Microsoft Expands Sovereign Edge Cloud Across US Infrastructure 

Maintaining strict control over cloud data and operations is now critical for governments, public institutions, and businesses, as they navigate new regulations, higher resilience standards, and rapid technological change.  

In June 2025, Microsoft CEO Satya Nadella introduced new solutions to address these needs through the Microsoft Sovereign Cloud, enabling customers to gain greater control, security, and compliance when using cloud services.  

We are always improving our approach to sovereignty, ensuring we meet customer needs and comply with regulations across both our sovereign public and private clouds. Today, we are sharing new features that build on our digital sovereignty controls, offering advanced AI and greater scale supported by our network of local partner experts, so customers can more confidently manage sensitive data and drive innovation. The new features and services include:  

  • End-to-end AI data processing in Europe as part of the EU (European Union) Data Boundary, which is a Microsoft framework ensuring all customer data stays within EU borders for compliance and privacy.  
  • Microsoft 365 Copilot now offers in-country data processing for interactions in 15 countries.  
  • Sovereign Landing Zones—pre-configured, secure cloud environments meeting strict local regulations—and disconnected operations, where cloud functions run without connection to external networks, are now available for Azure Local, Microsoft’s in-country cloud service.  
  • Microsoft 365 Local is now generally available.  
  • Azure Local, Microsoft’s regionally hosted cloud, now supports external SAN (storage area network—a high-speed storage solution connected to multiple computers) storage and the latest NVIDIA GPUs (graphics processing units used to accelerate AI tasks).  
  • Digital sovereignty specialization—a program that certifies partners to design and implement solutions keeping data under strict regulatory controls in specific regions—is now available through Microsoft partners.  

Microsoft Sovereign Cloud: Continuous Innovation 

The latest updates introduce new digital sovereignty features in AI, security, and productivity. More features to meet sovereign cloud needs are coming soon.  

We know constant innovation is important, and we have already started putting many of our promises into action to deliver tangible benefits such as improved efficiency and customer satisfaction. As of this month:  

  • Established a European board of directors composed of European nationals exclusively overseeing all data center operations in compliance with European law. This ensures that local governance and oversight enhance data protection and customer trust.  
  • We launched additional European data centers in Austria and will launch one in Belgium this month, boosting regional performance and reliability.  
  • Embed our digital resiliency commitments into all government contracts, ensuring customers benefit from stronger guarantees around service continuity and security.  
  • Expanded open source investments by funding secure OSS projects and alliances, and publishing AI access principles. These efforts provide safer, responsible access to advanced AI, enabling European developers, startups, and enterprises to innovate, collaborate, and compete more effectively across the region.  
  • Advance our European security program by providing AI-powered intelligence and cybersecurity capacity-building initiatives to strengthen your country’s digital resilience against threat actors.  

New Sovereign Public Cloud And AI Capabilities 

When organizations start planning for sovereignty, they need complete solutions that help them embed compliance and control from the beginning, ensuring their data processes and workloads are protected in accordance with local regulations.  

EU Data Boundary Includes AI Data Processing Residency 

Microsoft is fulfilling its commitment to end AI data processing outside the EU. Data handled by AI services for EU customers remains within the European Union data boundary unless customers specifically request otherwise. This approach ensures compliance with EU regulations and enhances confidence in data privacy.  

All customer data, whether stored or in transit, will be kept and processed solely within the EU. This provides organizations with clear assurance of data residency and helps meet legal requirements. Strict controls and transparent processes are used to address EU customer requirements.  

Expanding Microsoft 365 in Country Data Processing to 15 Countries 

After years of investing in global infrastructure and strong data residency, Microsoft will now provide in-country data processing for Microsoft 3.co-pilot interactions in 15 countries worldwide, so customers can meet local regulations and enhance data privacy.  

By the end of 2025, customers in Australia, India, Japan, and the UK can have Copilot interactions processed in-country, supporting compliance and control. In 2026, the option extends to 11 more countries, including Canada, Germany, Italy, Malaysia, Poland, South Africa, Spain, Sweden, Switzerland, the UAE, and the US.  

New Sovereign Landing Zone (SLZ) Foundation  

We are rolling out an updated sovereign landing zone (SLZ), a set of cloud resources and settings designed for security and compliance, built on the trusted Azure landing zone (ALZ) framework — Microsoft’s best practices for organizing cloud environments.  

The sovereign landing zone is our recommended platform for customers who need to set up sovereign controls – or specific measures to ensure compliance with national or regional requirements – in the Azure public cloud as part of the broader sovereign public cloud offering.  

The refresh of the sovereign landing zone includes:  

  • We’ve updated the management group hierarchy, which organizes resources in Azure, and added new Azure policy definitions (rules for resource behavior), initiatives (collections of policies), and assignments (applications of policies) to help you implement sovereign public cloud controls at levels 1, 2, and 3 – these levels correspond to two different degrees of regulatory requirements.  
  • Guidance is now available on where to deploy Azure Key Vault Management HSM—a cloud-based hardware security module for storing and managing encryption keys—for those requiring level two sovereign controls.  
  • Deployment is now easier with the Azure Landing Cloud Accelerator (a set of automation tools) and the Azure landing zone library (a collection of pre-configured architectures). For more details, check out the sovereign landing zone (SLZ) implementation options.  

In the coming months, we’ll keep adding more Azure policy definitions, initiatives, and assignments to the sovereign landing zone. This will help you achieve sovereign control in the public cloud even faster, right out of the box.  

Sovereign landing zones provide a clear architecture to accelerate compliance with sovereignty rules, simplify policy management, and enable scalable design. Distant operations across Azure regions  

New Sovereign Private Cloud and AI Capabilities 

As organizations increase focus on sovereignty, balancing regulatory compliance with innovation is essential. The latest updates combine advanced AI features and scalable infrastructure for both public and private environments.  

Supporting Thousands of AI Models on Azure Local with NVIDIA RTX GPUs  

We’re expanding our sovereign private cloud with Azure Local, introducing a new Azure offering featuring the latest Nvidia RTX Pro 6 Blackwell Server Edition GPU, built for high-performance AI workloads in sovereign environments.  

