on NPU hardware from partners such as Qualcomm (Snapdragon X Elite), Intel (Core Ultra), and AMD.  

Here are the main highlights of this update:  

  • DirectML NPU support: DirectML, which is part of the DirectX family, now lets apps use NPUs directly. This means AI workloads can shift from the GPU or CPU to the NPU, improving performance and saving battery life.  
  • Targeting Copilot plus PCs: These improvements are designed for Copilot plus PCs, which have high-performance NPUs (40+ TOPS) needed to run local AI models like Phi Silica.  
  • Windows AI APIs and Studio Effects: Developers can build apps that use Windows 11’s built-in AI features like background effects, voice focus, and real-time transcription through standard Windows APIs  
  • ONNX Runtime integration: The ONNX Runtime now supports NPU acceleration, making it easier to migrate existing models from GPU to NPU with only minor changes.  
  • Microsoft Foundry on Windows: Previously called Windows AI Foundry, this updated platform now supports the full AI lifecycle from selection to optimization and deployment on GPU, CPU, and NPU.  

With these improvements, on-device generative AI is now faster, more private, and uses less energy. For example, you can run local language models like Phi 3.5 directly on Snapdragon X-powered devices.  

We’re excited to work with Intel, one of our main partners, to launch the first neural processing unit (NPU) powered by DirectML on Windows. AI is changing the world, powering innovation and creating value in many industries. NPUs are vital for delivering great AI experiences to both developers and consumers.  

An NPU is a processor designed for machine learning (ML) tasks that require substantial computing power but don’t require graphics. NPUs also use power efficiently. These new devices will change how AI improves our daily lives. Early next year, we’ll release DirectML for support for Intel Core Ultra processors with Intel AI Boost, the new built-in NPU.  

DirectML is a basic API that provides direct access to hardware features of modern devices, such as GPUs, for machine learning tasks. It is part of the DirectX family, the Windows graphics and gaming platform, and works with other DirectX components, such as DirectX 12. DirectML also connects with popular machine learning tools such as the ONNX Runtime and Olive, making it easier to develop and deploy AI across Windows.  

Adding NPU support to DirectML opens up new possibilities for AI on Windows. DirectML with NPU support will be available as a developer preview in early 2024, along with the latest ONNX Runtime release. We’ll share additional updates shortly about new features, partners, and how to use DirectML for NPUs.  

We can’t wait to see the amazing AI experiences you will create on Windows using direct tunnels and Intel Core Ultra processors.

SourceDirectML: Accelerating AI on Windows, now with NPUs 

Apple Expands Private Cloud Compute For Independent Security Audits

Private cloud compute (PCC) delivers robust privacy and security to Apple intelligence by extending our device security model to the cloud. In our previous post, we explained our commitment to transparency and invented security and privacy resources to review and verify PCC’s protections. Following the Apple Intelligence and PCC announcements, we announced that we would offer early access to resources, such as the PCC Virtual Research Environment (VRE), for independent evaluation.  

Today, we are making these resources available to everyone. We invite all security and privacy researchers, as well as anyone who is interested and technically curious, to learn more about PCC and check our claims for themselves. We are also extending Apple security bounty to include PCC, offering substantial rewards for reports of any security or privacy issues.  

Security Guide 

To help you understand how we build PCC’s architecture to meet our main goals, we have published the Private Cloud Compute Security Guide. This guide gives detailed technical information about PCC’s components and how they work together to provide strong privacy for AI processing in the cloud. It covers topics such as how PCC attestations rely on hardware features, how requests are authenticated and dropped to prevent targeting, how you can inspect software running in Apple’s data centers, and how PCC privacy and security features perform under different attack scenarios.  

Virtual Research Environment 

For the first time, we have created a virtual research environment (VRE) for Apple platforms. The VRE is a set of tools that enables you to perform your own security analysis of private cloud compute directly from your Mac. With this environment, you can do more than simply learn about the platform’s security features you can also independently verify that the private cloud compute protects user information privacy as described.  

You can also use the VRE tools to:  

  • List and inspect PCC software releases  
  • Verify the consistency of the transparency log.  
  • Download the binaries corresponding to each release.  
  • Build a release in a virtualized environment.  
  • Perform inference against demonstration models.  
  • Modify and debug the PCC software to enable deeper investigation.  

The VRE requires a Mac with Apple silicon and at least 16GB of memory. It is not available for macOS Sequoia 15.1 developer preview. Please review the provided instructions to get started.  

Private Cloud Compute Source Code 

We are releasing the source code for key PCC components that support its security and privacy. The code is under a limited user license for deeper analysis.  