This GPU can run over 1,000 AI models, including GPT OSS (an open-source generative pre-trained transformer), DeepSeek v3 (a language model), Mistral, Nemo (a conversational AI model), and Llama for Maverick (a large language model). It speeds up AI projects in a sovereign private cloud, letting organizations experiment, innovate, and deploy advanced AI solutions securely and compliantly.  

You’ll have access to thousands of pre-built and open-source AI models for tasks such as generative AI analytics and real-time decision-making problems. Providing the tools for innovation with governance at the forefront.  

Increasing Azure Local To Scale Hundreds Of Servers. 

Previously, Azure Local supported clusters of up to 16 physical servers (individual computers connected in a group for shared processing and storage). With our latest updates, Azure Local can now handle hundreds of servers. DSOF opens up new options for organizations with large or growing private cloud needs (private computing environments used by a single organization). You can now run larger workloads (the computing tasks or applications your organization runs). Scale your infrastructure easily and keep up with business changes, all while meeting European and global security and sovereignty standards (regulations that ensure your data stays protected and within certain regions).  

SAN Supported on Azure Local 

One major update is the addition of support for storage area networks (SANs) on Azure Local. ASAN is a high-speed network that connects storage devices to servers. Now you can securely connect your existing on-premise storage to Azure Local. This lets you use your current storage investments while leveraging cloud services, helping keep your data in the right location for European businesses. This means greater flexibility to comply with local data residency requirements without sacrificing performance or control.  

Microsoft 365 Local: General Availability of Key Workloads 

Microsoft 365 Local is now available, bringing Exchange, SharePoint, and Skype for Business to Azure Local. Deploy in connected mode now; a fully disconnected option will be available in early 2026, ensuring compliance and centralized management.  

Disconnected Operations: General Availability 

Microsoft’s sovereign private cloud brings the principles of data sovereignty — such as local data control and legal compliance — to two dedicated environments with Azure local. This allows government agencies, multinational companies, and regulated organizations to keep their data within local jurisdictions while still benefiting from Microsoft’s global cloud scale and innovation.  

We’re preparing to launch disconnect operations for Azure Local, enabling you to manage clusters from a single control plane. This feature, in early 2026, enables secure, independent cloud operations in regulated or remote scenarios.  

New Partner Digital Sovereignty Specialization Now Available. 

We are pleased to announce the launch of the Digital Sovereignty specialization in the Microsoft AI Cloud Partner Program. This new specialization lets partners show their expertise in delivering secure, compliant, and sovereign cloud solutions on Azure and Microsoft. Sovereign cloud solutions are cloud services that help organizations keep their data within defined boundaries and comply with local government policies. Earning this designation proves that partners can meet stringent data residency (storing data in a particular location), privacy, and regulatory standards, helping customers maintain control over their apps and data while innovating. The specialization includes a thorough audit and offers benefits such as improved visibility, special badges, and priority access to sovereign cloud opportunities.  

Gazing Forward: Advancing Sovereignty Through Greater Controls 

Going forward, the Microsoft Sovereign Cloud Roadmap will add more features to meet changing customer needs:  

Sovereign Public Cloud 

  • Data Guardian: This new feature will give you greater transparency into operational sovereignty controls (measures that ensure compliance and control) in our European public cloud. Any remote access by Microsoft engineers to your data systems in Europe will go through the EU, where an EU-based operator can monitor and, if needed, stop these activities. All remote access will be recorded in a tamper-evident log — a secure record that cannot be altered without detection.  

Sovereign Private Cloud 

  • Enhanced change controls will add configurable policies and approval workflows (steps for reviewing and approving changes), giving organizations clear oversight of any changes from the cloud to the edge (devices and resources outside central data centers). This will strengthen governance and compliance.  
  • Site-to-site disaster recovery: Azure Site Recovery in Azure Stack will help keep your business apps and workloads running during outages, supporting business continuity.  
  • Move from hybrid to fully disconnected: Azure Local lets you migrate workloads from hybrid to fully disconnected environments, giving you greater flexibility for business continuity.  

National Partner Clouds 

National Partner Clouds are key to our sovereign cloud strategy, delivering independently operated Microsoft Azure and Microsoft 365 under local control.  

  • Delos Cloud is designed to meet the German government’s BSI cloud platform requirements.  
  • Bleu is designed to meet the French government’s (ANSSI) SecNumCloud requirements.  

For many public sector organizations, ERP is a key workload that needs to move to the cloud. SAP plans to offer its RISE vision. SAP solution on Microsoft Azure for both Bleu and Delos cloud customers, as well as for those using Microsoft Azure Public Cloud.  

Learn More About Microsoft’s Sovereign Solutions 

Microsoft offers sovereign solutions, including a flexible public cloud, scalable private cloud, and national partner clouds for specific compliance needs—supporting you in meeting sovereignty requirements through continued innovation.  

See what’s coming in cloud innovation this November at Microsoft Ignite. Learn more and sign up today. 

Source: Microsoft strengthens sovereign cloud capabilities with new services

CISA Warns of Critical Web GPU Flaw Exposing US Systems 

The CISA vulnerability bulletin highlights newly discovered vulnerabilities each week.  

Vulnerabilities use the Common Vulnerabilities and Exposures (CVE) naming system and are grouped by severity, as defined by the Common Vulnerability Scoring System (CVSS). High, medium, and low severities fall within these score ranges:  

  • High: vulnerabilities with a CVSS base score of 7.0–10.0  
  • Medium: vulnerabilities with a CVSS base score of 4 to 6.9  
  • Low vulnerabilities with a CVSS base score of 0.0 to 3.9  

Some entries include extra details from organizations and CISA-sponsored efforts. This can be identifying information, definitions, or related links. Patch details are shared when available. Some information comes from open-source reports and is not directly from CISA.  

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a flaw in Google DOM, known as CVE-2026 (CVSS score 8.8), to its catalog of non-exploitable vulnerabilities (KEV).  

This flaw is known as a use-after-free vulnerability, meaning the program improperly uses memory after it has been released. Specifically, it affects the Document Object Model (DOM) in older versions of Google Chrome. The DOM is a core browser technology that defines the structure of web pages and their graphics. A remote attacker could exploit this flaw by sending specially crafted HTML pages.  

CISA says this vulnerability could affect several Chromium-based products, including Google Chrome, Microsoft Edge, and Opera.  

This week, Google released Chrome updates that fix 21 vulnerabilities, including a zero-day (CVE-2026-5281) that is already being exploited.  

Update your browser immediately to reduce risk. Prompt patching prevents compromise.  

Google is aware that an exploit for CVE-2026-5281 exists in the wild, according to the advisory.  

A use-after-free bug occurs when memory that has been released is still used by a program.  

Attackers can use these bugs to crash apps or control systems. Google fixed the Chrome zero-day and recommends users update to version 146.0.7680.177/178.  

As usual, Google did not reveal the technical details of the attacks exploiting this flaw or the types of attackers involved, giving users time to update and prevent others from exploiting it.  

CBE 2026 5281 is the fourth Google Chrome zero-day to be exploited in attacks in 2026.  

According to Building Operational Directive (BOD) 2201, the goal is to reduce the significant risk posed by unexploited vulnerabilities. FCED agencies are required to patch the identified vulnerabilities by the due date. Prompt patching is vital to protect their networks against attacks exploiting flaws in the catalog.  

Experts also advise private organizations to urgently review the catalog and promptly apply patches for any vulnerabilities in their systems.  

Federal agencies must patch the vulnerability by April 15, 202. Act quickly as exploitation is ongoing. 

Source:  Vulnerability Summary for the Week of January 27, 2025  

Google Brings Gemini AI directly into Wearables. 

Gemini is now on Wear OS watches. Here’s how Google’s AI assistant can help you every day.  

Starting today, Gemini, your personal AI assistant from Google, is rolling out to Pixel, Samsung, OPPO, OnePlus, and Xiaomi wearables.  

With the same advanced AI that powers Gemini on your phone, you can now get a smart, reliable assistant on your wrist. It gives you a natural and easy way to manage tasks and find information, all without reaching for your phone.  

To use Gemini, just say “Hey Google,” press and hold your watch’s side button, or tap the Gemini app icon on your watch screen.  

Speak naturally to get fast answers from Gemini on Wear OS. Just talk, glance, and get what you need. Try things like: Ask how long I should let my curry simmer, or do I need an umbrella today? Or where’s the coffee place? Or where’s the coffee place Emily emailed me about?  

Manage your day with help from Gebinet and your favorite apps. Your watch can now perform tasks that used to require several steps on your phone. Gemini works with your apps to do these things quickly. Here are some ways to use it:  

– When running or biking, say “send a message to my manager apologizing for running late.”  

– Ask “Create a list for a ten-minute mile run.”  

– For a meeting, catch up on messages by asking, “Summarize my last email from Emily.”  

– Planning a trip on the go: if you hear about anyone you want to join, add it to your calendar by saying, “Add my son’s next five cricket games to my calendar.”  

– On the move: if you need to leave soon for an appointment, say, “What’s the address for my dentist appointment today? Navigate there.”  

Gemini can use your Google services, like Gmail and Google Calendar, to use these features. Make sure they are enabled in the Gemini app settings on your phone and that you have given the needed permissions.  

Easily Remember Important Details. 

Ask Gemini to remember what’s important so you can quickly save and find information whenever you need it. Here’s how you can use this feature:  

  • Remember details by telling Gemini simple things like remember I am using Locker 43 today or remember I parked on level 4 spot 27.  
  • Get reminders when you need them: if you are planning to cook dinner tonight, ask Gemini to remind you to go grocery shopping after work.  

Give It a Try Today. 

Gemini is rolling out to Wear OS watches running Wear OS 4 or newer over the next few weeks. Upgrading to Wear OS 6 will also support your watch brand’s apps, so you can continue using the ones you rely on every day.  

Source: Gemini is coming to your Wear OS smartwatch 

Apple Patent Reveals Haptic Display That Lets Users Feel UI 

Apple holds patents for haptic display technology that enables users to feel virtual buttons, textures, and interface elements on touchscreens. These inventions address the lack of tactile feedback on flat screens with localized vibrations and shape-fitting displays.  

Main features of Apple’s Haptic Play patents  

  • Instead of vibrating the entire device, Apple’s patent proposes a grid of piezoelectric actuators or electrodes beneath the display. These elements provide controlled tactile feedback at specific locations, enabling users to feel the outlines or boundaries of virtual buttons through local vibrations.  
  • The technology mimics material textures by altering friction or vibration frequency. As users move their fingers across the screen, they feel different surfaces.  
  • Dynamic surface deformation: patent 9600070 describes a user interface with changeable topography. In which electromechanical components push or pull on a flexible display to create 3D shapes. This can form raised buttons, scroll wheels, or ridges for fun navigation.  
  • Temperature control. The patents mention temperature-control devices such as Peltier devices to simulate material feel. Users could sense the metal’s coolness or the wood’s warmth, enhancing tactile realism.  
  • Force-sensitive input. The haptic layer works with force-sensing technology. So the display detects light versus firm touches and triggers different actions.  

Possible Applications 

  • Enhanced accessibility. Users with visual impairments could feel UI elements like apps, sliders, and controls.  
  • Virtual keyboards simulate the feel of a mechanical keyboard on screen, improving typing speed and accuracy by providing key feedback.  
  • Gaming and UI design form distinct 3D shapes on the screen for game controls, tools, or sliders that change dynamically by app.  

In summary, these patents demonstrate Apple’s sustained research into haptic technology, dating back from 2008 to 2012. They indicate a future where ritual interfaces might feel as real as physical buttons.  

On March 22, Apple Insider reported that Apple had received a US patent for technology that allows dynamic shape and configuration changes in a portable device’s display to provide a tactile user experience.  