We are publishing source code for projects in areas including:  

  • The Cloud Access Attestation project is responsible for constructing and authenticating the attestations of the Private Cloud Compute code.  
  • The Thimble project, which includes the private cloud computing daemon that runs on a user’s device and uses cloud attestation to ensure verifiable transparency  
  • The Splunk logging daemon filters logs emitted by the APCC node to prevent accidental data disclosure.  
  • The srd_tools project, which contains the VRE tooling, helps you understand how the VRE enables running the PCC code.  

You can find the PCC source code in the Apple/security-pcc GitHub project.  

Apple Security Bounty For Private Computer 

To encourage more research on private cloud computing, we are expanding the Apple security bounty to reward discoveries of vulnerabilities that compromise PCC’s core security and privacy protections.  

Our new PCC bounty categories are aligned with the most critical threats we describe in the security guide:  

  • Accidental data disclosure: vulnerabilities that lead to unintended exposure of data due to configuration flaws and system design issues  
  • External compromise from user requests: vulnerabilities enabling external actors to exploit user requests to gain unauthorized access to PCC  
  • Physical or internal access: vulnerabilities where access to internal interfaces enables a compromise of the system  

Since PCC brings the strong security and privacy of Apple devices to the cloud, our rewards are similar to those for iOS. We give the highest rewards for vulnerabilities that expose user data or insurance request data outside the PCC trust boundary.  

Apple Security Bounty: Private Cloud Compute 

Category  Description  Maximum bounty  
Remote attack on request data  Arbitrary code execution with arbitrary entitlements  $1,000,000  
Remote attack on request data  Access to a user’s request data or sensitive information about a the user’s request, requests outside the trust boundary  $250,000  
Attack on request data from a privileged network position  Access to a user’s request data or other sensitive information about the user outside the trust boundary  $150,000  
Attack on request data from a privileged network position  Ability to execute unattested code  $100,000  
Attack on request data from a privileged network position  Accidental or unexpected data disclosure due to deployment or configuration issues  $50,000  

We take any threat to customer privacy or security seriously. If you find a security issue that significantly affects PCC, we will consider it for an Apple security bounty, even if it is not listed in the published categories. We review every report based on its quality, the proof of what can be exploited, and the impact on users. Visit our Apple security bounty page to learn more and submit your research.  

In Closing 

Private Cloud Compute, developed as part of Apple Intelligence, represents a significant advancement in AI privacy. Verifiable transparency distinguishes PCC from other server-based AI systems. Building on the Apple Security Research Device program, the tools and documentation released today enable in-depth study and verification of PCC’s security and privacy features. We invite you to review PCC’s architecture using our security guide, test the code in the virtual research environment, and submit your findings through the Apple security bounty. We believe Private Cloud Compute sets a new standard for security in cloud AI at scale and look forward to ongoing collaboration with the research community.

SourceSecurity research on Private Cloud Compute 

NVIDIA Expands BlueField 3 DPUs For AI Data Center Efficiency

At GTC, NVIDIA introduced the NVIDIA BlueField-3 DPU, its latest data processing unit. A DPU is a specialized processor designed to manage data center tasks like networking, storage, and security more efficiently than traditional central processing units. This new product brings advanced software-defined networking, storage, and cybersecurity acceleration to data centers.  

BlueField-3 is the first GPU made for AI and accelerated computing. It lets businesses run applications of any size with high performance and strong security. It excels in multi-tenant, cloud-native environments, delivering fast, software-defined networking, storage, security, and management.  

A single BlueField-3 DPU can handle the same data center tasks as up to three hundred CPU cores. CPUs, or central processing units, are traditional processors that execute general-purpose tasks. Offloading tasks to DPUs allows CPUs to focus on important business applications.  

Modern hyperscale clouds are driving a fundamental shift in data center architecture, said Jensen Huang, founder and CEO of NVIDIA. A new type of processor designed to process data center infrastructure software is needed to offload and accelerate the tremendous compute load of visualization, networking, storage, security, and other cloud-native AI services. The time for BlueField DPU has come.  

Bluefield Three and Morpheus Put Security Everywhere 

BlueField-3 DPUs turn infrastructure into zero-trust environments, authenticating every data center user. By offloading and separating infrastructure from business apps, they secure companies from cloud to edge and boost efficiency.  

BlueField-3 is the first DPU to support 400 GB/e/NDR, delivering exceptional performance. It has ten times more computing power than before, 16 ARM A78 cores, and four times faster cryptography. BlueField-3 supports Gen5 PCIe and time-synchronized acceleration.  

BlueField-3 DPU offers real-time network monitoring, threat detection, and response. It also serves as the monitoring agent for NVIDIA Morpheus, an advanced AI-powered cybersecurity platform announced today.  