Patent 9,600,070 lets user interfaces change shape, enabling devices to adapt physically to user needs.  

The patent says an iPhone screen could use components under the display to push or pull a flexible surface, providing a different tactile experience.  

Device shape modifications correspond to UI elements. For example, screen elevation changes can represent calculator buttons, map routes, or navigation arrows for media playback.  

This technology enables the physical simulation of virtual objects, improving interaction and accessibility for visually impaired users and offering tactile control without requiring direct visual attention.  

Shape transitions are achieved through a matrix of configurable nodes beneath the display. These nodes collectively form patterns and tactile cues that align with interface elements.  

The patent describes several types of mechanical brakes, including electromechanical pistons, nickel-titanium alloys, and piezoelectric crystals. While piston brakes are easy and easier to manage. Materials that respond to heat, electricity, or magnetism can offer more exact control over or shape changes.  

Actuated brakes physically alter the display dash by stretching, protruding, or deforming it. The effect depends on material properties and stimulus. This method results in bidirectional surface modifications.  

Brakes can also induce kinking, rotation, or movement of the flexible display for further tangible UI transformations.  

Devices integrate various brakes to modify dimensions (height, width, length), structures, textures, or layouts for rich, versatile surface changes.  

The technology may also apply to components like MacBook touchpads or iPod touch displays, enabling 3D interface effects beyond virtual buttons.  

The patent contemplates using larger displays and scaling tactile interface elements to achieve potentially pixel-level resolution with high responsiveness. One seal breaks for complex surface geometries.  

Filed in 2008, this patent’s technology may not be imminent in production. Apple continues to advance user interface design.  

Source: Apple Obtained The Patent Of Screen Deformation, Mobile Devices Provide True Haptic Feedback

Anthropic Unveils Claude Mythos for High Stakes Enterprise AI 

Anthropic has created a new flagship AI model, Claude Mythos, also known as Capybara. This model aims to outperform Claude Opus. A March 2026 leak revealed that it targets enterprises that need advanced reasoning, software engineering, and cybersecurity. The leak raised concerns about AI-driven threats.  

Key Features Of Claude Mythos 

  • Anthropic sees my thoughts as a major leap in AI, not just a small improvement. It stands above the current Claude opus.  
  • Mythos scores higher in encoding and academic reasoning. It excels at identifying vulnerabilities.  
  • High-stakes application-focused mythos is designed for areas where errors can be costly, such as financial modeling, scientific research, and complex legal work.  
  • Advanced reasoning. My COS is designed to handle complex reasoning and better understand large code bases, making it more useful for enterprise developers.  

Cybersecurity Risks and Wait-and-See Rollout 

Anthropic’s tests showed that Mythos could assist in cyberattacks that exceed current AI safety limits.  

  • Anthropic bond Mythos could exploit vulnerabilities faster than defenders can respond.  
  • Due to risks, Anthropic is cautious. Early access goes only to a few cybersecurity defenders. This helps them strengthen codebases before a wider launch.  
  • After the leak, stocks like CrowdStrike and Palo Alto Networks fell by over 5%. Investors expected big changes in security.  

Status and Context 

  • As of late March 2026, my thaw remains in internal and early testing. No public release date is set.  
  • Details leaked when draft blog posts were left in a public data cache. Anthropic blamed human error in their CMS. Setup  

Mythos is expected to compete directly in the intense AI market, especially with new advanced models from companies like OpenAI.  

A mistake in Anthropic PVC’s content management system revealed that the company is testing a new large language model called Claude Mythos.  

Andropic confirmed the project in a statement to Fortune on Thursday. The company said its machine learning engineering team has completed model training for Claude Mythos and has begun closed beta testing, providing the system to selected early customer partners. Anthropic described Claude Mythos as the most capable language model we’ve built to date, citing its natural language understanding and code-generation capabilities.  

My thoughts were uncovered after the accidental publication of a CMS folder containing 3,000 model-related assets. The folder included deployment scripts and a draft launch blog post. Fortune reports that the draft indicates the new large language model will be priced in a higher tier than Anthropic’s existing models, reflecting increased computational costs.  

The blog post also revealed that Anthropic will modify its approach to offering LLMs. Currently, Claude 4.6 is available in three versions, each with different features and prices. With the launch of Claude Mythos, Anthropic will introduce a fourth perk product on top of the existing tiers, expanding its offerings.  

The new Claude Mythos LLM is anticipated to achieve opus-Anthropis’s current most advanced model in both computational power and linguistic performance. The draft blog post refers to the launch variant as Capybara. Anthropic’s internal technical evaluations state that Capybara yields significantly higher accuracy on programming and logic benchmarks than Claude 4.6 Opus.  

Internal testing shows that Capybara excels at detecting cybersecurity vulnerabilities in codebases. As a result, Anthropic intends to implement model access restrictions and security auditing procedures to prevent unauthorized use by potential attackers.  

According to the draft, the post model presages an upcoming wave of models that can exploit vulnerabilities far more effectively than defenders can defend against them. The post also states we’re releasing it in early access to organizations, giving them a head start in improving the robustness of their code bases against the impending wave of AI-powered exploits.  

After the news broke, shares of CrowdStrike Holdings, Inc., Palo Alto Networks, Inc., and other major cybersecurity companies fell more than 5%. Investors expressed concern that Capibara could gain an edge in the vulnerability detection market. Just last month, Anthropic entered this market by launching a tool called Claude Code Security.  

The disclosure of Claude Mythos comes a few days after word emerged that OpenAI Group PBC has finished pre-training its new LLM. Pre-training is the phase of the development workflow in which engineers build a model’s core capabilities. It’s followed by smaller optimizations that focus on improving the LLM’s hardware efficiency, safety, and usability.  

OpenAI’s new model is reportedly known as SPUD internally. The company is expected to launch it within the next few weeks.  

Source:  Anthropic to launch new ‘Claude Mythos’ model with advanced reasoning features  

NVIDIA Launches Project Rio to Optimize AI Data Center, Cooling 

NVIDIA has launched Project Rio, an engineering effort to improve how high-density data centers handle heat, announced in April 2023. The project addresses the rising heat from new Blackwell and Rubin architecture clusters, which have outgrown traditional air-cooling methods. As demand for powerful, low-computing-growth systems rises, cooling these large server arrays has become a major challenge for both operators and environmental protection. Project Rio uses a modular liquid-cooling system, with predictive telemetry helping data center operators move from reactive cooling to a smarter, workload-based, chip-level approach that removes heat directly from the chips. The project aims to lower overall power use and keep the hardware reliable over time.  

The Shift to Direct to Chip Liquid Cooling 

Project Rio replaces standard perimeter CRAC (computer room air conditioning) units with an integrated liquid cooling system. Instead of relying on fans to push chilled air over heat sinks, which become less effective as rack power exceeds 100 kilowatts, Project Rio employs a closed-loop cold plate that sits directly on top of the processors. This direct-to-chip approach uses a safe, non-conductive fluid to absorb heat at its point of origin and transfer it away through stainless steel coolant pipes.  

By eliminating the need for powerful fans, Project Rio reduces energy used solely for moving air rather than for processing data. This design allows components to be packed more closely together, doubling computing power in the same amount of space. For businesses, this means data centers can be smaller and quieter, with less wear on server components.  

Predictive Telemetry And Dynamic Flow Control 

Project Rio goes beyond physical plumbing by adding a smart management system called Dynamic Flow Control. It uses thousands of tiny sensors in the server backplane to track temperature changes as they happen. Unlike older systems that kept current flowing at the same rate, no matter the workload, Project Rio can predict when temperatures will spike based on the tasks coming in. If a group of processors is about to take on a heavy job, the system increases coolant flow to those chips before they start to heat up.  

Predicting temperature changes is key to maintaining thermal balance during processing in a facility. Stay at a steady temperature, and they experience fewer thermal cycles or heating and cooling events. This reduces physical stress, so the hardware lasts longer and tiny cracks in the semiconductor packaging are less likely to occur. Facility managers can use the Project Rios dashboard to see thermal health data for every rack. This clarity helps them plan maintenance during less busy times.  

Environmental Impact and Heat Recovery 

This focus on efficiency ties directly to environmental goals. One of Project RIO’s main objectives is to improve power usage effectiveness (PUE), a metric that measures a data center’s energy efficiency. By eliminating the need for energy-intensive refrigeration in air-cooling systems, Nvidia believes facilities using Project RIO can achieve a PUE as low as 1.05. This means nearly all the electricity goes to computing, not just running the building. Such efficiency is important for meeting strict carbon-neutral routes. Rules set by governments in North America and Europe.  

Furthermore, the project studies the potential for “waste heat valorization.” The project also examines ways to reuse waste heat, since liquid cooling removes heat more efficiently than air. The warm water leaving the data center can be used elsewhere. Project Rio has standard heat-exchange connections, allowing data centers to connect to city heating systems or greenhouses. In colder areas, a data center can act as a carbon-free heat source for the community, turning excess heat into useful energy. This solution helps data centers become active participants in the local energy system rather than just consumers.  

The Crystalline Pulse of the Machine 

A system of cooling-ready partners, including suppliers of pumps, manifolds, and leak-detection sensors. By open-sourcing certain mechanical specifications for the Rio Manifold project, Nvidia is encouraging a standardized approach to liquid cooling across the industry. Such interoperability is vital for large-scale co-location providers who host hardware from multiple vendors. If every manufacturer uses a proprietary cooling hookup, the difficulty of managing a large facility is unsustainable. Project V provides a common language for thermal management, ensuring that as the voice computational needs grow, the infrastructure supporting them remains manageable and efficient.  

We are entering a new era in infrastructure marked by significant advancements in the digital world. Data centers, once characterized by noisy fans, are becoming more efficient and controlled with liquid cooling. Machines now manage their heat in a measured, predictable manner, aligning technology with cooling systems. In the future, the concept of overheated servers may become obsolete as coordinated cooling enables scalable, reliable operations. Modern data centers provide calm, efficient environments that promote reliability as they handle ever larger volumes of data.  

Source: NVIDIA News Archive 

Amazon and NVIDIA Drive Advanced AI Assistants for US Automakers 

Amazon and NVIDIA are collaborating to create intelligent, responsive, and customised AI-powered vehicle assistant technologies that will continuously improve the in-car experience. Their joint effort will focus on leveraging cloud computing, generative AI, and high-performance computing architecture to revolutionise how drivers communicate with their vehicles; they will shift from traditional voice-based communication to more natural, contextual, and human-like forms of interaction with their vehicles’ main processing unit. Additionally, this project demonstrates the evolution of vehicles moving toward software-defined attributes, which should lead to increased safety, functionality, and overall satisfaction with vehicle use.  

Transforming In-Car Experiences with AI  

With all the progress in generative AI, Amazon and NVIDIA now have virtual assistants that allow drivers and car owners to ask complex questions, stay up to date in real time, and handle many different tasks. Unlike the original voice recognition systems, these advanced digital assistants will provide many more features, including having the ability to communicate with humans using more than just a one-word command, handling multiple questions, remembering past conversations or questions to maintain a context throughout an entire conversation, and remembering how individual users prefer to do things differently from each other. Because of this new technology, drivers can manage the way they navigate, how they interact/work with the entertainment system in their vehicle, and how they adjust the settings on their vehicles and, overall, make their driving experience more personalised.  

Combining Cloud and Edge Computing  

The joint venture delivers state-of-the-art AI performance and reliability through cloud-based AI services for edge computing devices. The cloud services provided by Amazon include advanced capabilities for data processing, facilities for continuous training of AI models, and access to an immense variety of datasets. The computing power provided by NVIDIA’s platforms will support real-time AI applications in the vehicle. By integrating edge and cloud computing, it will be possible to perform critical functions (e.g., navigation updates or safety-related responses) locally and in real time, with little to no delay, while other complex or data-intensive applications may leverage the compute resources of the cloud. Together, these two technologies will provide a fully integrated solution that enables fast, intelligent, and dependable data operations, regardless of network availability. 