NVIDIA DOCA SDK 1.0 

BlueField-3 uses NVIDIA DOCA, a data center-on-chip architecture. DOCA provides developers with an open software platform to accelerate software-defined, hardware-accelerated networking, storage, security, and management applications for BlueField DPUs  

DOCL is now ready for download. It includes tools for creating and tuning apps for BlueField DPUs, as well as for managing thousands of DPUs in data centers. There are also libraries, APIs, and applications for deep packet inspection and load balancing.  

Ecosystem Adoption of NVIDIA DPUs 

Top server makers such as Dell, Inspur, Lenovo, and Supermicro include BlueField DPUs in their systems. Global cloud providers such as Baidu and JD.com also use them to speed workloads. The BlueField ecosystem continues to grow with BlueField-3 support from partners across hybrid cloud, security, storage, and edge.  

“Red Hat continues to collaborate with NVIDIA as part of an open ecosystem that accelerates innovation while providing access to the latest hardware innovations for composable infrastructure,” said Chris Wright, Chief Technology Officer of Red Hat. “We recognize the need to develop advanced solutions for network security and automation and are excited to support BlueField DPUs and the NVIDIA Morpheus AI framework via Red Hat Enterprise Linux, Red Hat OpenShift industry-leading containers, and a Kubernetes-powered hybrid cloud platform.”  

“Our mutual customers are racing to harness the power of AI for enterprise applications,” said Lee Caswell, vice president of marketing for the Cloud Platform Business Unit at VMware. The vision of enterprise infrastructure powered by VMware Cloud Foundation and certified with the newly announced NVIDIA BlueField-3 DPU shows customers a path to better application performance, a consistent operating model across virtualized and bare-metal environments, and a new model for delivering zero-trust security without jeopardizing performance.  

Bluefield 2 Now Available 

BlueField-3 DPU works with BlueField-2 DPU, providing strong offloading performance, speeding up applications, and isolating data center workloads. BlueField-2 DPU is available with dual 100 GB Ethernet or InfiniBand and up to eight ARM cores. It includes accelerators for storage, networking, security, streaming, cryptography, and timing for 5G and data centers.  

Availability 

BlueField-3 DPU is expected to be available for sampling in the first quarter of 2022.

Source: NVIDIA Extends Data Center Infrastructure Processing Roadmap with BlueField-3 

OpenAI introduces Operator, an AI agent built for autonomous web tasks.

Today, we are launching Operator, an agent that can browse the web and complete tasks for you. It uses its own browser to view web pages and interact by typing, clicking, and scrolling. Right now, Operator is in a research preview, so it has some limitations and will improve as we get feedback. An operator is one of our first agents who can handle tasks independently when given instructions.  

You can ask Operator to handle repetitive browser tasks, such as filling out forms, ordering groceries, or creating memes, using the same websites and tools people already use. Operator saves time and opens new ways for businesses to connect with customers.  

Next, let’s talk about access and rollout. We’re starting with a small rollout for pro users in the US at operator.chatgpt.com. This research period lets us gather feedback and improve Operator over time. We plan to expand access to the Plus team and enterprise users and integrate these features into ChatGPT.  

How Operator Works 

The operator runs on a new model called the Computer Using Agent. CUA combines GPT-4’s vision skills with advanced reasoning using reinforcement learning. It’s trained to work with graphical user interfaces, such as buttons, menus, and text fields you see on your screen.  

The operator takes screenshots of your screen and interacts with websites using mouse and keyboard actions, so it can perform web tasks without requiring special API connections.  

If an Operator encounters problems or makes a mistake, it can use its reasoning skills to fix itself. If it gets stuck and needs help, it gives control back to you, making sure the experience stays smooth and collaborative.  

CUA is still new and has some limitations, but it has already set new records in important browser benchmarks like Web Arena and Web Voyager. You can read more about the evaluations and research behind Operator in our blog post.  

How to Use 

To start, tell the operator what you want it to do. You can take control of the remote browser at any time. The operator will ask you to take over tasks that require a login, payment info, or CAPTCHA.  

Personalize Operator with your own instructions for all or specific sites, such as airline preferences on booking.com. You can set quick-access prompts for frequent tasks and manage multiple tasks at once by starting new conversations.  

Ecosystem and Users 

Operator changes AI from a passive tool to an active helper in the digital world. It makes tasks easier for users and helps companies offer better customer experiences and improve conversion rates. When working with companies like DoorDash, Instacart, OpenTable, Priceline, StubHub, Thumbtack, Uber, and others, ensure the Operator meets real needs and complies with industry standards. We also see many ways operators can make certain workflows more efficient and accessible, especially in the public sector. For example, we are partnering with the City of Stockton to help people enroll in city services and programs more easily.  

As we continue to evaluate Operator during its research period, we aim to identify and expand on ways AI can simplify civic engagement for residents. —Jamil Niazi, Director of Information Technology, City of Stockton 

SourceIntroducing Operator