Generative AI and Natural Language Interaction  

Generative AI is a crucial component in creating complex automotive assistants; they will evolve from traditional command-driven interfaces to much more natural, conversational interfaces. The assistant uses large datasets and can understand complex, nuanced requests and produce contextually relevant answers and suggestions. For instance, if a driver were to ask for the best route to avoid current and anticipated traffic delays based on their previous driving behaviour, the assistant would provide real-time updates on anticipated weather and road conditions, as well as recommendations based on that behaviour. Generative Artificial Intelligence will also create a much more human-like point of interaction between a driver and their automobile, as well as greater ease of use.  

Enhancing Safety and Driver Focus  

In addition to convenience, AI assistants are being developed to enhance safety, reduce driver distraction, and increase drivers’ awareness of their surroundings. They will enable drivers to use the same features (e.g., navigation, communication) while keeping both hands on the steering wheel and focusing on driving. AI systems will also anticipate needs based on context. For example, if a driver is in heavy traffic, the AI will suggest an alternate route; if a driver is driving on a snowy road, the AI will adjust the in-car settings to assist with their driving conditions. These proactive features will contribute to a smoother, safer driving experience. These features are part of a much larger effort by vehicle manufacturers to create smarter systems that will help both drivers and enhance road safety.  

Supporting Automakers in Software-Defined Vehicles  

To aid automakers transitioning to software-defined vehicles, Amazon and NVIDIA have teamed to create the next phase of automotive technology through software and AI. Combined with their scalable AI platforms, they have simplified how manufacturers integrate full-featured, advanced assistant capabilities into their vehicles, enabling faster time-to-market while reducing development costs by eliminating the need to create a unique, complex solution from the ground up. Automakers can then concentrate on vehicle design, engineering, and brands’ unique innovations. As vehicles become increasingly connected through software, partnerships like this will play an important role in defining the next generation of automotive technology.  

Competitive Landscape in Automotive AI  

Tech firms and automakers are rapidly developing AI-based automotive assistant products in a highly competitive market, where participants are devoting resources to innovation. Amazon’s cloud computing and NVIDIA’s AI development strengths, together with the hardware acceleration capabilities of both companies, give them a competitive advantage in this rapidly evolving industry. As competitors develop similar offerings, distinguishing themselves will require superior performance, reliability, and user experience. Rapidly increasing competition is going to lead to long-term success through the ability to integrate across multiple vehicle types and deliver consistent performance across each type. 

Challenges in Implementation  

Integrating advanced artificial intelligence (AI) assistants into cars presents numerous issues that should be addressed as much as possible. Regardless of the promise offered by new AI technologies, issues remain: AI systems must perform reliably across varied driving conditions, have robust cybersecurity protections, and protect user data privacy, all while vehicles become increasingly connected and data-driven. It will require significant testing and optimisation to ensure consistent performance across different hardware configurations and geographic locations. Automakers also need to comply with a variety of regulations and meet industry safety requirements for automated AI systems to function properly in real-world situations.  

Future Developments and Innovation  

Due to ongoing improvements in AI model capabilities, computing platforms, and integration methods, it is anticipated that the partnership of Amazon and NVIDIA will transform accordingly. Future iterations will likely include more tailored individual experiences, as well as provide ways for individuals to use multiple types of input (e.g., speech, gestures, and visuals) to communicate with devices. There will be increased collaboration between in-car assistants and vehicle controls. As AI technology continues to mature, in-car assistants will offer features beyond entertainment and navigation, such as predictive maintenance, driver monitoring, and enhanced safety. Ongoing innovation will be required to realise the full value of AI in automotive use cases. 

Source: https://www.aboutamazon.com/ 

NVIDIA Reshapes Robotics With Physical AI Data Factory Blueprint

News Summary 

  • Blueprint organizes and processes large data, generates synthetic data, applies reinforcement learning, and evaluates physical AI models for vision agents. Robotics and self-driving vehicles.  
  • Cloud service providers such as Microsoft Azure and Nebius use Blueprint. They turn large-scale computing power into agent-driven data. Production tools are ready for use.  
  • Top physical AI developers are using the blueprint to speed up the development of robotics, vision AI agents, and self-driving vehicles.  

At GTC, NVIDIA announced the NVIDIA Physical AI Data Factory Blueprint. This open reference architecture automates and unifies training data generation, improvement, and evaluation, reducing cost, speeding up processes, and simplifying large-scale physical AI training.  

With the blueprint, developers expand small training datasets into large, varied ones using Nvidia, Cosmos, Open World Base models, and top coding agents, including rare cases that are costly or difficult to collect in real life.  

NVIDIA is working with Microsoft, Azure, and Nebius to connect the open blueprint to their cloud services. This lets developers use powerful computing resources to create large amounts of training data. Companies like FieldAI, Hexagon Robotics, Linker Vision, Milestone Systems, RoboForce Skild AI, Teradyne Robotics, and Uber are already using the blueprint to accelerate development of robotics vision AI agents and self-driving vehicles.  

“Physical AI is the next frontier of the AI revolution, where success depends on the ability to generate massive amounts of data,” said Rev. Lebaredian, Vice President of Omniverse and Simulation Technologies at Nvidia. Together with cloud leaders, we are adding a new kind of agentic engine that transforms compute into high-quality data, enabling the next generation of self-governing systems and robots to come to life. In this new era, compute is data.  

A Unified Engine for Physical AI Development 

Physical AI improves as data, computing power, and model size grow. The Physical AI data factory blueprint acts as a single reference point. It helps teams turn raw data into training sets for models using automated workflows.  

  • Curate and search: Nvidia Cosmos Curator Manages, Improves, and Labels Large Real World and Synthetic (artificially generated) datasets  
  • Augment and multiply: cosmos transfer greatly increases and diversifies the selected data, combining real and simulated inputs to better cover rare and unusual situations across different environments and lighting conditions.  
  • Evaluate and validate Nvidia Cosmos Evaluator, which uses Cosmos Reason and is now on GitHub. Check scores and filter generated data by sensory accuracy and training readiness.  

NVIDIA is using the Physical AI Data Factory Blueprint to train and test NVIDIA Alpamayo. Alpamayo, the world’s first open reasoning-based vision-language-action model for long-tail autonomous driving. Skild AI uses the blueprint to improve general-purpose robot-based models. Uber uses it to speed up autonomous vehicle development.  

Agent Driven Orchestration At Scale 

Many robotics developers do not have the resources to set up and manage complex AI systems needed to generate data at scale.  

NVIDIA Osmo is an open source orchestration framework that brings these workflows together across multiple computing environments. It reduces manual work, allowing developers to focus on building their models.  

Osmo now works with top-count agents like Claude Code, OpenAI Codex, and Cursor. This enables AI agents to manage resources, resolve bottlenecks, and accelerate model deployment at scale.  

Powering The Global Physical AI Ecosystem 

Cloud service providers are essential for fast AI infrastructure, machine learning operations, and orchestration services. Developers use these to build the process of the pro Build and launch physical AI at scale.  

Microsoft Azure is adding the Physical AI Data Factory blueprint to an open Physical AI toolchain. Now on GitHub, the blueprint connects with Azure services such as Azure IoT Operations, Microsoft Fabric, Realtime Intelligence, and Microsoft Foundry to provide businesses with agent-driven workflows for quickly and at-scale training and testing of physical AI systems.  

FieldAI, Hexagon Robotics, Inca, Vision, and Teradyne Robotics are among the first to try the Azure Physical AI tool chain. They use it to speed up and scale data generation, improvement, and evaluation for perception, mobility, and reinforcement learning systems.  

Nebius has added Osmo to AI Cloud, enabling developers to use the blueprint to set up data pipelines ready for production and tailored to their needs. Navy S’s system supports the entire physical AI stack, combining NVIDIA RTX Pro 6000 Blackwell Server Edition GPUs with fast object storage, built-in data management and labeling, serverless execution, and managed inference.  

Early users such as Milestone Systems, Voxel 51, and RoboForce are using the blueprint on Nebius infrastructure to accelerate the development of video analytics, AI agents, self-driving vehicles, and industrial humanoid robots.  

The NVIDIA Physical AI Data Factory Blueprint launches on GitHub in April.  

Source: NVIDIA Announces Open Physical AI Data Factory Blueprint to Accelerate Robotics, Vision AI Agents and Autonomous Vehicle Development 

FBI CISA Alert: State Actors Target Commercial Messaging Apps 

FBI and CISA warn of ongoing Russian-linked phishing targeting messaging accounts.  

Earlier this month, we reported on a large phishing campaign targeting Signal and WhatsApp accounts of senior officials, military personnel, civil servants, and journalists.  

The FBI, CISA, and European intelligence warn that these tactics now target commercial messaging apps rather than breaking end-to-end encryption. Attackers steal access to individual accounts.  

Our last article covered Dutch intelligence warnings on Russian actors contacting high-value targets on Signal and WhatsApp, posing as support or security bots. The new PSA shows these groups now run global phishing campaigns with evidence of thousands of compromised accounts.  

Attackers use social engineering to add devices and listen in without breaking encryption.  

Targets include US officials, military, politicians, journalists, and businesses. These techniques threaten all users.  

This demonstrates that the threat extends far beyond diplomats or generals. Because these techniques are easy to copy, they put all users, including businesses and individuals, at risk.  

How to Protect Your Accounts 

As the PSA puts it:  

Phishing remains one of the most unsophisticated yet effective means of cyber compromise, frequently rendering other protections irrelevant.  

This situation calls for some basic security steps:  

  • Treat unexpected support messages in apps as suspicious. Legitimate support will not ask for verification calls, PINs, or passwords in chat. For account warnings, do not click message links; instead, check access settings or visit the official site yourself.  
  • Never share SMS verification codes or app PINs. These prove phone control—sharing means giving up your account. Treat all requests for codes as scams.  
  • Be careful what you discuss and with whom. Even with encryption, some topics are too sensitive for chat apps.  
  • Use extra security features. Enable registration lock, PIN, and device change alerts to prevent re-registration without a code. Store your PIN in a password manager. If attackers access your chats or backups, they may see content. These measures limit damage but are not foolproof.  

What To Do If You Think Your Count Was Hijacked 

If you think someone has taken over your messaging account, follow these steps:  

  1. Re-register your number in the app immediately to remove other devices.  
  1. Revoke all linked devices and change app PINs or lock codes.   
  1. Warn contacts that someone may have impersonated you and ask them to be cautious with recent messages.  
  1. Review Recent Conversations for Signs of Data Theft (for Example, Shared IDs, documents, or Passwords that should now be considered exposed).  
  1. Report the incident to the app provider and, if needed, to authorities like the FBI’s IC3 or your national agency.  

Act quickly to limit how long attackers can use your account.  

Source: FBI, CISA warn of Russian hackers hijacking Signal and WhatsApp accounts

Microsoft RSAC alert: AI Evolves from Tool to Cyber-attack Surface. 

Over the past year, the main topic at the intersection of AI and cybersecurity has been speed. While speed is important, it is not the biggest change in today’s threat landscape. Threat actors, from nation-states to cybercrime groups, now use AI to plan, refine, and maintain their cyberattacks. Their goals remain the same, but the pace, repetition, and scale of AI-powered attacks raise the stakes.  

Still, just like defenders, most attackers today have a human involved, not fully autonomous AI running the show. AI is making every stage of the attack process easier, helping attackers research faster, write more convincing vectors, create malware, and sort through stolen data. Security leaders I met at RSAC 2026 this week are now shifting their resources and strategies to stay ahead of these changes.  

The Operational Reality: Embedded, Not Emerging 

The scale of current threats is too big to ignore. VC activity in every region. The United States accounts for almost 25% of what we have, with the United Kingdom, Israel, and Germany following. The volume reflects real economic and geopolitical factors.  

The major shift isn’t location but attackers’ methods; they use AI throughout their processfrom information gathering to malware development and post-breach actions. Stealing credentials, making money, or spying remain the aims, but attacks are now more precise, persistent, and larger in scale.  

Email Is Still the Fastest Inroad 

Email is still the quickest and most affordable way for attackers to get in. What’s different now is how much better AI makes the messages that trick people into clicking.  

With AI in phishing campaigns, click-through rates have jumped to 54% from about 12% with older methods, resulting in a 450% boost in effectiveness. Not because there are more emails, but because the messages are more precise. AI helps attackers fine-tune content and adjust messages for certain roles, making it easier to trick people. When this improved targeting is paired with tools that implement multi-factor authentication (MFA), phishing becomes more resilient, more focused, and much harder to stop on a large scale.  

A450% jump in click-through rates redefines organizational risk, showing that AI enables not just more but better attacks.  

Tycoon2FA: What Industrial Scale Cybercrime Looks Like 

Tycoon 2FA shows how the group we call Storm-1747 has become more refined and resilient. Learning how this operation worked helps us see where threats are going. It also sparked discussions at RSSC 2026 about the broader ecosystem rather than just individual attackers.  

Typhoon 2FA was not a phishing kit; it was a subscription platform that generated tens of millions of phishing emails per month. It was linked to nearly 100,000compromised organizations since 2023. At its peak, it accounted for roughly 62% of all phishing incidents Microsoft blocked each month. This operation specializes in adversary-in-the-middle attacks aimed at defeating MFA. It intercepted credentials and session tokens in real time, allowing attackers to authenticate as legitimate users without triggering alerts even after passwords were reset.  

However, the bigger shift is in group organization. Storm 1747 used specialized services for fishing templates, infrastructure, and email sending. Access, sales, and creating an assembly-line–like approach to identity theft. Services could be mixed, scaled, and subscribed to as needed.  

This model has shifted the conversation. It’s no longer about one skilled attacker but about an entire ecosystem that makes access easier for anyone who joins in. That’s what AI is doing across the threat landscape giving advanced tools to everyone. Key takeaway: AI-driven ecosystems democratize attack capabilities for all threat actors.  

Disruption: Closing the Threat Intelligence Loop 

Earlier this month, our digital crimes unit, working with Europol and industry partners, took down Tycoon 2FA and seized 330 domains. But the real goal wasn’t just to remove websites; it was to put pressure on the supply chain. Today’s cybercrime relies on scalable service models that make it easier for more people to get involved. Identity is the main target, and bypassing MFA is now a standard feature. Shutting down one service forces attackers to adapt, and ongoing pressure breaks up their ecosystem. By hitting the financial side of a tax, we can change the landscape. Key takeaway: Disruption efforts should target criminal supply chains to reduce future risk.  

Every time we disrupt an attack, it generates a signal. The signal feeds intelligence. Each time we stop an attack, we get new information. The information enhances our intelligence, improving our detection. Better detection leads to faster responses. This is how we turn attacker actions into stronger defenses and how our efforts add up over time. Microsoft stands out because we can observe, act, and share intelligence at scale and we have a significant impact when we put it into practice. AI doesn’t appear in just one phase of an attack; it spans the entire life cycle. At RCC 2026, this week, I offered a frame to help defenders rank their response:  

  • In reconnaissance, AI accelerates infrastructure discovery and persona development, compressing the time between target selection and first contact.  
  • In resource development, AI generates forged documents, polishes, social engineering, narratives, and supports infrastructure at scale.  
  • For initial access, AI refines voice-overlays, deepfakes, and message customization using scraped data, producing lures that are increasingly difficult to distinguish from authentic communications.  
  • In persistence and evasion, AI scales fake identities and automates communication, preserving the attacker’s presence while blending into normal activity.  
  • In weaponization, AI enables malware development, payload regeneration, and real-time debugging, producing tooling that adapts to the victim’s environment rather than relying on static signatures.  
  • In post-compromise operations, AI adapts tooling to the specific victim environment and, in some cases, automates ransom negotiation.  

The goals remain: Dash stealing credentials, making money, and spying. What’s new is the pace and scale. Column attackers repeat and improve. Test and refine much more quickly. AI isn’t just enabling faster attacks; it’s making them better.  

What Comes Next 

During my sessions at RSSC 2026 this week, I discussed several key themes. That shows how AI is changing the threat landscape, a threat model. The scenarios we prepare for have changed. The barrier to launching sophisticated attacks has collapsed. What once required the resources of a nation-state or well-organized criminal enterprise is now available to a motivated individual with the right tools and the patience to use them. The techniques have not fundamentally changed; the precision, velocity, and volume have.  

The second theme is the software supply chain. It’s not only about compliance, you need to know what software and agents you have and how they behave. The agent ecosystem will soon be the most targeted part of any business. If organizations can’t answer basic questions about their software, they won’t be able to protect it.  

The third theme highlights the value of human talent in security operations using agency systems at scale. The traditional security analyst role is shifting from practitioner to orchestrator; talent models must catch up, and technology now helps prevent errors. Auditability of agent decisions is a governance standard, not just a goal. The future security operations center needs different defenders.  

Now is the time to guide with a clear strategy, set priorities, and build stronger accountability for agentic systems.  

If AI is present throughout the attack life cycle, our intelligence and defenses must be there too. Microsoft threat intelligence will continue to track, share, and act on what we see in real time. The patterns are clear, and the intelligence is available. Key takeaway: Ongoing monitoring and response are essential in the AI-driven threat landscape.  

To find out more about Microsoft security solutions, visit our website. You can also bookmark our security blog for security expert updates and follow us on LinkedIn (Microsoft Security) and X (@MSFTsecurity) for the latest cybersecurity news.

Source: Threat actor abuse of AI accelerates from tool to cyberattack surface